From 6c38c8fd7f28631275b4425349c44696312e7dfb Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Mon, 12 Oct 2020 16:02:02 -0700 Subject: [PATCH 001/156] 1 --- windows/deployment/upgrade/quick-fixes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index 445b6d5c18..85f4601dbd 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -296,7 +296,7 @@ When you run Disk Cleanup and enable the option to Clean up system files, you ca > [!TIP] > It is no longer necessary to open an elevated command prompt to run the [SetupDiag](setupdiag.md) tool. However, this is still the optimal way to run the tool. -To launch an elevated command prompt, press the Windows key on your keyboard, type **cmd**, press Ctrl+Shift+Enter, and then Alt+C to confirm the elevation prompt. Screenshots and other steps to open an administrator (aka elevated) command prompt are [here](https://answers.microsoft.com/en-us/windows/forum/windows_7-security/command-prompt-admin-windows-7/6a188166-5e23-461f-b468-f325688ec8c7). +To launch an elevated command prompt, press the Windows key on your keyboard, type **cmd**, press Ctrl+Shift+Enter, and then click **Yes** to confirm the elevation prompt. Screenshots and other steps to open an elevated command prompt are [here](https://answers.microsoft.com/en-us/windows/forum/windows_7-security/command-prompt-admin-windows-7/6a188166-5e23-461f-b468-f325688ec8c7). Note: When you open an elevated command prompt, you will usually start in the **C:\WINDOWS\system32** directory. To run a program that you recently downloaded, you must change to the directory where the program is located. Alternatively, you can move or copy the program to a location on the computer that is automatically searched. These directories are listed in the [PATH variable](https://answers.microsoft.com/windows/forum/windows_10-other_settings-winpc/adding-path-variable/97300613-20cb-4d85-8d0e-cc9d3549ba23). From fcd24af2b082e0201169dd0e16db922b592fb058 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Thu, 1 Apr 2021 11:22:21 +0530 Subject: [PATCH 002/156] Updated --- .../mdm/policy-csp-experience.md | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 4cf594449d..c1d07bfa0a 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -37,6 +37,9 @@ manager: dansimp
Experience/AllowManualMDMUnenrollment
+
+ Experience/AllowNewsAndInterestsOnTheTaskbar +
Experience/AllowSaveAsOfOfficeFiles
@@ -436,6 +439,65 @@ The following list shows the supported values:
+ + +**Experience/AllowNewsAndInterestsOnTheTaskbar** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Machine + +
+ + + +Specifies whether to allow "News and interests" on the Taskbar. + + + +The values for this policy are 1 and 0. This policy defaults to 1. + +- 1 - Default - News and interests feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode. + +- 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed. + + + + +
**Experience/AllowSaveAsOfOfficeFiles** From 84c129d776e30338e8a4f951f6796e64dd916b7b Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Fri, 2 Apr 2021 16:04:28 -0700 Subject: [PATCH 003/156] Minor fixes and ToC updates --- .../TOC.md | 23 +++++++++---------- ...s-defender-application-control-policies.md | 8 +++---- .../example-wdac-base-policies.md | 4 ++-- .../select-types-of-rules-to-create.md | 7 ++---- ...lication-control-with-managed-installer.md | 2 +- 5 files changed, 20 insertions(+), 24 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md index 81a97e652b..0902a4ad3b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.md +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md @@ -6,22 +6,25 @@ ## [WDAC design guide](windows-defender-application-control-design-guide.md) ### [Plan for WDAC policy lifecycle management](plan-windows-defender-application-control-management.md) -### Design your initial WDAC policy +### Design your WDAC policy #### [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) #### [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md) -#### [Authorize apps deployed with a WDAC managed installer](use-windows-defender-application-control-with-managed-installer.md) -##### [Configure a WDAC managed installer](configure-wdac-managed-installer.md) -#### [Authorize reputable apps with Intelligent Security Graph (ISG)](use-windows-defender-application-control-with-intelligent-security-graph.md) +##### [Allow apps installed by a managed installer](use-windows-defender-application-control-with-managed-installer.md) +##### [Configure managed installer rules](configure-wdac-managed-installer.md) +##### [Allow reputable apps with Intelligent Security Graph (ISG)](use-windows-defender-application-control-with-intelligent-security-graph.md) +##### [Allow COM object registration](allow-com-object-registration-in-windows-defender-application-control-policy.md) +##### [Use WDAC with .NET hardening](use-windows-defender-application-control-with-dynamic-code-security.md) +#### [Manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md) +#### [Use WDAC to control specific plug-ins, add-ins, and modules](use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md) #### [Use multiple WDAC policies](deploy-multiple-windows-defender-application-control-policies.md) -#### [Microsoft recommended block rules](microsoft-recommended-block-rules.md) -#### [Microsoft recommended driver block rules](microsoft-recommended-driver-block-rules.md) -### Create your initial WDAC policy +### Create your WDAC policy #### [Example WDAC base policies](example-wdac-base-policies.md) #### [Policy creation for common WDAC usage scenarios](types-of-devices.md) ##### [Create a WDAC policy for lightly-managed devices](create-wdac-policy-for-lightly-managed-devices.md) ##### [Create a WDAC policy for fully-managed devices](create-wdac-policy-for-fully-managed-devices.md) ##### [Create a WDAC policy for fixed-workload devices](create-initial-default-policy.md) ##### [Microsoft recommended block rules](microsoft-recommended-block-rules.md) +##### [Microsoft recommended driver block rules](microsoft-recommended-driver-block-rules.md) #### [Using the WDAC Wizard tool](wdac-wizard.md) ##### [Create a base WDAC policy with the Wizard](wdac-wizard-create-base-policy.md) ##### [Create a supplemental WDAC policy with the Wizard](wdac-wizard-create-supplemental-policy.md) @@ -29,16 +32,12 @@ ##### [Merging multiple WDAC policies with the Wizard](wdac-wizard-merging-policies.md) -## [Windows Defender Application Control deployment guide](windows-defender-application-control-deployment-guide.md) +## [WDAC deployment guide](windows-defender-application-control-deployment-guide.md) ### [Audit WDAC policies](audit-windows-defender-application-control-policies.md) ### [Merge WDAC policies](merge-windows-defender-application-control-policies.md) ### [Enforce WDAC policies](enforce-windows-defender-application-control-policies.md) ### [Deploy WDAC policies using Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md) ### [Deploy WDAC policies using Intune](deploy-windows-defender-application-control-policies-using-intune.md) -### [Allow COM object registration](allow-com-object-registration-in-windows-defender-application-control-policy.md) -### [Use WDAC with .NET hardening](use-windows-defender-application-control-with-dynamic-code-security.md) -### [Manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md) -### [Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules](use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md) ### [Use code signing to simplify application control for classic Windows applications](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md) #### [Optional: Use the WDAC Signing Portal in the Microsoft Store for Business](use-device-guard-signing-portal-in-microsoft-store-for-business.md) #### [Optional: Create a code signing cert for WDAC](create-code-signing-cert-for-windows-defender-application-control.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md index a886a623e9..21370c463c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 -ms.reviewer: isbrahm +ms.reviewer: jsuther1974 ms.author: dansimp manager: dansimp ms.date: 11/13/2020 @@ -22,8 +22,8 @@ ms.technology: mde **Applies to:** -- Windows 10 -- Windows Server 2016 +- Windows 10 version 1903 +- Windows Server 2022 The restriction of only having a single code integrity policy active on a system at any given time has felt limiting for customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports up to 32 active policies on a device at once in order to enable the following scenarios: @@ -49,7 +49,7 @@ The restriction of only having a single code integrity policy active on a system ## Creating WDAC policies in Multiple Policy Format -In order to allow multiple policies to exist and take effect on a single system, policies must be created using the new Multiple Policy Format. The "MultiplePolicyFormat" switch in [New-CIPolicy](/powershell/module/configci/new-cipolicy?preserve-view=true&view=win10-ps) results in 1) random GUIDs being generated for the policy ID and 2) the policy type being specified as base. The below is an example of creating a new policy in the multiple policy format. +In order to allow multiple policies to exist and take effect on a single system, policies must be created using the new Multiple Policy Format. The "MultiplePolicyFormat" switch in [New-CIPolicy](/powershell/module/configci/new-cipolicy?preserve-view=true&view=win10-ps) results in 1) unique GUIDs being generated for the policy ID and 2) the policy type being specified as base. The below is an example of creating a new policy in the multiple policy format. ```powershell New-CIPolicy -MultiplePolicyFormat -ScanPath "" -UserPEs -FilePath ".\policy.xml" -Level Publisher -Fallback Hash diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md index 609418021a..05a3850953 100644 --- a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md @@ -12,7 +12,7 @@ ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 -ms.reviewer: isbrahm +ms.reviewer: jogeurte ms.author: dansimp manager: dansimp ms.date: 11/15/2019 @@ -37,5 +37,5 @@ When creating policies for use with Windows Defender Application Control (WDAC), | **AllowAll.xml** | This example policy is useful when creating a block list policy. All block policies should include rules allowing all other code to run and then add the DENY rules for your organization's needs. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | | **AllowAll_EnableHVCI.xml** | This example policy can be used to enable [memory integrity](/windows/security/threat-protection/device-guard/memory-integrity) (also known as hypervisor-protected code integrity) using WDAC. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | | **DenyAllAudit.xml** | This example policy should only be deployed in audit mode and can be used to audit all binaries running on critical systems or to comply with regulatory requirements. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | -| **Device Guard Signing Service (DGSS) DefaultPolicy.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed with your organization-specific certificates issued by the DGSS. | [DGSS in the Microsoft Store for Business](https://businessstore.microsoft.com/manage/settings/devices) | +| **Device Guard Signing Service (DGSS) DefaultPolicy.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed with your organization-specific certificates issued by the DGSS. | [Device Guard Signing Service Nuget Package](https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client) | | **MEM Configuration Manager** | Customers who use MEM Configuration Manager (MEMCM), formerly known as System Center Configuration Manager, can deploy a policy to a device using MEMCM's built-in integration with WDAC and then copy the resulting policy XML to use as a custom base policy. | %OSDrive%\Windows\CCM\DeviceGuard on a managed endpoint | \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index ad0435d8f2..a88fc053c0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -123,14 +123,11 @@ S-1-3-0; S-1-5-18; S-1-5-19; S-1-5-20; S-1-5-32-544; S-1-5-32-549; S-1-5-32-550; When generating filepath rules using [New-CIPolicy](/powershell/module/configci/new-cipolicy), a unique, fully-qualified path rule is generated for every file discovered in the scanned path(s). To create rules that instead allow all files under a specified folder path, use [New-CIPolicyRule](/powershell/module/configci/new-cipolicyrule) to define rules containing wildcards using the [-FilePathRules](/powershell/module/configci/new-cipolicyrule#parameters) switch. -Wildcards can be used at the beginning or end of a path rule; only one wildcard is allowed per path rule. Wildcards placed at the end of a path authorize all files in that path and its subdirectories recursively (ex. `C:\\*` would include `C:\foo\\*` ). Wildcards placed at the beginning of a path will allow the exact specified filename under any path (ex. `*\bar.exe` would allow `C:\bar.exe` and `C:\foo\bar.exe`). Wildcards in the middle of a path are not supported (ex. `C:\\*\foo.exe`). Without a wildcard, the rule will allow only a specific file (ex. `C:\foo\bar.exe`).
The use of macros is also supported and useful in scenarios where the system drive is different from the `C:\` drive. Supported macros: `%OSDRIVE%`, `%WINDIR%`, `%SYSTEM32%`. - -> [!NOTE] -> Due to an existing bug, you can not combine Path-based ALLOW rules with any DENY rules in a single policy. Instead, either separate DENY rules into a separate Base policy or move the Path-based ALLOW rules into a supplemental policy as described in [Deploy multiple WDAC policies.](deploy-multiple-windows-defender-application-control-policies.md) +Wildcards can be used at the beginning or end of a path rule; only one wildcard is allowed per path rule. Wildcards placed at the end of a path authorize all files in that path and its subdirectories recursively (ex. `C:\*` would include `C:\foo\*` ). Wildcards placed at the beginning of a path will allow the exact specified filename under any path (ex. `*\bar.exe` would allow `C:\bar.exe` and `C:\foo\bar.exe`). Wildcards in the middle of a path are not supported (ex. `C:\*\foo.exe`). Without a wildcard, the rule will allow only a specific file (ex. `C:\foo\bar.exe`).
The use of macros is also supported and useful in scenarios where the system drive is different from the `C:\` drive. Supported macros: `%OSDRIVE%`, `%WINDIR%`, `%SYSTEM32%`. ## Windows Defender Application Control filename rules -File name rule levels provide administrators to specify the file attributes off which to base a file name rule. File name rules provide the same security guarantees that explicit signer rules do, as they are based on non-mutable file attributes. Specification of the file name level occurs when creating new policy rules. In addition, to combine file name levels found in multiple policies, you can merge multiple policies. +File name rule levels provide administrators to specify the file attributes off which to base a file name rule. File name rules provide the same security guarantees that explicit signer rules do, as they are based on non-mutable file attributes. Specification of the file name level occurs when creating new policy rules. In addition, to combine file name levels found in multiple policies, you can merge multiple policies. Use Table 3 to select the appropriate file name level for your available administrative resources and Windows Defender Application Control deployment scenario. For instance, an LOB or production application and its binaries (eg. DLLs) may all share the same product name. This allows users to easily create targeted policies based on the Product Name filename rule level. diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md index c3397bfba4..1e62bae47a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md @@ -59,7 +59,7 @@ Enterprises should deploy and install all application updates using the managed In some cases, it may be possible to also designate an application binary that performs the self-updates as a managed installer. Proper review for functionality and security should be performed for the application before using this method. -- Modern apps deployed through a managed installer will not be tracked by the managed installer heuristic and will need to be separately authorized in your WDAC policy. +- [Packaged apps (MSIX)](https://docs.microsoft.com/windows/msix/) deployed through a managed installer will not be tracked by the managed installer heuristic and will need to be separately authorized in your WDAC policy. See how to [manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md). - Executables that extract files and then attempt to execute may not be allowed by the managed installer heuristic. In some cases, it may be possible to also designate an application binary that performs such an operation as a managed installer. From 8a2e120cf09596b12dd4f22f2d47c5b5fc291e0e Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 14 Apr 2021 13:24:52 +0500 Subject: [PATCH 004/156] Modification in Steps There were few steps recommended by the user to fit in the document and make the document more clear. I have added a few of the recommendations based on the tests. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8557 --- ...-a-windows-10-device-automatically-using-group-policy.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 45373ce3f7..66f5549e6a 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -203,11 +203,11 @@ Requirements: 4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**. -5. Copy PolicyDefinitions folder to **C:\Windows\SYSVOL\domain\Policies**. +5. Copy PolicyDefinitions folder to **\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions**. If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain. -6. Restart the Domain Controller for the policy to be available. +6. Wait for the SYSVOL DFSR replication to be completed and then restart the Domain Controller for the policy to be available. This procedure will work for any future version as well. @@ -279,4 +279,4 @@ To collect Event Viewer logs: - [Windows 10 Administrative Templates for Windows 10 November 2019 Update 1909](https://www.microsoft.com/download/details.aspx?id=100591) - [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495) -- [Windows 10 Administrative Templates for Windows 10 October 2018 Update 1809](https://www.microsoft.com/download/details.aspx?id=57576) \ No newline at end of file +- [Windows 10 Administrative Templates for Windows 10 October 2018 Update 1809](https://www.microsoft.com/download/details.aspx?id=57576) From 7fdc32eddcb7a53ba02eab20d9bdb1fe6789bdc9 Mon Sep 17 00:00:00 2001 From: msft-bob <82617611+msft-bob@users.noreply.github.com> Date: Thu, 15 Apr 2021 15:59:36 -0700 Subject: [PATCH 005/156] Update policy-csp-authentication.md Update to add description of new ConfigureWebSignInAllowedUrls policy. --- .../mdm/policy-csp-authentication.md | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 51f56ffbbb..0edf2ca1ef 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -37,6 +37,9 @@ manager: dansimp
Authentication/AllowSecondaryAuthenticationDevice
+
+ Authentication/ConfigureWebSignInAllowedUrls +
Authentication/EnableFastFirstSignIn
@@ -359,6 +362,68 @@ The following list shows the supported values:
+ +**Authentication/ConfigureWebSignInAllowedUrls** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark4
Businesscheck mark4
Enterprisecheck mark4
Educationcheck mark4
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10, version 1803. Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a 3rd party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092). + +Example: If your organization's PIN reset or Web Sign-in authentication flow is expected to navigate to two domains, accounts.contoso.com and signin.contoso.com, the policy value should be "accounts.contoso.com;signin.contoso.com". + + + + + + + + + + + + + +
+ **Authentication/EnableFastFirstSignIn** From 9855b3cba4ed0599596f0d5fbb20fa70e685658c Mon Sep 17 00:00:00 2001 From: msft-bob <82617611+msft-bob@users.noreply.github.com> Date: Thu, 15 Apr 2021 20:14:12 -0700 Subject: [PATCH 006/156] Update windows/client-management/mdm/policy-csp-authentication.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-authentication.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 0edf2ca1ef..7258bc578c 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -38,7 +38,7 @@ manager: dansimp Authentication/AllowSecondaryAuthenticationDevice
- Authentication/ConfigureWebSignInAllowedUrls + Authentication/ConfigureWebSignInAllowedUrls
Authentication/EnableFastFirstSignIn @@ -644,4 +644,3 @@ Footnotes: - 8 - Available in Windows 10, version 2004. - From 1e293badaf86059d41df1a93e8867bb1e782cbb9 Mon Sep 17 00:00:00 2001 From: msft-bob <82617611+msft-bob@users.noreply.github.com> Date: Thu, 15 Apr 2021 20:19:02 -0700 Subject: [PATCH 007/156] Apply suggestions from code review Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-authentication.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 7258bc578c..74167fec97 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -406,9 +406,9 @@ The following list shows the supported values: -Available in Windows 10, version 1803. Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a 3rd party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092). +Available in Windows 10, version 1803. Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092). -Example: If your organization's PIN reset or Web Sign-in authentication flow is expected to navigate to two domains, accounts.contoso.com and signin.contoso.com, the policy value should be "accounts.contoso.com;signin.contoso.com". +**Example**: If your organization's PIN reset or Web Sign-in authentication flow is expected to navigate to two domains, accounts.contoso.com and signin.contoso.com, the policy value should be "accounts.contoso.com;signin.contoso.com". From 4cd601517cc624dc703c85194f962cd1b6f3c795 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 16 Apr 2021 22:12:18 +0500 Subject: [PATCH 008/156] Update policy-configuration-service-provider.md --- .../policy-configuration-service-provider.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 97803c60b7..64caa2be1e 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -57,12 +57,12 @@ The following diagram shows the Policy configuration service provider in tree fo

Supported operation is Get. -**Policy/Config/***AreaName* +**Policy/Config/_AreaName_**

The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value.

Supported operations are Add, Get, and Delete. -**Policy/Config/***AreaName/PolicyName* +**Policy/Config/_AreaName/PolicyName_**

Specifies the name/value pair used in the policy.

The following list shows some tips to help you when configuring policies: @@ -81,12 +81,12 @@ The following diagram shows the Policy configuration service provider in tree fo

Supported operation is Get. -**Policy/Result/***AreaName* +**Policy/Result/_AreaName_**

The area group that can be configured by a single technology independent of the providers.

Supported operation is Get. -**Policy/Result/***AreaName/PolicyName* +**Policy/Result/_AreaName/PolicyName_**

Specifies the name/value pair used in the policy.

Supported operation is Get. @@ -102,31 +102,31 @@ The following diagram shows the Policy configuration service provider in tree fo > [!NOTE] > The OPAX settings that are managed by the Microsoft Office Customization Tool are not supported by MDM. For more information about this tool, see [Office Customization Tool](/previous-versions/office/office-2013-resource-kit/cc179097(v=office.15)). -

ADMX files that have been installed by using ConfigOperations/ADMXInstall can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}. +

ADMX files that have been installed by using **ConfigOperations/ADMXInstall** can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}.

Supported operations are Add, Get, and Delete. -**Policy/ConfigOperations/ADMXInstall/***AppName* +**Policy/ConfigOperations/ADMXInstall/_AppName_**

Added in Windows 10, version 1703. Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file.

Supported operations are Add, Get, and Delete. -**Policy/ConfigOperations/ADMXInstall/***AppName*/Policy +**Policy/ConfigOperations/ADMXInstall/_AppName_/Policy**

Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app policy is to be imported.

Supported operations are Add, Get, and Delete. -**Policy/ConfigOperations/ADMXInstall/***AppName*/Policy/*UniqueID* +**Policy/ConfigOperations/ADMXInstall/_AppName_/Policy/_UniqueID_**

Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the policy to import.

Supported operations are Add and Get. Does not support Delete. -**Policy/ConfigOperations/ADMXInstall/***AppName*/Preference +**Policy/ConfigOperations/ADMXInstall/_AppName_/Preference**

Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app preference is to be imported.

Supported operations are Add, Get, and Delete. -**Policy/ConfigOperations/ADMXInstall/***AppName*/Preference/*UniqueID* +**Policy/ConfigOperations/ADMXInstall/_AppName_/Preference/_UniqueID_**

Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the preference to import.

Supported operations are Add and Get. Does not support Delete. @@ -8611,4 +8611,4 @@ The following diagram shows the Policy configuration service provider in tree fo ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](configuration-service-provider-reference.md) From 271e17df1c7a26bf09c1349284027c7eae18c1a2 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Fri, 16 Apr 2021 16:47:18 -0700 Subject: [PATCH 009/156] Refactor to WDAC Deployment Guide --- ...nd-windows-defender-application-control.md | 32 +++--- .../TOC.md | 17 ++- ...s-defender-application-control-policies.md | 99 +++++++----------- ...s-defender-application-control-policies.md | 10 +- ...ion-control-policies-using-group-policy.md | 37 +++---- ...plication-control-policies-using-intune.md | 72 ++++++------- .../deploy-wdac-policies-using-memcm.md | 40 +++++++ .../deploy-wdac-policies-using-script.md | 54 ++++++++++ .../images/PolicyFlow.png | Bin 0 -> 71184 bytes .../operations/known-issues.md | 40 +++++++ ...defender-application-control-management.md | 3 +- ...er-application-control-deployment-guide.md | 80 +++----------- 12 files changed, 264 insertions(+), 220 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-memcm.md create mode 100644 windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-script.md create mode 100644 windows/security/threat-protection/windows-defender-application-control/images/PolicyFlow.png create mode 100644 windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md diff --git a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md index 8de7febefc..69306ff1c1 100644 --- a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md @@ -16,35 +16,33 @@ ms.technology: mde # Windows Defender Application Control and virtualization-based protection of code integrity **Applies to** -- Windows 10 -- Windows Server 2016 -Windows 10 includes a set of hardware and OS technologies that, when configured together, allow enterprises to "lock down" Windows 10 systems so they operate with many of the properties of mobile devices. In this configuration, specific technologies work together to restrict devices to only run authorized apps by using a feature called configurable code integrity, while simultaneously hardening the OS against kernel memory attacks by using virtualization-based protection of code integrity (more specifically, HVCI). +- Windows 10 +- Windows Server 2016 -Configurable code integrity policies and HVCI are powerful protections that can be used separately. However, when these two technologies are configured to work together, they present a strong protection capability for Windows 10 devices. +Windows 10 includes a set of hardware and OS technologies that, when configured together, allow enterprises to "lock down" Windows 10 systems so they operate with many of the properties of mobile devices. In this configuration, specific technologies work together to restrict devices to only run authorized apps by using a feature called Windows Defender Application Control (WDAC), while simultaneously hardening the OS against kernel memory attacks by using hypervisor-protected code integrity (HVCI). -Using configurable code integrity to restrict devices to only authorized apps has these advantages over other solutions: +WDAC policies and HVCI are powerful protections that can be used separately. However, when these two technologies are configured to work together, they present a strong protection capability for Windows 10 devices. -1. Configurable code integrity policy is enforced by the Windows kernel itself. As such, the policy takes effect early in the boot sequence before nearly all other OS code and before traditional antivirus solutions run. -2. Configurable code integrity allows customers to set application control policy not only over code running in user mode, but also kernel mode hardware and software drivers and even code that runs as part of Windows. -3. Customers can protect the configurable code integrity policy even from local administrator tampering by digitally signing the policy. This would mean that changing the policy would require both administrative privilege and access to the organization’s digital signing process, making it difficult for an attacker with administrative privilege, or malicious software that managed to gain administrative privilege, to alter the application control policy. -4. The entire configurable code integrity enforcement mechanism can be protected by HVCI, where even if a vulnerability exists in kernel mode code, the likelihood that an attacker could successfully exploit it is diminished. Why is this relevant? That’s because an attacker that compromises the kernel would otherwise have enough privilege to disable most system defenses and override the application control policies enforced by configurable code integrity or any other application control solution. +Using WDAC to restrict devices to only authorized apps has these advantages over other solutions: -## Windows Defender Application Control +1. WDAC policy is enforced by the Windows kernel itself. As such, the policy takes effect early in the boot sequence before nearly all other OS code and before traditional antivirus solutions run. +2. WDAC allows customers to set application control policy not only over code running in user mode, but also kernel mode hardware and software drivers and even code that runs as part of Windows. +3. Customers can protect the WDAC policy even from local administrator tampering by digitally signing the policy. This would mean that changing the policy would require both administrative privilege and access to the organization’s digital signing process, making it difficult for an attacker with administrative privilege, or malicious software that managed to gain administrative privilege, to alter the application control policy. +4. The entire WDAC enforcement mechanism can be protected by HVCI, where even if a vulnerability exists in kernel mode code, the likelihood that an attacker could successfully exploit it is diminished. Why is this relevant? That’s because an attacker that compromises the kernel would otherwise have enough privilege to disable most system defenses and override the application control policies enforced by WDAC or any other application control solution. -When we originally designed this configuration state, we did so with a specific security promise in mind. Although there were no direct dependencies between configurable code integrity and HVCI, we intentionally focused our discussion around the lockdown state you achieve when deploying them together. However, given that HVCI relies on Windows virtualization-based security, it comes with more hardware, firmware, and kernel driver compatibility requirements that some older systems can’t meet. As a result, many IT Professionals assumed that because some systems couldn't use HVCI, they couldn’t use configurable code integrity either. +## Why we no longer use the Device Guard brand -Configurable code integrity carries no specific hardware or software requirements other than running Windows 10, which means many IT professionals were wrongly denied the benefits of this powerful application control capability. +When we originally designed this configuration state, we did so with a specific security promise in mind. Although there were no direct dependencies between WDAC and HVCI, we intentionally focused our discussion around the lockdown state you achieve when deploying them together. However, given that HVCI relies on Windows virtualization-based security, it comes with more hardware, firmware, and kernel driver compatibility requirements that some older systems can’t meet. As a result, many IT Professionals assumed that because some systems couldn't use HVCI, they couldn’t use WDAC either. -Since the initial release of Windows 10, the world has witnessed numerous hacking and malware attacks where application control alone could have prevented the attack altogether. With this in mind, we are discussing and documenting configurable code integrity as an independent technology within our security stack and giving it a name of its own: [Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control.md). +WDAC carries no specific hardware or software requirements other than running Windows 10, which means many IT professionals were wrongly denied the benefits of this powerful application control capability. + +Since the initial release of Windows 10, the world has witnessed numerous hacking and malware attacks where application control alone could have prevented the attack altogether. With this in mind, we are discussing and documenting WDAC as an independent technology within our security stack and giving it a name of its own: [Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control.md). We hope this change will help us better communicate options for adopting application control within an organization. ## Related articles [Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control.md) - [Dropping the Hammer Down on Malware Threats with Windows 10’s Windows Defender](https://channel9.msdn.com/Events/Ignite/2015/BRK2336) - [Driver compatibility with Windows Defender in Windows 10](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10) - -[Code integrity](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348642(v=ws.10)) \ No newline at end of file +[Code integrity](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348642(v=ws.10)) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md index 0902a4ad3b..893271684d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.md +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md @@ -1,7 +1,7 @@ # [Application Control for Windows](windows-defender-application-control.md) ## [WDAC and AppLocker Overview](wdac-and-applocker-overview.md) ### [WDAC and AppLocker Feature Availability](feature-availability.md) -### [Virtualization-based code integrity](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) +### [Virtualization-based protection of code integrity](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) ## [WDAC design guide](windows-defender-application-control-design-guide.md) @@ -14,8 +14,8 @@ ##### [Allow reputable apps with Intelligent Security Graph (ISG)](use-windows-defender-application-control-with-intelligent-security-graph.md) ##### [Allow COM object registration](allow-com-object-registration-in-windows-defender-application-control-policy.md) ##### [Use WDAC with .NET hardening](use-windows-defender-application-control-with-dynamic-code-security.md) -#### [Manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md) -#### [Use WDAC to control specific plug-ins, add-ins, and modules](use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md) +##### [Manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md) +##### [Use WDAC to control specific plug-ins, add-ins, and modules](use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md) #### [Use multiple WDAC policies](deploy-multiple-windows-defender-application-control-policies.md) ### Create your WDAC policy #### [Example WDAC base policies](example-wdac-base-policies.md) @@ -31,13 +31,14 @@ ##### [Editing a WDAC policy with the Wizard](wdac-wizard-editing-policy.md) ##### [Merging multiple WDAC policies with the Wizard](wdac-wizard-merging-policies.md) - ## [WDAC deployment guide](windows-defender-application-control-deployment-guide.md) +### [Deploy WDAC policies using MDM](deploy-windows-defender-application-control-policies-using-intune.md) +### [Deploy WDAC policies using MEMCM](deployment/deploy-wdac-policies-using-memcm.md) +### [Deploy WDAC policies using script](deployment/deploy-wdac-policies-using-script.md) +### [Deploy WDAC policies using Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md) ### [Audit WDAC policies](audit-windows-defender-application-control-policies.md) ### [Merge WDAC policies](merge-windows-defender-application-control-policies.md) ### [Enforce WDAC policies](enforce-windows-defender-application-control-policies.md) -### [Deploy WDAC policies using Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md) -### [Deploy WDAC policies using Intune](deploy-windows-defender-application-control-policies-using-intune.md) ### [Use code signing to simplify application control for classic Windows applications](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md) #### [Optional: Use the WDAC Signing Portal in the Microsoft Store for Business](use-device-guard-signing-portal-in-microsoft-store-for-business.md) #### [Optional: Create a code signing cert for WDAC](create-code-signing-cert-for-windows-defender-application-control.md) @@ -46,11 +47,11 @@ ### [Disable WDAC policies](disable-windows-defender-application-control-policies.md) ### [LOB Win32 Apps on S Mode](LOB-win32-apps-on-s.md) - ## [Windows Defender Application Control operational guide](windows-defender-application-control-operational-guide.md) ### [Understanding Application Control event IDs](event-id-explanations.md) ### [Understanding Application Control event tags](event-tag-explanations.md) ### [Query WDAC events with Advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) +### [Known Issues](operations/known-issues.md) ## [AppLocker](applocker\applocker-overview.md) ### [Administer AppLocker](applocker\administer-applocker.md) @@ -137,5 +138,3 @@ #### [Tools to Use with AppLocker](applocker\tools-to-use-with-applocker.md) ##### [Using Event Viewer with AppLocker](applocker\using-event-viewer-with-applocker.md) #### [AppLocker Settings](applocker\applocker-settings.md) - - diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md index de3ee7f874..d9e721fb28 100644 --- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md @@ -1,5 +1,5 @@ --- -title: Audit Windows Defender Application Control policies (Windows 10) +title: Use audit events to create WDAC policy rules (Windows 10) description: Audits allow admins to discover apps that were missed during an initial policy scan and to identify new apps that were installed since the policy was created. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb @@ -11,94 +11,65 @@ ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 -ms.reviewer: isbrahm +ms.reviewer: jogeurte ms.author: dansimp manager: dansimp ms.date: 05/03/2018 ms.technology: mde --- -# Audit Windows Defender Application Control policies +# Use audit events to create WDAC policy rules **Applies to:** -- Windows 10 -- Windows Server 2016 +- Windows 10 +- Windows Server 2016 and above -Running **Application Control** in audit mode allows administrators to discover any applications that were missed during an initial policy scan and to identify any new applications that have been installed and run since the original policy was created. While a WDAC policy is running in audit mode, any binary that runs and would have been denied had the policy been enforced is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log. When these logged binaries have been validated, they can easily be added to a new WDAC policy. When the new exception policy is created, you can merge it with your existing WDAC policies. +Running Application Control in audit mode allows administrators to discover applications, binaries, and scripts that were missed during the initial policy creation and to identify any new applications that have been installed and run since the original policy was created. -Before you begin this process, you need to create a WDAC policy binary file. If you have not already done so, see [Create an initial Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md). +While a WDAC policy is running in audit mode, any binary that runs and would have been denied had the policy been enforced is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log or, for script and MSI, in the **Applications and Services Logs\\Microsoft\\Windows\\AppLocker\\MSI and Script** event log. These events can be used to easily generate a new WDAC policy which can be merged with the original Base policy or, on Windows 10 1903+, included in a separate Supplemental policy when the Base policy allows supplemental policies. -**To audit a Windows Defender Application Control policy with local policy:** +## Overview of the process to create WDAC policy to allow apps using audit events -1. Before you begin, find the *.bin policy file , for example, the DeviceGuardPolicy.bin. Copy the file to C:\\Windows\\System32\\CodeIntegrity. +> [!Note] +> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md). -2. On the computer you want to run in audit mode, open the Local Group Policy Editor by running **GPEdit.msc**. +To familiarize yourself with the process to generate WDAC rules from audit events, follow these steps on a device with a WDAC audit mode policy in effect. - > [!Note] - > - > - The computer that you will run in audit mode must be clean of viruses or malware. Otherwise, in the process that you follow after auditing the system, you might unintentionally merge in a policy that allows viruses or malware to run. - > - > - An alternative method to test a policy is to rename the test file to SIPolicy.p7b and drop it into C:\\Windows\\System32\\CodeIntegrity, rather than deploy it by using the Local Group Policy Editor. - -3. Navigate to **Computer Configuration\\Administrative Templates\\System\\Device Guard**, and then select **Deploy Windows Defender Application Control**. Enable this setting by using the appropriate file path, for example, C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin, as shown in Figure 1. +1. Install and run an application that should not currently be allowed by the WDAC policy but which you want to allow. - > [!Note] - > - > - You can copy the WDAC policies to a file share to which all computer accounts have access rather than copy them to every system. - > - > - You might have noticed that the GPO setting references a .p7b file and this policy uses a .bin file. Regardless of the type of policy you deploy (.bin, .p7b, or .p7), they are all converted to SIPolicy.p7b when dropped onto the computers running Windows 10. We recommend that you make your WDAC policy names friendly and allow the system to convert the policy names for you. By doing this, it ensures that the policies are easily distinguishable when viewed in a share or any other central repository. - - ![Group Policy called Deploy Windows Defender Application Control](images/dg-fig22-deploycode.png) - - Figure 1. Deploy your Windows Defender Application Control policy - -4. Restart the reference system for the WDAC policy to take effect. - -5. Use the system as you normally would, and monitor code integrity events in the event log. While in audit mode, any exception to the deployed WDAC policy will be logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log, as shown in Figure 2. +2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](event-id-explanations.md). + **Figure 1. Exceptions to the deployed WDAC policy** ![Event showing exception to WDAC policy](images/dg-fig23-exceptionstocode.png) - Figure 2. Exceptions to the deployed WDAC policy +3. In an elevated Windows Powershell session, run the following commands to initialize variables used by this procedure. This builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully-managed devices](create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. - You will be reviewing the exceptions that appear in the event log, and making a list of any applications that should be allowed to run in your environment. - -6. If you want to create a catalog file to simplify the process of including unsigned LOB applications in your WDAC policy, this is a good time to create it. For information, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md). + ```powershell + $PolicyName= "Lamna_FullyManagedClients_Audit" + $LamnaPolicy=$env:userprofile+"\Desktop\"+$PolicyName+".xml" + $EventsPolicy=$env:userprofile+"\Desktop\EventsPolicy.xml" + $EventsPolicyWarnings=$env:userprofile+"\Desktop\EventsPolicyWarnings.txt" + ``` -Now that you have a WDAC policy deployed in audit mode, you can capture any audit information that appears in the event log. This is described in the next section. +4. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to generate a new WDAC policy from logged audit events. This example uses a file rule level of **FilePublisher** with a fallback level of **Hash** and redirects warning messages to a text file **EventsPolicyWarnings.txt**. -## Create a Windows Defender Application Control policy that captures audit information from the event log - -Use the following procedure after you have been running a computer with a WDAC policy in audit mode for a period of time. When you are ready to capture the needed policy information from the event log (so that you can later merge that information into the original WDAC policy), complete the following steps. - - - -1. Review the audit information in the event log. From the WDAC policy exceptions that you see, make a list of any applications that should be allowed to run in your environment, and decide on the file rule level that should be used to trust these applications. - - Although the Hash file rule level will catch all of these exceptions, it may not be the best way to trust all of them. For information about file rule levels, see [Windows Defender Application Control file rule levels](select-types-of-rules-to-create.md) in "Deploy Windows Defender Application Control: policy rules and file rules." - - Your event log might also contain exceptions for applications that you eventually want your WDAC policy to block. If these appear, make a list of these also, for a later step in this procedure. - -2. In an elevated Windows PowerShell session, initialize the variables that will be used. The example filename shown here is **DeviceGuardAuditPolicy.xml**: - - `$CIPolicyPath=$env:userprofile+"\Desktop\"` - - `$CIAuditPolicy=$CIPolicyPath+"DeviceGuardAuditPolicy.xml"` - -3. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to generate a new WDAC policy from logged audit events. This example uses a file rule level of **Hash** and includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**. - - `New-CIPolicy -Audit -Level Hash -FilePath $CIAuditPolicy –UserPEs 3> CIPolicylog.txt` + ```powershell + New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback Hash –UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings + ``` > [!NOTE] - > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **Hash** rule level, which is the most specific. Any change to the file (such as replacing the file with a newer version of the same file) will change the Hash value, and require an update to the policy. + > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels refer to [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md). -4. Find and review the WDAC audit policy .xml file that you created. If you used the example variables as shown, the filename will be **DeviceGuardAuditPolicy.xml**, and it will be on your desktop. Look for the following: +5. Find and review the WDAC policy file **EventsPolicy.xml** which should be found on your desktop. Ensure that the file and signer rules that were created authorize only the applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](wdac-wizard-editing-policy.md)). - - Any applications that were caught as exceptions, but should be allowed to run in your environment. These are applications that should be in the .xml file. Leave these as-is in the file. - - - Any applications that actually should not be allowed to run in your environment. Edit these out of the .xml file. If they remain in the .xml file, and the information in the file is merged into your existing WDAC policy, the policy will treat the applications as trusted, and allow them to run. +6. Find and review the text file **EventsPolicyWarnings.txt** which should be found on your desktop. This will include a warning for any files that WDAC could not create a rule for at either the specified rule level or fallback rule level. -You can now use this file to update the existing WDAC policy that you ran in audit mode by merging the two policies. For instructions on how to merge this audit policy with the existing WDAC policy, see the next section, [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md). + > [!NOTE] + > New-CIPolicy only creates rules for files that can still be found on disk. Files which are no longer present on the system will not have a rule created to allow them. However, the event log should have sufficient information to allow these files by manually editing the policy XML to add rules. You can use an existing rule as a template and verify your results against the WDAC policy schema definition found at **%windir%\schemas\CodeIntegrity\cipolicy.xsd**. -> [!Note] -> You may have noticed that you did not generate a binary version of this policy as you did in [Create a Windows Defender Application Control policy from a reference computer](./create-initial-default-policy.md). This is because WDAC policies created from an audit log are not intended to run as stand-alone policies but rather to update existing WDAC policies. \ No newline at end of file +7. Merge **EventsPolicy.xml** with the Base policy **Lamna_FullyManagedClients_Audit.xml** or convert it to a supplemental policy. + + For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](deploy-multiple-windows-defender-application-control-policies.md). + +8. Convert the Base or Supplemental policy to binary and deploy using your preferred method. diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md index 21370c463c..80ef49b096 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 -ms.reviewer: jsuther1974 +ms.reviewer: jogeurte ms.author: dansimp manager: dansimp ms.date: 11/13/2020 @@ -22,10 +22,10 @@ ms.technology: mde **Applies to:** -- Windows 10 version 1903 -- Windows Server 2022 +- Windows 10 version 1903 and above +- Windows Server 2022 and above -The restriction of only having a single code integrity policy active on a system at any given time has felt limiting for customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports up to 32 active policies on a device at once in order to enable the following scenarios: +Prior to Windows 10 1903, WDAC only supported a single active on a system at any given time. This significantly limited customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports up to 32 active policies on a device at once in order to enable the following scenarios: 1. Enforce and Audit Side-by-Side - To validate policy changes before deploying in enforcement mode, users can now deploy an audit-mode base policy side by side with an existing enforcement-mode base policy @@ -104,4 +104,4 @@ To deploy policies locally using the new multiple policy format, follow these st Multiple WDAC policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). The CSP also provides support for rebootless policy deployment. See [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp) for more information on deploying multiple policies, optionally using MEM Intune's Custom OMA-URI capability. > [!NOTE] -> WMI and GP do not currently support multiple policies. Instead, customers who cannot directly access the MDM stack should use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage Multiple Policy Format WDAC policies. \ No newline at end of file +> WMI and GP do not currently support multiple policies. Instead, customers who cannot directly access the MDM stack should use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage Multiple Policy Format WDAC policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md index 4246d0b428..8e8fa29002 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 -ms.reviewer: isbrahm +ms.reviewer: jogeurte ms.author: dansimp manager: dansimp ms.date: 02/28/2018 @@ -22,39 +22,36 @@ ms.technology: mde **Applies to:** -- Windows 10 -- Windows Server 2016 - -WDAC policies can easily be deployed and managed with Group Policy. Windows Defender allows you to simplify deployment Windows Defender hardware-based security features and Windows Defender Application Control policies. The following procedure walks you through how to deploy a WDAC policy called **DeviceGuardPolicy.bin** to a test OU called *DG Enabled PCs* by using a GPO called **Contoso GPO Test**. +- Windows 10 +- Windows Server 2016 and above > [!NOTE] -> This walkthrough requires that you have previously created a WDAC policy and have a computer running Windows 10 on which to test a Group Policy deployment. For more information about how to create a WDAC policy, see [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md), earlier in this topic. +> Group Policy-based deployment of WDAC policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, we recommend using an alternative method for policy deployment. -> [!NOTE] -> Signed WDAC policies can cause boot failures when deployed. We recommend that signed WDAC policies be thoroughly tested on each hardware platform before enterprise deployment. +Single-policy format WDAC policies (pre-1903 policy schema) can be easily deployed and managed with Group Policy. The following procedure walks you through how to deploy a WDAC policy called **ContosoPolicy.bin** to a test OU called *WDAC Enabled PCs* by using a GPO called **Contoso GPO Test**. To deploy and manage a WDAC policy with Group Policy: -1. On a client computer on which RSAT is installed, open the GPMC by running **GPMC.MSC** +1. On a client computer on which RSAT is installed, open the GPMC by running **GPMC.MSC** -2. Create a new GPO: right-click an OU and then click **Create a GPO in this domain, and Link it here**. +2. Create a new GPO: right-click an OU and then click **Create a GPO in this domain, and Link it here**. - > [!NOTE] - > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control policy management](plan-windows-defender-application-control-management.md). + > [!NOTE] + > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control policy management](plan-windows-defender-application-control-management.md). - ![Group Policy Management, create a GPO](images/dg-fig24-creategpo.png) + ![Group Policy Management, create a GPO](images/dg-fig24-creategpo.png) -3. Name the new GPO. You can choose any name. +3. Name the new GPO. You can choose any name. -4. Open the Group Policy Management Editor: right-click the new GPO, and then click **Edit**. +4. Open the Group Policy Management Editor: right-click the new GPO, and then click **Edit**. -5. In the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Device Guard. Right-click **Deploy Windows Defender Application Control** and then click **Edit**. +5. In the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Device Guard. Right-click **Deploy Windows Defender Application Control** and then click **Edit**. ![Edit the Group Policy for Windows Defender Application Control](images/wdac-edit-gp.png) -6. In the **Deploy Windows Defender Application Control** dialog box, select the **Enabled** option, and then specify the code integrity policy deployment path. +6. In the **Deploy Windows Defender Application Control** dialog box, select the **Enabled** option, and then specify the WDAC policy deployment path. - In this policy setting, you specify either the local path in which the policy will exist on the client computer or a Universal Naming Convention (UNC) path that the client computers will look to retrieve the latest version of the policy. For example, with DeviceGuardPolicy.bin on the test computer, the example file path would be C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin. + In this policy setting, you specify either the local path in which the policy will exist on the client computer or a Universal Naming Convention (UNC) path that the client computers will look to retrieve the latest version of the policy. For example, with ContosoPolicy.bin on the test computer, the example file path would be C:\\Windows\\System32\\CodeIntegrity\\ContosoPolicy.bin. > [!NOTE] > This policy file does not need to be copied to every computer. You can instead copy the WDAC policies to a file share to which all computer accounts have access. Any policy selected here is converted to SIPolicy.p7b when it is deployed to the individual client computers. @@ -62,6 +59,6 @@ To deploy and manage a WDAC policy with Group Policy: ![Group Policy called Deploy Windows Defender Application Control](images/dg-fig26-enablecode.png) > [!NOTE] - > You may have noticed that the GPO setting references a .p7b file and this example uses a .bin file for the policy. Regardless of the type of policy you deploy (.bin, .p7b, or .p7), they are all converted to SIPolicy.p7b when dropped on the client computer running Windows 10. Make your WDAC policies friendly and allow the system to convert the policy names for you to ensure that the policies are easily distinguishable when viewed in a share or any other central repository. + > You may have noticed that the GPO setting references a .p7b file and this example uses a .bin file for the policy. Regardless of the type of policy you deploy (.bin, .p7b, or .p7), they are all converted to SIPolicy.p7b when dropped on the client computer running Windows 10. Give your WDAC policies friendly names and allow the system to convert the policy names for you to ensure that the policies are easily distinguishable when viewed in a share or any other central repository. -7. Close the Group Policy Management Editor, and then restart the Windows 10 test computer. Restarting the computer updates the WDAC policy. For information about how to audit WDAC policies, see [Audit Windows Defender Application Control policies](audit-windows-defender-application-control-policies.md). +7. Close the Group Policy Management Editor, and then restart the Windows 10 test computer. Restarting the computer updates the WDAC policy. diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 7dcfa211b1..bca3a95134 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -1,6 +1,6 @@ --- -title: Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Intune (Windows 10) -description: You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide. +title: Deploy WDAC policies using Mobile Device Management (MDM) (Windows 10) +description: You can use an MDM like Microsoft Intune to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: m365-security @@ -18,54 +18,49 @@ ms.date: 04/29/2020 ms.technology: mde --- -# Deploy Windows Defender Application Control policies by using Microsoft Intune +# Deploy WDAC policies using Mobile Device Management (MDM) **Applies to:** - Windows 10 -You can use Microsoft Endpoint Manager (MEM) Intune to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC, which allows you to configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or to also allow reputable apps as defined by the Intelligent Security Graph (ISG). Using the built-in policies can be a helpful starting point, but many customers may find the available circle-of-trust options to be too limited. In order to deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. +You can use a Mobile Device Management (MDM) solution, like Microsoft Endpoint Manager (MEM) Intune, to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for WDAC policy deployment steps. -## Using Intune's Built-In Policies +## Use Intune's built-in policies -Intune's built-in WDAC support enables you to deploy a policy which only allows Windows components and Microsoft Store apps to run. This policy is the non-Multiple Policy Format version of the DefaultWindows policy; the Multiple Policy Format version can be found at C:\Windows\schemas\CodeIntegrity\ExamplePolicies. +Intune's built-in WDAC support allows you to configure Windows 10 client computers to only run: -Setting "Trust apps with good reputation" to enabled is equivalent to adding [Option 14 (Enabled: Intelligent Security Graph Authorization)](./select-types-of-rules-to-create.md#windows-defender-application-control-policy-rules) to the DefaultWindows policy. - -1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. - -2. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Endpoint protection** as the **Profile type**. - - ![Configure profile](images/wdac-intune-create-profile-name.png) - -3. Click **Configure** > **Windows Defender Application Control**, choose from the following settings and then click **OK**: - - - **Application control code integrity policies**: Select **Audit only** to log events but not block any apps from running or select **Enforce** to allow only Windows components and Store apps to run. - - **Trust apps with good reputation**: Select **Enable** to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps. - - ![Configure built-in WDAC](images/wdac-intune-wdac-settings.png) - -## Using a Custom OMA-URI Profile +- Windows components +- 3rd party hardware and software kernel drivers +- Microsoft Store-signed apps +- [Optional] Reputable apps as defined by the Intelligent Security Graph (ISG) > [!NOTE] -> Policies deployed through Intune Custom OMA-URI are subject to a 350,000 byte limit. Customers whose devices are running 1903+ builds of Windows are encouraged to use [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) which are more streamlined and less than 350K bytes in size. +> Intune's built-in policies use the pre-1903 single-policy format version of the DefaultWindows policy. You can use Intune's custom OMA-URI feature to deploy your own multiple-policy format WDAC policies and leverage features available on Windows 10 1903+ as described later in this topic. -### For 1903+ systems +> [!NOTE] +> Intune currently uses the AppLocker CSP to deploy its built-in policies. The AppLocker CSP will always request a reboot when applying WDAC policies. You can use Intune's custom OMA-URI feature with the ApplicationControl CSP to deploy your own WDAC policies rebootlessly. -Beginning in 1903, Custom OMA-URI policy deployment leverages the [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp), which has support for multiple policies and rebootless policies. +To use Intune's built-in WDAC policies, configure [Endpoint Protection for Windows 10 (and later)](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=/intune/configuration/toc.json&bc=/intune/configuration/breadcrumb/toc.json). -#### Deploying policies -The steps to use Intune's Custom OMA-URI functionality are: +## Deploy WDAC policies with custom OMA-URI + +> [!NOTE] +> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create WDAC policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) which allow more granular policy. + +### Deploy custom WDAC policies on Windows 10 1903+ + +Beginning with Windows 10 1903, custom OMA-URI policy deployment can use the [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp), which has support for multiple policies and rebootless policies. + +The steps to use Intune's custom OMA-URI functionality are: 1. Know a generated policy's GUID, which can be found in the policy xml as `` 2. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. -3. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. +3. Open the Microsoft Intune portal and [create a profile with custom settings](https://docs.microsoft.com/mem/intune/configuration/custom-settings-windows-10). -4. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Custom** as the **Profile type**. - -5. Add a row, then give your policy a name and use the following settings: +4. Specify a **Name** and **Description** and use the following values for the remaining custom OMA-URI settings: - **OMA-URI**: ./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy - **Data type**: Base64 - **Certificate file**: upload your binary format policy file. You do not need to upload a Base64 file, as Intune will convert the uploaded .bin file to Base64 on your behalf. @@ -73,29 +68,28 @@ The steps to use Intune's Custom OMA-URI functionality are: > [!div class="mx-imgBorder"] > ![Configure custom WDAC](images/wdac-intune-custom-oma-uri.png) -#### Removing policies +### Remove WDAC policies on Windows 10 1903+ -Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to functionally do a rebootless delete, first replace the existing policy with an Allow All policy (found at C:\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml) and then delete the updated policy. This will immediately prevent anything from being blocked and fully deactive the policy on the next reboot. +Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to disable WDAC enforcement, first replace the existing policy with a new version of the policy that will "Allow *", like the rules in the example policy at %windir%\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml. Once the updated policy is deployed, you can then delete the policy from the Intune portal. This will prevent anything from being blocked and fully remove the WDAC policy on the next reboot. ### For pre-1903 systems #### Deploying policies + The steps to use Intune's Custom OMA-URI functionality to leverage the [AppLocker CSP](/windows/client-management/mdm/applocker-csp) and deploy a custom WDAC policy to pre-1903 systems are: 1. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. -2. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. +2. Open the Microsoft Intune portal and [create a profile with custom settings](https://docs.microsoft.com/mem/intune/configuration/custom-settings-windows-10). -3. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Custom** as the **Profile type**. - -4. Add a row, then give your policy a name and use the following settings: +3. Specify a **Name** and **Description** and use the following values for the remaining custom OMA-URI settings: - **OMA-URI**: ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy) - **Data type**: Base64 - **Certificate file**: upload your binary format policy file - + > [!NOTE] > Deploying policies via the AppLocker CSP will force a reboot during OOBE. #### Removing policies -Policies deployed through Intune via the AppLocker CSP cannot be deleted through the Intune console. In order to disable WDAC policy enforcement, either deploy an audit-mode policy and/or use a script to delete the existing policy. \ No newline at end of file +Policies deployed through Intune via the AppLocker CSP cannot be deleted through the Intune console. In order to disable WDAC policy enforcement, either deploy an audit-mode policy or use a script to delete the existing policy. diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-memcm.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-memcm.md new file mode 100644 index 0000000000..7f56bfe99a --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-memcm.md @@ -0,0 +1,40 @@ +--- +title: Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Endpoint Configuration Manager (MEMCM) (Windows 10) +description: You can use Microsoft Endpoint Configuration Manager (MEMCM) to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide. +keywords: security, malware +ms.prod: m365-security +audience: ITPro +ms.collection: M365-security-compliance +author: jsuther1974 +ms.reviewer: jogeurte +ms.author: jsuther +manager: dansimp +ms.date: 04/14/2021 +ms.technology: mde +--- + +# Deploy WDAC policies by using Microsoft Endpoint Configuration Manager (MEMCM) + +**Applies to:** + +- Windows 10 +- Windows Server 2016 and above + +You can use Microsoft Endpoint Configuration Manager (MEMCM) to configure Windows Defender Application Control (WDAC) on client machines. + +## Use MEMCM's built-in policies + +MEMCM includes native support for WDAC, which allows you to configure Windows 10 client computers with a policy that will only allow: + +- Windows components +- Microsoft Store apps +- Apps installed by MEMCM (MEMCM self-configured as a managed installer) +- [Optional] Reputable apps as defined by the Intelligent Security Graph (ISG) +- [Optional] Apps and executables already installed in admin-definable folder locations that MEMCM will allow through a one-time scan during policy creation on managed endpoints. + +For more information on using MEMCM's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) + +## Deploy custom WDAC policies using Packages/Programs or Task Sequences + + +Using MEMCM's built-in policies can be a helpful starting point, but customers may find the available circle-of-trust options available in MEMCM too limiting. To define your own circle-of-trust, you can use MEMCM to deploy custom WDAC policies using [script-based deployment](deploy-wdac-policies-using-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences. diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-script.md new file mode 100644 index 0000000000..023a0e7b4a --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-script.md @@ -0,0 +1,54 @@ +--- +title: Deploy Windows Defender Application Control (WDAC) policies using script (Windows 10) +description: Use scripts to deploy Windows Defender Application Control (WDAC) policies. Learn how with this step-by-step guide. +keywords: security, malware +ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.prod: m365-security +audience: ITPro +ms.collection: M365-security-compliance +author: jsuther1974 +ms.reviewer: jogeurte +ms.author: dansimp +manager: dansimp +ms.date: 04/12/2021 +ms.technology: mde +--- + +# Deploy WDAC policies using script + +**Applies to:** + +- Windows 10 +- Windows Server 2016 and above + +This topic describes how to deploy Windows Defender Application Control (WDAC) policies using script. The instructions below use Powershell but can work with any scripting host. + +> [!NOTE] +> To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool. + +## Script-based deployment process for WDAC policy + +1. Initialize the variables to be used by the script. + + ```powershell + # Policy binary files should be named as {GUID}.cip for multiple policy format files (where {GUID} = from the Policy XML) + # Single policy format binaries should be named as SiPolicy.p7b. + $PolicyBinary = "" + $DestinationFolder = $env:windir+"\System32\CodeIntegrity\CIPolicies\Active\" + $RefreshPolicyTool = "" + ``` + +2. Copy WDAC policy binary to the destination folder. + + ```powershell + cp $PolicyBinary $DestinationFolder + ``` + +3. Repeat steps 1-2 as appropriate to deploy additional WDAC policies. +4. Run RefreshPolicy.exe to activate and refresh all WDAC policies on the managed endpoint. + + ```powershell + & $RefreshPolicyTool + ``` + +5. If successful, you should see the message **Rebootless ConfigCI Policy Refreshing Succeeded!** diff --git a/windows/security/threat-protection/windows-defender-application-control/images/PolicyFlow.png b/windows/security/threat-protection/windows-defender-application-control/images/PolicyFlow.png new file mode 100644 index 0000000000000000000000000000000000000000..13874b6392a89d2161102ef34bf7c22730dfbfb4 GIT binary patch literal 71184 zcmeFZc{G)48$Z5@Xi|pQrwoP6W2q!lWh_H7WFAu_A$FOzZ75=kL=hQ6=6TFak)q6O z5sJ(q+nBhfCyXU9~JD)6bgf>gvWL z=#N=ByM@qbY8%sIXf)cnrdsyxZsccv=*UNQCLgcUA`w&%pEpw6qty|jcdjw@-m_X9 z>yb9m#a!l==2|*wQe|wv?2)-)(&v~qIX~^#RCSaLh(e(cmT8l672=L7_yLw;pBS@+um` zp-`sczzbPB9u;!i)=do*G#`S|J)P6rx3e?zvN6K-6t86F~nr4fDy`i!O|9kQOSp7fc z`rDkoX5rR`*b-zmSDF)KHfDo|HaFI1aLq!mXUdEH+W%>XcL*jMbK$L3qz9W>R+aBjO)dNP~YmZi}6L9N(!68LMB3V3$chh0pU6FF&!>F~m(JL_PY+3?FRU&PL;o{&i)OlCf*j=2*OPHc`YOD&d=SXKiKd4O-GkrsCB3 z{*hoKqT>;BnYzkg5m8+K?Ab#khn|6}O#P1k*ntow$MNWE`~g|o@)~d5dzA&Js~WIL z@>7NkFB7gBR|?o_gk|aTsIhTx7-<_m=pkPkzCYR&{WAMpjLpibLoB9Nns-2&b%rOh zhiHlK3AY5^OArL{Ib6n$D@CFDYqnv#o@JGf{&UOw6x!^Ee!TbldZJxEr1-K%**BV~ zBz{3HKc0)%v9I15KPO+8q?~;_z#|uKcm0h#88&iZV?w}#?ZSnXBEPBL_hN-J?@umS zW;MB;Zyr6?pD<@jV>9kC{?1JZV#7|rXe~6oaV_`33!a4}%6Xn;1+#Mj}mr&{RUQQ$&6(mn|7IGk2&Av)9vU|4RQahC%KoS@z zy3Hf1x@!2Ma3;J^*l~RFF-~1`wA4(WhmLgO?oq)FnTqnYm+EZ!Pl$&9P)eH`B?jGg zQlz$%Dt<8kU667Djd?Gpb?e)2@t%e;FL=(5pV2UlJyD^$=JsM?@k3Q|h3_F!g8RBv zC@V+w5#F9eLWF)t*kw!ADU#(>qv7f+Mogdc`uM1`PKrk5%$!oV(0}vwqN|Dadpuv2 zb1-FcV=*sNKw}%JsW-zL^Vr;dW!3MAp%UAzuJvSs)UQfM>kGJ^sW#f(+Ffl*$yyS3 zHnl=3o6?9zw+4jWOnetaZ%S=S5L9E|7c|@JJ;c+RCeB#*&XhoW-3hu1u|6RSOq<$o z+ELmpURMiI%yn~fQ#UjFt|lLg>9>0*sr`m@`x=>Kbj)~8YW&6LSiS4?B#*D8lN~O0 zlZM6a6;_I0M{TSAsTtS<3g!kY60`iPX>IHaiSf>^(GruwiB)5TR-@#_i9=$?}_?IZuv1%fH3Am{a$l+ZlO)ns#m5(E3}iT-?^bT*QucYI7aS^`EHP6fpiTV5sl9~NB;_?t zrnvTrg}ubYY8S4=?EBlBEu2RCYfubN%6Xm1y8fmP(^wp>Wtau3#mSoB-n%TnA*Rj7 zZL}}GsYAVFZYn|bnKV%^fwztK4Ws2(Qe`SuZxo|dad-9G&?2jL)DCAY9Bw^Ap{{fx z6dz)Hqsn)YzWbs9e$JKCa3FudP|jdw@tcSShTat z0!=v!7XL}2lOWpvqTO@S#61zZhTb^$HUax8PCPm=Mn$2 zQ+Y|Ea$CLKgw#Kr;F!M1Gd0K4whp6WX#dH&qEg!)*S(m4p3pG6qqdP;`v!-5n@fY8 zI_eU~QyMt-a~XLsH1-p*Gztv_|DqJr#LWLTi-(7YN&b&sb1P>Tr;s~jscD>lu6B;W zHZm(TM|`2^XUS20-N;7tDXWF~#r&jwAk z=gDe(>ZxLrQjvsz@X%Rmc(M~a?PtCEFD_mddA6Z1)stZ|SI=;9cv7fTHkL6hITLeI zx#TgkZP#Rq{vmaudLJQ*vBN?z{C#4v|L9Y-)Pk{h?z&q-*1_6c(v0N^WbMx6|N>IdQ;-hJWn3;A6i9!kV^;UEo`ufvn3PpI%Wk4cj!j#i_`m`isQ1 zWEo8?YQnVhj;2WxCBLQ6iJ$qGEeY_W{ohR&Fh1%lSdJ|2Hs=1OG{YTGoA0sCc0nmn z;Nz~B)^$tHF~cOmV&~6qgY%Xj=tl&f5p@3aCYXLR#U5 z($ab!(Q;KHsqaCGW8X4~$KK*GypmNV?8&v@w6 z`Ro<(CdG=!#qF#g)7k3378j(c$Ev!$vbMeUT0%Sd7;9Tfsoyk7RY#e?qA9Pz`*OHnGM@#I?4&<*NV^2 zWO_=cUX|j1sBG~3oqLMGp@X^E6T2xjzGoi|_{n}uX~s@Ju7DasLC$CJ92J?4eTIGZ ziE6*QJO1hFa#P;j(C?1!nll-!7bYZlR(v#xt6x_oJ;IgLVa&gPf0IhT8l9!Cad)<7 z;-Td1tH$E&Q`#Dm$?wTuJ7;3Ny_L;drx!eeU1Reh$~JE6#=Hj&dz^nYIJJT=^pa=( zciu~oJ$l#sumYH(KN@FZjlQ~BFRdXG7gvdt3hCRL2@9pu?#BRfI5W}{(lGs3E z?>Sj#!y}`!cE0c<)}$y9`&V&xS`$Xop?B?6tjtUTPZd?`iwpmWq8^UK>Au!ULbhU+ z$9hANlh3=KH#7`|m>vxcr1Pb&2lLr%w!{o2r3~JTrc1)toy^ z*s@6X=0%yE4EXz5jCaUAgZn%0o!MtUP~ym4cBAAMX$dTR@=v~2Z8vg2p&^s`*{|v8 zn?!f9y`iDJO~DEXd_VZhM?F^BGF%`WI}ig_`yW`o{DmFXK7apL_t@NUV?wyF2`ewB zM#L+jy>l)G^0@U$6Fh;9V^3tk1gTO`wd$XHl&9htz905f?q3=9+Rc}+_09vz|4Q1c z?IQOAWtU+G|H#fg56@5a7GLU3)lBB{Wl}A)KJE|c`HRiPstv-J%trmDxa;CXXIt;c z$jI9&n>6gooaJDysebRkK=Tq*d=^3hVg!93ZH}c1kUxL^eAVGs{pBu>ao-nzea&x8 zPz(-Of)t`P)1cVHhIYRk_0uB9(WWPgPKi@LKZVj?@~tesr!=>@j@uk?WZdMo^NnDT?f7igx4Zr2=Vo>Pnwst_qY6s5cAFin^BS`6mv&#a|L(lLI7!%5 zzhF}3VHpec7+(bu^6G}}-d_Fy76Su=A@+|X;tZbrQ+u*Hp8c}%of40ASB_Sfhj4)#!zLRi+!VLPmXs9I~MxkC@5h0hgOMLwS^uGSlBPg&0;t$N?TX`-Tmfg2C zj1$Lgti82&7_9a8rwr1zrTrDQ?>s>5cMsZZqwdoBN_wn0OVV-Il2~U1W!vM012j0S zf4Kc6C=+zLvnfXE{H(4>CT19&yH`-!amAy`{>R1Hn7+3T3Crb@&cEZRjT;gyxG04O zs&LKHtteDF5_c1=BB!zpi>P)9+jwSbnvAvGuRJv|A=o`-DEI!Z;RM^vwK6r>05=(u`+Dp zU2kmL98TK7?=tp=s=d+YAJ8!S&A(97dl|g{ivjZxH%qc_OM~XC;cS@!;T4ZY#p0iu zLBl@+Xa!N#hoD%b8^QBg(QK%%?79C z%0?g0rrN#Lh4DeR%O(mxeV{;W#67Gw-J5kBtqFr90LQdEOz;%^V*C#;ZqYWAV$M zQDUl_@1NE_NSCztZ@ypfzUwZ&HF|bEF0-&Vh)qV?V{O^%b7%VX`ewnd>;9%ZF%JTD zg9xb$f$Cg+c{j_cS5fWQg47fxs$*Wi>9IA1QT|4Uxj#TAn#vu zAuP1cwZil9-Rnd3!M|RLFen~SVEpSpZ#1t<339K!?1C*tQ$F+K6_wzu46S|8syuL( zv2!l9V$e>qQn8+TV)=qbV7&h*(+~BvZtAUig{*q*CyQ4Rb??68nHOofBSotmRYDI{ zOD;r{F}w~NCdrXz$+BPXbpmDatsywz@? zk|le(dL*#c37xBZn_*XE+_rOG4^<}~9&j5XVOSGu*%w9GPjsp3eehnG?OO-O zT4y!6{6k4{$?qWBhXi$$=Muqrf$C~t4+YX2n8^zB^T*if13nkP?X?5L(|-2is& zBaZ@JWz|^B4nLz$`$|rUo}vtP^`a9T zYB7TZJJC8u0sSL^1zU2;@~v8*vZIp5AyF{@3c6INinz*ltddZ#mEX$t(hhrHzV;8nUicaomT(Ln&D|4xPpJXh__p#ASYD`QgpB zPfZywb{}(~W8gMzNfghWxs1McM%`@AWOLEv;M$YAY|-(e(mIEkS*TKb9)DbTb&yIW zH^n{hXHaUvU>WuyH$I}2KWQR>6hI0L5lk8<_gsbQwqw9?V(v#L0bkZj-#I>~;l-snL z_n#+^--{vJGAO=)&~Wrgw)ew`+oU+bgw-!@-JYL1Hvanm6k@^h6)& zsJuCRL2=EVKdGCK_*y%vn!-~XR$s<7Tu^$&pdw)w(P4hT7rn&FeaPV+9dVaHbNQoB z%bgG<=a_8N7iuNzW+i4E471%g;Vl3F?ZsvjG9u_sH`$s;W}&B8u>{H2{;=qAD6jF4 z*9Wr=y&e}mxc>6gEv^{qL_sw!b_)L=zeL&W_d8HUz7Z)o^1_IjDbOh#{GiL=+KJUX zT@DRX^6E6?@z-|`(cx1}-rAcK5ERLTvMVkTQ&_fJkvCNzc%@4FZ`I>M`>aG~HETWwXc za&{En+=k(LWB41vy}6Btf?0^`pq6HXLrIwv^GYT*o$rX{k0yC8H@hBi(A((mzy`kW zAL{lSZcHy)@R(4F)f9SHs2BUD`(WtajR1#g>6k82CX*gS8(F6nXPhF0!p zVx_==a;`$>3>V`|5OqK6(5RSS&YB->4#qt_lPVL_G5AX8-81o9_>dDxKgdmAQgFy- z*9!X&;_t8VS$Bp1qP{pNk&8BUKQ{pQbDC@{|BQFY@}kT0c!z@J&LMUdovSfjX_CPU zg+iy$sn>Fv48EC^PdoJr_*K-8J7)FV#OlyEb~Il*$DCTaIaoRQ_~}iZ?vt5<5*Z(R zC1pgOb01O$iVPgB8OK5d@HRCe<#c!(9L8@^QlqTwX=RR5^|3 zBZywn#FhC`hY(@Lxu^xpb9SN+rT}2n+dM?mlE3e85}|waYpyCm{`HyIB<>1<9*uzU z)CJM_y)vV-TE);ll&N2hV0&1);zE$CHl6jlUvqM#j?V`7d1zGd-7}shIcM_yChd@1sPc)|cgO>c0R?zE`5$ka zc@`ARurCTcJ-R_#CQo{Ybjw(`N-Pl)d1G%*k>n{jEHT+K!Ft)Z+MI5MUVMA+`(cvk z-nG;PY_N{yWQ5wqv1z2b7xMSLC$w83DaL?DTe-Vd7^Ei`! zNI;(CCGDo)3uz!@>EV;>EulNY%%o>tgE7Sv(gten;c8?5 zol&owg!aGc!J5DK=eUiLg2*$*(sT-i(7it|?NOj13CMqZ(a*J1mvNOdQB#M7@zCe_ z%AaYzBC6%YamQ3XmSJtnhpJ#u1;QT8#HFcT^NMGD__BI2quE{M)VhOf^eAsr3M<3U zyGRiHTfgSt;`VTOavxywYY}UE6QlHjC4<{mH?!KW=D`yJ?fO)L-#`C}^N{m0Q-Z%zSq5DxFOP8<~|6a4JYLG1H zwgmbmrY|qetS0YGb3&8NlU^N-#lj?_NwU4s16&t&V8R&3IxnqI-ZeLsRw=wqz2o&~+}cs&2feKj*eC;i)~`fZ13gW|hSg0GjA zm3^&1i8y)Fnx>kobuYgeD=?X^Z5fT=ntbnfP{9}FH*p)Oz@E=|S|wnuQPO0SsqdMs z|5i01hp>UVYJ*}-fwtm=NJ z$MH7{cm&E_7aJmv%L=Bm2G)vQ(r^kQsT0g2Iws1yc+l5r3H$?hdu&wq{nnn5(ZU8A z_7O9u7e_^BEIyYFG!*-v`J&MuZn&}(I-LNNU;`5h(q^7OWJOnENoS;)o@lW9J>k(a zF<~>RaK$XFtvK#0*|k5=ltTCM@`*2y=_6$b`l_o6_&84TP-->QNN!q<(!=B0-cJiU zT{5-tgn7oSa1G|>&Obu=P)^EpkFsh{j7^Z3xsv5hQYN<6y2VO=(9rKBLQXECBD&ZW z%B}tZyJm(jvAc68@Rpo2^e~-Etx&6wJ~J!3{}pJ`ta6m)9;C^wkQ~~4SwA51C5@5; z38V@K*`y`y2VC&v4)krVoq87X@NRd}gqpGkGap8C@^8vMW=v2vX9-1P&28yCH^3D-uFMYAzoizno_eZl zxZYD}GepbjA-_wY4c=|tLR)n;aJ(Q%8Q*|0w&@&PgcvAcqxUbCCz3KJNY^S=3#>;f zHuIo({U*|RhG|w}0*oLdCgMJS7q|a>FZIQS`j~ro$M1M1;h-2mYv9p7-94~{SM)30 zS5C&@F>Qy2B4QVzYT_ZdOW+G1gagm8nNt@--Y3crOJrkozF*TRv|k_j619tvo-dp( zt&lZM(jl(SM-W9v1ee2ibg**9a=2IV3SyA>?B@AxI*KBsC4wl4GXpYCV#r+S)NbragV6+H6EoPCZv=R|k z6k)syPHAX}8r28ak^6oj}NfliSCAB?_+S*%6KE*TRs68+JL2|~8XMn3mY(7wq@5(@wvd!Zy_oG3?d#WKPji^;X zK4InNcE0S4tRn?S{u}vWy=Gj@Af^--|HUwAt z2iM+;ei{J$H*l8(-C&Ngg}4P*UYd5krZ>V=-)k>U9ggMZAhS#Htt(!%cM2FaM+gndO{YMXH za}PAr%IW|z|IWkC>7SZnvD*$EoSl0 z-wITglR4FaksKFXRlu{~6A)t&6pXL89A=+4YnBP9h0vL=Uy{N+l|zV}ZohXW7S|uN ziq`HgwhlJBi|OC&kZk5nY_@^C_?w+;RC(Q~P>kXc-JgQer?f97II)HG7Oa~PD}qNw zr%o|9%iN7ER>rCO_2FKcQh3VyvvGfLGJtAzR4JG8o!~VMega(`FGpg5m21VzN#Wh(# zNZ0;ayhB--$%6vGgU6@KCPw+~XwPWvk-yjIF>^^W7U@1PUQp2nk-j+I#p$xXx;WPG zoPX%F6gNxunKNfTOnOH495HnOewp9DfB!?(W#uZXx{H&dh6HNbxJCr?|H%I~@FntQ zGSu;h$sMD|UD6`74THSxOWqm?@e%a2&I^7V6*RscsK(20ayG``Fm1I8zp=V&;M@^@ zKdBGpGreZnWooFWk;HRvY#Oz&G{em%51BA>R*t$khlqL`uR6DYe#}6DhR`r0!M{F` zRuh9%{)+ng`et2RK7SV(M>E!Zf+R%|iXfP28hbf!T3y;%%1Nm4R;`nt@Euj~s$P2| z%f|dhL~k*i___(x82{L)xLaRQGMgty@%Z_G>h^$moCN7>0vs zvn{(UYS#%afi45Z&Vg@jC6k@+&QDhTz(T$9iNRxu*mLhlsuC1MB@I(F>LnU6}^H zgX9%ErF7Y&gRhXBYsliNt6FR^soDt0ng)$RJeXV&9I z`7>wF)=xf399?fU|L{2CX5)TZRQnzUQ&Yr-jn5{oz2WgtotqoJg3l+bNZzg{$uhwp zU?4E}tiFkf%vGw#j5dMBRUX*#X+{(kJbP>l7w8G&_5^tTg!tpzO762W!zUZQ4)|d0 z(x)d+p6tSSl}F3qJQha29F>Wn_(-i_iZT}rSs)yT8Iz;xsgxp|JHvYm7o@)+^@)QW z)N_oJPvs6=kR{Imb}V#HPfy!927I{s6@6mx3XO=|p9j7`W<3U>txC0+MRn)q4rG*( zTkVzj@4AuCFHdcGZ~_X=x-&4iIss*c1gL=pF?HVPj<$;F!LKl zXai;I5rz|JcySl}P3+6vh(cw%t0#8kZklqFk`p>6Y_<@C2^7fKqm!;m^m7kUXiuzK zK^+!uzOAu6QfWE{H=n)x4UHu&36^omZthWtOF-}gq(Qo~CvIS|eIh!h!#i8c;bT8m z0yKI>$`wGVxz&g2;D_*C3(=+&5?qYp_`*vKCer42n}JEcj-b-7>}ZuXy{4N<+5IV5 zEW5tS%sPO-R;Vq*P5>Xt`mHU`S~&f9_h^@i_~1Y;3kvou1zk2BZRTCgQ2me7p%pB` zt}gJFG0Ij^E5vbty+~|y%CB5e2xOk!x8D0EsuNZJgd?6F|!xF>sWKSv_OeiU{ zQ7Z+qlC8>$kPG^!<~5iwo5wWi-lFgv-=V?uB(f4+pzOZ3tDGLHfEI&)T|*`9$j9?* ze3WavY=BHH~r_%t81?D3pGuMQc-@LRXDV zyxY#s?p8Rt$ibbL>jnbUJ!K=8KTX{tRzodN10J>h(#6KtN*Slft6O)Bs(P^Y&XM6# zWwFU1lq%5ZU3Xz^unu46wced;k?`fq7vNmb#htDuBmV?<7YkVrJKBq~XJCNM2=H?C zg>`7405QzZcQzzo+@ZlL?d}{GWZp*`w+A9hT+~@RR`CcKw`TFS&I zdMbeDyI@@I`~yXkb7P0|Iff>c?teu~V^?Kuhart0(l~*_bHRJN`}IYw&I^FYoY&)5=(K7Mbe zzhc*qkKi9W^*tZK?rH1Bp03HV%$t2^QAfS_GcFyu2$}H@>Krj|T5<2|*~Tp5O7&G_ zx_{iCRe%1iW||J8CMYSd&JHQw=dE6Y7?q6vi;hEX&Lh@lz=GBaUiA3XZGq zo0^)uF!Fc5y$vxUm!;pauehT~D>v>82QwLD4qgEe2oxZm@Y9qhtH%~)QOmynbK`mN z6CV2%2kSFXQ0t6~cOy<8rZSuiKo$I9S?P%bisl!V0B8KVhLnS@)<83z=Chf#5v}L_ z9o3U1CT{V*{*(ub8FJIZwO*%XK0?xSu6M6&`=573wNZYB{lyrOi-7l}nFU=K{CvTHf6RPHw4c3Bznz691=blz7IgmCf}E} z%ju6BSWxV6Xt4R9aFuTIBl%AXj;F{P4|ZInY}FlG+b79w4U^}uXBmDHB0CgVZ71-S zrp0JS`CDWFz)9tJ{DRy*?~123C_Wvsden|hF0>;f021mQ?&h3(JWVMsBM;mDd03r9 zA`Kl;H=cnBkeq(%V`#5$BO^B*o)!QJXaA6Z!)|V1ouDcZKkYcxQ}~O{6l8zQar#@y zAnLD4fNWBKma_wADLf(F3K;{4ErY#=dQHY5K8kH?v_!^Z?V}J`+?7B4+Z^=E8D4GP z((atw6db=dYnAVMn2PCB#FhQ$9`lM2aNaEi?V)|6qoZ3_S6wysmAcH|yuT;sG6hFQIY2=ss`rS?Fd!Ra|8s8;lmHnDpLcZ}%+XgMK< ze1XTj;IaF_lEGun;Nb7@ql^m6%FdSpP*~`1b1j zgJ}k;Qegfq1LQ7U?SV?{QN;hAPPo+^1OE3CC)(^yZFvZ^GwLn~`Cdj&<5Ytd21K?( zgjU=ZH;jY4yX>+!q3z y1YU76Lb+0_CH}08PqIjeU4>^y`W07HS1u-rN>f4|}(T zF^wV^=s=+qh6=6bdo&85?sNm*#f~-evHa1=$e_so@GhKhV22kV8Zg_WJ>l zR)9|r3@_wmA~*b22exO3J|lz()Y81?0H(?1;pTpR8uVNOkoyZpAyFvtF^B;2EWEcb zyScdmAut`Gy9Yu8Kg~@5z4jt-eglC2c_+RU0)#*=Wo49 z;TtmDw&H2;Gm0}q2SnW{CS_tukPGI*(EsLv;DRR0hZHqW3350cl0A8F}u2< zaj~;Z6s)h}O}l#rcvD9vz}SRv)RQmph?f~%pokST82M-nZES23kXf5>g#PLua1p?+ zh*h!OfDnyg@!h_LBIGIA)8i>2fXr@&qp&B?W;uvQ-;xtN&cCHHs5CdylC6eCfSxkU zBS17*2r+$F)AQ|{0F7?Q1hVn!@}}tX*E=F1X$iNbTvZZzXZk$3wG^7^+Y*}K-=rp_ z(2kw0q4vQbj5W19B8X5GlqPxmC#b+zoj5z-#5IcJD;Fke{pr6V$Iws_12Ck6kJMb_ zIm>vHYE@C>-7zWmg}VsZ*-B2!Lb0UgQiN3ZGk8sNE53{^41y3=ZMpF|^s$`wt%A zUkA<(Y+J2BPl@Abfc;O<3?Sqn5Ym9`YuB^7Y-9!97ZCOsF)5I9E&}h<}pa_D`tDd-Ee-;?FF?m>IkS$|Ad8msfs-ZEYK3jysGH$lFdp-vc;> zJpJy?mGA%`b>_#&@^QQ%Z)Dr?(v}i}V`plpE10Na<|Kn4j&D0C&zoV%?Ezm^J*Vjc zTin2J3D8IYJlPhdtRqwwuXm)VMN2%lr7Tqvxi}-`x{xA{xHIl;X@2<%F@1~Inn=DE zjxypvza|QqR2nkd18NGjr35lOZ}wGU%ThGKs)c*^Iz2IcXpHBqEYInLoWEQpnmX26Tn7%PbX|JFH@EYc`YdO;CJY{ zMsM$H2@Wx)rx*ddd4O<;g~qEZ^S2yK&p~_83Wt-~_A@<1z*zAf7|36N3W$BKDErvauOEQt!25jir{~_*;1;Q2i~>Z^{7l&>U{e!f=sutR z6KPtcVC0tnw%$Qj$&W=yzSnXdUMx(*HM@zB)}jptDtKEjT*wHV^VVh2%bYS1wPSE> z3n))RGR(pZuz=as64^531xUE@`2@1rjtniTM~@zrm*VegrtCQZWY0cAv9@B!At`zQ+NASQ;w((cP)JAXeT#SW=Hg`-sI16z*5 z_$kb({;g(yb7Hf=HZa$%%fcp=0yNBETsu6F*@_8v+fhIaw8RdX?i9DLMUK&;WMd^= z<`PrvplTx1yLanyElBbtvhV2t;By= z1myrj;shnnDJwHz7J-8Ij+zQ1C}6@+*ti_@5OVsKeUM7?(x64(Fe0y5XoYk&K!UL4 znPo$P#)|?)F>E3ryRdCD^Kcp2Bfv+)Q_M=pIX@bj$)X=9F)LqV^NE}EzC94 z(Zsct`N3ljkmPUc{sI9etnrbAEnAYMM^->mIv=?;nXNbXLF5RCBmkNOp=@0S0mBPG zG&_1>GR(G1#`*U#P^=3g7e^7dEv{7S%7HxI@?aQ)N!XwigV-?&&FDgLrE+Ld@2K1& z6!YRoFyn1+VBZu#921rA+Ob*K{2$to01`>qwoByY#?0tBpIWfiKktTin(%F7fYXRh z9tv!60j}0v7=*&|4sVOgM-JOUxai$05M}zXiJ$ElGUBy`tXu4o)uQ<(j6DwRhl*E= zbx2sa&z93f2LN0-jLC+4#HR1 z`{3Kes1Tfr^1VE@uje@Wb^BJVV>TD%L;e*VFef$#+yf`o$ORV#WD(=2zKUI2&P~B0 zUj_ItVh|K^+hp65Z#@BU{W>$Vx&9UuM+YF_urM1U_YNln8KWBx(&VDIlC1rYOewZ# zfC)bM+24sMF)3iT*n5+s(Fk%Jto{w_ZOeK;)F&fHv!AGyIgMX)FkObC^tNgFnjx+W z2gTK!z)NsD;M|bqdD!dE?@=ZSrURWJUiC^7EV|=bA|Cufw!W%ZK~bd)6+8s zk>M)`IVR;yyY+Ar0@_il-$C)ICiEMvkW7O0K+2WEmumbEmXK>LRN&sXu7MM5`mbwD z@apqdd-ZR?36luxg74H?QR4;o{I(D}b{4d9S7D}n5mYK}1(SciRQR$90aC4B>)Exo zmSzGQk~wr!Ag=7IFd}RKXka+$Rv-Xed}P zy#NJZ!0exw18fLcEYuPcMMzo_TaIRF|K@wAl!B?R004e{FQrF+#Z-vFK z%YN4=guGLvjLDQ1)a}KNx*=oDUeyV=Nzih;f3TVz>{S3c{0*j^S5o3~>~~5Vl4vC?Wc41g{( z>hHk2u?oqP*LMq@^Dq)|pWig(Z<1c`WG{oVsFRs>V|1poe_uOZ3U1H~bweNDdZK!8 z&)>8%O!|iHda5j_@VxflPrOE2pQ5bmfP%wo{}FkqlSC$n6%bq_!loVd=>y?IhMm;vJ#64Al2=tF;|h@< zDk+MQI_c}g&5Z&4u6G|ke5jqY>M@&wK&WSjIFA-71aTdJDvU(}QjexH)q4T6T-h6k z3kzL(HrHY|9T#Rc*Q?mr7&h8*tLpUG3D)^N&{zySgIIwmS|p1>4!fb^4$h4iK+^TnmJD1E`TiHkmsU_?K7g`=eL^6x+%WJ2 zzlidA14r&qamu+macOXyM!{ZN|F7D4Xdx4*tdJ*;WZyT?&Tm za*)rtpv087%I3+eHPj-yTa-s`Hx)F4|9o5P5m5a9Kd0OnerX4ap32lTM;W>PR*kmYh z{_S;Ku9jSlEuucfID8PkPE%X|xQMUKlyhlMy5)1}8Hm^aa5V?{m?qkhGpxV#73nn< zR7*F@GXu6hS7ZDDJ_OWtj1^tFF@&}$KrDTdC$jAlwJ19)9K&ZNMGne4Sq z7lRYDbnC;yxYUA5CBy9U*ujB?-ZX4~@a2EHJ60{Ba>Xl(5128TAypfT*;LbZZTcK4 zTYkU$TQC(M!f25@4~hTI?A?Dj9mI~RBFht$AX(aVYD zw*B(mo4{G-x3TUE$}R@~fA{BpeBjbsj?aP54&kKjWma5I4BNJj&}ur#U;Pa{&$SYj zI8pQ^U&-a6j6?6+0WHayIg7fX+As^+wT|a9Gs?mAgC(Pa2T}%+BP}|Lnk2y`)$+|1 zi(1UcSCdPpW=65l%lkWoeDY~{M4YQsW>Sv5MY|Ls!C!?vXUIEXS0E8zZCp8EEf|A) zPT6$n+pU$N5}u!m8ddIkJ@LyX+NMvxKQM>6g3#->_Ltj6D`es{B(q+8qkVxp>wORLciao7qK`F|} zXLJ}j&NPHyw;f*(E6g2e=xr;S_~qmJqOy3WNw^j1KoId5mx06trnyJ$=>a*WJ+_U+ zqf;Up-(nfA)mqd(e!|nDi06F`U#WRfP%V@C7Cw$6eOk*^uR!mIoDlYva&hXB4={0P zT@u-E=SO*d7M(7%w5#*Kc{AxWAXiiFuIJKGFQD;MctD87_FAPtk69b-!PyzTNwY*7 zN4Y45i$B}Q;rjv7O7d1(G#>HVysOEsH;Hi!${eNJU%HMA>@$As1PMd^=A zdJ^X5J@JFUb!~;SiO1iW)yS`k<10P%3`m)`or}`U*);y!t~y{TbHRYQVZSH4AG5o{ za^${q!>vimiWzb>l|c(7>IPRO1%InYO4~eJSYf$eR(e6PZ*sJ!$F4Pv;#RuA677F8 zR(?vElr+u$Yq)iHdzL|E70j_eBJy+-M6E@CD~}vF)<%kDJoa-!x~aUGzrsk9lsP?= z5pPX;_UZprgLg{>SbECMIZTr3spmmj5js4=Cfq$@<3n99Y51EYip6N%5!&Umz)|h^^RYFuZkoovuTQ4n{rt+ ztIAC4R{t--^D!0Onu^kOs&KDxf`@9R_1e!q&t|ecQuEmKhLyR@{~?F&m_j@Ahe|81 z8t%gUOhXoAOL`4NI0j*L2a&TQ5pWn!3Veu-bnuB7-}iKg2zJ^LL}5>gT_tsk~RVA?dYO z#q;XJt{==uTnA+5=)g1-PhJ*jLzacD z_Z{;NLFZ||S-c>jK9H#6Avk_v2!Q_A6Z_?(cX>6xzp#~>Mly^Ju4$GiXjl#;5`s$= zRt9jZ?Xh__YS$}03as0XG?-~Ry=lW}Bz2l@%MLz+#T9Z1DOm<+dZAoFzaIgGi4@e?67V(HSUmty%V^iwuDwIiaDo}c^ zA!L30o0h?Q%~9F!^Y%}XWYm+Zu0(uOD@#M`>sgI`SL{NI(_}VO?9N^}QY**urlBWm z{9xgbN7A{=URCa8@DYmfFrAeSOKm6YwrUl(!57~2aGt7{>D$wyHKYSL?X-Ov+JrGQ z6w(J_;uJ{`uD!y8G>*u3V(H10T+6Jq6;C7tK4p%PHrUGYS($hm%f?F%%b2ZSx&e@-yoFn{^|YI zjqXq94t>rBsh-=f2QAC~M#W%OO9H&flzPxG7}wB@o7bsJ1pB?|u54!@&#=<&`ol~x zV8ib)@x8``#Bi@52l}NJw`y+&X?)^8(n`0fQF=_vK0cMUc0njq=6=%b*9eoSnvVq{ ziQl$T)c16wuAp~TteYm<5|dXLzNho4*J+Q6Ug|J}eLOGb`9*k%<;uL&_3}qT`6f-2 z5VpVGKXR-fgkyGD`%<9LRI&D9lK+IxN%Wrasfjf+A)mps?aOyQXOEjE!h!0$h;nM^Su$rG!E^Uf)H46e6cI+f|!w(0ZCmNyb!E=sgbj>LbDo(?YP)Z1TqM}u^mHQ(6o zA;WNE8zadgh8-(;(n)~mg87{}n1&QQ@Pxc5`LO6i7~ zASNu{<#7l~+eGs-rEX_Du~QPh&EXuIE}i|>xYM39>p{0+0G!>V^*h(#COKJJvb;ac z&QbRY@ycrH&_-H-eTsXpJZ?AR*G&Pw{k$+M0oB}`+7i~S>|FqBhY>|9@2k-mllq)^ z5y$W_;Wu;Ll9k5KXfZl7{oLZa$FbLF*LmdUl__VP1Kk_a7xJvM_f9o}I8x?ahe}jj zWk%NT$l;IiPM?oaEN~9ACPbY;j)GWE7@k$xCvRR=Yn!0DDiAi1ydXM+(K(!5;of`i zdmgpo6z&DBZ&(!KX-sto4G+d0SdDen5d!V6%{r;7r7sq%T^%dNcf9D!wc@zwbjPxV z(&00y5iIS@ZyrtZU8u<;YHRyd^v{J|Em1B$_iH|+vVWPFLD>EtAEv)p-sr3`u5{+s zqa(wlpd8L{HNV5QZI!D3A6wrYNM-;2e^e@?ME1-mBSd8;G^~VVlZaG8l9jC;$6m<} z*~(V3DiX@fNyI55E6K4roZt06((^o@@2`KJr_O!f?{&SeeZ8)y<=EA-D>Ji7%{%|k zA?)8Bbdp{gN?mwgG|ir|EqvK@V8Hs=IKiRm-jK#PV@dP)SMjQA{g{_<>EIffWv2AF1kZ)T;W~bh{Z_7m~&PUp5HhK!*9;Bm&@R+ z&1#ejd%j7l>v@Bfo^g+AY$A4!eS8D5 zZ!GGZ!CG0&bW-M}IVFdCyu)OdHEWFQ=gk0El9}|HlHZ^w-J()ww;o@#;}JX4EPd1T zXNNkh43E9aYnkkrFl75k-$BpSdF}J3>YS_npE)`tu5{RGENFT^8&_A$IQdYfQMZ54 z_H&}(d)d?M3?HfG2Z{);EYpjT>8m;{Z^CY@93TzX1c7h7>kIRW$o%(%JrFNYgBX|D zsg<==ulW#g>KxwRGKc9&0bVf-JJ63adCMnu*l36TaZ_1~lgEx2jJQGJC;Lr(v2O?L zEDWTkCU)3fml%`ET(Gdok1KMiQH@Xk7x3TH3mti@;fk&D$VL^<|VJk3)p~^R#i-&JphC3t1gL(so-u zR_Z0H!x81s2bDPX+MkI&H|jujb|Ob56ZS|ztLk$GZDo(VnMa0!a<& zw{IBrfTNp^@iogAl!9Eiz2>1CgeU`6%qIL0mX+hw0tBIVdY3&rU$xwO*@K>U2L_{0 zk2j+rAGFQw@G#~(xp`FW`h_*x(}>u}TW0<4saXwXs0P-Z*%>EhFC`9DeSzh zCYI=d&8}#=rTns9DD<%MLpMkk3rJSUKaX9Fo$4GtL0I*Ll$gy^x=TKy49cJy9-!_#XH69Vo|Q3$=&l=0xyC>kxZQ zq79S!e?mlS+q{8?g(5_ryIWC~MgJWafzxYAYY?^f`b>c_E?MN>)>Zt(3}shHLEgO+v0}#6dO*{)x(5Cx+5c!bTzqMbr3i!J zWW*O^;tWSB5sFwE0@SMZBPI2DO68xEIA}Zh&_w0Ci$jEs){0){qPZcNISApenM!m3 ziy9YtE)%#k+^g;R(H0}oIw6Kv>=7W-a|`u>5Rv&4OV!Qa)!0vq6PyI)u9Av>h6zxI zD3j_QH7KwyLfnO(8On98UEQ<$*a_~slZ#>7Bnnke$=!YY$!PXT^obZ^smeFT=Q6jm zyp`&F16Fra82&6K=vztVb77S6_3r%s8TE38vr10d%={`%BX*spd4p_v$JHjUF=e`* ze+gu4 zTp_{5WZ1T3Cr5ticI;0-LYTn)JwKj*&k_r~i|LHYlCOW} zl+AFsge0E;oj4!pIfAZF>mMz?Jsz{@s#iJh&8Yd4=Q}l~jdI#&YswB=((aKcr)P{x zXRtgIAD6#7etI>)X&0S$5fBN|FZYS7Mn*j^2Tb076TB@Y5iyamiC`(691)h^XGPA~TiOn2Cp#BFbh=_1t~+pDOfwnGDIkmIe`^Av72 zo_OTl7aOa%pU#YsG7LFtgNmgJO?!PW9M1N$dsQz%P%v&}sSj-vIu26kMa$J+Dk(|*wuN>6&0`VY$%I1GaQl!ar7N!pzowpVsJ^fX@gtTIVXE7Guw zJ?#}_Q`r!i5tVBy`*4D5zB+@~B&g$*T6dkIahc76(sv==0ElM<8rL3pbB|!P>hvKP zGXQC}(Z^#nRxfsnB{PWr_!>O&==sZt1J{#vD4Cxh2w9qrbBFY%DrJ__%OQta7usEV z+D-5^m=w_v4va%qFR5Jd3H@)^nG@N>hh?k zO1~eLWld#bXe~HpFg+5Eq}@s`SWiPwMJE1fYxDO{OutwPXkY8-ZCREwF&zr#BjmMH zIFX<GA51fR; zb?9Oqh%9AAqdNG_!DShg&1%^vQzCR$m>NPs_J$<8E07e_pTudrR!!99UvlrLG+=Y0 z#k`bt!<2l_TGh$Zh`_lHDhT_IN}b%#5p;Jp{j%XP#lZKG)Zf|%hNQso8QUggYM=a6 zo2*`~D+w2#1H>>K(%d_19k279J?UY4q{fDhI8HAQ%+*=zR4631UPwC}v&5~YtXu8d zW%yKCLfHF5?}ZDUsU>VdQCc)`gD`!&DNZWxHLh;+QRM1|92`?R1FMUtICTc5t#y}; zPf8}4ZBcUa4jJJ}a~Md!6kWgYoZy?gyxMVv9up!G!i8}#)+g<@3rg>_tAE*m%Kw5d z7>`*B1opdLSfZVnhECQr0_#uY+k1DqOK>RS>uwp1zGx_`dLcP%Jcb6 z?rHCVm-SRSw85bxTv&;njg@Io0zg2HTaw$(hxx?RK<6(lT0sh!B0_P`(ci0!P-=N6`|_M3E0xom8&Q!lFC3zk z1(?dQ$DJ6H)An$SQNNyH?s{8Uo=?8f^X-)@9&9V)64R{1N?#YTNUak502aaJc! zaV~%dZ+Dt5fpTO}((&sHN#C7?(x>hoaiR@rKje^fxZXW>R<3nfJZA0sJ0O%F^bNaU z1-Y<-rQxZ@>9_g3L7Z%Gpphpp)DYD;NEs$$+ha0lXd%37XwIUVcG90g??Jt!9M3%h z!UF|O1e;wM<7yQh!v1*P9Kb~gbE#dc$289=Rj7W$B}w^*oPyAEvmSSF!~-G8ZBC+1v7sl0{aB1o zLY5~-sA9m&;F;e;5UL-X(^*47{V#`(2;IIz@JWBtpsR|lTS#>I_~xx?blYC;nwC|Z z$>v@D!-2jqpw_IC)UCer8D8K3RJtjdXLQOkCu?Zi?(bVpHa;Oy{dNR@!unJ{t82d+q|a+g zbUZ6L)Ao*$4o-12)SLaev6leuc!03njBq7nTpZ;VJG*u*yv!EF=$-q7g*UTDG`rgQ z=nav;`T0bbCSW?ShHDyadjp<|bk)b`de6-O$;+I_!=?hfG>O771Qyh5Z0Yz_!SiCwc zY;fjRTy(+HtSr9j%OJQSDe@EoV(oke1|ABpw=37E;CGxzd4^NcT2PvPn@*f*ZxAkp z6ESt^@ko=K#=iHiQEPvKn$_%)vHb+WJp(mt`hwn^8*ep7v?B-p@!2ug9-=sZSr&hYm_7YTKQ?#apGlMOHN! zGpjb+C$Z&r_?m4R=}UjVVgd6vFjR{*D|G%u357J(yoT~yvO$2Ikvy`hDqJkFYEpnsi%oZk|%|HKu=FJno)IppzeXz&|{-XL^b->~Z9@f}6sF z7d~s11Ei5Y(&^8Jq}|8fzk8=TZQ=oiSO1=uOHPig+;jeC7S*e|ri|hl0eo-r8Unvv z?3g6Al9rSPr<9RlUIuUtqiH4~C1;ef>!+P?blX#RC7-VekyU);$fIN|`++aXT|8uU zxOaHxO8+jgLPgyf)t8+VtYE)$yftWS^%&G7fSfNF@zeIy*bhLOR*> z@y8fZwb>d`L(Y+m;PeDs>K-MnyKKV~@3sf!@Kp-o-Ef1V%N`E^omzpE6S^DEk)ct; zZ{QGlJAAvzc;)=!v$yT_)%JQGyz_vYx)Ib-zS{m;Jz7|RnU|VY_og~luDz+oP;482 zXHTJZgDNE0ahU_w@GKPHO!Ga4G;?mK2;BdQ1@nVxRTO(j_}s(6^PIZ}Svket1ZpVp z#WEkP3*FuHIae=A=QBn8{83A`)+6Zv@x(Xmr`GJ}AMSg(u{V7Wzmd%Q0BPG(&u0q< zOB*IWT6jT#*Y5d>Pf(+kMVavU^(8NMyo|e>TajkPM&^-vedA5vH_Z9J0&betX3gyH zRMEil0T`~#8p@O!oKk{Z+{HVai$NCuf%29{79? z+?6@*bI9!HR9XE(8?kC?Ig9>J%zuyTCuq>Xpr6QK*WQs09@G%np^)bb2dJ6TW!ku=K!A9QO4so#* z1g7!~jdl#q88&%W_$wr~J%kX~+Q z-O~;Mg;zAFCSgIz_vY@j*jMU*c$c~uAFGDWBEQh%`P_Dm)E5WGj8b^1g$!=T2px<{ zK9TrF(;SL|>$gW5=N--X1U03yzZVTm6}gOp&IbIpK@i1T{J%e33rW)qEnPA-HAv^J zExGM`ck}SXN0D!t{HHUHCZkEMWmc7aQo#HD@X4EXty@SJ!8^!SbmPtGm7X;!ZPrOr zXe@JsI_&kUZhBIJp~LpzK)RpdH2>`|p%-<7^>dl4XAjlXyzn-q=cV3h&RWWlraU0k zkQK(t#ejb`F23vw>~y+EaJsp7(e*o2gA{vh8_gW;m902j@^Da#b0UZA5A38~9t)+t z6r7rM@S}n8{7jNe-gXG{9D+#8TA=jAs~uSSm6!XQI?LN|3K}D`<98-ywcBlxcpp1TYkFU7S zWrI@WO>UaxBmHsFVIoD@geSp zrUXHUUg%>F4}HR?DxFK%)t0Xp(B412>tc%vMo`WmZ)r@(cSa-u+7Py z0eK{YGPP^Mb8q-LE#8GTFalzuMoJcJ@wm-sHKw56|5f*bKb1^-MxkV>WrtX zR>S2dViFWQZdBHKi4xfGl-68~{`*uc>e^MlSAVVH88-Heb!o~ZI7zQT-pZEgV$l_k z2KQTp)rOi}5&W}8O97UZgTJghuJm@l0|D?ej)p~?amx8K^95+_LQZsKy>A?Klunax z@u5oZOyo}!G2cX1yM(V*UhWE%kLFJK+hD67q-m?UsVVbCLeRMQz;15;1R4?YJi-;iAOW!TO$D?YB()XRHL85MzSU zLy4R%##y76VNj#P7d4ndCgxvZF06M>kc*FjV)-H z&0Jdf`jjVoBULmnCbn7L_c80eyhQ`6Al62my33_6u6^BiZ3SfK&wk7}R`FgMRyeC^ zb+#zeRAk$pcB`Ju!xD1#?D+*hM~5I2|^L_{7NuFCLC1-O|e_QzG-N-#+YGu;; z3TSKxHudRq-Xv%C<)P2PpC!ch1hm;a=C?C6_}TDmeBhr2f8dAYZBKqk9_I$hm?0aU zjI$C0)WjQ55IpTdkMfUyQ5j3M3l_-gy6Di1dSLhPQxiQj-#)xzu*v^i1?$b1S{$z> zKNcmqM*{Ddh<238e%i`gr7(YD%`^?-R<4^wGq65i42H)_29D@Kf#-S}SiyGC>{xZC z>FX0jj%k#{o>&3dG}wzwxP>jW=ET)vWBP-qMKX+RB~zc|Xz&Z98YCVUDGeIwbCEc> z|68NkGH1?R;o*IZCJEii=1lx9&7F_jzP}3J$S`i+bxeauki-cGU<8yJlex-l9Qdfq6CiypJ>NJcAn4l<-TR@ zRy`?uQ0(W!m7r!lgY(Yk6vZ%BiiH-hL~(Y_coKNYE}QjkBrPlNwi?d^1XMk{VZpUX z)9Tn2l*A4Gw2!|iS#K|LTz<(X`*2Q(kMUtUbvs|B@en(c?$2cX-%5chic=mIc9j_( zo6^FRNJI~#KBY0c5Wm(H&e;43a5s&__^|}K_VqwikDMN@%wZ)t4{Sp9VVy#c2fd{! zmJ)A$G&0t$d0C*%aasoKuxDV~Scef`wL&?G8VK7jdnW+|kj!CHX!w3UY~z0uy8Rd- zwYG%$LKD<_se+B0&$7ecbHI@`WrxqGACw>%c;f@6Decw0G@y$ypvVpW9bbuq|Fsv)79ngwuiF{-{@Wz z06!Zy6guLsFpOp`9-+K)f@e9I^;o=LX28_Ze};6l>d6Q43;`ez=g|@~P%Bycp!10L zs`2M7S1gDQn@XP0t+s+(3Y?OJ^-9;&Y|vPnyQGid=`^NJ+mCT>c2JbL~<lkue>>y?gqn8f9*qso!538 z=3QIE^t3%%6Rd6+!W&tMw3ls+DS;{v25%p~yT{|!g|paQdzp^}TiB?+*d(e${769_ z4~#tQl#l~%awCV{m}z64^(CeruX!CLxr|OXGpSHbMAQz{yLq)4@25>XCNiLqD?a=MYRwe4^OVrKo3V@Qv14vj>ub6fXOl^i) zP53qO8v-XwaBv9O;13@TWV8edmsp8F&RipeFI7QOvXho~8=4cfAfDj3+6rO{JH-H& z!G|*Gzhw%{{24F0zkcOB5XO!z9=R8E13O8dN(M+_%1c@_!(2ImUrq+PX2$dW>aU9b z*MOqu?+QT7nF}HDDjc|Z{*w?nJWa!mK#KD%rRqj_$Ww(gG4ggq`g~cb+=f^xI0v;^ zJOE@mRIBiP7y_5lNg{(_(F|t4v>Y99rfa)jJ*PB17(iS(9whGoMQ!UP9)|_1{QwQ# zZd~82&~gP`afrq@U!!=tJJ}VsvydbQbwJZcFI>JX*xN(9v7J}Wi@xE;X1z=O=~2k< zfOJi$n!cnU#zL#%T}{!`*03g+G5n#1qwa7bRR69s27fo$aaR`*8k=jji*;;j!z1Ct8$nAvyHO!Qi>PNtD z2CoggI<{uMM>Q0xmH&`ng`nyK1+bRJZ%;xEBRBZK#a~I!YI@&apB#>Nkw4Te+un@W8&V(}}mq}J6|&~mWW3vf${@|!pK7$*0G@^O~BksUC^FFzCq=PU-f zndo3HzCoA9M;}lM0LaG|sSDEs&Rc23Uz5_gMSuq@bM@HZf&R7w-rs>#ROt6PGG7@H8aT8CF8G3y z6Y*ncJ=EGamWltZq`DppPK{tBsTr*aZb-h3GGy^99swfoA~_=r5Z14Cbc}yLErKw5 zV87NJZq3KyP`lT`<|l!RUxDXMfts;7hQ|+T?cyBF|5k6MgxJ!QAS7?#OpnZIGO(>Q zK#=_;_$p!W7rDy6c|-rfd>Dk)A!iv2Wn3lMQw3b=r|IukiwWx^oOXE3gUUA^|7!%x z^Prui!M!9&SK*)$7fRe5Z02Q3riY7GMS|YMC!F#eQj`8BuyYy&?Rp7d0lImOy?_#+ z24dt(={J1cWyI~L{1C2&^-lmWfaCi+Gw2?-Fx7A`uJTG`IpQ+DYsAOqSOb=1D)Jx! zuGIu-K!#bbAF&KaTLriPL2sg z3qAMZ`V*n?lh^_TI;0w!_wZ)x`Ws*`)=wW=^LzZy7%CWs`h-~R{Re)X#5zYJ&+2EZ ztbwYnSKjVgP6oUI#)glqM~k2edY#iLo59hjU2aJbrdDVN7*I)1z(a7`abKwaGI=Fm z02eCcF-RPsaA+C7F2ve0z;%Y)cYYj48Te0~&X+npy|xJ*Ln{tv=#;16x90utg^NQ` z=v&n3MWs-%2Nq3+2z&PWOq~}^+kM_yB?P(<5()Z6)4vB{qQ70Yq;dXtBUW*G!uURa zzY%#x0qs%4gF~n)6Am%xLBQ3x45=?x;ZPC|wUA7@zdhhMZl&s+E}nxL;GgWXeMK}L zm`>WKBspmI<`i`9$NMJ8A4XZp+)BO*g;%m|4SM`m97zrXZd$n=qW16^7p;WMy5m1R zz6$~-{byBVaXmX`QSU|7cK^w&656bgV9+VQ;OaZgI&CG>Wq+7MvA#d=5<)-)fGU+~ z!5%oNN2Xh>mIi#bTzPwDIhjxrDap}QG@3tF0vIa6517c}4J9bET3yYTo%%?l+z!YU zYGiIY8h?`xPB?091mLCXC7m8OoT!pYWTt7a=XniIo?=wuFCnVCDBPOOt+Wf+n}(aP z55trN@r?-?d~UUMS6$rerRm=wfnb(^a$q7EY`CUoDUaT~Z-4pnNNweKd#WsB+Nse{ za=7PK`(Z7+3Ki0!Eg+7>LhgW={8%QQ1ogWjbb``}2uI`u3-);f-R2qR?^kqx-cY2i z&AAD|11H)bk_9tV21f&WqD-ePB*;s+NFE;oX}7KAfwe#**ki?Z&?UScP*WCJ($r#9 zB#sLLpjZ=>!oydMnF`;je@F^T-rc}10N#%G;*|au0$o)I))uFQUy4F8a<)RSVLxCj zK?1EvfXWwW`bC$(60b$!&x?@EoW8z7s3oqbI{K_UJn2n=Qd^_#!RMe2h)mzUF2b<@ zTB(F6LV5^sFKodTL3MY6M(34bfRBJF)KFn;ZD#^s zZArH+AzUJFonbqO4%932$n_9_9G;uDn#4#jlIhnOfrgOxTCOwW@8VSGZv)b+qFRXG z6hcSF`1`IPsH7m^kIm%m)qX7XcXg07JOnoPww6dha*^fM-Gn)DM)92(*7ELup3-bh z=I3;JMq9fp0dT}*tLx>>nxW8LZ)d#fe#eYX$Zxjn0`!X6+Lt#(&%Vmr#DF=x7XTST z9SVQEKL{%i68XDw3HGDVW~p|m==v7_>LYM%oz7w7rvK-m-;RK@dqh#ErScN1J}WeK2c1NPr2i0nJ=pZ=0htT?si@XRPEk^pU}TwW(BqIACg za2Ps01GU7B)AJv*atPOaB+fL_4#o0=CY+cQJ2Gy-^MUSCT9``l!+*Xw2|_vzQf3%O zIv`n(6R@u@!or~67;A}&*54`F)89S0Cn8x>?F_>$DvV1#XnKKzpFq?U=c6N(!p8j_ z{B1q$PRVFPUq!B(cfr|Zm=qdtz!`F;f%~h7{4f(X;qSv&n`nAfvGrdlQfMGni%b1` zt5f2DK6qp^L;N-?_kxa=!8G->uYV;a4Fzj|0kCFd*juYAa?^__OyT zKn56$0hYCX?J-^TJ$z2$iOEI{2b@2?!zlMQN#Sh(OX7tMTB5}_INOwp*rFj2G4&pE zU^|Mw+o_xj2oiyV9f;KOu>j5E)cnsPJz+m(lTPhdDi7h20%%vO_BmoKBew7Wz#^!M zIkV?iKGvpzua0|x>Ue8r;?IczE&***(Lal<2FL=Y5gh94h2m9krp_%1a(bMhF;1dD z6j{h{{{2-%ETgVTi3m_2@i!A~9Z)3YB${zfY{M$ZsQRTv(3l<_EI)$za038$282KM>pud}_Gj#_%a8B7%S_b9MR)=FkJlqEZOz z+zAx3r5PY+<0J&0(~uO~@6`U!V+g2lfT+N1Lt37*14vy_fFFq_17!Hm!v+K+6DlDM zwU8^RsYy1c#$W-+)P`J$l)?ep2i@uHIWjmV#uyR-_OGLp^i8A4xx&%o5!*E}mTcha z(c^TEDXfm(0F+R6ubV|e&G#91r`_YTG>|499?mRWIATReQbiBC}z{&@!j2kO#}})coG+#oT}lEBA}Rip+(&PyNF)_W5wuH z6N&+-T?~EU1bhL^6<|;@;KE`W`PmL`8bBfbHcCbSwEl&!Np>(tkWTB{@T^zemW62*%mFJ zY| zqX@=p`bs#lvOf#jvF!RgibY|yy6<@&esxR=pmYDBy;Y{PlZ2UN)}st*@b7`(EdYvI zzf{X&IF`oNN$V|C7=7Nq!{US3DgM3SDWtV6Rq68o`yo;j%_uwY8m7M+bN_qCQ_Xt0 zHLwK$^-2N~pP~_t?7-Wa>S{prgL7H_fiOSi*1)b^OyI#}&<7QC5a|34!%rzS(4g2X zVNl6~AOLHvft~y3Cx9d|Nf=C)cfI=OIHB&(*mmiG5<9%vW`Ud=$R{wegsS#|1Kfe_ zEg`<;fhqyaX!$leZuklIA1+7jG5U;=2CQ-X)pi73^!FL0Faa$ZCQLwwWjQ#you-!@ zi~$wN?8gIyjB=$vm_sJed3Dhb6MOM->4mOK@?d8AqKSI|nTfQ_SlAC!FX_0>cLC1Q#=HaQ6*hSR3C(P%Hi2Dgi4{77uNO^nuLRZ2$XR zF0?ENnX!xzk>?ne~?0tN;br=zsqJsq?xC3u@|{FfadSqNs5PBKcoDopuz;#{bkI+KjUxG-=2yZRL*<`Y(uWu2_n53W|k>_6|0-bc>i5fajq%Qh7>#h7pyI%IUl zEPY47GZo(v%;ypb@+SacF0bg%q!5HC&l;F)WH>Jgfx=Nw-!(_jXOH`ydsv3xejEUh zaPc?7DJMf_(FTKNF4P=K)y|B-%*d?TQYu!P#=nRdyUPLb{&kct!#n?<2VK#F=X@2` zKTWQ;!{ojNMSF-ac&r4mlXaLdV=f3lt)sVEG7UG}xq?NwXJlqlVA@pbzx@=(SZk?p zPfse~8v*nXEHEzyfm4_IgKh!vp2kxD`zx3(Or`$N<_pj%|L?EJ=0iGxXDxsO0t3wz zP}+IY41pTCfq)x$O9FjpeTy!FWE3B#AZxIj3QiFQmDlGDAaNp!M4)|u(}d}qfQEy` zsodAeIII8q9J$WRzpJ>oSntzj)c6@XCjdQK8Vohu`u8g1Af+#VAEw|9!TQetWIk)G zg-o!kn*eSOKr#zN{`Xges;jjJpqleyh^+rPj!tkR1;*7bFITv#Vhm6F(*EZRaw}Wj zgSLoB<8~z}lzj4kjt8M5s+fNRJp`_u;jw;_8hKy-EMyLB+EnrDfOihtle=e%lqLpx zlJ+a;S}^?`nEDAa9Go#FY_Qn)CQw6RdkUxtYf9v!DC;h zDJ|aLSRFcCO3cMFh5plya__y7Ec^oUQ};g-ibP+DdY6#wiH zLRIBigH*CVo8%1P?o`#^paQ{$pNL*qTEB?Mu37xuK!zpF9Ro*-O7J&uX~U7-7nzz_ zKNNCRBj!8E5%_T(EBgQZ2=*ELh|safut*f3Cl#+`M`7Wv2_9OlaZHT`38PUGU#awYAEu@DS}?rgyc<+~_AxiLlr3 ze-|aL*VbCz_VqJTGFbhToxSE&QSmBAiRZ=R!etBBxiNX4Y9lCVxed)&;iaeXJMK$lTAr z143A8uD8Kjrd?Z}cs{^@S{%sg?0jBg;WHAe4bw z!q=6%fVZfX-iEuu2;B(c3Fndv?Qhddud~st3a7z$S%%l)7NRNYB~7ePas4a}$P1v} zSis+30W!ZG7Jyo}kQZP^Ucml83#b-uom*c3UG)ymBE9{CXR*=`A1BtS#H=ALxc$M)YaW z?Yeq=p{^B!>2m>Bpzg<9x^irIw%kXD$G-#RtV-Phdlu0lATyag_uhOFe!)b6K6xaE4Wf7@Fa_v<)a?oGd7dgN z==gKi9%-XxeaLq!bq8^)KQB*#MxQ408ssr76Z~^!uOLDP8wC;(jr_>Oe|QOWp_zKz zFzBw+>vtg%f;k~qw<2L$wyDk4AsJ7}Zx5y)e4q`r4@iqU#(@{wYIzhEdvyJu(Fs! z0ou&vwJ@`-Ko(~CR5YsHH_3EonE>oMbbKokbFd>e4iEZ)@S&+8yuqs0he?6b1pA{r z*Ws`JP7sKb%;ES7nDuZ>kI*rZ6$k-mmnK&Tq3Zn(hfcHSR?^^?ppD3Ex zZThl5vl6TtX|6ct*|E9J2h0V|#9lbUz2vi!(DrPFwa=z+OIc}}@kDt9_LV5S)4v5= z7easb2QMH#vDLO}lk!6J$XpPlCUoCq)`qk?b%!TAME5p)M5Z8 zD0kv#I!@U$_9zbdXQHRi;&vQ_%zJ|mTV{K2|9Nen@B|#MOE27iwUJpsMP@d8)a*zj zjZlhT3m4A3J7&+u0G% z?f=VEWgG85<3@1L+Dz`L8lxC}1`IQ#Weg5O7zI8z=DrWDrvWs6)sb1EAKHv{N|$I1 z=T}oLy#sQE1!yFdOmJh5k9Giv{l=mqJdc?iQRkxY|J78%H!OE_BDmxjB5lTQLU34i zA?y~$06HzNf$sBRG+_;-y%h@ZZcr8U98mU405se==Zb&k^YZ%lH(74K!Q+B%XcYT( z4{fBv6}rAe2Zeet_HSR`Z1_B}S!B6=a{>Fdot&(Ro!~*yC+~XVnQHojXn5#Ji&-rU zG%XN0lvofbgATAw3(;fOj&*uWu>fmcRZ=_?2e7sVPRja-+&nt21= z2UQ&(uHRSq0=(~2m^1Sdlw5VCmxLYDkYMxAte}B}f_(Djd37^*6`Fg)3#^ci(nbf7 zA-2TUWN2YvZ>|Vt#dYA#?HtF+S4kfP#`5>~;rwYc9`TwY;Ci_$TB29Y+jE*4>BYYg znY@K~uG+{9m>oc=XgT_KP%oEtD&2YqU83==z`D_0+)KU)%|JdD_71=pwIN~%e+JVH z&){~PJ%LH_LZCbHkHA=|?Cya+hlxmkZ;$_HHWgEd*E%nOl)&ag9$Fh!*ZC)8j)$&3 z?Bw#d%w%8o#O4{5B}f<>-Ga?RENl>dshENS;WTHDUJH;@|K8aJ6xVbS2W7*yuoST1 z<-bGhB~1p#6ib*hT z(q?WlUvLDSO*?BVf9_3d_>J5ad9)10CY#w zO56bb?JrSH?BtY{kPiiC%FAx@;?C?)-N~bPj?B^FXkEU5%U*Tl_ZER%2o~%n=fpa% zQ#&}Wl-)rwwRhR61V&I{sX6R>nzwVFh!ooOieoTAbEKyvz6HuUZ|?xisYM9S$p$}S zfM+YauPzRTra3PnaQXbnvllWB?c`RF^}K_Ak3y4o1;wjfj)-I~&MjM_lg-2|-TRLB z65(k#>Y8JJ1U@2T@HwU*Sm3wkHESZ`wrC94W7rWOR(PiO7g?~shC&n)2(H=;F8~=I zC4!f6+RAPPPU{`{3IfZ5hj%TNIW2dR{786`OdcEYGiljk8=@F-O3O%8v!XwPblSpF zA6V!hc+k^iG$KyIdzP=BviNv*X8IWRTpPhgJw96GM_PLgZ(!{x3bGmQM@iuglFGrE zrz*wju|%*bM0D4!Dx9(x)40s%3OXli*+n_`UkR?KD5Sfgo)LF;hAF6xZE0R@X`jdR zfXey{`@qiSN`Pjptlk0`HbI)j^HBeDeYA}?Q4k}2rlr&5dR5-i4`Q_lItTWk!#*77 z97fCYxNd;W@fzBPYz5WrK$-SD%>DJP&D*v@KW^bNOaT?#f0>+xA786ap;vnxwaKib z_o;niwA9HT(WPn~&xV1^o7z#>KLmiQ;PI-*R4>r8gJ8d>$uuGSf24;gCx7gbw`0#Q z#Yi^;$*IltfATc~to6&lPz-8x;R*jPO@B$pi9Fk!{8EM(OaV9IU0q(z*Uke)B!<&L z+!gK3&g{(swKpNYTxjFbVTxK~3Au3X`U>c`Sx}&99-2+BS%3g7hz-2KOI(muIo>ryO7^L2wTs=0Uy(Z7jC1 zPG!Qq_XedeJ;5a-!KvX+4T~@wM0eNJ@zU>n1Y3O*T+?KR;+bQgSURpa6YeN(mrq$B z-!+&1xt$9-0bNE76=yFsMxp3#%8Fsv`eqo8AYw6ftlm`v3O_oVp)E;b3||1Ma3tr73gA{8$EAo zTTEF?(67Pxp*uZs6)o&^rWjrVxVJc&{>?k0+b(pzWH*i7V! zmu8O-C~med0u?1>yb}4*%br2pv}F;D`_UbdbOLBp85f`VduV3Ua1W9Brs~@N$@?=z z$}*!IV`$ABD_^Lf1L{M`MiS`{klWZArxd zM$4CYX?>H!i)~L%yscgYs`?=4K-Ikbs{+SD)ny|;TzhMCnoLVYh6!S0k$WZ7r}sZm z$BmB0L$He$nG3Q`19jK6^f8x;sV1;@f$ud!r#6m;Z76u#tzi2oy3E8RlHbmG_6x{` z`xXP|E<4es>?a&~k~euNF+5MENF0s^vAL6p7@{2RtO=&Dq@>lRxU^}3vKSNSb4&vUUA0z8q;FJDyr*?%Y zTXL9Q*3v7(p%70Yr9Vmru!K%;X+6K-Z~`@PAcQi>jMUQkqC@Z&3aTxOk6d1;@Ba-o zJ+w5pFtl4y1w)rBc;ig%&3WK<+?XDyZ|6Y88tW!Vbcg(YyQ}bWUg2x)4c>4aI9sXT zes;^<=c>Iu^gnA&)Vl%|34_(cUUds4UXqt$NWR-rMP*wDpFUWFxs~EJm7T|>h)h(( z@5-W49gRADLJY5r`V5ijC^y9wM}*xe>x29zHK{)0&c?jAsm2tkbr6};Y&o5G>Mh8BggZbHnlkSWEl z<9=b@2-v_cyDNNQuwj(EF4F-yH0x$%k-phw8wc7RXIM&psegYH--KL4^xW4^ZlGG+ z)dpVvl*|xJQ(bZ6w)vE^U0_hDm3}?(VCRlI5n6EF^bS^)cpn-*fv$Ujm+<>ciRZ33 z%Th?5g?kj0Cf;ZC3ZI>=JaiFN9al&!p4|;tHAEamNa=Gt5LIS-Zfv_VQ z?cayzK5b_1Y*vEWO7qu&=8k9j{S~9b& zwQs_inB?B}MJZt4Kr6ZfCj-pdKH)B}&7@mouQWC63k(&~e@?L*Hm4SE0B0Rcy*v!6 zAh0Bk5m-oCg~O$C2ZE>y+`h={nst)OaK+8HnbLF%Pz^O#Os*ds$heVnHNHNxTVH`U zk1Vd$ZzgwivpfwQf!9 zyG`u)?6faVQk9|BJP)vwct|ns-qcq8f%yw?s;o;Zu#p21A0h9;`5@N|@5rYXr~{0B zZjq}YF3umRj^ChZ;vG2YtNE09Ctb_llP^L%#9~H<-kx7lZ9aSfUg(xKy(|f`sy4^P zsZ1S_SLMql8B-$$b@YneQyh1Yyx6Iu2QONAHd*4_>SSjCG|BjsjeK*O{{H5zeO!8h!BdDwW^yLeZ zg3bi&EAO{9@NH#_==|a$!!4pG0w2S%zd}u+bbZRO6UwB3sS{ z_<1`=0amXR-by*;6z9s&L{W?+bcnX1$+lc*Z|HKCc~%(j55keG^C~Yy zZi+-isULY1IOR9^X8qniNJxn!S3vDnghV5<9^LodY}uZ#_>uoUa82=mo|h>jWdcJ- zsrWR>fIpFr%naLh2+L-2+#Wa-pT*t-YJXlgwSDo`ZOKGG@Y#)~pB@v%KLqYeRy%5c zH2(}^OaRR#+nk<5Y_ge-Oa3q;E&`TV zFm~3sg=Li?@S@nZ(cAwP_}?JLT5o7+HspgGxVmD}u3r?vdepE@HmGLnG(_xA+N8(k zse>Wz+I#k$ZBn4!vT@2@xBLy-mlaK$JJoEi7(!I)kN;u~6gGw|1DT;vr8Tlh^#7<= z*3wjNU&^0~62qRBGTVnI`!3t+-_fE$RY%N^T#|w3p9*azXnlE5k3!0$Jo&|={Q0Gp zN1!Or7kO26ca$9vD?ysE@Yuzr3AO0%uo6H~KEo>%B9sdkdW1s7& z4I>zrd&f)L9k{sTeqKGM7r{p$jz?Fcy9Os{1zj>t-t3vf70vgQGn*n++n`$Rkmw@H zZInkBVE#DH(%-=u&gL~)8MwVubD|*+Yk)fkO{=?lD{_IcHtByPXk9Hl0HfhlCPWum z@=H@*G58B?7oNzcQeUoAMY^NB=j`Zc@G^K|$hvi&Ds>GosV;dM5zzSiYy2$iDW%O# zkHwVYN;*zy<|~43Vge>6ca_P?nkr1kviPFdJw{(W3{IYA4GL$x-agic%xlpyOuUHL z?j44iX}O;=J@0A3j(hyw!EjhRLpbFQg4e&}8;Ca`n#lCs ztzf&Vy5f-c?a?gi`_*)yi?Cy&7v0_xG1vmPy53+K&L!Kt)gq>J7t>5b0=MWp}qV8p+F>98ijx|j(v`sROzE2QCKlt=| ze2q+L%kAOD6%nABYQbYv1)e5q>3O-AE~<-f1uWSeJJg*jn%qq~5Qaj(ZuGAS=RY%neA*c4@Ckbz!F| zViuRe_XyarUv#)rl&Bt9Oj>MEy3bFl;iw_4t&CQ$folS8O*(fFkvP+O2WcDgQ+OrO zpPOcO2SQ_pC!K`*;`py)+t8Off#G(XPtP$`ZZg)_3uj?<{OW}=Xzl>V0-eJdh1o(D z^l^;zfj{A{cOpa`&pY63Dk5KYKO=|4uG!&=tMtOwy0__LThkX#<6^6B3R)y^`uhmE?*=FjS@)f3-15D?pXxZKUu_lj9SGc zevcjFhg4JjCgUi}yV4F`5@%8OrEg#r-a%;?W|k`o5Y;OHA<*sxA+w`*fK6w=hyp}3 zmmXxhITA~{;0pO8y+$BbZE3+qjy$E?;eIRsQF7`H8|}k@Q%>E)4=wZqyTsZ_K-!yj zbNS{b89!eX!zrlx;gD!xBqm`adNrKSk@=JMt(65lI8lg5#g(iSU5K1+K2Sr8oSus_ ztx8xs(S7BugDBLQw$j2{&ZE_|^4@`f_n6Q2eC5DL8LQlIfVr^f=V zd!Jj}enqIBF^&weNYazL@oK!)XwAH;lC${g%F++ToCWhWqM?mnZmaO;_-LG|eSF5; zNw8tc+NP=;$b?AqT!CVU115{H&m{WDf_J6jYB-$e46}!x|FiQoQMX;MnN{T}p1pql zWYvrQ!@i5(AJi}vOb`~kdWRNUQ`aiv-h^v3?5&?0x0wrHairGEFu^(5MkHfxpI=s; zf5IL%M2deV<1n?>OK1s~Q|GRKvQ z1x;MLIjWH$5EhAM)+>0gjqxN|eJp4 z%d1-Z-;caBc&_wo@i5mT&R&xRrO)wFoVJ56^t+O0N_6`cmRmdXtUD&!=4TT3UKdt7 zPr55K=YUmD97S#-$4;^@le+Iw!2vt5%R9oyz4rDR2a!+JKSvO$lVxf>0qOZS6R6kwFSQ5r*ud z1&Og_FWHjpOJr;z*=H<;NsQ$^_w;zazxRFrt#RM?XFH#Bu5+F1;4+W<&cAX|H>?)1 zHRar|Q~$H|XCtPlgDa7%^UPseeZ3D(0VnBM$=Iy+h^(Zka=Wx8b7K6|+e{}?`P0wA z$NN|0)zrF4rj-jm7sJEdF$DwuRqrqx-dqz)Z5ssM>dgi7J9?KiR;^oU{mykr8R{ElZIhexWX>myz^D+ ze*8g*{aU^ikI?a60AECKM6$j~YUUAc?Nc68=e~yZ^vhhSEKr(1H+4Fvx5bm!alqY) z(J;wXDtE{vx#0xGq}spR*))58tK8NkAR;EhCdNo36Gi`d+OGiF(mpQ;)H^SB1#WXY^si!qZfeAZ~WuTt1fzCaET;e>#Y#y`s8d&RzFeD$mPksqtN!dnDgXN5Iht`Z@e9sY%GDxr zO;K0wh*6GzRk!6>X1_335%+5}6x3=ui=G!!svy%7y4AEg%OE#@UcCBy^MOx*vr{kO z<+egI#~vf5t6X8GY7&w{Y(i~Pl$VNH*2d&SA)S$R@t!nwg{Z8By7a_dUv8TVC^Td{ z9n*O;H>O|No=$3e1goj@7wL0lusQ(^_kKVyZCj_$ zj`UeYZm08_+DV%X5Ifw-c%JxiQWAN47`%M|BO%#R_UF~6&Zc`=&O(QLfL!ki#`Hyn zrLy>-NzZ~~9M)vH{F1_%o4y}PBek#?9CxyPmXi0TLRe{<+s5YWHug8!ygBwe`7#Pi zj8#}i${i1!_?b^Q*WwPS_2~H)5d_`_`qSd{C0x}#Sb}AB#snvx=pYBiWK1^uOG);U zL2J7&Dl6p;Z$`G{N6zPkig*9ctJD^-k#=#3q6A} z!KX32@gI)#kjA}R3Z~tiD68`VyPItd-3DRCbM~0oB+)(UA;+}1L(EhQY@smcFOZge zhA_Q(P9h}H_sEuOEkz2Sll^7IQs-0}GP zdX*S8i@}Br|E<+`CLyYkEdoj-MliQtDYnlM{i9k4Z||&sbA+-E9}hF%Q9{UYoSe@HOJn>yUL zYl}ikTK*&|0S5wN(_Jd>4}xptqp8;tqv4MOgrQSMNPF^dG3k`PahM@&mSt=H%Gn~! zu%1}DVwidLTEawvBMlk8JZo6yRbEwOi=tQ$rM<7%+OEIjY`oDzHB+sIVO<}UBx3Wf zFrpC_CzM8m?5IG~1Ymnfn<)@So~?kp|D}mvVHIX;I<UQyvLMlx&@j^G-qiY(h>;==D2ic*wq7>a_jKGLl-M1o=vQLqoqHDR2SvQG za|6;N1CCBe`e)CjMN00PRH{30<83Tr$l&GrXd1R0Xa--MdK_T@}i#KDD>eQr|xykbJlAPhv znZ9DIx%UA!?Lz7vF*bYV*t+D4QITMUl2@)2g?rw&pnCQ%`$MAotFY7oC)go!{-siY zs@)vjVun-|M>cjf`V(@4uXc$EV~V=QlqxrSb1h|4*>8j!RHxCMh?x~Y!M-&={my@D zsrXY;Z~0WJMEZMd+*En;m_Cbbl4T1VQUyU1!iKo7IaqTtC2eY>NT^n01~PJWaq3jS zyv9X<{)xbz-+DT^bw$n8Q+T?B@a=@uwyzp0Pe5sTy6 zx1@35&hTIvPxz$`pNvP9E@X+9o1El+{_e*k>Tfx)c`j@C&S#Oi_rw<(p9SdnUX-wRgLCb0cV6q>)>_9~WxFD9`dPj5XWD6u@uk_!PK(N+^y?lQr}dAf*^gWnTGUNimDD0- zf2*=gNc-x5pDAffV3+CPg=-x-TU*+#9$OP{xmSFzBqd7e40eBOiiDRY8T z2x4dl1&&TPgow2B$SRhwyd=DD1}sJ8EifEknx^3RQKK6f)v8Z%AFnfpC+Ah|zNc2T zKjpZ8<)ak0Z?F5z#XmdRQACLKM6?@6&!7%0gyU_yw3GA)gaW4yZ@n8a4=_K9v%Ok9 z;-18~H1;*$jK@ce+`oJEPB%&7O%yMNC%&;mi(J)0aZA#~VS2D!E54Jza#rH?Mn=B% zme;&$n;I;3^ZBsW`gFZwQ!%H?yW2mm_n6dLSv+2FZ0U`JjAj@d+jx@W?Pw|%=4c&xJx$t zPSTr>{jNCl!47n-y_(LmLSBs*Y@icAk&ULAffXiS?xf2E5 z*~=kcJ^k>h)c|}V9@*P-k=;4f&O}U<1DBAj?%Ho`j1fKG+vLvILUvgT6cNhRG@EF> zG`)Q~4fgta)rt-bs+Ym8c`b$T#W>i15^1pM>d+hPxMLoMUu*Ofw4#X7@nw8{A?d8_ zoV$5BD($Kg$;K$ap#|4}F_EUfegv})xUeOZe}0+%v^*B6M5QR0#EX@*C-JKeqG_Yq z5~mo>Wb5C^8}5~_y<8%zn44f3+ko#_zH#W?6~YJ3-iYkAKdW18-yHSCQ_jxagYH;K zhIe)KDur$&))z)-#c(G(DQUg)BVao=jOrc|6UZeumR21^pSq7~{T5%jW~3lvv75V? zKunX|)3m37*x`H*0drGMF9X}`2m5V^jVv2)mn`zfzQG`Kq|W#dLa;eQ5+0pl{p`9M z<1!b6L?I^i`Y--4_9X+9)oosn3VGL5tglyj z%&(V>XyNanhy_Hj8_heviwyg~j!_($)m=TWb1$zy(!Mez=PD*QmV9z;8j#<*Knl|M zI?mq*hzSyZv>J^RMhw;c(=xmQBIq{|`vjKy?0GcLIS(rSS92<3%AfI}5Zg`hkFFU} zmZDcCM+*Ld`|)hbvH0LJ%2Ap-gdUBpLA08WoDqS~2UArrmFnu{VH}=;J{*QHL-mxJ4d7W7wK~1{NE#O+% z+=&ruoULlT+vHMBq~to?RwV{GO(dX?0j%cYCpOUs??G}abzX1r2a7D|_?FeYY|??! zO5HLyv`V~;t8h#$5RT^n(YpEzptjt0G`}9o!VVw$rI>t1#z#QgpLe2sYDMp3MCOKg zsKi4U$Kf73xiBB(Hb0VEbOT@{vB6IOb+br@y@q472yXu!I0mN9cv7^LD(Fo)ZAk z$PMd;g?rKSIcddBMUiz8`e?UE{CY&Q?=gm7Z8y^Yv3@w*xNB)~yzGs^LHMZmBK2>U z+jU>K#h7JxvIOl1azS=6;d0Jvqo&qJbUV5SF1JY`7~Hpe_W%n&(Kl;eY&7Js{+E%?zXojTffS}GQ>IZ1S@E8>hGN{G@@%^I0!etRLTo|X686) zq~b@uYyQLs4b)<{t`c+gY)ax$r;fhmaveTQGr}FVk!yIUOklKu4&c6g|J?HN&_2Ew zz@K?Q9rYiYUK8dFRJ<|fm!$k1q#hn1i4r(ZMSSumzZ1@KHdRgdWCB$ADdi~NXs0|= zl_R(O-CN~ZYk(^fF%5vGYOL(cH9+h>Ot3r25KN1Ec3Q-es->p_U$=$(|-uZ=!F!|aC1 z5{uuuCWVX4Sc|LuH%x^^WP-qmyvgjz^nqj4dh&vX@5t+2Rn>1$#(d7V#x~Of@O+ElfZ9aGaGmy#EPxc#^5v3%QMhiX?wNKB z`p>G2M~TF)nwtp0x35YWcx=Q{yBiDV`5KT)NA19|FVJ$D@qkRnXjv?kgGFzh$f|tuQR-An zf*bzHt!_)|aO9P3K_0RK!#l6(0QwNY`Ugl*lP(*%O~M z5^&bGiG_+y0EnJJsyl>>09jgwqh{G89=~Y!j6Mh1Xq6&#e&B?Ta&$sg+(a9$Lg#ZO zqNG?vYvWCkCO~`^-{g>tfhC}iOVf7GtdQzCkx*b#grSW|_#sF^58axy`uGG18+OY( z0BddSl7z~Fq3*n91Ds`()SJ$^4^N=N!wG#Jn` z;&RQhF|yCz{Y|9RDgI7;$5JzLLitKm%D(F{u|=95mT6~_fl9?!FZvuPPs>-jNQ)0Q zz&275`j)5t#}O4;I9Z(|mZ*d1Fd=72drT%>lSOo?6?(@BrrfD@OJ=o2dpqh9dm=0Z z2Fmsl5B!AT+5DOXB9N(b?V$}oV!4?KCjk&mJ>@J(9!>cJ`Q2LNycTJ;a=y?--e2|B za3|lYHJAbA3a~?vTEq7(RBtJ+I|LB&1W8AGaC7h0JCwFWTrUhFY22_kk@yKM>TnUh zoFbjwej%95f!FYdpAi^NW)Ig{e*n~f5Q<;4)7!y`oz$!FczS860r>~24oFOK{PGMUSYA^|hJa^8^J0uz;;{>*sbW=5s) zfD28F0d#9SB`jK!Jy$6CY8>LNCqWxx9JCokyQw(PvEacLiy#J9__tyQxGz69+9`PR5g57KcVIPx)23v3B zs`hS-@ox3)mlz+hxSDqEI-zl1_VooN_`VFllq3B|LA9=m`hn;FcuQkDd#w2}CD{~A zF0MX-e%A&Zt9S%pUJFj+N8)sHHv2&;H8gmB8ia_Y)w3zjYW-NJGYS0Pf;Vpoq{oYa z=);;lQY1^=5TxIbBB*_FF?1*BO>~EZT$#Bk!P>LYZtb1O6Rmt!3X@XwTq%WNCS%!0 zB%puluqG^pOT_;_Q^$@AE-n(hOL)?#GB}~}WfOr-^Q6&v@ub%i`VJhe!evc!QVx|H zlD{jSQn>C^c#JetwkG1OLOMJN^o>O|zUK6v^Wdq&?WNYwsS=Rxow3IYL&!b|dyJ zgnq?c|53hGz!9OvYi?=5Rj<*X{o`4E4c)Fa`=7X#WogXY&3-IjsSK_D+bIQ|dhhqW zL>kQvpH|8tw^zk2mk06qCr_oL12-W@qP2R}V)J81SrlRsw5j2k^A(|_*X0(X-nxf{ z8Y5#QUil8S)+88x3?pJrDzq1_$R!2gX1DN>QclMfTQ_gKZ!7-77S5lNF!j#Sp`~#A zuHk}QEz=lWj$QXZonu(jg1`>ZTw7+^0ubtNP=h0w7CAF=u)3skT9tZSHo<-LC7&3uuIvV?yyfu3+oeOGC!$(iPdXsT&EOi$+qp~rb!HKZ1zJH2(6eDSbwzoj&zU9 zUgNz-n0k+4Z4^j=j9@7cr-ldM;+p2Dwz>&ZI25%P1>~qB>|LN>$Rq zCv{L@uI~W6ik|wS^PmPX%@N>BfP>k|yiJ$-b7u&lW95Ezv}nyf;>*vOl@rQc^pJy0 zX={BXfSJEzAR(!hWss(MTC4GGQ>{j~dsZYmqD4lNgvVo^N=JNsVoiaQnd|pREMQd$ z>g14vseBDl=q-SpaBj)w#m6%}$5-SV(k;)pB}rd(3yVFixv|D@I;psFgiLB>oxU{h zJUrOLE4-Dey5WtXW78?R*om&vUwi6pQLD_m14WBYok{Jw_$dwg7?-+!d9} z%G$-}xt1hthI&zWs*_vNa zx}ZV!jd9Rx?V3C_Fub5z_c&`fug#jD*dWZ;Akg8-MXcQ&5N{1wWe#{d7u%mM8&}a> z^*@T-qST8z57C_anLJEQ=( z#m%Tz1FN@~8HB|OG^EFwLGnlI`I(u!{IZEFidq2OElNErdEAAjdp@qM={B*WkOd|c zwGmUj@^A9D?>oXzAo%BSRCOl_4Nmf)?_G~x^X1eD%kCXi(TQ%rTi)rX3}slSKmCm+ zv)lIIY|ktV9PQsCVga&6Cq9Xheq3n0UpZFlL}i>1VInkWJNTG>02hRtj&m-IAMI># z=1rL&h|p)3eQ7THb<*ixbp>bmQx6eOUZLS@3upNTC-oHCb!-TwZ-Aa~NEHR`0et6x zr}K(s=QiV`lVh;UG)J+{TAz|Vl=StAu+-V?c>9nhe$2w1_y@S`HLPQ6(YyxPE0Nup z{EUFE5rJEH0EiE=Yt{u%!j{0>aCxvDeP}{$*HpLZ^*OZxStH(@^E+OguQ(>9l?fkq z=YX-HTiHA;xN})+q3*g_`wj+;l6G1L2r7F)0zq+2+5K-VArM@iihlyP%+!UfV|vvn zY;vj8H0fGprNMw=&yE->o2AzkTit{JE!r#T`-&fl#m2=?t#XVeIpA zP`;!tZWYnek zw41{zmJqTzCJ)HA9=dYL0c*&ipO#+L=sVzKvS2-kd>=MD?&9DPO zwOy*nAx=V&ly3+)TZu~H*2LVTLX|~N@5;G?L&(g-6$~@K`WrS2YVcL$2!DQA`Q`n7 zUB`zQ*z|9SGfkoQV2y>=uffbsJ`?>y@Xwdzd=sk5MV^Yn=7q9Ocr9^%rsrp{@X*d) zQ6RM@ndkdfg!@>f<$XEN)F%puu?&L4FS{O4i!oqf`gZov-sIgB(Ed^hSp@ZJlfm9vQ=OXK*z=Ys6ZVXQ>LYo(LOL5i+sfEp1c z0E}GUW(=~jYu~(M6k&dn>2-%(3m*|uUFmb(t|Fe*o>o1B+BZ9lt})9_GVrlRgfq!` zq`mv#8aI{F(m=1={dM6ULB`wy$<_a3r?Vdhfxrp(z%?2Cg^l&yb58hDM<-UIq8g|DTWF}Aee%V-l3Fpp8uAA7G%*qVc@1Fd}&Oen$qkT)~3bU4j9l> zCniCxNEN9llm#xycVOKDN9V|!HoLi0{Af(ge(DRJh>RPB@cGlgB1_~0M#)l#1HJ&T zY&|vL^6if)x%c5tpbpf;IwQz8TR22sRKFcnL|LAR0qR63LI9Yh>0^WPK{fW}Qx9;E z&7#6T)`}3T+=e?USzF>G0g#QId<=*iYkl@_ps*__K+8H|B?L@mCQOEOmtxKyHOV=o za>ZMCuDHusIKVNpjoqc_;ZgL1lP@%aE(YqHfDf@7aNr70FFOIh6M1l5VmHHm;QbXC zLDB75M)fWdEBt$0h6^tQJcFM*6g#2WLg{7pb@(vIbwM>Ae84$B=Tyw~QnpSguq$mw z)QD>vA$0yrHj?kT?oOz9sCfD39Vm10sqco ze;~9FDKG-S2zJ7DQBa_F#sj2wB*d!kf!O5=d~sXzq4Q|1UC&!!PsI8a*&rPETjL1r z3Ymt^Jc!Aia#c?v2h2Mn&4OC2jPx{(48r}b1_oaS3)$8aupC&JM3VXY+fHoZ->L(u zsqC1X|2XtAT0s?bcafj*!_U^2yLDe#kHc}HZYY!7+ov1X;*lCaKRB{|jHLLITddzs z)a;lB+LPHy?CBQk@om{= z)d2yBl|&JyAik)p)+-@gw?MqI9VeYfQOkh#=02TyZZG>1=^KkmR(2Lem~qz7p{eh( z(+jZ4aO|klT;pqG<_uJ72;Am0Q1RqzaBY?X*Ch9;f1d*>0v;8yhU=Nhsg|WJ9(e7!vFv7@{6nV;Wpskh zNQM7>9@LruOB)firT)K_O0TCN&9*z^Q2KCtN_A4w%bb@JHfq~jG{mazLDK{SRdMn;_yN*z1VB~;E0sK@q^pN&l(m51PT6M?DQTfsLH{M?xD*-w{?5w<8Sp(GuuXm0tzYXTW>hpH^Pv5ISbFIDL@hr{3Te}l zeys06X~z(f5h;Jj>l!=fG9xV90SS~ynl;_##mtPj+D7;uV2|BnjH!7q3uPunou@xb4vOl-6gnGzMf~Yu7i0K;Qi5T&5u>K zIlKK{W29p^QsJ-{$)!NagYDarE!LoP|ER0{q{qM&fH50bI8p^2jZMP0r}{m}fI0%N z09SDzd-cKT)ry5P9EkiloH)yaIR-5j;c03o!xj{<#?) zU+44p?T?%aW<&maGP$HAj(|o17I=SWkC)nF8;i-)?f=XaG;@X;y7Im*3x>O_%dqD= zF+uxpT(xk#r1#Iz)qmHck00p8T-=I&cW(iWq87aFFvzc&UZ72-Q$XELwx&B|*vr)q zH;bcE@mv4xQ}ihe&s0RKJ%8I8NFV5WAiQQz;XX622$0JD(8t)l zZG)F}`e}uoBU`({5gVlGw1P*~f{-3uu}}pSmMih>zjwDuEnOsupptg0S?`1meu)0B zLdM72+Y^a3W|oH&ZR#>4RQnI?>@)k}ok;d*H1v%m_i1t*`oEW2I0Tx%^RT~#R3`%- z|2TJRAhm|S_Mhqznj6PC?{isH`T2k+_}(k0k1<9_JFhn_VDsD`xRiE5U!0|%)dB0j z)ZG~@rb?c*gGujWhcNI6Y|wz8N?TJ~+!1sq&<2;_TS3~RCLB;;FfxUla;+*h9+jKF zA_KyQ%eYq0ZhZguuLZUc_V^daIFrgK<^dz@N~%UcY23PW?+G0`H4)sBEo z&&<)}rLD}n!&XZlN~<@14@Qt+%lE ziWA#;p6XzHHZ!&g=umwEP_Z<5jPw3EAPL$R z0F*GgD|fwD#Z?>OEvY@ObrLGpffk|C9nKV>Ezg#_ZdNi=KN+g#Bp@r-Is+uyS1e{w zb$Y5)rKmIr=U!OVh$Lr_c@Mpy0fg4U!YY;BYHQBJy)sHG@7iTH)|u2$ff(p6frwEi zKpJ@C%vymL(-7M{-FIPHLwioyyb{EtV?k9;8Sb< z!g-Ai|H)_4(WKYR*XBu6X#q!`uw@jLHpzP^y|ZvA{yO3Af!;XH`m>dW00{iikNA=Q? zMtAO&BLfe6&7thr1@e%nrF}30Bn`h-QvwTB3%H2-asVUhJiYnFZaM^nB!7 zV@RL16Jr^Ta$0&7=QB%YvN^K(RHxCrCwr4Kl&du^$gd=;+$MV$g|l@6)pSHYY~-Y1 z*0A@$+h-0&4T=M@aT&0mRsHua9x`&1!h8kp<%db?3L?CMnb#Nig_a3SlR|$o3sSE8sy!~(kzy7&=t&ADW^P<|m!Es=F``pX zp6xxe#QrHc)lH2yeOAjg4Tn8+r&55t(KzQAOTiC&6RuuQS*t4cf}YQD8EZ?8)eVVL z?@x=dHMuuoq!zcxEjda{4{U)Ljv@_HHl?S)hFKomHOT{&qv&m zM6y)UkypcqgkH^@BZ%f?==WqtV9go|4M$$vTb%8v-t?3g`U(^~ugw4E2jRCYa}fbU z`geXT0N7fee$Y!TIr{0A%nmfZDhFn9ht<#b*i-U`Gff5avPbTm6F7+HtN%kJziuPfMoji4pgzfO09aN0d3kcVwD0O&|C=&CI z<)=ok(}u4(zn}lRM`Qfvg_JH%ca~d_Q2a^`PYONiT{wHJ15a$oeuJ`f>o}8ZWZ3EZtx&^O{5lyx4rQsY#J>zVJb@+kW`BD!HF+%z^9cjt82m3+Bd^^CGHbbTM}JnwN+p z7Gp~wiLu&g7q$O8K1dFRE2?LZrT-4_J&+xy>w2jd-cNB0W;J5)INB5yOAP*%d3+fk zOcWshAg3Fv7b#xZ@a-maWaaGAB(6jOu3Vu!8RRA1wj(Fue4{)u=vn)^2516~f;Yh}A zgNEj*C0B>|BZ0{qV(kxP1={_9V%V1 zBTIgFoS)^tLku4~;uc~<&b$A(1flF_Gs_J6(msF%)p5^|Ne_$fIj+N;8VY`UR117V(%KQfv48&7{)EjqHdC`3{&us66}h-jcd-qS-~a z#isyFgFlW>_F zcV&$IoYkel27jXlkJPEtB(M0l3p&Ke>g>PE6Nb2Hit0n^(MvM!U^t#64ShCIgFk@5@Tx=qy(~%sI4mNXnWQ-0Pl%$ki~S(R zR3f_IrLR(=$8frTrTxK2T1#vtB%)}j?T-!Is{y9&)s;bra z%4uD_3NZ>?0F3QpBBuMS##fEq(oSp6SNjg#JoaH&-w9XWa`OMI{e1e*>t%#rNz|(t zVRC+%%7R8PK!>pg9XJs^ul>L616q<@2hy$6k9enhb;y!c7R%#I!jfKRSzHr8uIroM zwkAuaq^zvAA0Rx<7JZ$a8D^RHxcJu#iu~c2M@6tTwOpgEGJA`T$ioOD`4UiZK zaGK(>-tVS>hRx$#mm(bouoA`{3ClX0#rv`$Uq-*?`@;8|=}Dbz)$wpm*iJ!rH~zFz z{7Cd<{Dh>=hD?7bSSfps$yal>)!DY^NY00I*3Kn3^!(k@J9|2^mi$WTtt((V{DZ`e zDeukv1wqrt$em&E=7AvGS`dkAsr^Qy$)qn6S;b53@#pTZOubxA`(@hY>z9aR$eWyf z=`{32lVX@1s+;)5APs|~Se6=bQ`X3EYk@acWO*mm+tcgaaPdlG_Fn_Vj8v1ZiI9Pq z1_lbM|L&itKw2GM?5Ap2x#W25=wFfimT=;h z`2_W1TAK&U58D&65tkY!;T_9s; z&!4(Hw?%g>5q)*1o?-!MtPg|<=~ z(#Ir7B4Iwc#J)1D2&u#N8@55dw~Yc6hVWUfjq*#SMk9RCihzuL6JcMCT<6ahvaRsH z>Mv1UPWJH~=+#jXDUCi$3_V|1xRVrZQo6=B!|&~lyvKy-;$IzkX%{Zc)*Dv$F5f*; z%Js~_Y!ciS>XkiuUgN71t6v?ZpYlWsBQVz0kH!>KID*N%l)07o89=xV76kiO`O*$@4B~E)kc+*fKw@3 z4FPzvj6OvQ{})!4I1Do>Xrr-eGY5uB5sx_*+~n|hY0KD6H?IE>#$&eE4dxx7yiRqp z_%UeDQBY2YpttwgS8GB(+DX-~1~eUF?-`2%d4dp2UdJn zDKEuq`w#13Tc`!-E)2~=OXP#W%`Y-&hg}VElKtDpYhFaEJ|1=T-1ET%kwBfux`CQx-3P z_IR;bW5 zpN4fAjUwt%)$v82H3sx|P=Bn02q&&Rzk^gFgE#qDYx=-8GLok$=mF^JmyzbxEnpCE z#M9P*F0i!@P)iHP%p?Ha6c>A;`yUdOe&q2ixFtU!I{KlHG65Y>{1;@pdDps>$Ov8J z#B%WV6kPiN?V%btb{%+ZcNkTS3@*<9%|vK5Rg8CrY5NPrG*Hn;FA37toPuGs74Ey| z5cZUp7JNc0a~0lgc*x~FWSnPrt9D%`L7uNZ1K8)ayIleSnt!6Wd-CEaEJ2vo^!e>) z>UcwTkH?BtTQJ&74P|{0d@~xPbPGvhOz(K1VjS?_gI_|nkSeLQM!5zbaUKSLF+KDq zc~BBK7{X#NTDHe7qq8}$0L9!;_wS7HUt4}tzLN@h%OIIYb>6)tUx~Z^d%p+#F^|>G z)^bFs1rg@Uqe12Hao%TML;w}456WuLxp?gD;D3+5VCwh`;7IkORP8*-aECdg5b)c& z4&;)(8_I4VEt||$IJS2$-k@q6sSC8(t>aDNH?{E#2feG_}( zy!{5k1f*{sK!oz~RY#k}*q}F~W)Xzw6B+Tn2@cUEd%6J0y zQ6U|=fiXCb_yO1pyWoJY4w@cEIBH0?xttw^2LM~^_zNgc$3s=I_NfXERY2*ZE}k;N)c6+pRw_Ml5aac8!F_aqV(pSTTMNRLGg zsnY(zdLt4HPXXg<>zA)G!dCMXqyeHRst;uH`fj29D%Y(OqsHN2!C&3~$d6Q_&;H>% zy%kb=4iY68q@RNDN- zLJBL8M6C8Q!aCe8= zVR6LkvsCM8W3auzBByv5A%#})%JYI3|GuU}d?+L*KAqqvo9lnH5?VgGGbC%+M0X+B zl({Yc*0ag75&y&YhLkq{*xv02_OLuRx={hcyb0^@H=9F= zIE+)GeaLP^SNs0nZ1LOi1rOWOB{caPv#K1I7Tk%wq9^`n?9+$Jc`CPf;5+Pt)=4=3 zaO98d0n6O~hYOU!HXeY40E=S4rujEo6x2@8@;oh3MJgY7c#Ri89ND~C0JfC(;c&a1 zO)N_51-6uOcQCi3m>O!TEbZW8Mg`F{uE!m!T592Z>;eQ++?56er8@T`n#+740V=)L znN*^VH2E=a&b$f_I}py#_GVL#PfA@<&hFcuXw8+5-?t#ILIjSoRXSIhx5j2(>)J8o z2p~`5hXHEIM!WqoRQklIE)({V|7|kRH49TUEKFS{A_u`QuAoEmF4TM^Kyiq2#loLf z6Q0$IMG#}{5@QO?MLwrxS1+h_Mksdv`;>5?>8XF#l+|}Dk#0G@u$&CL)ddOJuP|Rk zlts&Z$wX?}G#6!k4{qdLfOi%1aW@qlr8pqtI2^9csCpT2+hO-)&B$7B7(?J3&P%X+ z^VEd~2x9K|iQyyQxa>tZ%6Gx)lw3q1qUqEBthM6yj5e+bX|qBskTl>Z-Lwa%>Z%?9 z8(+D4f(dB|z_|`09=04;J2bA{M+!@je!MOXdq86L`8C#vudgoy2^9Nh?ik^sO?01* zgyhV7BLqUc^G%GYsAveL_FZLA} zL7n#^evM$M2Mmwg_FNj)+IWBXC9-$We&i8@i}Yn+I#`gJne}AXE__rt;H9B^Pg(boBEIL`I(xs6zhRB4O9d)c-MkrM)j3{6{(VFp(n7;>g=?Ipw#E%=G2=wES2pAlY>*s+L zu=XjGSc5|wDs>K_D9R!d72piXDF)~qa&q!RicVajkOPfmeZEPd3iiT?RA38l4(=lR z6>Kff7`QXXscw&`<~&m3@a;6fXlVg^5!nxJBn|QQ-~fVO)gsg^(tSI24O5%8LJ8k< z&HKiIO^-;|Gn*YgX+ndNfo`UyUm+tvE#3J=qiFCB^j}TPAK1frfObd^mRJhJR$(hV zdx|r@5SBHcBpLtCL7>;0O~vep;-g8RA26ix2iLE*+TVg-Ek1bV5l;M}Q9zyp z51La!N&^vacTrDCJOQ$wt9A@~!W_w)f$>F;1$1!+zW+lnRGCfmfM*&TTua21gMapoF{0iwp3MD8YmbWS6C9hhteyryD z|Mz(mil)RzxJdzEE1Xnk7l&3~v$uYK{(#BP=Ch(}nFV~T$tAiKwLcJ5^ZRELYu~Ye z+vAbpYrK1B-Z^LgS^s}OkHEePWPfiL%Ern_nDdpBoHNy}e>ge(>^35ZB&CJMIZvg; z4V?IWdo@3YczzcEfRlCOYDUJ*^kq>UVIfDAg(E!U5O z$0^aMeO*I1xA<%GLXEr(szz23O=}CL%~jSQeX}7n&<;|OhHc%~u){}YGmuN{Cu}hG zt?S8P(Mb9m-%Q%A@g0W}rT=h*yJU*oOszgBNjdI(EB#;(AeNz|dm>WHjT$XENdD3h zJAT@KZRWL2=OR*k1Lh}8ffkhz2?I2oDH&vovb*VgX{| zza~!A17Ee{kmgm%Fi>c58j5Y`z{c`P2^V3$h#z0pQwafMy*D5LX}W$luU%xZ^=H!v z(t5}I=6Aga1W{#HT$I~^dd>`;ejQ?Hqg#(Q@#=x<5e>mUrd`RN(*p<>ddZ*J1_S-G z{jZ2Tz-7Up?0IsB==k1kt=Y;vVcVQ?vgkjE=wnGtYt$g+MWd||_)(m2Rc8DHlGV)mmPAhYOy8Z8W!R<7GUXa)DY~hU%DwW>&6;sc=v?~(L zzXjl9sLJ+cm&QYgdZa>|gN_r+-4xLS%o<>-MB!|qzP;vds7GjMzC1vgAXcrGVN&EbB$ zlzejyUjtuQ=9Cv)wmrA1%T|jNP@TLm|GfxxuiSrQ?Ps#BPJkT`kOF1xm2%60cm`i% z^ekYK;bJz#hZ{!N{N4vR{EA+sJfF>H*(Csmzn|DjEsoG&-0UGaws!pxE_!u<)s9`e zz08RvHjr>vBIPv= ziW3~M;_Cw<(cym1V%^K#k>&Z=NA!F(??ou1rB(V&Wz;Z4~o zs?o-@-R$?ZlkaOU=n4n~7`7I@v*deQ8EuUjkcKT1X)Vh~7bJp^3#+fOR0-3vE0 z$iI6wTp87xZ}FvBdFHh_4teNAq>Qk-j!R+M>(Sxzqo0v84AHzb9Fv-6etr-Iua{VF zREZ`lNsw$|3)XR+SluBtl0>?$g@UOT3rh_c*h5|1IiP6=|M3|2yBgt_dHG8fw~u(- zEAu}U+~-)v<)cAJ`5&8oS0fhJqqg#Ms(Ksf`2sdqry@x9>%Rxx>NB=voMBR4#Xh$^ zqElpY*}ed0Gr1F`4Ap3XB~AFKVy1-Gf8wMsL*R0Dy>0`p&<6-pchDO{&|>o3 z7XH+pH_!(F8!aAS_~21ETX)X=OI6(Z%>0swd(W59sG*f{Q`Q~P-IUdf0QYi!x6tBh z)(p1v@!J~`tYnE-PH_$RT8$0grQ$EAjNH;_P|5+T#k*V{LIA^DU7OHXqbgOLE6CgAGesAq-~3{2_bur}jGBudq3lGl^koMw26O#sjat5u8j&z+UFE?m`hp^1!mHkn1{X4&AejB_ z7W{0vW0QAlEP$oL;{Ji))Y%Cd(z2Gp=8`4w-Ia2;|zy|2v2<@l_W-&D;{Byn<0 zd>ol*?C@MIdRE_lAWDSgk-p&x^z@yqe$G%s91N{ zfjpy^s_gVa4oozLC*9P*z17Taa4?l%UDdu;spEy+2Vf!!0}TZ#qufL@HLivTOq{hd zcnBhkeFJqdh$!Pd#)3masd2&mnM=_&c+WHR3_UpMGuii5u<08{3U-3(27OUDcC((E z7u-GQ{XMwE9P&?_ZrVpWM%Y|O2DQQ?8e|zRbc%ulB<_06)F8|LcbCK>q6BMk*TRnX zeAFx{?=lSMI-6t~mLA&}uqwV~FWXIT9qWpNrJr`DG-eWTWZX!ZOFr=)HV*1xYSkQ?&tQ08`&WXekXvr& z-81M2JH$$Hj;2_UKAo)@WsLc@>S&-6%{F)6AB?{vvzlbxD=7VFg)5y?lafm$XU~;8 z=%tlNlAw!Jrw(+MV28WJD{*4Is6Fb^UnAXdKw^EdMO@A`8O>J&w8vxmm6in2MD-&% zz7!Eg78o&5D@>`E?eJ1Z_C<)=m#>j46?G+|xsLY?I(+4DNK5yv3`f^J0S{x$txU96 zmIn1a4HzJz&?JLYn7q_+N@e@6+_bWNweV{R>58PWP+ot|kR#m)Xwfj&Om^Fu02R0g zmo+b4Fw{Yzrp2KXLm1WEk=DD7H6UM%+;AM|9KQQ%WW{XTq|CuhC~6fH8xoo;BldPw z(@-f@fB&Y~eG~2Q-`_B(b*AyhUVu^JVQ!%8vph1IHdL9V(UDP*uot7EfLmei2ACtUwjg;Ue|YdW~CBK z^szP9!n=EHto@iH9 zbOkADK)!#e>8uRsU&^nC+&Bj~!L?u}lNy1P0D)j&n*c?c0LUMFMx#qt_dWfbu;Ovl zWRcTUnlFqOp?q8Xo%&XXIC}l=McRZRfwTbDXr!6j9}f6yge3Z0H3&D;bt>mjAU}Uo zX(7v9c1)YMwIW1!u*0-77@n&##&q{Mh9z*(wv0mfghI6;57kdd5pfPPyof_8o#U0a z5PL4?KRmdX29Rms+(W7k`OBCL33E}l*TL+|My7Q}0mDlRG6;5rQUZ-nub43JSiF@#S808-qIS%n0|plkSmuHt+tkQ}{Y1iq zqE>$|(La_Fhk2Lp^F(fE|7)UqyO+aIhx`_Ij(qRp?|1p~1o@7Vr-OK+SI23*;+52k zc}hBY1_4!JA3#gaZ@6OBM?4@x%3;-~!-O3%LI`sRReZxJxXHJ+#A*F!9ZTKyc@cfO zyy4QPDz_NxdRmBl!9-2a%5wr@O-A{|-To2z>de7w>hsQJ4M*vhiN8Ix2Rqn4yymG0 z{}5NSlRw9I=)fNB0nq<5cpim0C#F-@)QD|gGtYUyxRg40cF19%aT9^S;oV8d{{8B0 zBS}v})7~d)==mgNs<_kMNAr@vQ?DC5E3bYt?9(m3T6#L$D(-Y%xtv?nX|Ye7*Z6gD=PBUmH!ktssnjGk zSexSHBEQ&~3r0^F&D(aL=3Y6JyX4g|HtFxFbk4u0rMZPK{#u#iRw3q_Gj6W?HhHQN zI8cYfifNsxyBcB71hSW)6Y#tC#5}GRI@HTlj0h55HRsV$oh{yz&C%R)e3hTvz;(^s zRUiC~mGmh?ae||^?}xQ2qe!dAV?FFwh3sA@SjLmSMpDxEJzq=k2^S#w4keqaNz?D{ z*=Vu-f7-j!sHUzh-15YMp;km9t%w4m2nYfViVW6O5Xw9ROr)SPC?HU@h@lN>tF#Cy zF{J_$B@W0GL`w{#fZ&4|2&SNjkw7e<(FCv%LL^~$`vOw2@7Md)wO;wbx(n_-_wIep z*=L`$@-cHBqO&9P=T?~neZ(0oO&&<;3Bj!W*#?;{o& zEy*5llR2t3NxR#8eo0UKG^t~#S?83C@g%)6 z+^`FYzqOBj<4S#fJ77Xmx8=_fRCpbde}%Smc?F+EaIG)$vMq8BEJm>l)+C`!HM#rG zmgX=w2)bFx1KFE}6S|$I->N9a+=htR=k@QUO7$HGkc`foB@PT-eCFD-p~xyrq+|wu&P_}+P0^J)qB7@%&KEM zyF;yb147s}h6Qitwe_34JrJ*&V}nU@h)Nr8!{)kg)9g}xmS#JHpmzqJulxc9Pff|Epm=3xQdur3i~Icw61E4o`&?MZ3a(l-Di9cio^7Jzt5J>(RJt46zX}%=`@Amg<(7o- zk7mL zn<%-w=V*&Kh#16J;^{qwW!vA6^vzA+NF+fmBih!-4P@5h5h~(Z&-)m-cv#7vYCiIP z?7r_TMVTfvDi1JCtkFDCu;wbf?n3qGL>AYMwQ(l*aIh$o8H=gnj()Ngc!SX|<7r*D z9gH#5vD+y82hXOn6tyM0^T2a`qxCmwpapMcu5M>u%)I$(g89|_O{#caqm=n<)4bi& zo6k%B>GaGM5-s>Rb2TaR-Ti;@;+LsNP69!}tHFGp^gep66+-2ID(I^QhnWd(15xfd z6JeDE0f9b^Y7V3#7S!*80t7hw@AH?cL-X|7K5<}sF?XkI2GS0F9YkKV`6%MHlD(yI7R|LE zl>7imt%ZShj0xm1TCZIp=+C<86O0pX4s5A z2I35Vp3H?zX)V)*q?^Ha-qLb+eKPZf~5F!Mvbs~@FveE#6x zBXGCA-L7k0&F=ktyOfJxfbbMVs^E?ZeaJnOrTB zm0i}lt9)WOEi}|&bRUGpmhb)RTk>o)>>qZX${>kI>6$ZC+-~GL!juWLD}W~xr&!rJ z$ET*b06Y11}77nhe6c{-`?y5Ue5=Tf-M^7-M#DE zz-Ed}>4wTnq<>tl&SYCjmYAp6did_JFsdwk1<>T{ty?F!HRGNoy8GxVTu zxb=rA8!iFFuj@`>Z+Kv~7a(4l9)?9ft^&L;+0yd};I6T>);ykZy!6{6kGg(nTD0W~ zpa)gbn6K*~xq8)Qst$GD$h(%{lp*K*jQ{>eEZ~Ii6a|?zILGX2Ev#6-nskf%_B5=* zeX-mry!KV`oC~#nbJz9W6M>*MQjc1LvtrRKr!&t0Ny@?F4fpDQIFLtJ+$kC)lkpuu z=ndm&T?{pWQ*&P>4JqAQFq5T^443Ms^(J7XZW6mgf}5j+*!L;9tD6qQpvy|y2ap&=Ya;677;Vl1o@1Ch~(Aiya8 zN!40}9QaV*Gmfy1ZJVl*#~+S}$E??%t{u>xwJb z&NXzogk3Mb>?$2GRMw{`N(3i5OtJ?9a((d^7%97kj=!V(W%^ZIxwMsXX`{kxrEv@8 z>A^=>ZE1*?j#P+Ek32%5%+L%JJ}YBdD8jSdv*1g&8e-<%#bbpEr!)*F1YRUK{)@YSKxxu8tal8mYPjbq}SG+sfH2HMp*I3j}&!_^?P`J8Y@y5MMB|IKEq!=wAG2_9GNlXOT`5IX3-Q zV|vePQ@TxXgWRFA8!JAy&=?pHw5qKvBd%~MmN|H=PpIH-B757@Y=^JhP+t5^|M&;9 z<^u!jes%OybOYVR%&1Jp_b z9I?F=Kw@b4_e5p9*gp=9xXf@Y6#RyuU)1a_4=gEQYQUhvPdOBi&t5!+qW0N~zvWG? cYD;Gv?r5_E?`W^?Kt9vO(c`nyJqN!34>g!A{r~^~ literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md new file mode 100644 index 0000000000..cab0657747 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md @@ -0,0 +1,40 @@ +--- +title: WDAC Admin Tips & Known Issues +description: WDAC Known Issues +keywords: security, malware +ms.prod: m365-security +audience: ITPro +ms.collection: M365-security-compliance +author: jsuther1974 +ms.reviewer: jogeurte +ms.author: deniseb +manager: dansimp +ms.date: 04/09/2021 +ms.custom: asr +ms.technology: mde +--- + +# WDAC Admin Tips & Known Issues + +**Applies to:** + +- Windows 10 +- Windows Server 2016 and above + +This topic covers tips and tricks for admins as well as known issues with WDAC. +Test this configuration in your lab before enabling it in production. + +## MSI Installations launched directly from the internet are blocked by WDAC + +Installing .msi files directly from the internet to a computer protected by WDAC will fail. +For example, this command will not work: + +```code +msiexec –i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E-76209EA4F429/Windows10_Version_1511_ADMX.msi +``` + +As a workaround, download the MSI file and run it locally: + +```code +msiexec –i c:\temp\Windows10_Version_1511_ADMX.msi +``` diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md index 483e3784a3..756e2013c2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md @@ -31,7 +31,6 @@ This topic describes the decisions you need to make to establish the processes f The first step in implementing application control is to consider how your policies will be managed and maintained over time. Developing a process for managing WDAC policies helps assure that WDAC continues to effectively control how applications are allowed to run in your organization. - Most WDAC policies will evolve over time and proceed through a set of identifiable phases during their lifetime. Typically, these phases include: 1. [Define (or refine) the "circle-of-trust"](understand-windows-defender-application-control-policy-design-decisions.md) for the policy and build an audit mode version of the policy XML. In audit mode, block events are generated but files are not prevented from executing. @@ -42,6 +41,8 @@ Most WDAC policies will evolve over time and proceed through a set of identifiab 6. Deploy the enforced mode policy to intended devices. We recommend using staged rollouts for enforced policies to detect and respond to issues before deploying the policy broadly. 7. Repeat steps 1-6 anytime the desired "circle-of-trust" changes. +![Recommended WDAC policy deployment process](images/PolicyFlow.png) + ### Keep WDAC policies in a source control or document management solution To effectively manage WDAC policies, you should store and maintain your policy XML documents in a central repository that is accessible to everyone responsible for WDAC policy management. We recommend a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration), which provide version control and allow you to specify metadata about the XML documents. diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md index 68c0aa549e..8dc851b49b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md @@ -1,5 +1,5 @@ --- -title: Planning and getting started on the Windows Defender Application Control deployment process (Windows 10) +title: Deploying Windows Defender Application Control policies (Windows 10) description: Learn how to gather information, create a plan, and begin to test initial code integrity policies for a Windows Defender Application Control deployment. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb @@ -11,83 +11,33 @@ ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 -ms.reviewer: isbrahm +ms.reviewer: jgeurten ms.author: dansimp manager: dansimp ms.date: 05/16/2018 ms.technology: mde --- -# Planning and getting started on the Windows Defender Application Control deployment process +# Deploying Windows Defender Application Control policies **Applies to** -- Windows 10 -- Windows Server 2016 -This topic provides a roadmap for planning and getting started on the Windows Defender Application Control (WDAC) deployment process, with links to topics that provide additional detail. Planning for WDAC deployment involves looking at both the end-user and the IT pro impact of your choices. +- Windows 10 +- Windows Server 2016 and above -## Planning +You should now have one or more WDAC policies ready to deploy to devices within your organization. If you have not yet completed the steps described in the [WDAC Design Guide](windows-defender-application-control-design-guide.md), do so now before proceeding. -1. Review requirements, especially hardware requirements for VBS. +## Plan your deployment -2. Group devices by degree of control needed. Do most devices fit neatly into a few categories, or are they scattered across all categories? Are users allowed to install any application or must they choose from a list? Are users allowed to use their own peripheral devices?
Deployment is simpler if everything is locked down in the same way, but meeting individual departments' needs, and working with a wide variety of devices, may require a more complicated and flexible deployment. +As with any significant change to your environment, implementing application control can have unintended consequences. To ensure the best chance for success, you should follow safe deployment practices and plan your deployment carefully. Determine what set(s) of devices you will manage with WDAC and split them into deployment rings so you can control the scale of the deployment and be able to respond if anything should go wrong. Define the success criteria that will determine when it is safe to proceed from one ring to the next. -3. Review how much variety in software and hardware is needed by roles or departments. The following questions can help you clarify how many WDAC policies to create: +All WDAC policy changes should be deployed in audit mode before proceeding to enforcement. Carefully monitor events from devices where the policy has been deployed to ensure the block events you observe match your expectation before broadening the deployment to additional deployment rings. If your organization uses Microsoft Defender for Endpoint, you can use the Advanced Hunting feature to centrally monitor WDAC-related events. Otherwise, we recommend using an event log forwarding solution to collect relevant events from your managed endpoints. - - How standardized is the hardware?
This can be relevant because of drivers. You could create a WDAC policy on hardware that uses a particular set of drivers, and if other drivers in your environment use the same signature, they would also be allowed to run. However, you might need to create several WDAC policies on different "reference" hardware, then merge the policies together, to ensure that the resulting policy recognizes all the drivers in your environment. - - - What software does each department or role need? Should they be able to install and run other departments' software?
If multiple departments are allowed to run the same list of software, you might be able to merge several WDAC policies to simplify management. - - - Are there departments or roles where unique, restricted software is used?
If one department needs to run an application that no other department is allowed, it might require a separate WDAC policy. Similarly, if only one department must run an old version of an application (while other departments allow only the newer version), it might require a separate WDAC policy. - - - Is there already a list of accepted applications?
A list of accepted applications can be used to help create a baseline WDAC policy.
As of Windows 10, version 1703, it might also be useful to have a list of plug-ins, add-ins, or modules that you want to allow only in a specific app (such as a line-of-business app). Similarly, it might be useful to have a list of plug-ins, add-ins, or modules that you want to block in a specific app (such as a browser). - - - As part of a threat review process, have you reviewed systems for software that can load arbitrary DLLs or run code or scripts? - In day-to-day operations, your organization's security policy may allow certain applications, code, or scripts to run on your systems depending on their role and the context. However, if your security policy requires that you run only trusted applications, code, and scripts on your systems, you may decide to lock these systems down securely with Windows Defender Application Control policies. - - Legitimate applications from trusted vendors provide valid functionality. However, an attacker could also potentially use that same functionality to run malicious executable code that could bypass WDAC. - - For operational scenarios that require elevated security, certain applications with known Code Integrity bypasses may represent a security risk if you allow them in your WDAC policies. Other applications, where older versions of the application had vulnerabilities, also represent a risk. Therefore, you may want to deny or block such applications from your WDAC policies. For applications with vulnerabilities, once the vulnerabilities are fixed you can create a rule that only allows the fixed or newer versions of that application. The decision to allow or block applications depends on the context and on how the reference system is being used. - - Security professionals collaborate with Microsoft continuously to help protect customers. With the help of their valuable reports, Microsoft has identified a list of known applications that an attacker could potentially use to bypass Windows Defender Application Control. Depending on the context, you may want to block these applications. To view this list of applications and for use case examples, such as disabling msbuild.exe, see [Microsoft recommended block rules](microsoft-recommended-block-rules.md). - -4. Identify LOB applications that are currently unsigned. Although requiring signed code (through WDAC) protects against many threats, your organization might use unsigned LOB applications, for which the process of signing might be difficult. You might also have applications that are signed, but you want to add a secondary signature to them. If so, identify these applications, because you will need to create a catalog file for them. - -## Getting started on the deployment process - -1. Optionally, create a signing certificate for Windows Defender Application Control. As you deploy WDAC, you might need to sign catalog files or WDAC policies internally. To do this, you will either need a publicly issued code signing certificate (that you purchase) or an internal CA. If you choose to use an internal CA, you will need to [create a code signing certificate](create-code-signing-cert-for-windows-defender-application-control.md). - -2. Create WDAC policies from reference computers. In this respect, creating and managing WDAC policies to align with the needs of roles or departments can be similar to managing corporate images. From each reference computer, you can create a WDAC policy, and decide how to manage that policy. You can [merge](merge-windows-defender-application-control-policies.md) WDAC policies to create a broader policy or a master policy, or you can manage and deploy each policy individually. - -3. Audit the WDAC policy and capture information about applications that are outside the policy. We recommend that you use [audit mode](audit-windows-defender-application-control-policies.md) to carefully test each WDAC policy before you enforce it. With audit mode, no application is blocked—the policy just logs an event whenever an application outside the policy is started. Later, you can expand the policy to allow these applications, as needed. - -4. Create a [catalog file](deploy-catalog-files-to-support-windows-defender-application-control.md) for unsigned LOB applications. Use the Package Inspector tool to create and sign a catalog file for your unsigned LOB applications. In later steps, you can merge the catalog file's signature into your WDAC policy, so that applications in the catalog will be allowed by the policy. - -6. Capture needed policy information from the event log, and merge information into the existing policy as needed. After a WDAC policy has been running for a time in audit mode, the event log will contain information about applications that are outside the policy. To expand the policy so that it allows for these applications, use Windows PowerShell commands to capture the needed policy information from the event log, and then merge that information into the existing policy. You can merge WDAC policies from other sources also, for flexibility in how you create your final WDAC policies. - -7. Deploy WDAC policies and catalog files. After you confirm that you have completed all the preceding steps, you can begin deploying catalog files and taking WDAC policies out of auditing mode. We strongly recommend that you begin this process with a test group of users. This provides a final quality-control validation before you deploy the catalog files and WDAC policies more broadly. - -8. Enable desired virtualization-based security (VBS) features. Hardware-based security features—also called virtualization-based security (VBS) features—strengthen the protections offered by Windows Defender Application Control. - -## Known issues - -This section covers known issues with WDAC. Virtualization-based protection of code integrity may be incompatible with some devices and applications, which might cause unexpected failures, data loss, or a blue screen error (also called a stop error). -Test this configuration in your lab before enabling it in production. - -### MSI Installations are blocked by WDAC - -Installing .msi files directly from the internet to a computer protected by WDAC will fail. -For example, this command will not work: - -```code -msiexec –i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E-76209EA4F429/Windows10_Version_1511_ADMX.msi -``` - -As a workaround, download the MSI file and run it locally: - - -```code -msiexec –i c:\temp\Windows10_Version_1511_ADMX.msi -``` +## Choose how to deploy WDAC policies +There are several options to deploy WDAC policies to managed endpoints, including the following: +1. [Deploy using a Mobile Device Management (MDM) solution](deploy-windows-defender-application-control-policies-using-intune.md), such as Microsoft Intune +2. [Deploy using Microsoft Endpoint Configuration Manager (MEMCM)](deployment/deploy-wdac-policies-using-memcm.md) +3. [Deploy via script](deployment/deploy-wdac-policies-using-script.md) +4. [Deploy via Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md) From e53fbb59193fe12a699f8137e55487129aff8aed Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Fri, 16 Apr 2021 17:09:41 -0700 Subject: [PATCH 010/156] Update use-windows-defender-application-control-with-intelligent-security-graph.md --- ...control-with-intelligent-security-graph.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md index 6fbcea760e..282e08bc06 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -18,7 +18,7 @@ ms.date: 03/10/2020 ms.technology: mde --- -# Authorize reputable apps with the Intelligent Security Graph (ISG) +# Authorize reputable apps with the Intelligent Security Graph (ISG) **Applies to:** @@ -29,7 +29,7 @@ Application execution control can be difficult to implement in enterprises that Windows 10, version 1709 (also known as the Windows 10 Fall Creators Update) provides a new option, known as the Microsoft Intelligent Security Graph authorization, that allows IT administrators to automatically authorize applications that the Microsoft Intelligent Security Graph recognizes as having known good reputation. The Microsoft Intelligent Security Graph option helps IT organizations take a significant first step towards going from having no application control at all to a simple means of preventing the execution of unknown and known bad software. To learn more about the Microsoft Intelligent Security Graph, see the Security section in [Major services and features in Microsoft Graph](/graph/overview-major-services). -## How does the integration between WDAC and the Intelligent Security Graph work? +## How does the integration between WDAC and the Intelligent Security Graph work? The Microsoft Intelligent Security Graph relies on the same vast security intelligence and machine learning analytics which power Microsoft Defender SmartScreen and Microsoft Defender Antivirus to help classify applications as having known good, known bad, or unknown reputation. When an unevaluated file is run on a system with WDAC enabled with the Microsoft Intelligent Security Graph authorization option specified, WDAC queries the file's reputation by sending its hash and signing information to the cloud. If the Microsoft Intelligent Security Graph determines that the file has a known good reputation, the $KERNEL.SMARTLOCKER.ORIGINCLAIM kernel Extended Attribute (EA) is written to the file. Every time the file tries to execute, if there are no explicit deny rules present for the file, it will be allowed to run based on its positive reputation. Conversely, a file that has unknown or known bad reputation will still be allowed to run in the presence of a rule that explicitly allows the file. @@ -40,18 +40,18 @@ WDAC periodically re-queries the reputation data on a file. Additionally, enterp >[!NOTE] >Admins should make sure there is a WDAC policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, such as custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both Microsoft Endpoint Manager Configuration Manager (MEMCM) and Microsoft Endpoint Manager Intune (MEM Intune) can be used to create and push a WDAC policy to your client machines. -Other examples of WDAC policies are available in `C:\Windows\schemas\CodeIntegrity\ExamplePolicies` and can help authorize Windows OS components, WHQL signed drivers and all Store apps. Admins can reference and customize them as needed for their Windows Defender Application Control deployment or [create a custom WDAC policy](./create-initial-default-policy.md). +Other examples of WDAC policies are available in `C:\Windows\schemas\CodeIntegrity\ExamplePolicies` and can help authorize Windows OS components, WHQL signed drivers and all Store apps. Admins can reference and customize them as needed for their Windows Defender Application Control deployment or [create a custom WDAC policy](./create-initial-default-policy.md). -## Configuring Intelligent Security Graph authorization for Windows Defender Application Control +## Configuring Intelligent Security Graph authorization for Windows Defender Application Control -Setting up the Microsoft Intelligent Security Graph authorization is easy regardless of what management solution you use. Configuring the Microsoft Intelligent Security Graph option involves these basic steps: +Setting up the Microsoft Intelligent Security Graph authorization is easy regardless of what management solution you use. Configuring the Microsoft Intelligent Security Graph option involves these basic steps: -- [Ensure that the Microsoft Intelligent Security Graph option is enabled in the WDAC policy XML](#ensure-that-the-intelligent-security-graph-option-is-enabled-in-the-wdac-policy-xml) -- [Enable the necessary services to allow WDAC to use the Microsoft Intelligent Security Graph correctly on the client](#enable-the-necessary-services-to-allow-wdac-to-use-the-isg-correctly-on-the-client) +- [Ensure that the Microsoft Intelligent Security Graph option is enabled in the WDAC policy XML](#ensure-that-the-intelligent-security-graph-option-is-enabled-in-the-wdac-policy-xml) +- [Enable the necessary services to allow WDAC to use the Microsoft Intelligent Security Graph correctly on the client](#enable-the-necessary-services-to-allow-wdac-to-use-the-isg-correctly-on-the-client) -### Ensure that the Intelligent Security Graph option is enabled in the WDAC policy XML +### Ensure that the Intelligent Security Graph option is enabled in the WDAC policy XML -In order to enable trust for executables based on classifications in the Microsoft Intelligent Security Graph, the **Enabled:Intelligent Security Graph authorization** option must be specified in the WDAC policy. This can be done with the Set-RuleOption cmdlet. In addition, it is recommended from a security perspective to also enable the **Enabled:Invalidate EAs on Reboot** option to invalidate the cached Intelligent Security Graph results on reboot to force rechecking of applications against the Microsoft Intelligent Security Graph. Caution is advised if devices will regularly transition to and from environments that may not be able to access the Microsoft Intelligent Security Graph. The following example shows both options being set. +In order to enable trust for executables based on classifications in the Microsoft Intelligent Security Graph, the **Enabled:Intelligent Security Graph authorization** option must be specified in the WDAC policy. This can be done with the Set-RuleOption cmdlet. In addition, it is recommended from a security perspective to also enable the **Enabled:Invalidate EAs on Reboot** option to invalidate the cached Intelligent Security Graph results on reboot to force rechecking of applications against the Microsoft Intelligent Security Graph. Caution is advised if devices will regularly transition to and from environments that may not be able to access the Microsoft Intelligent Security Graph. The following example shows both options being set. ```code @@ -87,11 +87,11 @@ In order for the heuristics used by the Microsoft Intelligent Security Graph to appidtel start ``` -This step is not required for WDAC policies deployed over MDM using the AppLocker CSP, as the CSP will enable the necessary components. This step is also not required when enabling the Microsoft Intelligent Security Graph through the MEMCM WDAC UX. However, if custom policies are being deployed outside of the WDAC UX through MEMCM, then this step is required. +This step is not required for WDAC policies deployed over MDM using the AppLocker CSP, as the CSP will enable the necessary components. This step is also not required when enabling the Microsoft Intelligent Security Graph through the MEMCM WDAC UX. However, if custom policies are being deployed outside of the WDAC UX through MEMCM, then this step is required. -## Security considerations with the Intelligent Security Graph +## Security considerations with the Intelligent Security Graph -Since the Microsoft Intelligent Security Graph is a heuristic-based mechanism, it does not provide the same security guarantees that explicit allow or deny rules do. It is best suited for deployment to systems where each user is configured as a standard user and there are other monitoring systems in place like Microsoft Defender for Endpoint to help provide optics into what users are doing. +Since the Microsoft Intelligent Security Graph is a heuristic-based mechanism, it does not provide the same security guarantees that explicit allow or deny rules do. It is best suited for deployment to systems where each user is configured as a standard user and there are other monitoring systems in place like Microsoft Defender for Endpoint to help provide optics into what users are doing. Users with administrator privileges or malware running as an administrator user on the system may be able to circumvent the intent of WDAC when the Microsoft Intelligent Security Graph option is allowed by circumventing or corrupting the heuristics used to assign reputation to application executables. The Microsoft Intelligent Security Graph option uses the same heuristic tracking as managed installer and so for application installers that include an option to automatically run the application at the end of the installation process the heuristic may over-authorize. @@ -103,7 +103,7 @@ Modern apps are not supported with the Microsoft Intelligent Security Graph heur The Microsoft Intelligent Security Graph heuristics do not authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run. -In some cases, the code integrity logs where WDAC errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, the error is functionally benign as a blocked native image will result in the corresponding assembly being re-interpreted. Review for functionality and performance for the related applications using the native images maybe necessary in some cases. +In some cases, the code integrity logs where WDAC errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, the error is functionally benign as a blocked native image will result in the corresponding assembly being re-interpreted. Review for functionality and performance for the related applications using the native images maybe necessary in some cases. >[!NOTE] -> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. MEM Intune's built-in WDAC support includes the option to trust apps with good reputation via the Microsoft Intelligent Security Graph, but it has no option to add explicit allow or deny rules. In most circumstances, customers enforcing application control need to deploy a custom WDAC policy (which can include the Microsoft Intelligent Security Graph option if desired) using [Intune's OMA-URI functionality](./deploy-windows-defender-application-control-policies-using-intune.md#using-a-custom-oma-uri-profile). \ No newline at end of file +> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. MEM Intune's built-in WDAC support includes the option to trust apps with good reputation via the Microsoft Intelligent Security Graph, but it has no option to add explicit allow or deny rules. In most circumstances, customers enforcing application control need to deploy a custom WDAC policy (which can include the Microsoft Intelligent Security Graph option if desired) using [Intune's OMA-URI functionality](./deploy-windows-defender-application-control-policies-using-intune.md#using-a-custom-oma-uri-profile). From ff35811720f3f6ccfc4b2a2ffae31723e7a835da Mon Sep 17 00:00:00 2001 From: msft-bob <82617611+msft-bob@users.noreply.github.com> Date: Sat, 17 Apr 2021 21:53:28 -0700 Subject: [PATCH 011/156] Revert extra space in policy jump link --- windows/client-management/mdm/policy-csp-authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 74167fec97..3137c8b270 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -38,7 +38,7 @@ manager: dansimp Authentication/AllowSecondaryAuthenticationDevice

- Authentication/ConfigureWebSignInAllowedUrls + Authentication/ConfigureWebSignInAllowedUrls
Authentication/EnableFastFirstSignIn From bdaaf81a8ad2d6319e53d034c618a2088500ecbf Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 19 Apr 2021 16:34:08 +0530 Subject: [PATCH 012/156] Updated --- .../client-management/mdm/policy-csp-admx-wcm.md | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md index 0c5ea22e12..ba7e3b03ac 100644 --- a/windows/client-management/mdm/policy-csp-admx-wcm.md +++ b/windows/client-management/mdm/policy-csp-admx-wcm.md @@ -257,17 +257,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. From 67ac3c3a59afca154c3858b2bfb34aac264ec4bc Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 19 Apr 2021 16:46:06 +0530 Subject: [PATCH 013/156] Updated --- .../client-management/mdm/policy-csp-admx-wincal.md | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md index 399309047c..3572b88a1f 100644 --- a/windows/client-management/mdm/policy-csp-admx-wincal.md +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -177,17 +177,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. From a9038d538c43ad078899935d299a7d72dd7e0fcb Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 19 Apr 2021 16:48:31 +0530 Subject: [PATCH 014/156] Updated --- .../mdm/policy-csp-admx-windowsanytimeupgrade.md | 13 ++----------- .../mdm/policy-csp-admx-windowsconnectnow.md | 13 ++----------- .../mdm/policy-csp-admx-windowsexplorer.md | 13 ++----------- .../mdm/policy-csp-admx-windowsfileprotection.md | 13 ++----------- .../mdm/policy-csp-admx-windowsmediadrm.md | 13 ++----------- .../mdm/policy-csp-admx-windowsmediaplayer.md | 13 ++----------- .../mdm/policy-csp-admx-windowsremotemanagement.md | 13 ++----------- .../mdm/policy-csp-admx-windowsstore.md | 13 ++----------- .../mdm/policy-csp-admx-wininit.md | 13 ++----------- .../mdm/policy-csp-admx-winlogon.md | 13 ++----------- .../client-management/mdm/policy-csp-admx-winsrv.md | 13 ++----------- .../mdm/policy-csp-admx-wlansvc.md | 13 ++----------- .../client-management/mdm/policy-csp-admx-wpn.md | 13 +++---------- 13 files changed, 27 insertions(+), 142 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md index efff151d08..e395b7bdd3 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md @@ -100,16 +100,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index 086405efd2..d7d03ed259 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -249,17 +249,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index 004f66dae4..d3f576845c 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -5353,16 +5353,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md b/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md index 610f1840b9..11fb1acf4c 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md @@ -342,16 +342,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md index 66570c3061..5f3ad74aca 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md @@ -101,17 +101,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index f0273482cf..1fd8836c49 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -1599,17 +1599,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md index dc7bcf1f15..b7ea8b0cd6 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md @@ -170,16 +170,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md index cec2e2bd4f..2bab9f4f0e 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md @@ -395,15 +395,6 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md index 93d25c2f1e..e37cf89e46 100644 --- a/windows/client-management/mdm/policy-csp-admx-wininit.md +++ b/windows/client-management/mdm/policy-csp-admx-wininit.md @@ -243,17 +243,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md index f1998bb579..da4753fc16 100644 --- a/windows/client-management/mdm/policy-csp-admx-winlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md @@ -479,16 +479,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md index ac5a01bce6..7ad280cc44 100644 --- a/windows/client-management/mdm/policy-csp-admx-winsrv.md +++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md @@ -103,17 +103,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md index c66f4a6598..075f7f19df 100644 --- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md +++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md @@ -245,17 +245,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md index 7e7e4ee561..1bcc3aef41 100644 --- a/windows/client-management/mdm/policy-csp-admx-wpn.md +++ b/windows/client-management/mdm/policy-csp-admx-wpn.md @@ -475,16 +475,9 @@ ADMX Info:
-Footnotes: +> [!NOTE] +> These policies are for upcoming release. + -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 \ No newline at end of file From fc8e5e39f0d55f39068e23855ded0ff5b8e0c316 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 19 Apr 2021 17:02:08 +0530 Subject: [PATCH 015/156] Updated --- .../client-management/mdm/policy-csp-admx-rpc.md | 13 ++----------- .../mdm/policy-csp-admx-scripts.md | 13 ++----------- .../mdm/policy-csp-admx-sdiageng.md | 13 ++----------- .../mdm/policy-csp-admx-securitycenter.md | 13 ++----------- .../mdm/policy-csp-admx-sensors.md | 13 ++----------- .../mdm/policy-csp-admx-servicing.md | 13 ++----------- .../mdm/policy-csp-admx-settingsync.md | 13 ++----------- .../mdm/policy-csp-admx-sharedfolders.md | 13 ++----------- .../mdm/policy-csp-admx-sharing.md | 13 ++----------- ...licy-csp-admx-shellcommandpromptregedittools.md | 13 ++----------- .../mdm/policy-csp-admx-skydrive.md | 13 ++----------- .../mdm/policy-csp-admx-smartcard.md | 13 ++----------- .../client-management/mdm/policy-csp-admx-snmp.md | 13 ++----------- .../mdm/policy-csp-admx-startmenu.md | 13 ++----------- .../mdm/policy-csp-admx-systemrestore.md | 13 ++----------- .../mdm/policy-csp-admx-taskbar.md | 13 ++----------- .../client-management/mdm/policy-csp-admx-tcpip.md | 13 ++----------- .../mdm/policy-csp-admx-thumbnails.md | 14 ++------------ .../client-management/mdm/policy-csp-admx-tpm.md | 13 ++----------- ...policy-csp-admx-userexperiencevirtualization.md | 14 ++------------ .../mdm/policy-csp-admx-userprofiles.md | 13 ++----------- .../mdm/policy-csp-admx-w32time.md | 13 ++----------- 22 files changed, 44 insertions(+), 244 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md index 4c77e82fa2..0f178e38ad 100644 --- a/windows/client-management/mdm/policy-csp-admx-rpc.md +++ b/windows/client-management/mdm/policy-csp-admx-rpc.md @@ -375,17 +375,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md index 56b8fa10a1..4ade7adf21 100644 --- a/windows/client-management/mdm/policy-csp-admx-scripts.md +++ b/windows/client-management/mdm/policy-csp-admx-scripts.md @@ -970,17 +970,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md index dca614dec2..0083654392 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md @@ -245,16 +245,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index 7590b70934..d4c3d28d8b 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -111,17 +111,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md index 66a0fdf6d6..908b0d3e1b 100644 --- a/windows/client-management/mdm/policy-csp-admx-sensors.md +++ b/windows/client-management/mdm/policy-csp-admx-sensors.md @@ -387,16 +387,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index af834f2656..66955f6f02 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -101,17 +101,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md index 53ca6431fc..c4ec63cfb7 100644 --- a/windows/client-management/mdm/policy-csp-admx-settingsync.md +++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md @@ -691,16 +691,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md index a9749a346b..6e368df47b 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md +++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md @@ -177,17 +177,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md index 42e13cdd7d..4e5d49dd0c 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharing.md +++ b/windows/client-management/mdm/policy-csp-admx-sharing.md @@ -98,16 +98,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md index 58d1a90759..61bf9ccbcd 100644 --- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md +++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md @@ -333,17 +333,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-skydrive.md b/windows/client-management/mdm/policy-csp-admx-skydrive.md index e42d009528..c4b58c6a66 100644 --- a/windows/client-management/mdm/policy-csp-admx-skydrive.md +++ b/windows/client-management/mdm/policy-csp-admx-skydrive.md @@ -101,17 +101,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index b75b3b086d..0c65d41cfc 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -1214,17 +1214,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md index 8b1a15bdca..aa0567e0d3 100644 --- a/windows/client-management/mdm/policy-csp-admx-snmp.md +++ b/windows/client-management/mdm/policy-csp-admx-snmp.md @@ -275,17 +275,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md index 2c16014c48..63b6a174f2 100644 --- a/windows/client-management/mdm/policy-csp-admx-startmenu.md +++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md @@ -4996,16 +4996,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md index 70b84425c0..8f370e73c8 100644 --- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md +++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md @@ -105,17 +105,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md index bff61dc5f1..87d11c980f 100644 --- a/windows/client-management/mdm/policy-csp-admx-taskbar.md +++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md @@ -1648,17 +1648,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index 3cd6999994..251e1df81d 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -996,17 +996,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md index 73f6ca56cd..bfb42903be 100644 --- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md +++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md @@ -248,18 +248,8 @@ ADMX Info:
- -Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md index d12a0686f7..f51e8eceff 100644 --- a/windows/client-management/mdm/policy-csp-admx-tpm.md +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -788,17 +788,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index 7f23f18d6f..0eaacd598e 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -9461,17 +9461,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 - +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md index dcc45e4c5e..e02e5b7204 100644 --- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md +++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md @@ -641,15 +641,6 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index 37697fb185..852d966a34 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -414,17 +414,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. From f4dd0ca150d9f09bc7152da1624d93a28b894a4a Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 19 Apr 2021 18:08:41 +0530 Subject: [PATCH 016/156] Updated --- .../client-management/mdm/policy-csp-admx-msched.md | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md index c5cb159658..06b74542ae 100644 --- a/windows/client-management/mdm/policy-csp-admx-msched.md +++ b/windows/client-management/mdm/policy-csp-admx-msched.md @@ -176,17 +176,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. From 5e0f81f7b2ee8da2e12530612beb40ef5de23dfa Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 19 Apr 2021 07:39:06 -0700 Subject: [PATCH 017/156] Update policy-csp-authentication.md --- windows/client-management/mdm/policy-csp-authentication.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 3137c8b270..d62b5b232d 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -7,8 +7,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: bobgil manager: dansimp --- From 5b93949c0529e46cbb0a79144e4e940365e83178 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 19 Apr 2021 21:10:13 +0530 Subject: [PATCH 018/156] Updated --- .../client-management/mdm/policy-csp-admx-msdt.md | 13 ++----------- .../client-management/mdm/policy-csp-admx-msi.md | 13 ++----------- .../client-management/mdm/policy-csp-admx-nca.md | 13 ++----------- .../client-management/mdm/policy-csp-admx-ncsi.md | 13 ++----------- .../mdm/policy-csp-admx-netlogon.md | 13 ++----------- .../mdm/policy-csp-admx-networkconnections.md | 14 ++------------ .../mdm/policy-csp-admx-offlinefiles.md | 13 ++----------- .../mdm/policy-csp-admx-peertopeercaching.md | 13 ++----------- .../mdm/policy-csp-admx-performancediagnostics.md | 13 ++----------- .../client-management/mdm/policy-csp-admx-power.md | 13 ++----------- .../policy-csp-admx-powershellexecutionpolicy.md | 13 ++----------- .../mdm/policy-csp-admx-printing.md | 13 ++----------- .../mdm/policy-csp-admx-printing2.md | 13 ++----------- .../mdm/policy-csp-admx-programs.md | 13 ++----------- .../mdm/policy-csp-admx-reliability.md | 13 ++----------- .../mdm/policy-csp-admx-remoteassistance.md | 14 ++------------ .../mdm/policy-csp-admx-removablestorage.md | 13 ++----------- 17 files changed, 34 insertions(+), 189 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md index e6ab53acce..6ea6e7e9b6 100644 --- a/windows/client-management/mdm/policy-csp-admx-msdt.md +++ b/windows/client-management/mdm/policy-csp-admx-msdt.md @@ -273,17 +273,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md index 3e2094f298..abda66e6cc 100644 --- a/windows/client-management/mdm/policy-csp-admx-msi.md +++ b/windows/client-management/mdm/policy-csp-admx-msi.md @@ -1860,16 +1860,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md index aaa011b575..648d68f528 100644 --- a/windows/client-management/mdm/policy-csp-admx-nca.md +++ b/windows/client-management/mdm/policy-csp-admx-nca.md @@ -611,17 +611,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md index 2dc203705f..bf365a1993 100644 --- a/windows/client-management/mdm/policy-csp-admx-ncsi.md +++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md @@ -506,17 +506,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md index 45405c7cc2..eb4562debb 100644 --- a/windows/client-management/mdm/policy-csp-admx-netlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md @@ -2753,16 +2753,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md index 7e542154a7..ceeadd2d54 100644 --- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md +++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md @@ -2185,16 +2185,6 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 - +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md index 27b56e21e6..66e5b88aad 100644 --- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md +++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md @@ -3689,17 +3689,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md index ed16a33a35..8425d19829 100644 --- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md +++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md @@ -791,16 +791,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md index 0e39a89004..a8d03acdb5 100644 --- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md +++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md @@ -347,17 +347,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md index 3d1a58a8f1..3c47bc0634 100644 --- a/windows/client-management/mdm/policy-csp-admx-power.md +++ b/windows/client-management/mdm/policy-csp-admx-power.md @@ -1867,16 +1867,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md index 5880faae13..f3e02c692a 100644 --- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md @@ -337,16 +337,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md index e97cb3df92..65d75f432b 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing.md +++ b/windows/client-management/mdm/policy-csp-admx-printing.md @@ -2013,16 +2013,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md index 8ce369426a..a418cf9614 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing2.md +++ b/windows/client-management/mdm/policy-csp-admx-printing2.md @@ -727,15 +727,6 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md index d7e0d1fec9..2ac8853935 100644 --- a/windows/client-management/mdm/policy-csp-admx-programs.md +++ b/windows/client-management/mdm/policy-csp-admx-programs.md @@ -553,17 +553,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md index 398c939856..1577903718 100644 --- a/windows/client-management/mdm/policy-csp-admx-reliability.md +++ b/windows/client-management/mdm/policy-csp-admx-reliability.md @@ -346,17 +346,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md index 692487c12d..ee0e87ac83 100644 --- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md @@ -190,17 +190,7 @@ ADMX Info:
- -Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md index 6a9c3b8bfa..e7fe35cb36 100644 --- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md +++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md @@ -2314,16 +2314,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file From 31e3c608da3d742c4946c2e1a7e2271e60da9204 Mon Sep 17 00:00:00 2001 From: Beth Woodbury <40870842+levinec@users.noreply.github.com> Date: Mon, 19 Apr 2021 10:01:57 -0700 Subject: [PATCH 019/156] Update defender-csp.md --- windows/client-management/mdm/defender-csp.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 9f021cbaac..8e18c596ad 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -457,8 +457,8 @@ The data type is integer. Supported operations are Add, Delete, Get, Replace. Valid values are: -- 1 – Enable. -- 0 (default) – Disable. +- 1 (default) – Enable. +- 0 – Disable. **Configuration/MeteredConnectionUpdates**
Allow managed devices to update through metered connections. Data charges may apply. @@ -542,4 +542,4 @@ Supported operations are Get and Execute. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](configuration-service-provider-reference.md) From 2d1a32de6a3c0d0710facb3cf6c4baff150feece Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 19 Apr 2021 23:56:24 +0530 Subject: [PATCH 020/156] Updated --- .../mdm/policy-csp-admx-activexinstallservice.md | 13 ++----------- .../mdm/policy-csp-admx-addremoveprograms.md | 13 ++----------- .../mdm/policy-csp-admx-appcompat.md | 13 ++----------- .../mdm/policy-csp-admx-appxpackagemanager.md | 13 ++----------- .../mdm/policy-csp-admx-appxruntime.md | 13 ++----------- .../mdm/policy-csp-admx-attachmentmanager.md | 13 ++----------- .../mdm/policy-csp-admx-auditsettings.md | 13 ++----------- .../client-management/mdm/policy-csp-admx-bits.md | 13 ++----------- .../mdm/policy-csp-admx-ciphersuiteorder.md | 13 ++----------- .../client-management/mdm/policy-csp-admx-com.md | 13 ++----------- .../mdm/policy-csp-admx-controlpanel.md | 13 ++----------- .../mdm/policy-csp-admx-controlpaneldisplay.md | 13 ++----------- .../client-management/mdm/policy-csp-admx-cpls.md | 13 ++----------- .../mdm/policy-csp-admx-credentialproviders.md | 13 ++----------- .../mdm/policy-csp-admx-credssp.md | 13 ++----------- .../mdm/policy-csp-admx-credui.md | 13 ++----------- .../mdm/policy-csp-admx-ctrlaltdel.md | 13 ++----------- .../mdm/policy-csp-admx-datacollection.md | 13 ++----------- .../mdm/policy-csp-admx-desktop.md | 13 ++----------- .../mdm/policy-csp-admx-deviceinstallation.md | 13 ++----------- .../mdm/policy-csp-admx-devicesetup.md | 13 ++----------- .../mdm/policy-csp-admx-digitallocker.md | 13 ++----------- .../mdm/policy-csp-admx-distributedlinktracking.md | 13 ++----------- .../mdm/policy-csp-admx-dnsclient.md | 13 ++----------- .../client-management/mdm/policy-csp-admx-dwm.md | 13 ++----------- .../client-management/mdm/policy-csp-admx-eaime.md | 14 ++------------ .../mdm/policy-csp-admx-encryptfilesonmove.md | 13 ++----------- .../mdm/policy-csp-admx-enhancedstorage.md | 13 ++----------- .../mdm/policy-csp-admx-errorreporting.md | 13 ++----------- .../mdm/policy-csp-admx-eventforwarding.md | 13 ++----------- .../mdm/policy-csp-admx-eventlog.md | 13 ++----------- .../mdm/policy-csp-admx-explorer.md | 13 ++----------- 32 files changed, 64 insertions(+), 353 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md index 2b4c414ae7..63c274f786 100644 --- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md +++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md @@ -104,17 +104,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md index 0c6e0067ac..041901fddd 100644 --- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md +++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md @@ -939,17 +939,8 @@ ADMX Info: -Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md index b626e67721..b883ae62e7 100644 --- a/windows/client-management/mdm/policy-csp-admx-appcompat.md +++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md @@ -729,17 +729,8 @@ ADMX Info: -Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md index 086c0dafc1..c577b24544 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md +++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md @@ -106,16 +106,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md index 6d76bd5f74..b5a0eb5cea 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md +++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md @@ -323,17 +323,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md index 895402efef..2b3ad85842 100644 --- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md @@ -407,17 +407,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> these policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index 2564a91801..8ccd24e0cd 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -104,17 +104,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md index 35597b677e..c55a326d68 100644 --- a/windows/client-management/mdm/policy-csp-admx-bits.md +++ b/windows/client-management/mdm/policy-csp-admx-bits.md @@ -1086,17 +1086,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md index c6bcd46621..0af87ecf2b 100644 --- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md +++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md @@ -188,16 +188,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md index aaaa28a510..ea1c5cea42 100644 --- a/windows/client-management/mdm/policy-csp-admx-com.md +++ b/windows/client-management/mdm/policy-csp-admx-com.md @@ -182,17 +182,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md index 4a340834f9..5f0568f57c 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md @@ -348,16 +348,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md index a03950bfdc..327c8fa891 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md @@ -1811,16 +1811,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md index d198e617ff..1577524bb9 100644 --- a/windows/client-management/mdm/policy-csp-admx-cpls.md +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -102,17 +102,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md index dcaa5fa29f..e042f0d418 100644 --- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md @@ -254,17 +254,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md index 7cf1e14d14..c0ee454b30 100644 --- a/windows/client-management/mdm/policy-csp-admx-credssp.md +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -954,17 +954,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md index cf430cc22f..6cd405fd88 100644 --- a/windows/client-management/mdm/policy-csp-admx-credui.md +++ b/windows/client-management/mdm/policy-csp-admx-credui.md @@ -170,17 +170,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md index 7ec6bdd7bc..ca9e268545 100644 --- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -324,17 +324,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md index b550db06f6..28d46d0d21 100644 --- a/windows/client-management/mdm/policy-csp-admx-datacollection.md +++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md @@ -99,17 +99,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md index 8c3fd1a932..e5431e10e3 100644 --- a/windows/client-management/mdm/policy-csp-admx-desktop.md +++ b/windows/client-management/mdm/policy-csp-admx-desktop.md @@ -2168,16 +2168,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md index 69e459d10c..c318ce4cd6 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md @@ -605,15 +605,6 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md index 5da6627e8f..2b071e5193 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md +++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md @@ -173,16 +173,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md index 08a7dab278..bf91f5089b 100644 --- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -175,17 +175,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md index 9be08a64ea..2133deafba 100644 --- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md +++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md @@ -101,17 +101,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index 9aba6d0482..f2a5c1aeac 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -1710,16 +1710,7 @@ ADMX Info: -Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index 71f9b3638f..3154ceb788 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -476,16 +476,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md index b56ce8c52a..fb73918dcd 100644 --- a/windows/client-management/mdm/policy-csp-admx-eaime.md +++ b/windows/client-management/mdm/policy-csp-admx-eaime.md @@ -956,17 +956,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 - +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md index 1dd5a4e6cb..686432415e 100644 --- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md +++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md @@ -101,17 +101,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md index 7e217f1364..6bad22f6fb 100644 --- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md +++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md @@ -461,17 +461,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md index 5f3fc5e33b..264bbef1a3 100644 --- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md @@ -2187,16 +2187,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md index 449bed0b21..6a1f4f379f 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md +++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md @@ -185,17 +185,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md index ea4b084c38..78ee318472 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlog.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md @@ -1573,17 +1573,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md index da74235b97..0938cd0bae 100644 --- a/windows/client-management/mdm/policy-csp-admx-explorer.md +++ b/windows/client-management/mdm/policy-csp-admx-explorer.md @@ -386,15 +386,6 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file From dfc5e4be09059f3dff7cc9bc39192edacf4053ae Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Mon, 19 Apr 2021 14:41:52 -0700 Subject: [PATCH 021/156] redirecting device control --- .openpublishing.redirection.json | 12 +- .../control-usb-devices-using-intune.md | 331 ------------------ .../device-control/device-control-report.md | 74 ---- 3 files changed, 11 insertions(+), 406 deletions(-) delete mode 100644 windows/security/threat-protection/device-control/control-usb-devices-using-intune.md delete mode 100644 windows/security/threat-protection/device-control/device-control-report.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 99e0af3157..a85af91d65 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -18769,6 +18769,16 @@ "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md", "redirect_url": "/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus", "redirect_document_id": false - } + }, + { + "source_path": "windows/security/threat-protection/device-control/control-usb-devices-using-intune.md", + "redirect_url": "/microsoft-365/security/defender-endpoint/control-usb-devices-using-intune", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/device-control/device-control-report.md", + "redirect_url": "/microsoft-365/security/defender-endpoint/device-control-report", + "redirect_document_id": false + } ] } diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md deleted file mode 100644 index 321ddc79ff..0000000000 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ /dev/null @@ -1,331 +0,0 @@ ---- -title: How to control USB devices and other removable media using Intune (Windows 10) -description: You can configure Intune settings to reduce threats from removable storage such as USB devices. -ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -ms.author: dansimp -author: dansimp -ms.reviewer: dansimp -manager: dansimp -audience: ITPro -ms.technology: mde ---- - -# How to control USB devices and other removable media using Microsoft Defender for Endpoint - -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -Microsoft recommends [a layered approach to securing removable media](https://aka.ms/devicecontrolblog), and Microsoft Defender for Endpoint provides multiple monitoring and control features to help prevent threats in unauthorized peripherals from compromising your devices: - -1. [Discover plug and play connected events for peripherals in Microsoft Defender for Endpoint advanced hunting](#discover-plug-and-play-connected-events). Identify or investigate suspicious usage activity. - -2. Configure to allow or block only certain removable devices and prevent threats. - 1. [Allow or block removable devices](#allow-or-block-removable-devices) based on granular configuration to deny write access to removable disks and approve or deny devices by using USB device IDs. Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. - - 2. [Prevent threats from removable storage](#prevent-threats-from-removable-storage) introduced by removable storage devices by enabling: - - Microsoft Defender Antivirus real-time protection (RTP) to scan removable storage for malware. - - The Attack Surface Reduction (ASR) USB rule to block untrusted and unsigned processes that run from USB. - - Direct Memory Access (DMA) protection settings to mitigate DMA attacks, including Kernel DMA Protection for Thunderbolt and blocking DMA until a user signs in. -3. [Create customized alerts and response actions](#create-customized-alerts-and-response-actions) to monitor usage of removable devices based on these plug and play events or any other Microsoft Defender for Endpoint events with [custom detection rules](/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules). - -4. [Respond to threats](#respond-to-threats) from peripherals in real-time based on properties reported by each peripheral. - ->[!Note] ->These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](../../information-protection/bitlocker/bitlocker-overview.md) and [Windows Information Protection](../../information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. Additionally, you can [classify and protect files on Windows devices](/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview) (including their mounted USB devices) by using Microsoft Defender for Endpoint and Azure Information Protection. - -## Discover plug and play connected events - -You can view plug and play connected events in Microsoft Defender for Endpoint advanced hunting to identify suspicious usage activity or perform internal investigations. -For examples of Defender for Endpoint advanced hunting queries, see the [Microsoft Defender for Endpoint hunting queries GitHub repo](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). - -Sample Power BI report templates are available for Microsoft Defender for Endpoint that you can use for Advanced hunting queries. With these sample templates, including one for device control, you can integrate the power of Advanced hunting into Power BI. See the [GitHub repository for PowerBI templates](https://github.com/microsoft/MDATP-PowerBI-Templates) for more information. See [Create custom reports using Power BI](/windows/security/threat-protection/microsoft-defender-atp/api-power-bi) to learn more about Power BI integration. - -## Allow or block removable devices -The following table describes the ways Microsoft Defender for Endpoint can allow or block removable devices based on granular configuration. - -| Control | Description | -|----------|-------------| -| [Restrict USB drives and other peripherals](#restrict-usb-drives-and-other-peripherals) | You can allow/prevent users to install only the USB drives and other peripherals included on a list of authorized/unauthorized devices or device types. | -| [Block installation and usage of removable storage](#block-installation-and-usage-of-removable-storage) | You can't install or use removable storage. | -| [Allow installation and usage of specifically approved peripherals](#allow-installation-and-usage-of-specifically-approved-peripherals) | You can only install and use approved peripherals that report specific properties in their firmware. | -| [Prevent installation of specifically prohibited peripherals](#prevent-installation-of-specifically-prohibited-peripherals) | You can't install or use prohibited peripherals that report specific properties in their firmware. | -| [Allow installation and usage of specifically approved peripherals with matching device instance IDs](#allow-installation-and-usage-of-specifically-approved-peripherals-with-matching-device-instance-ids) | You can only install and use approved peripherals that match any of these device instance IDs. | -| [Prevent installation and usage of specifically prohibited peripherals with matching device instance IDs](#prevent-installation-and-usage-of-specifically-prohibited-peripherals-with-matching-device-instance-ids) | You can't install or use prohibited peripherals that match any of these device instance IDs. | -| [Limit services that use Bluetooth](#limit-services-that-use-bluetooth) | You can limit the services that can use Bluetooth. | -| [Use Microsoft Defender for Endpoint baseline settings](#use-microsoft-defender-for-endpoint-baseline-settings) | You can set the recommended configuration for ATP by using the Defender for Endpoint security baseline. | - -### Restrict USB drives and other peripherals - -To prevent malware infections or data loss, an organization may restrict USB drives and other peripherals. The following table describes the ways Microsoft Defender for Endpoint can help prevent installation and usage of USB drives and other peripherals. - -| Control | Description -|----------|-------------| -| [Allow installation and usage of USB drives and other peripherals](#allow-installation-and-usage-of-usb-drives-and-other-peripherals) | Allow users to install only the USB drives and other peripherals included on a list of authorized devices or device types | -| [Prevent installation and usage of USB drives and other peripherals](#prevent-installation-and-usage-of-usb-drives-and-other-peripherals) | Prevent users from installing USB drives and other peripherals included on a list of unauthorized devices and device types | - -All of the above controls can be set through the Intune [Administrative Templates](/intune/administrative-templates-windows). The relevant policies are located here in the Intune Administrator Templates: - -![screenshot of list of Admin Templates](images/admintemplates.png) - ->[!Note] ->Using Intune, you can apply device configuration policies to Azure AD user and/or device groups. -The above policies can also be set through the [Device Installation CSP settings](/windows/client-management/mdm/policy-csp-deviceinstallation) and the [Device Installation GPOs](/previous-versions/dotnet/articles/bb530324(v=msdn.10)). - -> [!Note] -> Always test and refine these settings with a pilot group of users and devices first before applying them in production. -For more information about controlling USB devices, see the [Microsoft Defender for Endpoint blog](https://www.microsoft.com/security/blog/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/). - -#### Allow installation and usage of USB drives and other peripherals - -One way to approach allowing installation and usage of USB drives and other peripherals is to start by allowing everything. Afterwards, you can start reducing the allowable USB drivers and other peripherals. - ->[!Note] ->Because an unauthorized USB peripheral can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users who can access them. - -1. Enable **Prevent installation of devices not described by other policy settings** to all users. -2. Enable **Allow installation of devices using drivers that match these device setup classes** for all [device setup classes](/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors). - -To enforce the policy for already installed devices, apply the prevent policies that have this setting. - -When configuring the allow device installation policy, you must allow all parent attributes as well. You can view the parents of a device by opening Device Manager and view by connection. - -![Devices by connection](images/devicesbyconnection.png) - -In this example, the following classes needed to be added: HID, Keyboard, and {36fc9e60-c465-11cf-8056-444553540000}. See [Microsoft-provided USB drivers](/windows-hardware/drivers/usbcon/supported-usb-classes) for more information. - -![Device host controller](images/devicehostcontroller.jpg) - -If you want to restrict to certain devices, remove the device setup class of the peripheral that you want to limit. Then add the device ID that you want to add. Device ID is based on the vendor ID and product ID values for a device. For information on device ID formats, see [Standard USB Identifiers](/windows-hardware/drivers/install/standard-usb-identifiers). - -To find the device IDs, see [Look up device ID](#look-up-device-id). - -For example: - -1. Remove class USBDevice from the **Allow installation of devices using drivers that match these device setup**. -2. Add the device ID to allow in the **Allow installation of device that match any of these device IDs**. - - -#### Prevent installation and usage of USB drives and other peripherals - -If you want to prevent the installation of a device class or certain devices, you can use the prevent device installation policies: - -1. Enable **Prevent installation of devices that match any of these device IDs** and add these devices to the list. -2. Enable **Prevent installation of devices using drivers that match these device setup classes**. - -> [!Note] -> The prevent device installation policies take precedence over the allow device installation policies. - -The **Prevent installation of devices that match any of these device IDs** policy allows you to specify a list of devices that Windows is prevented from installing. - -To prevent installation of devices that match any of these device IDs: - -1. [Look up device ID](#look-up-device-id) for devices that you want Windows to prevent from installing. -![Look up vendor or product ID](images/lookup-vendor-product-id.png) -2. Enable **Prevent installation of devices that match any of these device IDs** and add the vendor or product IDs to the list. -![Add vendor ID to prevent list](images/add-vendor-id-to-prevent-list.png) - -#### Look up device ID -You can use Device Manager to look up a device ID. - -1. Open Device Manager. -2. Click **View** and select **Devices by connection**. -3. From the tree, right-click the device and select **Properties**. -4. In the dialog box for the selected device, click the **Details** tab. -5. Click the **Property** drop-down list and select **Hardware Ids**. -6. Right-click the top ID value and select **Copy**. - -For information about Device ID formats, see [Standard USB Identifiers](/windows-hardware/drivers/install/standard-usb-identifiers). - -For information on vendor IDs, see [USB members](https://www.usb.org/members). - -The following is an example for looking up a device vendor ID or product ID (which is part of the device ID) using PowerShell: -``` PowerShell -Get-WMIObject -Class Win32_DiskDrive | -Select-Object -Property * -``` - -The **Prevent installation of devices using drivers that match these device setup classes** policy allows you to specify device setup classes that Windows is prevented from installing. - -To prevent installation of particular classes of devices: - -1. Find the GUID of the device setup class from [System-Defined Device Setup Classes Available to Vendors](/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors). -2. Enable **Prevent installation of devices using drivers that match these device setup classes** and add the class GUID to the list. -![Add device setup class to prevent list](images/Add-device-setup-class-to-prevent-list.png) - -### Block installation and usage of removable storage - -1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/). -2. Click **Intune** > **Device configuration** > **Profiles** > **Create profile**. - - ![Create device configuration profile](images/create-device-configuration-profile.png) - -3. Use the following settings: - - - Name: Type a name for the profile - - Description: Type a description - - Platform: Windows 10 and later - - Profile type: Device restrictions - - ![Create profile](images/create-profile.png) - -4. Click **Configure** > **General**. - -5. For **Removable storage** and **USB connection (mobile only)**, choose **Block**. **Removable storage** includes USB drives, whereas **USB connection (mobile only)** excludes USB charging but includes other USB connections on mobile devices only. - - ![General settings](images/general-settings.png) - -6. Click **OK** to close **General** settings and **Device restrictions**. - -7. Click **Create** to save the profile. - -### Allow installation and usage of specifically approved peripherals - -Peripherals that are allowed to be installed can be specified by their [hardware identity](/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks and allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one. - -For a SyncML example that allows installation of specific device IDs, see [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs CSP](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceids). To allow specific device classes, see [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses CSP](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdevicesetupclasses). -Allowing installation of specific devices requires also enabling [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings). - -### Prevent installation of specifically prohibited peripherals - -Microsoft Defender for Endpoint blocks installation and usage of prohibited peripherals by using either of these options: - -- [Administrative Templates](/intune/administrative-templates-windows) can block any device with a matching hardware ID or setup class. -- [Device Installation CSP settings](/windows/client-management/mdm/policy-csp-deviceinstallation) with a custom profile in Intune. You can [prevent installation of specific device IDs](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceids) or [prevent specific device classes](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdevicesetupclasses). - -### Allow installation and usage of specifically approved peripherals with matching device instance IDs - -Peripherals that are allowed to be installed can be specified by their [device instance IDs](/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one. - -You can allow installation and usage of approved peripherals with matching device instance IDs by configuring [DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceinstanceids) policy setting. - -### Prevent installation and usage of specifically prohibited peripherals with matching device instance IDs - -Peripherals that are prohibited to be installed can be specified by their [device instance IDs](/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one. - -You can prevent installation of the prohibited peripherals with matching device instance IDs by configuring [DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceinstanceids) policy setting. - -### Limit services that use Bluetooth - -Using Intune, you can limit the services that can use Bluetooth through the ["Bluetooth allowed services"](/windows/client-management/mdm/policy-csp-bluetooth#servicesallowedlist-usage-guide). The default state of "Bluetooth allowed services" settings means everything is allowed. As soon as a service is added, that becomes the allowed list. If the customer adds the Keyboards and Mice values, and doesn’t add the file transfer GUIDs, file transfer should be blocked. - -![screenshot of Bluetooth settings page](images/bluetooth.png) - -### Use Microsoft Defender for Endpoint baseline settings - -The Microsoft Defender for Endpoint baseline settings represent the recommended configuration for threat protection. Configuration settings for baseline are located in the edit profile page of the configuration settings. - -![Baselines in MEM](images/baselines.png) - -## Prevent threats from removable storage - -Removable storage devices can introduce additional security risk to your organization. Microsoft Defender for Endpoint can help identify and block malicious files on removable storage devices. - -Microsoft Defender for Endpoint can also prevent USB peripherals from being used on devices to help prevent external threats. It does this by using the properties reported by USB peripherals to determine whether or not they can be installed and used on the device. - -Note that if you block USB devices or any other device classes using the device installation policies, connected devices, such as phones, can still charge. - ->[!NOTE] ->Always test and refine these settings with a pilot group of users and devices first before widely distributing to your organization. - -The following table describes the ways Microsoft Defender for Endpoint can help prevent threats from removable storage. - -For more information about controlling USB devices, see the [Microsoft Defender for Endpoint blog](https://aka.ms/devicecontrolblog). - -| Control | Description | -|----------|-------------| -| [Enable Microsoft Defender Antivirus Scanning](#enable-microsoft-defender-antivirus-scanning) | Enable Microsoft Defender Antivirus scanning for real-time protection or scheduled scans.| -| [Block untrusted and unsigned processes on USB peripherals](#block-untrusted-and-unsigned-processes-on-usb-peripherals) | Block USB files that are unsigned or untrusted. | -| [Protect against Direct Memory Access (DMA) attacks](#protect-against-direct-memory-access-dma-attacks) | Configure settings to protect against DMA attacks. | - ->[!NOTE] ->Because an unauthorized USB peripheral can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users who can access them. - -### Enable Microsoft Defender Antivirus Scanning - -Protecting authorized removable storage with Microsoft Defender Antivirus requires [enabling real-time protection](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus) or scheduling scans and configuring removable drives for scans. - -- If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. You can optionally [run a PowerShell script to perform a custom scan](/samples/browse/?redirectedfrom=TechNet-Gallery) of a USB drive after it is mounted, so that Microsoft Defender Antivirus starts scanning all files on a removable device once the removable device is attached. However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices. -- If scheduled scans are used, then you need to disable the DisableRemovableDriveScanning setting (enabled by default) to scan the removable device during a full scan. Removable devices are scanned during a quick or custom scan regardless of the DisableRemovableDriveScanning setting. - ->[!NOTE] ->We recommend enabling real-time monitoring for scanning. In Intune, you can enable real-time monitoring for Windows 10 in **Device Restrictions** > **Configure** > **Microsoft Defender Antivirus** > **Real-time monitoring**. - - - -### Block untrusted and unsigned processes on USB peripherals - -End-users might plug in removable devices that are infected with malware. -To prevent infections, a company can block USB files that are unsigned or untrusted. -Alternatively, companies can leverage the audit feature of [attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) to monitor the activity of untrusted and unsigned processes that execute on a USB peripheral. -This can be done by setting **Untrusted and unsigned processes that run from USB** to either **Block** or **Audit only**, respectively. -With this rule, admins can prevent or audit unsigned or untrusted executable files from running from USB removable drives, including SD cards. -Affected file types include executable files (such as .exe, .dll, or .scr) and script files such as a PowerShell (.ps), VisualBasic (.vbs), or JavaScript (.js) files. - -These settings require [enabling real-time protection](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus). - -1. Sign in to the [Microsoft Endpoint Manager](https://endpoint.microsoft.com/). -2. Click **Devices** > **Windows** > **Configuration Policies** > **Create profile**. -![Create device configuration profile](images/create-device-configuration-profile.png) -3. Use the following settings: - - Platform: Windows 10 and later - - Profile type: Device restrictions - ![Create endpoint protection profile](images/create-endpoint-protection-profile.png) -4. Click **Create**. -5. For **Unsigned and untrusted processes that run from USB**, choose **Block**. - ![Block untrusted processes](images/block-untrusted-processes.png) -6. Click **OK** to close settings and **Device restrictions**. - -### Protect against Direct Memory Access (DMA) attacks - -DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. The following settings help to prevent DMA attacks: - -1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](../../information-protection/kernel-dma-protection-for-thunderbolt.md) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is enabled by system manufacturers and cannot be turned on or off by users. - - Beginning with Windows 10 version 1809, you can adjust the level of Kernel DMA Protection by configuring the [DMA Guard CSP](/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for peripherals that don't support device memory isolation (also known as DMA-remapping). Memory isolation allows the OS to leverage the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access, by the peripheral (memory sandboxing). In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it. - - Peripherals that support device memory isolation can always connect. Peripherals that don't can be blocked, allowed, or allowed only after the user signs in (default). - -2. On Windows 10 systems that do not support Kernel DMA Protection, you can: - - - [Block DMA until a user signs in](/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess) - - [Block all connections via the Thunderbolt ports (including USB devices)](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d) - -## Create customized alerts and response actions - -You can create custom alerts and response actions with the WDATP Connector and the custom detection rules: - -**Wdatp Connector response Actions:** - -**Investigate:** Initiate investigations, collect investigation package, and isolate a machine. - -**Threat Scanning** on USB devices. - -**Restrict execution of all applications** on the machine except a predefined set -MDATP connector is one of over 200 pre-defined connectors including Outlook, Teams, Slack, etc. Custom connectors can be built. -- [More information on WDATP Connector Response Actions](/connectors/wdatp/) - -**Custom Detection Rules Response Action:** -Both machine and file level actions can be applied. -- [More information on Custom Detection Rules Response Actions](/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules) - -For information on device control related advance hunting events and examples on how to create custom alerts, see [Advanced hunting updates: USB events, machine-level actions, and schema changes](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Advanced-hunting-updates-USB-events-machine-level-actions-and/ba-p/824152). - -## Respond to threats - -You can create custom alerts and automatic response actions with the [Microsoft Defender for Endpoint Custom Detection Rules](/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules). Response actions within the custom detection cover both machine and file level actions. You can also create alerts and automatic response actions using [PowerApps](https://powerapps.microsoft.com/) and [Flow](https://flow.microsoft.com/) with the [Microsoft Defender for Endpoint connector](/connectors/wdatp/). The connector supports actions for investigation, threat scanning, and restricting running applications. It is one of over 200 pre-defined connectors including Outlook, Teams, Slack, and more. Custom connectors can also be built. See [Connectors](/connectors/) to learn more about connectors. - -For example, using either approach, you can automatically have the Microsoft Defender Antivirus run when a USB device is mounted onto a machine. - -## Related topics - -- [Configure real-time protection for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus) -- [Defender/AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-csp-defender#defender-allowfullscanremovabledrivescanning) -- [Policy/DeviceInstallation CSP](/windows/client-management/mdm/policy-csp-deviceinstallation) -- [Perform a custom scan of a removable device](/samples/browse/?redirectedfrom=TechNet-Gallery) -- [Device Control PowerBI Template for custom reporting](https://github.com/microsoft/MDATP-PowerBI-Templates) -- [BitLocker](../../information-protection/bitlocker/bitlocker-overview.md) -- [Windows Information Protection](../../information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md) \ No newline at end of file diff --git a/windows/security/threat-protection/device-control/device-control-report.md b/windows/security/threat-protection/device-control/device-control-report.md deleted file mode 100644 index 2c35de2163..0000000000 --- a/windows/security/threat-protection/device-control/device-control-report.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: Protect your organization’s data with device control -description: Monitor your organization's data security through device control reports. -ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -ms.author: v-ajupudi -author: alluthewriter -ms.reviewer: dansimp -manager: dansimp -audience: ITPro -ms.technology: mde ---- -# Protect your organization’s data with device control - -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -Microsoft Defender for Endpoint device control protects against data loss, by monitoring and controlling media use by devices in your organization, such as the use of removable storage devices and USB drives. - -With the device control report, you can view events that relate to media usage, such as: - -- **Audit events:** Shows the number of audit events that occur when external media is connected. -- **Policy events:** Shows the number of policy events that occur when a device control policy is triggered. - -> [!NOTE] -> The audit event to track media usage is enabled by default for devices onboarded to Microsoft Defender for Endpoint. - -## Understanding the audit events - -The audit events include: - -- **USB drive mount and unmount:** Audit events that are generated when a USB drive is mounted or unmounted. -- **PnP:** Plug and Play audit events are generated when removable storage, a printer, or Bluetooth media is connected. - -## Monitor device control security - -Device control in Microsoft Defender for Endpoint empowers security administrators with tools that enable them to track their organization’s device control security through reports. You can find the device control report in the Microsoft 365 security center by going to **Reports > Device protection**. - -The Device protection card on the **Reports** dashboard shows the number of audit events generated by media type, over the last 180 days. - -> [!div class="mx-imgBorder"] -> ![DeviceControlReportCard](images/devicecontrolcard.png) - -The **View details** button shows more media usage data in the **device control report** page. - -The page provides a dashboard with aggregated number of events per type and a list of events. Administrators can filter on time range, media class name, and device ID. - -> [!div class="mx-imgBorder"] -> ![DeviceControlReportDetails](images/Detaileddevicecontrolreport.png) - -When you select an event, a flyout appears that shows you more information: - -- **General details:** Date, Action mode, and the policy of this event. -- **Media information:** Media information includes Media name, Class name, Class GUID, Device ID, Vendor ID, Volume, Serial number, and Bus type. -- **Location details:** Device name and MDATP device ID. - -> [!div class="mx-imgBorder"] -> ![FilterOnDeviceControlReport](images/devicecontrolreportfilter.png) - -To see real-time activity for this media across the organization, select the **Open Advanced hunting** button. This includes an embedded, pre-defined query. - -> [!div class="mx-imgBorder"] -> ![QueryOnDeviceControlReport](images/Devicecontrolreportquery.png) - -To see the security of the device, select the **Open device page** button on the flyout. This button opens the device entity page. - -> [!div class="mx-imgBorder"] -> ![DeviceEntityPage](images/Devicesecuritypage.png) - -## Reporting delays - -The device control report can have a 12-hour delay from the time a media connection occurs to the time the event is reflected in the card or in the domain list. From 7b9e3c7298a3907a7f3ae756ac143cb821b6eb4a Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Mon, 19 Apr 2021 17:11:18 -0700 Subject: [PATCH 022/156] TOC update --- windows/security/threat-protection/TOC.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index deecff4786..0ac50df65e 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -105,10 +105,7 @@ ### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) -## [Device control]() -### [Code integrity](device-guard/enable-virtualization-based-protection-of-code-integrity.md) -### [Control USB devices](device-control/control-usb-devices-using-intune.md) -### [Device control report](device-control/device-control-report.md) +## [Code integrity](device-guard/enable-virtualization-based-protection-of-code-integrity.md) ## [Network firewall]() ### [Network firewall overview](windows-firewall/windows-firewall-with-advanced-security.md) ### [Network firewall evaluation](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) From 4b7fc256c744b6069ee94b0508238e3850242068 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Mon, 19 Apr 2021 21:44:36 -0700 Subject: [PATCH 023/156] Fixed Acrolinx issues --- ...nd-windows-defender-application-control.md | 18 ++-- ...s-defender-application-control-policies.md | 20 ++-- .../example-wdac-base-policies.md | 16 ++-- .../operations/known-issues.md | 4 + .../select-types-of-rules-to-create.md | 95 ++++++++++--------- ...control-with-intelligent-security-graph.md | 32 +++---- ...lication-control-with-managed-installer.md | 52 ++++------ ...er-application-control-deployment-guide.md | 16 ++-- 8 files changed, 120 insertions(+), 133 deletions(-) diff --git a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md index 69306ff1c1..a2ce2af711 100644 --- a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md @@ -20,25 +20,25 @@ ms.technology: mde - Windows 10 - Windows Server 2016 -Windows 10 includes a set of hardware and OS technologies that, when configured together, allow enterprises to "lock down" Windows 10 systems so they operate with many of the properties of mobile devices. In this configuration, specific technologies work together to restrict devices to only run authorized apps by using a feature called Windows Defender Application Control (WDAC), while simultaneously hardening the OS against kernel memory attacks by using hypervisor-protected code integrity (HVCI). +Windows 10 includes a set of hardware and OS technologies that, when configured together, allow enterprises to "lock down" Windows 10 systems so they behave more like mobile devices. In this configuration, Windows Defender Application Control (WDAC) is used to restrict devices to run only approved apps, while the OS is hardened against kernel memory attacks using hypervisor-protected code integrity (HVCI). WDAC policies and HVCI are powerful protections that can be used separately. However, when these two technologies are configured to work together, they present a strong protection capability for Windows 10 devices. Using WDAC to restrict devices to only authorized apps has these advantages over other solutions: -1. WDAC policy is enforced by the Windows kernel itself. As such, the policy takes effect early in the boot sequence before nearly all other OS code and before traditional antivirus solutions run. -2. WDAC allows customers to set application control policy not only over code running in user mode, but also kernel mode hardware and software drivers and even code that runs as part of Windows. -3. Customers can protect the WDAC policy even from local administrator tampering by digitally signing the policy. This would mean that changing the policy would require both administrative privilege and access to the organization’s digital signing process, making it difficult for an attacker with administrative privilege, or malicious software that managed to gain administrative privilege, to alter the application control policy. -4. The entire WDAC enforcement mechanism can be protected by HVCI, where even if a vulnerability exists in kernel mode code, the likelihood that an attacker could successfully exploit it is diminished. Why is this relevant? That’s because an attacker that compromises the kernel would otherwise have enough privilege to disable most system defenses and override the application control policies enforced by WDAC or any other application control solution. +1. WDAC policy is enforced by the Windows kernel itself, and the policy takes effect early in the boot sequence before nearly all other OS code and before traditional antivirus solutions run. +2. WDAC lets you set application control policy for code that runs in user mode, kernel mode hardware and software drivers, and even code that runs as part of Windows. +3. Customers can protect the WDAC policy even from local administrator tampering by digitally signing the policy. To change signed policy requires both administrative privilege and access to the organization’s digital signing process. This makes it difficult for an attacker, including one who has managed to gain administrative privilege, to tamper with WDAC policy. +4. You can protect the entire WDAC enforcement mechanism with HVCI. Even if a vulnerability exists in kernel mode code, HVCI greatly reduces the likelihood that an attacker could successfully exploit it. This is important because an attacker that compromises the kernel could normally disable most system defenses, including those enforced by WDAC or any other application control solution. ## Why we no longer use the Device Guard brand -When we originally designed this configuration state, we did so with a specific security promise in mind. Although there were no direct dependencies between WDAC and HVCI, we intentionally focused our discussion around the lockdown state you achieve when deploying them together. However, given that HVCI relies on Windows virtualization-based security, it comes with more hardware, firmware, and kernel driver compatibility requirements that some older systems can’t meet. As a result, many IT Professionals assumed that because some systems couldn't use HVCI, they couldn’t use WDAC either. +When we originally promoted Device Guard, we did so with a specific security promise in mind. Although there were no direct dependencies between WDAC and HVCI, we intentionally focused our discussion around the lockdown state achieved when using them together. However, since HVCI relies on Windows virtualization-based security, it has hardware, firmware, and kernel driver compatibility requirements that some older systems can’t meet. This misled many people to assume that if systems couldn't use HVCI, they couldn’t use WDAC either. -WDAC carries no specific hardware or software requirements other than running Windows 10, which means many IT professionals were wrongly denied the benefits of this powerful application control capability. +WDAC has no specific hardware or software requirements other than running Windows 10, which means customers were denied the benefits of this powerful application control capability due to Device Guard confusion. -Since the initial release of Windows 10, the world has witnessed numerous hacking and malware attacks where application control alone could have prevented the attack altogether. With this in mind, we are discussing and documenting WDAC as an independent technology within our security stack and giving it a name of its own: [Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control.md). -We hope this change will help us better communicate options for adopting application control within an organization. +Since the initial release of Windows 10, the world has witnessed numerous hacking and malware attacks where application control alone could have prevented the attack altogether. With this in mind, we now discuss and document WDAC as an independent technology within our security stack and gave it a name of its own: [Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control.md). +We hope this change will help us better communicate options for adopting application control within your organizations. ## Related articles diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md index d9e721fb28..5ed5fa1cf7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md @@ -1,6 +1,6 @@ --- title: Use audit events to create WDAC policy rules (Windows 10) -description: Audits allow admins to discover apps that were missed during an initial policy scan and to identify new apps that were installed since the policy was created. +description: Audits allow admins to discover apps, binaries, and scripts that should be added to the WDAC policy. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: m365-security @@ -25,25 +25,25 @@ ms.technology: mde - Windows 10 - Windows Server 2016 and above -Running Application Control in audit mode allows administrators to discover applications, binaries, and scripts that were missed during the initial policy creation and to identify any new applications that have been installed and run since the original policy was created. +Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your WDAC policy but should be included. -While a WDAC policy is running in audit mode, any binary that runs and would have been denied had the policy been enforced is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log or, for script and MSI, in the **Applications and Services Logs\\Microsoft\\Windows\\AppLocker\\MSI and Script** event log. These events can be used to easily generate a new WDAC policy which can be merged with the original Base policy or, on Windows 10 1903+, included in a separate Supplemental policy when the Base policy allows supplemental policies. +While a WDAC policy is running in audit mode, any binary that runs but would have been denied is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log. Script and MSI are logged in the **Applications and Services Logs\\Microsoft\\Windows\\AppLocker\\MSI and Script** event log. These events can be used to generate a new WDAC policy that can be merged with the original Base policy or deployed as a separate Supplemental policy, if allowed. ## Overview of the process to create WDAC policy to allow apps using audit events > [!Note] > You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md). -To familiarize yourself with the process to generate WDAC rules from audit events, follow these steps on a device with a WDAC audit mode policy in effect. +To familiarize yourself with creating WDAC rules from audit events, follow these steps on a device with a WDAC audit mode policy. -1. Install and run an application that should not currently be allowed by the WDAC policy but which you want to allow. +1. Install and run an application not allowed by the WDAC policy but that you want to allow. 2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](event-id-explanations.md). **Figure 1. Exceptions to the deployed WDAC policy** ![Event showing exception to WDAC policy](images/dg-fig23-exceptionstocode.png) -3. In an elevated Windows Powershell session, run the following commands to initialize variables used by this procedure. This builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully-managed devices](create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. +3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. ```powershell $PolicyName= "Lamna_FullyManagedClients_Audit" @@ -52,18 +52,18 @@ To familiarize yourself with the process to generate WDAC rules from audit event $EventsPolicyWarnings=$env:userprofile+"\Desktop\EventsPolicyWarnings.txt" ``` -4. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to generate a new WDAC policy from logged audit events. This example uses a file rule level of **FilePublisher** with a fallback level of **Hash** and redirects warning messages to a text file **EventsPolicyWarnings.txt**. +4. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to generate a new WDAC policy from logged audit events. This example uses a **FilePublisher** file rule level and a **Hash** fallback level. Warning messages are redirected to a text file **EventsPolicyWarnings.txt**. ```powershell New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback Hash –UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings ``` > [!NOTE] - > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels refer to [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md). + > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels, see [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md). -5. Find and review the WDAC policy file **EventsPolicy.xml** which should be found on your desktop. Ensure that the file and signer rules that were created authorize only the applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](wdac-wizard-editing-policy.md)). +5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](wdac-wizard-editing-policy.md)). -6. Find and review the text file **EventsPolicyWarnings.txt** which should be found on your desktop. This will include a warning for any files that WDAC could not create a rule for at either the specified rule level or fallback rule level. +6. Find and review the text file **EventsPolicyWarnings.txt** that should be found on your desktop. This file will include a warning for any files that WDAC couldn't create a rule for at either the specified rule level or fallback rule level. > [!NOTE] > New-CIPolicy only creates rules for files that can still be found on disk. Files which are no longer present on the system will not have a rule created to allow them. However, the event log should have sufficient information to allow these files by manually editing the policy XML to add rules. You can use an existing rule as a template and verify your results against the WDAC policy schema definition found at **%windir%\schemas\CodeIntegrity\cipolicy.xsd**. diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md index 05a3850953..8457a3a69c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md @@ -1,5 +1,5 @@ --- -title: Example WDAC base policies (Windows 10) +title: Example Windows Defender Application Control (WDAC) base policies (Windows 10) description: When creating a WDAC policy for an organization, start from one of the many available example base policies. keywords: security, malware ms.topic: article @@ -19,23 +19,23 @@ ms.date: 11/15/2019 ms.technology: mde --- -# Windows Defender Application Control example base policies +# Windows Defender Application Control (WDAC) example base policies **Applies to:** - Windows 10 - Windows Server 2016 and above -When creating policies for use with Windows Defender Application Control (WDAC), it is recommended to start from an existing base policy and then add or remove rules to build your own custom policy XML files. Windows includes several example policies which can be used, or organizations which use the Device Guard Signing Service can download a starter policy from that service. +When creating policies for use with Windows Defender Application Control (WDAC), start from an existing base policy and then add or remove rules to build your own custom policy. Windows includes several example policies that can be used, or organizations that use the Device Guard Signing Service can download a starter policy from that service. ## Example Base Policies | **Example Base Policy** | **Description** | **Where it can be found** | |----------------------------|---------------------------------------------------------------|--------| -| **DefaultWindows.xml** | This example policy is available in either audit or enforce mode. It includes the rules necessary to ensure that Windows, 3rd party hardware and software kernel drivers, and Windows Store apps will run. Used as the basis for all [Microsoft Endpoint Manager(MEM)](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) policies. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | +| **DefaultWindows.xml** | This example policy is available in both audit and enforced mode. It includes rules to allow Windows, third-party hardware and software kernel drivers, and Windows Store apps. Used as the basis for all [Microsoft Endpoint Manager(MEM)](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) policies. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | | **AllowMicrosoft.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed by the Microsoft product root certificate. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | -| **AllowAll.xml** | This example policy is useful when creating a block list policy. All block policies should include rules allowing all other code to run and then add the DENY rules for your organization's needs. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | +| **AllowAll.xml** | This example policy is useful when creating a blocklist. All block policies should include rules allowing all other code to run and then add the DENY rules for your organization's needs. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | | **AllowAll_EnableHVCI.xml** | This example policy can be used to enable [memory integrity](/windows/security/threat-protection/device-guard/memory-integrity) (also known as hypervisor-protected code integrity) using WDAC. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | -| **DenyAllAudit.xml** | This example policy should only be deployed in audit mode and can be used to audit all binaries running on critical systems or to comply with regulatory requirements. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | -| **Device Guard Signing Service (DGSS) DefaultPolicy.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed with your organization-specific certificates issued by the DGSS. | [Device Guard Signing Service Nuget Package](https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client) | -| **MEM Configuration Manager** | Customers who use MEM Configuration Manager (MEMCM), formerly known as System Center Configuration Manager, can deploy a policy to a device using MEMCM's built-in integration with WDAC and then copy the resulting policy XML to use as a custom base policy. | %OSDrive%\Windows\CCM\DeviceGuard on a managed endpoint | \ No newline at end of file +| **DenyAllAudit.xml** | Only deploy this example policy in audit mode to track all binaries running on critical systems or to meet regulatory requirements. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies | +| **Device Guard Signing Service (DGSS) DefaultPolicy.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed with your organization-specific certificates issued by the DGSS. | [Device Guard Signing Service NuGet Package](https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client) | +| **MEM Configuration Manager** | Customers who use MEM Configuration Manager (MEMCM) can deploy a policy with MEMCM's built-in WDAC integration, and then use the generated policy XML as an example base policy. | %OSDrive%\Windows\CCM\DeviceGuard on a managed endpoint | diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md index cab0657747..e4a1552233 100644 --- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md @@ -24,6 +24,10 @@ ms.technology: mde This topic covers tips and tricks for admins as well as known issues with WDAC. Test this configuration in your lab before enabling it in production. +## .NET native images may generate false positive block events + +In some cases, the code integrity logs where WDAC errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image will fallback to its corresponding assembly and .NET will regenerate the native image at its next scheduled maintenance window. + ## MSI Installations launched directly from the internet are blocked by WDAC Installing .msi files directly from the internet to a computer protected by WDAC will fail. diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index a88fc053c0..1314fa6e21 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -1,6 +1,6 @@ --- -title: Understand WDAC policy rules and file rules (Windows 10) -description: Learn how Windows Defender Application Control provides control over a computer running Windows 10 by using policies that include policy rules and file rules. +title: Understand Windows Defender Application Control (WDAC) policy rules and file rules (Windows 10) +description: Learn how WDAC policy rules and file rules can control your Windows 10 computers. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: m365-security @@ -18,30 +18,30 @@ ms.date: 03/04/2020 ms.technology: mde --- -# Understand WDAC policy rules and file rules +# Understand Windows Defender Application Control (WDAC) policy rules and file rules **Applies to:** -- Windows 10 -- Windows Server 2016 and above +- Windows 10 +- Windows Server 2016 and above -Windows Defender Application Control (WDAC) provides control over a computer running Windows 10 by using policies that specify whether a driver or application is trusted and can be run. A policy includes *policy rules* that control options such as audit mode or whether user mode code integrity (UMCI) is enabled in a WDAC policy, and *file rules* (or *file rule levels*) that specify the level at which applications will be identified and trusted. +Windows Defender Application Control (WDAC) can control what runs on Windows 10 by setting policies that specify whether a driver or application is trusted. A policy includes *policy rules* that control options such as audit mode, and *file rules* (or *file rule levels*) that specify how applications are identified and trusted. ## Windows Defender Application Control policy rules To modify the policy rule options of an existing WDAC policy XML, use [Set-RuleOption](/powershell/module/configci/set-ruleoption). The following examples show how to use this cmdlet to add and remove a rule option on an existing WDAC policy: -- To ensure that UMCI is enabled for a WDAC policy that was created with the `-UserPEs` (user mode) option, add rule option 0 to an existing policy by running the following command: +- To ensure that UMCI is enabled for a WDAC policy that was created with the `-UserPEs` (user mode) option, add rule option 0 to an existing policy by running the following command: `Set-RuleOption -FilePath -Option 0` - Note that a policy that was created without the `-UserPEs` option is empty of user mode executables, that is, applications. If you enable UMCI (Option 0) for such a policy and then attempt to run an application, Windows Defender Application Control will see that the application is not on its list (which is empty of applications), and respond. In audit mode, the response is logging an event, and in enforced mode, the response is blocking the application. To create a policy that includes user mode executables (applications), when you run `New-CIPolicy`, include the `-UserPEs` option. + A policy created without the `-UserPEs` option has no rules for user mode code. If you enable UMCI (Option 0) for such a policy, WDAC will block all applications and even critical Windows user session code. In audit mode, WDAC simply logs an event, but when enforced, all user mode code will be blocked. To create a policy that includes user mode executables (applications), run `New-CIPolicy` with the `-UserPEs` option. -- To disable UMCI on an existing WDAC policy, delete rule option 0 by running the following command: +- To disable UMCI on an existing WDAC policy, delete rule option 0 by running the following command: `Set-RuleOption -FilePath -Option 0 -Delete` -You can set several rule options within a WDAC policy. Table 1 describes each rule option. +You can set several rule options within a WDAC policy. Table 1 describes each rule option. > [!NOTE] > We recommend that you use **Enabled:Audit Mode** initially because it allows you to test new WDAC policies before you enforce them. With audit mode, no application is blocked—instead the policy logs an event whenever an application outside the policy is started. To allow these applications, you can capture the policy information from the event log, and then merge that information into the existing policy. When the **Enabled:Audit Mode** is deleted, the policy runs in enforced mode. @@ -52,28 +52,28 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru |------------ | ----------- | | **0 Enabled:UMCI** | WDAC policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts. | | **1 Enabled:Boot Menu Protection** | This option is not currently supported. | -| **2 Required:WHQL** | By default, legacy drivers that are not Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Going forward, every new Windows 10–compatible driver must be WHQL certified. | -| **3 Enabled:Audit Mode (Default)** | Enables the execution of binaries outside of the WDAC policy but logs each occurrence in the CodeIntegrity event log, which can be used to update the existing policy before enforcement. To begin enforcing a WDAC policy, delete this option. | -| **4 Disabled:Flight Signing** | If enabled, WDAC policies will not trust flightroot-signed binaries. This would be used in the scenario in which organizations only want to run released binaries, not flighted builds. | +| **2 Required:WHQL** | By default, legacy drivers that are not Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Kernel drivers built for Windows 10 should be WHQL certified. | +| **3 Enabled:Audit Mode (Default)** | Instructs WDAC to log information about applications, binaries, and scripts that would have been blocked if the policy was enforced. You can use this option to identify the potential impact of your WDAC policy, and use the audit events to refine the policy before enforcement. To enforce a WDAC policy, delete this option. | +| **4 Disabled:Flight Signing** | If enabled, WDAC policies will not trust flightroot-signed binaries. This option would be used by organizations that only want to run released binaries, not pre-release Windows builds. | | **5 Enabled:Inherit Default Policy** | This option is reserved for future use and currently has no effect. | -| **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and have UpdatePolicySigners added to the policy to enable future policy modifications. | +| **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and the certificates that are trusted for future policy updates must be identified in the UpdatePolicySigners section. | | **7 Allowed:Debug Policy Augmented** | This option is not currently supported. | -| **8 Required:EV Signers** | In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All future Windows 10 and later drivers will meet this requirement. | +| **8 Required:EV Signers** | This rule requires that drivers must be WHQL signed and have been submitted by a partner with an Extended Verification (EV) certificate. All Windows 10 and later drivers will meet this requirement. | | **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. | | **10 Enabled:Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. | -| **11 Disabled:Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is supported on 1709, 1803, and 1809 builds with the 2019 10C LCU or higher, as well as on devices with the Windows 10 May 2019 Update (1903) and higher. Using it on pre-1903 versions of Windows 10 without the 10C or later LCU is not supported and may have unintended results. | +| **11 Disabled:Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is supported on 1709, 1803, and 1809 builds with the 2019 10C LCU or higher, and on devices with the Windows 10 May 2019 Update (1903) and higher. Using it on versions of Windows 10 without the proper update may have unintended results. | | **12 Required:Enforce Store Applications** | If this rule option is enabled, WDAC policies will also apply to Universal Windows applications. | -| **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager, that has been defined as a managed installer. | +| **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a managed installer. For more information, see [Authorize apps deployed with a WDAC managed installer](use-windows-defender-application-control-with-managed-installer.md) | | **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). | -| **15 Enabled:Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically re-validate the reputation for files that were authorized by the ISG.| +| **15 Enabled:Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically revalidate the reputation for files that were authorized by the ISG.| | **16 Enabled:Update Policy No Reboot** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot. NOTE: This option is only supported on Windows 10, version 1709, and above.| | **17 Enabled:Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. NOTE: This option is only supported on Windows 10, version 1903, and above. | -| **18 Disabled:Runtime FilePath Rule Protection** | Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path that’s only writable by an administrator) for any FileRule that allows a file based on FilePath. NOTE: This option is only supported on Windows 10, version 1903, and above. | -| **19 Enabled:Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically-loaded libraries. NOTE: This option is only supported on Windows 10, version 1803, and above. | +| **18 Disabled:Runtime FilePath Rule Protection** | This option disables the default runtime check that only allows FilePath rules for paths that are only writable by an administrator. NOTE: This option is only supported on Windows 10, version 1903, and above. | +| **19 Enabled:Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries. NOTE: This option is only supported on Windows 10, version 1803, and above. | ## Windows Defender Application Control file rule levels -File rule levels allow administrators to specify the level at which they want to trust their applications. This level of trust could be as fine-tuned as the hash of each binary or as general as a CA certificate. You specify file rule levels both when you create a new WDAC policy from a scan and when you create a policy from audit events. In addition, to combine rule levels found in multiple policies, you can merge the policies. When merged, WDAC policies combine their file rules, so that any application that would be allowed by either of the original policies will be allowed by the combined policy. +File rule levels allow administrators to specify the level at which they want to trust their applications. This level of trust could be as granular as the hash of each binary or as general as a CA certificate. You specify file rule levels when using WDAC PowerShell cmdlets to create and modify policies. Each file rule level has its benefit and disadvantage. Use Table 2 to select the appropriate protection level for your available administrative resources and Windows Defender Application Control deployment scenario. @@ -81,18 +81,18 @@ Each file rule level has its benefit and disadvantage. Use Table 2 to select the | Rule level | Description | |----------- | ----------- | -| **Hash** | Specifies individual hash values for each discovered binary. Although this level is specific, it can cause additional administrative overhead to maintain the current product versions’ hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. | -| **FileName** | Specifies individual binary file names. Although the hash values for an application are modified when updated, the file names are typically not. This offers less specific security than the hash level but does not typically require a policy update when any binary is modified. | -| **FilePath** | Beginning with Windows 10 version 1903, this specifies rules that allow execution of binaries contained under specific file path locations. Additional information about FilePath level rules can be found below. | -| **SignedVersion** | This combines the publisher rule with a version number. This option allows anything from the specified publisher, with a version at or above the specified version number, to run. | -| **Publisher** | This is a combination of the PcaCertificate level (typically one certificate below the root) and the common name (CN) of the leaf certificate. This rule level allows organizations to trust a certificate from a major CA (such as Symantec), but only if the leaf certificate is from a specific company (such as Intel, for device drivers). | -| **FilePublisher** | This is a combination of the “FileName” attribute of the signed file, plus “Publisher” (PCA certificate with CN of leaf), plus a minimum version number. This option trusts specific files from the specified publisher, with a version at or above the specified version number. | -| **LeafCertificate** | Adds trusted signers at the individual signing certificate level. The benefit of using this level versus the individual hash level is that new versions of the product will have different hash values but typically the same signing certificate. Using this level, no policy update would be needed to run the new version of the application. However, leaf certificates have much shorter validity periods than CA certificates, so additional administrative overhead is associated with updating the WDAC policy when these certificates expire. | -| **PcaCertificate** | Adds the highest available certificate in the provided certificate chain to signers. This is typically one certificate below the root certificate, because the scan does not validate anything beyond the certificates included in the provided signature (it does not go online or check local root stores). | +| **Hash** | Specifies individual hash values for each discovered binary. This is the most specific level and requires additional effort to maintain the current product versions’ hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. | +| **FileName** | Specifies the original filename for each binary. Although the hash values for an application are modified when updated, the file names are typically not. This level offers less specific security than the hash level but does not typically require a policy update when any binary is modified. | +| **FilePath** | Beginning with Windows 10 version 1903, this level allows binaries to run from specific file path locations. Additional information about FilePath level rules can be found below. | +| **SignedVersion** | This level combines the publisher rule with a version number and allows anything to run from the specified publisher with a version at or above the specified version number. | +| **Publisher** | This level combines the PcaCertificate level (typically one certificate below the root) and the common name (CN) of the leaf certificate. You can use this rule level to trust a certificate issued by a particular CA and issued to a specific company you trust (such as Intel, for device drivers). | +| **FilePublisher** | This level combines the “FileName” attribute of the signed file, plus “Publisher” (PCA certificate with CN of leaf), plus a minimum version number. This option trusts specific files from the specified publisher, with a version at or above the specified version number. | +| **LeafCertificate** | Adds trusted signers at the individual signing certificate level. The benefit of using this level versus the individual hash level is that new versions of the product will have different hash values but typically the same signing certificate. Using this level, no policy update would be needed to run the new version of the application. However, leaf certificates have much shorter validity periods than other certificate levels, so the WDAC policy must be updated whenever these certificates change. | +| **PcaCertificate** | Adds the highest available certificate in the provided certificate chain to signers. This level is typically one certificate below the root certificate, because the scan does not validate anything beyond the certificates included in the provided signature (it does not go online or check local root stores). | | **RootCertificate** | Currently unsupported. | -| **WHQL** | Trusts binaries if they have been validated and signed by WHQL. This is primarily for kernel binaries. | -| **WHQLPublisher** | This is a combination of the WHQL and the CN on the leaf certificate and is primarily for kernel binaries. | -| **WHQLFilePublisher** | Specifies that the binaries are validated and signed by WHQL, with a specific publisher (WHQLPublisher), and that the binary is the specified version or newer. This is primarily for kernel binaries. | +| **WHQL** | Trusts binaries if they have been validated and signed by WHQL. This level is primarily for kernel binaries. | +| **WHQLPublisher** | This level combines the WHQL level and the CN on the leaf certificate and is primarily for kernel binaries. | +| **WHQLFilePublisher** | Specifies that the binaries are validated and signed by WHQL, with a specific publisher (WHQLPublisher), and that the binary is the specified version or newer. This level is primarily for kernel binaries. | > [!NOTE] > When you create WDAC policies with [New-CIPolicy](/powershell/module/configci/new-cipolicy), you can specify a primary file rule level by including the **-Level** parameter. For discovered binaries that cannot be trusted based on the primary file rule criteria, use the **-Fallback** parameter. For example, if the primary file rule level is PCACertificate but you would like to trust the unsigned applications as well, using the Hash rule level as a fallback adds the hash values of binaries that did not have a signing certificate. @@ -102,34 +102,35 @@ Each file rule level has its benefit and disadvantage. Use Table 2 to select the ## Example of file rule levels in use -For example, consider some IT professionals in a department that runs many servers. They decide they want their servers to run only software signed by the providers of their software and drivers, that is, the companies that provide their hardware, operating system, antivirus, and other important software. They know that their servers also run an internally written application that is unsigned but is rarely updated. They want to allow this application to run. +For example, consider an IT professional in a department that runs many servers. They only want to run software signed by the companies that provide their hardware, operating system, antivirus, and other important software. They know that their servers also run an internally written application that is unsigned but is rarely updated. They want to allow this application to run. -To create the WDAC policy, they build a reference server on their standard hardware, and install all of the software that their servers are known to run. Then they run [New-CIPolicy](/powershell/module/configci/new-cipolicy) with **-Level Publisher** (to allow software from their software providers, the "Publishers") and **-Fallback Hash** (to allow the internal, unsigned application). They enable the policy in auditing mode and gather information about any necessary software that was not included on the reference server. They merge WDAC policies into the original policy to allow that additional software to run. Then they enable the WDAC policy in enforced mode for their servers. +To create the WDAC policy, they build a reference server on their standard hardware, and install all of the software that their servers are known to run. Then they run [New-CIPolicy](/powershell/module/configci/new-cipolicy) with **-Level Publisher** (to allow software from their software providers, the "Publishers") and **-Fallback Hash** (to allow the internal, unsigned application). They deploy the policy in auditing mode to determine the potential impact from enforcing the policy. Using the audit data, they update their WDAC policies to include any additional software they want to run. Then they enable the WDAC policy in enforced mode for their servers. -As part of normal operations, they will eventually install software updates, or perhaps add software from the same software providers. Because the "Publisher" remains the same on those updates and software, they will not need to update their WDAC policy. If they come to a time when the internally-written, unsigned application must be updated, they must also update the WDAC policy so that the hash in the policy matches the hash of the updated internal application. - -They could also choose to create a catalog that captures information about the unsigned internal application, then sign and distribute the catalog. Then the internal application could be handled by WDAC policies in the same way as any other signed application. An update to the internal application would only require that the catalog be regenerated, signed, and distributed (no restarts would be required). +As part of normal operations, they will eventually install software updates, or perhaps add software from the same software providers. Because the "Publisher" remains the same on those updates and software, they will not need to update their WDAC policy. If the unsigned, internal application is updated, they must also update the WDAC policy to allow the new version. ## More information about filepath rules -Filepath rules do not provide the same security guarantees that explicit signer rules do, as they are based on mutable access permissions. Filepath rules are best suited for environments where most users are running as standard rather than admin. IT Pros should take care while crafting path rules to allow paths that they know are likely to remain to be admin-writeable only and deny execution from sub-directories where standard users can modify ACLs on the folder. +Filepath rules do not provide the same security guarantees that explicit signer rules do, as they are based on mutable access permissions. Filepath rules are best suited for environments where most users are running as standard rather than admin. Path rules are best suited to allow paths that you expect will remain admin-writeable only. You may want to avoid path rules for directories where standard users can modify ACLs on the folder. -By default, WDAC performs a user-writeability check at runtime which ensures that the current permissions on the specified filepath and its parent directories (recursively) do not allow standard users write access. +By default, WDAC performs a user-writeability check at runtime that ensures that the current permissions on the specified filepath and its parent directories (recursively) do not allow standard users write access. -There is a defined list of SIDs which WDAC recognizes as admins. If a filepath allows write permissions for any SID not in this list, the filepath is considered to be user-writeable even if the additional SID is associated to a custom admin user. To handle these special cases, you can override WDAC's runtime admin-writeable check with the **Disabled:Runtime FilePath Rule Protection** option described above. +There is a defined list of SIDs which WDAC recognizes as admins. If a filepath allows write permissions for any SID not in this list, the filepath is considered to be user-writeable even if the SID is associated to a custom admin user. To handle these special cases, you can override WDAC's runtime admin-writeable check with the **Disabled:Runtime FilePath Rule Protection** option described above. -WDAC's list of well-known admin SIDs are:
-S-1-3-0; S-1-5-18; S-1-5-19; S-1-5-20; S-1-5-32-544; S-1-5-32-549; S-1-5-32-550; S-1-5-32-551; S-1-5-32-577; S-1-5-32-559; S-1-5-32-568; S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394; S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523. +WDAC's list of well-known admin SIDs are: -When generating filepath rules using [New-CIPolicy](/powershell/module/configci/new-cipolicy), a unique, fully-qualified path rule is generated for every file discovered in the scanned path(s). To create rules that instead allow all files under a specified folder path, use [New-CIPolicyRule](/powershell/module/configci/new-cipolicyrule) to define rules containing wildcards using the [-FilePathRules](/powershell/module/configci/new-cipolicyrule#parameters) switch. +S-1-3-0; S-1-5-18; S-1-5-19; S-1-5-20; S-1-5-32-544; S-1-5-32-549; S-1-5-32-550; S-1-5-32-551; S-1-5-32-577; S-1-5-32-559; S-1-5-32-568; S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394; S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523. -Wildcards can be used at the beginning or end of a path rule; only one wildcard is allowed per path rule. Wildcards placed at the end of a path authorize all files in that path and its subdirectories recursively (ex. `C:\*` would include `C:\foo\*` ). Wildcards placed at the beginning of a path will allow the exact specified filename under any path (ex. `*\bar.exe` would allow `C:\bar.exe` and `C:\foo\bar.exe`). Wildcards in the middle of a path are not supported (ex. `C:\*\foo.exe`). Without a wildcard, the rule will allow only a specific file (ex. `C:\foo\bar.exe`).
The use of macros is also supported and useful in scenarios where the system drive is different from the `C:\` drive. Supported macros: `%OSDRIVE%`, `%WINDIR%`, `%SYSTEM32%`. +When generating filepath rules using [New-CIPolicy](/powershell/module/configci/new-cipolicy), a unique, fully qualified path rule is generated for every file discovered in the scanned path(s). To create rules that instead allow all files under a specified folder path, use [New-CIPolicyRule](/powershell/module/configci/new-cipolicyrule) to define rules containing wildcards using the [-FilePathRules](/powershell/module/configci/new-cipolicyrule#parameters) switch. + +Wildcards can be used at the beginning or end of a path rule; only one wildcard is allowed per path rule. Wildcards placed at the end of a path authorize all files in that path and its subdirectories recursively (ex. `C:\*` would include `C:\foo\*` ). Wildcards placed at the beginning of a path will allow the exact specified filename under any path (ex. `*\bar.exe` would allow `C:\bar.exe` and `C:\foo\bar.exe`). Wildcards in the middle of a path are not supported (ex. `C:\*\foo.exe`). Without a wildcard, the rule will allow only a specific file (ex. `C:\foo\bar.exe`). + +You can also use the following macros when the exact volume may vary: `%OSDRIVE%`, `%WINDIR%`, `%SYSTEM32%`. ## Windows Defender Application Control filename rules -File name rule levels provide administrators to specify the file attributes off which to base a file name rule. File name rules provide the same security guarantees that explicit signer rules do, as they are based on non-mutable file attributes. Specification of the file name level occurs when creating new policy rules. In addition, to combine file name levels found in multiple policies, you can merge multiple policies. +File name rule levels let you specify file attributes to base a rule on. File name rules provide the same security guarantees that explicit signer rules do, as they are based on non-mutable file attributes. Specification of the file name level occurs when creating new policy rules. -Use Table 3 to select the appropriate file name level for your available administrative resources and Windows Defender Application Control deployment scenario. For instance, an LOB or production application and its binaries (eg. DLLs) may all share the same product name. This allows users to easily create targeted policies based on the Product Name filename rule level. +Use Table 3 to select the appropriate file name level for your use cases. For instance, an LOB or production application and its binaries may all share the same product name. This option lets you easily create targeted policies based on the Product Name filename rule level. **Table 3. Windows Defender Application Control policy - filename levels** @@ -139,4 +140,4 @@ Use Table 3 to select the appropriate file name level for your available adminis | **Internal Name** | Specifies the internal name of the binary. | | **Original File Name** | Specifies the original file name, or the name with which the file was first created, of the binary. | | **Package Family Name** | Specifies the package family name of the binary. The package family name consists of two parts: the name of the file and the publisher ID. | -| **Product Name** | Specifies the name of the product with which the binary ships. | \ No newline at end of file +| **Product Name** | Specifies the name of the product with which the binary ships. | diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md index 282e08bc06..bb2c487c9d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -25,33 +25,31 @@ ms.technology: mde - Windows 10 - Windows Server 2016 and above -Application execution control can be difficult to implement in enterprises that do not have processes to effectively control the deployment of applications centrally through an IT managed system. In such environments, users are empowered to acquire the applications they need for work, making accounting for all the applications that would need to be authorized for execution control a daunting task. +Application control can be difficult to implement in organizations that don't deploy and manage applications through an IT-managed system. In such environments, users can acquire the applications they want to use for work, making it hard to build an effective application control policy. -Windows 10, version 1709 (also known as the Windows 10 Fall Creators Update) provides a new option, known as the Microsoft Intelligent Security Graph authorization, that allows IT administrators to automatically authorize applications that the Microsoft Intelligent Security Graph recognizes as having known good reputation. The Microsoft Intelligent Security Graph option helps IT organizations take a significant first step towards going from having no application control at all to a simple means of preventing the execution of unknown and known bad software. To learn more about the Microsoft Intelligent Security Graph, see the Security section in [Major services and features in Microsoft Graph](/graph/overview-major-services). +Beginning with Windows 10, version 1709, you can set an option to automatically allow applications that the Microsoft Intelligent Security Graph recognizes as having known good reputation. The ISG option helps organizations begin to implement application control even when the organization has limited control over their app ecosystem. To learn more about the Microsoft Intelligent Security Graph, see the Security section in [Major services and features in Microsoft Graph](/graph/overview-major-services). ## How does the integration between WDAC and the Intelligent Security Graph work? -The Microsoft Intelligent Security Graph relies on the same vast security intelligence and machine learning analytics which power Microsoft Defender SmartScreen and Microsoft Defender Antivirus to help classify applications as having known good, known bad, or unknown reputation. When an unevaluated file is run on a system with WDAC enabled with the Microsoft Intelligent Security Graph authorization option specified, WDAC queries the file's reputation by sending its hash and signing information to the cloud. If the Microsoft Intelligent Security Graph determines that the file has a known good reputation, the $KERNEL.SMARTLOCKER.ORIGINCLAIM kernel Extended Attribute (EA) is written to the file. Every time the file tries to execute, if there are no explicit deny rules present for the file, it will be allowed to run based on its positive reputation. Conversely, a file that has unknown or known bad reputation will still be allowed to run in the presence of a rule that explicitly allows the file. +The ISG uses the same vast security intelligence and machine learning analytics that power Microsoft Defender SmartScreen and Microsoft Defender Antivirus to help classify applications as having known good, known bad, or unknown reputation. When a binary runs on a system with WDAC enabled with the ISG option, WDAC checks the file's reputation by sending its hash and signing information to the cloud. If the ISG reports that the file has a known good reputation, the $KERNEL.SMARTLOCKER.ORIGINCLAIM kernel Extended Attribute (EA) is written to the file. Every time the binary runs, it is allowed based on its positive reputation unless there is an explicit deny rule set in the WDAC policy. Conversely, a file that has unknown or known bad reputation will be allowed if your WDAC policy explicitly allows it. -Additionally, an application installer which is determined to have known good reputation will pass along that positive reputation to any files that it writes. This way, all the files needed to install and run an app are granted positive reputation data. +If the file with good reputation is an application installer, its reputation will pass along to any files that it writes to disk. This way, all the files needed to install and run an app inherit the positive reputation data from the installer. WDAC periodically re-queries the reputation data on a file. Additionally, enterprises can specify that any cached reputation results are flushed on reboot by using the **Enabled:Invalidate EAs on Reboot** option. >[!NOTE] >Admins should make sure there is a WDAC policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, such as custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both Microsoft Endpoint Manager Configuration Manager (MEMCM) and Microsoft Endpoint Manager Intune (MEM Intune) can be used to create and push a WDAC policy to your client machines. -Other examples of WDAC policies are available in `C:\Windows\schemas\CodeIntegrity\ExamplePolicies` and can help authorize Windows OS components, WHQL signed drivers and all Store apps. Admins can reference and customize them as needed for their Windows Defender Application Control deployment or [create a custom WDAC policy](./create-initial-default-policy.md). - ## Configuring Intelligent Security Graph authorization for Windows Defender Application Control -Setting up the Microsoft Intelligent Security Graph authorization is easy regardless of what management solution you use. Configuring the Microsoft Intelligent Security Graph option involves these basic steps: +Setting up the ISG is easy using any management solution you wish. Configuring the Microsoft Intelligent Security Graph option involves these basic steps: - [Ensure that the Microsoft Intelligent Security Graph option is enabled in the WDAC policy XML](#ensure-that-the-intelligent-security-graph-option-is-enabled-in-the-wdac-policy-xml) - [Enable the necessary services to allow WDAC to use the Microsoft Intelligent Security Graph correctly on the client](#enable-the-necessary-services-to-allow-wdac-to-use-the-isg-correctly-on-the-client) ### Ensure that the Intelligent Security Graph option is enabled in the WDAC policy XML -In order to enable trust for executables based on classifications in the Microsoft Intelligent Security Graph, the **Enabled:Intelligent Security Graph authorization** option must be specified in the WDAC policy. This can be done with the Set-RuleOption cmdlet. In addition, it is recommended from a security perspective to also enable the **Enabled:Invalidate EAs on Reboot** option to invalidate the cached Intelligent Security Graph results on reboot to force rechecking of applications against the Microsoft Intelligent Security Graph. Caution is advised if devices will regularly transition to and from environments that may not be able to access the Microsoft Intelligent Security Graph. The following example shows both options being set. +To allow apps and binaries based on the Microsoft Intelligent Security Graph, the **Enabled:Intelligent Security Graph authorization** option must be specified in the WDAC policy. This step can be done with the Set-RuleOption cmdlet. You should also enable the **Enabled:Invalidate EAs on Reboot** option so that ISG results are verified again after each reboot. The ISG option is not recommended for devices that don't have regular access to the internet. The following example shows both options being set. ```code @@ -81,29 +79,27 @@ In order to enable trust for executables based on classifications in the Microso ### Enable the necessary services to allow WDAC to use the ISG correctly on the client -In order for the heuristics used by the Microsoft Intelligent Security Graph to function properly, a number of component in Windows must be enabled. The easiest way to do this is to run the appidtel executable in `c:\windows\system32`. +In order for the heuristics used by the ISG to function properly, a number of components in Windows must be enabled. You can configure these components by running the appidtel executable in `c:\windows\system32`. ``` appidtel start ``` -This step is not required for WDAC policies deployed over MDM using the AppLocker CSP, as the CSP will enable the necessary components. This step is also not required when enabling the Microsoft Intelligent Security Graph through the MEMCM WDAC UX. However, if custom policies are being deployed outside of the WDAC UX through MEMCM, then this step is required. +This step isn't required for WDAC policies deployed over MDM, as the CSP will enable the necessary components. This step is also not required when the ISG is configured using MEMCM's WDAC integration. ## Security considerations with the Intelligent Security Graph -Since the Microsoft Intelligent Security Graph is a heuristic-based mechanism, it does not provide the same security guarantees that explicit allow or deny rules do. It is best suited for deployment to systems where each user is configured as a standard user and there are other monitoring systems in place like Microsoft Defender for Endpoint to help provide optics into what users are doing. +Since the Microsoft Intelligent Security Graph is a heuristic-based mechanism, it doesn't provide the same security guarantees that explicit allow or deny rules do. It's best suited where users operate with standard user rights and where a security monitoring solution like Microsoft Defender for Endpoint is used. -Users with administrator privileges or malware running as an administrator user on the system may be able to circumvent the intent of WDAC when the Microsoft Intelligent Security Graph option is allowed by circumventing or corrupting the heuristics used to assign reputation to application executables. The Microsoft Intelligent Security Graph option uses the same heuristic tracking as managed installer and so for application installers that include an option to automatically run the application at the end of the installation process the heuristic may over-authorize. +Processes running with kernel privileges can circumvent WDAC by setting the ISG extended file attribute to make a binary appear to have known good reputation. Also, since the ISG option passes along reputation from application installers to the binaries they write to disk, it can over-authorize files in some cases where the installer launches the application upon completion. ## Known limitations with using the Intelligent Security Graph -Since the Microsoft Intelligent Security Graph relies on identifying executables as being known good, there are cases where it may classify legitimate executables as unknown, leading to blocks that need to be resolved either with a rule in the WDAC policy, a catalog signed by a certificate trusted in the WDAC policy or by deployment through a WDAC managed installer. Typically, this is due to an installer or application using a dynamic file as part of execution. These files do not tend to build up known good reputation. Auto-updating applications have also been observed using this mechanism and may be flagged by the ISG. +Since the ISG only allows binaries that are known good, there are cases where legitimate software may be unknown to the ISG and will be blocked by WDAC. In this case, you need to allow the software with a rule in your WDAC policy, deploy a catalog signed by a certificate trusted in the WDAC policy, or install the software from a WDAC managed installer. Installers or applications that dynamically create binaries at runtime, as well as self-updating applications, may exhibit this symptom. -Modern apps are not supported with the Microsoft Intelligent Security Graph heuristics and will need to be separately authorized in your WDAC policy. As modern apps are signed by the Microsoft Store and Microsoft Store for Business, it is straightforward to authorize modern apps with signer rules in the WDAC policy. +Packaged apps are not supported with the Microsoft Intelligent Security Graph heuristics and will need to be separately authorized in your WDAC policy. Since packaged apps have a strong app identity and must be signed, it is straightforward to authorize these apps with your WDAC policy. -The Microsoft Intelligent Security Graph heuristics do not authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run. - -In some cases, the code integrity logs where WDAC errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, the error is functionally benign as a blocked native image will result in the corresponding assembly being re-interpreted. Review for functionality and performance for the related applications using the native images maybe necessary in some cases. +The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run. >[!NOTE] -> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. MEM Intune's built-in WDAC support includes the option to trust apps with good reputation via the Microsoft Intelligent Security Graph, but it has no option to add explicit allow or deny rules. In most circumstances, customers enforcing application control need to deploy a custom WDAC policy (which can include the Microsoft Intelligent Security Graph option if desired) using [Intune's OMA-URI functionality](./deploy-windows-defender-application-control-policies-using-intune.md#using-a-custom-oma-uri-profile). +> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. MEM Intune's built-in WDAC support includes the option to trust apps with good reputation via the Microsoft Intelligent Security Graph, but it has no option to add explicit allow or deny rules. In most circumstances, customers enforcing application control need to deploy a custom WDAC policy (which can include the Microsoft Intelligent Security Graph option if desired) using [Intune's OMA-URI functionality](deploy-windows-defender-application-control-policies-using-intune.md#deploy-WDAC-policies-with-custom-OMA-URI). diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md index 1e62bae47a..c115ecd3a1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md @@ -1,6 +1,6 @@ --- -title: Authorize apps deployed with a WDAC managed installer (Windows 10) -description: Explains how you can use a managed installer to automatically authorize applications deployed and installed by a designated software distribution solution, such as Microsoft Endpoint Configuration Manager. +title: Authorize apps installed by a managed installer (Windows 10) +description: Explains how to automatically allow applications deployed and installed by a managed installer. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: m365-security @@ -11,63 +11,49 @@ ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 -ms.reviewer: isbrahm +ms.reviewer: jogeurte ms.author: dansimp manager: dansimp ms.date: 08/14/2020 ms.technology: mde --- -# Authorize apps deployed with a WDAC managed installer +# Authorize apps deployed by a managed installer **Applies to:** - Windows 10 - Windows Server 2019 -Windows 10, version 1703 (also known as the Windows 10 Creators Update) provides a new option, known as a managed installer, that allows IT administrators to automatically authorize applications deployed and installed by a designated software distribution solution such as Microsoft Endpoint Configuration Manager. -A managed installer helps an IT admin balance security and manageability requirements when employing application execution control policies by providing an option that does not require specifying explicit rules for software that is being managed through a software distribution solution. +Windows 10, version 1703 introduced a new option for Windows Defender Application Control (WDAC), called managed installer, that helps balance security and manageability when enforcing application control policies. This option lets you automatically allow applications installed by a designated software distribution solution such as Microsoft Endpoint Configuration Manager. ## How does a managed installer work? -A managed installer uses a new rule collection in AppLocker to specify one or more executables that are trusted by the organization as an authorized source for application deployment. +A new rule collection in AppLocker specifies binaries that are trusted by the organization as an authorized source for application deployment. When one of these binaries runs, Windows will monitor the binary's process (and processes it launches) and tag all files it writes as having originated from a managed installer. The managed installer rule collection is configured using Group Policy and can be applied with the Set-AppLockerPolicy PowerShell cmdlet. You can't currently set managed installers with the AppLocker CSP through MDM. -Specifying an executable as a managed installer will cause Windows to tag files that are written from the executable's process (or processes it launches) as having originated from a trusted installation authority. The Managed Installer rule collection is currently supported for AppLocker rules in Group Policy and in Configuration Manager, but not in the AppLocker CSP for OMA-URI policies. +Having defined your managed installers using AppLocker, you can then configure WDAC to trust files installed by a managed installer by adding the Enabled:Managed Installer option to your WDAC policy. Once that option is set, WDAC will check for managed installer origin information when determining whether or not to allow a binary to run. As long as there are no deny rules present for the file, WDAC will allow a file to run based on its managed installer origin. -Once the IT administrator adds the Allow: Managed Installer option to a WDAC policy, the WDAC component will subsequently check for the presence of the origin information when evaluating other application execution control rules specified in the policy. If there are no deny rules present for the file, it will be authorized based on the managed installer origin information. +You should ensure that the WDAC policy allows the system to boot and any other authorized applications that can't be deployed through a managed installer. -Admins needs to ensure that there is a WDAC policy in place to allow the system to boot and run any other authorized applications that may not be deployed through a managed installer. -An example managed installer use-case can be seen in the guidance for [creating a WDAC policy for fully-managed devices](create-wdac-policy-for-fully-managed-devices.md). - -Note that a WDAC policy with managed installer configured will begin to tag files which originated from that managed installer, regardless of whether the policy is in audit or enforced mode. +For an example of a managed installer use case, see [Creating a WDAC policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md). ## Security considerations with managed installer -Since managed installer is a heuristic-based mechanism, it does not provide the same security guarantees that explicit allow or deny rules do. -It is best suited for deployment to systems where each user is configured as a standard user and where all software is deployed and installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager. +Since managed installer is a heuristic-based mechanism, it doesn't provide the same security guarantees that explicit allow or deny rules do. +It is best suited for use where each user operates as a standard user and where all software is deployed and installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager. Users with administrator privileges or malware running as an administrator user on the system may be able to circumvent the intent of Windows Defender Application Control when the managed installer option is allowed. -If the authorized managed installer process performs installations in the context of a user with standard privileges, then it is possible that standard users or malware running as standard user may be able to circumvent the intent of Windows Defender Application Control. -Some application installers include an option to automatically run the application at the end of the installation process. If this happens when the installer is run by a managed installer, then the managed installer's heuristic tracking and authorization may continue to apply to all files created during the first run of the application. This could result in over-authorization for executables that were not intended. -To avoid this, ensure that the application deployment solution being used as a managed installer limits running applications as part of installation. + +If a managed installer process runs in the context of a user with standard privileges, then it is possible that standard users or malware running as standard user may be able to circumvent the intent of Windows Defender Application Control. + +Some application installers may automatically run the application at the end of the installation process. If this happens when the installer is run by a managed installer, then the managed installer's heuristic tracking and authorization will extend to all files created during the first run of the application. This could result in over-authorization for executables that were not intended. To avoid that outcome, ensure that the application deployment solution used as a managed installer limits running applications as part of installation. ## Known limitations with managed installer -- Application execution control based on managed installer does not support applications that self-update/auto-update. -If an application deployed by a managed installer subsequently updates itself, the updated application files will no longer include the managed installer origin information and will not be authorized to run. -Enterprises should deploy and install all application updates using the managed installer. -In some cases, it may be possible to also designate an application binary that performs the self-updates as a managed installer. -Proper review for functionality and security should be performed for the application before using this method. +- Application control based on managed installer does not support applications that self-update. If an application deployed by a managed installer later updates itself, the updated application files won't include the managed installer origin information and may not be able to run. When you rely on managed installers, you must deploy and install all application updates using a managed installer or include rules to authorize the app in the WDAC policy. In some cases, it may be possible to also designate an application binary that performs self-updates as a managed installer. Proper review for functionality and security should be performed for the application before using this method. -- [Packaged apps (MSIX)](https://docs.microsoft.com/windows/msix/) deployed through a managed installer will not be tracked by the managed installer heuristic and will need to be separately authorized in your WDAC policy. See how to [manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md). +- [Packaged apps (MSIX)](https://docs.microsoft.com/windows/msix/) deployed through a managed installer aren't tracked by the managed installer heuristic and will need to be separately authorized in your WDAC policy. See [Manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md). -- Executables that extract files and then attempt to execute may not be allowed by the managed installer heuristic. -In some cases, it may be possible to also designate an application binary that performs such an operation as a managed installer. -Proper review for functionality and security should be performed for the application before using this method. +- Some applications or installers may extract, download, or generate binaries and immediately attempt to run them. Files run by such a process may not be allowed by the managed installer heuristic. In some cases, it may be possible to also designate an application binary that performs such an operation as a managed installer. Proper review for functionality and security should be performed for the application before using this method. -- The managed installer heuristic does not authorize drivers. -The WDAC policy must have rules that allow the necessary drivers to run. - -- In some cases, the code integrity logs where WDAC errors and warnings are written will contain error events for native images generated for .NET assemblies. -Typically, the error is functionally benign as a blocked native image will result in the corresponding assembly being re-interpreted. -Review for functionality and performance for the related applications using the native images maybe necessary in some cases. +- The managed installer heuristic doesn't authorize kernel drivers. The WDAC policy must have rules that allow the necessary drivers to run. diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md index 8dc851b49b..e2430f0aef 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md @@ -1,6 +1,6 @@ --- -title: Deploying Windows Defender Application Control policies (Windows 10) -description: Learn how to gather information, create a plan, and begin to test initial code integrity policies for a Windows Defender Application Control deployment. +title: Deploying Windows Defender Application Control (WDAC) policies (Windows 10) +description: Learn how to plan and implement a WDAC deployment. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: m365-security @@ -11,31 +11,31 @@ ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 -ms.reviewer: jgeurten +ms.reviewer: jogeurte ms.author: dansimp manager: dansimp ms.date: 05/16/2018 ms.technology: mde --- -# Deploying Windows Defender Application Control policies +# Deploying Windows Defender Application Control (WDAC) policies **Applies to** - Windows 10 - Windows Server 2016 and above -You should now have one or more WDAC policies ready to deploy to devices within your organization. If you have not yet completed the steps described in the [WDAC Design Guide](windows-defender-application-control-design-guide.md), do so now before proceeding. +You should now have one or more WDAC policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](windows-defender-application-control-design-guide.md), do so now before proceeding. ## Plan your deployment -As with any significant change to your environment, implementing application control can have unintended consequences. To ensure the best chance for success, you should follow safe deployment practices and plan your deployment carefully. Determine what set(s) of devices you will manage with WDAC and split them into deployment rings so you can control the scale of the deployment and be able to respond if anything should go wrong. Define the success criteria that will determine when it is safe to proceed from one ring to the next. +As with any significant change to your environment, implementing application control can have unintended consequences. To ensure the best chance for success, you should follow safe deployment practices and plan your deployment carefully. Decide what devices you will manage with WDAC and split them into deployment rings so you can control the scale of the deployment and respond if anything goes wrong. Define the success criteria that will determine when it's safe to continue from one ring to the next. -All WDAC policy changes should be deployed in audit mode before proceeding to enforcement. Carefully monitor events from devices where the policy has been deployed to ensure the block events you observe match your expectation before broadening the deployment to additional deployment rings. If your organization uses Microsoft Defender for Endpoint, you can use the Advanced Hunting feature to centrally monitor WDAC-related events. Otherwise, we recommend using an event log forwarding solution to collect relevant events from your managed endpoints. +All WDAC policy changes should be deployed in audit mode before proceeding to enforcement. Carefully monitor events from devices where the policy has been deployed to ensure the block events you observe match your expectation before broadening the deployment to other deployment rings. If your organization uses Microsoft Defender for Endpoint, you can use the Advanced Hunting feature to centrally monitor WDAC-related events. Otherwise, we recommend using an event log forwarding solution to collect relevant events from your managed endpoints. ## Choose how to deploy WDAC policies -There are several options to deploy WDAC policies to managed endpoints, including the following: +There are several options to deploy WDAC policies to managed endpoints, including: 1. [Deploy using a Mobile Device Management (MDM) solution](deploy-windows-defender-application-control-policies-using-intune.md), such as Microsoft Intune 2. [Deploy using Microsoft Endpoint Configuration Manager (MEMCM)](deployment/deploy-wdac-policies-using-memcm.md) From a2fc80d57ffbe42b6c3dee1249f5f26d362f5194 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Mon, 19 Apr 2021 21:52:02 -0700 Subject: [PATCH 024/156] Update use-windows-defender-application-control-with-intelligent-security-graph.md --- ...ender-application-control-with-intelligent-security-graph.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md index bb2c487c9d..7ad4a8467b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -102,4 +102,4 @@ Packaged apps are not supported with the Microsoft Intelligent Security Graph he The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run. >[!NOTE] -> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. MEM Intune's built-in WDAC support includes the option to trust apps with good reputation via the Microsoft Intelligent Security Graph, but it has no option to add explicit allow or deny rules. In most circumstances, customers enforcing application control need to deploy a custom WDAC policy (which can include the Microsoft Intelligent Security Graph option if desired) using [Intune's OMA-URI functionality](deploy-windows-defender-application-control-policies-using-intune.md#deploy-WDAC-policies-with-custom-OMA-URI). +> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. MEM Intune's built-in WDAC support includes the option to trust apps with good reputation via the Microsoft Intelligent Security Graph, but it has no option to add explicit allow or deny rules. In most circumstances, customers enforcing application control need to deploy a custom WDAC policy (which can include the Microsoft Intelligent Security Graph option if desired) using [Intune's OMA-URI functionality](deploy-windows-defender-application-control-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). From 2a7380850fac642e9621c552abb5c68c191e3f3d Mon Sep 17 00:00:00 2001 From: danmatts <82900873+danmatts@users.noreply.github.com> Date: Tue, 20 Apr 2021 12:32:14 -0500 Subject: [PATCH 025/156] Added Note clarifying the NMICrashDump key usage. For Windows 8+ and Windows Server 2012+ the NMICrashdump key is not required and no longer has any effect. --- .../generate-kernel-or-complete-crash-dump.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md index ac31619d20..c5746be08c 100644 --- a/windows/client-management/generate-kernel-or-complete-crash-dump.md +++ b/windows/client-management/generate-kernel-or-complete-crash-dump.md @@ -78,6 +78,9 @@ To do this, follow these steps: > [!IMPORTANT] > Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur. + +>[!Note] +> This registry key is not required for clients Windows 8 and newer or servers Windows Server 2012 and newer. Setting this registry key on newer versions of Windows has no effect. 1. In Registry Editor, locate the following registry subkey: @@ -110,4 +113,4 @@ If you want to run NMI in Microsoft Azure using Serial Console, see [Use Serial ### Use Debugger -[Forcing a System Crash from the Debugger](/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger) \ No newline at end of file +[Forcing a System Crash from the Debugger](/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger) From aa9b1e8552c7a73c4eb885b9e594196c5a181dcd Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Tue, 20 Apr 2021 12:24:35 -0700 Subject: [PATCH 026/156] Addressed reviewer issues --- ...d-security-and-windows-defender-application-control.md | 8 ++++---- ...-defender-application-control-policies-using-intune.md | 4 ++-- .../deployment/deploy-wdac-policies-using-memcm.md | 6 ++++-- .../deployment/deploy-wdac-policies-using-script.md | 8 +++++--- .../operations/known-issues.md | 8 +++++--- ...defender-application-control-with-managed-installer.md | 4 ++-- 6 files changed, 22 insertions(+), 16 deletions(-) diff --git a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md index a2ce2af711..0ecb7c4e45 100644 --- a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md @@ -42,7 +42,7 @@ We hope this change will help us better communicate options for adopting applica ## Related articles -[Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control.md) -[Dropping the Hammer Down on Malware Threats with Windows 10’s Windows Defender](https://channel9.msdn.com/Events/Ignite/2015/BRK2336) -[Driver compatibility with Windows Defender in Windows 10](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10) -[Code integrity](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348642(v=ws.10)) +- [Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control.md) +- [Dropping the Hammer Down on Malware Threats with Windows 10’s Windows Defender](https://channel9.msdn.com/Events/Ignite/2015/BRK2336) +- [Driver compatibility with Windows Defender in Windows 10](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10) +- [Code integrity](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348642(v=ws.10)) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index bca3a95134..e9fddbd043 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -58,7 +58,7 @@ The steps to use Intune's custom OMA-URI functionality are: 2. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. -3. Open the Microsoft Intune portal and [create a profile with custom settings](https://docs.microsoft.com/mem/intune/configuration/custom-settings-windows-10). +3. Open the Microsoft Intune portal and [create a profile with custom settings](/mem/intune/configuration/custom-settings-windows-10). 4. Specify a **Name** and **Description** and use the following values for the remaining custom OMA-URI settings: - **OMA-URI**: ./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy @@ -80,7 +80,7 @@ The steps to use Intune's Custom OMA-URI functionality to leverage the [AppLocke 1. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. -2. Open the Microsoft Intune portal and [create a profile with custom settings](https://docs.microsoft.com/mem/intune/configuration/custom-settings-windows-10). +2. Open the Microsoft Intune portal and [create a profile with custom settings](/mem/intune/configuration/custom-settings-windows-10). 3. Specify a **Name** and **Description** and use the following values for the remaining custom OMA-URI settings: - **OMA-URI**: ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy) diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-memcm.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-memcm.md index 7f56bfe99a..392b2ce9a7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-memcm.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-memcm.md @@ -7,10 +7,13 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: jogeurte -ms.author: jsuther +ms.author: jogeurte +ms.manager: jsuther manager: dansimp ms.date: 04/14/2021 ms.technology: mde +ms.topic: article +ms.localizationpriority: medium --- # Deploy WDAC policies by using Microsoft Endpoint Configuration Manager (MEMCM) @@ -35,6 +38,5 @@ MEMCM includes native support for WDAC, which allows you to configure Windows 10 For more information on using MEMCM's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) ## Deploy custom WDAC policies using Packages/Programs or Task Sequences - Using MEMCM's built-in policies can be a helpful starting point, but customers may find the available circle-of-trust options available in MEMCM too limiting. To define your own circle-of-trust, you can use MEMCM to deploy custom WDAC policies using [script-based deployment](deploy-wdac-policies-using-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences. diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-script.md index 023a0e7b4a..a72d3a0bb4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-script.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-script.md @@ -2,16 +2,18 @@ title: Deploy Windows Defender Application Control (WDAC) policies using script (Windows 10) description: Use scripts to deploy Windows Defender Application Control (WDAC) policies. Learn how with this step-by-step guide. keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: m365-security audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: jogeurte -ms.author: dansimp +ms.author: jogeurte +ms.manager: jsuther manager: dansimp -ms.date: 04/12/2021 +ms.date: 04/14/2021 ms.technology: mde +ms.topic: article +ms.localizationpriority: medium --- # Deploy WDAC policies using script diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md index e4a1552233..c525c8832f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md @@ -7,11 +7,13 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: jogeurte -ms.author: deniseb +ms.author: jogeurte +ms.manager: jsuther manager: dansimp -ms.date: 04/09/2021 -ms.custom: asr +ms.date: 04/14/2021 ms.technology: mde +ms.topic: article +ms.localizationpriority: medium --- # WDAC Admin Tips & Known Issues diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md index c115ecd3a1..66afc7f933 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md @@ -14,7 +14,7 @@ author: jsuther1974 ms.reviewer: jogeurte ms.author: dansimp manager: dansimp -ms.date: 08/14/2020 +ms.date: 04/20/2021 ms.technology: mde --- @@ -52,7 +52,7 @@ Some application installers may automatically run the application at the end of - Application control based on managed installer does not support applications that self-update. If an application deployed by a managed installer later updates itself, the updated application files won't include the managed installer origin information and may not be able to run. When you rely on managed installers, you must deploy and install all application updates using a managed installer or include rules to authorize the app in the WDAC policy. In some cases, it may be possible to also designate an application binary that performs self-updates as a managed installer. Proper review for functionality and security should be performed for the application before using this method. -- [Packaged apps (MSIX)](https://docs.microsoft.com/windows/msix/) deployed through a managed installer aren't tracked by the managed installer heuristic and will need to be separately authorized in your WDAC policy. See [Manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md). +- [Packaged apps (MSIX)](/windows/msix/) deployed through a managed installer aren't tracked by the managed installer heuristic and will need to be separately authorized in your WDAC policy. See [Manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md). - Some applications or installers may extract, download, or generate binaries and immediately attempt to run them. Files run by such a process may not be allowed by the managed installer heuristic. In some cases, it may be possible to also designate an application binary that performs such an operation as a managed installer. Proper review for functionality and security should be performed for the application before using this method. From 2eb8ddb238949246040cdf02df7223f1f7a0f6cb Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Tue, 20 Apr 2021 14:42:49 -0700 Subject: [PATCH 027/156] Fixed more issues from reviewer --- .../windows-defender-application-control/TOC.md | 10 +++++----- ...ing-memcm.md => deploy-wdac-policies-with-memcm.md} | 4 ++-- ...g-script.md => deploy-wdac-policies-with-script.md} | 0 3 files changed, 7 insertions(+), 7 deletions(-) rename windows/security/threat-protection/windows-defender-application-control/deployment/{deploy-wdac-policies-using-memcm.md => deploy-wdac-policies-with-memcm.md} (87%) rename windows/security/threat-protection/windows-defender-application-control/deployment/{deploy-wdac-policies-using-script.md => deploy-wdac-policies-with-script.md} (100%) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md index 893271684d..d6145473d3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.md +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md @@ -25,17 +25,17 @@ ##### [Create a WDAC policy for fixed-workload devices](create-initial-default-policy.md) ##### [Microsoft recommended block rules](microsoft-recommended-block-rules.md) ##### [Microsoft recommended driver block rules](microsoft-recommended-driver-block-rules.md) -#### [Using the WDAC Wizard tool](wdac-wizard.md) +#### [Use the WDAC Wizard tool](wdac-wizard.md) ##### [Create a base WDAC policy with the Wizard](wdac-wizard-create-base-policy.md) ##### [Create a supplemental WDAC policy with the Wizard](wdac-wizard-create-supplemental-policy.md) ##### [Editing a WDAC policy with the Wizard](wdac-wizard-editing-policy.md) ##### [Merging multiple WDAC policies with the Wizard](wdac-wizard-merging-policies.md) ## [WDAC deployment guide](windows-defender-application-control-deployment-guide.md) -### [Deploy WDAC policies using MDM](deploy-windows-defender-application-control-policies-using-intune.md) -### [Deploy WDAC policies using MEMCM](deployment/deploy-wdac-policies-using-memcm.md) -### [Deploy WDAC policies using script](deployment/deploy-wdac-policies-using-script.md) -### [Deploy WDAC policies using Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md) +### [Deploy WDAC policies with MDM](deploy-windows-defender-application-control-policies-using-intune.md) +### [Deploy WDAC policies with MEMCM](deployment/deploy-wdac-policies-with-memcm.md) +### [Deploy WDAC policies with script](deployment/deploy-wdac-policies-with-script.md) +### [Deploy WDAC policies with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md) ### [Audit WDAC policies](audit-windows-defender-application-control-policies.md) ### [Merge WDAC policies](merge-windows-defender-application-control-policies.md) ### [Enforce WDAC policies](enforce-windows-defender-application-control-policies.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-memcm.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md similarity index 87% rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-memcm.md rename to windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md index 392b2ce9a7..73357d0809 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-memcm.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md @@ -35,8 +35,8 @@ MEMCM includes native support for WDAC, which allows you to configure Windows 10 - [Optional] Reputable apps as defined by the Intelligent Security Graph (ISG) - [Optional] Apps and executables already installed in admin-definable folder locations that MEMCM will allow through a one-time scan during policy creation on managed endpoints. -For more information on using MEMCM's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) +For more information on using MEMCM's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) ## Deploy custom WDAC policies using Packages/Programs or Task Sequences -Using MEMCM's built-in policies can be a helpful starting point, but customers may find the available circle-of-trust options available in MEMCM too limiting. To define your own circle-of-trust, you can use MEMCM to deploy custom WDAC policies using [script-based deployment](deploy-wdac-policies-using-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences. +Using MEMCM's built-in policies can be a helpful starting point, but customers may find the available circle-of-trust options available in MEMCM too limiting. To define your own circle-of-trust, you can use MEMCM to deploy custom WDAC policies using [script-based deployment](deploy-wdac-policies-with-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences. diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-script.md rename to windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md From adbe69a747e29e9a7fca1489ae514fd54ca0e79b Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Tue, 20 Apr 2021 14:44:31 -0700 Subject: [PATCH 028/156] Delete PolicyFlow.png --- .../images/PolicyFlow.png | Bin 71184 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-application-control/images/PolicyFlow.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/PolicyFlow.png b/windows/security/threat-protection/windows-defender-application-control/images/PolicyFlow.png deleted file mode 100644 index 13874b6392a89d2161102ef34bf7c22730dfbfb4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 71184 zcmeFZc{G)48$Z5@Xi|pQrwoP6W2q!lWh_H7WFAu_A$FOzZ75=kL=hQ6=6TFak)q6O z5sJ(q+nBhfCyXU9~JD)6bgf>gvWL z=#N=ByM@qbY8%sIXf)cnrdsyxZsccv=*UNQCLgcUA`w&%pEpw6qty|jcdjw@-m_X9 z>yb9m#a!l==2|*wQe|wv?2)-)(&v~qIX~^#RCSaLh(e(cmT8l672=L7_yLw;pBS@+um` zp-`sczzbPB9u;!i)=do*G#`S|J)P6rx3e?zvN6K-6t86F~nr4fDy`i!O|9kQOSp7fc z`rDkoX5rR`*b-zmSDF)KHfDo|HaFI1aLq!mXUdEH+W%>XcL*jMbK$L3qz9W>R+aBjO)dNP~YmZi}6L9N(!68LMB3V3$chh0pU6FF&!>F~m(JL_PY+3?FRU&PL;o{&i)OlCf*j=2*OPHc`YOD&d=SXKiKd4O-GkrsCB3 z{*hoKqT>;BnYzkg5m8+K?Ab#khn|6}O#P1k*ntow$MNWE`~g|o@)~d5dzA&Js~WIL z@>7NkFB7gBR|?o_gk|aTsIhTx7-<_m=pkPkzCYR&{WAMpjLpibLoB9Nns-2&b%rOh zhiHlK3AY5^OArL{Ib6n$D@CFDYqnv#o@JGf{&UOw6x!^Ee!TbldZJxEr1-K%**BV~ zBz{3HKc0)%v9I15KPO+8q?~;_z#|uKcm0h#88&iZV?w}#?ZSnXBEPBL_hN-J?@umS zW;MB;Zyr6?pD<@jV>9kC{?1JZV#7|rXe~6oaV_`33!a4}%6Xn;1+#Mj}mr&{RUQQ$&6(mn|7IGk2&Av)9vU|4RQahC%KoS@z zy3Hf1x@!2Ma3;J^*l~RFF-~1`wA4(WhmLgO?oq)FnTqnYm+EZ!Pl$&9P)eH`B?jGg zQlz$%Dt<8kU667Djd?Gpb?e)2@t%e;FL=(5pV2UlJyD^$=JsM?@k3Q|h3_F!g8RBv zC@V+w5#F9eLWF)t*kw!ADU#(>qv7f+Mogdc`uM1`PKrk5%$!oV(0}vwqN|Dadpuv2 zb1-FcV=*sNKw}%JsW-zL^Vr;dW!3MAp%UAzuJvSs)UQfM>kGJ^sW#f(+Ffl*$yyS3 zHnl=3o6?9zw+4jWOnetaZ%S=S5L9E|7c|@JJ;c+RCeB#*&XhoW-3hu1u|6RSOq<$o z+ELmpURMiI%yn~fQ#UjFt|lLg>9>0*sr`m@`x=>Kbj)~8YW&6LSiS4?B#*D8lN~O0 zlZM6a6;_I0M{TSAsTtS<3g!kY60`iPX>IHaiSf>^(GruwiB)5TR-@#_i9=$?}_?IZuv1%fH3Am{a$l+ZlO)ns#m5(E3}iT-?^bT*QucYI7aS^`EHP6fpiTV5sl9~NB;_?t zrnvTrg}ubYY8S4=?EBlBEu2RCYfubN%6Xm1y8fmP(^wp>Wtau3#mSoB-n%TnA*Rj7 zZL}}GsYAVFZYn|bnKV%^fwztK4Ws2(Qe`SuZxo|dad-9G&?2jL)DCAY9Bw^Ap{{fx z6dz)Hqsn)YzWbs9e$JKCa3FudP|jdw@tcSShTat z0!=v!7XL}2lOWpvqTO@S#61zZhTb^$HUax8PCPm=Mn$2 zQ+Y|Ea$CLKgw#Kr;F!M1Gd0K4whp6WX#dH&qEg!)*S(m4p3pG6qqdP;`v!-5n@fY8 zI_eU~QyMt-a~XLsH1-p*Gztv_|DqJr#LWLTi-(7YN&b&sb1P>Tr;s~jscD>lu6B;W zHZm(TM|`2^XUS20-N;7tDXWF~#r&jwAk z=gDe(>ZxLrQjvsz@X%Rmc(M~a?PtCEFD_mddA6Z1)stZ|SI=;9cv7fTHkL6hITLeI zx#TgkZP#Rq{vmaudLJQ*vBN?z{C#4v|L9Y-)Pk{h?z&q-*1_6c(v0N^WbMx6|N>IdQ;-hJWn3;A6i9!kV^;UEo`ufvn3PpI%Wk4cj!j#i_`m`isQ1 zWEo8?YQnVhj;2WxCBLQ6iJ$qGEeY_W{ohR&Fh1%lSdJ|2Hs=1OG{YTGoA0sCc0nmn z;Nz~B)^$tHF~cOmV&~6qgY%Xj=tl&f5p@3aCYXLR#U5 z($ab!(Q;KHsqaCGW8X4~$KK*GypmNV?8&v@w6 z`Ro<(CdG=!#qF#g)7k3378j(c$Ev!$vbMeUT0%Sd7;9Tfsoyk7RY#e?qA9Pz`*OHnGM@#I?4&<*NV^2 zWO_=cUX|j1sBG~3oqLMGp@X^E6T2xjzGoi|_{n}uX~s@Ju7DasLC$CJ92J?4eTIGZ ziE6*QJO1hFa#P;j(C?1!nll-!7bYZlR(v#xt6x_oJ;IgLVa&gPf0IhT8l9!Cad)<7 z;-Td1tH$E&Q`#Dm$?wTuJ7;3Ny_L;drx!eeU1Reh$~JE6#=Hj&dz^nYIJJT=^pa=( zciu~oJ$l#sumYH(KN@FZjlQ~BFRdXG7gvdt3hCRL2@9pu?#BRfI5W}{(lGs3E z?>Sj#!y}`!cE0c<)}$y9`&V&xS`$Xop?B?6tjtUTPZd?`iwpmWq8^UK>Au!ULbhU+ z$9hANlh3=KH#7`|m>vxcr1Pb&2lLr%w!{o2r3~JTrc1)toy^ z*s@6X=0%yE4EXz5jCaUAgZn%0o!MtUP~ym4cBAAMX$dTR@=v~2Z8vg2p&^s`*{|v8 zn?!f9y`iDJO~DEXd_VZhM?F^BGF%`WI}ig_`yW`o{DmFXK7apL_t@NUV?wyF2`ewB zM#L+jy>l)G^0@U$6Fh;9V^3tk1gTO`wd$XHl&9htz905f?q3=9+Rc}+_09vz|4Q1c z?IQOAWtU+G|H#fg56@5a7GLU3)lBB{Wl}A)KJE|c`HRiPstv-J%trmDxa;CXXIt;c z$jI9&n>6gooaJDysebRkK=Tq*d=^3hVg!93ZH}c1kUxL^eAVGs{pBu>ao-nzea&x8 zPz(-Of)t`P)1cVHhIYRk_0uB9(WWPgPKi@LKZVj?@~tesr!=>@j@uk?WZdMo^NnDT?f7igx4Zr2=Vo>Pnwst_qY6s5cAFin^BS`6mv&#a|L(lLI7!%5 zzhF}3VHpec7+(bu^6G}}-d_Fy76Su=A@+|X;tZbrQ+u*Hp8c}%of40ASB_Sfhj4)#!zLRi+!VLPmXs9I~MxkC@5h0hgOMLwS^uGSlBPg&0;t$N?TX`-Tmfg2C zj1$Lgti82&7_9a8rwr1zrTrDQ?>s>5cMsZZqwdoBN_wn0OVV-Il2~U1W!vM012j0S zf4Kc6C=+zLvnfXE{H(4>CT19&yH`-!amAy`{>R1Hn7+3T3Crb@&cEZRjT;gyxG04O zs&LKHtteDF5_c1=BB!zpi>P)9+jwSbnvAvGuRJv|A=o`-DEI!Z;RM^vwK6r>05=(u`+Dp zU2kmL98TK7?=tp=s=d+YAJ8!S&A(97dl|g{ivjZxH%qc_OM~XC;cS@!;T4ZY#p0iu zLBl@+Xa!N#hoD%b8^QBg(QK%%?79C z%0?g0rrN#Lh4DeR%O(mxeV{;W#67Gw-J5kBtqFr90LQdEOz;%^V*C#;ZqYWAV$M zQDUl_@1NE_NSCztZ@ypfzUwZ&HF|bEF0-&Vh)qV?V{O^%b7%VX`ewnd>;9%ZF%JTD zg9xb$f$Cg+c{j_cS5fWQg47fxs$*Wi>9IA1QT|4Uxj#TAn#vu zAuP1cwZil9-Rnd3!M|RLFen~SVEpSpZ#1t<339K!?1C*tQ$F+K6_wzu46S|8syuL( zv2!l9V$e>qQn8+TV)=qbV7&h*(+~BvZtAUig{*q*CyQ4Rb??68nHOofBSotmRYDI{ zOD;r{F}w~NCdrXz$+BPXbpmDatsywz@? zk|le(dL*#c37xBZn_*XE+_rOG4^<}~9&j5XVOSGu*%w9GPjsp3eehnG?OO-O zT4y!6{6k4{$?qWBhXi$$=Muqrf$C~t4+YX2n8^zB^T*if13nkP?X?5L(|-2is& zBaZ@JWz|^B4nLz$`$|rUo}vtP^`a9T zYB7TZJJC8u0sSL^1zU2;@~v8*vZIp5AyF{@3c6INinz*ltddZ#mEX$t(hhrHzV;8nUicaomT(Ln&D|4xPpJXh__p#ASYD`QgpB zPfZywb{}(~W8gMzNfghWxs1McM%`@AWOLEv;M$YAY|-(e(mIEkS*TKb9)DbTb&yIW zH^n{hXHaUvU>WuyH$I}2KWQR>6hI0L5lk8<_gsbQwqw9?V(v#L0bkZj-#I>~;l-snL z_n#+^--{vJGAO=)&~Wrgw)ew`+oU+bgw-!@-JYL1Hvanm6k@^h6)& zsJuCRL2=EVKdGCK_*y%vn!-~XR$s<7Tu^$&pdw)w(P4hT7rn&FeaPV+9dVaHbNQoB z%bgG<=a_8N7iuNzW+i4E471%g;Vl3F?ZsvjG9u_sH`$s;W}&B8u>{H2{;=qAD6jF4 z*9Wr=y&e}mxc>6gEv^{qL_sw!b_)L=zeL&W_d8HUz7Z)o^1_IjDbOh#{GiL=+KJUX zT@DRX^6E6?@z-|`(cx1}-rAcK5ERLTvMVkTQ&_fJkvCNzc%@4FZ`I>M`>aG~HETWwXc za&{En+=k(LWB41vy}6Btf?0^`pq6HXLrIwv^GYT*o$rX{k0yC8H@hBi(A((mzy`kW zAL{lSZcHy)@R(4F)f9SHs2BUD`(WtajR1#g>6k82CX*gS8(F6nXPhF0!p zVx_==a;`$>3>V`|5OqK6(5RSS&YB->4#qt_lPVL_G5AX8-81o9_>dDxKgdmAQgFy- z*9!X&;_t8VS$Bp1qP{pNk&8BUKQ{pQbDC@{|BQFY@}kT0c!z@J&LMUdovSfjX_CPU zg+iy$sn>Fv48EC^PdoJr_*K-8J7)FV#OlyEb~Il*$DCTaIaoRQ_~}iZ?vt5<5*Z(R zC1pgOb01O$iVPgB8OK5d@HRCe<#c!(9L8@^QlqTwX=RR5^|3 zBZywn#FhC`hY(@Lxu^xpb9SN+rT}2n+dM?mlE3e85}|waYpyCm{`HyIB<>1<9*uzU z)CJM_y)vV-TE);ll&N2hV0&1);zE$CHl6jlUvqM#j?V`7d1zGd-7}shIcM_yChd@1sPc)|cgO>c0R?zE`5$ka zc@`ARurCTcJ-R_#CQo{Ybjw(`N-Pl)d1G%*k>n{jEHT+K!Ft)Z+MI5MUVMA+`(cvk z-nG;PY_N{yWQ5wqv1z2b7xMSLC$w83DaL?DTe-Vd7^Ei`! zNI;(CCGDo)3uz!@>EV;>EulNY%%o>tgE7Sv(gten;c8?5 zol&owg!aGc!J5DK=eUiLg2*$*(sT-i(7it|?NOj13CMqZ(a*J1mvNOdQB#M7@zCe_ z%AaYzBC6%YamQ3XmSJtnhpJ#u1;QT8#HFcT^NMGD__BI2quE{M)VhOf^eAsr3M<3U zyGRiHTfgSt;`VTOavxywYY}UE6QlHjC4<{mH?!KW=D`yJ?fO)L-#`C}^N{m0Q-Z%zSq5DxFOP8<~|6a4JYLG1H zwgmbmrY|qetS0YGb3&8NlU^N-#lj?_NwU4s16&t&V8R&3IxnqI-ZeLsRw=wqz2o&~+}cs&2feKj*eC;i)~`fZ13gW|hSg0GjA zm3^&1i8y)Fnx>kobuYgeD=?X^Z5fT=ntbnfP{9}FH*p)Oz@E=|S|wnuQPO0SsqdMs z|5i01hp>UVYJ*}-fwtm=NJ z$MH7{cm&E_7aJmv%L=Bm2G)vQ(r^kQsT0g2Iws1yc+l5r3H$?hdu&wq{nnn5(ZU8A z_7O9u7e_^BEIyYFG!*-v`J&MuZn&}(I-LNNU;`5h(q^7OWJOnENoS;)o@lW9J>k(a zF<~>RaK$XFtvK#0*|k5=ltTCM@`*2y=_6$b`l_o6_&84TP-->QNN!q<(!=B0-cJiU zT{5-tgn7oSa1G|>&Obu=P)^EpkFsh{j7^Z3xsv5hQYN<6y2VO=(9rKBLQXECBD&ZW z%B}tZyJm(jvAc68@Rpo2^e~-Etx&6wJ~J!3{}pJ`ta6m)9;C^wkQ~~4SwA51C5@5; z38V@K*`y`y2VC&v4)krVoq87X@NRd}gqpGkGap8C@^8vMW=v2vX9-1P&28yCH^3D-uFMYAzoizno_eZl zxZYD}GepbjA-_wY4c=|tLR)n;aJ(Q%8Q*|0w&@&PgcvAcqxUbCCz3KJNY^S=3#>;f zHuIo({U*|RhG|w}0*oLdCgMJS7q|a>FZIQS`j~ro$M1M1;h-2mYv9p7-94~{SM)30 zS5C&@F>Qy2B4QVzYT_ZdOW+G1gagm8nNt@--Y3crOJrkozF*TRv|k_j619tvo-dp( zt&lZM(jl(SM-W9v1ee2ibg**9a=2IV3SyA>?B@AxI*KBsC4wl4GXpYCV#r+S)NbragV6+H6EoPCZv=R|k z6k)syPHAX}8r28ak^6oj}NfliSCAB?_+S*%6KE*TRs68+JL2|~8XMn3mY(7wq@5(@wvd!Zy_oG3?d#WKPji^;X zK4InNcE0S4tRn?S{u}vWy=Gj@Af^--|HUwAt z2iM+;ei{J$H*l8(-C&Ngg}4P*UYd5krZ>V=-)k>U9ggMZAhS#Htt(!%cM2FaM+gndO{YMXH za}PAr%IW|z|IWkC>7SZnvD*$EoSl0 z-wITglR4FaksKFXRlu{~6A)t&6pXL89A=+4YnBP9h0vL=Uy{N+l|zV}ZohXW7S|uN ziq`HgwhlJBi|OC&kZk5nY_@^C_?w+;RC(Q~P>kXc-JgQer?f97II)HG7Oa~PD}qNw zr%o|9%iN7ER>rCO_2FKcQh3VyvvGfLGJtAzR4JG8o!~VMega(`FGpg5m21VzN#Wh(# zNZ0;ayhB--$%6vGgU6@KCPw+~XwPWvk-yjIF>^^W7U@1PUQp2nk-j+I#p$xXx;WPG zoPX%F6gNxunKNfTOnOH495HnOewp9DfB!?(W#uZXx{H&dh6HNbxJCr?|H%I~@FntQ zGSu;h$sMD|UD6`74THSxOWqm?@e%a2&I^7V6*RscsK(20ayG``Fm1I8zp=V&;M@^@ zKdBGpGreZnWooFWk;HRvY#Oz&G{em%51BA>R*t$khlqL`uR6DYe#}6DhR`r0!M{F` zRuh9%{)+ng`et2RK7SV(M>E!Zf+R%|iXfP28hbf!T3y;%%1Nm4R;`nt@Euj~s$P2| z%f|dhL~k*i___(x82{L)xLaRQGMgty@%Z_G>h^$moCN7>0vs zvn{(UYS#%afi45Z&Vg@jC6k@+&QDhTz(T$9iNRxu*mLhlsuC1MB@I(F>LnU6}^H zgX9%ErF7Y&gRhXBYsliNt6FR^soDt0ng)$RJeXV&9I z`7>wF)=xf399?fU|L{2CX5)TZRQnzUQ&Yr-jn5{oz2WgtotqoJg3l+bNZzg{$uhwp zU?4E}tiFkf%vGw#j5dMBRUX*#X+{(kJbP>l7w8G&_5^tTg!tpzO762W!zUZQ4)|d0 z(x)d+p6tSSl}F3qJQha29F>Wn_(-i_iZT}rSs)yT8Iz;xsgxp|JHvYm7o@)+^@)QW z)N_oJPvs6=kR{Imb}V#HPfy!927I{s6@6mx3XO=|p9j7`W<3U>txC0+MRn)q4rG*( zTkVzj@4AuCFHdcGZ~_X=x-&4iIss*c1gL=pF?HVPj<$;F!LKl zXai;I5rz|JcySl}P3+6vh(cw%t0#8kZklqFk`p>6Y_<@C2^7fKqm!;m^m7kUXiuzK zK^+!uzOAu6QfWE{H=n)x4UHu&36^omZthWtOF-}gq(Qo~CvIS|eIh!h!#i8c;bT8m z0yKI>$`wGVxz&g2;D_*C3(=+&5?qYp_`*vKCer42n}JEcj-b-7>}ZuXy{4N<+5IV5 zEW5tS%sPO-R;Vq*P5>Xt`mHU`S~&f9_h^@i_~1Y;3kvou1zk2BZRTCgQ2me7p%pB` zt}gJFG0Ij^E5vbty+~|y%CB5e2xOk!x8D0EsuNZJgd?6F|!xF>sWKSv_OeiU{ zQ7Z+qlC8>$kPG^!<~5iwo5wWi-lFgv-=V?uB(f4+pzOZ3tDGLHfEI&)T|*`9$j9?* ze3WavY=BHH~r_%t81?D3pGuMQc-@LRXDV zyxY#s?p8Rt$ibbL>jnbUJ!K=8KTX{tRzodN10J>h(#6KtN*Slft6O)Bs(P^Y&XM6# zWwFU1lq%5ZU3Xz^unu46wced;k?`fq7vNmb#htDuBmV?<7YkVrJKBq~XJCNM2=H?C zg>`7405QzZcQzzo+@ZlL?d}{GWZp*`w+A9hT+~@RR`CcKw`TFS&I zdMbeDyI@@I`~yXkb7P0|Iff>c?teu~V^?Kuhart0(l~*_bHRJN`}IYw&I^FYoY&)5=(K7Mbe zzhc*qkKi9W^*tZK?rH1Bp03HV%$t2^QAfS_GcFyu2$}H@>Krj|T5<2|*~Tp5O7&G_ zx_{iCRe%1iW||J8CMYSd&JHQw=dE6Y7?q6vi;hEX&Lh@lz=GBaUiA3XZGq zo0^)uF!Fc5y$vxUm!;pauehT~D>v>82QwLD4qgEe2oxZm@Y9qhtH%~)QOmynbK`mN z6CV2%2kSFXQ0t6~cOy<8rZSuiKo$I9S?P%bisl!V0B8KVhLnS@)<83z=Chf#5v}L_ z9o3U1CT{V*{*(ub8FJIZwO*%XK0?xSu6M6&`=573wNZYB{lyrOi-7l}nFU=K{CvTHf6RPHw4c3Bznz691=blz7IgmCf}E} z%ju6BSWxV6Xt4R9aFuTIBl%AXj;F{P4|ZInY}FlG+b79w4U^}uXBmDHB0CgVZ71-S zrp0JS`CDWFz)9tJ{DRy*?~123C_Wvsden|hF0>;f021mQ?&h3(JWVMsBM;mDd03r9 zA`Kl;H=cnBkeq(%V`#5$BO^B*o)!QJXaA6Z!)|V1ouDcZKkYcxQ}~O{6l8zQar#@y zAnLD4fNWBKma_wADLf(F3K;{4ErY#=dQHY5K8kH?v_!^Z?V}J`+?7B4+Z^=E8D4GP z((atw6db=dYnAVMn2PCB#FhQ$9`lM2aNaEi?V)|6qoZ3_S6wysmAcH|yuT;sG6hFQIY2=ss`rS?Fd!Ra|8s8;lmHnDpLcZ}%+XgMK< ze1XTj;IaF_lEGun;Nb7@ql^m6%FdSpP*~`1b1j zgJ}k;Qegfq1LQ7U?SV?{QN;hAPPo+^1OE3CC)(^yZFvZ^GwLn~`Cdj&<5Ytd21K?( zgjU=ZH;jY4yX>+!q3z y1YU76Lb+0_CH}08PqIjeU4>^y`W07HS1u-rN>f4|}(T zF^wV^=s=+qh6=6bdo&85?sNm*#f~-evHa1=$e_so@GhKhV22kV8Zg_WJ>l zR)9|r3@_wmA~*b22exO3J|lz()Y81?0H(?1;pTpR8uVNOkoyZpAyFvtF^B;2EWEcb zyScdmAut`Gy9Yu8Kg~@5z4jt-eglC2c_+RU0)#*=Wo49 z;TtmDw&H2;Gm0}q2SnW{CS_tukPGI*(EsLv;DRR0hZHqW3350cl0A8F}u2< zaj~;Z6s)h}O}l#rcvD9vz}SRv)RQmph?f~%pokST82M-nZES23kXf5>g#PLua1p?+ zh*h!OfDnyg@!h_LBIGIA)8i>2fXr@&qp&B?W;uvQ-;xtN&cCHHs5CdylC6eCfSxkU zBS17*2r+$F)AQ|{0F7?Q1hVn!@}}tX*E=F1X$iNbTvZZzXZk$3wG^7^+Y*}K-=rp_ z(2kw0q4vQbj5W19B8X5GlqPxmC#b+zoj5z-#5IcJD;Fke{pr6V$Iws_12Ck6kJMb_ zIm>vHYE@C>-7zWmg}VsZ*-B2!Lb0UgQiN3ZGk8sNE53{^41y3=ZMpF|^s$`wt%A zUkA<(Y+J2BPl@Abfc;O<3?Sqn5Ym9`YuB^7Y-9!97ZCOsF)5I9E&}h<}pa_D`tDd-Ee-;?FF?m>IkS$|Ad8msfs-ZEYK3jysGH$lFdp-vc;> zJpJy?mGA%`b>_#&@^QQ%Z)Dr?(v}i}V`plpE10Na<|Kn4j&D0C&zoV%?Ezm^J*Vjc zTin2J3D8IYJlPhdtRqwwuXm)VMN2%lr7Tqvxi}-`x{xA{xHIl;X@2<%F@1~Inn=DE zjxypvza|QqR2nkd18NGjr35lOZ}wGU%ThGKs)c*^Iz2IcXpHBqEYInLoWEQpnmX26Tn7%PbX|JFH@EYc`YdO;CJY{ zMsM$H2@Wx)rx*ddd4O<;g~qEZ^S2yK&p~_83Wt-~_A@<1z*zAf7|36N3W$BKDErvauOEQt!25jir{~_*;1;Q2i~>Z^{7l&>U{e!f=sutR z6KPtcVC0tnw%$Qj$&W=yzSnXdUMx(*HM@zB)}jptDtKEjT*wHV^VVh2%bYS1wPSE> z3n))RGR(pZuz=as64^531xUE@`2@1rjtniTM~@zrm*VegrtCQZWY0cAv9@B!At`zQ+NASQ;w((cP)JAXeT#SW=Hg`-sI16z*5 z_$kb({;g(yb7Hf=HZa$%%fcp=0yNBETsu6F*@_8v+fhIaw8RdX?i9DLMUK&;WMd^= z<`PrvplTx1yLanyElBbtvhV2t;By= z1myrj;shnnDJwHz7J-8Ij+zQ1C}6@+*ti_@5OVsKeUM7?(x64(Fe0y5XoYk&K!UL4 znPo$P#)|?)F>E3ryRdCD^Kcp2Bfv+)Q_M=pIX@bj$)X=9F)LqV^NE}EzC94 z(Zsct`N3ljkmPUc{sI9etnrbAEnAYMM^->mIv=?;nXNbXLF5RCBmkNOp=@0S0mBPG zG&_1>GR(G1#`*U#P^=3g7e^7dEv{7S%7HxI@?aQ)N!XwigV-?&&FDgLrE+Ld@2K1& z6!YRoFyn1+VBZu#921rA+Ob*K{2$to01`>qwoByY#?0tBpIWfiKktTin(%F7fYXRh z9tv!60j}0v7=*&|4sVOgM-JOUxai$05M}zXiJ$ElGUBy`tXu4o)uQ<(j6DwRhl*E= zbx2sa&z93f2LN0-jLC+4#HR1 z`{3Kes1Tfr^1VE@uje@Wb^BJVV>TD%L;e*VFef$#+yf`o$ORV#WD(=2zKUI2&P~B0 zUj_ItVh|K^+hp65Z#@BU{W>$Vx&9UuM+YF_urM1U_YNln8KWBx(&VDIlC1rYOewZ# zfC)bM+24sMF)3iT*n5+s(Fk%Jto{w_ZOeK;)F&fHv!AGyIgMX)FkObC^tNgFnjx+W z2gTK!z)NsD;M|bqdD!dE?@=ZSrURWJUiC^7EV|=bA|Cufw!W%ZK~bd)6+8s zk>M)`IVR;yyY+Ar0@_il-$C)ICiEMvkW7O0K+2WEmumbEmXK>LRN&sXu7MM5`mbwD z@apqdd-ZR?36luxg74H?QR4;o{I(D}b{4d9S7D}n5mYK}1(SciRQR$90aC4B>)Exo zmSzGQk~wr!Ag=7IFd}RKXka+$Rv-Xed}P zy#NJZ!0exw18fLcEYuPcMMzo_TaIRF|K@wAl!B?R004e{FQrF+#Z-vFK z%YN4=guGLvjLDQ1)a}KNx*=oDUeyV=Nzih;f3TVz>{S3c{0*j^S5o3~>~~5Vl4vC?Wc41g{( z>hHk2u?oqP*LMq@^Dq)|pWig(Z<1c`WG{oVsFRs>V|1poe_uOZ3U1H~bweNDdZK!8 z&)>8%O!|iHda5j_@VxflPrOE2pQ5bmfP%wo{}FkqlSC$n6%bq_!loVd=>y?IhMm;vJ#64Al2=tF;|h@< zDk+MQI_c}g&5Z&4u6G|ke5jqY>M@&wK&WSjIFA-71aTdJDvU(}QjexH)q4T6T-h6k z3kzL(HrHY|9T#Rc*Q?mr7&h8*tLpUG3D)^N&{zySgIIwmS|p1>4!fb^4$h4iK+^TnmJD1E`TiHkmsU_?K7g`=eL^6x+%WJ2 zzlidA14r&qamu+macOXyM!{ZN|F7D4Xdx4*tdJ*;WZyT?&Tm za*)rtpv087%I3+eHPj-yTa-s`Hx)F4|9o5P5m5a9Kd0OnerX4ap32lTM;W>PR*kmYh z{_S;Ku9jSlEuucfID8PkPE%X|xQMUKlyhlMy5)1}8Hm^aa5V?{m?qkhGpxV#73nn< zR7*F@GXu6hS7ZDDJ_OWtj1^tFF@&}$KrDTdC$jAlwJ19)9K&ZNMGne4Sq z7lRYDbnC;yxYUA5CBy9U*ujB?-ZX4~@a2EHJ60{Ba>Xl(5128TAypfT*;LbZZTcK4 zTYkU$TQC(M!f25@4~hTI?A?Dj9mI~RBFht$AX(aVYD zw*B(mo4{G-x3TUE$}R@~fA{BpeBjbsj?aP54&kKjWma5I4BNJj&}ur#U;Pa{&$SYj zI8pQ^U&-a6j6?6+0WHayIg7fX+As^+wT|a9Gs?mAgC(Pa2T}%+BP}|Lnk2y`)$+|1 zi(1UcSCdPpW=65l%lkWoeDY~{M4YQsW>Sv5MY|Ls!C!?vXUIEXS0E8zZCp8EEf|A) zPT6$n+pU$N5}u!m8ddIkJ@LyX+NMvxKQM>6g3#->_Ltj6D`es{B(q+8qkVxp>wORLciao7qK`F|} zXLJ}j&NPHyw;f*(E6g2e=xr;S_~qmJqOy3WNw^j1KoId5mx06trnyJ$=>a*WJ+_U+ zqf;Up-(nfA)mqd(e!|nDi06F`U#WRfP%V@C7Cw$6eOk*^uR!mIoDlYva&hXB4={0P zT@u-E=SO*d7M(7%w5#*Kc{AxWAXiiFuIJKGFQD;MctD87_FAPtk69b-!PyzTNwY*7 zN4Y45i$B}Q;rjv7O7d1(G#>HVysOEsH;Hi!${eNJU%HMA>@$As1PMd^=A zdJ^X5J@JFUb!~;SiO1iW)yS`k<10P%3`m)`or}`U*);y!t~y{TbHRYQVZSH4AG5o{ za^${q!>vimiWzb>l|c(7>IPRO1%InYO4~eJSYf$eR(e6PZ*sJ!$F4Pv;#RuA677F8 zR(?vElr+u$Yq)iHdzL|E70j_eBJy+-M6E@CD~}vF)<%kDJoa-!x~aUGzrsk9lsP?= z5pPX;_UZprgLg{>SbECMIZTr3spmmj5js4=Cfq$@<3n99Y51EYip6N%5!&Umz)|h^^RYFuZkoovuTQ4n{rt+ ztIAC4R{t--^D!0Onu^kOs&KDxf`@9R_1e!q&t|ecQuEmKhLyR@{~?F&m_j@Ahe|81 z8t%gUOhXoAOL`4NI0j*L2a&TQ5pWn!3Veu-bnuB7-}iKg2zJ^LL}5>gT_tsk~RVA?dYO z#q;XJt{==uTnA+5=)g1-PhJ*jLzacD z_Z{;NLFZ||S-c>jK9H#6Avk_v2!Q_A6Z_?(cX>6xzp#~>Mly^Ju4$GiXjl#;5`s$= zRt9jZ?Xh__YS$}03as0XG?-~Ry=lW}Bz2l@%MLz+#T9Z1DOm<+dZAoFzaIgGi4@e?67V(HSUmty%V^iwuDwIiaDo}c^ zA!L30o0h?Q%~9F!^Y%}XWYm+Zu0(uOD@#M`>sgI`SL{NI(_}VO?9N^}QY**urlBWm z{9xgbN7A{=URCa8@DYmfFrAeSOKm6YwrUl(!57~2aGt7{>D$wyHKYSL?X-Ov+JrGQ z6w(J_;uJ{`uD!y8G>*u3V(H10T+6Jq6;C7tK4p%PHrUGYS($hm%f?F%%b2ZSx&e@-yoFn{^|YI zjqXq94t>rBsh-=f2QAC~M#W%OO9H&flzPxG7}wB@o7bsJ1pB?|u54!@&#=<&`ol~x zV8ib)@x8``#Bi@52l}NJw`y+&X?)^8(n`0fQF=_vK0cMUc0njq=6=%b*9eoSnvVq{ ziQl$T)c16wuAp~TteYm<5|dXLzNho4*J+Q6Ug|J}eLOGb`9*k%<;uL&_3}qT`6f-2 z5VpVGKXR-fgkyGD`%<9LRI&D9lK+IxN%Wrasfjf+A)mps?aOyQXOEjE!h!0$h;nM^Su$rG!E^Uf)H46e6cI+f|!w(0ZCmNyb!E=sgbj>LbDo(?YP)Z1TqM}u^mHQ(6o zA;WNE8zadgh8-(;(n)~mg87{}n1&QQ@Pxc5`LO6i7~ zASNu{<#7l~+eGs-rEX_Du~QPh&EXuIE}i|>xYM39>p{0+0G!>V^*h(#COKJJvb;ac z&QbRY@ycrH&_-H-eTsXpJZ?AR*G&Pw{k$+M0oB}`+7i~S>|FqBhY>|9@2k-mllq)^ z5y$W_;Wu;Ll9k5KXfZl7{oLZa$FbLF*LmdUl__VP1Kk_a7xJvM_f9o}I8x?ahe}jj zWk%NT$l;IiPM?oaEN~9ACPbY;j)GWE7@k$xCvRR=Yn!0DDiAi1ydXM+(K(!5;of`i zdmgpo6z&DBZ&(!KX-sto4G+d0SdDen5d!V6%{r;7r7sq%T^%dNcf9D!wc@zwbjPxV z(&00y5iIS@ZyrtZU8u<;YHRyd^v{J|Em1B$_iH|+vVWPFLD>EtAEv)p-sr3`u5{+s zqa(wlpd8L{HNV5QZI!D3A6wrYNM-;2e^e@?ME1-mBSd8;G^~VVlZaG8l9jC;$6m<} z*~(V3DiX@fNyI55E6K4roZt06((^o@@2`KJr_O!f?{&SeeZ8)y<=EA-D>Ji7%{%|k zA?)8Bbdp{gN?mwgG|ir|EqvK@V8Hs=IKiRm-jK#PV@dP)SMjQA{g{_<>EIffWv2AF1kZ)T;W~bh{Z_7m~&PUp5HhK!*9;Bm&@R+ z&1#ejd%j7l>v@Bfo^g+AY$A4!eS8D5 zZ!GGZ!CG0&bW-M}IVFdCyu)OdHEWFQ=gk0El9}|HlHZ^w-J()ww;o@#;}JX4EPd1T zXNNkh43E9aYnkkrFl75k-$BpSdF}J3>YS_npE)`tu5{RGENFT^8&_A$IQdYfQMZ54 z_H&}(d)d?M3?HfG2Z{);EYpjT>8m;{Z^CY@93TzX1c7h7>kIRW$o%(%JrFNYgBX|D zsg<==ulW#g>KxwRGKc9&0bVf-JJ63adCMnu*l36TaZ_1~lgEx2jJQGJC;Lr(v2O?L zEDWTkCU)3fml%`ET(Gdok1KMiQH@Xk7x3TH3mti@;fk&D$VL^<|VJk3)p~^R#i-&JphC3t1gL(so-u zR_Z0H!x81s2bDPX+MkI&H|jujb|Ob56ZS|ztLk$GZDo(VnMa0!a<& zw{IBrfTNp^@iogAl!9Eiz2>1CgeU`6%qIL0mX+hw0tBIVdY3&rU$xwO*@K>U2L_{0 zk2j+rAGFQw@G#~(xp`FW`h_*x(}>u}TW0<4saXwXs0P-Z*%>EhFC`9DeSzh zCYI=d&8}#=rTns9DD<%MLpMkk3rJSUKaX9Fo$4GtL0I*Ll$gy^x=TKy49cJy9-!_#XH69Vo|Q3$=&l=0xyC>kxZQ zq79S!e?mlS+q{8?g(5_ryIWC~MgJWafzxYAYY?^f`b>c_E?MN>)>Zt(3}shHLEgO+v0}#6dO*{)x(5Cx+5c!bTzqMbr3i!J zWW*O^;tWSB5sFwE0@SMZBPI2DO68xEIA}Zh&_w0Ci$jEs){0){qPZcNISApenM!m3 ziy9YtE)%#k+^g;R(H0}oIw6Kv>=7W-a|`u>5Rv&4OV!Qa)!0vq6PyI)u9Av>h6zxI zD3j_QH7KwyLfnO(8On98UEQ<$*a_~slZ#>7Bnnke$=!YY$!PXT^obZ^smeFT=Q6jm zyp`&F16Fra82&6K=vztVb77S6_3r%s8TE38vr10d%={`%BX*spd4p_v$JHjUF=e`* ze+gu4 zTp_{5WZ1T3Cr5ticI;0-LYTn)JwKj*&k_r~i|LHYlCOW} zl+AFsge0E;oj4!pIfAZF>mMz?Jsz{@s#iJh&8Yd4=Q}l~jdI#&YswB=((aKcr)P{x zXRtgIAD6#7etI>)X&0S$5fBN|FZYS7Mn*j^2Tb076TB@Y5iyamiC`(691)h^XGPA~TiOn2Cp#BFbh=_1t~+pDOfwnGDIkmIe`^Av72 zo_OTl7aOa%pU#YsG7LFtgNmgJO?!PW9M1N$dsQz%P%v&}sSj-vIu26kMa$J+Dk(|*wuN>6&0`VY$%I1GaQl!ar7N!pzowpVsJ^fX@gtTIVXE7Guw zJ?#}_Q`r!i5tVBy`*4D5zB+@~B&g$*T6dkIahc76(sv==0ElM<8rL3pbB|!P>hvKP zGXQC}(Z^#nRxfsnB{PWr_!>O&==sZt1J{#vD4Cxh2w9qrbBFY%DrJ__%OQta7usEV z+D-5^m=w_v4va%qFR5Jd3H@)^nG@N>hh?k zO1~eLWld#bXe~HpFg+5Eq}@s`SWiPwMJE1fYxDO{OutwPXkY8-ZCREwF&zr#BjmMH zIFX<GA51fR; zb?9Oqh%9AAqdNG_!DShg&1%^vQzCR$m>NPs_J$<8E07e_pTudrR!!99UvlrLG+=Y0 z#k`bt!<2l_TGh$Zh`_lHDhT_IN}b%#5p;Jp{j%XP#lZKG)Zf|%hNQso8QUggYM=a6 zo2*`~D+w2#1H>>K(%d_19k279J?UY4q{fDhI8HAQ%+*=zR4631UPwC}v&5~YtXu8d zW%yKCLfHF5?}ZDUsU>VdQCc)`gD`!&DNZWxHLh;+QRM1|92`?R1FMUtICTc5t#y}; zPf8}4ZBcUa4jJJ}a~Md!6kWgYoZy?gyxMVv9up!G!i8}#)+g<@3rg>_tAE*m%Kw5d z7>`*B1opdLSfZVnhECQr0_#uY+k1DqOK>RS>uwp1zGx_`dLcP%Jcb6 z?rHCVm-SRSw85bxTv&;njg@Io0zg2HTaw$(hxx?RK<6(lT0sh!B0_P`(ci0!P-=N6`|_M3E0xom8&Q!lFC3zk z1(?dQ$DJ6H)An$SQNNyH?s{8Uo=?8f^X-)@9&9V)64R{1N?#YTNUak502aaJc! zaV~%dZ+Dt5fpTO}((&sHN#C7?(x>hoaiR@rKje^fxZXW>R<3nfJZA0sJ0O%F^bNaU z1-Y<-rQxZ@>9_g3L7Z%Gpphpp)DYD;NEs$$+ha0lXd%37XwIUVcG90g??Jt!9M3%h z!UF|O1e;wM<7yQh!v1*P9Kb~gbE#dc$289=Rj7W$B}w^*oPyAEvmSSF!~-G8ZBC+1v7sl0{aB1o zLY5~-sA9m&;F;e;5UL-X(^*47{V#`(2;IIz@JWBtpsR|lTS#>I_~xx?blYC;nwC|Z z$>v@D!-2jqpw_IC)UCer8D8K3RJtjdXLQOkCu?Zi?(bVpHa;Oy{dNR@!unJ{t82d+q|a+g zbUZ6L)Ao*$4o-12)SLaev6leuc!03njBq7nTpZ;VJG*u*yv!EF=$-q7g*UTDG`rgQ z=nav;`T0bbCSW?ShHDyadjp<|bk)b`de6-O$;+I_!=?hfG>O771Qyh5Z0Yz_!SiCwc zY;fjRTy(+HtSr9j%OJQSDe@EoV(oke1|ABpw=37E;CGxzd4^NcT2PvPn@*f*ZxAkp z6ESt^@ko=K#=iHiQEPvKn$_%)vHb+WJp(mt`hwn^8*ep7v?B-p@!2ug9-=sZSr&hYm_7YTKQ?#apGlMOHN! zGpjb+C$Z&r_?m4R=}UjVVgd6vFjR{*D|G%u357J(yoT~yvO$2Ikvy`hDqJkFYEpnsi%oZk|%|HKu=FJno)IppzeXz&|{-XL^b->~Z9@f}6sF z7d~s11Ei5Y(&^8Jq}|8fzk8=TZQ=oiSO1=uOHPig+;jeC7S*e|ri|hl0eo-r8Unvv z?3g6Al9rSPr<9RlUIuUtqiH4~C1;ef>!+P?blX#RC7-VekyU);$fIN|`++aXT|8uU zxOaHxO8+jgLPgyf)t8+VtYE)$yftWS^%&G7fSfNF@zeIy*bhLOR*> z@y8fZwb>d`L(Y+m;PeDs>K-MnyKKV~@3sf!@Kp-o-Ef1V%N`E^omzpE6S^DEk)ct; zZ{QGlJAAvzc;)=!v$yT_)%JQGyz_vYx)Ib-zS{m;Jz7|RnU|VY_og~luDz+oP;482 zXHTJZgDNE0ahU_w@GKPHO!Ga4G;?mK2;BdQ1@nVxRTO(j_}s(6^PIZ}Svket1ZpVp z#WEkP3*FuHIae=A=QBn8{83A`)+6Zv@x(Xmr`GJ}AMSg(u{V7Wzmd%Q0BPG(&u0q< zOB*IWT6jT#*Y5d>Pf(+kMVavU^(8NMyo|e>TajkPM&^-vedA5vH_Z9J0&betX3gyH zRMEil0T`~#8p@O!oKk{Z+{HVai$NCuf%29{79? z+?6@*bI9!HR9XE(8?kC?Ig9>J%zuyTCuq>Xpr6QK*WQs09@G%np^)bb2dJ6TW!ku=K!A9QO4so#* z1g7!~jdl#q88&%W_$wr~J%kX~+Q z-O~;Mg;zAFCSgIz_vY@j*jMU*c$c~uAFGDWBEQh%`P_Dm)E5WGj8b^1g$!=T2px<{ zK9TrF(;SL|>$gW5=N--X1U03yzZVTm6}gOp&IbIpK@i1T{J%e33rW)qEnPA-HAv^J zExGM`ck}SXN0D!t{HHUHCZkEMWmc7aQo#HD@X4EXty@SJ!8^!SbmPtGm7X;!ZPrOr zXe@JsI_&kUZhBIJp~LpzK)RpdH2>`|p%-<7^>dl4XAjlXyzn-q=cV3h&RWWlraU0k zkQK(t#ejb`F23vw>~y+EaJsp7(e*o2gA{vh8_gW;m902j@^Da#b0UZA5A38~9t)+t z6r7rM@S}n8{7jNe-gXG{9D+#8TA=jAs~uSSm6!XQI?LN|3K}D`<98-ywcBlxcpp1TYkFU7S zWrI@WO>UaxBmHsFVIoD@geSp zrUXHUUg%>F4}HR?DxFK%)t0Xp(B412>tc%vMo`WmZ)r@(cSa-u+7Py z0eK{YGPP^Mb8q-LE#8GTFalzuMoJcJ@wm-sHKw56|5f*bKb1^-MxkV>WrtX zR>S2dViFWQZdBHKi4xfGl-68~{`*uc>e^MlSAVVH88-Heb!o~ZI7zQT-pZEgV$l_k z2KQTp)rOi}5&W}8O97UZgTJghuJm@l0|D?ej)p~?amx8K^95+_LQZsKy>A?Klunax z@u5oZOyo}!G2cX1yM(V*UhWE%kLFJK+hD67q-m?UsVVbCLeRMQz;15;1R4?YJi-;iAOW!TO$D?YB()XRHL85MzSU zLy4R%##y76VNj#P7d4ndCgxvZF06M>kc*FjV)-H z&0Jdf`jjVoBULmnCbn7L_c80eyhQ`6Al62my33_6u6^BiZ3SfK&wk7}R`FgMRyeC^ zb+#zeRAk$pcB`Ju!xD1#?D+*hM~5I2|^L_{7NuFCLC1-O|e_QzG-N-#+YGu;; z3TSKxHudRq-Xv%C<)P2PpC!ch1hm;a=C?C6_}TDmeBhr2f8dAYZBKqk9_I$hm?0aU zjI$C0)WjQ55IpTdkMfUyQ5j3M3l_-gy6Di1dSLhPQxiQj-#)xzu*v^i1?$b1S{$z> zKNcmqM*{Ddh<238e%i`gr7(YD%`^?-R<4^wGq65i42H)_29D@Kf#-S}SiyGC>{xZC z>FX0jj%k#{o>&3dG}wzwxP>jW=ET)vWBP-qMKX+RB~zc|Xz&Z98YCVUDGeIwbCEc> z|68NkGH1?R;o*IZCJEii=1lx9&7F_jzP}3J$S`i+bxeauki-cGU<8yJlex-l9Qdfq6CiypJ>NJcAn4l<-TR@ zRy`?uQ0(W!m7r!lgY(Yk6vZ%BiiH-hL~(Y_coKNYE}QjkBrPlNwi?d^1XMk{VZpUX z)9Tn2l*A4Gw2!|iS#K|LTz<(X`*2Q(kMUtUbvs|B@en(c?$2cX-%5chic=mIc9j_( zo6^FRNJI~#KBY0c5Wm(H&e;43a5s&__^|}K_VqwikDMN@%wZ)t4{Sp9VVy#c2fd{! zmJ)A$G&0t$d0C*%aasoKuxDV~Scef`wL&?G8VK7jdnW+|kj!CHX!w3UY~z0uy8Rd- zwYG%$LKD<_se+B0&$7ecbHI@`WrxqGACw>%c;f@6Decw0G@y$ypvVpW9bbuq|Fsv)79ngwuiF{-{@Wz z06!Zy6guLsFpOp`9-+K)f@e9I^;o=LX28_Ze};6l>d6Q43;`ez=g|@~P%Bycp!10L zs`2M7S1gDQn@XP0t+s+(3Y?OJ^-9;&Y|vPnyQGid=`^NJ+mCT>c2JbL~<lkue>>y?gqn8f9*qso!538 z=3QIE^t3%%6Rd6+!W&tMw3ls+DS;{v25%p~yT{|!g|paQdzp^}TiB?+*d(e${769_ z4~#tQl#l~%awCV{m}z64^(CeruX!CLxr|OXGpSHbMAQz{yLq)4@25>XCNiLqD?a=MYRwe4^OVrKo3V@Qv14vj>ub6fXOl^i) zP53qO8v-XwaBv9O;13@TWV8edmsp8F&RipeFI7QOvXho~8=4cfAfDj3+6rO{JH-H& z!G|*Gzhw%{{24F0zkcOB5XO!z9=R8E13O8dN(M+_%1c@_!(2ImUrq+PX2$dW>aU9b z*MOqu?+QT7nF}HDDjc|Z{*w?nJWa!mK#KD%rRqj_$Ww(gG4ggq`g~cb+=f^xI0v;^ zJOE@mRIBiP7y_5lNg{(_(F|t4v>Y99rfa)jJ*PB17(iS(9whGoMQ!UP9)|_1{QwQ# zZd~82&~gP`afrq@U!!=tJJ}VsvydbQbwJZcFI>JX*xN(9v7J}Wi@xE;X1z=O=~2k< zfOJi$n!cnU#zL#%T}{!`*03g+G5n#1qwa7bRR69s27fo$aaR`*8k=jji*;;j!z1Ct8$nAvyHO!Qi>PNtD z2CoggI<{uMM>Q0xmH&`ng`nyK1+bRJZ%;xEBRBZK#a~I!YI@&apB#>Nkw4Te+un@W8&V(}}mq}J6|&~mWW3vf${@|!pK7$*0G@^O~BksUC^FFzCq=PU-f zndo3HzCoA9M;}lM0LaG|sSDEs&Rc23Uz5_gMSuq@bM@HZf&R7w-rs>#ROt6PGG7@H8aT8CF8G3y z6Y*ncJ=EGamWltZq`DppPK{tBsTr*aZb-h3GGy^99swfoA~_=r5Z14Cbc}yLErKw5 zV87NJZq3KyP`lT`<|l!RUxDXMfts;7hQ|+T?cyBF|5k6MgxJ!QAS7?#OpnZIGO(>Q zK#=_;_$p!W7rDy6c|-rfd>Dk)A!iv2Wn3lMQw3b=r|IukiwWx^oOXE3gUUA^|7!%x z^Prui!M!9&SK*)$7fRe5Z02Q3riY7GMS|YMC!F#eQj`8BuyYy&?Rp7d0lImOy?_#+ z24dt(={J1cWyI~L{1C2&^-lmWfaCi+Gw2?-Fx7A`uJTG`IpQ+DYsAOqSOb=1D)Jx! zuGIu-K!#bbAF&KaTLriPL2sg z3qAMZ`V*n?lh^_TI;0w!_wZ)x`Ws*`)=wW=^LzZy7%CWs`h-~R{Re)X#5zYJ&+2EZ ztbwYnSKjVgP6oUI#)glqM~k2edY#iLo59hjU2aJbrdDVN7*I)1z(a7`abKwaGI=Fm z02eCcF-RPsaA+C7F2ve0z;%Y)cYYj48Te0~&X+npy|xJ*Ln{tv=#;16x90utg^NQ` z=v&n3MWs-%2Nq3+2z&PWOq~}^+kM_yB?P(<5()Z6)4vB{qQ70Yq;dXtBUW*G!uURa zzY%#x0qs%4gF~n)6Am%xLBQ3x45=?x;ZPC|wUA7@zdhhMZl&s+E}nxL;GgWXeMK}L zm`>WKBspmI<`i`9$NMJ8A4XZp+)BO*g;%m|4SM`m97zrXZd$n=qW16^7p;WMy5m1R zz6$~-{byBVaXmX`QSU|7cK^w&656bgV9+VQ;OaZgI&CG>Wq+7MvA#d=5<)-)fGU+~ z!5%oNN2Xh>mIi#bTzPwDIhjxrDap}QG@3tF0vIa6517c}4J9bET3yYTo%%?l+z!YU zYGiIY8h?`xPB?091mLCXC7m8OoT!pYWTt7a=XniIo?=wuFCnVCDBPOOt+Wf+n}(aP z55trN@r?-?d~UUMS6$rerRm=wfnb(^a$q7EY`CUoDUaT~Z-4pnNNweKd#WsB+Nse{ za=7PK`(Z7+3Ki0!Eg+7>LhgW={8%QQ1ogWjbb``}2uI`u3-);f-R2qR?^kqx-cY2i z&AAD|11H)bk_9tV21f&WqD-ePB*;s+NFE;oX}7KAfwe#**ki?Z&?UScP*WCJ($r#9 zB#sLLpjZ=>!oydMnF`;je@F^T-rc}10N#%G;*|au0$o)I))uFQUy4F8a<)RSVLxCj zK?1EvfXWwW`bC$(60b$!&x?@EoW8z7s3oqbI{K_UJn2n=Qd^_#!RMe2h)mzUF2b<@ zTB(F6LV5^sFKodTL3MY6M(34bfRBJF)KFn;ZD#^s zZArH+AzUJFonbqO4%932$n_9_9G;uDn#4#jlIhnOfrgOxTCOwW@8VSGZv)b+qFRXG z6hcSF`1`IPsH7m^kIm%m)qX7XcXg07JOnoPww6dha*^fM-Gn)DM)92(*7ELup3-bh z=I3;JMq9fp0dT}*tLx>>nxW8LZ)d#fe#eYX$Zxjn0`!X6+Lt#(&%Vmr#DF=x7XTST z9SVQEKL{%i68XDw3HGDVW~p|m==v7_>LYM%oz7w7rvK-m-;RK@dqh#ErScN1J}WeK2c1NPr2i0nJ=pZ=0htT?si@XRPEk^pU}TwW(BqIACg za2Ps01GU7B)AJv*atPOaB+fL_4#o0=CY+cQJ2Gy-^MUSCT9``l!+*Xw2|_vzQf3%O zIv`n(6R@u@!or~67;A}&*54`F)89S0Cn8x>?F_>$DvV1#XnKKzpFq?U=c6N(!p8j_ z{B1q$PRVFPUq!B(cfr|Zm=qdtz!`F;f%~h7{4f(X;qSv&n`nAfvGrdlQfMGni%b1` zt5f2DK6qp^L;N-?_kxa=!8G->uYV;a4Fzj|0kCFd*juYAa?^__OyT zKn56$0hYCX?J-^TJ$z2$iOEI{2b@2?!zlMQN#Sh(OX7tMTB5}_INOwp*rFj2G4&pE zU^|Mw+o_xj2oiyV9f;KOu>j5E)cnsPJz+m(lTPhdDi7h20%%vO_BmoKBew7Wz#^!M zIkV?iKGvpzua0|x>Ue8r;?IczE&***(Lal<2FL=Y5gh94h2m9krp_%1a(bMhF;1dD z6j{h{{{2-%ETgVTi3m_2@i!A~9Z)3YB${zfY{M$ZsQRTv(3l<_EI)$za038$282KM>pud}_Gj#_%a8B7%S_b9MR)=FkJlqEZOz z+zAx3r5PY+<0J&0(~uO~@6`U!V+g2lfT+N1Lt37*14vy_fFFq_17!Hm!v+K+6DlDM zwU8^RsYy1c#$W-+)P`J$l)?ep2i@uHIWjmV#uyR-_OGLp^i8A4xx&%o5!*E}mTcha z(c^TEDXfm(0F+R6ubV|e&G#91r`_YTG>|499?mRWIATReQbiBC}z{&@!j2kO#}})coG+#oT}lEBA}Rip+(&PyNF)_W5wuH z6N&+-T?~EU1bhL^6<|;@;KE`W`PmL`8bBfbHcCbSwEl&!Np>(tkWTB{@T^zemW62*%mFJ zY| zqX@=p`bs#lvOf#jvF!RgibY|yy6<@&esxR=pmYDBy;Y{PlZ2UN)}st*@b7`(EdYvI zzf{X&IF`oNN$V|C7=7Nq!{US3DgM3SDWtV6Rq68o`yo;j%_uwY8m7M+bN_qCQ_Xt0 zHLwK$^-2N~pP~_t?7-Wa>S{prgL7H_fiOSi*1)b^OyI#}&<7QC5a|34!%rzS(4g2X zVNl6~AOLHvft~y3Cx9d|Nf=C)cfI=OIHB&(*mmiG5<9%vW`Ud=$R{wegsS#|1Kfe_ zEg`<;fhqyaX!$leZuklIA1+7jG5U;=2CQ-X)pi73^!FL0Faa$ZCQLwwWjQ#you-!@ zi~$wN?8gIyjB=$vm_sJed3Dhb6MOM->4mOK@?d8AqKSI|nTfQ_SlAC!FX_0>cLC1Q#=HaQ6*hSR3C(P%Hi2Dgi4{77uNO^nuLRZ2$XR zF0?ENnX!xzk>?ne~?0tN;br=zsqJsq?xC3u@|{FfadSqNs5PBKcoDopuz;#{bkI+KjUxG-=2yZRL*<`Y(uWu2_n53W|k>_6|0-bc>i5fajq%Qh7>#h7pyI%IUl zEPY47GZo(v%;ypb@+SacF0bg%q!5HC&l;F)WH>Jgfx=Nw-!(_jXOH`ydsv3xejEUh zaPc?7DJMf_(FTKNF4P=K)y|B-%*d?TQYu!P#=nRdyUPLb{&kct!#n?<2VK#F=X@2` zKTWQ;!{ojNMSF-ac&r4mlXaLdV=f3lt)sVEG7UG}xq?NwXJlqlVA@pbzx@=(SZk?p zPfse~8v*nXEHEzyfm4_IgKh!vp2kxD`zx3(Or`$N<_pj%|L?EJ=0iGxXDxsO0t3wz zP}+IY41pTCfq)x$O9FjpeTy!FWE3B#AZxIj3QiFQmDlGDAaNp!M4)|u(}d}qfQEy` zsodAeIII8q9J$WRzpJ>oSntzj)c6@XCjdQK8Vohu`u8g1Af+#VAEw|9!TQetWIk)G zg-o!kn*eSOKr#zN{`Xges;jjJpqleyh^+rPj!tkR1;*7bFITv#Vhm6F(*EZRaw}Wj zgSLoB<8~z}lzj4kjt8M5s+fNRJp`_u;jw;_8hKy-EMyLB+EnrDfOihtle=e%lqLpx zlJ+a;S}^?`nEDAa9Go#FY_Qn)CQw6RdkUxtYf9v!DC;h zDJ|aLSRFcCO3cMFh5plya__y7Ec^oUQ};g-ibP+DdY6#wiH zLRIBigH*CVo8%1P?o`#^paQ{$pNL*qTEB?Mu37xuK!zpF9Ro*-O7J&uX~U7-7nzz_ zKNNCRBj!8E5%_T(EBgQZ2=*ELh|safut*f3Cl#+`M`7Wv2_9OlaZHT`38PUGU#awYAEu@DS}?rgyc<+~_AxiLlr3 ze-|aL*VbCz_VqJTGFbhToxSE&QSmBAiRZ=R!etBBxiNX4Y9lCVxed)&;iaeXJMK$lTAr z143A8uD8Kjrd?Z}cs{^@S{%sg?0jBg;WHAe4bw z!q=6%fVZfX-iEuu2;B(c3Fndv?Qhddud~st3a7z$S%%l)7NRNYB~7ePas4a}$P1v} zSis+30W!ZG7Jyo}kQZP^Ucml83#b-uom*c3UG)ymBE9{CXR*=`A1BtS#H=ALxc$M)YaW z?Yeq=p{^B!>2m>Bpzg<9x^irIw%kXD$G-#RtV-Phdlu0lATyag_uhOFe!)b6K6xaE4Wf7@Fa_v<)a?oGd7dgN z==gKi9%-XxeaLq!bq8^)KQB*#MxQ408ssr76Z~^!uOLDP8wC;(jr_>Oe|QOWp_zKz zFzBw+>vtg%f;k~qw<2L$wyDk4AsJ7}Zx5y)e4q`r4@iqU#(@{wYIzhEdvyJu(Fs! z0ou&vwJ@`-Ko(~CR5YsHH_3EonE>oMbbKokbFd>e4iEZ)@S&+8yuqs0he?6b1pA{r z*Ws`JP7sKb%;ES7nDuZ>kI*rZ6$k-mmnK&Tq3Zn(hfcHSR?^^?ppD3Ex zZThl5vl6TtX|6ct*|E9J2h0V|#9lbUz2vi!(DrPFwa=z+OIc}}@kDt9_LV5S)4v5= z7easb2QMH#vDLO}lk!6J$XpPlCUoCq)`qk?b%!TAME5p)M5Z8 zD0kv#I!@U$_9zbdXQHRi;&vQ_%zJ|mTV{K2|9Nen@B|#MOE27iwUJpsMP@d8)a*zj zjZlhT3m4A3J7&+u0G% z?f=VEWgG85<3@1L+Dz`L8lxC}1`IQ#Weg5O7zI8z=DrWDrvWs6)sb1EAKHv{N|$I1 z=T}oLy#sQE1!yFdOmJh5k9Giv{l=mqJdc?iQRkxY|J78%H!OE_BDmxjB5lTQLU34i zA?y~$06HzNf$sBRG+_;-y%h@ZZcr8U98mU405se==Zb&k^YZ%lH(74K!Q+B%XcYT( z4{fBv6}rAe2Zeet_HSR`Z1_B}S!B6=a{>Fdot&(Ro!~*yC+~XVnQHojXn5#Ji&-rU zG%XN0lvofbgATAw3(;fOj&*uWu>fmcRZ=_?2e7sVPRja-+&nt21= z2UQ&(uHRSq0=(~2m^1Sdlw5VCmxLYDkYMxAte}B}f_(Djd37^*6`Fg)3#^ci(nbf7 zA-2TUWN2YvZ>|Vt#dYA#?HtF+S4kfP#`5>~;rwYc9`TwY;Ci_$TB29Y+jE*4>BYYg znY@K~uG+{9m>oc=XgT_KP%oEtD&2YqU83==z`D_0+)KU)%|JdD_71=pwIN~%e+JVH z&){~PJ%LH_LZCbHkHA=|?Cya+hlxmkZ;$_HHWgEd*E%nOl)&ag9$Fh!*ZC)8j)$&3 z?Bw#d%w%8o#O4{5B}f<>-Ga?RENl>dshENS;WTHDUJH;@|K8aJ6xVbS2W7*yuoST1 z<-bGhB~1p#6ib*hT z(q?WlUvLDSO*?BVf9_3d_>J5ad9)10CY#w zO56bb?JrSH?BtY{kPiiC%FAx@;?C?)-N~bPj?B^FXkEU5%U*Tl_ZER%2o~%n=fpa% zQ#&}Wl-)rwwRhR61V&I{sX6R>nzwVFh!ooOieoTAbEKyvz6HuUZ|?xisYM9S$p$}S zfM+YauPzRTra3PnaQXbnvllWB?c`RF^}K_Ak3y4o1;wjfj)-I~&MjM_lg-2|-TRLB z65(k#>Y8JJ1U@2T@HwU*Sm3wkHESZ`wrC94W7rWOR(PiO7g?~shC&n)2(H=;F8~=I zC4!f6+RAPPPU{`{3IfZ5hj%TNIW2dR{786`OdcEYGiljk8=@F-O3O%8v!XwPblSpF zA6V!hc+k^iG$KyIdzP=BviNv*X8IWRTpPhgJw96GM_PLgZ(!{x3bGmQM@iuglFGrE zrz*wju|%*bM0D4!Dx9(x)40s%3OXli*+n_`UkR?KD5Sfgo)LF;hAF6xZE0R@X`jdR zfXey{`@qiSN`Pjptlk0`HbI)j^HBeDeYA}?Q4k}2rlr&5dR5-i4`Q_lItTWk!#*77 z97fCYxNd;W@fzBPYz5WrK$-SD%>DJP&D*v@KW^bNOaT?#f0>+xA786ap;vnxwaKib z_o;niwA9HT(WPn~&xV1^o7z#>KLmiQ;PI-*R4>r8gJ8d>$uuGSf24;gCx7gbw`0#Q z#Yi^;$*IltfATc~to6&lPz-8x;R*jPO@B$pi9Fk!{8EM(OaV9IU0q(z*Uke)B!<&L z+!gK3&g{(swKpNYTxjFbVTxK~3Au3X`U>c`Sx}&99-2+BS%3g7hz-2KOI(muIo>ryO7^L2wTs=0Uy(Z7jC1 zPG!Qq_XedeJ;5a-!KvX+4T~@wM0eNJ@zU>n1Y3O*T+?KR;+bQgSURpa6YeN(mrq$B z-!+&1xt$9-0bNE76=yFsMxp3#%8Fsv`eqo8AYw6ftlm`v3O_oVp)E;b3||1Ma3tr73gA{8$EAo zTTEF?(67Pxp*uZs6)o&^rWjrVxVJc&{>?k0+b(pzWH*i7V! zmu8O-C~med0u?1>yb}4*%br2pv}F;D`_UbdbOLBp85f`VduV3Ua1W9Brs~@N$@?=z z$}*!IV`$ABD_^Lf1L{M`MiS`{klWZArxd zM$4CYX?>H!i)~L%yscgYs`?=4K-Ikbs{+SD)ny|;TzhMCnoLVYh6!S0k$WZ7r}sZm z$BmB0L$He$nG3Q`19jK6^f8x;sV1;@f$ud!r#6m;Z76u#tzi2oy3E8RlHbmG_6x{` z`xXP|E<4es>?a&~k~euNF+5MENF0s^vAL6p7@{2RtO=&Dq@>lRxU^}3vKSNSb4&vUUA0z8q;FJDyr*?%Y zTXL9Q*3v7(p%70Yr9Vmru!K%;X+6K-Z~`@PAcQi>jMUQkqC@Z&3aTxOk6d1;@Ba-o zJ+w5pFtl4y1w)rBc;ig%&3WK<+?XDyZ|6Y88tW!Vbcg(YyQ}bWUg2x)4c>4aI9sXT zes;^<=c>Iu^gnA&)Vl%|34_(cUUds4UXqt$NWR-rMP*wDpFUWFxs~EJm7T|>h)h(( z@5-W49gRADLJY5r`V5ijC^y9wM}*xe>x29zHK{)0&c?jAsm2tkbr6};Y&o5G>Mh8BggZbHnlkSWEl z<9=b@2-v_cyDNNQuwj(EF4F-yH0x$%k-phw8wc7RXIM&psegYH--KL4^xW4^ZlGG+ z)dpVvl*|xJQ(bZ6w)vE^U0_hDm3}?(VCRlI5n6EF^bS^)cpn-*fv$Ujm+<>ciRZ33 z%Th?5g?kj0Cf;ZC3ZI>=JaiFN9al&!p4|;tHAEamNa=Gt5LIS-Zfv_VQ z?cayzK5b_1Y*vEWO7qu&=8k9j{S~9b& zwQs_inB?B}MJZt4Kr6ZfCj-pdKH)B}&7@mouQWC63k(&~e@?L*Hm4SE0B0Rcy*v!6 zAh0Bk5m-oCg~O$C2ZE>y+`h={nst)OaK+8HnbLF%Pz^O#Os*ds$heVnHNHNxTVH`U zk1Vd$ZzgwivpfwQf!9 zyG`u)?6faVQk9|BJP)vwct|ns-qcq8f%yw?s;o;Zu#p21A0h9;`5@N|@5rYXr~{0B zZjq}YF3umRj^ChZ;vG2YtNE09Ctb_llP^L%#9~H<-kx7lZ9aSfUg(xKy(|f`sy4^P zsZ1S_SLMql8B-$$b@YneQyh1Yyx6Iu2QONAHd*4_>SSjCG|BjsjeK*O{{H5zeO!8h!BdDwW^yLeZ zg3bi&EAO{9@NH#_==|a$!!4pG0w2S%zd}u+bbZRO6UwB3sS{ z_<1`=0amXR-by*;6z9s&L{W?+bcnX1$+lc*Z|HKCc~%(j55keG^C~Yy zZi+-isULY1IOR9^X8qniNJxn!S3vDnghV5<9^LodY}uZ#_>uoUa82=mo|h>jWdcJ- zsrWR>fIpFr%naLh2+L-2+#Wa-pT*t-YJXlgwSDo`ZOKGG@Y#)~pB@v%KLqYeRy%5c zH2(}^OaRR#+nk<5Y_ge-Oa3q;E&`TV zFm~3sg=Li?@S@nZ(cAwP_}?JLT5o7+HspgGxVmD}u3r?vdepE@HmGLnG(_xA+N8(k zse>Wz+I#k$ZBn4!vT@2@xBLy-mlaK$JJoEi7(!I)kN;u~6gGw|1DT;vr8Tlh^#7<= z*3wjNU&^0~62qRBGTVnI`!3t+-_fE$RY%N^T#|w3p9*azXnlE5k3!0$Jo&|={Q0Gp zN1!Or7kO26ca$9vD?ysE@Yuzr3AO0%uo6H~KEo>%B9sdkdW1s7& z4I>zrd&f)L9k{sTeqKGM7r{p$jz?Fcy9Os{1zj>t-t3vf70vgQGn*n++n`$Rkmw@H zZInkBVE#DH(%-=u&gL~)8MwVubD|*+Yk)fkO{=?lD{_IcHtByPXk9Hl0HfhlCPWum z@=H@*G58B?7oNzcQeUoAMY^NB=j`Zc@G^K|$hvi&Ds>GosV;dM5zzSiYy2$iDW%O# zkHwVYN;*zy<|~43Vge>6ca_P?nkr1kviPFdJw{(W3{IYA4GL$x-agic%xlpyOuUHL z?j44iX}O;=J@0A3j(hyw!EjhRLpbFQg4e&}8;Ca`n#lCs ztzf&Vy5f-c?a?gi`_*)yi?Cy&7v0_xG1vmPy53+K&L!Kt)gq>J7t>5b0=MWp}qV8p+F>98ijx|j(v`sROzE2QCKlt=| ze2q+L%kAOD6%nABYQbYv1)e5q>3O-AE~<-f1uWSeJJg*jn%qq~5Qaj(ZuGAS=RY%neA*c4@Ckbz!F| zViuRe_XyarUv#)rl&Bt9Oj>MEy3bFl;iw_4t&CQ$folS8O*(fFkvP+O2WcDgQ+OrO zpPOcO2SQ_pC!K`*;`py)+t8Off#G(XPtP$`ZZg)_3uj?<{OW}=Xzl>V0-eJdh1o(D z^l^;zfj{A{cOpa`&pY63Dk5KYKO=|4uG!&=tMtOwy0__LThkX#<6^6B3R)y^`uhmE?*=FjS@)f3-15D?pXxZKUu_lj9SGc zevcjFhg4JjCgUi}yV4F`5@%8OrEg#r-a%;?W|k`o5Y;OHA<*sxA+w`*fK6w=hyp}3 zmmXxhITA~{;0pO8y+$BbZE3+qjy$E?;eIRsQF7`H8|}k@Q%>E)4=wZqyTsZ_K-!yj zbNS{b89!eX!zrlx;gD!xBqm`adNrKSk@=JMt(65lI8lg5#g(iSU5K1+K2Sr8oSus_ ztx8xs(S7BugDBLQw$j2{&ZE_|^4@`f_n6Q2eC5DL8LQlIfVr^f=V zd!Jj}enqIBF^&weNYazL@oK!)XwAH;lC${g%F++ToCWhWqM?mnZmaO;_-LG|eSF5; zNw8tc+NP=;$b?AqT!CVU115{H&m{WDf_J6jYB-$e46}!x|FiQoQMX;MnN{T}p1pql zWYvrQ!@i5(AJi}vOb`~kdWRNUQ`aiv-h^v3?5&?0x0wrHairGEFu^(5MkHfxpI=s; zf5IL%M2deV<1n?>OK1s~Q|GRKvQ z1x;MLIjWH$5EhAM)+>0gjqxN|eJp4 z%d1-Z-;caBc&_wo@i5mT&R&xRrO)wFoVJ56^t+O0N_6`cmRmdXtUD&!=4TT3UKdt7 zPr55K=YUmD97S#-$4;^@le+Iw!2vt5%R9oyz4rDR2a!+JKSvO$lVxf>0qOZS6R6kwFSQ5r*ud z1&Og_FWHjpOJr;z*=H<;NsQ$^_w;zazxRFrt#RM?XFH#Bu5+F1;4+W<&cAX|H>?)1 zHRar|Q~$H|XCtPlgDa7%^UPseeZ3D(0VnBM$=Iy+h^(Zka=Wx8b7K6|+e{}?`P0wA z$NN|0)zrF4rj-jm7sJEdF$DwuRqrqx-dqz)Z5ssM>dgi7J9?KiR;^oU{mykr8R{ElZIhexWX>myz^D+ ze*8g*{aU^ikI?a60AECKM6$j~YUUAc?Nc68=e~yZ^vhhSEKr(1H+4Fvx5bm!alqY) z(J;wXDtE{vx#0xGq}spR*))58tK8NkAR;EhCdNo36Gi`d+OGiF(mpQ;)H^SB1#WXY^si!qZfeAZ~WuTt1fzCaET;e>#Y#y`s8d&RzFeD$mPksqtN!dnDgXN5Iht`Z@e9sY%GDxr zO;K0wh*6GzRk!6>X1_335%+5}6x3=ui=G!!svy%7y4AEg%OE#@UcCBy^MOx*vr{kO z<+egI#~vf5t6X8GY7&w{Y(i~Pl$VNH*2d&SA)S$R@t!nwg{Z8By7a_dUv8TVC^Td{ z9n*O;H>O|No=$3e1goj@7wL0lusQ(^_kKVyZCj_$ zj`UeYZm08_+DV%X5Ifw-c%JxiQWAN47`%M|BO%#R_UF~6&Zc`=&O(QLfL!ki#`Hyn zrLy>-NzZ~~9M)vH{F1_%o4y}PBek#?9CxyPmXi0TLRe{<+s5YWHug8!ygBwe`7#Pi zj8#}i${i1!_?b^Q*WwPS_2~H)5d_`_`qSd{C0x}#Sb}AB#snvx=pYBiWK1^uOG);U zL2J7&Dl6p;Z$`G{N6zPkig*9ctJD^-k#=#3q6A} z!KX32@gI)#kjA}R3Z~tiD68`VyPItd-3DRCbM~0oB+)(UA;+}1L(EhQY@smcFOZge zhA_Q(P9h}H_sEuOEkz2Sll^7IQs-0}GP zdX*S8i@}Br|E<+`CLyYkEdoj-MliQtDYnlM{i9k4Z||&sbA+-E9}hF%Q9{UYoSe@HOJn>yUL zYl}ikTK*&|0S5wN(_Jd>4}xptqp8;tqv4MOgrQSMNPF^dG3k`PahM@&mSt=H%Gn~! zu%1}DVwidLTEawvBMlk8JZo6yRbEwOi=tQ$rM<7%+OEIjY`oDzHB+sIVO<}UBx3Wf zFrpC_CzM8m?5IG~1Ymnfn<)@So~?kp|D}mvVHIX;I<UQyvLMlx&@j^G-qiY(h>;==D2ic*wq7>a_jKGLl-M1o=vQLqoqHDR2SvQG za|6;N1CCBe`e)CjMN00PRH{30<83Tr$l&GrXd1R0Xa--MdK_T@}i#KDD>eQr|xykbJlAPhv znZ9DIx%UA!?Lz7vF*bYV*t+D4QITMUl2@)2g?rw&pnCQ%`$MAotFY7oC)go!{-siY zs@)vjVun-|M>cjf`V(@4uXc$EV~V=QlqxrSb1h|4*>8j!RHxCMh?x~Y!M-&={my@D zsrXY;Z~0WJMEZMd+*En;m_Cbbl4T1VQUyU1!iKo7IaqTtC2eY>NT^n01~PJWaq3jS zyv9X<{)xbz-+DT^bw$n8Q+T?B@a=@uwyzp0Pe5sTy6 zx1@35&hTIvPxz$`pNvP9E@X+9o1El+{_e*k>Tfx)c`j@C&S#Oi_rw<(p9SdnUX-wRgLCb0cV6q>)>_9~WxFD9`dPj5XWD6u@uk_!PK(N+^y?lQr}dAf*^gWnTGUNimDD0- zf2*=gNc-x5pDAffV3+CPg=-x-TU*+#9$OP{xmSFzBqd7e40eBOiiDRY8T z2x4dl1&&TPgow2B$SRhwyd=DD1}sJ8EifEknx^3RQKK6f)v8Z%AFnfpC+Ah|zNc2T zKjpZ8<)ak0Z?F5z#XmdRQACLKM6?@6&!7%0gyU_yw3GA)gaW4yZ@n8a4=_K9v%Ok9 z;-18~H1;*$jK@ce+`oJEPB%&7O%yMNC%&;mi(J)0aZA#~VS2D!E54Jza#rH?Mn=B% zme;&$n;I;3^ZBsW`gFZwQ!%H?yW2mm_n6dLSv+2FZ0U`JjAj@d+jx@W?Pw|%=4c&xJx$t zPSTr>{jNCl!47n-y_(LmLSBs*Y@icAk&ULAffXiS?xf2E5 z*~=kcJ^k>h)c|}V9@*P-k=;4f&O}U<1DBAj?%Ho`j1fKG+vLvILUvgT6cNhRG@EF> zG`)Q~4fgta)rt-bs+Ym8c`b$T#W>i15^1pM>d+hPxMLoMUu*Ofw4#X7@nw8{A?d8_ zoV$5BD($Kg$;K$ap#|4}F_EUfegv})xUeOZe}0+%v^*B6M5QR0#EX@*C-JKeqG_Yq z5~mo>Wb5C^8}5~_y<8%zn44f3+ko#_zH#W?6~YJ3-iYkAKdW18-yHSCQ_jxagYH;K zhIe)KDur$&))z)-#c(G(DQUg)BVao=jOrc|6UZeumR21^pSq7~{T5%jW~3lvv75V? zKunX|)3m37*x`H*0drGMF9X}`2m5V^jVv2)mn`zfzQG`Kq|W#dLa;eQ5+0pl{p`9M z<1!b6L?I^i`Y--4_9X+9)oosn3VGL5tglyj z%&(V>XyNanhy_Hj8_heviwyg~j!_($)m=TWb1$zy(!Mez=PD*QmV9z;8j#<*Knl|M zI?mq*hzSyZv>J^RMhw;c(=xmQBIq{|`vjKy?0GcLIS(rSS92<3%AfI}5Zg`hkFFU} zmZDcCM+*Ld`|)hbvH0LJ%2Ap-gdUBpLA08WoDqS~2UArrmFnu{VH}=;J{*QHL-mxJ4d7W7wK~1{NE#O+% z+=&ruoULlT+vHMBq~to?RwV{GO(dX?0j%cYCpOUs??G}abzX1r2a7D|_?FeYY|??! zO5HLyv`V~;t8h#$5RT^n(YpEzptjt0G`}9o!VVw$rI>t1#z#QgpLe2sYDMp3MCOKg zsKi4U$Kf73xiBB(Hb0VEbOT@{vB6IOb+br@y@q472yXu!I0mN9cv7^LD(Fo)ZAk z$PMd;g?rKSIcddBMUiz8`e?UE{CY&Q?=gm7Z8y^Yv3@w*xNB)~yzGs^LHMZmBK2>U z+jU>K#h7JxvIOl1azS=6;d0Jvqo&qJbUV5SF1JY`7~Hpe_W%n&(Kl;eY&7Js{+E%?zXojTffS}GQ>IZ1S@E8>hGN{G@@%^I0!etRLTo|X686) zq~b@uYyQLs4b)<{t`c+gY)ax$r;fhmaveTQGr}FVk!yIUOklKu4&c6g|J?HN&_2Ew zz@K?Q9rYiYUK8dFRJ<|fm!$k1q#hn1i4r(ZMSSumzZ1@KHdRgdWCB$ADdi~NXs0|= zl_R(O-CN~ZYk(^fF%5vGYOL(cH9+h>Ot3r25KN1Ec3Q-es->p_U$=$(|-uZ=!F!|aC1 z5{uuuCWVX4Sc|LuH%x^^WP-qmyvgjz^nqj4dh&vX@5t+2Rn>1$#(d7V#x~Of@O+ElfZ9aGaGmy#EPxc#^5v3%QMhiX?wNKB z`p>G2M~TF)nwtp0x35YWcx=Q{yBiDV`5KT)NA19|FVJ$D@qkRnXjv?kgGFzh$f|tuQR-An zf*bzHt!_)|aO9P3K_0RK!#l6(0QwNY`Ugl*lP(*%O~M z5^&bGiG_+y0EnJJsyl>>09jgwqh{G89=~Y!j6Mh1Xq6&#e&B?Ta&$sg+(a9$Lg#ZO zqNG?vYvWCkCO~`^-{g>tfhC}iOVf7GtdQzCkx*b#grSW|_#sF^58axy`uGG18+OY( z0BddSl7z~Fq3*n91Ds`()SJ$^4^N=N!wG#Jn` z;&RQhF|yCz{Y|9RDgI7;$5JzLLitKm%D(F{u|=95mT6~_fl9?!FZvuPPs>-jNQ)0Q zz&275`j)5t#}O4;I9Z(|mZ*d1Fd=72drT%>lSOo?6?(@BrrfD@OJ=o2dpqh9dm=0Z z2Fmsl5B!AT+5DOXB9N(b?V$}oV!4?KCjk&mJ>@J(9!>cJ`Q2LNycTJ;a=y?--e2|B za3|lYHJAbA3a~?vTEq7(RBtJ+I|LB&1W8AGaC7h0JCwFWTrUhFY22_kk@yKM>TnUh zoFbjwej%95f!FYdpAi^NW)Ig{e*n~f5Q<;4)7!y`oz$!FczS860r>~24oFOK{PGMUSYA^|hJa^8^J0uz;;{>*sbW=5s) zfD28F0d#9SB`jK!Jy$6CY8>LNCqWxx9JCokyQw(PvEacLiy#J9__tyQxGz69+9`PR5g57KcVIPx)23v3B zs`hS-@ox3)mlz+hxSDqEI-zl1_VooN_`VFllq3B|LA9=m`hn;FcuQkDd#w2}CD{~A zF0MX-e%A&Zt9S%pUJFj+N8)sHHv2&;H8gmB8ia_Y)w3zjYW-NJGYS0Pf;Vpoq{oYa z=);;lQY1^=5TxIbBB*_FF?1*BO>~EZT$#Bk!P>LYZtb1O6Rmt!3X@XwTq%WNCS%!0 zB%puluqG^pOT_;_Q^$@AE-n(hOL)?#GB}~}WfOr-^Q6&v@ub%i`VJhe!evc!QVx|H zlD{jSQn>C^c#JetwkG1OLOMJN^o>O|zUK6v^Wdq&?WNYwsS=Rxow3IYL&!b|dyJ zgnq?c|53hGz!9OvYi?=5Rj<*X{o`4E4c)Fa`=7X#WogXY&3-IjsSK_D+bIQ|dhhqW zL>kQvpH|8tw^zk2mk06qCr_oL12-W@qP2R}V)J81SrlRsw5j2k^A(|_*X0(X-nxf{ z8Y5#QUil8S)+88x3?pJrDzq1_$R!2gX1DN>QclMfTQ_gKZ!7-77S5lNF!j#Sp`~#A zuHk}QEz=lWj$QXZonu(jg1`>ZTw7+^0ubtNP=h0w7CAF=u)3skT9tZSHo<-LC7&3uuIvV?yyfu3+oeOGC!$(iPdXsT&EOi$+qp~rb!HKZ1zJH2(6eDSbwzoj&zU9 zUgNz-n0k+4Z4^j=j9@7cr-ldM;+p2Dwz>&ZI25%P1>~qB>|LN>$Rq zCv{L@uI~W6ik|wS^PmPX%@N>BfP>k|yiJ$-b7u&lW95Ezv}nyf;>*vOl@rQc^pJy0 zX={BXfSJEzAR(!hWss(MTC4GGQ>{j~dsZYmqD4lNgvVo^N=JNsVoiaQnd|pREMQd$ z>g14vseBDl=q-SpaBj)w#m6%}$5-SV(k;)pB}rd(3yVFixv|D@I;psFgiLB>oxU{h zJUrOLE4-Dey5WtXW78?R*om&vUwi6pQLD_m14WBYok{Jw_$dwg7?-+!d9} z%G$-}xt1hthI&zWs*_vNa zx}ZV!jd9Rx?V3C_Fub5z_c&`fug#jD*dWZ;Akg8-MXcQ&5N{1wWe#{d7u%mM8&}a> z^*@T-qST8z57C_anLJEQ=( z#m%Tz1FN@~8HB|OG^EFwLGnlI`I(u!{IZEFidq2OElNErdEAAjdp@qM={B*WkOd|c zwGmUj@^A9D?>oXzAo%BSRCOl_4Nmf)?_G~x^X1eD%kCXi(TQ%rTi)rX3}slSKmCm+ zv)lIIY|ktV9PQsCVga&6Cq9Xheq3n0UpZFlL}i>1VInkWJNTG>02hRtj&m-IAMI># z=1rL&h|p)3eQ7THb<*ixbp>bmQx6eOUZLS@3upNTC-oHCb!-TwZ-Aa~NEHR`0et6x zr}K(s=QiV`lVh;UG)J+{TAz|Vl=StAu+-V?c>9nhe$2w1_y@S`HLPQ6(YyxPE0Nup z{EUFE5rJEH0EiE=Yt{u%!j{0>aCxvDeP}{$*HpLZ^*OZxStH(@^E+OguQ(>9l?fkq z=YX-HTiHA;xN})+q3*g_`wj+;l6G1L2r7F)0zq+2+5K-VArM@iihlyP%+!UfV|vvn zY;vj8H0fGprNMw=&yE->o2AzkTit{JE!r#T`-&fl#m2=?t#XVeIpA zP`;!tZWYnek zw41{zmJqTzCJ)HA9=dYL0c*&ipO#+L=sVzKvS2-kd>=MD?&9DPO zwOy*nAx=V&ly3+)TZu~H*2LVTLX|~N@5;G?L&(g-6$~@K`WrS2YVcL$2!DQA`Q`n7 zUB`zQ*z|9SGfkoQV2y>=uffbsJ`?>y@Xwdzd=sk5MV^Yn=7q9Ocr9^%rsrp{@X*d) zQ6RM@ndkdfg!@>f<$XEN)F%puu?&L4FS{O4i!oqf`gZov-sIgB(Ed^hSp@ZJlfm9vQ=OXK*z=Ys6ZVXQ>LYo(LOL5i+sfEp1c z0E}GUW(=~jYu~(M6k&dn>2-%(3m*|uUFmb(t|Fe*o>o1B+BZ9lt})9_GVrlRgfq!` zq`mv#8aI{F(m=1={dM6ULB`wy$<_a3r?Vdhfxrp(z%?2Cg^l&yb58hDM<-UIq8g|DTWF}Aee%V-l3Fpp8uAA7G%*qVc@1Fd}&Oen$qkT)~3bU4j9l> zCniCxNEN9llm#xycVOKDN9V|!HoLi0{Af(ge(DRJh>RPB@cGlgB1_~0M#)l#1HJ&T zY&|vL^6if)x%c5tpbpf;IwQz8TR22sRKFcnL|LAR0qR63LI9Yh>0^WPK{fW}Qx9;E z&7#6T)`}3T+=e?USzF>G0g#QId<=*iYkl@_ps*__K+8H|B?L@mCQOEOmtxKyHOV=o za>ZMCuDHusIKVNpjoqc_;ZgL1lP@%aE(YqHfDf@7aNr70FFOIh6M1l5VmHHm;QbXC zLDB75M)fWdEBt$0h6^tQJcFM*6g#2WLg{7pb@(vIbwM>Ae84$B=Tyw~QnpSguq$mw z)QD>vA$0yrHj?kT?oOz9sCfD39Vm10sqco ze;~9FDKG-S2zJ7DQBa_F#sj2wB*d!kf!O5=d~sXzq4Q|1UC&!!PsI8a*&rPETjL1r z3Ymt^Jc!Aia#c?v2h2Mn&4OC2jPx{(48r}b1_oaS3)$8aupC&JM3VXY+fHoZ->L(u zsqC1X|2XtAT0s?bcafj*!_U^2yLDe#kHc}HZYY!7+ov1X;*lCaKRB{|jHLLITddzs z)a;lB+LPHy?CBQk@om{= z)d2yBl|&JyAik)p)+-@gw?MqI9VeYfQOkh#=02TyZZG>1=^KkmR(2Lem~qz7p{eh( z(+jZ4aO|klT;pqG<_uJ72;Am0Q1RqzaBY?X*Ch9;f1d*>0v;8yhU=Nhsg|WJ9(e7!vFv7@{6nV;Wpskh zNQM7>9@LruOB)firT)K_O0TCN&9*z^Q2KCtN_A4w%bb@JHfq~jG{mazLDK{SRdMn;_yN*z1VB~;E0sK@q^pN&l(m51PT6M?DQTfsLH{M?xD*-w{?5w<8Sp(GuuXm0tzYXTW>hpH^Pv5ISbFIDL@hr{3Te}l zeys06X~z(f5h;Jj>l!=fG9xV90SS~ynl;_##mtPj+D7;uV2|BnjH!7q3uPunou@xb4vOl-6gnGzMf~Yu7i0K;Qi5T&5u>K zIlKK{W29p^QsJ-{$)!NagYDarE!LoP|ER0{q{qM&fH50bI8p^2jZMP0r}{m}fI0%N z09SDzd-cKT)ry5P9EkiloH)yaIR-5j;c03o!xj{<#?) zU+44p?T?%aW<&maGP$HAj(|o17I=SWkC)nF8;i-)?f=XaG;@X;y7Im*3x>O_%dqD= zF+uxpT(xk#r1#Iz)qmHck00p8T-=I&cW(iWq87aFFvzc&UZ72-Q$XELwx&B|*vr)q zH;bcE@mv4xQ}ihe&s0RKJ%8I8NFV5WAiQQz;XX622$0JD(8t)l zZG)F}`e}uoBU`({5gVlGw1P*~f{-3uu}}pSmMih>zjwDuEnOsupptg0S?`1meu)0B zLdM72+Y^a3W|oH&ZR#>4RQnI?>@)k}ok;d*H1v%m_i1t*`oEW2I0Tx%^RT~#R3`%- z|2TJRAhm|S_Mhqznj6PC?{isH`T2k+_}(k0k1<9_JFhn_VDsD`xRiE5U!0|%)dB0j z)ZG~@rb?c*gGujWhcNI6Y|wz8N?TJ~+!1sq&<2;_TS3~RCLB;;FfxUla;+*h9+jKF zA_KyQ%eYq0ZhZguuLZUc_V^daIFrgK<^dz@N~%UcY23PW?+G0`H4)sBEo z&&<)}rLD}n!&XZlN~<@14@Qt+%lE ziWA#;p6XzHHZ!&g=umwEP_Z<5jPw3EAPL$R z0F*GgD|fwD#Z?>OEvY@ObrLGpffk|C9nKV>Ezg#_ZdNi=KN+g#Bp@r-Is+uyS1e{w zb$Y5)rKmIr=U!OVh$Lr_c@Mpy0fg4U!YY;BYHQBJy)sHG@7iTH)|u2$ff(p6frwEi zKpJ@C%vymL(-7M{-FIPHLwioyyb{EtV?k9;8Sb< z!g-Ai|H)_4(WKYR*XBu6X#q!`uw@jLHpzP^y|ZvA{yO3Af!;XH`m>dW00{iikNA=Q? zMtAO&BLfe6&7thr1@e%nrF}30Bn`h-QvwTB3%H2-asVUhJiYnFZaM^nB!7 zV@RL16Jr^Ta$0&7=QB%YvN^K(RHxCrCwr4Kl&du^$gd=;+$MV$g|l@6)pSHYY~-Y1 z*0A@$+h-0&4T=M@aT&0mRsHua9x`&1!h8kp<%db?3L?CMnb#Nig_a3SlR|$o3sSE8sy!~(kzy7&=t&ADW^P<|m!Es=F``pX zp6xxe#QrHc)lH2yeOAjg4Tn8+r&55t(KzQAOTiC&6RuuQS*t4cf}YQD8EZ?8)eVVL z?@x=dHMuuoq!zcxEjda{4{U)Ljv@_HHl?S)hFKomHOT{&qv&m zM6y)UkypcqgkH^@BZ%f?==WqtV9go|4M$$vTb%8v-t?3g`U(^~ugw4E2jRCYa}fbU z`geXT0N7fee$Y!TIr{0A%nmfZDhFn9ht<#b*i-U`Gff5avPbTm6F7+HtN%kJziuPfMoji4pgzfO09aN0d3kcVwD0O&|C=&CI z<)=ok(}u4(zn}lRM`Qfvg_JH%ca~d_Q2a^`PYONiT{wHJ15a$oeuJ`f>o}8ZWZ3EZtx&^O{5lyx4rQsY#J>zVJb@+kW`BD!HF+%z^9cjt82m3+Bd^^CGHbbTM}JnwN+p z7Gp~wiLu&g7q$O8K1dFRE2?LZrT-4_J&+xy>w2jd-cNB0W;J5)INB5yOAP*%d3+fk zOcWshAg3Fv7b#xZ@a-maWaaGAB(6jOu3Vu!8RRA1wj(Fue4{)u=vn)^2516~f;Yh}A zgNEj*C0B>|BZ0{qV(kxP1={_9V%V1 zBTIgFoS)^tLku4~;uc~<&b$A(1flF_Gs_J6(msF%)p5^|Ne_$fIj+N;8VY`UR117V(%KQfv48&7{)EjqHdC`3{&us66}h-jcd-qS-~a z#isyFgFlW>_F zcV&$IoYkel27jXlkJPEtB(M0l3p&Ke>g>PE6Nb2Hit0n^(MvM!U^t#64ShCIgFk@5@Tx=qy(~%sI4mNXnWQ-0Pl%$ki~S(R zR3f_IrLR(=$8frTrTxK2T1#vtB%)}j?T-!Is{y9&)s;bra z%4uD_3NZ>?0F3QpBBuMS##fEq(oSp6SNjg#JoaH&-w9XWa`OMI{e1e*>t%#rNz|(t zVRC+%%7R8PK!>pg9XJs^ul>L616q<@2hy$6k9enhb;y!c7R%#I!jfKRSzHr8uIroM zwkAuaq^zvAA0Rx<7JZ$a8D^RHxcJu#iu~c2M@6tTwOpgEGJA`T$ioOD`4UiZK zaGK(>-tVS>hRx$#mm(bouoA`{3ClX0#rv`$Uq-*?`@;8|=}Dbz)$wpm*iJ!rH~zFz z{7Cd<{Dh>=hD?7bSSfps$yal>)!DY^NY00I*3Kn3^!(k@J9|2^mi$WTtt((V{DZ`e zDeukv1wqrt$em&E=7AvGS`dkAsr^Qy$)qn6S;b53@#pTZOubxA`(@hY>z9aR$eWyf z=`{32lVX@1s+;)5APs|~Se6=bQ`X3EYk@acWO*mm+tcgaaPdlG_Fn_Vj8v1ZiI9Pq z1_lbM|L&itKw2GM?5Ap2x#W25=wFfimT=;h z`2_W1TAK&U58D&65tkY!;T_9s; z&!4(Hw?%g>5q)*1o?-!MtPg|<=~ z(#Ir7B4Iwc#J)1D2&u#N8@55dw~Yc6hVWUfjq*#SMk9RCihzuL6JcMCT<6ahvaRsH z>Mv1UPWJH~=+#jXDUCi$3_V|1xRVrZQo6=B!|&~lyvKy-;$IzkX%{Zc)*Dv$F5f*; z%Js~_Y!ciS>XkiuUgN71t6v?ZpYlWsBQVz0kH!>KID*N%l)07o89=xV76kiO`O*$@4B~E)kc+*fKw@3 z4FPzvj6OvQ{})!4I1Do>Xrr-eGY5uB5sx_*+~n|hY0KD6H?IE>#$&eE4dxx7yiRqp z_%UeDQBY2YpttwgS8GB(+DX-~1~eUF?-`2%d4dp2UdJn zDKEuq`w#13Tc`!-E)2~=OXP#W%`Y-&hg}VElKtDpYhFaEJ|1=T-1ET%kwBfux`CQx-3P z_IR;bW5 zpN4fAjUwt%)$v82H3sx|P=Bn02q&&Rzk^gFgE#qDYx=-8GLok$=mF^JmyzbxEnpCE z#M9P*F0i!@P)iHP%p?Ha6c>A;`yUdOe&q2ixFtU!I{KlHG65Y>{1;@pdDps>$Ov8J z#B%WV6kPiN?V%btb{%+ZcNkTS3@*<9%|vK5Rg8CrY5NPrG*Hn;FA37toPuGs74Ey| z5cZUp7JNc0a~0lgc*x~FWSnPrt9D%`L7uNZ1K8)ayIleSnt!6Wd-CEaEJ2vo^!e>) z>UcwTkH?BtTQJ&74P|{0d@~xPbPGvhOz(K1VjS?_gI_|nkSeLQM!5zbaUKSLF+KDq zc~BBK7{X#NTDHe7qq8}$0L9!;_wS7HUt4}tzLN@h%OIIYb>6)tUx~Z^d%p+#F^|>G z)^bFs1rg@Uqe12Hao%TML;w}456WuLxp?gD;D3+5VCwh`;7IkORP8*-aECdg5b)c& z4&;)(8_I4VEt||$IJS2$-k@q6sSC8(t>aDNH?{E#2feG_}( zy!{5k1f*{sK!oz~RY#k}*q}F~W)Xzw6B+Tn2@cUEd%6J0y zQ6U|=fiXCb_yO1pyWoJY4w@cEIBH0?xttw^2LM~^_zNgc$3s=I_NfXERY2*ZE}k;N)c6+pRw_Ml5aac8!F_aqV(pSTTMNRLGg zsnY(zdLt4HPXXg<>zA)G!dCMXqyeHRst;uH`fj29D%Y(OqsHN2!C&3~$d6Q_&;H>% zy%kb=4iY68q@RNDN- zLJBL8M6C8Q!aCe8= zVR6LkvsCM8W3auzBByv5A%#})%JYI3|GuU}d?+L*KAqqvo9lnH5?VgGGbC%+M0X+B zl({Yc*0ag75&y&YhLkq{*xv02_OLuRx={hcyb0^@H=9F= zIE+)GeaLP^SNs0nZ1LOi1rOWOB{caPv#K1I7Tk%wq9^`n?9+$Jc`CPf;5+Pt)=4=3 zaO98d0n6O~hYOU!HXeY40E=S4rujEo6x2@8@;oh3MJgY7c#Ri89ND~C0JfC(;c&a1 zO)N_51-6uOcQCi3m>O!TEbZW8Mg`F{uE!m!T592Z>;eQ++?56er8@T`n#+740V=)L znN*^VH2E=a&b$f_I}py#_GVL#PfA@<&hFcuXw8+5-?t#ILIjSoRXSIhx5j2(>)J8o z2p~`5hXHEIM!WqoRQklIE)({V|7|kRH49TUEKFS{A_u`QuAoEmF4TM^Kyiq2#loLf z6Q0$IMG#}{5@QO?MLwrxS1+h_Mksdv`;>5?>8XF#l+|}Dk#0G@u$&CL)ddOJuP|Rk zlts&Z$wX?}G#6!k4{qdLfOi%1aW@qlr8pqtI2^9csCpT2+hO-)&B$7B7(?J3&P%X+ z^VEd~2x9K|iQyyQxa>tZ%6Gx)lw3q1qUqEBthM6yj5e+bX|qBskTl>Z-Lwa%>Z%?9 z8(+D4f(dB|z_|`09=04;J2bA{M+!@je!MOXdq86L`8C#vudgoy2^9Nh?ik^sO?01* zgyhV7BLqUc^G%GYsAveL_FZLA} zL7n#^evM$M2Mmwg_FNj)+IWBXC9-$We&i8@i}Yn+I#`gJne}AXE__rt;H9B^Pg(boBEIL`I(xs6zhRB4O9d)c-MkrM)j3{6{(VFp(n7;>g=?Ipw#E%=G2=wES2pAlY>*s+L zu=XjGSc5|wDs>K_D9R!d72piXDF)~qa&q!RicVajkOPfmeZEPd3iiT?RA38l4(=lR z6>Kff7`QXXscw&`<~&m3@a;6fXlVg^5!nxJBn|QQ-~fVO)gsg^(tSI24O5%8LJ8k< z&HKiIO^-;|Gn*YgX+ndNfo`UyUm+tvE#3J=qiFCB^j}TPAK1frfObd^mRJhJR$(hV zdx|r@5SBHcBpLtCL7>;0O~vep;-g8RA26ix2iLE*+TVg-Ek1bV5l;M}Q9zyp z51La!N&^vacTrDCJOQ$wt9A@~!W_w)f$>F;1$1!+zW+lnRGCfmfM*&TTua21gMapoF{0iwp3MD8YmbWS6C9hhteyryD z|Mz(mil)RzxJdzEE1Xnk7l&3~v$uYK{(#BP=Ch(}nFV~T$tAiKwLcJ5^ZRELYu~Ye z+vAbpYrK1B-Z^LgS^s}OkHEePWPfiL%Ern_nDdpBoHNy}e>ge(>^35ZB&CJMIZvg; z4V?IWdo@3YczzcEfRlCOYDUJ*^kq>UVIfDAg(E!U5O z$0^aMeO*I1xA<%GLXEr(szz23O=}CL%~jSQeX}7n&<;|OhHc%~u){}YGmuN{Cu}hG zt?S8P(Mb9m-%Q%A@g0W}rT=h*yJU*oOszgBNjdI(EB#;(AeNz|dm>WHjT$XENdD3h zJAT@KZRWL2=OR*k1Lh}8ffkhz2?I2oDH&vovb*VgX{| zza~!A17Ee{kmgm%Fi>c58j5Y`z{c`P2^V3$h#z0pQwafMy*D5LX}W$luU%xZ^=H!v z(t5}I=6Aga1W{#HT$I~^dd>`;ejQ?Hqg#(Q@#=x<5e>mUrd`RN(*p<>ddZ*J1_S-G z{jZ2Tz-7Up?0IsB==k1kt=Y;vVcVQ?vgkjE=wnGtYt$g+MWd||_)(m2Rc8DHlGV)mmPAhYOy8Z8W!R<7GUXa)DY~hU%DwW>&6;sc=v?~(L zzXjl9sLJ+cm&QYgdZa>|gN_r+-4xLS%o<>-MB!|qzP;vds7GjMzC1vgAXcrGVN&EbB$ zlzejyUjtuQ=9Cv)wmrA1%T|jNP@TLm|GfxxuiSrQ?Ps#BPJkT`kOF1xm2%60cm`i% z^ekYK;bJz#hZ{!N{N4vR{EA+sJfF>H*(Csmzn|DjEsoG&-0UGaws!pxE_!u<)s9`e zz08RvHjr>vBIPv= ziW3~M;_Cw<(cym1V%^K#k>&Z=NA!F(??ou1rB(V&Wz;Z4~o zs?o-@-R$?ZlkaOU=n4n~7`7I@v*deQ8EuUjkcKT1X)Vh~7bJp^3#+fOR0-3vE0 z$iI6wTp87xZ}FvBdFHh_4teNAq>Qk-j!R+M>(Sxzqo0v84AHzb9Fv-6etr-Iua{VF zREZ`lNsw$|3)XR+SluBtl0>?$g@UOT3rh_c*h5|1IiP6=|M3|2yBgt_dHG8fw~u(- zEAu}U+~-)v<)cAJ`5&8oS0fhJqqg#Ms(Ksf`2sdqry@x9>%Rxx>NB=voMBR4#Xh$^ zqElpY*}ed0Gr1F`4Ap3XB~AFKVy1-Gf8wMsL*R0Dy>0`p&<6-pchDO{&|>o3 z7XH+pH_!(F8!aAS_~21ETX)X=OI6(Z%>0swd(W59sG*f{Q`Q~P-IUdf0QYi!x6tBh z)(p1v@!J~`tYnE-PH_$RT8$0grQ$EAjNH;_P|5+T#k*V{LIA^DU7OHXqbgOLE6CgAGesAq-~3{2_bur}jGBudq3lGl^koMw26O#sjat5u8j&z+UFE?m`hp^1!mHkn1{X4&AejB_ z7W{0vW0QAlEP$oL;{Ji))Y%Cd(z2Gp=8`4w-Ia2;|zy|2v2<@l_W-&D;{Byn<0 zd>ol*?C@MIdRE_lAWDSgk-p&x^z@yqe$G%s91N{ zfjpy^s_gVa4oozLC*9P*z17Taa4?l%UDdu;spEy+2Vf!!0}TZ#qufL@HLivTOq{hd zcnBhkeFJqdh$!Pd#)3masd2&mnM=_&c+WHR3_UpMGuii5u<08{3U-3(27OUDcC((E z7u-GQ{XMwE9P&?_ZrVpWM%Y|O2DQQ?8e|zRbc%ulB<_06)F8|LcbCK>q6BMk*TRnX zeAFx{?=lSMI-6t~mLA&}uqwV~FWXIT9qWpNrJr`DG-eWTWZX!ZOFr=)HV*1xYSkQ?&tQ08`&WXekXvr& z-81M2JH$$Hj;2_UKAo)@WsLc@>S&-6%{F)6AB?{vvzlbxD=7VFg)5y?lafm$XU~;8 z=%tlNlAw!Jrw(+MV28WJD{*4Is6Fb^UnAXdKw^EdMO@A`8O>J&w8vxmm6in2MD-&% zz7!Eg78o&5D@>`E?eJ1Z_C<)=m#>j46?G+|xsLY?I(+4DNK5yv3`f^J0S{x$txU96 zmIn1a4HzJz&?JLYn7q_+N@e@6+_bWNweV{R>58PWP+ot|kR#m)Xwfj&Om^Fu02R0g zmo+b4Fw{Yzrp2KXLm1WEk=DD7H6UM%+;AM|9KQQ%WW{XTq|CuhC~6fH8xoo;BldPw z(@-f@fB&Y~eG~2Q-`_B(b*AyhUVu^JVQ!%8vph1IHdL9V(UDP*uot7EfLmei2ACtUwjg;Ue|YdW~CBK z^szP9!n=EHto@iH9 zbOkADK)!#e>8uRsU&^nC+&Bj~!L?u}lNy1P0D)j&n*c?c0LUMFMx#qt_dWfbu;Ovl zWRcTUnlFqOp?q8Xo%&XXIC}l=McRZRfwTbDXr!6j9}f6yge3Z0H3&D;bt>mjAU}Uo zX(7v9c1)YMwIW1!u*0-77@n&##&q{Mh9z*(wv0mfghI6;57kdd5pfPPyof_8o#U0a z5PL4?KRmdX29Rms+(W7k`OBCL33E}l*TL+|My7Q}0mDlRG6;5rQUZ-nub43JSiF@#S808-qIS%n0|plkSmuHt+tkQ}{Y1iq zqE>$|(La_Fhk2Lp^F(fE|7)UqyO+aIhx`_Ij(qRp?|1p~1o@7Vr-OK+SI23*;+52k zc}hBY1_4!JA3#gaZ@6OBM?4@x%3;-~!-O3%LI`sRReZxJxXHJ+#A*F!9ZTKyc@cfO zyy4QPDz_NxdRmBl!9-2a%5wr@O-A{|-To2z>de7w>hsQJ4M*vhiN8Ix2Rqn4yymG0 z{}5NSlRw9I=)fNB0nq<5cpim0C#F-@)QD|gGtYUyxRg40cF19%aT9^S;oV8d{{8B0 zBS}v})7~d)==mgNs<_kMNAr@vQ?DC5E3bYt?9(m3T6#L$D(-Y%xtv?nX|Ye7*Z6gD=PBUmH!ktssnjGk zSexSHBEQ&~3r0^F&D(aL=3Y6JyX4g|HtFxFbk4u0rMZPK{#u#iRw3q_Gj6W?HhHQN zI8cYfifNsxyBcB71hSW)6Y#tC#5}GRI@HTlj0h55HRsV$oh{yz&C%R)e3hTvz;(^s zRUiC~mGmh?ae||^?}xQ2qe!dAV?FFwh3sA@SjLmSMpDxEJzq=k2^S#w4keqaNz?D{ z*=Vu-f7-j!sHUzh-15YMp;km9t%w4m2nYfViVW6O5Xw9ROr)SPC?HU@h@lN>tF#Cy zF{J_$B@W0GL`w{#fZ&4|2&SNjkw7e<(FCv%LL^~$`vOw2@7Md)wO;wbx(n_-_wIep z*=L`$@-cHBqO&9P=T?~neZ(0oO&&<;3Bj!W*#?;{o& zEy*5llR2t3NxR#8eo0UKG^t~#S?83C@g%)6 z+^`FYzqOBj<4S#fJ77Xmx8=_fRCpbde}%Smc?F+EaIG)$vMq8BEJm>l)+C`!HM#rG zmgX=w2)bFx1KFE}6S|$I->N9a+=htR=k@QUO7$HGkc`foB@PT-eCFD-p~xyrq+|wu&P_}+P0^J)qB7@%&KEM zyF;yb147s}h6Qitwe_34JrJ*&V}nU@h)Nr8!{)kg)9g}xmS#JHpmzqJulxc9Pff|Epm=3xQdur3i~Icw61E4o`&?MZ3a(l-Di9cio^7Jzt5J>(RJt46zX}%=`@Amg<(7o- zk7mL zn<%-w=V*&Kh#16J;^{qwW!vA6^vzA+NF+fmBih!-4P@5h5h~(Z&-)m-cv#7vYCiIP z?7r_TMVTfvDi1JCtkFDCu;wbf?n3qGL>AYMwQ(l*aIh$o8H=gnj()Ngc!SX|<7r*D z9gH#5vD+y82hXOn6tyM0^T2a`qxCmwpapMcu5M>u%)I$(g89|_O{#caqm=n<)4bi& zo6k%B>GaGM5-s>Rb2TaR-Ti;@;+LsNP69!}tHFGp^gep66+-2ID(I^QhnWd(15xfd z6JeDE0f9b^Y7V3#7S!*80t7hw@AH?cL-X|7K5<}sF?XkI2GS0F9YkKV`6%MHlD(yI7R|LE zl>7imt%ZShj0xm1TCZIp=+C<86O0pX4s5A z2I35Vp3H?zX)V)*q?^Ha-qLb+eKPZf~5F!Mvbs~@FveE#6x zBXGCA-L7k0&F=ktyOfJxfbbMVs^E?ZeaJnOrTB zm0i}lt9)WOEi}|&bRUGpmhb)RTk>o)>>qZX${>kI>6$ZC+-~GL!juWLD}W~xr&!rJ z$ET*b06Y11}77nhe6c{-`?y5Ue5=Tf-M^7-M#DE zz-Ed}>4wTnq<>tl&SYCjmYAp6did_JFsdwk1<>T{ty?F!HRGNoy8GxVTu zxb=rA8!iFFuj@`>Z+Kv~7a(4l9)?9ft^&L;+0yd};I6T>);ykZy!6{6kGg(nTD0W~ zpa)gbn6K*~xq8)Qst$GD$h(%{lp*K*jQ{>eEZ~Ii6a|?zILGX2Ev#6-nskf%_B5=* zeX-mry!KV`oC~#nbJz9W6M>*MQjc1LvtrRKr!&t0Ny@?F4fpDQIFLtJ+$kC)lkpuu z=ndm&T?{pWQ*&P>4JqAQFq5T^443Ms^(J7XZW6mgf}5j+*!L;9tD6qQpvy|y2ap&=Ya;677;Vl1o@1Ch~(Aiya8 zN!40}9QaV*Gmfy1ZJVl*#~+S}$E??%t{u>xwJb z&NXzogk3Mb>?$2GRMw{`N(3i5OtJ?9a((d^7%97kj=!V(W%^ZIxwMsXX`{kxrEv@8 z>A^=>ZE1*?j#P+Ek32%5%+L%JJ}YBdD8jSdv*1g&8e-<%#bbpEr!)*F1YRUK{)@YSKxxu8tal8mYPjbq}SG+sfH2HMp*I3j}&!_^?P`J8Y@y5MMB|IKEq!=wAG2_9GNlXOT`5IX3-Q zV|vePQ@TxXgWRFA8!JAy&=?pHw5qKvBd%~MmN|H=PpIH-B757@Y=^JhP+t5^|M&;9 z<^u!jes%OybOYVR%&1Jp_b z9I?F=Kw@b4_e5p9*gp=9xXf@Y6#RyuU)1a_4=gEQYQUhvPdOBi&t5!+qW0N~zvWG? cYD;Gv?r5_E?`W^?Kt9vO(c`nyJqN!34>g!A{r~^~ From f0593e64ea7e2efd986093708134d653171cfff2 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Tue, 20 Apr 2021 14:47:57 -0700 Subject: [PATCH 029/156] Update windows-defender-application-control-deployment-guide.md --- .../windows-defender-application-control-deployment-guide.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md index e2430f0aef..ab280eb0bc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md @@ -38,6 +38,6 @@ All WDAC policy changes should be deployed in audit mode before proceeding to en There are several options to deploy WDAC policies to managed endpoints, including: 1. [Deploy using a Mobile Device Management (MDM) solution](deploy-windows-defender-application-control-policies-using-intune.md), such as Microsoft Intune -2. [Deploy using Microsoft Endpoint Configuration Manager (MEMCM)](deployment/deploy-wdac-policies-using-memcm.md) -3. [Deploy via script](deployment/deploy-wdac-policies-using-script.md) +2. [Deploy using Microsoft Endpoint Configuration Manager (MEMCM)](deployment/deploy-wdac-policies-with-memcm.md) +3. [Deploy via script](deployment/deploy-wdac-policies-with-script.md) 4. [Deploy via Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md) From dcd59ea2b5f80ea8327ea5506149b48938766fee Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Tue, 20 Apr 2021 14:52:47 -0700 Subject: [PATCH 030/156] Fixed merge issues --- .../images/policyflow.png | Bin 0 -> 71184 bytes ...s-defender-application-control-management.md | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-application-control/images/policyflow.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/policyflow.png b/windows/security/threat-protection/windows-defender-application-control/images/policyflow.png new file mode 100644 index 0000000000000000000000000000000000000000..13874b6392a89d2161102ef34bf7c22730dfbfb4 GIT binary patch literal 71184 zcmeFZc{G)48$Z5@Xi|pQrwoP6W2q!lWh_H7WFAu_A$FOzZ75=kL=hQ6=6TFak)q6O z5sJ(q+nBhfCyXU9~JD)6bgf>gvWL z=#N=ByM@qbY8%sIXf)cnrdsyxZsccv=*UNQCLgcUA`w&%pEpw6qty|jcdjw@-m_X9 z>yb9m#a!l==2|*wQe|wv?2)-)(&v~qIX~^#RCSaLh(e(cmT8l672=L7_yLw;pBS@+um` zp-`sczzbPB9u;!i)=do*G#`S|J)P6rx3e?zvN6K-6t86F~nr4fDy`i!O|9kQOSp7fc z`rDkoX5rR`*b-zmSDF)KHfDo|HaFI1aLq!mXUdEH+W%>XcL*jMbK$L3qz9W>R+aBjO)dNP~YmZi}6L9N(!68LMB3V3$chh0pU6FF&!>F~m(JL_PY+3?FRU&PL;o{&i)OlCf*j=2*OPHc`YOD&d=SXKiKd4O-GkrsCB3 z{*hoKqT>;BnYzkg5m8+K?Ab#khn|6}O#P1k*ntow$MNWE`~g|o@)~d5dzA&Js~WIL z@>7NkFB7gBR|?o_gk|aTsIhTx7-<_m=pkPkzCYR&{WAMpjLpibLoB9Nns-2&b%rOh zhiHlK3AY5^OArL{Ib6n$D@CFDYqnv#o@JGf{&UOw6x!^Ee!TbldZJxEr1-K%**BV~ zBz{3HKc0)%v9I15KPO+8q?~;_z#|uKcm0h#88&iZV?w}#?ZSnXBEPBL_hN-J?@umS zW;MB;Zyr6?pD<@jV>9kC{?1JZV#7|rXe~6oaV_`33!a4}%6Xn;1+#Mj}mr&{RUQQ$&6(mn|7IGk2&Av)9vU|4RQahC%KoS@z zy3Hf1x@!2Ma3;J^*l~RFF-~1`wA4(WhmLgO?oq)FnTqnYm+EZ!Pl$&9P)eH`B?jGg zQlz$%Dt<8kU667Djd?Gpb?e)2@t%e;FL=(5pV2UlJyD^$=JsM?@k3Q|h3_F!g8RBv zC@V+w5#F9eLWF)t*kw!ADU#(>qv7f+Mogdc`uM1`PKrk5%$!oV(0}vwqN|Dadpuv2 zb1-FcV=*sNKw}%JsW-zL^Vr;dW!3MAp%UAzuJvSs)UQfM>kGJ^sW#f(+Ffl*$yyS3 zHnl=3o6?9zw+4jWOnetaZ%S=S5L9E|7c|@JJ;c+RCeB#*&XhoW-3hu1u|6RSOq<$o z+ELmpURMiI%yn~fQ#UjFt|lLg>9>0*sr`m@`x=>Kbj)~8YW&6LSiS4?B#*D8lN~O0 zlZM6a6;_I0M{TSAsTtS<3g!kY60`iPX>IHaiSf>^(GruwiB)5TR-@#_i9=$?}_?IZuv1%fH3Am{a$l+ZlO)ns#m5(E3}iT-?^bT*QucYI7aS^`EHP6fpiTV5sl9~NB;_?t zrnvTrg}ubYY8S4=?EBlBEu2RCYfubN%6Xm1y8fmP(^wp>Wtau3#mSoB-n%TnA*Rj7 zZL}}GsYAVFZYn|bnKV%^fwztK4Ws2(Qe`SuZxo|dad-9G&?2jL)DCAY9Bw^Ap{{fx z6dz)Hqsn)YzWbs9e$JKCa3FudP|jdw@tcSShTat z0!=v!7XL}2lOWpvqTO@S#61zZhTb^$HUax8PCPm=Mn$2 zQ+Y|Ea$CLKgw#Kr;F!M1Gd0K4whp6WX#dH&qEg!)*S(m4p3pG6qqdP;`v!-5n@fY8 zI_eU~QyMt-a~XLsH1-p*Gztv_|DqJr#LWLTi-(7YN&b&sb1P>Tr;s~jscD>lu6B;W zHZm(TM|`2^XUS20-N;7tDXWF~#r&jwAk z=gDe(>ZxLrQjvsz@X%Rmc(M~a?PtCEFD_mddA6Z1)stZ|SI=;9cv7fTHkL6hITLeI zx#TgkZP#Rq{vmaudLJQ*vBN?z{C#4v|L9Y-)Pk{h?z&q-*1_6c(v0N^WbMx6|N>IdQ;-hJWn3;A6i9!kV^;UEo`ufvn3PpI%Wk4cj!j#i_`m`isQ1 zWEo8?YQnVhj;2WxCBLQ6iJ$qGEeY_W{ohR&Fh1%lSdJ|2Hs=1OG{YTGoA0sCc0nmn z;Nz~B)^$tHF~cOmV&~6qgY%Xj=tl&f5p@3aCYXLR#U5 z($ab!(Q;KHsqaCGW8X4~$KK*GypmNV?8&v@w6 z`Ro<(CdG=!#qF#g)7k3378j(c$Ev!$vbMeUT0%Sd7;9Tfsoyk7RY#e?qA9Pz`*OHnGM@#I?4&<*NV^2 zWO_=cUX|j1sBG~3oqLMGp@X^E6T2xjzGoi|_{n}uX~s@Ju7DasLC$CJ92J?4eTIGZ ziE6*QJO1hFa#P;j(C?1!nll-!7bYZlR(v#xt6x_oJ;IgLVa&gPf0IhT8l9!Cad)<7 z;-Td1tH$E&Q`#Dm$?wTuJ7;3Ny_L;drx!eeU1Reh$~JE6#=Hj&dz^nYIJJT=^pa=( zciu~oJ$l#sumYH(KN@FZjlQ~BFRdXG7gvdt3hCRL2@9pu?#BRfI5W}{(lGs3E z?>Sj#!y}`!cE0c<)}$y9`&V&xS`$Xop?B?6tjtUTPZd?`iwpmWq8^UK>Au!ULbhU+ z$9hANlh3=KH#7`|m>vxcr1Pb&2lLr%w!{o2r3~JTrc1)toy^ z*s@6X=0%yE4EXz5jCaUAgZn%0o!MtUP~ym4cBAAMX$dTR@=v~2Z8vg2p&^s`*{|v8 zn?!f9y`iDJO~DEXd_VZhM?F^BGF%`WI}ig_`yW`o{DmFXK7apL_t@NUV?wyF2`ewB zM#L+jy>l)G^0@U$6Fh;9V^3tk1gTO`wd$XHl&9htz905f?q3=9+Rc}+_09vz|4Q1c z?IQOAWtU+G|H#fg56@5a7GLU3)lBB{Wl}A)KJE|c`HRiPstv-J%trmDxa;CXXIt;c z$jI9&n>6gooaJDysebRkK=Tq*d=^3hVg!93ZH}c1kUxL^eAVGs{pBu>ao-nzea&x8 zPz(-Of)t`P)1cVHhIYRk_0uB9(WWPgPKi@LKZVj?@~tesr!=>@j@uk?WZdMo^NnDT?f7igx4Zr2=Vo>Pnwst_qY6s5cAFin^BS`6mv&#a|L(lLI7!%5 zzhF}3VHpec7+(bu^6G}}-d_Fy76Su=A@+|X;tZbrQ+u*Hp8c}%of40ASB_Sfhj4)#!zLRi+!VLPmXs9I~MxkC@5h0hgOMLwS^uGSlBPg&0;t$N?TX`-Tmfg2C zj1$Lgti82&7_9a8rwr1zrTrDQ?>s>5cMsZZqwdoBN_wn0OVV-Il2~U1W!vM012j0S zf4Kc6C=+zLvnfXE{H(4>CT19&yH`-!amAy`{>R1Hn7+3T3Crb@&cEZRjT;gyxG04O zs&LKHtteDF5_c1=BB!zpi>P)9+jwSbnvAvGuRJv|A=o`-DEI!Z;RM^vwK6r>05=(u`+Dp zU2kmL98TK7?=tp=s=d+YAJ8!S&A(97dl|g{ivjZxH%qc_OM~XC;cS@!;T4ZY#p0iu zLBl@+Xa!N#hoD%b8^QBg(QK%%?79C z%0?g0rrN#Lh4DeR%O(mxeV{;W#67Gw-J5kBtqFr90LQdEOz;%^V*C#;ZqYWAV$M zQDUl_@1NE_NSCztZ@ypfzUwZ&HF|bEF0-&Vh)qV?V{O^%b7%VX`ewnd>;9%ZF%JTD zg9xb$f$Cg+c{j_cS5fWQg47fxs$*Wi>9IA1QT|4Uxj#TAn#vu zAuP1cwZil9-Rnd3!M|RLFen~SVEpSpZ#1t<339K!?1C*tQ$F+K6_wzu46S|8syuL( zv2!l9V$e>qQn8+TV)=qbV7&h*(+~BvZtAUig{*q*CyQ4Rb??68nHOofBSotmRYDI{ zOD;r{F}w~NCdrXz$+BPXbpmDatsywz@? zk|le(dL*#c37xBZn_*XE+_rOG4^<}~9&j5XVOSGu*%w9GPjsp3eehnG?OO-O zT4y!6{6k4{$?qWBhXi$$=Muqrf$C~t4+YX2n8^zB^T*if13nkP?X?5L(|-2is& zBaZ@JWz|^B4nLz$`$|rUo}vtP^`a9T zYB7TZJJC8u0sSL^1zU2;@~v8*vZIp5AyF{@3c6INinz*ltddZ#mEX$t(hhrHzV;8nUicaomT(Ln&D|4xPpJXh__p#ASYD`QgpB zPfZywb{}(~W8gMzNfghWxs1McM%`@AWOLEv;M$YAY|-(e(mIEkS*TKb9)DbTb&yIW zH^n{hXHaUvU>WuyH$I}2KWQR>6hI0L5lk8<_gsbQwqw9?V(v#L0bkZj-#I>~;l-snL z_n#+^--{vJGAO=)&~Wrgw)ew`+oU+bgw-!@-JYL1Hvanm6k@^h6)& zsJuCRL2=EVKdGCK_*y%vn!-~XR$s<7Tu^$&pdw)w(P4hT7rn&FeaPV+9dVaHbNQoB z%bgG<=a_8N7iuNzW+i4E471%g;Vl3F?ZsvjG9u_sH`$s;W}&B8u>{H2{;=qAD6jF4 z*9Wr=y&e}mxc>6gEv^{qL_sw!b_)L=zeL&W_d8HUz7Z)o^1_IjDbOh#{GiL=+KJUX zT@DRX^6E6?@z-|`(cx1}-rAcK5ERLTvMVkTQ&_fJkvCNzc%@4FZ`I>M`>aG~HETWwXc za&{En+=k(LWB41vy}6Btf?0^`pq6HXLrIwv^GYT*o$rX{k0yC8H@hBi(A((mzy`kW zAL{lSZcHy)@R(4F)f9SHs2BUD`(WtajR1#g>6k82CX*gS8(F6nXPhF0!p zVx_==a;`$>3>V`|5OqK6(5RSS&YB->4#qt_lPVL_G5AX8-81o9_>dDxKgdmAQgFy- z*9!X&;_t8VS$Bp1qP{pNk&8BUKQ{pQbDC@{|BQFY@}kT0c!z@J&LMUdovSfjX_CPU zg+iy$sn>Fv48EC^PdoJr_*K-8J7)FV#OlyEb~Il*$DCTaIaoRQ_~}iZ?vt5<5*Z(R zC1pgOb01O$iVPgB8OK5d@HRCe<#c!(9L8@^QlqTwX=RR5^|3 zBZywn#FhC`hY(@Lxu^xpb9SN+rT}2n+dM?mlE3e85}|waYpyCm{`HyIB<>1<9*uzU z)CJM_y)vV-TE);ll&N2hV0&1);zE$CHl6jlUvqM#j?V`7d1zGd-7}shIcM_yChd@1sPc)|cgO>c0R?zE`5$ka zc@`ARurCTcJ-R_#CQo{Ybjw(`N-Pl)d1G%*k>n{jEHT+K!Ft)Z+MI5MUVMA+`(cvk z-nG;PY_N{yWQ5wqv1z2b7xMSLC$w83DaL?DTe-Vd7^Ei`! zNI;(CCGDo)3uz!@>EV;>EulNY%%o>tgE7Sv(gten;c8?5 zol&owg!aGc!J5DK=eUiLg2*$*(sT-i(7it|?NOj13CMqZ(a*J1mvNOdQB#M7@zCe_ z%AaYzBC6%YamQ3XmSJtnhpJ#u1;QT8#HFcT^NMGD__BI2quE{M)VhOf^eAsr3M<3U zyGRiHTfgSt;`VTOavxywYY}UE6QlHjC4<{mH?!KW=D`yJ?fO)L-#`C}^N{m0Q-Z%zSq5DxFOP8<~|6a4JYLG1H zwgmbmrY|qetS0YGb3&8NlU^N-#lj?_NwU4s16&t&V8R&3IxnqI-ZeLsRw=wqz2o&~+}cs&2feKj*eC;i)~`fZ13gW|hSg0GjA zm3^&1i8y)Fnx>kobuYgeD=?X^Z5fT=ntbnfP{9}FH*p)Oz@E=|S|wnuQPO0SsqdMs z|5i01hp>UVYJ*}-fwtm=NJ z$MH7{cm&E_7aJmv%L=Bm2G)vQ(r^kQsT0g2Iws1yc+l5r3H$?hdu&wq{nnn5(ZU8A z_7O9u7e_^BEIyYFG!*-v`J&MuZn&}(I-LNNU;`5h(q^7OWJOnENoS;)o@lW9J>k(a zF<~>RaK$XFtvK#0*|k5=ltTCM@`*2y=_6$b`l_o6_&84TP-->QNN!q<(!=B0-cJiU zT{5-tgn7oSa1G|>&Obu=P)^EpkFsh{j7^Z3xsv5hQYN<6y2VO=(9rKBLQXECBD&ZW z%B}tZyJm(jvAc68@Rpo2^e~-Etx&6wJ~J!3{}pJ`ta6m)9;C^wkQ~~4SwA51C5@5; z38V@K*`y`y2VC&v4)krVoq87X@NRd}gqpGkGap8C@^8vMW=v2vX9-1P&28yCH^3D-uFMYAzoizno_eZl zxZYD}GepbjA-_wY4c=|tLR)n;aJ(Q%8Q*|0w&@&PgcvAcqxUbCCz3KJNY^S=3#>;f zHuIo({U*|RhG|w}0*oLdCgMJS7q|a>FZIQS`j~ro$M1M1;h-2mYv9p7-94~{SM)30 zS5C&@F>Qy2B4QVzYT_ZdOW+G1gagm8nNt@--Y3crOJrkozF*TRv|k_j619tvo-dp( zt&lZM(jl(SM-W9v1ee2ibg**9a=2IV3SyA>?B@AxI*KBsC4wl4GXpYCV#r+S)NbragV6+H6EoPCZv=R|k z6k)syPHAX}8r28ak^6oj}NfliSCAB?_+S*%6KE*TRs68+JL2|~8XMn3mY(7wq@5(@wvd!Zy_oG3?d#WKPji^;X zK4InNcE0S4tRn?S{u}vWy=Gj@Af^--|HUwAt z2iM+;ei{J$H*l8(-C&Ngg}4P*UYd5krZ>V=-)k>U9ggMZAhS#Htt(!%cM2FaM+gndO{YMXH za}PAr%IW|z|IWkC>7SZnvD*$EoSl0 z-wITglR4FaksKFXRlu{~6A)t&6pXL89A=+4YnBP9h0vL=Uy{N+l|zV}ZohXW7S|uN ziq`HgwhlJBi|OC&kZk5nY_@^C_?w+;RC(Q~P>kXc-JgQer?f97II)HG7Oa~PD}qNw zr%o|9%iN7ER>rCO_2FKcQh3VyvvGfLGJtAzR4JG8o!~VMega(`FGpg5m21VzN#Wh(# zNZ0;ayhB--$%6vGgU6@KCPw+~XwPWvk-yjIF>^^W7U@1PUQp2nk-j+I#p$xXx;WPG zoPX%F6gNxunKNfTOnOH495HnOewp9DfB!?(W#uZXx{H&dh6HNbxJCr?|H%I~@FntQ zGSu;h$sMD|UD6`74THSxOWqm?@e%a2&I^7V6*RscsK(20ayG``Fm1I8zp=V&;M@^@ zKdBGpGreZnWooFWk;HRvY#Oz&G{em%51BA>R*t$khlqL`uR6DYe#}6DhR`r0!M{F` zRuh9%{)+ng`et2RK7SV(M>E!Zf+R%|iXfP28hbf!T3y;%%1Nm4R;`nt@Euj~s$P2| z%f|dhL~k*i___(x82{L)xLaRQGMgty@%Z_G>h^$moCN7>0vs zvn{(UYS#%afi45Z&Vg@jC6k@+&QDhTz(T$9iNRxu*mLhlsuC1MB@I(F>LnU6}^H zgX9%ErF7Y&gRhXBYsliNt6FR^soDt0ng)$RJeXV&9I z`7>wF)=xf399?fU|L{2CX5)TZRQnzUQ&Yr-jn5{oz2WgtotqoJg3l+bNZzg{$uhwp zU?4E}tiFkf%vGw#j5dMBRUX*#X+{(kJbP>l7w8G&_5^tTg!tpzO762W!zUZQ4)|d0 z(x)d+p6tSSl}F3qJQha29F>Wn_(-i_iZT}rSs)yT8Iz;xsgxp|JHvYm7o@)+^@)QW z)N_oJPvs6=kR{Imb}V#HPfy!927I{s6@6mx3XO=|p9j7`W<3U>txC0+MRn)q4rG*( zTkVzj@4AuCFHdcGZ~_X=x-&4iIss*c1gL=pF?HVPj<$;F!LKl zXai;I5rz|JcySl}P3+6vh(cw%t0#8kZklqFk`p>6Y_<@C2^7fKqm!;m^m7kUXiuzK zK^+!uzOAu6QfWE{H=n)x4UHu&36^omZthWtOF-}gq(Qo~CvIS|eIh!h!#i8c;bT8m z0yKI>$`wGVxz&g2;D_*C3(=+&5?qYp_`*vKCer42n}JEcj-b-7>}ZuXy{4N<+5IV5 zEW5tS%sPO-R;Vq*P5>Xt`mHU`S~&f9_h^@i_~1Y;3kvou1zk2BZRTCgQ2me7p%pB` zt}gJFG0Ij^E5vbty+~|y%CB5e2xOk!x8D0EsuNZJgd?6F|!xF>sWKSv_OeiU{ zQ7Z+qlC8>$kPG^!<~5iwo5wWi-lFgv-=V?uB(f4+pzOZ3tDGLHfEI&)T|*`9$j9?* ze3WavY=BHH~r_%t81?D3pGuMQc-@LRXDV zyxY#s?p8Rt$ibbL>jnbUJ!K=8KTX{tRzodN10J>h(#6KtN*Slft6O)Bs(P^Y&XM6# zWwFU1lq%5ZU3Xz^unu46wced;k?`fq7vNmb#htDuBmV?<7YkVrJKBq~XJCNM2=H?C zg>`7405QzZcQzzo+@ZlL?d}{GWZp*`w+A9hT+~@RR`CcKw`TFS&I zdMbeDyI@@I`~yXkb7P0|Iff>c?teu~V^?Kuhart0(l~*_bHRJN`}IYw&I^FYoY&)5=(K7Mbe zzhc*qkKi9W^*tZK?rH1Bp03HV%$t2^QAfS_GcFyu2$}H@>Krj|T5<2|*~Tp5O7&G_ zx_{iCRe%1iW||J8CMYSd&JHQw=dE6Y7?q6vi;hEX&Lh@lz=GBaUiA3XZGq zo0^)uF!Fc5y$vxUm!;pauehT~D>v>82QwLD4qgEe2oxZm@Y9qhtH%~)QOmynbK`mN z6CV2%2kSFXQ0t6~cOy<8rZSuiKo$I9S?P%bisl!V0B8KVhLnS@)<83z=Chf#5v}L_ z9o3U1CT{V*{*(ub8FJIZwO*%XK0?xSu6M6&`=573wNZYB{lyrOi-7l}nFU=K{CvTHf6RPHw4c3Bznz691=blz7IgmCf}E} z%ju6BSWxV6Xt4R9aFuTIBl%AXj;F{P4|ZInY}FlG+b79w4U^}uXBmDHB0CgVZ71-S zrp0JS`CDWFz)9tJ{DRy*?~123C_Wvsden|hF0>;f021mQ?&h3(JWVMsBM;mDd03r9 zA`Kl;H=cnBkeq(%V`#5$BO^B*o)!QJXaA6Z!)|V1ouDcZKkYcxQ}~O{6l8zQar#@y zAnLD4fNWBKma_wADLf(F3K;{4ErY#=dQHY5K8kH?v_!^Z?V}J`+?7B4+Z^=E8D4GP z((atw6db=dYnAVMn2PCB#FhQ$9`lM2aNaEi?V)|6qoZ3_S6wysmAcH|yuT;sG6hFQIY2=ss`rS?Fd!Ra|8s8;lmHnDpLcZ}%+XgMK< ze1XTj;IaF_lEGun;Nb7@ql^m6%FdSpP*~`1b1j zgJ}k;Qegfq1LQ7U?SV?{QN;hAPPo+^1OE3CC)(^yZFvZ^GwLn~`Cdj&<5Ytd21K?( zgjU=ZH;jY4yX>+!q3z y1YU76Lb+0_CH}08PqIjeU4>^y`W07HS1u-rN>f4|}(T zF^wV^=s=+qh6=6bdo&85?sNm*#f~-evHa1=$e_so@GhKhV22kV8Zg_WJ>l zR)9|r3@_wmA~*b22exO3J|lz()Y81?0H(?1;pTpR8uVNOkoyZpAyFvtF^B;2EWEcb zyScdmAut`Gy9Yu8Kg~@5z4jt-eglC2c_+RU0)#*=Wo49 z;TtmDw&H2;Gm0}q2SnW{CS_tukPGI*(EsLv;DRR0hZHqW3350cl0A8F}u2< zaj~;Z6s)h}O}l#rcvD9vz}SRv)RQmph?f~%pokST82M-nZES23kXf5>g#PLua1p?+ zh*h!OfDnyg@!h_LBIGIA)8i>2fXr@&qp&B?W;uvQ-;xtN&cCHHs5CdylC6eCfSxkU zBS17*2r+$F)AQ|{0F7?Q1hVn!@}}tX*E=F1X$iNbTvZZzXZk$3wG^7^+Y*}K-=rp_ z(2kw0q4vQbj5W19B8X5GlqPxmC#b+zoj5z-#5IcJD;Fke{pr6V$Iws_12Ck6kJMb_ zIm>vHYE@C>-7zWmg}VsZ*-B2!Lb0UgQiN3ZGk8sNE53{^41y3=ZMpF|^s$`wt%A zUkA<(Y+J2BPl@Abfc;O<3?Sqn5Ym9`YuB^7Y-9!97ZCOsF)5I9E&}h<}pa_D`tDd-Ee-;?FF?m>IkS$|Ad8msfs-ZEYK3jysGH$lFdp-vc;> zJpJy?mGA%`b>_#&@^QQ%Z)Dr?(v}i}V`plpE10Na<|Kn4j&D0C&zoV%?Ezm^J*Vjc zTin2J3D8IYJlPhdtRqwwuXm)VMN2%lr7Tqvxi}-`x{xA{xHIl;X@2<%F@1~Inn=DE zjxypvza|QqR2nkd18NGjr35lOZ}wGU%ThGKs)c*^Iz2IcXpHBqEYInLoWEQpnmX26Tn7%PbX|JFH@EYc`YdO;CJY{ zMsM$H2@Wx)rx*ddd4O<;g~qEZ^S2yK&p~_83Wt-~_A@<1z*zAf7|36N3W$BKDErvauOEQt!25jir{~_*;1;Q2i~>Z^{7l&>U{e!f=sutR z6KPtcVC0tnw%$Qj$&W=yzSnXdUMx(*HM@zB)}jptDtKEjT*wHV^VVh2%bYS1wPSE> z3n))RGR(pZuz=as64^531xUE@`2@1rjtniTM~@zrm*VegrtCQZWY0cAv9@B!At`zQ+NASQ;w((cP)JAXeT#SW=Hg`-sI16z*5 z_$kb({;g(yb7Hf=HZa$%%fcp=0yNBETsu6F*@_8v+fhIaw8RdX?i9DLMUK&;WMd^= z<`PrvplTx1yLanyElBbtvhV2t;By= z1myrj;shnnDJwHz7J-8Ij+zQ1C}6@+*ti_@5OVsKeUM7?(x64(Fe0y5XoYk&K!UL4 znPo$P#)|?)F>E3ryRdCD^Kcp2Bfv+)Q_M=pIX@bj$)X=9F)LqV^NE}EzC94 z(Zsct`N3ljkmPUc{sI9etnrbAEnAYMM^->mIv=?;nXNbXLF5RCBmkNOp=@0S0mBPG zG&_1>GR(G1#`*U#P^=3g7e^7dEv{7S%7HxI@?aQ)N!XwigV-?&&FDgLrE+Ld@2K1& z6!YRoFyn1+VBZu#921rA+Ob*K{2$to01`>qwoByY#?0tBpIWfiKktTin(%F7fYXRh z9tv!60j}0v7=*&|4sVOgM-JOUxai$05M}zXiJ$ElGUBy`tXu4o)uQ<(j6DwRhl*E= zbx2sa&z93f2LN0-jLC+4#HR1 z`{3Kes1Tfr^1VE@uje@Wb^BJVV>TD%L;e*VFef$#+yf`o$ORV#WD(=2zKUI2&P~B0 zUj_ItVh|K^+hp65Z#@BU{W>$Vx&9UuM+YF_urM1U_YNln8KWBx(&VDIlC1rYOewZ# zfC)bM+24sMF)3iT*n5+s(Fk%Jto{w_ZOeK;)F&fHv!AGyIgMX)FkObC^tNgFnjx+W z2gTK!z)NsD;M|bqdD!dE?@=ZSrURWJUiC^7EV|=bA|Cufw!W%ZK~bd)6+8s zk>M)`IVR;yyY+Ar0@_il-$C)ICiEMvkW7O0K+2WEmumbEmXK>LRN&sXu7MM5`mbwD z@apqdd-ZR?36luxg74H?QR4;o{I(D}b{4d9S7D}n5mYK}1(SciRQR$90aC4B>)Exo zmSzGQk~wr!Ag=7IFd}RKXka+$Rv-Xed}P zy#NJZ!0exw18fLcEYuPcMMzo_TaIRF|K@wAl!B?R004e{FQrF+#Z-vFK z%YN4=guGLvjLDQ1)a}KNx*=oDUeyV=Nzih;f3TVz>{S3c{0*j^S5o3~>~~5Vl4vC?Wc41g{( z>hHk2u?oqP*LMq@^Dq)|pWig(Z<1c`WG{oVsFRs>V|1poe_uOZ3U1H~bweNDdZK!8 z&)>8%O!|iHda5j_@VxflPrOE2pQ5bmfP%wo{}FkqlSC$n6%bq_!loVd=>y?IhMm;vJ#64Al2=tF;|h@< zDk+MQI_c}g&5Z&4u6G|ke5jqY>M@&wK&WSjIFA-71aTdJDvU(}QjexH)q4T6T-h6k z3kzL(HrHY|9T#Rc*Q?mr7&h8*tLpUG3D)^N&{zySgIIwmS|p1>4!fb^4$h4iK+^TnmJD1E`TiHkmsU_?K7g`=eL^6x+%WJ2 zzlidA14r&qamu+macOXyM!{ZN|F7D4Xdx4*tdJ*;WZyT?&Tm za*)rtpv087%I3+eHPj-yTa-s`Hx)F4|9o5P5m5a9Kd0OnerX4ap32lTM;W>PR*kmYh z{_S;Ku9jSlEuucfID8PkPE%X|xQMUKlyhlMy5)1}8Hm^aa5V?{m?qkhGpxV#73nn< zR7*F@GXu6hS7ZDDJ_OWtj1^tFF@&}$KrDTdC$jAlwJ19)9K&ZNMGne4Sq z7lRYDbnC;yxYUA5CBy9U*ujB?-ZX4~@a2EHJ60{Ba>Xl(5128TAypfT*;LbZZTcK4 zTYkU$TQC(M!f25@4~hTI?A?Dj9mI~RBFht$AX(aVYD zw*B(mo4{G-x3TUE$}R@~fA{BpeBjbsj?aP54&kKjWma5I4BNJj&}ur#U;Pa{&$SYj zI8pQ^U&-a6j6?6+0WHayIg7fX+As^+wT|a9Gs?mAgC(Pa2T}%+BP}|Lnk2y`)$+|1 zi(1UcSCdPpW=65l%lkWoeDY~{M4YQsW>Sv5MY|Ls!C!?vXUIEXS0E8zZCp8EEf|A) zPT6$n+pU$N5}u!m8ddIkJ@LyX+NMvxKQM>6g3#->_Ltj6D`es{B(q+8qkVxp>wORLciao7qK`F|} zXLJ}j&NPHyw;f*(E6g2e=xr;S_~qmJqOy3WNw^j1KoId5mx06trnyJ$=>a*WJ+_U+ zqf;Up-(nfA)mqd(e!|nDi06F`U#WRfP%V@C7Cw$6eOk*^uR!mIoDlYva&hXB4={0P zT@u-E=SO*d7M(7%w5#*Kc{AxWAXiiFuIJKGFQD;MctD87_FAPtk69b-!PyzTNwY*7 zN4Y45i$B}Q;rjv7O7d1(G#>HVysOEsH;Hi!${eNJU%HMA>@$As1PMd^=A zdJ^X5J@JFUb!~;SiO1iW)yS`k<10P%3`m)`or}`U*);y!t~y{TbHRYQVZSH4AG5o{ za^${q!>vimiWzb>l|c(7>IPRO1%InYO4~eJSYf$eR(e6PZ*sJ!$F4Pv;#RuA677F8 zR(?vElr+u$Yq)iHdzL|E70j_eBJy+-M6E@CD~}vF)<%kDJoa-!x~aUGzrsk9lsP?= z5pPX;_UZprgLg{>SbECMIZTr3spmmj5js4=Cfq$@<3n99Y51EYip6N%5!&Umz)|h^^RYFuZkoovuTQ4n{rt+ ztIAC4R{t--^D!0Onu^kOs&KDxf`@9R_1e!q&t|ecQuEmKhLyR@{~?F&m_j@Ahe|81 z8t%gUOhXoAOL`4NI0j*L2a&TQ5pWn!3Veu-bnuB7-}iKg2zJ^LL}5>gT_tsk~RVA?dYO z#q;XJt{==uTnA+5=)g1-PhJ*jLzacD z_Z{;NLFZ||S-c>jK9H#6Avk_v2!Q_A6Z_?(cX>6xzp#~>Mly^Ju4$GiXjl#;5`s$= zRt9jZ?Xh__YS$}03as0XG?-~Ry=lW}Bz2l@%MLz+#T9Z1DOm<+dZAoFzaIgGi4@e?67V(HSUmty%V^iwuDwIiaDo}c^ zA!L30o0h?Q%~9F!^Y%}XWYm+Zu0(uOD@#M`>sgI`SL{NI(_}VO?9N^}QY**urlBWm z{9xgbN7A{=URCa8@DYmfFrAeSOKm6YwrUl(!57~2aGt7{>D$wyHKYSL?X-Ov+JrGQ z6w(J_;uJ{`uD!y8G>*u3V(H10T+6Jq6;C7tK4p%PHrUGYS($hm%f?F%%b2ZSx&e@-yoFn{^|YI zjqXq94t>rBsh-=f2QAC~M#W%OO9H&flzPxG7}wB@o7bsJ1pB?|u54!@&#=<&`ol~x zV8ib)@x8``#Bi@52l}NJw`y+&X?)^8(n`0fQF=_vK0cMUc0njq=6=%b*9eoSnvVq{ ziQl$T)c16wuAp~TteYm<5|dXLzNho4*J+Q6Ug|J}eLOGb`9*k%<;uL&_3}qT`6f-2 z5VpVGKXR-fgkyGD`%<9LRI&D9lK+IxN%Wrasfjf+A)mps?aOyQXOEjE!h!0$h;nM^Su$rG!E^Uf)H46e6cI+f|!w(0ZCmNyb!E=sgbj>LbDo(?YP)Z1TqM}u^mHQ(6o zA;WNE8zadgh8-(;(n)~mg87{}n1&QQ@Pxc5`LO6i7~ zASNu{<#7l~+eGs-rEX_Du~QPh&EXuIE}i|>xYM39>p{0+0G!>V^*h(#COKJJvb;ac z&QbRY@ycrH&_-H-eTsXpJZ?AR*G&Pw{k$+M0oB}`+7i~S>|FqBhY>|9@2k-mllq)^ z5y$W_;Wu;Ll9k5KXfZl7{oLZa$FbLF*LmdUl__VP1Kk_a7xJvM_f9o}I8x?ahe}jj zWk%NT$l;IiPM?oaEN~9ACPbY;j)GWE7@k$xCvRR=Yn!0DDiAi1ydXM+(K(!5;of`i zdmgpo6z&DBZ&(!KX-sto4G+d0SdDen5d!V6%{r;7r7sq%T^%dNcf9D!wc@zwbjPxV z(&00y5iIS@ZyrtZU8u<;YHRyd^v{J|Em1B$_iH|+vVWPFLD>EtAEv)p-sr3`u5{+s zqa(wlpd8L{HNV5QZI!D3A6wrYNM-;2e^e@?ME1-mBSd8;G^~VVlZaG8l9jC;$6m<} z*~(V3DiX@fNyI55E6K4roZt06((^o@@2`KJr_O!f?{&SeeZ8)y<=EA-D>Ji7%{%|k zA?)8Bbdp{gN?mwgG|ir|EqvK@V8Hs=IKiRm-jK#PV@dP)SMjQA{g{_<>EIffWv2AF1kZ)T;W~bh{Z_7m~&PUp5HhK!*9;Bm&@R+ z&1#ejd%j7l>v@Bfo^g+AY$A4!eS8D5 zZ!GGZ!CG0&bW-M}IVFdCyu)OdHEWFQ=gk0El9}|HlHZ^w-J()ww;o@#;}JX4EPd1T zXNNkh43E9aYnkkrFl75k-$BpSdF}J3>YS_npE)`tu5{RGENFT^8&_A$IQdYfQMZ54 z_H&}(d)d?M3?HfG2Z{);EYpjT>8m;{Z^CY@93TzX1c7h7>kIRW$o%(%JrFNYgBX|D zsg<==ulW#g>KxwRGKc9&0bVf-JJ63adCMnu*l36TaZ_1~lgEx2jJQGJC;Lr(v2O?L zEDWTkCU)3fml%`ET(Gdok1KMiQH@Xk7x3TH3mti@;fk&D$VL^<|VJk3)p~^R#i-&JphC3t1gL(so-u zR_Z0H!x81s2bDPX+MkI&H|jujb|Ob56ZS|ztLk$GZDo(VnMa0!a<& zw{IBrfTNp^@iogAl!9Eiz2>1CgeU`6%qIL0mX+hw0tBIVdY3&rU$xwO*@K>U2L_{0 zk2j+rAGFQw@G#~(xp`FW`h_*x(}>u}TW0<4saXwXs0P-Z*%>EhFC`9DeSzh zCYI=d&8}#=rTns9DD<%MLpMkk3rJSUKaX9Fo$4GtL0I*Ll$gy^x=TKy49cJy9-!_#XH69Vo|Q3$=&l=0xyC>kxZQ zq79S!e?mlS+q{8?g(5_ryIWC~MgJWafzxYAYY?^f`b>c_E?MN>)>Zt(3}shHLEgO+v0}#6dO*{)x(5Cx+5c!bTzqMbr3i!J zWW*O^;tWSB5sFwE0@SMZBPI2DO68xEIA}Zh&_w0Ci$jEs){0){qPZcNISApenM!m3 ziy9YtE)%#k+^g;R(H0}oIw6Kv>=7W-a|`u>5Rv&4OV!Qa)!0vq6PyI)u9Av>h6zxI zD3j_QH7KwyLfnO(8On98UEQ<$*a_~slZ#>7Bnnke$=!YY$!PXT^obZ^smeFT=Q6jm zyp`&F16Fra82&6K=vztVb77S6_3r%s8TE38vr10d%={`%BX*spd4p_v$JHjUF=e`* ze+gu4 zTp_{5WZ1T3Cr5ticI;0-LYTn)JwKj*&k_r~i|LHYlCOW} zl+AFsge0E;oj4!pIfAZF>mMz?Jsz{@s#iJh&8Yd4=Q}l~jdI#&YswB=((aKcr)P{x zXRtgIAD6#7etI>)X&0S$5fBN|FZYS7Mn*j^2Tb076TB@Y5iyamiC`(691)h^XGPA~TiOn2Cp#BFbh=_1t~+pDOfwnGDIkmIe`^Av72 zo_OTl7aOa%pU#YsG7LFtgNmgJO?!PW9M1N$dsQz%P%v&}sSj-vIu26kMa$J+Dk(|*wuN>6&0`VY$%I1GaQl!ar7N!pzowpVsJ^fX@gtTIVXE7Guw zJ?#}_Q`r!i5tVBy`*4D5zB+@~B&g$*T6dkIahc76(sv==0ElM<8rL3pbB|!P>hvKP zGXQC}(Z^#nRxfsnB{PWr_!>O&==sZt1J{#vD4Cxh2w9qrbBFY%DrJ__%OQta7usEV z+D-5^m=w_v4va%qFR5Jd3H@)^nG@N>hh?k zO1~eLWld#bXe~HpFg+5Eq}@s`SWiPwMJE1fYxDO{OutwPXkY8-ZCREwF&zr#BjmMH zIFX<GA51fR; zb?9Oqh%9AAqdNG_!DShg&1%^vQzCR$m>NPs_J$<8E07e_pTudrR!!99UvlrLG+=Y0 z#k`bt!<2l_TGh$Zh`_lHDhT_IN}b%#5p;Jp{j%XP#lZKG)Zf|%hNQso8QUggYM=a6 zo2*`~D+w2#1H>>K(%d_19k279J?UY4q{fDhI8HAQ%+*=zR4631UPwC}v&5~YtXu8d zW%yKCLfHF5?}ZDUsU>VdQCc)`gD`!&DNZWxHLh;+QRM1|92`?R1FMUtICTc5t#y}; zPf8}4ZBcUa4jJJ}a~Md!6kWgYoZy?gyxMVv9up!G!i8}#)+g<@3rg>_tAE*m%Kw5d z7>`*B1opdLSfZVnhECQr0_#uY+k1DqOK>RS>uwp1zGx_`dLcP%Jcb6 z?rHCVm-SRSw85bxTv&;njg@Io0zg2HTaw$(hxx?RK<6(lT0sh!B0_P`(ci0!P-=N6`|_M3E0xom8&Q!lFC3zk z1(?dQ$DJ6H)An$SQNNyH?s{8Uo=?8f^X-)@9&9V)64R{1N?#YTNUak502aaJc! zaV~%dZ+Dt5fpTO}((&sHN#C7?(x>hoaiR@rKje^fxZXW>R<3nfJZA0sJ0O%F^bNaU z1-Y<-rQxZ@>9_g3L7Z%Gpphpp)DYD;NEs$$+ha0lXd%37XwIUVcG90g??Jt!9M3%h z!UF|O1e;wM<7yQh!v1*P9Kb~gbE#dc$289=Rj7W$B}w^*oPyAEvmSSF!~-G8ZBC+1v7sl0{aB1o zLY5~-sA9m&;F;e;5UL-X(^*47{V#`(2;IIz@JWBtpsR|lTS#>I_~xx?blYC;nwC|Z z$>v@D!-2jqpw_IC)UCer8D8K3RJtjdXLQOkCu?Zi?(bVpHa;Oy{dNR@!unJ{t82d+q|a+g zbUZ6L)Ao*$4o-12)SLaev6leuc!03njBq7nTpZ;VJG*u*yv!EF=$-q7g*UTDG`rgQ z=nav;`T0bbCSW?ShHDyadjp<|bk)b`de6-O$;+I_!=?hfG>O771Qyh5Z0Yz_!SiCwc zY;fjRTy(+HtSr9j%OJQSDe@EoV(oke1|ABpw=37E;CGxzd4^NcT2PvPn@*f*ZxAkp z6ESt^@ko=K#=iHiQEPvKn$_%)vHb+WJp(mt`hwn^8*ep7v?B-p@!2ug9-=sZSr&hYm_7YTKQ?#apGlMOHN! zGpjb+C$Z&r_?m4R=}UjVVgd6vFjR{*D|G%u357J(yoT~yvO$2Ikvy`hDqJkFYEpnsi%oZk|%|HKu=FJno)IppzeXz&|{-XL^b->~Z9@f}6sF z7d~s11Ei5Y(&^8Jq}|8fzk8=TZQ=oiSO1=uOHPig+;jeC7S*e|ri|hl0eo-r8Unvv z?3g6Al9rSPr<9RlUIuUtqiH4~C1;ef>!+P?blX#RC7-VekyU);$fIN|`++aXT|8uU zxOaHxO8+jgLPgyf)t8+VtYE)$yftWS^%&G7fSfNF@zeIy*bhLOR*> z@y8fZwb>d`L(Y+m;PeDs>K-MnyKKV~@3sf!@Kp-o-Ef1V%N`E^omzpE6S^DEk)ct; zZ{QGlJAAvzc;)=!v$yT_)%JQGyz_vYx)Ib-zS{m;Jz7|RnU|VY_og~luDz+oP;482 zXHTJZgDNE0ahU_w@GKPHO!Ga4G;?mK2;BdQ1@nVxRTO(j_}s(6^PIZ}Svket1ZpVp z#WEkP3*FuHIae=A=QBn8{83A`)+6Zv@x(Xmr`GJ}AMSg(u{V7Wzmd%Q0BPG(&u0q< zOB*IWT6jT#*Y5d>Pf(+kMVavU^(8NMyo|e>TajkPM&^-vedA5vH_Z9J0&betX3gyH zRMEil0T`~#8p@O!oKk{Z+{HVai$NCuf%29{79? z+?6@*bI9!HR9XE(8?kC?Ig9>J%zuyTCuq>Xpr6QK*WQs09@G%np^)bb2dJ6TW!ku=K!A9QO4so#* z1g7!~jdl#q88&%W_$wr~J%kX~+Q z-O~;Mg;zAFCSgIz_vY@j*jMU*c$c~uAFGDWBEQh%`P_Dm)E5WGj8b^1g$!=T2px<{ zK9TrF(;SL|>$gW5=N--X1U03yzZVTm6}gOp&IbIpK@i1T{J%e33rW)qEnPA-HAv^J zExGM`ck}SXN0D!t{HHUHCZkEMWmc7aQo#HD@X4EXty@SJ!8^!SbmPtGm7X;!ZPrOr zXe@JsI_&kUZhBIJp~LpzK)RpdH2>`|p%-<7^>dl4XAjlXyzn-q=cV3h&RWWlraU0k zkQK(t#ejb`F23vw>~y+EaJsp7(e*o2gA{vh8_gW;m902j@^Da#b0UZA5A38~9t)+t z6r7rM@S}n8{7jNe-gXG{9D+#8TA=jAs~uSSm6!XQI?LN|3K}D`<98-ywcBlxcpp1TYkFU7S zWrI@WO>UaxBmHsFVIoD@geSp zrUXHUUg%>F4}HR?DxFK%)t0Xp(B412>tc%vMo`WmZ)r@(cSa-u+7Py z0eK{YGPP^Mb8q-LE#8GTFalzuMoJcJ@wm-sHKw56|5f*bKb1^-MxkV>WrtX zR>S2dViFWQZdBHKi4xfGl-68~{`*uc>e^MlSAVVH88-Heb!o~ZI7zQT-pZEgV$l_k z2KQTp)rOi}5&W}8O97UZgTJghuJm@l0|D?ej)p~?amx8K^95+_LQZsKy>A?Klunax z@u5oZOyo}!G2cX1yM(V*UhWE%kLFJK+hD67q-m?UsVVbCLeRMQz;15;1R4?YJi-;iAOW!TO$D?YB()XRHL85MzSU zLy4R%##y76VNj#P7d4ndCgxvZF06M>kc*FjV)-H z&0Jdf`jjVoBULmnCbn7L_c80eyhQ`6Al62my33_6u6^BiZ3SfK&wk7}R`FgMRyeC^ zb+#zeRAk$pcB`Ju!xD1#?D+*hM~5I2|^L_{7NuFCLC1-O|e_QzG-N-#+YGu;; z3TSKxHudRq-Xv%C<)P2PpC!ch1hm;a=C?C6_}TDmeBhr2f8dAYZBKqk9_I$hm?0aU zjI$C0)WjQ55IpTdkMfUyQ5j3M3l_-gy6Di1dSLhPQxiQj-#)xzu*v^i1?$b1S{$z> zKNcmqM*{Ddh<238e%i`gr7(YD%`^?-R<4^wGq65i42H)_29D@Kf#-S}SiyGC>{xZC z>FX0jj%k#{o>&3dG}wzwxP>jW=ET)vWBP-qMKX+RB~zc|Xz&Z98YCVUDGeIwbCEc> z|68NkGH1?R;o*IZCJEii=1lx9&7F_jzP}3J$S`i+bxeauki-cGU<8yJlex-l9Qdfq6CiypJ>NJcAn4l<-TR@ zRy`?uQ0(W!m7r!lgY(Yk6vZ%BiiH-hL~(Y_coKNYE}QjkBrPlNwi?d^1XMk{VZpUX z)9Tn2l*A4Gw2!|iS#K|LTz<(X`*2Q(kMUtUbvs|B@en(c?$2cX-%5chic=mIc9j_( zo6^FRNJI~#KBY0c5Wm(H&e;43a5s&__^|}K_VqwikDMN@%wZ)t4{Sp9VVy#c2fd{! zmJ)A$G&0t$d0C*%aasoKuxDV~Scef`wL&?G8VK7jdnW+|kj!CHX!w3UY~z0uy8Rd- zwYG%$LKD<_se+B0&$7ecbHI@`WrxqGACw>%c;f@6Decw0G@y$ypvVpW9bbuq|Fsv)79ngwuiF{-{@Wz z06!Zy6guLsFpOp`9-+K)f@e9I^;o=LX28_Ze};6l>d6Q43;`ez=g|@~P%Bycp!10L zs`2M7S1gDQn@XP0t+s+(3Y?OJ^-9;&Y|vPnyQGid=`^NJ+mCT>c2JbL~<lkue>>y?gqn8f9*qso!538 z=3QIE^t3%%6Rd6+!W&tMw3ls+DS;{v25%p~yT{|!g|paQdzp^}TiB?+*d(e${769_ z4~#tQl#l~%awCV{m}z64^(CeruX!CLxr|OXGpSHbMAQz{yLq)4@25>XCNiLqD?a=MYRwe4^OVrKo3V@Qv14vj>ub6fXOl^i) zP53qO8v-XwaBv9O;13@TWV8edmsp8F&RipeFI7QOvXho~8=4cfAfDj3+6rO{JH-H& z!G|*Gzhw%{{24F0zkcOB5XO!z9=R8E13O8dN(M+_%1c@_!(2ImUrq+PX2$dW>aU9b z*MOqu?+QT7nF}HDDjc|Z{*w?nJWa!mK#KD%rRqj_$Ww(gG4ggq`g~cb+=f^xI0v;^ zJOE@mRIBiP7y_5lNg{(_(F|t4v>Y99rfa)jJ*PB17(iS(9whGoMQ!UP9)|_1{QwQ# zZd~82&~gP`afrq@U!!=tJJ}VsvydbQbwJZcFI>JX*xN(9v7J}Wi@xE;X1z=O=~2k< zfOJi$n!cnU#zL#%T}{!`*03g+G5n#1qwa7bRR69s27fo$aaR`*8k=jji*;;j!z1Ct8$nAvyHO!Qi>PNtD z2CoggI<{uMM>Q0xmH&`ng`nyK1+bRJZ%;xEBRBZK#a~I!YI@&apB#>Nkw4Te+un@W8&V(}}mq}J6|&~mWW3vf${@|!pK7$*0G@^O~BksUC^FFzCq=PU-f zndo3HzCoA9M;}lM0LaG|sSDEs&Rc23Uz5_gMSuq@bM@HZf&R7w-rs>#ROt6PGG7@H8aT8CF8G3y z6Y*ncJ=EGamWltZq`DppPK{tBsTr*aZb-h3GGy^99swfoA~_=r5Z14Cbc}yLErKw5 zV87NJZq3KyP`lT`<|l!RUxDXMfts;7hQ|+T?cyBF|5k6MgxJ!QAS7?#OpnZIGO(>Q zK#=_;_$p!W7rDy6c|-rfd>Dk)A!iv2Wn3lMQw3b=r|IukiwWx^oOXE3gUUA^|7!%x z^Prui!M!9&SK*)$7fRe5Z02Q3riY7GMS|YMC!F#eQj`8BuyYy&?Rp7d0lImOy?_#+ z24dt(={J1cWyI~L{1C2&^-lmWfaCi+Gw2?-Fx7A`uJTG`IpQ+DYsAOqSOb=1D)Jx! zuGIu-K!#bbAF&KaTLriPL2sg z3qAMZ`V*n?lh^_TI;0w!_wZ)x`Ws*`)=wW=^LzZy7%CWs`h-~R{Re)X#5zYJ&+2EZ ztbwYnSKjVgP6oUI#)glqM~k2edY#iLo59hjU2aJbrdDVN7*I)1z(a7`abKwaGI=Fm z02eCcF-RPsaA+C7F2ve0z;%Y)cYYj48Te0~&X+npy|xJ*Ln{tv=#;16x90utg^NQ` z=v&n3MWs-%2Nq3+2z&PWOq~}^+kM_yB?P(<5()Z6)4vB{qQ70Yq;dXtBUW*G!uURa zzY%#x0qs%4gF~n)6Am%xLBQ3x45=?x;ZPC|wUA7@zdhhMZl&s+E}nxL;GgWXeMK}L zm`>WKBspmI<`i`9$NMJ8A4XZp+)BO*g;%m|4SM`m97zrXZd$n=qW16^7p;WMy5m1R zz6$~-{byBVaXmX`QSU|7cK^w&656bgV9+VQ;OaZgI&CG>Wq+7MvA#d=5<)-)fGU+~ z!5%oNN2Xh>mIi#bTzPwDIhjxrDap}QG@3tF0vIa6517c}4J9bET3yYTo%%?l+z!YU zYGiIY8h?`xPB?091mLCXC7m8OoT!pYWTt7a=XniIo?=wuFCnVCDBPOOt+Wf+n}(aP z55trN@r?-?d~UUMS6$rerRm=wfnb(^a$q7EY`CUoDUaT~Z-4pnNNweKd#WsB+Nse{ za=7PK`(Z7+3Ki0!Eg+7>LhgW={8%QQ1ogWjbb``}2uI`u3-);f-R2qR?^kqx-cY2i z&AAD|11H)bk_9tV21f&WqD-ePB*;s+NFE;oX}7KAfwe#**ki?Z&?UScP*WCJ($r#9 zB#sLLpjZ=>!oydMnF`;je@F^T-rc}10N#%G;*|au0$o)I))uFQUy4F8a<)RSVLxCj zK?1EvfXWwW`bC$(60b$!&x?@EoW8z7s3oqbI{K_UJn2n=Qd^_#!RMe2h)mzUF2b<@ zTB(F6LV5^sFKodTL3MY6M(34bfRBJF)KFn;ZD#^s zZArH+AzUJFonbqO4%932$n_9_9G;uDn#4#jlIhnOfrgOxTCOwW@8VSGZv)b+qFRXG z6hcSF`1`IPsH7m^kIm%m)qX7XcXg07JOnoPww6dha*^fM-Gn)DM)92(*7ELup3-bh z=I3;JMq9fp0dT}*tLx>>nxW8LZ)d#fe#eYX$Zxjn0`!X6+Lt#(&%Vmr#DF=x7XTST z9SVQEKL{%i68XDw3HGDVW~p|m==v7_>LYM%oz7w7rvK-m-;RK@dqh#ErScN1J}WeK2c1NPr2i0nJ=pZ=0htT?si@XRPEk^pU}TwW(BqIACg za2Ps01GU7B)AJv*atPOaB+fL_4#o0=CY+cQJ2Gy-^MUSCT9``l!+*Xw2|_vzQf3%O zIv`n(6R@u@!or~67;A}&*54`F)89S0Cn8x>?F_>$DvV1#XnKKzpFq?U=c6N(!p8j_ z{B1q$PRVFPUq!B(cfr|Zm=qdtz!`F;f%~h7{4f(X;qSv&n`nAfvGrdlQfMGni%b1` zt5f2DK6qp^L;N-?_kxa=!8G->uYV;a4Fzj|0kCFd*juYAa?^__OyT zKn56$0hYCX?J-^TJ$z2$iOEI{2b@2?!zlMQN#Sh(OX7tMTB5}_INOwp*rFj2G4&pE zU^|Mw+o_xj2oiyV9f;KOu>j5E)cnsPJz+m(lTPhdDi7h20%%vO_BmoKBew7Wz#^!M zIkV?iKGvpzua0|x>Ue8r;?IczE&***(Lal<2FL=Y5gh94h2m9krp_%1a(bMhF;1dD z6j{h{{{2-%ETgVTi3m_2@i!A~9Z)3YB${zfY{M$ZsQRTv(3l<_EI)$za038$282KM>pud}_Gj#_%a8B7%S_b9MR)=FkJlqEZOz z+zAx3r5PY+<0J&0(~uO~@6`U!V+g2lfT+N1Lt37*14vy_fFFq_17!Hm!v+K+6DlDM zwU8^RsYy1c#$W-+)P`J$l)?ep2i@uHIWjmV#uyR-_OGLp^i8A4xx&%o5!*E}mTcha z(c^TEDXfm(0F+R6ubV|e&G#91r`_YTG>|499?mRWIATReQbiBC}z{&@!j2kO#}})coG+#oT}lEBA}Rip+(&PyNF)_W5wuH z6N&+-T?~EU1bhL^6<|;@;KE`W`PmL`8bBfbHcCbSwEl&!Np>(tkWTB{@T^zemW62*%mFJ zY| zqX@=p`bs#lvOf#jvF!RgibY|yy6<@&esxR=pmYDBy;Y{PlZ2UN)}st*@b7`(EdYvI zzf{X&IF`oNN$V|C7=7Nq!{US3DgM3SDWtV6Rq68o`yo;j%_uwY8m7M+bN_qCQ_Xt0 zHLwK$^-2N~pP~_t?7-Wa>S{prgL7H_fiOSi*1)b^OyI#}&<7QC5a|34!%rzS(4g2X zVNl6~AOLHvft~y3Cx9d|Nf=C)cfI=OIHB&(*mmiG5<9%vW`Ud=$R{wegsS#|1Kfe_ zEg`<;fhqyaX!$leZuklIA1+7jG5U;=2CQ-X)pi73^!FL0Faa$ZCQLwwWjQ#you-!@ zi~$wN?8gIyjB=$vm_sJed3Dhb6MOM->4mOK@?d8AqKSI|nTfQ_SlAC!FX_0>cLC1Q#=HaQ6*hSR3C(P%Hi2Dgi4{77uNO^nuLRZ2$XR zF0?ENnX!xzk>?ne~?0tN;br=zsqJsq?xC3u@|{FfadSqNs5PBKcoDopuz;#{bkI+KjUxG-=2yZRL*<`Y(uWu2_n53W|k>_6|0-bc>i5fajq%Qh7>#h7pyI%IUl zEPY47GZo(v%;ypb@+SacF0bg%q!5HC&l;F)WH>Jgfx=Nw-!(_jXOH`ydsv3xejEUh zaPc?7DJMf_(FTKNF4P=K)y|B-%*d?TQYu!P#=nRdyUPLb{&kct!#n?<2VK#F=X@2` zKTWQ;!{ojNMSF-ac&r4mlXaLdV=f3lt)sVEG7UG}xq?NwXJlqlVA@pbzx@=(SZk?p zPfse~8v*nXEHEzyfm4_IgKh!vp2kxD`zx3(Or`$N<_pj%|L?EJ=0iGxXDxsO0t3wz zP}+IY41pTCfq)x$O9FjpeTy!FWE3B#AZxIj3QiFQmDlGDAaNp!M4)|u(}d}qfQEy` zsodAeIII8q9J$WRzpJ>oSntzj)c6@XCjdQK8Vohu`u8g1Af+#VAEw|9!TQetWIk)G zg-o!kn*eSOKr#zN{`Xges;jjJpqleyh^+rPj!tkR1;*7bFITv#Vhm6F(*EZRaw}Wj zgSLoB<8~z}lzj4kjt8M5s+fNRJp`_u;jw;_8hKy-EMyLB+EnrDfOihtle=e%lqLpx zlJ+a;S}^?`nEDAa9Go#FY_Qn)CQw6RdkUxtYf9v!DC;h zDJ|aLSRFcCO3cMFh5plya__y7Ec^oUQ};g-ibP+DdY6#wiH zLRIBigH*CVo8%1P?o`#^paQ{$pNL*qTEB?Mu37xuK!zpF9Ro*-O7J&uX~U7-7nzz_ zKNNCRBj!8E5%_T(EBgQZ2=*ELh|safut*f3Cl#+`M`7Wv2_9OlaZHT`38PUGU#awYAEu@DS}?rgyc<+~_AxiLlr3 ze-|aL*VbCz_VqJTGFbhToxSE&QSmBAiRZ=R!etBBxiNX4Y9lCVxed)&;iaeXJMK$lTAr z143A8uD8Kjrd?Z}cs{^@S{%sg?0jBg;WHAe4bw z!q=6%fVZfX-iEuu2;B(c3Fndv?Qhddud~st3a7z$S%%l)7NRNYB~7ePas4a}$P1v} zSis+30W!ZG7Jyo}kQZP^Ucml83#b-uom*c3UG)ymBE9{CXR*=`A1BtS#H=ALxc$M)YaW z?Yeq=p{^B!>2m>Bpzg<9x^irIw%kXD$G-#RtV-Phdlu0lATyag_uhOFe!)b6K6xaE4Wf7@Fa_v<)a?oGd7dgN z==gKi9%-XxeaLq!bq8^)KQB*#MxQ408ssr76Z~^!uOLDP8wC;(jr_>Oe|QOWp_zKz zFzBw+>vtg%f;k~qw<2L$wyDk4AsJ7}Zx5y)e4q`r4@iqU#(@{wYIzhEdvyJu(Fs! z0ou&vwJ@`-Ko(~CR5YsHH_3EonE>oMbbKokbFd>e4iEZ)@S&+8yuqs0he?6b1pA{r z*Ws`JP7sKb%;ES7nDuZ>kI*rZ6$k-mmnK&Tq3Zn(hfcHSR?^^?ppD3Ex zZThl5vl6TtX|6ct*|E9J2h0V|#9lbUz2vi!(DrPFwa=z+OIc}}@kDt9_LV5S)4v5= z7easb2QMH#vDLO}lk!6J$XpPlCUoCq)`qk?b%!TAME5p)M5Z8 zD0kv#I!@U$_9zbdXQHRi;&vQ_%zJ|mTV{K2|9Nen@B|#MOE27iwUJpsMP@d8)a*zj zjZlhT3m4A3J7&+u0G% z?f=VEWgG85<3@1L+Dz`L8lxC}1`IQ#Weg5O7zI8z=DrWDrvWs6)sb1EAKHv{N|$I1 z=T}oLy#sQE1!yFdOmJh5k9Giv{l=mqJdc?iQRkxY|J78%H!OE_BDmxjB5lTQLU34i zA?y~$06HzNf$sBRG+_;-y%h@ZZcr8U98mU405se==Zb&k^YZ%lH(74K!Q+B%XcYT( z4{fBv6}rAe2Zeet_HSR`Z1_B}S!B6=a{>Fdot&(Ro!~*yC+~XVnQHojXn5#Ji&-rU zG%XN0lvofbgATAw3(;fOj&*uWu>fmcRZ=_?2e7sVPRja-+&nt21= z2UQ&(uHRSq0=(~2m^1Sdlw5VCmxLYDkYMxAte}B}f_(Djd37^*6`Fg)3#^ci(nbf7 zA-2TUWN2YvZ>|Vt#dYA#?HtF+S4kfP#`5>~;rwYc9`TwY;Ci_$TB29Y+jE*4>BYYg znY@K~uG+{9m>oc=XgT_KP%oEtD&2YqU83==z`D_0+)KU)%|JdD_71=pwIN~%e+JVH z&){~PJ%LH_LZCbHkHA=|?Cya+hlxmkZ;$_HHWgEd*E%nOl)&ag9$Fh!*ZC)8j)$&3 z?Bw#d%w%8o#O4{5B}f<>-Ga?RENl>dshENS;WTHDUJH;@|K8aJ6xVbS2W7*yuoST1 z<-bGhB~1p#6ib*hT z(q?WlUvLDSO*?BVf9_3d_>J5ad9)10CY#w zO56bb?JrSH?BtY{kPiiC%FAx@;?C?)-N~bPj?B^FXkEU5%U*Tl_ZER%2o~%n=fpa% zQ#&}Wl-)rwwRhR61V&I{sX6R>nzwVFh!ooOieoTAbEKyvz6HuUZ|?xisYM9S$p$}S zfM+YauPzRTra3PnaQXbnvllWB?c`RF^}K_Ak3y4o1;wjfj)-I~&MjM_lg-2|-TRLB z65(k#>Y8JJ1U@2T@HwU*Sm3wkHESZ`wrC94W7rWOR(PiO7g?~shC&n)2(H=;F8~=I zC4!f6+RAPPPU{`{3IfZ5hj%TNIW2dR{786`OdcEYGiljk8=@F-O3O%8v!XwPblSpF zA6V!hc+k^iG$KyIdzP=BviNv*X8IWRTpPhgJw96GM_PLgZ(!{x3bGmQM@iuglFGrE zrz*wju|%*bM0D4!Dx9(x)40s%3OXli*+n_`UkR?KD5Sfgo)LF;hAF6xZE0R@X`jdR zfXey{`@qiSN`Pjptlk0`HbI)j^HBeDeYA}?Q4k}2rlr&5dR5-i4`Q_lItTWk!#*77 z97fCYxNd;W@fzBPYz5WrK$-SD%>DJP&D*v@KW^bNOaT?#f0>+xA786ap;vnxwaKib z_o;niwA9HT(WPn~&xV1^o7z#>KLmiQ;PI-*R4>r8gJ8d>$uuGSf24;gCx7gbw`0#Q z#Yi^;$*IltfATc~to6&lPz-8x;R*jPO@B$pi9Fk!{8EM(OaV9IU0q(z*Uke)B!<&L z+!gK3&g{(swKpNYTxjFbVTxK~3Au3X`U>c`Sx}&99-2+BS%3g7hz-2KOI(muIo>ryO7^L2wTs=0Uy(Z7jC1 zPG!Qq_XedeJ;5a-!KvX+4T~@wM0eNJ@zU>n1Y3O*T+?KR;+bQgSURpa6YeN(mrq$B z-!+&1xt$9-0bNE76=yFsMxp3#%8Fsv`eqo8AYw6ftlm`v3O_oVp)E;b3||1Ma3tr73gA{8$EAo zTTEF?(67Pxp*uZs6)o&^rWjrVxVJc&{>?k0+b(pzWH*i7V! zmu8O-C~med0u?1>yb}4*%br2pv}F;D`_UbdbOLBp85f`VduV3Ua1W9Brs~@N$@?=z z$}*!IV`$ABD_^Lf1L{M`MiS`{klWZArxd zM$4CYX?>H!i)~L%yscgYs`?=4K-Ikbs{+SD)ny|;TzhMCnoLVYh6!S0k$WZ7r}sZm z$BmB0L$He$nG3Q`19jK6^f8x;sV1;@f$ud!r#6m;Z76u#tzi2oy3E8RlHbmG_6x{` z`xXP|E<4es>?a&~k~euNF+5MENF0s^vAL6p7@{2RtO=&Dq@>lRxU^}3vKSNSb4&vUUA0z8q;FJDyr*?%Y zTXL9Q*3v7(p%70Yr9Vmru!K%;X+6K-Z~`@PAcQi>jMUQkqC@Z&3aTxOk6d1;@Ba-o zJ+w5pFtl4y1w)rBc;ig%&3WK<+?XDyZ|6Y88tW!Vbcg(YyQ}bWUg2x)4c>4aI9sXT zes;^<=c>Iu^gnA&)Vl%|34_(cUUds4UXqt$NWR-rMP*wDpFUWFxs~EJm7T|>h)h(( z@5-W49gRADLJY5r`V5ijC^y9wM}*xe>x29zHK{)0&c?jAsm2tkbr6};Y&o5G>Mh8BggZbHnlkSWEl z<9=b@2-v_cyDNNQuwj(EF4F-yH0x$%k-phw8wc7RXIM&psegYH--KL4^xW4^ZlGG+ z)dpVvl*|xJQ(bZ6w)vE^U0_hDm3}?(VCRlI5n6EF^bS^)cpn-*fv$Ujm+<>ciRZ33 z%Th?5g?kj0Cf;ZC3ZI>=JaiFN9al&!p4|;tHAEamNa=Gt5LIS-Zfv_VQ z?cayzK5b_1Y*vEWO7qu&=8k9j{S~9b& zwQs_inB?B}MJZt4Kr6ZfCj-pdKH)B}&7@mouQWC63k(&~e@?L*Hm4SE0B0Rcy*v!6 zAh0Bk5m-oCg~O$C2ZE>y+`h={nst)OaK+8HnbLF%Pz^O#Os*ds$heVnHNHNxTVH`U zk1Vd$ZzgwivpfwQf!9 zyG`u)?6faVQk9|BJP)vwct|ns-qcq8f%yw?s;o;Zu#p21A0h9;`5@N|@5rYXr~{0B zZjq}YF3umRj^ChZ;vG2YtNE09Ctb_llP^L%#9~H<-kx7lZ9aSfUg(xKy(|f`sy4^P zsZ1S_SLMql8B-$$b@YneQyh1Yyx6Iu2QONAHd*4_>SSjCG|BjsjeK*O{{H5zeO!8h!BdDwW^yLeZ zg3bi&EAO{9@NH#_==|a$!!4pG0w2S%zd}u+bbZRO6UwB3sS{ z_<1`=0amXR-by*;6z9s&L{W?+bcnX1$+lc*Z|HKCc~%(j55keG^C~Yy zZi+-isULY1IOR9^X8qniNJxn!S3vDnghV5<9^LodY}uZ#_>uoUa82=mo|h>jWdcJ- zsrWR>fIpFr%naLh2+L-2+#Wa-pT*t-YJXlgwSDo`ZOKGG@Y#)~pB@v%KLqYeRy%5c zH2(}^OaRR#+nk<5Y_ge-Oa3q;E&`TV zFm~3sg=Li?@S@nZ(cAwP_}?JLT5o7+HspgGxVmD}u3r?vdepE@HmGLnG(_xA+N8(k zse>Wz+I#k$ZBn4!vT@2@xBLy-mlaK$JJoEi7(!I)kN;u~6gGw|1DT;vr8Tlh^#7<= z*3wjNU&^0~62qRBGTVnI`!3t+-_fE$RY%N^T#|w3p9*azXnlE5k3!0$Jo&|={Q0Gp zN1!Or7kO26ca$9vD?ysE@Yuzr3AO0%uo6H~KEo>%B9sdkdW1s7& z4I>zrd&f)L9k{sTeqKGM7r{p$jz?Fcy9Os{1zj>t-t3vf70vgQGn*n++n`$Rkmw@H zZInkBVE#DH(%-=u&gL~)8MwVubD|*+Yk)fkO{=?lD{_IcHtByPXk9Hl0HfhlCPWum z@=H@*G58B?7oNzcQeUoAMY^NB=j`Zc@G^K|$hvi&Ds>GosV;dM5zzSiYy2$iDW%O# zkHwVYN;*zy<|~43Vge>6ca_P?nkr1kviPFdJw{(W3{IYA4GL$x-agic%xlpyOuUHL z?j44iX}O;=J@0A3j(hyw!EjhRLpbFQg4e&}8;Ca`n#lCs ztzf&Vy5f-c?a?gi`_*)yi?Cy&7v0_xG1vmPy53+K&L!Kt)gq>J7t>5b0=MWp}qV8p+F>98ijx|j(v`sROzE2QCKlt=| ze2q+L%kAOD6%nABYQbYv1)e5q>3O-AE~<-f1uWSeJJg*jn%qq~5Qaj(ZuGAS=RY%neA*c4@Ckbz!F| zViuRe_XyarUv#)rl&Bt9Oj>MEy3bFl;iw_4t&CQ$folS8O*(fFkvP+O2WcDgQ+OrO zpPOcO2SQ_pC!K`*;`py)+t8Off#G(XPtP$`ZZg)_3uj?<{OW}=Xzl>V0-eJdh1o(D z^l^;zfj{A{cOpa`&pY63Dk5KYKO=|4uG!&=tMtOwy0__LThkX#<6^6B3R)y^`uhmE?*=FjS@)f3-15D?pXxZKUu_lj9SGc zevcjFhg4JjCgUi}yV4F`5@%8OrEg#r-a%;?W|k`o5Y;OHA<*sxA+w`*fK6w=hyp}3 zmmXxhITA~{;0pO8y+$BbZE3+qjy$E?;eIRsQF7`H8|}k@Q%>E)4=wZqyTsZ_K-!yj zbNS{b89!eX!zrlx;gD!xBqm`adNrKSk@=JMt(65lI8lg5#g(iSU5K1+K2Sr8oSus_ ztx8xs(S7BugDBLQw$j2{&ZE_|^4@`f_n6Q2eC5DL8LQlIfVr^f=V zd!Jj}enqIBF^&weNYazL@oK!)XwAH;lC${g%F++ToCWhWqM?mnZmaO;_-LG|eSF5; zNw8tc+NP=;$b?AqT!CVU115{H&m{WDf_J6jYB-$e46}!x|FiQoQMX;MnN{T}p1pql zWYvrQ!@i5(AJi}vOb`~kdWRNUQ`aiv-h^v3?5&?0x0wrHairGEFu^(5MkHfxpI=s; zf5IL%M2deV<1n?>OK1s~Q|GRKvQ z1x;MLIjWH$5EhAM)+>0gjqxN|eJp4 z%d1-Z-;caBc&_wo@i5mT&R&xRrO)wFoVJ56^t+O0N_6`cmRmdXtUD&!=4TT3UKdt7 zPr55K=YUmD97S#-$4;^@le+Iw!2vt5%R9oyz4rDR2a!+JKSvO$lVxf>0qOZS6R6kwFSQ5r*ud z1&Og_FWHjpOJr;z*=H<;NsQ$^_w;zazxRFrt#RM?XFH#Bu5+F1;4+W<&cAX|H>?)1 zHRar|Q~$H|XCtPlgDa7%^UPseeZ3D(0VnBM$=Iy+h^(Zka=Wx8b7K6|+e{}?`P0wA z$NN|0)zrF4rj-jm7sJEdF$DwuRqrqx-dqz)Z5ssM>dgi7J9?KiR;^oU{mykr8R{ElZIhexWX>myz^D+ ze*8g*{aU^ikI?a60AECKM6$j~YUUAc?Nc68=e~yZ^vhhSEKr(1H+4Fvx5bm!alqY) z(J;wXDtE{vx#0xGq}spR*))58tK8NkAR;EhCdNo36Gi`d+OGiF(mpQ;)H^SB1#WXY^si!qZfeAZ~WuTt1fzCaET;e>#Y#y`s8d&RzFeD$mPksqtN!dnDgXN5Iht`Z@e9sY%GDxr zO;K0wh*6GzRk!6>X1_335%+5}6x3=ui=G!!svy%7y4AEg%OE#@UcCBy^MOx*vr{kO z<+egI#~vf5t6X8GY7&w{Y(i~Pl$VNH*2d&SA)S$R@t!nwg{Z8By7a_dUv8TVC^Td{ z9n*O;H>O|No=$3e1goj@7wL0lusQ(^_kKVyZCj_$ zj`UeYZm08_+DV%X5Ifw-c%JxiQWAN47`%M|BO%#R_UF~6&Zc`=&O(QLfL!ki#`Hyn zrLy>-NzZ~~9M)vH{F1_%o4y}PBek#?9CxyPmXi0TLRe{<+s5YWHug8!ygBwe`7#Pi zj8#}i${i1!_?b^Q*WwPS_2~H)5d_`_`qSd{C0x}#Sb}AB#snvx=pYBiWK1^uOG);U zL2J7&Dl6p;Z$`G{N6zPkig*9ctJD^-k#=#3q6A} z!KX32@gI)#kjA}R3Z~tiD68`VyPItd-3DRCbM~0oB+)(UA;+}1L(EhQY@smcFOZge zhA_Q(P9h}H_sEuOEkz2Sll^7IQs-0}GP zdX*S8i@}Br|E<+`CLyYkEdoj-MliQtDYnlM{i9k4Z||&sbA+-E9}hF%Q9{UYoSe@HOJn>yUL zYl}ikTK*&|0S5wN(_Jd>4}xptqp8;tqv4MOgrQSMNPF^dG3k`PahM@&mSt=H%Gn~! zu%1}DVwidLTEawvBMlk8JZo6yRbEwOi=tQ$rM<7%+OEIjY`oDzHB+sIVO<}UBx3Wf zFrpC_CzM8m?5IG~1Ymnfn<)@So~?kp|D}mvVHIX;I<UQyvLMlx&@j^G-qiY(h>;==D2ic*wq7>a_jKGLl-M1o=vQLqoqHDR2SvQG za|6;N1CCBe`e)CjMN00PRH{30<83Tr$l&GrXd1R0Xa--MdK_T@}i#KDD>eQr|xykbJlAPhv znZ9DIx%UA!?Lz7vF*bYV*t+D4QITMUl2@)2g?rw&pnCQ%`$MAotFY7oC)go!{-siY zs@)vjVun-|M>cjf`V(@4uXc$EV~V=QlqxrSb1h|4*>8j!RHxCMh?x~Y!M-&={my@D zsrXY;Z~0WJMEZMd+*En;m_Cbbl4T1VQUyU1!iKo7IaqTtC2eY>NT^n01~PJWaq3jS zyv9X<{)xbz-+DT^bw$n8Q+T?B@a=@uwyzp0Pe5sTy6 zx1@35&hTIvPxz$`pNvP9E@X+9o1El+{_e*k>Tfx)c`j@C&S#Oi_rw<(p9SdnUX-wRgLCb0cV6q>)>_9~WxFD9`dPj5XWD6u@uk_!PK(N+^y?lQr}dAf*^gWnTGUNimDD0- zf2*=gNc-x5pDAffV3+CPg=-x-TU*+#9$OP{xmSFzBqd7e40eBOiiDRY8T z2x4dl1&&TPgow2B$SRhwyd=DD1}sJ8EifEknx^3RQKK6f)v8Z%AFnfpC+Ah|zNc2T zKjpZ8<)ak0Z?F5z#XmdRQACLKM6?@6&!7%0gyU_yw3GA)gaW4yZ@n8a4=_K9v%Ok9 z;-18~H1;*$jK@ce+`oJEPB%&7O%yMNC%&;mi(J)0aZA#~VS2D!E54Jza#rH?Mn=B% zme;&$n;I;3^ZBsW`gFZwQ!%H?yW2mm_n6dLSv+2FZ0U`JjAj@d+jx@W?Pw|%=4c&xJx$t zPSTr>{jNCl!47n-y_(LmLSBs*Y@icAk&ULAffXiS?xf2E5 z*~=kcJ^k>h)c|}V9@*P-k=;4f&O}U<1DBAj?%Ho`j1fKG+vLvILUvgT6cNhRG@EF> zG`)Q~4fgta)rt-bs+Ym8c`b$T#W>i15^1pM>d+hPxMLoMUu*Ofw4#X7@nw8{A?d8_ zoV$5BD($Kg$;K$ap#|4}F_EUfegv})xUeOZe}0+%v^*B6M5QR0#EX@*C-JKeqG_Yq z5~mo>Wb5C^8}5~_y<8%zn44f3+ko#_zH#W?6~YJ3-iYkAKdW18-yHSCQ_jxagYH;K zhIe)KDur$&))z)-#c(G(DQUg)BVao=jOrc|6UZeumR21^pSq7~{T5%jW~3lvv75V? zKunX|)3m37*x`H*0drGMF9X}`2m5V^jVv2)mn`zfzQG`Kq|W#dLa;eQ5+0pl{p`9M z<1!b6L?I^i`Y--4_9X+9)oosn3VGL5tglyj z%&(V>XyNanhy_Hj8_heviwyg~j!_($)m=TWb1$zy(!Mez=PD*QmV9z;8j#<*Knl|M zI?mq*hzSyZv>J^RMhw;c(=xmQBIq{|`vjKy?0GcLIS(rSS92<3%AfI}5Zg`hkFFU} zmZDcCM+*Ld`|)hbvH0LJ%2Ap-gdUBpLA08WoDqS~2UArrmFnu{VH}=;J{*QHL-mxJ4d7W7wK~1{NE#O+% z+=&ruoULlT+vHMBq~to?RwV{GO(dX?0j%cYCpOUs??G}abzX1r2a7D|_?FeYY|??! zO5HLyv`V~;t8h#$5RT^n(YpEzptjt0G`}9o!VVw$rI>t1#z#QgpLe2sYDMp3MCOKg zsKi4U$Kf73xiBB(Hb0VEbOT@{vB6IOb+br@y@q472yXu!I0mN9cv7^LD(Fo)ZAk z$PMd;g?rKSIcddBMUiz8`e?UE{CY&Q?=gm7Z8y^Yv3@w*xNB)~yzGs^LHMZmBK2>U z+jU>K#h7JxvIOl1azS=6;d0Jvqo&qJbUV5SF1JY`7~Hpe_W%n&(Kl;eY&7Js{+E%?zXojTffS}GQ>IZ1S@E8>hGN{G@@%^I0!etRLTo|X686) zq~b@uYyQLs4b)<{t`c+gY)ax$r;fhmaveTQGr}FVk!yIUOklKu4&c6g|J?HN&_2Ew zz@K?Q9rYiYUK8dFRJ<|fm!$k1q#hn1i4r(ZMSSumzZ1@KHdRgdWCB$ADdi~NXs0|= zl_R(O-CN~ZYk(^fF%5vGYOL(cH9+h>Ot3r25KN1Ec3Q-es->p_U$=$(|-uZ=!F!|aC1 z5{uuuCWVX4Sc|LuH%x^^WP-qmyvgjz^nqj4dh&vX@5t+2Rn>1$#(d7V#x~Of@O+ElfZ9aGaGmy#EPxc#^5v3%QMhiX?wNKB z`p>G2M~TF)nwtp0x35YWcx=Q{yBiDV`5KT)NA19|FVJ$D@qkRnXjv?kgGFzh$f|tuQR-An zf*bzHt!_)|aO9P3K_0RK!#l6(0QwNY`Ugl*lP(*%O~M z5^&bGiG_+y0EnJJsyl>>09jgwqh{G89=~Y!j6Mh1Xq6&#e&B?Ta&$sg+(a9$Lg#ZO zqNG?vYvWCkCO~`^-{g>tfhC}iOVf7GtdQzCkx*b#grSW|_#sF^58axy`uGG18+OY( z0BddSl7z~Fq3*n91Ds`()SJ$^4^N=N!wG#Jn` z;&RQhF|yCz{Y|9RDgI7;$5JzLLitKm%D(F{u|=95mT6~_fl9?!FZvuPPs>-jNQ)0Q zz&275`j)5t#}O4;I9Z(|mZ*d1Fd=72drT%>lSOo?6?(@BrrfD@OJ=o2dpqh9dm=0Z z2Fmsl5B!AT+5DOXB9N(b?V$}oV!4?KCjk&mJ>@J(9!>cJ`Q2LNycTJ;a=y?--e2|B za3|lYHJAbA3a~?vTEq7(RBtJ+I|LB&1W8AGaC7h0JCwFWTrUhFY22_kk@yKM>TnUh zoFbjwej%95f!FYdpAi^NW)Ig{e*n~f5Q<;4)7!y`oz$!FczS860r>~24oFOK{PGMUSYA^|hJa^8^J0uz;;{>*sbW=5s) zfD28F0d#9SB`jK!Jy$6CY8>LNCqWxx9JCokyQw(PvEacLiy#J9__tyQxGz69+9`PR5g57KcVIPx)23v3B zs`hS-@ox3)mlz+hxSDqEI-zl1_VooN_`VFllq3B|LA9=m`hn;FcuQkDd#w2}CD{~A zF0MX-e%A&Zt9S%pUJFj+N8)sHHv2&;H8gmB8ia_Y)w3zjYW-NJGYS0Pf;Vpoq{oYa z=);;lQY1^=5TxIbBB*_FF?1*BO>~EZT$#Bk!P>LYZtb1O6Rmt!3X@XwTq%WNCS%!0 zB%puluqG^pOT_;_Q^$@AE-n(hOL)?#GB}~}WfOr-^Q6&v@ub%i`VJhe!evc!QVx|H zlD{jSQn>C^c#JetwkG1OLOMJN^o>O|zUK6v^Wdq&?WNYwsS=Rxow3IYL&!b|dyJ zgnq?c|53hGz!9OvYi?=5Rj<*X{o`4E4c)Fa`=7X#WogXY&3-IjsSK_D+bIQ|dhhqW zL>kQvpH|8tw^zk2mk06qCr_oL12-W@qP2R}V)J81SrlRsw5j2k^A(|_*X0(X-nxf{ z8Y5#QUil8S)+88x3?pJrDzq1_$R!2gX1DN>QclMfTQ_gKZ!7-77S5lNF!j#Sp`~#A zuHk}QEz=lWj$QXZonu(jg1`>ZTw7+^0ubtNP=h0w7CAF=u)3skT9tZSHo<-LC7&3uuIvV?yyfu3+oeOGC!$(iPdXsT&EOi$+qp~rb!HKZ1zJH2(6eDSbwzoj&zU9 zUgNz-n0k+4Z4^j=j9@7cr-ldM;+p2Dwz>&ZI25%P1>~qB>|LN>$Rq zCv{L@uI~W6ik|wS^PmPX%@N>BfP>k|yiJ$-b7u&lW95Ezv}nyf;>*vOl@rQc^pJy0 zX={BXfSJEzAR(!hWss(MTC4GGQ>{j~dsZYmqD4lNgvVo^N=JNsVoiaQnd|pREMQd$ z>g14vseBDl=q-SpaBj)w#m6%}$5-SV(k;)pB}rd(3yVFixv|D@I;psFgiLB>oxU{h zJUrOLE4-Dey5WtXW78?R*om&vUwi6pQLD_m14WBYok{Jw_$dwg7?-+!d9} z%G$-}xt1hthI&zWs*_vNa zx}ZV!jd9Rx?V3C_Fub5z_c&`fug#jD*dWZ;Akg8-MXcQ&5N{1wWe#{d7u%mM8&}a> z^*@T-qST8z57C_anLJEQ=( z#m%Tz1FN@~8HB|OG^EFwLGnlI`I(u!{IZEFidq2OElNErdEAAjdp@qM={B*WkOd|c zwGmUj@^A9D?>oXzAo%BSRCOl_4Nmf)?_G~x^X1eD%kCXi(TQ%rTi)rX3}slSKmCm+ zv)lIIY|ktV9PQsCVga&6Cq9Xheq3n0UpZFlL}i>1VInkWJNTG>02hRtj&m-IAMI># z=1rL&h|p)3eQ7THb<*ixbp>bmQx6eOUZLS@3upNTC-oHCb!-TwZ-Aa~NEHR`0et6x zr}K(s=QiV`lVh;UG)J+{TAz|Vl=StAu+-V?c>9nhe$2w1_y@S`HLPQ6(YyxPE0Nup z{EUFE5rJEH0EiE=Yt{u%!j{0>aCxvDeP}{$*HpLZ^*OZxStH(@^E+OguQ(>9l?fkq z=YX-HTiHA;xN})+q3*g_`wj+;l6G1L2r7F)0zq+2+5K-VArM@iihlyP%+!UfV|vvn zY;vj8H0fGprNMw=&yE->o2AzkTit{JE!r#T`-&fl#m2=?t#XVeIpA zP`;!tZWYnek zw41{zmJqTzCJ)HA9=dYL0c*&ipO#+L=sVzKvS2-kd>=MD?&9DPO zwOy*nAx=V&ly3+)TZu~H*2LVTLX|~N@5;G?L&(g-6$~@K`WrS2YVcL$2!DQA`Q`n7 zUB`zQ*z|9SGfkoQV2y>=uffbsJ`?>y@Xwdzd=sk5MV^Yn=7q9Ocr9^%rsrp{@X*d) zQ6RM@ndkdfg!@>f<$XEN)F%puu?&L4FS{O4i!oqf`gZov-sIgB(Ed^hSp@ZJlfm9vQ=OXK*z=Ys6ZVXQ>LYo(LOL5i+sfEp1c z0E}GUW(=~jYu~(M6k&dn>2-%(3m*|uUFmb(t|Fe*o>o1B+BZ9lt})9_GVrlRgfq!` zq`mv#8aI{F(m=1={dM6ULB`wy$<_a3r?Vdhfxrp(z%?2Cg^l&yb58hDM<-UIq8g|DTWF}Aee%V-l3Fpp8uAA7G%*qVc@1Fd}&Oen$qkT)~3bU4j9l> zCniCxNEN9llm#xycVOKDN9V|!HoLi0{Af(ge(DRJh>RPB@cGlgB1_~0M#)l#1HJ&T zY&|vL^6if)x%c5tpbpf;IwQz8TR22sRKFcnL|LAR0qR63LI9Yh>0^WPK{fW}Qx9;E z&7#6T)`}3T+=e?USzF>G0g#QId<=*iYkl@_ps*__K+8H|B?L@mCQOEOmtxKyHOV=o za>ZMCuDHusIKVNpjoqc_;ZgL1lP@%aE(YqHfDf@7aNr70FFOIh6M1l5VmHHm;QbXC zLDB75M)fWdEBt$0h6^tQJcFM*6g#2WLg{7pb@(vIbwM>Ae84$B=Tyw~QnpSguq$mw z)QD>vA$0yrHj?kT?oOz9sCfD39Vm10sqco ze;~9FDKG-S2zJ7DQBa_F#sj2wB*d!kf!O5=d~sXzq4Q|1UC&!!PsI8a*&rPETjL1r z3Ymt^Jc!Aia#c?v2h2Mn&4OC2jPx{(48r}b1_oaS3)$8aupC&JM3VXY+fHoZ->L(u zsqC1X|2XtAT0s?bcafj*!_U^2yLDe#kHc}HZYY!7+ov1X;*lCaKRB{|jHLLITddzs z)a;lB+LPHy?CBQk@om{= z)d2yBl|&JyAik)p)+-@gw?MqI9VeYfQOkh#=02TyZZG>1=^KkmR(2Lem~qz7p{eh( z(+jZ4aO|klT;pqG<_uJ72;Am0Q1RqzaBY?X*Ch9;f1d*>0v;8yhU=Nhsg|WJ9(e7!vFv7@{6nV;Wpskh zNQM7>9@LruOB)firT)K_O0TCN&9*z^Q2KCtN_A4w%bb@JHfq~jG{mazLDK{SRdMn;_yN*z1VB~;E0sK@q^pN&l(m51PT6M?DQTfsLH{M?xD*-w{?5w<8Sp(GuuXm0tzYXTW>hpH^Pv5ISbFIDL@hr{3Te}l zeys06X~z(f5h;Jj>l!=fG9xV90SS~ynl;_##mtPj+D7;uV2|BnjH!7q3uPunou@xb4vOl-6gnGzMf~Yu7i0K;Qi5T&5u>K zIlKK{W29p^QsJ-{$)!NagYDarE!LoP|ER0{q{qM&fH50bI8p^2jZMP0r}{m}fI0%N z09SDzd-cKT)ry5P9EkiloH)yaIR-5j;c03o!xj{<#?) zU+44p?T?%aW<&maGP$HAj(|o17I=SWkC)nF8;i-)?f=XaG;@X;y7Im*3x>O_%dqD= zF+uxpT(xk#r1#Iz)qmHck00p8T-=I&cW(iWq87aFFvzc&UZ72-Q$XELwx&B|*vr)q zH;bcE@mv4xQ}ihe&s0RKJ%8I8NFV5WAiQQz;XX622$0JD(8t)l zZG)F}`e}uoBU`({5gVlGw1P*~f{-3uu}}pSmMih>zjwDuEnOsupptg0S?`1meu)0B zLdM72+Y^a3W|oH&ZR#>4RQnI?>@)k}ok;d*H1v%m_i1t*`oEW2I0Tx%^RT~#R3`%- z|2TJRAhm|S_Mhqznj6PC?{isH`T2k+_}(k0k1<9_JFhn_VDsD`xRiE5U!0|%)dB0j z)ZG~@rb?c*gGujWhcNI6Y|wz8N?TJ~+!1sq&<2;_TS3~RCLB;;FfxUla;+*h9+jKF zA_KyQ%eYq0ZhZguuLZUc_V^daIFrgK<^dz@N~%UcY23PW?+G0`H4)sBEo z&&<)}rLD}n!&XZlN~<@14@Qt+%lE ziWA#;p6XzHHZ!&g=umwEP_Z<5jPw3EAPL$R z0F*GgD|fwD#Z?>OEvY@ObrLGpffk|C9nKV>Ezg#_ZdNi=KN+g#Bp@r-Is+uyS1e{w zb$Y5)rKmIr=U!OVh$Lr_c@Mpy0fg4U!YY;BYHQBJy)sHG@7iTH)|u2$ff(p6frwEi zKpJ@C%vymL(-7M{-FIPHLwioyyb{EtV?k9;8Sb< z!g-Ai|H)_4(WKYR*XBu6X#q!`uw@jLHpzP^y|ZvA{yO3Af!;XH`m>dW00{iikNA=Q? zMtAO&BLfe6&7thr1@e%nrF}30Bn`h-QvwTB3%H2-asVUhJiYnFZaM^nB!7 zV@RL16Jr^Ta$0&7=QB%YvN^K(RHxCrCwr4Kl&du^$gd=;+$MV$g|l@6)pSHYY~-Y1 z*0A@$+h-0&4T=M@aT&0mRsHua9x`&1!h8kp<%db?3L?CMnb#Nig_a3SlR|$o3sSE8sy!~(kzy7&=t&ADW^P<|m!Es=F``pX zp6xxe#QrHc)lH2yeOAjg4Tn8+r&55t(KzQAOTiC&6RuuQS*t4cf}YQD8EZ?8)eVVL z?@x=dHMuuoq!zcxEjda{4{U)Ljv@_HHl?S)hFKomHOT{&qv&m zM6y)UkypcqgkH^@BZ%f?==WqtV9go|4M$$vTb%8v-t?3g`U(^~ugw4E2jRCYa}fbU z`geXT0N7fee$Y!TIr{0A%nmfZDhFn9ht<#b*i-U`Gff5avPbTm6F7+HtN%kJziuPfMoji4pgzfO09aN0d3kcVwD0O&|C=&CI z<)=ok(}u4(zn}lRM`Qfvg_JH%ca~d_Q2a^`PYONiT{wHJ15a$oeuJ`f>o}8ZWZ3EZtx&^O{5lyx4rQsY#J>zVJb@+kW`BD!HF+%z^9cjt82m3+Bd^^CGHbbTM}JnwN+p z7Gp~wiLu&g7q$O8K1dFRE2?LZrT-4_J&+xy>w2jd-cNB0W;J5)INB5yOAP*%d3+fk zOcWshAg3Fv7b#xZ@a-maWaaGAB(6jOu3Vu!8RRA1wj(Fue4{)u=vn)^2516~f;Yh}A zgNEj*C0B>|BZ0{qV(kxP1={_9V%V1 zBTIgFoS)^tLku4~;uc~<&b$A(1flF_Gs_J6(msF%)p5^|Ne_$fIj+N;8VY`UR117V(%KQfv48&7{)EjqHdC`3{&us66}h-jcd-qS-~a z#isyFgFlW>_F zcV&$IoYkel27jXlkJPEtB(M0l3p&Ke>g>PE6Nb2Hit0n^(MvM!U^t#64ShCIgFk@5@Tx=qy(~%sI4mNXnWQ-0Pl%$ki~S(R zR3f_IrLR(=$8frTrTxK2T1#vtB%)}j?T-!Is{y9&)s;bra z%4uD_3NZ>?0F3QpBBuMS##fEq(oSp6SNjg#JoaH&-w9XWa`OMI{e1e*>t%#rNz|(t zVRC+%%7R8PK!>pg9XJs^ul>L616q<@2hy$6k9enhb;y!c7R%#I!jfKRSzHr8uIroM zwkAuaq^zvAA0Rx<7JZ$a8D^RHxcJu#iu~c2M@6tTwOpgEGJA`T$ioOD`4UiZK zaGK(>-tVS>hRx$#mm(bouoA`{3ClX0#rv`$Uq-*?`@;8|=}Dbz)$wpm*iJ!rH~zFz z{7Cd<{Dh>=hD?7bSSfps$yal>)!DY^NY00I*3Kn3^!(k@J9|2^mi$WTtt((V{DZ`e zDeukv1wqrt$em&E=7AvGS`dkAsr^Qy$)qn6S;b53@#pTZOubxA`(@hY>z9aR$eWyf z=`{32lVX@1s+;)5APs|~Se6=bQ`X3EYk@acWO*mm+tcgaaPdlG_Fn_Vj8v1ZiI9Pq z1_lbM|L&itKw2GM?5Ap2x#W25=wFfimT=;h z`2_W1TAK&U58D&65tkY!;T_9s; z&!4(Hw?%g>5q)*1o?-!MtPg|<=~ z(#Ir7B4Iwc#J)1D2&u#N8@55dw~Yc6hVWUfjq*#SMk9RCihzuL6JcMCT<6ahvaRsH z>Mv1UPWJH~=+#jXDUCi$3_V|1xRVrZQo6=B!|&~lyvKy-;$IzkX%{Zc)*Dv$F5f*; z%Js~_Y!ciS>XkiuUgN71t6v?ZpYlWsBQVz0kH!>KID*N%l)07o89=xV76kiO`O*$@4B~E)kc+*fKw@3 z4FPzvj6OvQ{})!4I1Do>Xrr-eGY5uB5sx_*+~n|hY0KD6H?IE>#$&eE4dxx7yiRqp z_%UeDQBY2YpttwgS8GB(+DX-~1~eUF?-`2%d4dp2UdJn zDKEuq`w#13Tc`!-E)2~=OXP#W%`Y-&hg}VElKtDpYhFaEJ|1=T-1ET%kwBfux`CQx-3P z_IR;bW5 zpN4fAjUwt%)$v82H3sx|P=Bn02q&&Rzk^gFgE#qDYx=-8GLok$=mF^JmyzbxEnpCE z#M9P*F0i!@P)iHP%p?Ha6c>A;`yUdOe&q2ixFtU!I{KlHG65Y>{1;@pdDps>$Ov8J z#B%WV6kPiN?V%btb{%+ZcNkTS3@*<9%|vK5Rg8CrY5NPrG*Hn;FA37toPuGs74Ey| z5cZUp7JNc0a~0lgc*x~FWSnPrt9D%`L7uNZ1K8)ayIleSnt!6Wd-CEaEJ2vo^!e>) z>UcwTkH?BtTQJ&74P|{0d@~xPbPGvhOz(K1VjS?_gI_|nkSeLQM!5zbaUKSLF+KDq zc~BBK7{X#NTDHe7qq8}$0L9!;_wS7HUt4}tzLN@h%OIIYb>6)tUx~Z^d%p+#F^|>G z)^bFs1rg@Uqe12Hao%TML;w}456WuLxp?gD;D3+5VCwh`;7IkORP8*-aECdg5b)c& z4&;)(8_I4VEt||$IJS2$-k@q6sSC8(t>aDNH?{E#2feG_}( zy!{5k1f*{sK!oz~RY#k}*q}F~W)Xzw6B+Tn2@cUEd%6J0y zQ6U|=fiXCb_yO1pyWoJY4w@cEIBH0?xttw^2LM~^_zNgc$3s=I_NfXERY2*ZE}k;N)c6+pRw_Ml5aac8!F_aqV(pSTTMNRLGg zsnY(zdLt4HPXXg<>zA)G!dCMXqyeHRst;uH`fj29D%Y(OqsHN2!C&3~$d6Q_&;H>% zy%kb=4iY68q@RNDN- zLJBL8M6C8Q!aCe8= zVR6LkvsCM8W3auzBByv5A%#})%JYI3|GuU}d?+L*KAqqvo9lnH5?VgGGbC%+M0X+B zl({Yc*0ag75&y&YhLkq{*xv02_OLuRx={hcyb0^@H=9F= zIE+)GeaLP^SNs0nZ1LOi1rOWOB{caPv#K1I7Tk%wq9^`n?9+$Jc`CPf;5+Pt)=4=3 zaO98d0n6O~hYOU!HXeY40E=S4rujEo6x2@8@;oh3MJgY7c#Ri89ND~C0JfC(;c&a1 zO)N_51-6uOcQCi3m>O!TEbZW8Mg`F{uE!m!T592Z>;eQ++?56er8@T`n#+740V=)L znN*^VH2E=a&b$f_I}py#_GVL#PfA@<&hFcuXw8+5-?t#ILIjSoRXSIhx5j2(>)J8o z2p~`5hXHEIM!WqoRQklIE)({V|7|kRH49TUEKFS{A_u`QuAoEmF4TM^Kyiq2#loLf z6Q0$IMG#}{5@QO?MLwrxS1+h_Mksdv`;>5?>8XF#l+|}Dk#0G@u$&CL)ddOJuP|Rk zlts&Z$wX?}G#6!k4{qdLfOi%1aW@qlr8pqtI2^9csCpT2+hO-)&B$7B7(?J3&P%X+ z^VEd~2x9K|iQyyQxa>tZ%6Gx)lw3q1qUqEBthM6yj5e+bX|qBskTl>Z-Lwa%>Z%?9 z8(+D4f(dB|z_|`09=04;J2bA{M+!@je!MOXdq86L`8C#vudgoy2^9Nh?ik^sO?01* zgyhV7BLqUc^G%GYsAveL_FZLA} zL7n#^evM$M2Mmwg_FNj)+IWBXC9-$We&i8@i}Yn+I#`gJne}AXE__rt;H9B^Pg(boBEIL`I(xs6zhRB4O9d)c-MkrM)j3{6{(VFp(n7;>g=?Ipw#E%=G2=wES2pAlY>*s+L zu=XjGSc5|wDs>K_D9R!d72piXDF)~qa&q!RicVajkOPfmeZEPd3iiT?RA38l4(=lR z6>Kff7`QXXscw&`<~&m3@a;6fXlVg^5!nxJBn|QQ-~fVO)gsg^(tSI24O5%8LJ8k< z&HKiIO^-;|Gn*YgX+ndNfo`UyUm+tvE#3J=qiFCB^j}TPAK1frfObd^mRJhJR$(hV zdx|r@5SBHcBpLtCL7>;0O~vep;-g8RA26ix2iLE*+TVg-Ek1bV5l;M}Q9zyp z51La!N&^vacTrDCJOQ$wt9A@~!W_w)f$>F;1$1!+zW+lnRGCfmfM*&TTua21gMapoF{0iwp3MD8YmbWS6C9hhteyryD z|Mz(mil)RzxJdzEE1Xnk7l&3~v$uYK{(#BP=Ch(}nFV~T$tAiKwLcJ5^ZRELYu~Ye z+vAbpYrK1B-Z^LgS^s}OkHEePWPfiL%Ern_nDdpBoHNy}e>ge(>^35ZB&CJMIZvg; z4V?IWdo@3YczzcEfRlCOYDUJ*^kq>UVIfDAg(E!U5O z$0^aMeO*I1xA<%GLXEr(szz23O=}CL%~jSQeX}7n&<;|OhHc%~u){}YGmuN{Cu}hG zt?S8P(Mb9m-%Q%A@g0W}rT=h*yJU*oOszgBNjdI(EB#;(AeNz|dm>WHjT$XENdD3h zJAT@KZRWL2=OR*k1Lh}8ffkhz2?I2oDH&vovb*VgX{| zza~!A17Ee{kmgm%Fi>c58j5Y`z{c`P2^V3$h#z0pQwafMy*D5LX}W$luU%xZ^=H!v z(t5}I=6Aga1W{#HT$I~^dd>`;ejQ?Hqg#(Q@#=x<5e>mUrd`RN(*p<>ddZ*J1_S-G z{jZ2Tz-7Up?0IsB==k1kt=Y;vVcVQ?vgkjE=wnGtYt$g+MWd||_)(m2Rc8DHlGV)mmPAhYOy8Z8W!R<7GUXa)DY~hU%DwW>&6;sc=v?~(L zzXjl9sLJ+cm&QYgdZa>|gN_r+-4xLS%o<>-MB!|qzP;vds7GjMzC1vgAXcrGVN&EbB$ zlzejyUjtuQ=9Cv)wmrA1%T|jNP@TLm|GfxxuiSrQ?Ps#BPJkT`kOF1xm2%60cm`i% z^ekYK;bJz#hZ{!N{N4vR{EA+sJfF>H*(Csmzn|DjEsoG&-0UGaws!pxE_!u<)s9`e zz08RvHjr>vBIPv= ziW3~M;_Cw<(cym1V%^K#k>&Z=NA!F(??ou1rB(V&Wz;Z4~o zs?o-@-R$?ZlkaOU=n4n~7`7I@v*deQ8EuUjkcKT1X)Vh~7bJp^3#+fOR0-3vE0 z$iI6wTp87xZ}FvBdFHh_4teNAq>Qk-j!R+M>(Sxzqo0v84AHzb9Fv-6etr-Iua{VF zREZ`lNsw$|3)XR+SluBtl0>?$g@UOT3rh_c*h5|1IiP6=|M3|2yBgt_dHG8fw~u(- zEAu}U+~-)v<)cAJ`5&8oS0fhJqqg#Ms(Ksf`2sdqry@x9>%Rxx>NB=voMBR4#Xh$^ zqElpY*}ed0Gr1F`4Ap3XB~AFKVy1-Gf8wMsL*R0Dy>0`p&<6-pchDO{&|>o3 z7XH+pH_!(F8!aAS_~21ETX)X=OI6(Z%>0swd(W59sG*f{Q`Q~P-IUdf0QYi!x6tBh z)(p1v@!J~`tYnE-PH_$RT8$0grQ$EAjNH;_P|5+T#k*V{LIA^DU7OHXqbgOLE6CgAGesAq-~3{2_bur}jGBudq3lGl^koMw26O#sjat5u8j&z+UFE?m`hp^1!mHkn1{X4&AejB_ z7W{0vW0QAlEP$oL;{Ji))Y%Cd(z2Gp=8`4w-Ia2;|zy|2v2<@l_W-&D;{Byn<0 zd>ol*?C@MIdRE_lAWDSgk-p&x^z@yqe$G%s91N{ zfjpy^s_gVa4oozLC*9P*z17Taa4?l%UDdu;spEy+2Vf!!0}TZ#qufL@HLivTOq{hd zcnBhkeFJqdh$!Pd#)3masd2&mnM=_&c+WHR3_UpMGuii5u<08{3U-3(27OUDcC((E z7u-GQ{XMwE9P&?_ZrVpWM%Y|O2DQQ?8e|zRbc%ulB<_06)F8|LcbCK>q6BMk*TRnX zeAFx{?=lSMI-6t~mLA&}uqwV~FWXIT9qWpNrJr`DG-eWTWZX!ZOFr=)HV*1xYSkQ?&tQ08`&WXekXvr& z-81M2JH$$Hj;2_UKAo)@WsLc@>S&-6%{F)6AB?{vvzlbxD=7VFg)5y?lafm$XU~;8 z=%tlNlAw!Jrw(+MV28WJD{*4Is6Fb^UnAXdKw^EdMO@A`8O>J&w8vxmm6in2MD-&% zz7!Eg78o&5D@>`E?eJ1Z_C<)=m#>j46?G+|xsLY?I(+4DNK5yv3`f^J0S{x$txU96 zmIn1a4HzJz&?JLYn7q_+N@e@6+_bWNweV{R>58PWP+ot|kR#m)Xwfj&Om^Fu02R0g zmo+b4Fw{Yzrp2KXLm1WEk=DD7H6UM%+;AM|9KQQ%WW{XTq|CuhC~6fH8xoo;BldPw z(@-f@fB&Y~eG~2Q-`_B(b*AyhUVu^JVQ!%8vph1IHdL9V(UDP*uot7EfLmei2ACtUwjg;Ue|YdW~CBK z^szP9!n=EHto@iH9 zbOkADK)!#e>8uRsU&^nC+&Bj~!L?u}lNy1P0D)j&n*c?c0LUMFMx#qt_dWfbu;Ovl zWRcTUnlFqOp?q8Xo%&XXIC}l=McRZRfwTbDXr!6j9}f6yge3Z0H3&D;bt>mjAU}Uo zX(7v9c1)YMwIW1!u*0-77@n&##&q{Mh9z*(wv0mfghI6;57kdd5pfPPyof_8o#U0a z5PL4?KRmdX29Rms+(W7k`OBCL33E}l*TL+|My7Q}0mDlRG6;5rQUZ-nub43JSiF@#S808-qIS%n0|plkSmuHt+tkQ}{Y1iq zqE>$|(La_Fhk2Lp^F(fE|7)UqyO+aIhx`_Ij(qRp?|1p~1o@7Vr-OK+SI23*;+52k zc}hBY1_4!JA3#gaZ@6OBM?4@x%3;-~!-O3%LI`sRReZxJxXHJ+#A*F!9ZTKyc@cfO zyy4QPDz_NxdRmBl!9-2a%5wr@O-A{|-To2z>de7w>hsQJ4M*vhiN8Ix2Rqn4yymG0 z{}5NSlRw9I=)fNB0nq<5cpim0C#F-@)QD|gGtYUyxRg40cF19%aT9^S;oV8d{{8B0 zBS}v})7~d)==mgNs<_kMNAr@vQ?DC5E3bYt?9(m3T6#L$D(-Y%xtv?nX|Ye7*Z6gD=PBUmH!ktssnjGk zSexSHBEQ&~3r0^F&D(aL=3Y6JyX4g|HtFxFbk4u0rMZPK{#u#iRw3q_Gj6W?HhHQN zI8cYfifNsxyBcB71hSW)6Y#tC#5}GRI@HTlj0h55HRsV$oh{yz&C%R)e3hTvz;(^s zRUiC~mGmh?ae||^?}xQ2qe!dAV?FFwh3sA@SjLmSMpDxEJzq=k2^S#w4keqaNz?D{ z*=Vu-f7-j!sHUzh-15YMp;km9t%w4m2nYfViVW6O5Xw9ROr)SPC?HU@h@lN>tF#Cy zF{J_$B@W0GL`w{#fZ&4|2&SNjkw7e<(FCv%LL^~$`vOw2@7Md)wO;wbx(n_-_wIep z*=L`$@-cHBqO&9P=T?~neZ(0oO&&<;3Bj!W*#?;{o& zEy*5llR2t3NxR#8eo0UKG^t~#S?83C@g%)6 z+^`FYzqOBj<4S#fJ77Xmx8=_fRCpbde}%Smc?F+EaIG)$vMq8BEJm>l)+C`!HM#rG zmgX=w2)bFx1KFE}6S|$I->N9a+=htR=k@QUO7$HGkc`foB@PT-eCFD-p~xyrq+|wu&P_}+P0^J)qB7@%&KEM zyF;yb147s}h6Qitwe_34JrJ*&V}nU@h)Nr8!{)kg)9g}xmS#JHpmzqJulxc9Pff|Epm=3xQdur3i~Icw61E4o`&?MZ3a(l-Di9cio^7Jzt5J>(RJt46zX}%=`@Amg<(7o- zk7mL zn<%-w=V*&Kh#16J;^{qwW!vA6^vzA+NF+fmBih!-4P@5h5h~(Z&-)m-cv#7vYCiIP z?7r_TMVTfvDi1JCtkFDCu;wbf?n3qGL>AYMwQ(l*aIh$o8H=gnj()Ngc!SX|<7r*D z9gH#5vD+y82hXOn6tyM0^T2a`qxCmwpapMcu5M>u%)I$(g89|_O{#caqm=n<)4bi& zo6k%B>GaGM5-s>Rb2TaR-Ti;@;+LsNP69!}tHFGp^gep66+-2ID(I^QhnWd(15xfd z6JeDE0f9b^Y7V3#7S!*80t7hw@AH?cL-X|7K5<}sF?XkI2GS0F9YkKV`6%MHlD(yI7R|LE zl>7imt%ZShj0xm1TCZIp=+C<86O0pX4s5A z2I35Vp3H?zX)V)*q?^Ha-qLb+eKPZf~5F!Mvbs~@FveE#6x zBXGCA-L7k0&F=ktyOfJxfbbMVs^E?ZeaJnOrTB zm0i}lt9)WOEi}|&bRUGpmhb)RTk>o)>>qZX${>kI>6$ZC+-~GL!juWLD}W~xr&!rJ z$ET*b06Y11}77nhe6c{-`?y5Ue5=Tf-M^7-M#DE zz-Ed}>4wTnq<>tl&SYCjmYAp6did_JFsdwk1<>T{ty?F!HRGNoy8GxVTu zxb=rA8!iFFuj@`>Z+Kv~7a(4l9)?9ft^&L;+0yd};I6T>);ykZy!6{6kGg(nTD0W~ zpa)gbn6K*~xq8)Qst$GD$h(%{lp*K*jQ{>eEZ~Ii6a|?zILGX2Ev#6-nskf%_B5=* zeX-mry!KV`oC~#nbJz9W6M>*MQjc1LvtrRKr!&t0Ny@?F4fpDQIFLtJ+$kC)lkpuu z=ndm&T?{pWQ*&P>4JqAQFq5T^443Ms^(J7XZW6mgf}5j+*!L;9tD6qQpvy|y2ap&=Ya;677;Vl1o@1Ch~(Aiya8 zN!40}9QaV*Gmfy1ZJVl*#~+S}$E??%t{u>xwJb z&NXzogk3Mb>?$2GRMw{`N(3i5OtJ?9a((d^7%97kj=!V(W%^ZIxwMsXX`{kxrEv@8 z>A^=>ZE1*?j#P+Ek32%5%+L%JJ}YBdD8jSdv*1g&8e-<%#bbpEr!)*F1YRUK{)@YSKxxu8tal8mYPjbq}SG+sfH2HMp*I3j}&!_^?P`J8Y@y5MMB|IKEq!=wAG2_9GNlXOT`5IX3-Q zV|vePQ@TxXgWRFA8!JAy&=?pHw5qKvBd%~MmN|H=PpIH-B757@Y=^JhP+t5^|M&;9 z<^u!jes%OybOYVR%&1Jp_b z9I?F=Kw@b4_e5p9*gp=9xXf@Y6#RyuU)1a_4=gEQYQUhvPdOBi&t5!+qW0N~zvWG? cYD;Gv?r5_E?`W^?Kt9vO(c`nyJqN!34>g!A{r~^~ literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md index 756e2013c2..8c0156d01b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md @@ -41,7 +41,7 @@ Most WDAC policies will evolve over time and proceed through a set of identifiab 6. Deploy the enforced mode policy to intended devices. We recommend using staged rollouts for enforced policies to detect and respond to issues before deploying the policy broadly. 7. Repeat steps 1-6 anytime the desired "circle-of-trust" changes. -![Recommended WDAC policy deployment process](images/PolicyFlow.png) +![Recommended WDAC policy deployment process](images/policyflow.png) ### Keep WDAC policies in a source control or document management solution @@ -100,4 +100,4 @@ After deciding how your organization will manage your WDAC policy, record your f - **End-user support policy.** Document the process that you will use for handling calls from users who have attempted to run a blocked app, and ensure that support personnel have clear escalation steps so that the administrator can update the WDAC policy, if necessary. - **Event processing.** Document whether events will be collected in a central location called a store, how that store will be archived, and whether the events will be processed for analysis. -- **Policy management.** Detail what policies are planned, how they will be managed, and how rules will be maintained over time. \ No newline at end of file +- **Policy management.** Detail what policies are planned, how they will be managed, and how rules will be maintained over time. From 78e750ea3acaa774f880b78482c7ac93e1c4fc81 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Tue, 20 Apr 2021 14:54:42 -0700 Subject: [PATCH 031/156] Update deploy-wdac-policies-with-script.md --- .../deployment/deploy-wdac-policies-with-script.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md index a72d3a0bb4..d100941402 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md @@ -23,7 +23,7 @@ ms.localizationpriority: medium - Windows 10 - Windows Server 2016 and above -This topic describes how to deploy Windows Defender Application Control (WDAC) policies using script. The instructions below use Powershell but can work with any scripting host. +This topic describes how to deploy Windows Defender Application Control (WDAC) policies using script. The instructions below use PowerShell but can work with any scripting host. > [!NOTE] > To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool. From 0f49f02a4c62bf19a9e0f0fea4869b6fbf26c808 Mon Sep 17 00:00:00 2001 From: danmatts <82900873+danmatts@users.noreply.github.com> Date: Wed, 21 Apr 2021 07:52:31 -0500 Subject: [PATCH 032/156] Update windows/client-management/generate-kernel-or-complete-crash-dump.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../generate-kernel-or-complete-crash-dump.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md index c5746be08c..e0a26c9402 100644 --- a/windows/client-management/generate-kernel-or-complete-crash-dump.md +++ b/windows/client-management/generate-kernel-or-complete-crash-dump.md @@ -79,8 +79,8 @@ To do this, follow these steps: > [!IMPORTANT] > Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur. ->[!Note] -> This registry key is not required for clients Windows 8 and newer or servers Windows Server 2012 and newer. Setting this registry key on newer versions of Windows has no effect. +> [!NOTE] +> This registry key is not required for clients running Windows 8 and later, or servers running Windows Server 2012 and later. Setting this registry key on later versions of Windows has no effect. 1. In Registry Editor, locate the following registry subkey: From a33c339e6189dda590c5b517321c241b3585e3c1 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Wed, 21 Apr 2021 09:17:53 -0700 Subject: [PATCH 033/156] trying to address bounce traffic --- .../update/waas-delivery-optimization.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 6055bc73bc..ae31ed2500 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -23,9 +23,9 @@ ms.custom: seo-marvel-apr2020 - Windows 10 -> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) +> **Looking for Group Policy objects?** See [Delivery Optimization reference](waas-delivery-optimization-reference.md) or the master spreadsheet available at the [Download Center](https://www.microsoft.com/download/details.aspx?id=102158). -Windows updates, upgrades, and applications can contain packages with very large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment. Delivery Optimization can accomplish this because it is a self-organizing distributed cache that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based servers. You can use Delivery Optimization in conjunction with Windows Update, Windows Server Update Services (WSUS), Windows Update for Business, or Microsoft Endpoint Manager (when installation of Express Updates is enabled). +Windows updates, upgrades, and applications can contain packages with very large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment. Delivery Optimization is a self-organizing distributed cache that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based servers. You can use Delivery Optimization with Windows Update, Windows Server Update Services (WSUS), Windows Update for Business, or Microsoft Endpoint Manager (when installation of Express Updates is enabled). Delivery Optimization is a cloud-managed solution. Access to the Delivery Optimization cloud services is a requirement. This means that in order to use the peer-to-peer functionality of Delivery Optimization, devices must have access to the internet. @@ -65,7 +65,7 @@ For information about setting up Delivery Optimization, including tips for the b - Office installs and updates - Xbox game pass games - MSIX apps (HTTP downloads only) - - Edge browser installs and updates + - Microsoft Edge browser installationss and updates - [Dynamic updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-benefits-of-windows-10-dynamic-update/ba-p/467847) ## Requirements @@ -159,14 +159,14 @@ For the payloads (optional): **Does Delivery Optimization use multicast?**: No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP. -**How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?**: Starting in Windows 10, version 1903, Delivery Optimization uses LEDBAT to relieve such congestion. For more details see this post on the [Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-Transport-converges-on-two-Congestion-Providers-Cubic/ba-p/339819). +**How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?**: Starting in Windows 10, version 1903, Delivery Optimization uses LEDBAT to relieve such congestion. For more details, see this post on the [Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-Transport-converges-on-two-Congestion-Providers-Cubic/ba-p/339819). **How does Delivery Optimization handle VPNs?** Delivery Optimization attempts to identify VPNs by checking the network adapter type and details and will treat the connection as a VPN if the adapter description contains certain keywords, such as "VPN" or "secure." If the connection is identified as a VPN, Delivery Optimization will suspend uploads to other peers. However, you can allow uploads over a VPN by using the [Enable Peer Caching while the device connects via VPN](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy. -If you have defined a boundary group in Configuration Manager for VPN IP ranges, you can set the DownloadMode policy to 0 for that boundary group to ensure that there will be no peer-to-peer activity over the VPN. When the device is not connected via VPN, it can still leverage peer-to-peer with the default of LAN. +If you have defined a boundary group in Configuration Manager for VPN IP ranges, you can set the DownloadMode policy to 0 for that boundary group to ensure that there will be no peer-to-peer activity over the VPN. When the device is not connected using a VPN, it can still use peer-to-peer with the default of LAN. With split tunneling, make sure to allow direct access to these endpoints: @@ -202,34 +202,34 @@ If you don't see any bytes coming from peers the cause might be one of the follo ### Clients aren't able to reach the Delivery Optimization cloud services. -If you suspect this is the problem, try these steps: +Try these steps: 1. Start a download of an app that is larger than 50 MB from the Store (for example "Candy Crush Saga"). 2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and observe the DownloadMode setting. For peering to work, DownloadMode should be 1, 2, or 3. -3. If **DownloadMode** is 99 it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization hostnames are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**. +3. If **DownloadMode** is 99, it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization host names are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**. ### The cloud service doesn't see other peers on the network. -If you suspect this is the problem, try these steps: +Try these steps: 1. Download the same app on two different devices on the same network, waiting 10 – 15 minutes between downloads. 2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and ensure that **DownloadMode** is 1 or 2 on both devices. 3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated PowerShell window on the second device. The **NumberOfPeers** field should be non-zero. -4. If the number of peers is zero and you have **DownloadMode** = 1, ensure that both devices are using the same public IP address to reach the internet. To do this, open a browser Windows and search for “what is my IP”. You can **DownloadMode 2** (Group) and a custom GroupID (Guid) to fix this if the devices aren’t reporting the same public IP address. +4. If the number of peers is zero and you have **DownloadMode** = 1, ensure that both devices are using the same public IP address to reach the internet. Open a browser Windows and search for “what is my IP”. You can **DownloadMode 2** (Group) and a custom GroupID (Guid) to fix this if the devices aren’t reporting the same public IP address. ### Clients aren't able to connect to peers offered by the cloud service -If you suspect this is the problem, try a Telnet test between two devices on the network to ensure they can connect using port 7680. To do this, follow these steps: +Try a Telnet test between two devices on the network to ensure they can connect using port 7680. Follow these steps: -1. Install Telnet by running **dism /online /Enable-Feature /FeatureName:TelnetClient** from an elevated command prompt. -2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run **telnet 192.168.9.17 7680** (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success. +1. Install Telnet by running `dism /online /Enable-Feature /FeatureName:TelnetClient` from an elevated command prompt. +2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run `telnet 192.168.9.17 7680` (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success. ### None of the computers on the network are getting updates from peers -If you suspect this is the problem, check Delivery Optimization settings that could limit participation in peer caching. Check whether the following settings in assigned group policies, local group policies, are MDM policies are too restrictive: +Check Delivery Optimization settings that could limit participation in peer caching. Check whether the following settings in assigned group policies, local group policies, or MDM policies are too restrictive: - Minimum RAM (inclusive) allowed to use peer caching - Minimum disk size allowed to use peer caching From bc373e700da239b686d18a5d90f51186c80a04de Mon Sep 17 00:00:00 2001 From: jaimeo Date: Wed, 21 Apr 2021 09:36:20 -0700 Subject: [PATCH 034/156] added link to download from reference article; some Acrolinx tweakage --- .../waas-delivery-optimization-reference.md | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md index 7f34af0526..df12b64c2c 100644 --- a/windows/deployment/update/waas-delivery-optimization-reference.md +++ b/windows/deployment/update/waas-delivery-optimization-reference.md @@ -21,7 +21,7 @@ ms.custom: seo-marvel-apr2020 - Windows 10 -> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) +> **Looking for more Group Policy settings?** See the master spreadsheet available at the [Download Center](https://www.microsoft.com/download/details.aspx?id=102158). There are a great many details you can set in Delivery Optimization to customize it to do just what you need it to. This topic summarizes them for your reference. If you just need an overview of Delivery Optimization, see [Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md). If you need information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization for Windows 10 updates](waas-delivery-optimization-setup.md). @@ -34,7 +34,7 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz [//]: # (something about Intune UX--perhaps link to relevant Intune docs?) -### Summary of Delivery Optimization settings : +### Summary of Delivery Optimization settings: | Group Policy setting | MDM setting | Supported from version | | --- | --- | --- | @@ -87,7 +87,7 @@ Additional options available that control the impact Delivery Optimization has o - [Maximum Download Bandwidth](#maximum-download-bandwidth) and [Percentage of Maximum Download Bandwidth](#percentage-of-maximum-download-bandwidth) control the download bandwidth used by Delivery Optimization. - [Max Upload Bandwidth](#max-upload-bandwidth) controls the Delivery Optimization upload bandwidth usage. - [Monthly Upload Data Cap](#monthly-upload-data-cap) controls the amount of data a client can upload to peers each month. -- [Minimum Background QoS](#minimum-background-qos) lets administrators guarantee a minimum download speed for Windows updates. This is achieved by adjusting the amount of data downloaded directly from Windows Update or WSUS servers, rather than other peers in the network. +- [Minimum Background QoS](#minimum-background-qos) lets administrators guarantee a minimum download speed for Windows updates. This setting adjusts the amount of data downloaded directly from Windows Update or WSUS servers, rather than other peers in the network. - [Maximum Foreground Download Bandwidth](#maximum-foreground-download-bandwidth) specifies the **maximum foreground download bandwidth** that Delivery Optimization uses, across all concurrent download activities, as a percentage of available download bandwidth. - [Maximum Background Download Bandwidth](#maximum-background-download-bandwidth) specifies the **maximum background download bandwidth** that Delivery Optimization uses, across all concurrent download activities, as a percentage of available download bandwidth. - [Set Business Hours to Limit Background Download Bandwidth](#set-business-hours-to-limit-background-download-bandwidth) specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. @@ -110,7 +110,7 @@ Download mode dictates which download sources clients are allowed to use when do | Download mode option | Functionality when set | | --- | --- | | HTTP Only (0) | This setting disables peer-to-peer caching but still allows Delivery Optimization to download content over HTTP from the download's original source. This mode uses additional metadata provided by the Delivery Optimization cloud services for a peerless reliable and efficient download experience. | -| LAN (1 – Default) | This default operating mode for Delivery Optimization enables peer sharing on the same network. The Delivery Optimization cloud service finds other clients that connect to the Internet using the same public IP as the target client. These clients then attempts to connect to other peers on the same network by using their private subnet IP.| +| LAN (1 – Default) | This default operating mode for Delivery Optimization enables peer sharing on the same network. The Delivery Optimization cloud service finds other clients that connect to the Internet using the same public IP as the target client. These clients then try to connect to other peers on the same network by using their private subnet IP.| | Group (2) | When group mode is set, the group is automatically selected based on the device's Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use GroupID option to create your own custom group independently of domains and AD DS sites. Starting with Windows 10, version 1803, you can use the GroupIDSource parameter to take advantage of other method to create groups dynamically. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. | | Internet (3) | Enable Internet peer sources for Delivery Optimization. | | Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience, with no peer-to-peer caching. | @@ -121,7 +121,7 @@ Download mode dictates which download sources clients are allowed to use when do ### Group ID -By default, peer sharing on clients using the group download mode is limited to the same domain in Windows 10, version 1511, and the same domain and Active Directory Domain Services site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but do not fall within those domain or Active Directory Domain Services site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example, you could create a sub-group representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to be peers. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group. +By default, peer sharing on clients using the group download mode is limited to the same domain in Windows 10, version 1511, and the same domain and Active Directory Domain Services site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but do not fall within those domain or Active Directory Domain Services site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example, you could create a subgroup representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to be peers. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group. [//]: # (Configuration Manager boundary group option; GroupID Source policy) @@ -144,11 +144,11 @@ When set, the Group ID is assigned automatically from the selected source. If yo ### Minimum RAM (inclusive) allowed to use Peer Caching -This setting specifies the minimum RAM size in GB required to use Peer Caching. For example if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. The recommended values are 1 to 4 GB, and the default value is 4 GB. +This setting specifies the minimum RAM size in GB required to use Peer Caching. For example if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. The recommended values are 1 to 4, and the default value is 4 GB. ### Minimum disk size allowed to use Peer Caching -This setting specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. The recommended values are 64 to 256 GB, and the default value is 32 GB. +This setting specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. The recommended values are 64 to 256, and the default value is 32 GB. >[!NOTE] >If the [Modify Cache Drive](#modify-cache-drive) policy is set, the disk size check will apply to the new working directory specified by this policy. @@ -156,7 +156,7 @@ This setting specifies the required minimum disk size (capacity in GB) for the d ### Max Cache Age -In environments configured for Delivery Optimization, you might want to set an expiration on cached updates and Windows application installation files. If so, this setting defines the maximum number of seconds each file can be held in the Delivery Optimization cache on each Windows 10 client device. The default Max Cache Age value is 259,200 seconds (3 days). Alternatively, organizations might choose to set this value to "0" which means "unlimited" to avoid peers re-downloading content. When "Unlimited" value is set, Delivery Optimization will hold the files in the cache longer and will clean up the cache as needed (for example when the cache size exceeded the maximum space allowed). +In environments configured for Delivery Optimization, you might want to set an expiration on cached updates and Windows application installation files. If so, this setting defines the maximum number of seconds each file can be held in the Delivery Optimization cache on each Windows 10 client device. The default Max Cache Age value is 259,200 seconds (three days). Alternatively, organizations might choose to set this value to "0" which means "unlimited" to avoid peers re-downloading content. When "Unlimited" value is set, Delivery Optimization will hold the files in the cache longer and will clean up the cache as needed (for example when the cache size exceeded the maximum space allowed). ### Max Cache Size @@ -168,19 +168,19 @@ This setting specifies the maximum number of gigabytes the Delivery Optimization ### Minimum Peer Caching Content File Size -This setting specifies the minimum content file size in MB enabled to use Peer Caching. The recommended values are from 1 to 100000 MB. +This setting specifies the minimum content file size in MB enabled to use Peer Caching. The recommended values are from 1 to 100000. ### Maximum Download Bandwidth -This setting specifies the maximum download bandwidth that can be used across all concurrent Delivery Optimization downloads in kilobytes per second (KB/s). A default value of 0 means that Delivery Optimization will dynamically adjust and optimize the maximum bandwidth used. +This setting specifies the maximum download bandwidth that can be used across all concurrent Delivery Optimization downloads in kilobytes per second (KB/s). A default value of "0" means that Delivery Optimization will dynamically adjust and optimize the maximum bandwidth used. ### Maximum Foreground Download Bandwidth -Starting in Windows 10, version 1803, specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value of 0 means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads. However, downloads from LAN peers are not throttled even when this policy is set. +Starting in Windows 10, version 1803, specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value of "0" means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads. However, downloads from LAN peers are not throttled even when this policy is set. ### Maximum Background Download Bandwidth -Starting in Windows 10, version 1803, specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value of 0 means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads. However, downloads from LAN peers are not throttled even when this policy is set. +Starting in Windows 10, version 1803, specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value of "0" means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads. However, downloads from LAN peers are not throttled even when this policy is set. ### Percentage of Maximum Download Bandwidth @@ -188,7 +188,7 @@ This setting specifies the maximum download bandwidth that Delivery Optimization ### Max Upload Bandwidth -This setting allows you to limit the amount of upload bandwidth individual clients can use for Delivery Optimization. Consider this setting when clients are providing content to requesting peers on the network. This option is set in kilobytes per second (KB/s). The default setting is 0, or "unlimited" which means Delivery Optimization dynamically optimizes for minimal usage of upload bandwidth; however it does not cap the upload bandwidth rate at a set rate. +This setting allows you to limit the number of upload bandwidth individual clients can use for Delivery Optimization. Consider this setting when clients are providing content to requesting peers on the network. This option is set in kilobytes per second (KB/s). The default setting is "0", or "unlimited" which means Delivery Optimization dynamically optimizes for minimal usage of upload bandwidth; however it does not cap the upload bandwidth rate at a set rate. ### Set Business Hours to Limit Background Download Bandwidth Starting in Windows 10, version 1803, specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. @@ -198,7 +198,7 @@ Starting in Windows 10, version 1803, specifies the maximum foreground download ### Select a method to restrict peer selection Starting in Windows 10, version 1803, set this policy to restrict peer selection via selected option. -Currently the only available option is **1 = Subnet mask** This option (Subnet mask) applies to both Download Modes LAN (1) and Group (2). +Currently the only available option is **1 = Subnet mask**. The subnet mask option applies to both Download Modes LAN (1) and Group (2). ### Delay background download from http (in secs) Starting in Windows 10, version 1803, this allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. @@ -214,19 +214,19 @@ Starting in Windows 10, version 1903, set this policy to delay the fallback from ### Minimum Background QoS -This value specifies the minimum download speed guarantee that a client attempts to achieve and will fulfill by downloading more kilobytes from Windows Update servers or WSUS. Simply put, the lower this value is, the more content will be sourced using peers on the network rather than Windows Update. The higher this value, the more content is received from Windows Update servers or WSUS, versus peers on the local network. +This value specifies the minimum download speed guarantee that a client attempts to achieve and will fulfill by downloading more kilobytes from Windows Update servers or WSUS. The lower this value is, the more content will be sourced using peers on the network rather than Windows Update. The higher this value, the more content is received from Windows Update servers or WSUS, versus peers on the local network. ### Modify Cache Drive -This setting allows for an alternate Delivery Optimization cache location on the clients. By default, the cache is stored on the operating system drive through the %SYSTEMDRIVE% environment variable. You can set the value to an environment variable (e.g., %SYSTEMDRIVE%), a drive letter (e.g., D:), or a folder path (e.g., D:\DOCache). +This setting allows for an alternate Delivery Optimization cache location on the clients. By default, the cache is stored on the operating system drive through the %SYSTEMDRIVE% environment variable. You can set the value to an environment variable (for example, %SYSTEMDRIVE%), a drive letter (for example, D:), or a folder path (for example, D:\DOCache). ### Monthly Upload Data Cap -This setting specifies the total amount of data in gigabytes that a Delivery Optimization client can upload to Internet peers per month. A value of 0 means that an unlimited amount of data can be uploaded. The default value for this setting is 20 GB. +This setting specifies the total amount of data in gigabytes that a Delivery Optimization client can upload to Internet peers per month. A value of "0" means that an unlimited amount of data can be uploaded. The default value for this setting is 20 GB. ### Enable Peer Caching while the device connects via VPN -This setting determines whether a device will be allowed to participate in Peer Caching while connected to VPN. Specify "true" to allow the device to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network. +This setting determines whether a device will be allowed to participate in Peer Caching while connected to VPN. Specify "true" to allow the device to participate in Peer Caching while connected via VPN to the domain network. The device can download from or upload to other domain network devices, either on VPN or on the corporate domain network. ### Allow uploads while the device is on battery while under set Battery level @@ -238,7 +238,7 @@ The device can download from peers while on battery regardless of this policy. ### Cache Server Hostname -Set this policy to to designate one or more Microsoft Connected Cache servers to be used by Delivery Optimization. You can set one or more FQDNs or IP Addresses that are comma separated, for example: myhost.somerandomhost.com,myhost2.somrandomhost.com,10.10.1.7. +Set this policy to designate one or more Microsoft Connected Cache servers to be used by Delivery Optimization. You can set one or more FQDNs or IP Addresses that are comma separated, for example: myhost.somerandomhost.com,myhost2.somrandomhost.com,10.10.1.7. ### Cache Server Hostname Source From 5f41dfa5d185c41f7a6177774f64b34fb7b32c94 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Wed, 21 Apr 2021 11:20:22 -0600 Subject: [PATCH 035/156] fixed Acro spelling Line 68: installationss ---> installations --- windows/deployment/update/waas-delivery-optimization.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index ae31ed2500..29a17c8870 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -65,7 +65,7 @@ For information about setting up Delivery Optimization, including tips for the b - Office installs and updates - Xbox game pass games - MSIX apps (HTTP downloads only) - - Microsoft Edge browser installationss and updates + - Microsoft Edge browser installations and updates - [Dynamic updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-benefits-of-windows-10-dynamic-update/ba-p/467847) ## Requirements @@ -260,4 +260,4 @@ Check Delivery Optimization settings that could limit participation in peer cach - [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure) - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md) - [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) -- [Manage device restarts after updates](waas-restart.md) \ No newline at end of file +- [Manage device restarts after updates](waas-restart.md) From 3f4bdf8ea010611e8dab5cbf0597cc684d255cb1 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Wed, 21 Apr 2021 14:24:39 -0700 Subject: [PATCH 036/156] stub topic --- .../update/deployment-service-overview.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 windows/deployment/update/deployment-service-overview.md diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md new file mode 100644 index 0000000000..0bb5ba0b66 --- /dev/null +++ b/windows/deployment/update/deployment-service-overview.md @@ -0,0 +1,18 @@ +--- +title: Windows Update for Business deployment service +description: Overview of deployment service to control approval, scheduling, and safeguarding of Windows updates +ms.custom: seo-marvel-apr2020 +ms.prod: w10 +ms.mktglfcycl: manage +author: jaimeo +ms.localizationpriority: medium +ms.author: jaimeo +ms.reviewer: +manager: laurawi +ms.topic: article +--- +# Windows Update for Business deployment service + +> Applies to: Windows 10 + +Lorem ipsum \ No newline at end of file From 1f873c0e34d3f9a4fb9d99bf7b08c77e9279f3f4 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Wed, 21 Apr 2021 15:54:11 -0700 Subject: [PATCH 037/156] federation with AADJ updated --- .../hello-for-business/hello-how-it-works-authentication.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index cb21e54fe3..8f124ea552 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -51,6 +51,8 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |B | The Kerberos provider sends the signed pre-authentication data and its public key (in the form of a self-signed certificate) to the Key Distribution Center (KDC) service running on the 2016 domain controller in the form of a KERB_AS_REQ.
The 2016 domain controller determines the certificate is a self-signed certificate. It retrieves the public key from the certificate included in the KERB_AS_REQ and searches for the public key in Active Directory. It validates the UPN for authentication request matches the UPN registered in Active Directory and validates the signed pre-authentication data using the public key from Active Directory. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| +!Note: You may have on-prem domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on the AADJ device. Any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT as well as it trigger authenticate against your DC (if LOS to DC available) to get kerberos.it no longer use ADFS to authenticate for WHFB signins. + ## Azure AD join authentication to Active Directory using a Certificate ![Azure AD join authentication to Active Directory using a Certificate](images/howitworks/auth-aadj-certtrust-kerb.png) @@ -61,6 +63,10 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |B | The Kerberos provider sends the signed pre-authentication data and user's certificate, which includes the public key, to the Key Distribution Center (KDC) service running on the domain controller in the form of a KERB_AS_REQ.
The domain controller determines the certificate is not self-signed certificate. The domain controller ensures the certificate chains to trusted root certificate, is within its validity period, can be used for authentication, and has not been revoked. It retrieves the public key and UPN from the certificate included in the KERB_AS_REQ and searches for the UPN in Active Directory. It validates the signed pre-authentication data using the public key from the certificate. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| +!Note: You may have on-prem domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on. Any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT. as well as Authenticate against your DC (if LOS to DC available) to get kerberos as mentioned above. ADFS federation used only when Enterprise PRT calls are placed from client. you need to have device write back enabled to get "Enterprise PRT" from your federation. + + + ## Hybrid Azure AD join authentication using a Key ![Hybrid Azure AD join authentication using a Key](images/howitworks/auth-haadj-keytrust.png) From 85d172fb43d5b1e978cefa35aaa91233afe3c033 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Wed, 21 Apr 2021 17:05:52 -0700 Subject: [PATCH 038/156] Update windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-how-it-works-authentication.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 8f124ea552..eb1d1585c6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -51,7 +51,8 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |B | The Kerberos provider sends the signed pre-authentication data and its public key (in the form of a self-signed certificate) to the Key Distribution Center (KDC) service running on the 2016 domain controller in the form of a KERB_AS_REQ.
The 2016 domain controller determines the certificate is a self-signed certificate. It retrieves the public key from the certificate included in the KERB_AS_REQ and searches for the public key in Active Directory. It validates the UPN for authentication request matches the UPN registered in Active Directory and validates the signed pre-authentication data using the public key from Active Directory. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| -!Note: You may have on-prem domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on the AADJ device. Any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT as well as it trigger authenticate against your DC (if LOS to DC available) to get kerberos.it no longer use ADFS to authenticate for WHFB signins. +> [!NOTE] +> You may have on-premises domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on the AADJ device. Any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT, as well as it trigger authenticate against your DC (if LOS to DC available) to get Kerberos. It no longer uses ADFS to authenticate for WHFB sign-ins. ## Azure AD join authentication to Active Directory using a Certificate From 0b994d391fbc4f6a6ce4ee37c7a93a5321a1423c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Apr 2021 19:29:17 -0700 Subject: [PATCH 039/156] Replace with YAML: windows/security/information-protection/TOC.md --- .../security/information-protection/TOC.md | 78 ---------- .../security/information-protection/TOC.yml | 147 ++++++++++++++++++ 2 files changed, 147 insertions(+), 78 deletions(-) delete mode 100644 windows/security/information-protection/TOC.md create mode 100644 windows/security/information-protection/TOC.yml diff --git a/windows/security/information-protection/TOC.md b/windows/security/information-protection/TOC.md deleted file mode 100644 index 534c27ef47..0000000000 --- a/windows/security/information-protection/TOC.md +++ /dev/null @@ -1,78 +0,0 @@ -# [Information protection](index.md) - -## [BitLocker](bitlocker\bitlocker-overview.md) -### [Overview of BitLocker Device Encryption in Windows 10](bitlocker\bitlocker-device-encryption-overview-windows-10.md) -### [BitLocker frequently asked questions (FAQ)](bitlocker\bitlocker-frequently-asked-questions.md) -#### [Overview and requirements](bitlocker\bitlocker-overview-and-requirements-faq.yml) -#### [Upgrading](bitlocker\bitlocker-upgrading-faq.md) -#### [Deployment and administration](bitlocker\bitlocker-deployment-and-administration-faq.yml) -#### [Key management](bitlocker\bitlocker-key-management-faq.md) -#### [BitLocker To Go](bitlocker\bitlocker-to-go-faq.yml) -#### [Active Directory Domain Services](bitlocker\bitlocker-and-adds-faq.yml) -#### [Security](bitlocker\bitlocker-security-faq.md) -#### [BitLocker Network Unlock](bitlocker\bitlocker-network-unlock-faq.md) -#### [General](bitlocker\bitlocker-using-with-other-programs-faq.md) -### [Prepare your organization for BitLocker: Planning and policies](bitlocker\prepare-your-organization-for-bitlocker-planning-and-policies.md) -### [BitLocker basic deployment](bitlocker\bitlocker-basic-deployment.md) -### [BitLocker: How to deploy on Windows Server 2012 and later](bitlocker\bitlocker-how-to-deploy-on-windows-server.md) -### [BitLocker: Management for enterprises](bitlocker\bitlocker-management-for-enterprises.md) -### [BitLocker: How to enable Network Unlock](bitlocker\bitlocker-how-to-enable-network-unlock.md) -### [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](bitlocker\bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md) -### [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker\bitlocker-use-bitlocker-recovery-password-viewer.md) -### [BitLocker Group Policy settings](bitlocker\bitlocker-group-policy-settings.md) -### [BCD settings and BitLocker](bitlocker\bcd-settings-and-bitlocker.md) -### [BitLocker Recovery Guide](bitlocker\bitlocker-recovery-guide-plan.md) -### [BitLocker Countermeasures](bitlocker\bitlocker-countermeasures.md) -### [Protecting cluster shared volumes and storage area networks with BitLocker](bitlocker\protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md) -### Troubleshoot BitLocker -#### [Troubleshoot BitLocker](bitlocker\troubleshoot-bitlocker.md) -#### [BitLocker cannot encrypt a drive: known issues](bitlocker\ts-bitlocker-cannot-encrypt-issues.md) -#### [Enforcing BitLocker policies by using Intune: known issues](bitlocker\ts-bitlocker-intune-issues.md) -#### [BitLocker Network Unlock: known issues](bitlocker\ts-bitlocker-network-unlock-issues.md) -#### [BitLocker recovery: known issues](bitlocker\ts-bitlocker-recovery-issues.md) -#### [BitLocker configuration: known issues](bitlocker\ts-bitlocker-config-issues.md) -#### Troubleshoot BitLocker and TPM issues -##### [BitLocker cannot encrypt a drive: known TPM issues](bitlocker\ts-bitlocker-cannot-encrypt-tpm-issues.md) -##### [BitLocker and TPM: other known issues](bitlocker\ts-bitlocker-tpm-issues.md) -##### [Decode Measured Boot logs to track PCR changes](bitlocker\ts-bitlocker-decode-measured-boot-logs.md) - -## [Encrypted Hard Drive](encrypted-hard-drive.md) - -## [Kernel DMA Protection](kernel-dma-protection-for-thunderbolt.md) - -## [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection\protect-enterprise-data-using-wip.md) -### [Create a WIP policy using Microsoft Intune](windows-information-protection\overview-create-wip-policy.md) -#### [Create a WIP policy with MDM using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md) -##### [Deploy your WIP policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md) -##### [Associate and deploy a VPN policy for WIP using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md) -#### [Create and verify an EFS Data Recovery Agent (DRA) certificate](windows-information-protection\create-and-verify-an-efs-dra-certificate.md) -#### [Determine the Enterprise Context of an app running in WIP](windows-information-protection\wip-app-enterprise-context.md) -### [Create a WIP policy using Microsoft Endpoint Configuration Manager](windows-information-protection\overview-create-wip-policy-configmgr.md) -#### [Create and deploy a WIP policy using Microsoft Endpoint Configuration Manager](windows-information-protection\create-wip-policy-using-configmgr.md) -#### [Create and verify an EFS Data Recovery Agent (DRA) certificate](windows-information-protection\create-and-verify-an-efs-dra-certificate.md) -#### [Determine the Enterprise Context of an app running in WIP](windows-information-protection\wip-app-enterprise-context.md) -### [Mandatory tasks and settings required to turn on WIP](windows-information-protection\mandatory-settings-for-wip.md) -### [Testing scenarios for WIP](windows-information-protection\testing-scenarios-for-wip.md) -### [Limitations while using WIP](windows-information-protection\limitations-with-wip.md) -### [How to collect WIP audit event logs](windows-information-protection\collect-wip-audit-event-logs.md) -### [General guidance and best practices for WIP](windows-information-protection\guidance-and-best-practices-wip.md) -#### [Enlightened apps for use with WIP](windows-information-protection\enlightened-microsoft-apps-and-wip.md) -#### [Unenlightened and enlightened app behavior while using WIP](windows-information-protection\app-behavior-with-wip.md) -#### [Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP](windows-information-protection\recommended-network-definitions-for-wip.md) -#### [Using Outlook Web Access with WIP](windows-information-protection\using-owa-with-wip.md) -### [Fine-tune WIP Learning](windows-information-protection\wip-learning.md) - -## [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md) - -## [Trusted Platform Module](tpm/trusted-platform-module-top-node.md) -### [Trusted Platform Module Overview](tpm/trusted-platform-module-overview.md) -### [TPM fundamentals](tpm/tpm-fundamentals.md) -### [How Windows 10 uses the TPM](tpm/how-windows-uses-the-tpm.md) -### [TPM Group Policy settings](tpm/trusted-platform-module-services-group-policy-settings.md) -### [Back up the TPM recovery information to AD DS](tpm/backup-tpm-recovery-information-to-ad-ds.md) -### [View status, clear, or troubleshoot the TPM](tpm/initialize-and-configure-ownership-of-the-tpm.md) -### [Understanding PCR banks on TPM 2.0 devices](tpm/switch-pcr-banks-on-tpm-2-0-devices.md) -### [TPM recommendations](tpm/tpm-recommendations.md) - - - diff --git a/windows/security/information-protection/TOC.yml b/windows/security/information-protection/TOC.yml new file mode 100644 index 0000000000..2b6ed2739b --- /dev/null +++ b/windows/security/information-protection/TOC.yml @@ -0,0 +1,147 @@ +- name: Information protection + href: index.md + items: + - name: BitLocker + href: bitlocker\bitlocker-overview.md + items: + - name: Overview of BitLocker Device Encryption in Windows 10 + href: bitlocker\bitlocker-device-encryption-overview-windows-10.md + - name: BitLocker frequently asked questions (FAQ) + href: bitlocker\bitlocker-frequently-asked-questions.md + items: + - name: Overview and requirements + href: bitlocker\bitlocker-overview-and-requirements-faq.yml + - name: Upgrading + href: bitlocker\bitlocker-upgrading-faq.md + - name: Deployment and administration + href: bitlocker\bitlocker-deployment-and-administration-faq.yml + - name: Key management + href: bitlocker\bitlocker-key-management-faq.md + - name: BitLocker To Go + href: bitlocker\bitlocker-to-go-faq.yml + - name: Active Directory Domain Services + href: bitlocker\bitlocker-and-adds-faq.yml + - name: Security + href: bitlocker\bitlocker-security-faq.md + - name: BitLocker Network Unlock + href: bitlocker\bitlocker-network-unlock-faq.md + - name: General + href: bitlocker\bitlocker-using-with-other-programs-faq.md + - name: "Prepare your organization for BitLocker: Planning and policies" + href: bitlocker\prepare-your-organization-for-bitlocker-planning-and-policies.md + - name: BitLocker basic deployment + href: bitlocker\bitlocker-basic-deployment.md + - name: "BitLocker: How to deploy on Windows Server 2012 and later" + href: bitlocker\bitlocker-how-to-deploy-on-windows-server.md + - name: "BitLocker: Management for enterprises" + href: bitlocker\bitlocker-management-for-enterprises.md + - name: "BitLocker: How to enable Network Unlock" + href: bitlocker\bitlocker-how-to-enable-network-unlock.md + - name: "BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker" + href: bitlocker\bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md + - name: "BitLocker: Use BitLocker Recovery Password Viewer" + href: bitlocker\bitlocker-use-bitlocker-recovery-password-viewer.md + - name: BitLocker Group Policy settings + href: bitlocker\bitlocker-group-policy-settings.md + - name: BCD settings and BitLocker + href: bitlocker\bcd-settings-and-bitlocker.md + - name: BitLocker Recovery Guide + href: bitlocker\bitlocker-recovery-guide-plan.md + - name: BitLocker Countermeasures + href: bitlocker\bitlocker-countermeasures.md + - name: Protecting cluster shared volumes and storage area networks with BitLocker + href: bitlocker\protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md + - name: Troubleshoot BitLocker + items: + - name: Troubleshoot BitLocker + href: bitlocker\troubleshoot-bitlocker.md + - name: "BitLocker cannot encrypt a drive: known issues" + href: bitlocker\ts-bitlocker-cannot-encrypt-issues.md + - name: "Enforcing BitLocker policies by using Intune: known issues" + href: bitlocker\ts-bitlocker-intune-issues.md + - name: "BitLocker Network Unlock: known issues" + href: bitlocker\ts-bitlocker-network-unlock-issues.md + - name: "BitLocker recovery: known issues" + href: bitlocker\ts-bitlocker-recovery-issues.md + - name: "BitLocker configuration: known issues" + href: bitlocker\ts-bitlocker-config-issues.md + - name: Troubleshoot BitLocker and TPM issues + items: + - name: "BitLocker cannot encrypt a drive: known TPM issues" + href: bitlocker\ts-bitlocker-cannot-encrypt-tpm-issues.md + - name: "BitLocker and TPM: other known issues" + href: bitlocker\ts-bitlocker-tpm-issues.md + - name: Decode Measured Boot logs to track PCR changes + href: bitlocker\ts-bitlocker-decode-measured-boot-logs.md + - name: Encrypted Hard Drive + href: encrypted-hard-drive.md + - name: Kernel DMA Protection + href: kernel-dma-protection-for-thunderbolt.md + - name: Protect your enterprise data using Windows Information Protection (WIP) + href: windows-information-protection\protect-enterprise-data-using-wip.md + items: + - name: Create a WIP policy using Microsoft Intune + href: windows-information-protection\overview-create-wip-policy.md + items: + - name: Create a WIP policy with MDM using the Azure portal for Microsoft Intune + href: windows-information-protection\create-wip-policy-using-intune-azure.md + items: + - name: Deploy your WIP policy using the Azure portal for Microsoft Intune + href: windows-information-protection\deploy-wip-policy-using-intune-azure.md + - name: Associate and deploy a VPN policy for WIP using the Azure portal for Microsoft Intune + href: windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md + - name: Create and verify an EFS Data Recovery Agent (DRA) certificate + href: windows-information-protection\create-and-verify-an-efs-dra-certificate.md + - name: Determine the Enterprise Context of an app running in WIP + href: windows-information-protection\wip-app-enterprise-context.md + - name: Create a WIP policy using Microsoft Endpoint Configuration Manager + href: windows-information-protection\overview-create-wip-policy-configmgr.md + items: + - name: Create and deploy a WIP policy using Microsoft Endpoint Configuration Manager + href: windows-information-protection\create-wip-policy-using-configmgr.md + - name: Create and verify an EFS Data Recovery Agent (DRA) certificate + href: windows-information-protection\create-and-verify-an-efs-dra-certificate.md + - name: Determine the Enterprise Context of an app running in WIP + href: windows-information-protection\wip-app-enterprise-context.md + - name: Mandatory tasks and settings required to turn on WIP + href: windows-information-protection\mandatory-settings-for-wip.md + - name: Testing scenarios for WIP + href: windows-information-protection\testing-scenarios-for-wip.md + - name: Limitations while using WIP + href: windows-information-protection\limitations-with-wip.md + - name: How to collect WIP audit event logs + href: windows-information-protection\collect-wip-audit-event-logs.md + - name: General guidance and best practices for WIP + href: windows-information-protection\guidance-and-best-practices-wip.md + items: + - name: Enlightened apps for use with WIP + href: windows-information-protection\enlightened-microsoft-apps-and-wip.md + - name: Unenlightened and enlightened app behavior while using WIP + href: windows-information-protection\app-behavior-with-wip.md + - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP + href: windows-information-protection\recommended-network-definitions-for-wip.md + - name: Using Outlook Web Access with WIP + href: windows-information-protection\using-owa-with-wip.md + - name: Fine-tune WIP Learning + href: windows-information-protection\wip-learning.md + - name: Secure the Windows 10 boot process + href: secure-the-windows-10-boot-process.md + - name: Trusted Platform Module + href: tpm/trusted-platform-module-top-node.md + items: + - name: Trusted Platform Module Overview + href: tpm/trusted-platform-module-overview.md + - name: TPM fundamentals + href: tpm/tpm-fundamentals.md + - name: How Windows 10 uses the TPM + href: tpm/how-windows-uses-the-tpm.md + - name: TPM Group Policy settings + href: tpm/trusted-platform-module-services-group-policy-settings.md + - name: Back up the TPM recovery information to AD DS + href: tpm/backup-tpm-recovery-information-to-ad-ds.md + - name: View status, clear, or troubleshoot the TPM + href: tpm/initialize-and-configure-ownership-of-the-tpm.md + - name: Understanding PCR banks on TPM 2.0 devices + href: tpm/switch-pcr-banks-on-tpm-2-0-devices.md + - name: TPM recommendations + href: tpm/tpm-recommendations.md From 0e807f63d3dff41a438f5280627d624afe240839 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Apr 2021 21:05:38 -0700 Subject: [PATCH 040/156] Conversion to YAML: ./bcs/TOC.md --- bcs/TOC.md | 1 - bcs/TOC.yml | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) delete mode 100644 bcs/TOC.md create mode 100644 bcs/TOC.yml diff --git a/bcs/TOC.md b/bcs/TOC.md deleted file mode 100644 index 06913f7aef..0000000000 --- a/bcs/TOC.md +++ /dev/null @@ -1 +0,0 @@ -# [Index](index.md) \ No newline at end of file diff --git a/bcs/TOC.yml b/bcs/TOC.yml new file mode 100644 index 0000000000..981fe6d622 --- /dev/null +++ b/bcs/TOC.yml @@ -0,0 +1,2 @@ +- name: Index + href: index.md From 669993ee29d41c2f819fd00318b1711eba64e496 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Apr 2021 21:09:48 -0700 Subject: [PATCH 041/156] Conversion to YAML: ./browsers/TOC.md --- browsers/{TOC.md => TOC.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename browsers/{TOC.md => TOC.yml} (100%) diff --git a/browsers/TOC.md b/browsers/TOC.yml similarity index 100% rename from browsers/TOC.md rename to browsers/TOC.yml From 6f31fcc8d605dd623e03bb2f6fd8199b381834f4 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Apr 2021 21:16:42 -0700 Subject: [PATCH 042/156] Conversion to YAML: ./browsers/edge/TOC.md --- browsers/edge/TOC.yml | 50 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 browsers/edge/TOC.yml diff --git a/browsers/edge/TOC.yml b/browsers/edge/TOC.yml new file mode 100644 index 0000000000..22f318e503 --- /dev/null +++ b/browsers/edge/TOC.yml @@ -0,0 +1,50 @@ +- name: Microsoft Edge deployment for IT Pros + href: index.yml + items: + - name: System requirements and supported languages + href: about-microsoft-edge.md + - name: Use Enterprise Mode to improve compatibility + href: emie-to-improve-compatibility.md + - name: Deploy Microsoft Edge kiosk mode + href: microsoft-edge-kiosk-mode-deploy.md + - name: Group policies & configuration options + href: group-policies/index.yml + items: + - name: Address bar + href: group-policies/address-bar-settings-gp.md + - name: Adobe Flash + href: group-policies/adobe-settings-gp.md + - name: Books Library + href: group-policies/books-library-management-gp.md + - name: Browser experience + href: group-policies/browser-settings-management-gp.md + - name: Developer tools + href: group-policies/developer-settings-gp.md + - name: Extensions + href: group-policies/extensions-management-gp.md + - name: Favorites + href: group-policies/favorites-management-gp.md + - name: Home button + href: group-policies/home-button-gp.md + - name: Interoperability and enterprise mode guidance + href: group-policies/interoperability-enterprise-guidance-gp.md + - name: Kiosk mode deployment in Microsoft Edge + href: microsoft-edge-kiosk-mode-deploy.md + - name: New Tab page + href: group-policies/new-tab-page-settings-gp.md + - name: Prelaunch Microsoft Edge and preload tabs + href: group-policies/prelaunch-preload-gp.md + - name: Search engine customization + href: group-policies/search-engine-customization-gp.md + - name: Security and privacy + href: group-policies/security-privacy-management-gp.md + - name: Start page + href: group-policies/start-pages-gp.md + - name: Sync browser + href: group-policies/sync-browser-settings-gp.md + - name: Telemetry and data collection + href: group-policies/telemetry-management-gp.md + - name: Change history for Microsoft Edge + href: change-history-for-microsoft-edge.md + - name: Microsoft Edge Frequently Asked Questions (FAQ) + href: microsoft-edge-faq.yml From 2c81e9c745797526ca4c4e1a6b4be204694ee79f Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Apr 2021 21:17:51 -0700 Subject: [PATCH 043/156] Conversion to YAML: ./browsers/internet-explorer/TOC.md --- browsers/internet-explorer/TOC.md | 191 --------------- browsers/internet-explorer/TOC.yml | 359 +++++++++++++++++++++++++++++ 2 files changed, 359 insertions(+), 191 deletions(-) delete mode 100644 browsers/internet-explorer/TOC.md create mode 100644 browsers/internet-explorer/TOC.yml diff --git a/browsers/internet-explorer/TOC.md b/browsers/internet-explorer/TOC.md deleted file mode 100644 index 060f6ffb99..0000000000 --- a/browsers/internet-explorer/TOC.md +++ /dev/null @@ -1,191 +0,0 @@ -# [IE11 Deployment Guide for IT Pros](ie11-deploy-guide/index.md) - -## [Change history for the Internet Explorer 11 (IE11) Deployment Guide](ie11-deploy-guide/change-history-for-internet-explorer-11.md) - -## [System requirements and language support for Internet Explorer 11](ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md) - -## [List of updated features and tools - Internet Explorer 11 (IE11)](ie11-deploy-guide/updated-features-and-tools-with-ie11.md) - -## [Install and Deploy Internet Explorer 11 (IE11)](ie11-deploy-guide/install-and-deploy-ie11.md) -### [Customize Internet Explorer 11 installation packages](ie11-deploy-guide/customize-ie11-install-packages.md) -#### [Using IEAK 11 to create packages](ie11-deploy-guide/using-ieak11-to-create-install-packages.md) -#### [Create packages for multiple operating systems or languages](ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md) -#### [Using .INF files to create packages](ie11-deploy-guide/using-inf-files-to-create-install-packages.md) -### [Choose how to install Internet Explorer 11 (IE11)](ie11-deploy-guide/choose-how-to-install-ie11.md) -#### [Install Internet Explorer 11 (IE11) - System Center 2012 R2 Configuration Manager](ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md) -#### [Install Internet Explorer 11 (IE11) - Windows Server Update Services (WSUS)](ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md) -#### [Install Internet Explorer 11 (IE11) - Microsoft Intune](ie11-deploy-guide/install-ie11-using-microsoft-intune.md) -#### [Install Internet Explorer 11 (IE11) - Network](ie11-deploy-guide/install-ie11-using-the-network.md) -#### [Install Internet Explorer 11 (IE11) - Operating system deployment systems](ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md) -#### [Install Internet Explorer 11 (IE11) - Third-party tools](ie11-deploy-guide/install-ie11-using-third-party-tools.md) -### [Choose how to deploy Internet Explorer 11 (IE11)](ie11-deploy-guide/choose-how-to-deploy-ie11.md) -#### [Deploy Internet Explorer 11 using Automatic Version Synchronization (AVS)](ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md) -#### [Deploy Internet Explorer 11 using software distribution tools](ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md) -### [Virtualization and compatibility with Internet Explorer 11](ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md) - -## [Collect data using Enterprise Site Discovery](ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md) - -## [Enterprise Mode for Internet Explorer 11 (IE11)](ie11-deploy-guide/enterprise-mode-overview-for-ie11.md) -### [Tips and tricks to manage Internet Explorer compatibility](ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md) -### [Enterprise Mode and the Enterprise Mode Site List](ie11-deploy-guide/what-is-enterprise-mode.md) -### [Set up Enterprise Mode logging and data collection](ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md) -### [Turn on Enterprise Mode and use a site list](ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md) -### [Enterprise Mode schema v.2 guidance](ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md) -### [Enterprise Mode schema v.1 guidance](ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md) -### [Check for a new Enterprise Mode site list xml file](ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md) -### [Turn on local control and logging for Enterprise Mode](ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md) -### [Use the Enterprise Mode Site List Manager](ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md) -#### [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md) -#### [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md) -#### [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) -#### [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) -#### [Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md) -#### [Fix validation problems using the Enterprise Mode Site List Manager](ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md) -#### [Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) -#### [Save your site list to XML in the Enterprise Mode Site List Manager](ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md) -#### [Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md) -#### [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md) -#### [Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) -#### [Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) -#### [Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md) -### [Use the Enterprise Mode Site List Portal](ie11-deploy-guide/use-the-enterprise-mode-portal.md) -#### [Set up the Enterprise Mode Site List Portal](ie11-deploy-guide/set-up-enterprise-mode-portal.md) -##### [Use the Settings page to finish setting up the Enterprise Mode Site List Portal](ie11-deploy-guide/configure-settings-enterprise-mode-portal.md) -##### [Add employees to the Enterprise Mode Site List Portal](ie11-deploy-guide/add-employees-enterprise-mode-portal.md) -#### [Workflow-based processes for employees using the Enterprise Mode Site List Portal](ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md) -##### [Create a change request using the Enterprise Mode Site List Portal](ie11-deploy-guide/create-change-request-enterprise-mode-portal.md) -##### [Verify your changes using the Enterprise Mode Site List Portal](ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md) -##### [Approve a change request using the Enterprise Mode Site List Portal](ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md) -##### [Schedule approved change requests for production using the Enterprise Mode Site List Portal](ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md) -##### [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md) -##### [View the apps currently on the Enterprise Mode Site List](ie11-deploy-guide/view-apps-enterprise-mode-site-list.md) -##### [View the available Enterprise Mode reports from the Enterprise Mode Site List Portal](ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md) -### [Using IE7 Enterprise Mode or IE8 Enterprise Mode](ie11-deploy-guide/using-enterprise-mode.md) -### [Fix web compatibility issues using document modes and the Enterprise Mode site list](ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md) -### [Remove sites from a local Enterprise Mode site list](ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md) -### [Remove sites from a local compatibility view list](ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md) -### [Turn off Enterprise Mode](ie11-deploy-guide/turn-off-enterprise-mode.md) - - -## [Group Policy and Internet Explorer 11 (IE11)](ie11-deploy-guide/group-policy-and-ie11.md) -### [Group Policy management tools](ie11-deploy-guide/group-policy-objects-and-ie11.md) -#### [Group Policy and the Group Policy Management Console (GPMC)](ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md) -#### [Group Policy and the Local Group Policy Editor](ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md) -#### [Group Policy and Advanced Group Policy Management (AGPM)](ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md) -#### [Group Policy and Windows Powershell](ie11-deploy-guide/group-policy-windows-powershell-ie11.md) -#### [Group Policy and Shortcut Extensions](ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md) -### [New group policy settings for Internet Explorer 11](ie11-deploy-guide/new-group-policy-settings-for-ie11.md) -### [Set the default browser using Group Policy](ie11-deploy-guide/set-the-default-browser-using-group-policy.md) -### [ActiveX installation using group policy](ie11-deploy-guide/activex-installation-using-group-policy.md) -### [Group Policy and compatibility with Internet Explorer 11](ie11-deploy-guide/group-policy-compatibility-with-ie11.md) -### [Group policy preferences and Internet Explorer 11](ie11-deploy-guide/group-policy-preferences-and-ie11.md) -### [Administrative templates and Internet Explorer 11](ie11-deploy-guide/administrative-templates-and-ie11.md) -### [Enable and disable add-ons using administrative templates and group policy](ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md) - -## [Manage Internet Explorer 11](ie11-deploy-guide/manage-ie11-overview.md) -### [Auto detect settings Internet Explorer 11](ie11-deploy-guide/auto-detect-settings-for-ie11.md) -### [Auto configuration settings for Internet Explorer 11](ie11-deploy-guide/auto-configuration-settings-for-ie11.md) -### [Auto proxy configuration settings for Internet Explorer 11](ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md) - -## [Troubleshoot Internet Explorer 11 (IE11)](ie11-deploy-guide/troubleshoot-ie11.md) -### [Setup problems with Internet Explorer 11](ie11-deploy-guide/setup-problems-with-ie11.md) -### [Install problems with Internet Explorer 11](ie11-deploy-guide/install-problems-with-ie11.md) -### [Problems after installing Internet Explorer 11](ie11-deploy-guide/problems-after-installing-ie11.md) -### [Auto configuration and auto proxy problems with Internet Explorer 11](ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md) -### [User interface problems with Internet Explorer 11](ie11-deploy-guide/user-interface-problems-with-ie11.md) -### [Group Policy problems with Internet Explorer 11](ie11-deploy-guide/group-policy-problems-ie11.md) -### [.NET Framework problems with Internet Explorer 11](ie11-deploy-guide/net-framework-problems-with-ie11.md) -### [Enhanced Protected Mode problems with Internet Explorer](ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md) -### [Fix font rendering problems by turning off natural metrics](ie11-deploy-guide/turn-off-natural-metrics.md) -### [Intranet problems with Internet Explorer 11](ie11-deploy-guide/intranet-problems-and-ie11.md) -### [Browser cache changes and roaming profiles](ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md) - -## [Out-of-date ActiveX control blocking](ie11-deploy-guide/out-of-date-activex-control-blocking.md) -### [Blocked out-of-date ActiveX controls](ie11-deploy-guide/blocked-out-of-date-activex-controls.md) - -## [Deprecated document modes and Internet Explorer 11](ie11-deploy-guide/deprecated-document-modes.md) - -## [What is the Internet Explorer 11 Blocker Toolkit?](ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md) -### [Internet Explorer 11 delivery through automatic updates](ie11-deploy-guide/ie11-delivery-through-automatic-updates.md) -### [Internet Explorer 11 Blocker Toolkit FAQ](ie11-faq/faq-ie11-blocker-toolkit.md) - -## [Missing Internet Explorer Maintenance settings for Internet Explorer 11](ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md) - -## [Missing the Compatibility View Button](ie11-deploy-guide/missing-the-compatibility-view-button.md) - -## [Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013](ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md) - -# [IE11 Frequently Asked Questions (FAQ) Guide for IT Pros](ie11-faq/faq-for-it-pros-ie11.md) - -# [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](ie11-ieak/index.md) -## [What IEAK can do for you](ie11-ieak/what-ieak-can-do-for-you.md) -## [Internet Explorer Administration Kit (IEAK) information and downloads](ie11-ieak/ieak-information-and-downloads.md) -## [Before you start using IEAK 11](ie11-ieak/before-you-create-custom-pkgs-ieak11.md) -### [Hardware and software requirements for IEAK 11](ie11-ieak/hardware-and-software-reqs-ieak11.md) -### [Determine the licensing version and features to use in IEAK 11](ie11-ieak/licensing-version-and-features-ieak11.md) -### [Security features and IEAK 11](ie11-ieak/security-and-ieak11.md) -### [File types used or created by IEAK 11](ie11-ieak/file-types-ieak11.md) -### [Tasks and references to consider before creating and deploying custom packages using IEAK 11](ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md) -### [Create the build computer folder structure using IEAK 11](ie11-ieak/create-build-folder-structure-ieak11.md) -### [Set up auto detection for DHCP or DNS servers using IEAK 11](ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md) -### [Use proxy auto-configuration (.pac) files with IEAK 11](ie11-ieak/proxy-auto-config-examples.md) -### [Customize the toolbar button and Favorites List icons using IEAK 11](ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md) -### [Use the uninstallation .INF files to uninstall custom components](ie11-ieak/create-uninstall-inf-files-for-custom-components.md) -### [Add and approve ActiveX controls using the IEAK 11](ie11-ieak/add-and-approve-activex-controls-ieak11.md) -### [Register an uninstall app for custom components using IEAK 11](ie11-ieak/register-uninstall-app-ieak11.md) -### [Customize Automatic Search for Internet Explorer using IEAK 11](ie11-ieak/customize-automatic-search-for-ie.md) -### [Create multiple versions of your custom package using IEAK 11](ie11-ieak/create-multiple-browser-packages-ieak11.md) -### [Before you install your package over your network using IEAK 11](ie11-ieak/prep-network-install-with-ieak11.md) -### [Use the RSoP snap-in to review policy settings](ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md) -### [IEAK 11 - Frequently Asked Questions](ie11-faq/faq-ieak11.md) -### [Troubleshoot custom package and IEAK 11 problems](ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md) - -## [Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options](ie11-ieak/ieak11-wizard-custom-options.md) -### [Use the File Locations page in the IEAK 11 Wizard](ie11-ieak/file-locations-ieak11-wizard.md) -### [Use the Platform Selection page in the IEAK 11 Wizard](ie11-ieak/platform-selection-ieak11-wizard.md) -### [Use the Language Selection page in the IEAK 11 Wizard](ie11-ieak/language-selection-ieak11-wizard.md) -### [Use the Package Type Selection page in the IEAK 11 Wizard](ie11-ieak/pkg-type-selection-ieak11-wizard.md) -### [Use the Feature Selection page in the IEAK 11 Wizard](ie11-ieak/feature-selection-ieak11-wizard.md) -### [Use the Automatic Version Synchronization page in the IEAK 11 Wizard](ie11-ieak/auto-version-sync-ieak11-wizard.md) -### [Use the Custom Components page in the IEAK 11 Wizard](ie11-ieak/custom-components-ieak11-wizard.md) -### [Use the Internal Install page in the IEAK 11 Wizard](ie11-ieak/internal-install-ieak11-wizard.md) -### [Use the User Experience page in the IEAK 11 Wizard](ie11-ieak/user-experience-ieak11-wizard.md) -### [Use the Browser User Interface page in the IEAK 11 Wizard](ie11-ieak/browser-ui-ieak11-wizard.md) -### [Use the Search Providers page in the IEAK 11 Wizard](ie11-ieak/search-providers-ieak11-wizard.md) -### [Use the Important URLs - Home Page and Support page in the IEAK 11 Wizard](ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md) -### [Use the Accelerators page in the IEAK 11 Wizard](ie11-ieak/accelerators-ieak11-wizard.md) -### [Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard](ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md) -### [Use the Browsing Options page in the IEAK 11 Wizard](ie11-ieak/browsing-options-ieak11-wizard.md) -### [Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard](ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md) -### [Use the Compatibility View page in the IEAK 11 Wizard](ie11-ieak/compat-view-ieak11-wizard.md) -### [Use the Connection Manager page in the IEAK 11 Wizard](ie11-ieak/connection-mgr-ieak11-wizard.md) -### [Use the Connection Settings page in the IEAK 11 Wizard](ie11-ieak/connection-settings-ieak11-wizard.md) -### [Use the Automatic Configuration page in the IEAK 11 Wizard](ie11-ieak/auto-config-ieak11-wizard.md) -### [Use the Proxy Settings page in the IEAK 11 Wizard](ie11-ieak/proxy-settings-ieak11-wizard.md) -### [Use the Security and Privacy Settings page in the IEAK 11 Wizard](ie11-ieak/security-and-privacy-settings-ieak11-wizard.md) -### [Use the Add a Root Certificate page in the IEAK 11 Wizard](ie11-ieak/add-root-certificate-ieak11-wizard.md) -### [Use the Programs page in the IEAK 11 Wizard](ie11-ieak/programs-ieak11-wizard.md) -### [Use the Additional Settings page in the IEAK 11 Wizard](ie11-ieak/additional-settings-ieak11-wizard.md) -### [Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard](ie11-ieak/wizard-complete-ieak11-wizard.md) - -## [Using Internet Settings (.INS) files with IEAK 11](ie11-ieak/using-internet-settings-ins-files.md) -### [Use the Branding .INS file to create custom branding and setup info](ie11-ieak/branding-ins-file-setting.md) -### [Use the BrowserToolbars .INS file to customize the Internet Explorer toolbar](ie11-ieak/browsertoolbars-ins-file-setting.md) -### [Use the CabSigning .INS file to review the digital signatures for your apps](ie11-ieak/cabsigning-ins-file-setting.md) -### [Use the ConnectionSettings .INS file to review the network connections for install](ie11-ieak/connectionsettings-ins-file-setting.md) -### [Use the CustomBranding .INS file to specify the custom branding location](ie11-ieak/custombranding-ins-file-setting.md) -### [Use the ExtRegInf .INS file to specify installation files and mode](ie11-ieak/extreginf-ins-file-setting.md) -### [Use the FavoritesEx .INS file for your Favorites icon and URLs](ie11-ieak/favoritesex-ins-file-setting.md) -### [Use the HideCustom .INS file to hide GUIDs](ie11-ieak/hidecustom-ins-file-setting.md) -### [Use the ISP_Security .INS file to add your root certificate](ie11-ieak/isp-security-ins-file-setting.md) -### [Use the Media .INS file to specify your install media](ie11-ieak/media-ins-file-setting.md) -### [Use the Proxy .INS file to specify a proxy server](ie11-ieak/proxy-ins-file-setting.md) -### [Use the Security Imports .INS file to import security info](ie11-ieak/security-imports-ins-file-setting.md) -### [Use the URL .INS file to use an auto-configured proxy server](ie11-ieak/url-ins-file-setting.md) - -## [IExpress Wizard for Windows Server 2008 R2 with SP1](ie11-ieak/iexpress-wizard-for-win-server.md) -### [IExpress Wizard command-line options](ie11-ieak/iexpress-command-line-options.md) -### [Internet Explorer Setup command-line options and return codes](ie11-ieak/ie-setup-command-line-options-and-return-codes.md) - -## KB Troubleshoot -### [Internet Explorer and Microsoft Edge FAQ for IT Pros](kb-support/ie-edge-faqs.md) diff --git a/browsers/internet-explorer/TOC.yml b/browsers/internet-explorer/TOC.yml new file mode 100644 index 0000000000..b74d5068fa --- /dev/null +++ b/browsers/internet-explorer/TOC.yml @@ -0,0 +1,359 @@ +- name: IE11 Deployment Guide for IT Pros + href: ie11-deploy-guide/index.md + items: + - name: Change history for the Internet Explorer 11 (IE11) Deployment Guide + href: ie11-deploy-guide/change-history-for-internet-explorer-11.md + - name: System requirements and language support for Internet Explorer 11 + href: ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md + - name: List of updated features and tools - Internet Explorer 11 (IE11) + href: ie11-deploy-guide/updated-features-and-tools-with-ie11.md + - name: Install and Deploy Internet Explorer 11 (IE11) + href: ie11-deploy-guide/install-and-deploy-ie11.md + items: + - name: Customize Internet Explorer 11 installation packages + href: ie11-deploy-guide/customize-ie11-install-packages.md + items: + - name: Using IEAK 11 to create packages + href: ie11-deploy-guide/using-ieak11-to-create-install-packages.md + - name: Create packages for multiple operating systems or languages + href: ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md + - name: Using .INF files to create packages + href: ie11-deploy-guide/using-inf-files-to-create-install-packages.md + - name: Choose how to install Internet Explorer 11 (IE11) + href: ie11-deploy-guide/choose-how-to-install-ie11.md + items: + - name: Install Internet Explorer 11 (IE11) - System Center 2012 R2 Configuration Manager + href: ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md + - name: Install Internet Explorer 11 (IE11) - Windows Server Update Services (WSUS) + href: ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md + - name: Install Internet Explorer 11 (IE11) - Microsoft Intune + href: ie11-deploy-guide/install-ie11-using-microsoft-intune.md + - name: Install Internet Explorer 11 (IE11) - Network + href: ie11-deploy-guide/install-ie11-using-the-network.md + - name: Install Internet Explorer 11 (IE11) - Operating system deployment systems + href: ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md + - name: Install Internet Explorer 11 (IE11) - Third-party tools + href: ie11-deploy-guide/install-ie11-using-third-party-tools.md + - name: Choose how to deploy Internet Explorer 11 (IE11) + href: ie11-deploy-guide/choose-how-to-deploy-ie11.md + items: + - name: Deploy Internet Explorer 11 using Automatic Version Synchronization (AVS) + href: ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md + - name: Deploy Internet Explorer 11 using software distribution tools + href: ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md + - name: Virtualization and compatibility with Internet Explorer 11 + href: ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md + - name: Collect data using Enterprise Site Discovery + href: ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md + - name: Enterprise Mode for Internet Explorer 11 (IE11) + href: ie11-deploy-guide/enterprise-mode-overview-for-ie11.md + items: + - name: Tips and tricks to manage Internet Explorer compatibility + href: ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md + - name: Enterprise Mode and the Enterprise Mode Site List + href: ie11-deploy-guide/what-is-enterprise-mode.md + - name: Set up Enterprise Mode logging and data collection + href: ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md + - name: Turn on Enterprise Mode and use a site list + href: ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md + - name: Enterprise Mode schema v.2 guidance + href: ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md + - name: Enterprise Mode schema v.1 guidance + href: ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md + - name: Check for a new Enterprise Mode site list xml file + href: ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md + - name: Turn on local control and logging for Enterprise Mode + href: ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md + - name: Use the Enterprise Mode Site List Manager + href: ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md + items: + - name: Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) + href: ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md + - name: Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) + href: ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md + - name: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) + href: ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md + - name: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) + href: ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md + - name: Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager + href: ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md + - name: Fix validation problems using the Enterprise Mode Site List Manager + href: ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md + - name: Search your Enterprise Mode site list in the Enterprise Mode Site List Manager + href: ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md + - name: Save your site list to XML in the Enterprise Mode Site List Manager + href: ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md + - name: Export your Enterprise Mode site list from the Enterprise Mode Site List Manager + href: ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md + - name: Import your Enterprise Mode site list to the Enterprise Mode Site List Manager + href: ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md + - name: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager + href: ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md + - name: Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager + href: ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md + - name: Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager + href: ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md + - name: Use the Enterprise Mode Site List Portal + href: ie11-deploy-guide/use-the-enterprise-mode-portal.md + items: + - name: Set up the Enterprise Mode Site List Portal + href: ie11-deploy-guide/set-up-enterprise-mode-portal.md + items: + - name: Use the Settings page to finish setting up the Enterprise Mode Site List Portal + href: ie11-deploy-guide/configure-settings-enterprise-mode-portal.md + - name: Add employees to the Enterprise Mode Site List Portal + href: ie11-deploy-guide/add-employees-enterprise-mode-portal.md + - name: Workflow-based processes for employees using the Enterprise Mode Site List Portal + href: ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md + items: + - name: Create a change request using the Enterprise Mode Site List Portal + href: ie11-deploy-guide/create-change-request-enterprise-mode-portal.md + - name: Verify your changes using the Enterprise Mode Site List Portal + href: ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md + - name: Approve a change request using the Enterprise Mode Site List Portal + href: ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md + - name: Schedule approved change requests for production using the Enterprise Mode Site List Portal + href: ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md + - name: Verify the change request update in the production environment using the Enterprise Mode Site List Portal + href: ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md + - name: View the apps currently on the Enterprise Mode Site List + href: ie11-deploy-guide/view-apps-enterprise-mode-site-list.md + - name: View the available Enterprise Mode reports from the Enterprise Mode Site List Portal + href: ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md + - name: Using IE7 Enterprise Mode or IE8 Enterprise Mode + href: ie11-deploy-guide/using-enterprise-mode.md + - name: Fix web compatibility issues using document modes and the Enterprise Mode site list + href: ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md + - name: Remove sites from a local Enterprise Mode site list + href: ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md + - name: Remove sites from a local compatibility view list + href: ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md + - name: Turn off Enterprise Mode + href: ie11-deploy-guide/turn-off-enterprise-mode.md + - name: Group Policy and Internet Explorer 11 (IE11) + href: ie11-deploy-guide/group-policy-and-ie11.md + items: + - name: Group Policy management tools + href: ie11-deploy-guide/group-policy-objects-and-ie11.md + items: + - name: Group Policy and the Group Policy Management Console (GPMC) + href: ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md + - name: Group Policy and the Local Group Policy Editor + href: ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md + - name: Group Policy and Advanced Group Policy Management (AGPM) + href: ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md + - name: Group Policy and Windows Powershell + href: ie11-deploy-guide/group-policy-windows-powershell-ie11.md + - name: Group Policy and Shortcut Extensions + href: ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md + - name: New group policy settings for Internet Explorer 11 + href: ie11-deploy-guide/new-group-policy-settings-for-ie11.md + - name: Set the default browser using Group Policy + href: ie11-deploy-guide/set-the-default-browser-using-group-policy.md + - name: ActiveX installation using group policy + href: ie11-deploy-guide/activex-installation-using-group-policy.md + - name: Group Policy and compatibility with Internet Explorer 11 + href: ie11-deploy-guide/group-policy-compatibility-with-ie11.md + - name: Group policy preferences and Internet Explorer 11 + href: ie11-deploy-guide/group-policy-preferences-and-ie11.md + - name: Administrative templates and Internet Explorer 11 + href: ie11-deploy-guide/administrative-templates-and-ie11.md + - name: Enable and disable add-ons using administrative templates and group policy + href: ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md + - name: Manage Internet Explorer 11 + href: ie11-deploy-guide/manage-ie11-overview.md + items: + - name: Auto detect settings Internet Explorer 11 + href: ie11-deploy-guide/auto-detect-settings-for-ie11.md + - name: Auto configuration settings for Internet Explorer 11 + href: ie11-deploy-guide/auto-configuration-settings-for-ie11.md + - name: Auto proxy configuration settings for Internet Explorer 11 + href: ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md + - name: Troubleshoot Internet Explorer 11 (IE11) + href: ie11-deploy-guide/troubleshoot-ie11.md + items: + - name: Setup problems with Internet Explorer 11 + href: ie11-deploy-guide/setup-problems-with-ie11.md + - name: Install problems with Internet Explorer 11 + href: ie11-deploy-guide/install-problems-with-ie11.md + - name: Problems after installing Internet Explorer 11 + href: ie11-deploy-guide/problems-after-installing-ie11.md + - name: Auto configuration and auto proxy problems with Internet Explorer 11 + href: ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md + - name: User interface problems with Internet Explorer 11 + href: ie11-deploy-guide/user-interface-problems-with-ie11.md + - name: Group Policy problems with Internet Explorer 11 + href: ie11-deploy-guide/group-policy-problems-ie11.md + - name: .NET Framework problems with Internet Explorer 11 + href: ie11-deploy-guide/net-framework-problems-with-ie11.md + - name: Enhanced Protected Mode problems with Internet Explorer + href: ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md + - name: Fix font rendering problems by turning off natural metrics + href: ie11-deploy-guide/turn-off-natural-metrics.md + - name: Intranet problems with Internet Explorer 11 + href: ie11-deploy-guide/intranet-problems-and-ie11.md + - name: Browser cache changes and roaming profiles + href: ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md + - name: Out-of-date ActiveX control blocking + href: ie11-deploy-guide/out-of-date-activex-control-blocking.md + items: + - name: Blocked out-of-date ActiveX controls + href: ie11-deploy-guide/blocked-out-of-date-activex-controls.md) + - name: Deprecated document modes and Internet Explorer 11 + href: ie11-deploy-guide/deprecated-document-modes.md + - name: What is the Internet Explorer 11 Blocker Toolkit? + href: ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md + items: + - name: Internet Explorer 11 delivery through automatic updates + href: ie11-deploy-guide/ie11-delivery-through-automatic-updates.md + - name: Internet Explorer 11 Blocker Toolkit FAQ + href: ie11-faq/faq-ie11-blocker-toolkit.md + - name: Missing Internet Explorer Maintenance settings for Internet Explorer 11 + href: ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md + - name: Missing the Compatibility View Button + href: ie11-deploy-guide/missing-the-compatibility-view-button.md + - name: Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013 + href: ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md +- name: IE11 Frequently Asked Questions (FAQ) Guide for IT Pros + href: ie11-faq/faq-for-it-pros-ie11.md +- name: Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros + href: ie11-ieak/index.md + items: + - name: What IEAK can do for you + href: ie11-ieak/what-ieak-can-do-for-you.md + - name: Internet Explorer Administration Kit (IEAK) information and downloads + href: ie11-ieak/ieak-information-and-downloads.md + - name: Before you start using IEAK 11 + href: ie11-ieak/before-you-create-custom-pkgs-ieak11.md + items: + - name: Hardware and software requirements for IEAK 11 + href: ie11-ieak/hardware-and-software-reqs-ieak11.md + - name: Determine the licensing version and features to use in IEAK 11 + href: ie11-ieak/licensing-version-and-features-ieak11.md + - name: Security features and IEAK 11 + href: ie11-ieak/security-and-ieak11.md + - name: File types used or created by IEAK 11 + href: ie11-ieak/file-types-ieak11.md + - name: Tasks and references to consider before creating and deploying custom packages using IEAK 11 + href: ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md + - name: Create the build computer folder structure using IEAK 11 + href: ie11-ieak/create-build-folder-structure-ieak11.md + - name: Set up auto detection for DHCP or DNS servers using IEAK 11 + href: ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md + - name: Use proxy auto-configuration (.pac) files with IEAK 11 + href: ie11-ieak/proxy-auto-config-examples.md + - name: Customize the toolbar button and Favorites List icons using IEAK 11 + href: ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md + - name: Use the uninstallation .INF files to uninstall custom components + href: ie11-ieak/create-uninstall-inf-files-for-custom-components.md + - name: Add and approve ActiveX controls using the IEAK 11 + href: ie11-ieak/add-and-approve-activex-controls-ieak11.md + - name: Register an uninstall app for custom components using IEAK 11 + href: ie11-ieak/register-uninstall-app-ieak11.md + - name: Customize Automatic Search for Internet Explorer using IEAK 11 + href: ie11-ieak/customize-automatic-search-for-ie.md + - name: Create multiple versions of your custom package using IEAK 11 + href: ie11-ieak/create-multiple-browser-packages-ieak11.md + - name: Before you install your package over your network using IEAK 11 + href: ie11-ieak/prep-network-install-with-ieak11.md + - name: Use the RSoP snap-in to review policy settings + href: ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md + - name: IEAK 11 - Frequently Asked Questions + href: ie11-faq/faq-ieak11.md + - name: Troubleshoot custom package and IEAK 11 problems + href: ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md + - name: Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options + href: ie11-ieak/ieak11-wizard-custom-options.md + items: + - name: Use the File Locations page in the IEAK 11 Wizard + href: ie11-ieak/file-locations-ieak11-wizard.md + - name: Use the Platform Selection page in the IEAK 11 Wizard + href: ie11-ieak/platform-selection-ieak11-wizard.md + - name: Use the Language Selection page in the IEAK 11 Wizard + href: ie11-ieak/language-selection-ieak11-wizard.md + - name: Use the Package Type Selection page in the IEAK 11 Wizard + href: ie11-ieak/pkg-type-selection-ieak11-wizard.md + - name: Use the Feature Selection page in the IEAK 11 Wizard + href: ie11-ieak/feature-selection-ieak11-wizard.md + - name: Use the Automatic Version Synchronization page in the IEAK 11 Wizard + href: ie11-ieak/auto-version-sync-ieak11-wizard.md + - name: Use the Custom Components page in the IEAK 11 Wizard + href: ie11-ieak/custom-components-ieak11-wizard.md + - name: Use the Internal Install page in the IEAK 11 Wizard + href: ie11-ieak/internal-install-ieak11-wizard.md + - name: Use the User Experience page in the IEAK 11 Wizard + href: ie11-ieak/user-experience-ieak11-wizard.md + - name: Use the Browser User Interface page in the IEAK 11 Wizard + href: ie11-ieak/browser-ui-ieak11-wizard.md + - name: Use the Search Providers page in the IEAK 11 Wizard + href: ie11-ieak/search-providers-ieak11-wizard.md + - name: Use the Important URLs - Home Page and Support page in the IEAK 11 Wizard + href: ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md + - name: Use the Accelerators page in the IEAK 11 Wizard + href: ie11-ieak/accelerators-ieak11-wizard.md + - name: Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard + href: ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md + - name: Use the Browsing Options page in the IEAK 11 Wizard + href: ie11-ieak/browsing-options-ieak11-wizard.md + - name: Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard + href: ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md + - name: Use the Compatibility View page in the IEAK 11 Wizard + href: ie11-ieak/compat-view-ieak11-wizard.md + - name: Use the Connection Manager page in the IEAK 11 Wizard + href: ie11-ieak/connection-mgr-ieak11-wizard.md + - name: Use the Connection Settings page in the IEAK 11 Wizard + href: ie11-ieak/connection-settings-ieak11-wizard.md + - name: Use the Automatic Configuration page in the IEAK 11 Wizard + href: ie11-ieak/auto-config-ieak11-wizard.md + - name: Use the Proxy Settings page in the IEAK 11 Wizard + href: ie11-ieak/proxy-settings-ieak11-wizard.md + - name: Use the Security and Privacy Settings page in the IEAK 11 Wizard + href: ie11-ieak/security-and-privacy-settings-ieak11-wizard.md + - name: Use the Add a Root Certificate page in the IEAK 11 Wizard + href: ie11-ieak/add-root-certificate-ieak11-wizard.md + - name: Use the Programs page in the IEAK 11 Wizard + href: ie11-ieak/programs-ieak11-wizard.md + - name: Use the Additional Settings page in the IEAK 11 Wizard + href: ie11-ieak/additional-settings-ieak11-wizard.md + - name: Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard + href: ie11-ieak/wizard-complete-ieak11-wizard.md + - name: Using Internet Settings (.INS) files with IEAK 11 + href: ie11-ieak/using-internet-settings-ins-files.md + items: + - name: Use the Branding .INS file to create custom branding and setup info + href: ie11-ieak/branding-ins-file-setting.md + - name: Use the BrowserToolbars .INS file to customize the Internet Explorer toolbar + href: ie11-ieak/browsertoolbars-ins-file-setting.md + - name: Use the CabSigning .INS file to review the digital signatures for your apps + href: ie11-ieak/cabsigning-ins-file-setting.md + - name: Use the ConnectionSettings .INS file to review the network connections for install + href: ie11-ieak/connectionsettings-ins-file-setting.md + - name: Use the CustomBranding .INS file to specify the custom branding location + href: ie11-ieak/custombranding-ins-file-setting.md + - name: Use the ExtRegInf .INS file to specify installation files and mode + href: ie11-ieak/extreginf-ins-file-setting.md + - name: Use the FavoritesEx .INS file for your Favorites icon and URLs + href: ie11-ieak/favoritesex-ins-file-setting.md + - name: Use the HideCustom .INS file to hide GUIDs + href: ie11-ieak/hidecustom-ins-file-setting.md + - name: Use the ISP_Security .INS file to add your root certificate + href: ie11-ieak/isp-security-ins-file-setting.md + - name: Use the Media .INS file to specify your install media + href: ie11-ieak/media-ins-file-setting.md + - name: Use the Proxy .INS file to specify a proxy server + href: ie11-ieak/proxy-ins-file-setting.md + - name: Use the Security Imports .INS file to import security info + href: ie11-ieak/security-imports-ins-file-setting.md + - name: Use the URL .INS file to use an auto-configured proxy server + href: ie11-ieak/url-ins-file-setting.md + - name: IExpress Wizard for Windows Server 2008 R2 with SP1 + href: ie11-ieak/iexpress-wizard-for-win-server.md + items: + - name: IExpress Wizard command-line options + href: ie11-ieak/iexpress-command-line-options.md + - name: Internet Explorer Setup command-line options and return codes + href: ie11-ieak/ie-setup-command-line-options-and-return-codes.md + - name: KB Troubleshoot + items: + - name: Internet Explorer and Microsoft Edge FAQ for IT Pros + href: kb-support/ie-edge-faqs.md From 469401a9660e058a76eab0dc28cc21c6e1c4606b Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Apr 2021 21:18:26 -0700 Subject: [PATCH 044/156] Delete TOC.md --- browsers/edge/TOC.md | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 browsers/edge/TOC.md diff --git a/browsers/edge/TOC.md b/browsers/edge/TOC.md deleted file mode 100644 index bae1f59877..0000000000 --- a/browsers/edge/TOC.md +++ /dev/null @@ -1,33 +0,0 @@ -# [Microsoft Edge deployment for IT Pros](index.yml) - -## [System requirements and supported languages](about-microsoft-edge.md) - -## [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) - -## [Deploy Microsoft Edge kiosk mode](microsoft-edge-kiosk-mode-deploy.md) - -## [Group policies & configuration options](group-policies/index.yml) -### [Address bar](group-policies/address-bar-settings-gp.md) -### [Adobe Flash](group-policies/adobe-settings-gp.md) -### [Books Library](group-policies/books-library-management-gp.md) -### [Browser experience](group-policies/browser-settings-management-gp.md) -### [Developer tools](group-policies/developer-settings-gp.md) -### [Extensions](group-policies/extensions-management-gp.md) -### [Favorites](group-policies/favorites-management-gp.md) -### [Home button](group-policies/home-button-gp.md) -### [Interoperability and enterprise mode guidance](group-policies/interoperability-enterprise-guidance-gp.md) -### [Kiosk mode deployment in Microsoft Edge](microsoft-edge-kiosk-mode-deploy.md) -### [New Tab page](group-policies/new-tab-page-settings-gp.md) -### [Prelaunch Microsoft Edge and preload tabs](group-policies/prelaunch-preload-gp.md) -### [Search engine customization](group-policies/search-engine-customization-gp.md) -### [Security and privacy](group-policies/security-privacy-management-gp.md) -### [Start page](group-policies/start-pages-gp.md) -### [Sync browser](group-policies/sync-browser-settings-gp.md) -### [Telemetry and data collection](group-policies/telemetry-management-gp.md) - - -## [Change history for Microsoft Edge](change-history-for-microsoft-edge.md) - -## [Microsoft Edge Frequently Asked Questions (FAQ)](microsoft-edge-faq.yml) - - From 6d793fda3b86c2f145baf79a40282ba33c82dc76 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Apr 2021 21:24:14 -0700 Subject: [PATCH 045/156] Conversion to YAML: ./education/trial-in-a-box/TOC.md --- education/trial-in-a-box/TOC.md | 4 ---- education/trial-in-a-box/TOC.yml | 9 +++++++++ 2 files changed, 9 insertions(+), 4 deletions(-) delete mode 100644 education/trial-in-a-box/TOC.md create mode 100644 education/trial-in-a-box/TOC.yml diff --git a/education/trial-in-a-box/TOC.md b/education/trial-in-a-box/TOC.md deleted file mode 100644 index 71ed4cbd0c..0000000000 --- a/education/trial-in-a-box/TOC.md +++ /dev/null @@ -1,4 +0,0 @@ -# [Microsoft Education Trial in a Box](index.md) -## [Educator Trial in a Box Guide](educator-tib-get-started.md) -## [IT Admin Trial in a Box Guide](itadmin-tib-get-started.md) -## [Microsoft Education Trial in a Box Support](support-options.md) \ No newline at end of file diff --git a/education/trial-in-a-box/TOC.yml b/education/trial-in-a-box/TOC.yml new file mode 100644 index 0000000000..6050d91b67 --- /dev/null +++ b/education/trial-in-a-box/TOC.yml @@ -0,0 +1,9 @@ +- name: Microsoft Education Trial in a Box + href: index.md + items: + - name: Educator Trial in a Box Guide + href: educator-tib-get-started.md + - name: IT Admin Trial in a Box Guide + href: itadmin-tib-get-started.md + - name: Microsoft Education Trial in a Box Support + href: support-options.md From d2a43d7a362560b8346aea31e0773fe3df2865b5 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Apr 2021 21:24:49 -0700 Subject: [PATCH 046/156] Conversion to YAML: ./education/windows/TOC.md --- education/windows/TOC.md | 31 ------------------ education/windows/TOC.yml | 67 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 31 deletions(-) delete mode 100644 education/windows/TOC.md create mode 100644 education/windows/TOC.yml diff --git a/education/windows/TOC.md b/education/windows/TOC.md deleted file mode 100644 index b55cbbfe02..0000000000 --- a/education/windows/TOC.md +++ /dev/null @@ -1,31 +0,0 @@ -# [Windows 10 for Education](index.md) -## [Windows 10 editions for education customers](windows-editions-for-education-customers.md) -## [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md) -## [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md) -## [Set up Windows devices for education](set-up-windows-10.md) -### [What's new in Set up School PCs](set-up-school-pcs-whats-new.md) -### [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md) -#### [Azure AD Join for school PCs](set-up-school-pcs-azure-ad-join.md) -#### [Shared PC mode for school devices](set-up-school-pcs-shared-pc-mode.md) -#### [Provisioning package settings](set-up-school-pcs-provisioning-package.md) -### [Use the Set up School PCs app](use-set-up-school-pcs-app.md) -### [Set up student PCs to join domain](set-up-students-pcs-to-join-domain.md) -### [Provision student PCs with apps](set-up-students-pcs-with-apps.md) -## [Take tests in Windows 10](take-tests-in-windows-10.md) -### [Set up Take a Test on a single PC](take-a-test-single-pc.md) -### [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md) -### [Take a Test app technical reference](take-a-test-app-technical.md) -## [Reset devices with Autopilot Reset](autopilot-reset.md) -## [Working with Microsoft Store for Education](education-scenarios-store-for-business.md) -## [Get Minecraft: Education Edition](get-minecraft-for-education.md) -### [For teachers: get Minecraft Education Edition](teacher-get-minecraft.md) -### [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md) -### [Get Minecraft: Education Edition with Windows 10 device promotion](get-minecraft-device-promotion.md) -## [Test Windows 10 in S mode on existing Windows 10 education devices](test-windows10s-for-edu.md) -## [Enable Windows 10 in S mode on Surface Go devices](enable-s-mode-on-surface-go-devices.md) -## [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) -## [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md) -## [Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode](s-mode-switch-to-edu.md) -## [Change to Windows 10 Pro Education from Windows 10 Pro](change-to-pro-education.md) -## [Chromebook migration guide](chromebook-migration-guide.md) -## [Change history for Windows 10 for Education](change-history-edu.md) diff --git a/education/windows/TOC.yml b/education/windows/TOC.yml new file mode 100644 index 0000000000..1e9b64e238 --- /dev/null +++ b/education/windows/TOC.yml @@ -0,0 +1,67 @@ +- name: Windows 10 for Education + href: index.md + items: + - name: Windows 10 editions for education customers + href: windows-editions-for-education-customers.md + - name: Windows 10 configuration recommendations for education customers + href: configure-windows-for-education.md + - name: Deployment recommendations for school IT administrators + href: edu-deployment-recommendations.md + - name: Set up Windows devices for education + href: set-up-windows-10.md + items: + - name: What's new in Set up School PCs + href: set-up-school-pcs-whats-new.md) + - name: Technical reference for the Set up School PCs app + href: set-up-school-pcs-technical.md + items: + - name: Azure AD Join for school PCs + href: set-up-school-pcs-azure-ad-join.md + - name: Shared PC mode for school devices + href: set-up-school-pcs-shared-pc-mode.md + - name: Provisioning package settings + href: set-up-school-pcs-provisioning-package.md + - name: Use the Set up School PCs app + href: use-set-up-school-pcs-app.md + - name: Set up student PCs to join domain + href: set-up-students-pcs-to-join-domain.md + - name: Provision student PCs with apps + href: set-up-students-pcs-with-apps.md + - name: Take tests in Windows 10 + href: take-tests-in-windows-10.md + items: + - name: Set up Take a Test on a single PC + href: take-a-test-single-pc.md + - name: Set up Take a Test on multiple PCs + href: take-a-test-multiple-pcs.md + - name: Take a Test app technical reference + href: take-a-test-app-technical.md + - name: Reset devices with Autopilot Reset + href: autopilot-reset.md + - name: Working with Microsoft Store for Education + href: education-scenarios-store-for-business.md + - name: "Get Minecraft: Education Edition" + href: get-minecraft-for-education.md + items: + - name: "For teachers: get Minecraft Education Edition" + href: teacher-get-minecraft.md + - name: "For IT administrators: get Minecraft Education Edition" + href: school-get-minecraft.md + - name: "Get Minecraft: Education Edition with Windows 10 device promotion" + href: get-minecraft-device-promotion.md + - name: Test Windows 10 in S mode on existing Windows 10 education devices + href: test-windows10s-for-edu.md + - name: Enable Windows 10 in S mode on Surface Go devices + href: enable-s-mode-on-surface-go-devices.md + - name: Deploy Windows 10 in a school + href: deploy-windows-10-in-a-school.md + - name: Deploy Windows 10 in a school district + href: deploy-windows-10-in-a-school-district.md + - name: Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode + href: s-mode-switch-to-edu.md + - name: Change to Windows 10 Pro Education from Windows 10 Pro + href: change-to-pro-education.md + - name: Chromebook migration guide + href: chromebook-migration-guide.md + - name: Change history for Windows 10 for Education + href: change-history-edu.md From 5ff74796de020db88b2dacbed726ccd594a72f44 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Apr 2021 21:28:25 -0700 Subject: [PATCH 047/156] Conversion to YAML: ./gdpr/TOC.md --- gdpr/TOC.md | 1 - gdpr/TOC.yml | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) delete mode 100644 gdpr/TOC.md create mode 100644 gdpr/TOC.yml diff --git a/gdpr/TOC.md b/gdpr/TOC.md deleted file mode 100644 index 06913f7aef..0000000000 --- a/gdpr/TOC.md +++ /dev/null @@ -1 +0,0 @@ -# [Index](index.md) \ No newline at end of file diff --git a/gdpr/TOC.yml b/gdpr/TOC.yml new file mode 100644 index 0000000000..981fe6d622 --- /dev/null +++ b/gdpr/TOC.yml @@ -0,0 +1,2 @@ +- name: Index + href: index.md From d6ace73ab8a48079c59e80e6d0cfccc47052a870 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Apr 2021 21:32:07 -0700 Subject: [PATCH 048/156] Conversion to YAML: ./smb/TOC.md --- smb/TOC.md | 2 -- smb/TOC.yml | 5 +++++ 2 files changed, 5 insertions(+), 2 deletions(-) delete mode 100644 smb/TOC.md create mode 100644 smb/TOC.yml diff --git a/smb/TOC.md b/smb/TOC.md deleted file mode 100644 index 2b4214e907..0000000000 --- a/smb/TOC.md +++ /dev/null @@ -1,2 +0,0 @@ -# [Windows 10 for SMB](index.md) -## [Get started: Deploy and manage a full cloud IT solution for your business](cloud-mode-business-setup.md) diff --git a/smb/TOC.yml b/smb/TOC.yml new file mode 100644 index 0000000000..45500dc1bc --- /dev/null +++ b/smb/TOC.yml @@ -0,0 +1,5 @@ +- name: Windows 10 for SMB + href: index.md + items: + - name: "Get started: Deploy and manage a full cloud IT solution for your business" + href: cloud-mode-business-setup.md From b450ee4886dd2adfa7b900d6b2d9305c0cbb19e4 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Apr 2021 21:37:12 -0700 Subject: [PATCH 049/156] Conversion to YAML: ./store-for-business/TOC.md --- store-for-business/TOC.md | 39 ----------------- store-for-business/TOC.yml | 86 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+), 39 deletions(-) delete mode 100644 store-for-business/TOC.md create mode 100644 store-for-business/TOC.yml diff --git a/store-for-business/TOC.md b/store-for-business/TOC.md deleted file mode 100644 index a0ce28d2c2..0000000000 --- a/store-for-business/TOC.md +++ /dev/null @@ -1,39 +0,0 @@ -# [Microsoft Store for Business](index.md) -## [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) -## [Sign up and get started](sign-up-microsoft-store-for-business-overview.md) -### [Microsoft Store for Business and Microsoft Store for Education overview](microsoft-store-for-business-overview.md) -### [Prerequisites for Microsoft Store for Business and Education](prerequisites-microsoft-store-for-business.md) -### [Roles and permissions in the Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md) -### [Settings reference: Microsoft Store for Business and Education](settings-reference-microsoft-store-for-business.md) -## [Find and acquire apps](find-and-acquire-apps-overview.md) -### [Apps in the Microsoft Store for Business and Education](apps-in-microsoft-store-for-business.md) -### [Acquire apps](acquire-apps-microsoft-store-for-business.md) -### [Working with line-of-business apps](working-with-line-of-business-apps.md) -## [Distribute apps](distribute-apps-to-your-employees-microsoft-store-for-business.md) -### [Distribute apps using your private store](distribute-apps-from-your-private-store.md) -### [Assign apps to employees](assign-apps-to-employees.md) -### [Distribute apps with a management tool](distribute-apps-with-management-tool.md) -### [Distribute offline apps](distribute-offline-apps.md) -## [Manage products and services](manage-apps-microsoft-store-for-business-overview.md) -### [App inventory management](app-inventory-management-microsoft-store-for-business.md) -### [Manage orders](manage-orders-microsoft-store-for-business.md) -### [Manage access to private store](manage-access-to-private-store.md) -### [Manage private store settings](manage-private-store-settings.md) -### [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md) -### [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) -### [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md) -### [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](manage-mpsa-software-microsoft-store-for-business.md) -### [Working with solution providers](/microsoft-365/commerce/manage-partners) -## [Billing and payments](billing-payments-overview.md) -### [Understand your invoice](billing-understand-your-invoice-msfb.md) -### [Payment methods](payment-methods.md) -### [Understand billing profiles](billing-profile.md) -## [Manage settings in the Microsoft Store for Business and Education](manage-settings-microsoft-store-for-business.md) -### [Update account settings](update-microsoft-store-for-business-account-settings.md) -### [Manage user accounts](manage-users-and-groups-microsoft-store-for-business.md) -## [Device Guard signing portal](device-guard-signing-portal.md) -### [Add unsigned app to code integrity policy](add-unsigned-app-to-code-integrity-policy.md) -### [Sign code integrity policy with Device Guard signing](sign-code-integrity-policy-with-device-guard-signing.md) -## [Troubleshoot](troubleshoot-microsoft-store-for-business.md) -## [Notifications](notifications-microsoft-store-business.md) -## [Change history](sfb-change-history.md) \ No newline at end of file diff --git a/store-for-business/TOC.yml b/store-for-business/TOC.yml new file mode 100644 index 0000000000..c3379274a8 --- /dev/null +++ b/store-for-business/TOC.yml @@ -0,0 +1,86 @@ +- name: Microsoft Store for Business + href: index.md + items: + - name: What's new in Microsoft Store for Business and Education + href: whats-new-microsoft-store-business-education.md + - name: Sign up and get started + href: sign-up-microsoft-store-for-business-overview.md + items: + - name: Microsoft Store for Business and Microsoft Store for Education overview + href: microsoft-store-for-business-overview.md + - name: Prerequisites for Microsoft Store for Business and Education + href: prerequisites-microsoft-store-for-business.md + - name: Roles and permissions in the Microsoft Store for Business and Education + href: roles-and-permissions-microsoft-store-for-business.md + - name: "Settings reference: Microsoft Store for Business and Education" + href: settings-reference-microsoft-store-for-business.md + - name: Find and acquire apps + href: find-and-acquire-apps-overview.md + items: + - name: Apps in the Microsoft Store for Business and Education + href: apps-in-microsoft-store-for-business.md + - name: Acquire apps + href: acquire-apps-microsoft-store-for-business.md + - name: Working with line-of-business apps + href: working-with-line-of-business-apps.md + - name: Distribute apps + href: distribute-apps-to-your-employees-microsoft-store-for-business.md + items: + - name: Distribute apps using your private store + href: distribute-apps-from-your-private-store.md + - name: Assign apps to employees + href: assign-apps-to-employees.md + - name: Distribute apps with a management tool + href: distribute-apps-with-management-tool.md + - name: Distribute offline apps + href: distribute-offline-apps.md + - name: Manage products and services + href: manage-apps-microsoft-store-for-business-overview.md + items: + - name: App inventory management + href: app-inventory-management-microsoft-store-for-business.md + - name: Manage orders + href: manage-orders-microsoft-store-for-business.md + - name: Manage access to private store + href: manage-access-to-private-store.md + - name: Manage private store settings + href: manage-private-store-settings.md + - name: Configure MDM provider + href: configure-mdm-provider-microsoft-store-for-business.md + - name: Manage Windows device deployment with Windows Autopilot Deployment + href: add-profile-to-devices.md + - name: Microsoft Store for Business and Education PowerShell module - preview + href: microsoft-store-for-business-education-powershell-module.md + - name: Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business + href: manage-mpsa-software-microsoft-store-for-business.md + - name: Working with solution providers + href: /microsoft-365/commerce/manage-partners + - name: Billing and payments + href: billing-payments-overview.md + items: + - name: Understand your invoice + href: billing-understand-your-invoice-msfb.md + - name: Payment methods + href: payment-methods.md + - name: Understand billing profiles + href: billing-profile.md + - name: Manage settings in the Microsoft Store for Business and Education + href: manage-settings-microsoft-store-for-business.md + items: + - name: Update account settings + href: update-microsoft-store-for-business-account-settings.md + - name: Manage user accounts + href: manage-users-and-groups-microsoft-store-for-business.md + - name: Device Guard signing portal + href: device-guard-signing-portal.md + items: + - name: Add unsigned app to code integrity policy + href: add-unsigned-app-to-code-integrity-policy.md + - name: Sign code integrity policy with Device Guard signing + href: sign-code-integrity-policy-with-device-guard-signing.md + - name: Troubleshoot + href: troubleshoot-microsoft-store-for-business.md + - name: Notifications + href: notifications-microsoft-store-business.md + - name: Change history + href: sfb-change-history.md From 42bf19f383874eb67aecefe63da5b0c159b58cdf Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Apr 2021 21:40:15 -0700 Subject: [PATCH 050/156] Conversion to YAML: ./windows/client-management/TOC.md --- windows/client-management/TOC.md | 38 -------------- windows/client-management/TOC.yml | 83 +++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+), 38 deletions(-) delete mode 100644 windows/client-management/TOC.md create mode 100644 windows/client-management/TOC.yml diff --git a/windows/client-management/TOC.md b/windows/client-management/TOC.md deleted file mode 100644 index aac950751a..0000000000 --- a/windows/client-management/TOC.md +++ /dev/null @@ -1,38 +0,0 @@ -# [Manage clients in Windows 10](index.md) -## [Administrative Tools in Windows 10](administrative-tools-in-windows-10.md) -### [Use Quick Assist to help users](quick-assist.md) -## [Create mandatory user profiles](mandatory-user-profile.md) -## [Connect to remote Azure Active Directory-joined PC](connect-to-remote-aadj-pc.md) -## [Join Windows 10 Mobile to Azure Active Directory](join-windows-10-mobile-to-azure-active-directory.md) -## [New policies for Windows 10](new-policies-for-windows-10.md) -## [Windows 10 default media removal policy](change-default-removal-policy-external-storage-media.md) -## [Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education](group-policies-for-enterprise-and-education-editions.md) -## [Manage the Settings app with Group Policy](manage-settings-app-with-group-policy.md) -## [What version of Windows am I running](windows-version-search.md) -## [Reset a Windows 10 Mobile device](reset-a-windows-10-mobile-device.md) -## [Transitioning to modern management](manage-windows-10-in-your-organization-modern-management.md) -## [Windows 10 Mobile deployment and management guide](windows-10-mobile-and-mdm.md) -## [Windows libraries](windows-libraries.md) -## [Troubleshoot Windows 10 clients](windows-10-support-solutions.md) -### [Advanced troubleshooting for Windows networking](troubleshoot-networking.md) -#### [Advanced troubleshooting Wireless network connectivity](advanced-troubleshooting-wireless-network-connectivity.md) -#### [Advanced troubleshooting 802.1X authentication](advanced-troubleshooting-802-authentication.md) -##### [Data collection for troubleshooting 802.1X authentication](data-collection-for-802-authentication.md) -#### [Advanced troubleshooting for TCP/IP](troubleshoot-tcpip.md) -##### [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md) -##### [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md) -##### [Troubleshoot port exhaustion](troubleshoot-tcpip-port-exhaust.md) -##### [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md) -### [Advanced troubleshooting for Windows startup](troubleshoot-windows-startup.md) -#### [How to determine the appropriate page file size for 64-bit versions of Windows](determine-appropriate-page-file-size.md) -#### [Generate a kernel or complete crash dump](generate-kernel-or-complete-crash-dump.md) -#### [Introduction to the page file](introduction-page-file.md) -#### [Configure system failure and recovery options in Windows](system-failure-recovery-options.md) -#### [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md) -#### [Advanced troubleshooting for Windows-based computer freeze](troubleshoot-windows-freeze.md) -#### [Advanced troubleshooting for stop error or blue screen error](troubleshoot-stop-errors.md) -#### [Advanced troubleshooting for stop error 7B or Inaccessible_Boot_Device](troubleshoot-inaccessible-boot-device.md) -#### [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md) -#### [Stop error occurs when you update the in-box Broadcom network adapter driver](troubleshoot-stop-error-on-broadcom-driver-update.md) -## [Mobile device management for solution providers](mdm/index.md) -## [Change history for Client management](change-history-for-client-management.md) diff --git a/windows/client-management/TOC.yml b/windows/client-management/TOC.yml new file mode 100644 index 0000000000..78c6932e8f --- /dev/null +++ b/windows/client-management/TOC.yml @@ -0,0 +1,83 @@ +- name: Manage clients in Windows 10 + href: index.md + items: + - name: Administrative Tools in Windows 10 + href: administrative-tools-in-windows-10.md + items: + - name: Use Quick Assist to help users + href: quick-assist.md + - name: Create mandatory user profiles + href: mandatory-user-profile.md + - name: Connect to remote Azure Active Directory-joined PC + href: connect-to-remote-aadj-pc.md + - name: Join Windows 10 Mobile to Azure Active Directory + href: join-windows-10-mobile-to-azure-active-directory.md + - name: New policies for Windows 10 + href: new-policies-for-windows-10.md + - name: Windows 10 default media removal policy + href: change-default-removal-policy-external-storage-media.md + - name: Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education + href: group-policies-for-enterprise-and-education-editions.md + - name: Manage the Settings app with Group Policy + href: manage-settings-app-with-group-policy.md + - name: What version of Windows am I running + href: windows-version-search.md + - name: Reset a Windows 10 Mobile device + href: reset-a-windows-10-mobile-device.md + - name: Transitioning to modern management + href: manage-windows-10-in-your-organization-modern-management.md + - name: Windows 10 Mobile deployment and management guide + href: windows-10-mobile-and-mdm.md + - name: Windows libraries + href: windows-libraries.md + - name: Troubleshoot Windows 10 clients + href: windows-10-support-solutions.md + items: + - name: Advanced troubleshooting for Windows networking + href: troubleshoot-networking.md + items: + - name: Advanced troubleshooting Wireless network connectivity + href: advanced-troubleshooting-wireless-network-connectivity.md + - name: Advanced troubleshooting 802.1X authentication + href: advanced-troubleshooting-802-authentication.md + items: + - name: Data collection for troubleshooting 802.1X authentication + href: data-collection-for-802-authentication.md + - name: Advanced troubleshooting for TCP/IP + href: troubleshoot-tcpip.md + items: + - name: Collect data using Network Monitor + href: troubleshoot-tcpip-netmon.md + - name: Troubleshoot TCP/IP connectivity + href: troubleshoot-tcpip-connectivity.md + - name: Troubleshoot port exhaustion + href: troubleshoot-tcpip-port-exhaust.md + - name: Troubleshoot Remote Procedure Call (RPC) errors + href: troubleshoot-tcpip-rpc-errors.md + - name: Advanced troubleshooting for Windows startup + href: troubleshoot-windows-startup.md + items: + - name: How to determine the appropriate page file size for 64-bit versions of Windows + href: determine-appropriate-page-file-size.md + - name: Generate a kernel or complete crash dump + href: generate-kernel-or-complete-crash-dump.md + - name: Introduction to the page file + href: introduction-page-file.md + - name: Configure system failure and recovery options in Windows + href: system-failure-recovery-options.md + - name: Advanced troubleshooting for Windows boot problems + href: advanced-troubleshooting-boot-problems.md + - name: Advanced troubleshooting for Windows-based computer freeze + href: troubleshoot-windows-freeze.md + - name: Advanced troubleshooting for stop error or blue screen error + href: troubleshoot-stop-errors.md + - name: Advanced troubleshooting for stop error 7B or Inaccessible_Boot_Device + href: troubleshoot-inaccessible-boot-device.md + - name: Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first" + href: troubleshoot-event-id-41-restart.md + - name: Stop error occurs when you update the in-box Broadcom network adapter driver + href: troubleshoot-stop-error-on-broadcom-driver-update.md + - name: Mobile device management for solution providers + href: mdm/index.md + - name: Change history for Client management + href: change-history-for-client-management.md From 772d62f90f46fc47598c22bf875861c8947577a3 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 21 Apr 2021 21:48:19 -0700 Subject: [PATCH 051/156] Corrected content of ./browsers/TOC.yml to YAML --- browsers/TOC.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/browsers/TOC.yml b/browsers/TOC.yml index c77d167a67..e396fab3f5 100644 --- a/browsers/TOC.yml +++ b/browsers/TOC.yml @@ -1,3 +1,6 @@ -# Table of Contents -## [Microsoft Edge](edge/index.md) -## [Internet Explorer 11](internet-explorer/index.md) \ No newline at end of file +- name: Table of Contents + items: + - name: Microsoft Edge + href: edge/index.md + - name: Internet Explorer 11 + href: internet-explorer/index.md From 580032d82b4936f831d86785709c6f10ab7c1bdd Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Thu, 22 Apr 2021 23:18:31 +0500 Subject: [PATCH 052/156] Update in Installation Notes These updates can be delivered via Windows Updates. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6322 --- windows/deployment/update/servicing-stack-updates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index b22ca9e870..a60534ef8d 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -53,7 +53,7 @@ Typically, the improvements are reliability and performance improvements that do * Servicing stack updates contain the full servicing stack; as a result, typically administrators only need to install the latest servicing stack update for the operating system. * Installing servicing stack update does not require restarting the device, so installation should not be disruptive. * Servicing stack update releases are specific to the operating system version (build number), much like quality updates. -* Search to install latest available [Servicing stack update for Windows 10](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001). +* It can be delivered via Windows updates or search to install latest available [Servicing stack update for Windows 10](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001). * Once a servicing stack update is installed, it cannot be removed or uninstalled from the machine. ## Simplifying on-premises deployment of servicing stack updates From ae6454ac2a9d89222be2c459496d6c5fb0f238b8 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 11:29:07 -0700 Subject: [PATCH 053/156] Removed parentheses not removed by the converter --- browsers/internet-explorer/TOC.yml | 2 +- education/windows/TOC.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/browsers/internet-explorer/TOC.yml b/browsers/internet-explorer/TOC.yml index b74d5068fa..de568c9e0a 100644 --- a/browsers/internet-explorer/TOC.yml +++ b/browsers/internet-explorer/TOC.yml @@ -198,7 +198,7 @@ href: ie11-deploy-guide/out-of-date-activex-control-blocking.md items: - name: Blocked out-of-date ActiveX controls - href: ie11-deploy-guide/blocked-out-of-date-activex-controls.md) + href: ie11-deploy-guide/blocked-out-of-date-activex-controls.md - name: Deprecated document modes and Internet Explorer 11 href: ie11-deploy-guide/deprecated-document-modes.md - name: What is the Internet Explorer 11 Blocker Toolkit? diff --git a/education/windows/TOC.yml b/education/windows/TOC.yml index 1e9b64e238..6571e40f23 100644 --- a/education/windows/TOC.yml +++ b/education/windows/TOC.yml @@ -11,7 +11,7 @@ href: set-up-windows-10.md items: - name: What's new in Set up School PCs - href: set-up-school-pcs-whats-new.md) + href: set-up-school-pcs-whats-new.md - name: Technical reference for the Set up School PCs app href: set-up-school-pcs-technical.md items: From 763c40b5e8b4aa11de9914cc2b93f9433eea5229 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 11:54:32 -0700 Subject: [PATCH 054/156] Conversion to YAML: - name: Deploy Windows 10 with Microsoft Endpoint Configuration Manager items: - name: Prepare for Windows 10 deployment with Configuration Manager items: - name: Prepare for Zero Touch Installation with Configuration Manager href: prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md - name: Create a custom Windows PE boot image with Configuration Manager href: create-a-custom-windows-pe-boot-image-with-configuration-manager.md - name: Add a Windows 10 operating system image using Configuration Manager href: add-a-windows-10-operating-system-image-using-configuration-manager.md - name: Create an application to deploy with Windows 10 using Configuration Manager href: create-an-application-to-deploy-with-windows-10-using-configuration-manager.md - name: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager href: add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md - name: Create a task sequence with Configuration Manager and MDT href: create-a-task-sequence-with-configuration-manager-and-mdt.md - name: Finalize the operating system configuration for Windows 10 deployment with Configuration Manager href: finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md - name: Deploy Windows 10 with Configuration Manager items: - name: Deploy Windows 10 using PXE and Configuration Manager href: deploy-windows-10-using-pxe-and-configuration-manager.md - name: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager href: refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md - name: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager href: replace-a-windows-7-client-with-windows-10-using-configuration-manager.md - name: Perform an in-place upgrade to Windows 10 using Configuration Manager href: upgrade-to-windows-10-with-configuraton-manager.md --- windows/deployment/deploy-windows-cm/TOC.md | 15 ----------- windows/deployment/deploy-windows-cm/TOC.yml | 28 ++++++++++++++++++++ 2 files changed, 28 insertions(+), 15 deletions(-) delete mode 100644 windows/deployment/deploy-windows-cm/TOC.md create mode 100644 windows/deployment/deploy-windows-cm/TOC.yml diff --git a/windows/deployment/deploy-windows-cm/TOC.md b/windows/deployment/deploy-windows-cm/TOC.md deleted file mode 100644 index b26445c4ab..0000000000 --- a/windows/deployment/deploy-windows-cm/TOC.md +++ /dev/null @@ -1,15 +0,0 @@ -# Deploy Windows 10 with Microsoft Endpoint Configuration Manager -## Prepare for Windows 10 deployment with Configuration Manager -### [Prepare for Zero Touch Installation with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) -### [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md) -### [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md) -### [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) -### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md) -### [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md) -### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md) - -## Deploy Windows 10 with Configuration Manager -### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md) -### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) -### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) -### [Perform an in-place upgrade to Windows 10 using Configuration Manager](upgrade-to-windows-10-with-configuraton-manager.md) \ No newline at end of file diff --git a/windows/deployment/deploy-windows-cm/TOC.yml b/windows/deployment/deploy-windows-cm/TOC.yml new file mode 100644 index 0000000000..06bf59500f --- /dev/null +++ b/windows/deployment/deploy-windows-cm/TOC.yml @@ -0,0 +1,28 @@ +- name: Deploy Windows 10 with Microsoft Endpoint Configuration Manager + items: + - name: Prepare for Windows 10 deployment with Configuration Manager + items: + - name: Prepare for Zero Touch Installation with Configuration Manager + href: prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md + - name: Create a custom Windows PE boot image with Configuration Manager + href: create-a-custom-windows-pe-boot-image-with-configuration-manager.md + - name: Add a Windows 10 operating system image using Configuration Manager + href: add-a-windows-10-operating-system-image-using-configuration-manager.md + - name: Create an application to deploy with Windows 10 using Configuration Manager + href: create-an-application-to-deploy-with-windows-10-using-configuration-manager.md + - name: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager + href: add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md + - name: Create a task sequence with Configuration Manager and MDT + href: create-a-task-sequence-with-configuration-manager-and-mdt.md + - name: Finalize the operating system configuration for Windows 10 deployment with Configuration Manager + href: finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md + - name: Deploy Windows 10 with Configuration Manager + items: + - name: Deploy Windows 10 using PXE and Configuration Manager + href: deploy-windows-10-using-pxe-and-configuration-manager.md + - name: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager + href: refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md + - name: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager + href: replace-a-windows-7-client-with-windows-10-using-configuration-manager.md + - name: Perform an in-place upgrade to Windows 10 using Configuration Manager + href: upgrade-to-windows-10-with-configuraton-manager.md From 2fc9dda51b792cb49a5aeb21c6e555ee58ead501 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 11:58:17 -0700 Subject: [PATCH 055/156] Conversion to YAML: ./windows/deployment/deploy-windows-mdt/TOC.md --- windows/deployment/deploy-windows-mdt/TOC.md | 22 ---------- windows/deployment/deploy-windows-mdt/TOC.yml | 40 +++++++++++++++++++ 2 files changed, 40 insertions(+), 22 deletions(-) delete mode 100644 windows/deployment/deploy-windows-mdt/TOC.md create mode 100644 windows/deployment/deploy-windows-mdt/TOC.yml diff --git a/windows/deployment/deploy-windows-mdt/TOC.md b/windows/deployment/deploy-windows-mdt/TOC.md deleted file mode 100644 index 7f51b8ca5b..0000000000 --- a/windows/deployment/deploy-windows-mdt/TOC.md +++ /dev/null @@ -1,22 +0,0 @@ -# Deploy Windows 10 with the Microsoft Deployment Toolkit (MDT) -## [Get started with MDT](get-started-with-the-microsoft-deployment-toolkit.md) - -## Deploy Windows 10 with MDT -### [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md) -### [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) -### [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md) -### [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md) -### [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) -### [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md) -### [Perform an in-place upgrade to Windows 10 with MDT](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) - -## Customize MDT -### [Configure MDT settings](configure-mdt-settings.md) -### [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md) -### [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md) -### [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md) -### [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md) -### [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md) -### [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md) -### [Use web services in MDT](use-web-services-in-mdt.md) -### [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md) diff --git a/windows/deployment/deploy-windows-mdt/TOC.yml b/windows/deployment/deploy-windows-mdt/TOC.yml new file mode 100644 index 0000000000..51493a1083 --- /dev/null +++ b/windows/deployment/deploy-windows-mdt/TOC.yml @@ -0,0 +1,40 @@ +- name: Deploy Windows 10 with the Microsoft Deployment Toolkit (MDT) + items: + - name: Get started with MDT + href: get-started-with-the-microsoft-deployment-toolkit.md + - name: Deploy Windows 10 with MDT + items: + - name: Prepare for deployment with MDT + href: prepare-for-windows-deployment-with-mdt.md + - name: Create a Windows 10 reference image + href: create-a-windows-10-reference-image.md + - name: Deploy a Windows 10 image using MDT + href: deploy-a-windows-10-image-using-mdt.md + - name: Build a distributed environment for Windows 10 deployment + href: build-a-distributed-environment-for-windows-10-deployment.md + - name: Refresh a Windows 7 computer with Windows 10 + href: refresh-a-windows-7-computer-with-windows-10.md + - name: Replace a Windows 7 computer with a Windows 10 computer + href: replace-a-windows-7-computer-with-a-windows-10-computer.md + - name: Perform an in-place upgrade to Windows 10 with MDT + href: upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md + - name: Customize MDT + items: + - name: Configure MDT settings + href: configure-mdt-settings.md + - name: Set up MDT for BitLocker + href: set-up-mdt-for-bitlocker.md + - name: Configure MDT deployment share rules + href: configure-mdt-deployment-share-rules.md + - name: Configure MDT for UserExit scripts + href: configure-mdt-for-userexit-scripts.md + - name: Simulate a Windows 10 deployment in a test environment + href: simulate-a-windows-10-deployment-in-a-test-environment.md + - name: Use the MDT database to stage Windows 10 deployment information + href: use-the-mdt-database-to-stage-windows-10-deployment-information.md + - name: Assign applications using roles in MDT + href: assign-applications-using-roles-in-mdt.md + - name: Use web services in MDT + href: use-web-services-in-mdt.md + - name: Use Orchestrator runbooks with MDT + href: use-orchestrator-runbooks-with-mdt.md From 7cc89e4a49eed7339710895235b95ddf597afc62 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Thu, 22 Apr 2021 12:45:13 -0700 Subject: [PATCH 056/156] Update windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-how-it-works-authentication.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index eb1d1585c6..411edf3dbe 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -64,7 +64,8 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |B | The Kerberos provider sends the signed pre-authentication data and user's certificate, which includes the public key, to the Key Distribution Center (KDC) service running on the domain controller in the form of a KERB_AS_REQ.
The domain controller determines the certificate is not self-signed certificate. The domain controller ensures the certificate chains to trusted root certificate, is within its validity period, can be used for authentication, and has not been revoked. It retrieves the public key and UPN from the certificate included in the KERB_AS_REQ and searches for the UPN in Active Directory. It validates the signed pre-authentication data using the public key from the certificate. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| -!Note: You may have on-prem domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on. Any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT. as well as Authenticate against your DC (if LOS to DC available) to get kerberos as mentioned above. ADFS federation used only when Enterprise PRT calls are placed from client. you need to have device write back enabled to get "Enterprise PRT" from your federation. +> [!NOTE] +> You may have on-premises domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on, any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT, as well as Authenticate against your DC (if LOS to DC available) to get Kerberos as mentioned above. ADFS federation used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation. From 9a9413f449f0500fb911b5f223c1f1e42fe397fd Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Thu, 22 Apr 2021 12:45:19 -0700 Subject: [PATCH 057/156] Update windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-how-it-works-authentication.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 411edf3dbe..cb941338ef 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -68,7 +68,6 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c > You may have on-premises domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on, any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT, as well as Authenticate against your DC (if LOS to DC available) to get Kerberos as mentioned above. ADFS federation used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation. - ## Hybrid Azure AD join authentication using a Key ![Hybrid Azure AD join authentication using a Key](images/howitworks/auth-haadj-keytrust.png) From 0f716c0357e267c18c504cc5021694f9a2a058a1 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Thu, 22 Apr 2021 12:45:45 -0700 Subject: [PATCH 058/156] Update windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-how-it-works-authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index cb941338ef..d0647fff25 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -52,7 +52,7 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| > [!NOTE] -> You may have on-premises domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on the AADJ device. Any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT, as well as it trigger authenticate against your DC (if LOS to DC available) to get Kerberos. It no longer uses ADFS to authenticate for WHFB sign-ins. +> You might have an on-premises domain federated with Azure AD. Once you have successfully provisioned WHFB PIN/Bio on the AADJ device, any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT and trigger authenticate against your DC (if LOS to DC is available) to get Kerberos. It no longer uses ADFS to authenticate for WHFB sign-ins. ## Azure AD join authentication to Active Directory using a Certificate From e148e26c17dea68b71c6851848979d4f1d3cf079 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 12:59:04 -0700 Subject: [PATCH 059/156] Convert to YAML: ./windows/deployment/windows-autopilot/TOC.md --- windows/deployment/windows-autopilot/TOC.md | 2 -- windows/deployment/windows-autopilot/TOC.yml | 5 +++++ 2 files changed, 5 insertions(+), 2 deletions(-) delete mode 100644 windows/deployment/windows-autopilot/TOC.md create mode 100644 windows/deployment/windows-autopilot/TOC.yml diff --git a/windows/deployment/windows-autopilot/TOC.md b/windows/deployment/windows-autopilot/TOC.md deleted file mode 100644 index b2e8164e4c..0000000000 --- a/windows/deployment/windows-autopilot/TOC.md +++ /dev/null @@ -1,2 +0,0 @@ -# [Windows Autopilot deployment](index.yml) -## [Get started](demonstrate-deployment-on-vm.md) \ No newline at end of file diff --git a/windows/deployment/windows-autopilot/TOC.yml b/windows/deployment/windows-autopilot/TOC.yml new file mode 100644 index 0000000000..0881334396 --- /dev/null +++ b/windows/deployment/windows-autopilot/TOC.yml @@ -0,0 +1,5 @@ +- name: Windows Autopilot deployment + href: index.yml + items: + - name: Get started + href: demonstrate-deployment-on-vm.md From ab3e4157c89816252525755e3e238398c867c92f Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Thu, 22 Apr 2021 14:21:28 -0700 Subject: [PATCH 060/156] Update merge-windows-defender-application-control-policies.md --- ...s-defender-application-control-policies.md | 96 ++++++++++++------- 1 file changed, 64 insertions(+), 32 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md index 96244edf81..5248efd512 100644 --- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md @@ -1,58 +1,90 @@ --- -title: Merge Windows Defender Application Control policies (Windows 10) -description: Because each computer running Windows 10 can have only one WDAC policy, you will occasionally need to merge two or more policies. Learn how with this guide. +title: Merge Windows Defender Application Control policies (WDAC) (Windows 10) +description: Learn how to merge WDAC policies as part of your policy lifecycle management. keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 -ms.reviewer: isbrahm -ms.author: dansimp +ms.reviewer: jogeurte +ms.author: jogeurte +ms.manager: jsuther manager: dansimp -ms.date: 05/03/2018 +ms.date: 04/22/2021 ms.technology: mde +ms.topic: article +ms.localizationpriority: medium --- -# Merge Windows Defender Application Control policies +# Merge Windows Defender Application Control (WDAC) policies **Applies to:** -- Windows 10 -- Windows Server 2016 +- Windows 10 +- Windows Server 2016 and above -Because each computer running Windows 10 can have only one WDAC policy, you will occasionally need to merge two or more policies. For example, after a WDAC policy is created and audited, you might want to merge audit events from another WDAC policy. +This article shows how to merge multiple policy XML files together and how to merge rules directly into a policy. WDAC deployments often include a few base policies and optional supplemental policies for specific use cases. > [!NOTE] -> Because only one SiPolicy.p7b file can be active on a system, the last management authority to write the policy wins. If there was already a policy deployed by using Group Policy and then a managed installer using Microsoft Endpoint Configuration Manager targeted the same device, the Configuration Manager policy would overwrite the SiPolicy.p7b file. +> Prior to Windows version 1903, including Windows Server 2019 and earlier, only one WDAC policy can be active on a system at a time. If you need to use WDAC on systems running these earlier versions of Windows, you must merge all policies before deploying. -To merge two WDAC policies, complete the following steps in an elevated Windows PowerShell session: +## Merge multiple WDAC policy XML files together + +There are many scenarios where you may want to merge two or more policy files together. For example, if you [use audit events to create WDAC policy rules](audit-windows-defender-application-control-policies.md), you can merge those rules with your existing WDAC base policy. To merge the two WDAC policies referenced in that article, complete the following steps in an elevated Windows PowerShell session. 1. Initialize the variables that will be used: - `$CIPolicyPath=$env:userprofile+"\Desktop\"` - - `$InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"` - - `$AuditCIPolicy=$CIPolicyPath+"DeviceGuardAuditPolicy.xml"` - - `$MergedCIPolicy=$CIPolicyPath+"MergedPolicy.xml"` - - `$CIPolicyBin=$CIPolicyPath+"NewDeviceGuardPolicy.bin"` - - > [!NOTE] - > The variables in this section specifically expect to find an initial policy on your desktop called **InitialScan.xml** and an audit WDAC policy called **DeviceGuardAuditPolicy.xml**. If you want to merge other WDAC policies, update the variables accordingly. + ```powershell + $PolicyName= "Lamna_FullyManagedClients_Audit" + $LamnaPolicy=$env:userprofile+"\Desktop\"+$PolicyName+".xml" + $EventsPolicy=$env:userprofile+"\Desktop\EventsPolicy.xml" + $MergedPolicy=$env:userprofile+"\Desktop\"+$PolicyName+"_Merged.xml" + ``` 2. Use [Merge-CIPolicy](/powershell/module/configci/merge-cipolicy) to merge two policies and create a new WDAC policy: - `Merge-CIPolicy -PolicyPaths $InitialCIPolicy,$AuditCIPolicy -OutputFilePath $MergedCIPolicy` + ```powershell + Merge-CIPolicy -PolicyPaths $LamnaPolicy,$EventsPolicy -OutputFilePath $MergedPolicy + ``` -3. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the merged WDAC policy to binary format: + > [!NOTE] + > You can merge additional policies with the Merge-CIPolicy step above by adding them to the -PolicyPaths parameter separated by commas. The new policy file specified by -OutputFilePath will have the Policy information from the first policy in the list. For example, in the above example, the $MergedPolicy will inherit the policy type, ID, name, and version information from $LamnaPolicy. To change any of those values, use [Set-CIPolicyIdInfo](/powershell/module/configci/set-cipolicyidinfo) and [Set-CIPolicyVersion](/powershell/module/configci/set-cipolicyversion). - `ConvertFrom-CIPolicy $MergedCIPolicy $CIPolicyBin` +## Merge WDAC rules directly into a policy XML -Now that you have created a new WDAC policy, you can deploy the policy binary to systems manually or by using Group Policy or Microsoft client management solutions. For information about how to deploy this new policy with Group Policy, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md). \ No newline at end of file +Besides merging multiple policy XML files, you can also merge rules created with the New-CIPolicyRule cmdlet directly into an existing WDAC policy XML file. Directly merging rules is a convenient way to update your policy without creating extra policy XML files. For example, to add rules that allow the WDAC Wizard and the WDAC RefreshPolicy.exe tool, follow these steps: + +1. Install the [WDAC Wizard](wdac-wizard.md) packaged MSIX app. +2. Download the [Refresh Policy tool](https://aka.ms/refreshpolicy) for your processor architecture and save it to your desktop as RefreshPolicy.exe. +3. From a PowerShell session, run the following commands to create packaged app allow rules for the WDAC Wizard: + + ```powershell + $PackageInfo = Get-AppxPackage -Name Microsoft.WDAC.WDACWizard + $Rules = New-CIPolicyRule -Package $PackageInfo + ``` + +4. Add FilePublisher rules for the RefreshPolicy.exe: + + ```powershell + $Rules += New-CIPolicyRule -DriverFilePath $env:USERPROFILE\Desktop\RefreshPolicy.exe -Level FilePublisher + ``` + +5. Use [Merge-CIPolicy](/powershell/module/configci/merge-cipolicy) to merge the new rules directly into the MergedPolicy file created in the previous procedure's final step: + + ```powershell + Merge-CIPolicy -PolicyPaths $MergedPolicy -OutputFilePath $MergedPolicy -Rules $Rules + ``` + +## Convert and deploy merged policy to managed endpoints + +Now that you have your new, merged policy, you can convert and deploy the policy binary to your managed endpoints. + +1. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the WDAC policy to a binary format: + + ```powershell + $WDACPolicyBin=$env:userprofile+"\Desktop\"+$PolicyName+"_{InsertPolicyID}.bin" + ConvertFrom-CIPolicy -XMLFilePath $MergedPolicy -BinaryFilePath $WDACPolicyBin + ``` + + > [!NOTE] + > In the sample commands above, for policies targeting Windows 10 version 1903+, replace the string "{InsertPolicyID}" with the actual PolicyID GUID (including braces **{ }**) found in your policy XML file. For Windows 10 versions prior to 1903, use the name SiPolicy.p7b for the binary file name. From e3888d913f8d1894bad4181f710bbd4171c99477 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 14:54:56 -0700 Subject: [PATCH 061/156] Corrections to layout --- ...device-automatically-using-group-policy.md | 30 +++++++++++++++---- 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 45373ce3f7..622d2739af 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -84,9 +84,13 @@ The following steps demonstrate required settings using the Intune service: You may contact your domain administrators to verify if the group policy has been deployed successfully. 8. Verify that the device is not enrolled with the old Intune client used on the Intune Silverlight Portal (this is the Intune portal used before the Azure portal). + 9. Verify that Azure AD allows the logon user to enroll devices. + ![Azure AD device settings](images/auto-enrollment-azure-ad-device-settings.png) + 10. Verify that Microsoft Intune should allow enrollment of Windows devices. + ![Enrollment of Windows devices](images/auto-enrollment-enrollment-of-windows-devices.png) ## Configure the auto-enrollment Group Policy for a single PC @@ -108,18 +112,21 @@ Requirements: 3. In **Local Computer Policy**, click **Administrative Templates** > **Windows Components** > **MDM**. - ![MDM policies](images/autoenrollment-mdm-policies.png) + > [!div class="mx-imgBorder"] + > ![MDM policies](images/autoenrollment-mdm-policies.png) 4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** as the Selected Credential Type to use. > [!NOTE] > **Device Credential** Credential Type may work, however, it is not yet supported by Intune. We don't recommend using this option until it's supported. + ![MDM autoenrollment policy](images/autoenrollment-policy.png) 5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**. > [!NOTE] > In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. + > > The default behavior for older releases is to revert to **User Credential**. > **Device Credential** is not supported for enrollment type when you have a ConfigMgr Agent on your device. @@ -158,7 +165,10 @@ Requirements: To see the result of the task, move the scroll bar to the right to see the **Last Run Result**. Note that **0x80180026** is a failure message (MENROLL\_E_DEVICE\_MANAGEMENT_BLOCKED). You can see the logs in the **History** tab. - If the device enrollment is blocked, your IT admin may have enabled the **Disable MDM Enrollment** policy. Note that the GPEdit console does not reflect the status of policies set by your IT admin on your device. It is only used by the user to set policies. + If the device enrollment is blocked, your IT admin may have enabled the **Disable MDM Enrollment** policy. + + > [!NOTE] + > The GPEdit console does not reflect the status of policies set by your IT admin on your device. It is only used by the user to set policies. ## Configure the auto-enrollment for a group of devices @@ -231,16 +241,22 @@ To collect Event Viewer logs: > For guidance on how to collect event logs for Intune, see [Collect MDM Event Viewer Log YouTube video](https://www.youtube.com/watch?v=U_oCe2RmQEc). 3. Search for event ID 75, which represents a successful auto-enrollment. Here is an example screenshot that shows the auto-enrollment completed successfully: + ![Event ID 75](images/auto-enrollment-troubleshooting-event-id-75.png) If you cannot find event ID 75 in the logs, it indicates that the auto-enrollment failed. This can happen because of the following reasons: + - The enrollment failed with error. In this case, search for event ID 76, which represents failed auto-enrollment. Here is an example screenshot that shows that the auto-enrollment failed: - ![Event ID 76](images/auto-enrollment-troubleshooting-event-id-76.png) - To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](https://support.microsoft.com/en-ph/help/4469913/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for more information. + + ![Event ID 76](images/auto-enrollment-troubleshooting-event-id-76.png) + + To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](https://support.microsoft.com/en-ph/help/4469913/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for more information. + - The auto-enrollment did not trigger at all. In this case, you will not find either event ID 75 or event ID 76. To know the reason, you must understand the internal mechanisms happening on the device as described in the following section. - The auto-enrollment process is triggered by a task (**Microsoft > Windows > EnterpriseMgmt**) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (**Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is successfully deployed to the target machine as shown in the following screenshot: - ![Task scheduler](images/auto-enrollment-task-scheduler.png) + The auto-enrollment process is triggered by a task (**Microsoft > Windows > EnterpriseMgmt**) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (**Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is successfully deployed to the target machine as shown in the following screenshot: + + ![Task scheduler](images/auto-enrollment-task-scheduler.png) > [!Note] > This task isn't visible to standard users - run Scheduled Tasks with administrative credentials to find the task. @@ -252,6 +268,7 @@ To collect Event Viewer logs: ![Event ID 107](images/auto-enrollment-event-id-107.png) When the task is completed, a new event ID 102 is logged. + ![Event ID 102](images/auto-enrollment-event-id-102.png) Note that the task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It does not indicate the success or failure of auto-enrollment. @@ -262,6 +279,7 @@ To collect Event Viewer logs: ![Outdated enrollment entries](images/auto-enrollment-outdated-enrollment-entries.png) By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational** event log file under event ID 7016. + A resolution to this issue is to remove the registry key manually. If you do not know which registry key to remove, go for the key which displays most entries as the screenshot above. All other keys will display fewer entries as shown in the following screenshot: ![Manually deleted entries](images/auto-enrollment-activation-verification-less-entries.png) From 612bee84d0c1ae81fcc74b115da94f40fc080355 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Thu, 22 Apr 2021 15:12:27 -0700 Subject: [PATCH 062/156] Update merge-windows-defender-application-control-policies.md --- .../merge-windows-defender-application-control-policies.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md index 5248efd512..a3a2084a23 100644 --- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md @@ -88,3 +88,7 @@ Now that you have your new, merged policy, you can convert and deploy the policy > [!NOTE] > In the sample commands above, for policies targeting Windows 10 version 1903+, replace the string "{InsertPolicyID}" with the actual PolicyID GUID (including braces **{ }**) found in your policy XML file. For Windows 10 versions prior to 1903, use the name SiPolicy.p7b for the binary file name. + +2. Upload your merged policy XML and the associated binary to the source control solution you are using for your WDAC policies. such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration). + +3. Deploy the merged policy using your preferred deployment solution. See [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md) From cc0f91a2a416bfaed0965f16c642fd28b7c2b260 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Thu, 22 Apr 2021 16:13:31 -0700 Subject: [PATCH 063/156] Update enforce-windows-defender-application-control-policies.md --- ...s-defender-application-control-policies.md | 33 ++++++++++--------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md index cb4a9eb73b..35566da77d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md @@ -1,34 +1,37 @@ --- title: Enforce Windows Defender Application Control (WDAC) policies (Windows 10) -description: Learn how to test a Windows Defender Application Control (WDAC) policy in enforced mode by following these steps in an elevated Windows PowerShell session. +description: Learn how to switch a WDAC policy from audit to enforced mode. keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 -ms.reviewer: isbrahm -ms.author: dansimp +ms.reviewer: jogeurte +ms.author: jogeurte +ms.manager: jsuther manager: dansimp -ms.date: 05/03/2018 +ms.date: 04/22/2021 ms.technology: mde +ms.topic: article +ms.localizationpriority: medium --- -# Enforce Windows Defender Application Control policies +# Enforce Windows Defender Application Control (WDAC) policies **Applies to:** -- Windows 10 -- Windows Server 2016 +- Windows 10 +- Windows Server 2016 and above -Every WDAC policy is created with audit mode enabled. After you have successfully deployed and tested a WDAC policy in audit mode and are ready to test the policy in enforced mode, complete the following steps in an elevated Windows PowerShell session: +You should now have one or more WDAC policies broadly deployed in audit mode. You have analyzed events collected from the devices with those policies and you are ready to proceed to enforcement. Use this procedure to prepare and deploy your WDAC policy in enforcement mode. -> [!NOTE] -> Every WDAC policy should be tested in audit mode first. For information about how to audit WDAC policies, see [Audit Windows Defender Application Control policies](audit-windows-defender-application-control-policies.md), earlier in this topic. +## Convert WDAC policy from audit to enforced + +As described in [common WDAC deployment scenarios](types-of-devices.md), we will use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. + +**Alice Pena** is the IT team lead tasked with the rollout of WDAC. + +Alice previously created and deployed a policy for the organization's [fully-managed devices](create-wdac-policy-for-fully-managed-devices.md). She updated the policy based on audit event data as described in [Use audit events to create WDAC policy rules](audit-windows-defender-application-control-policies.md) and re-deployed it. All remaining audit events appear to be expected and Alice is ready to switch to enforcement mode. 1. Initialize the variables that will be used: From 91a67fb2792f5444797b789f30378987f2a36c13 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 21:04:23 -0700 Subject: [PATCH 064/156] Conversion to YAML: ./windows/security/TOC.md --- windows/security/TOC.md | 6 ------ windows/security/TOC.yml | 9 +++++++++ 2 files changed, 9 insertions(+), 6 deletions(-) delete mode 100644 windows/security/TOC.md create mode 100644 windows/security/TOC.yml diff --git a/windows/security/TOC.md b/windows/security/TOC.md deleted file mode 100644 index 6ac5b43506..0000000000 --- a/windows/security/TOC.md +++ /dev/null @@ -1,6 +0,0 @@ -# [Security](index.yml) -## [Identity and access management](identity-protection/index.md) -## [Information protection](information-protection/index.md) -## [Threat protection](threat-protection/index.md) - - diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml new file mode 100644 index 0000000000..70e61e303f --- /dev/null +++ b/windows/security/TOC.yml @@ -0,0 +1,9 @@ +- name: Security + href: index.yml + items: + - name: Identity and access management + href: identity-protection/index.md + - name: Information protection + href: information-protection/index.md + - name: Threat protection + href: threat-protection/index.md From f65b928c068af1f2b3f0715c103c70d3998acdb1 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 21:07:34 -0700 Subject: [PATCH 065/156] Conversion to YAML: ./windows/security/threat-protection/intelligence/TOC.md --- .../threat-protection/intelligence/TOC.md | 55 ----------------- .../threat-protection/intelligence/TOC.yml | 60 +++++++++++++++++++ 2 files changed, 60 insertions(+), 55 deletions(-) delete mode 100644 windows/security/threat-protection/intelligence/TOC.md create mode 100644 windows/security/threat-protection/intelligence/TOC.yml diff --git a/windows/security/threat-protection/intelligence/TOC.md b/windows/security/threat-protection/intelligence/TOC.md deleted file mode 100644 index 9919f7d8d2..0000000000 --- a/windows/security/threat-protection/intelligence/TOC.md +++ /dev/null @@ -1,55 +0,0 @@ -# [Security intelligence](index.md) - -## [Understand malware & other threats](understanding-malware.md) - -### [Coin miners](coinminer-malware.md) - -### [Exploits and exploit kits](exploits-malware.md) - -### [Fileless threats](fileless-threats.md) - -### [Macro malware](macro-malware.md) - -### [Phishing attacks](phishing.md) - -#### [Phishing trends and techniques](phishing-trends.md) - -### [Ransomware](ransomware-malware.md) - -### [Rootkits](rootkits-malware.md) - -### [Supply chain attacks](supply-chain-malware.md) - -### [Tech support scams](support-scams.md) - -### [Trojans](trojans-malware.md) - -### [Unwanted software](unwanted-software.md) - -### [Worms](worms-malware.md) - -## [Prevent malware infection](prevent-malware-infection.md) - -## [Malware naming convention](malware-naming.md) - -## [How Microsoft identifies malware and PUA](criteria.md) - -## [Submit files for analysis](submission-guide.md) - -## [Troubleshoot malware submission](portal-submission-troubleshooting.md) - -## [Safety Scanner download](safety-scanner-download.md) - -## [Industry collaboration programs](cybersecurity-industry-partners.md) - -### [Virus information alliance](virus-information-alliance-criteria.md) - -### [Microsoft virus initiative](virus-initiative-criteria.md) - -### [Coordinated malware eradication](coordinated-malware-eradication.md) - -## [Information for developers]() - -### [Software developer FAQ](developer-faq.md) - -### [Software developer resources](developer-resources.md) diff --git a/windows/security/threat-protection/intelligence/TOC.yml b/windows/security/threat-protection/intelligence/TOC.yml new file mode 100644 index 0000000000..6c1f372f77 --- /dev/null +++ b/windows/security/threat-protection/intelligence/TOC.yml @@ -0,0 +1,60 @@ +- name: Security intelligence + href: index.md + items: + - name: Understand malware & other threats + href: understanding-malware.md + items: + - name: Coin miners + href: coinminer-malware.md + - name: Exploits and exploit kits + href: exploits-malware.md + - name: Fileless threats + href: fileless-threats.md + - name: Macro malware + href: macro-malware.md + - name: Phishing attacks + href: phishing.md + items: + - name: Phishing trends and techniques + href: phishing-trends.md + - name: Ransomware + href: ransomware-malware.md + - name: Rootkits + href: rootkits-malware.md + - name: Supply chain attacks + href: supply-chain-malware.md + - name: Tech support scams + href: support-scams.md + - name: Trojans + href: trojans-malware.md + - name: Unwanted software + href: unwanted-software.md + - name: Worms + href: worms-malware.md + - name: Prevent malware infection + href: prevent-malware-infection.md + - name: Malware naming convention + href: malware-naming.md + - name: How Microsoft identifies malware and PUA + href: criteria.md + - name: Submit files for analysis + href: submission-guide.md + - name: Troubleshoot malware submission + href: portal-submission-troubleshooting.md + - name: Safety Scanner download + href: safety-scanner-download.md + - name: Industry collaboration programs + href: cybersecurity-industry-partners.md + items: + - name: Virus information alliance + href: virus-information-alliance-criteria.md + - name: Microsoft virus initiative + href: virus-initiative-criteria.md + - name: Coordinated malware eradication + href: coordinated-malware-eradication.md + - name: Information for developers + items: + - name: Software developer FAQ + href: developer-faq.md + - name: Software developer resources + href: developer-resources.md From d922777eb787a425bdc05325acbd6ac0ad7a31dc Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 21:10:11 -0700 Subject: [PATCH 066/156] Conversion to YAML: ./windows/security/threat-protection/microsoft-defender-application-guard/TOC.md --- .../microsoft-defender-application-guard/TOC.md | 8 -------- .../microsoft-defender-application-guard/TOC.yml | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 8 deletions(-) delete mode 100644 windows/security/threat-protection/microsoft-defender-application-guard/TOC.md create mode 100644 windows/security/threat-protection/microsoft-defender-application-guard/TOC.yml diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/TOC.md b/windows/security/threat-protection/microsoft-defender-application-guard/TOC.md deleted file mode 100644 index 52b3bb034e..0000000000 --- a/windows/security/threat-protection/microsoft-defender-application-guard/TOC.md +++ /dev/null @@ -1,8 +0,0 @@ -# [Microsoft Defender Application Guard](md-app-guard-overview.md) - -## [System requirements](reqs-md-app-guard.md) -## [Install WDAG](install-md-app-guard.md) -## [Configure WDAG policies](configure-md-app-guard.md) -## [Test scenarios](test-scenarios-md-app-guard.md) -## [Microsoft Defender Application Guard Extension](md-app-guard-browser-extension.md) -## [FAQ](faq-md-app-guard.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/TOC.yml b/windows/security/threat-protection/microsoft-defender-application-guard/TOC.yml new file mode 100644 index 0000000000..c77a91d3e5 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-application-guard/TOC.yml @@ -0,0 +1,15 @@ +- name: Microsoft Defender Application Guard + href: md-app-guard-overview.md + items: + - name: System requirements + href: reqs-md-app-guard.md + - name: Install WDAG + href: install-md-app-guard.md + - name: Configure WDAG policies + href: configure-md-app-guard.md + - name: Test scenarios + href: test-scenarios-md-app-guard.md + - name: Microsoft Defender Application Guard Extension + href: md-app-guard-browser-extension.md + - name: FAQ + href: faq-md-app-guard.md From 0d3e545f4935f06e5efe5351f6d4b017ea4755ac Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 21:12:55 -0700 Subject: [PATCH 067/156] Conversion to YAML: ./windows/security/threat-protection/windows-defender-application-control/TOC.md --- .../TOC.md | 140 --------- .../TOC.yml | 296 ++++++++++++++++++ 2 files changed, 296 insertions(+), 140 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-application-control/TOC.md create mode 100644 windows/security/threat-protection/windows-defender-application-control/TOC.yml diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md deleted file mode 100644 index d6145473d3..0000000000 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.md +++ /dev/null @@ -1,140 +0,0 @@ -# [Application Control for Windows](windows-defender-application-control.md) -## [WDAC and AppLocker Overview](wdac-and-applocker-overview.md) -### [WDAC and AppLocker Feature Availability](feature-availability.md) -### [Virtualization-based protection of code integrity](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) - - -## [WDAC design guide](windows-defender-application-control-design-guide.md) -### [Plan for WDAC policy lifecycle management](plan-windows-defender-application-control-management.md) -### Design your WDAC policy -#### [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) -#### [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md) -##### [Allow apps installed by a managed installer](use-windows-defender-application-control-with-managed-installer.md) -##### [Configure managed installer rules](configure-wdac-managed-installer.md) -##### [Allow reputable apps with Intelligent Security Graph (ISG)](use-windows-defender-application-control-with-intelligent-security-graph.md) -##### [Allow COM object registration](allow-com-object-registration-in-windows-defender-application-control-policy.md) -##### [Use WDAC with .NET hardening](use-windows-defender-application-control-with-dynamic-code-security.md) -##### [Manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md) -##### [Use WDAC to control specific plug-ins, add-ins, and modules](use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md) -#### [Use multiple WDAC policies](deploy-multiple-windows-defender-application-control-policies.md) -### Create your WDAC policy -#### [Example WDAC base policies](example-wdac-base-policies.md) -#### [Policy creation for common WDAC usage scenarios](types-of-devices.md) -##### [Create a WDAC policy for lightly-managed devices](create-wdac-policy-for-lightly-managed-devices.md) -##### [Create a WDAC policy for fully-managed devices](create-wdac-policy-for-fully-managed-devices.md) -##### [Create a WDAC policy for fixed-workload devices](create-initial-default-policy.md) -##### [Microsoft recommended block rules](microsoft-recommended-block-rules.md) -##### [Microsoft recommended driver block rules](microsoft-recommended-driver-block-rules.md) -#### [Use the WDAC Wizard tool](wdac-wizard.md) -##### [Create a base WDAC policy with the Wizard](wdac-wizard-create-base-policy.md) -##### [Create a supplemental WDAC policy with the Wizard](wdac-wizard-create-supplemental-policy.md) -##### [Editing a WDAC policy with the Wizard](wdac-wizard-editing-policy.md) -##### [Merging multiple WDAC policies with the Wizard](wdac-wizard-merging-policies.md) - -## [WDAC deployment guide](windows-defender-application-control-deployment-guide.md) -### [Deploy WDAC policies with MDM](deploy-windows-defender-application-control-policies-using-intune.md) -### [Deploy WDAC policies with MEMCM](deployment/deploy-wdac-policies-with-memcm.md) -### [Deploy WDAC policies with script](deployment/deploy-wdac-policies-with-script.md) -### [Deploy WDAC policies with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md) -### [Audit WDAC policies](audit-windows-defender-application-control-policies.md) -### [Merge WDAC policies](merge-windows-defender-application-control-policies.md) -### [Enforce WDAC policies](enforce-windows-defender-application-control-policies.md) -### [Use code signing to simplify application control for classic Windows applications](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md) -#### [Optional: Use the WDAC Signing Portal in the Microsoft Store for Business](use-device-guard-signing-portal-in-microsoft-store-for-business.md) -#### [Optional: Create a code signing cert for WDAC](create-code-signing-cert-for-windows-defender-application-control.md) -#### [Deploy catalog files to support WDAC](deploy-catalog-files-to-support-windows-defender-application-control.md) -### [Use signed policies to protect Windows Defender Application Control against tampering](use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md) -### [Disable WDAC policies](disable-windows-defender-application-control-policies.md) -### [LOB Win32 Apps on S Mode](LOB-win32-apps-on-s.md) - -## [Windows Defender Application Control operational guide](windows-defender-application-control-operational-guide.md) -### [Understanding Application Control event IDs](event-id-explanations.md) -### [Understanding Application Control event tags](event-tag-explanations.md) -### [Query WDAC events with Advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) -### [Known Issues](operations/known-issues.md) - -## [AppLocker](applocker\applocker-overview.md) -### [Administer AppLocker](applocker\administer-applocker.md) -#### [Maintain AppLocker policies](applocker\maintain-applocker-policies.md) -#### [Edit an AppLocker policy](applocker\edit-an-applocker-policy.md) -#### [Test and update an AppLocker policy](applocker\test-and-update-an-applocker-policy.md) -#### [Deploy AppLocker policies by using the enforce rules setting](applocker\deploy-applocker-policies-by-using-the-enforce-rules-setting.md) -#### [Use the AppLocker Windows PowerShell cmdlets](applocker\use-the-applocker-windows-powershell-cmdlets.md) -#### [Use AppLocker and Software Restriction Policies in the same domain](applocker\use-applocker-and-software-restriction-policies-in-the-same-domain.md) -#### [Optimize AppLocker performance](applocker\optimize-applocker-performance.md) -#### [Monitor app usage with AppLocker](applocker\monitor-application-usage-with-applocker.md) -#### [Manage packaged apps with AppLocker](applocker\manage-packaged-apps-with-applocker.md) -#### [Working with AppLocker rules](applocker\working-with-applocker-rules.md) -##### [Create a rule that uses a file hash condition](applocker\create-a-rule-that-uses-a-file-hash-condition.md) -##### [Create a rule that uses a path condition](applocker\create-a-rule-that-uses-a-path-condition.md) -##### [Create a rule that uses a publisher condition](applocker\create-a-rule-that-uses-a-publisher-condition.md) -##### [Create AppLocker default rules](applocker\create-applocker-default-rules.md) -##### [Add exceptions for an AppLocker rule](applocker\configure-exceptions-for-an-applocker-rule.md) -##### [Create a rule for packaged apps](applocker\create-a-rule-for-packaged-apps.md) -##### [Delete an AppLocker rule](applocker\delete-an-applocker-rule.md) -##### [Edit AppLocker rules](applocker\edit-applocker-rules.md) -##### [Enable the DLL rule collection](applocker\enable-the-dll-rule-collection.md) -##### [Enforce AppLocker rules](applocker\enforce-applocker-rules.md) -##### [Run the Automatically Generate Rules wizard](applocker\run-the-automatically-generate-rules-wizard.md) -#### [Working with AppLocker policies](applocker\working-with-applocker-policies.md) -##### [Configure the Application Identity service](applocker\configure-the-application-identity-service.md) -##### [Configure an AppLocker policy for audit only](applocker\configure-an-applocker-policy-for-audit-only.md) -##### [Configure an AppLocker policy for enforce rules](applocker\configure-an-applocker-policy-for-enforce-rules.md) -##### [Display a custom URL message when users try to run a blocked app](applocker\display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md) -##### [Export an AppLocker policy from a GPO](applocker\export-an-applocker-policy-from-a-gpo.md) -##### [Export an AppLocker policy to an XML file](applocker\export-an-applocker-policy-to-an-xml-file.md) -##### [Import an AppLocker policy from another computer](applocker\import-an-applocker-policy-from-another-computer.md) -##### [Import an AppLocker policy into a GPO](applocker\import-an-applocker-policy-into-a-gpo.md) -##### [Add rules for packaged apps to existing AppLocker rule-set](applocker\add-rules-for-packaged-apps-to-existing-applocker-rule-set.md) -##### [Merge AppLocker policies by using Set-ApplockerPolicy](applocker\merge-applocker-policies-by-using-set-applockerpolicy.md) -##### [Merge AppLocker policies manually](applocker\merge-applocker-policies-manually.md) -##### [Refresh an AppLocker policy](applocker\refresh-an-applocker-policy.md) -##### [Test an AppLocker policy by using Test-AppLockerPolicy](applocker\test-an-applocker-policy-by-using-test-applockerpolicy.md) -### [AppLocker design guide](applocker\applocker-policies-design-guide.md) -#### [Understand AppLocker policy design decisions](applocker\understand-applocker-policy-design-decisions.md) -#### [Determine your application control objectives](applocker\determine-your-application-control-objectives.md) -#### [Create a list of apps deployed to each business group](applocker\create-list-of-applications-deployed-to-each-business-group.md) -##### [Document your app list](applocker\document-your-application-list.md) -#### [Select the types of rules to create](applocker\select-types-of-rules-to-create.md) -##### [Document your AppLocker rules](applocker\document-your-applocker-rules.md) -#### [Determine the Group Policy structure and rule enforcement](applocker\determine-group-policy-structure-and-rule-enforcement.md) -##### [Understand AppLocker enforcement settings](applocker\understand-applocker-enforcement-settings.md) -##### [Understand AppLocker rules and enforcement setting inheritance in Group Policy](applocker\understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md) -##### [Document the Group Policy structure and AppLocker rule enforcement](applocker\document-group-policy-structure-and-applocker-rule-enforcement.md) -#### [Plan for AppLocker policy management](applocker\plan-for-applocker-policy-management.md) -### [AppLocker deployment guide](applocker\applocker-policies-deployment-guide.md) -#### [Understand the AppLocker policy deployment process](applocker\understand-the-applocker-policy-deployment-process.md) -#### [Requirements for Deploying AppLocker Policies](applocker\requirements-for-deploying-applocker-policies.md) -#### [Use Software Restriction Policies and AppLocker policies](applocker\using-software-restriction-policies-and-applocker-policies.md) -#### [Create Your AppLocker policies](applocker\create-your-applocker-policies.md) -##### [Create Your AppLocker rules](applocker\create-your-applocker-rules.md) -#### [Deploy the AppLocker policy into production](applocker\deploy-the-applocker-policy-into-production.md) -##### [Use a reference device to create and maintain AppLocker policies](applocker\use-a-reference-computer-to-create-and-maintain-applocker-policies.md) -###### [Determine which apps are digitally signed on a reference device](applocker\determine-which-applications-are-digitally-signed-on-a-reference-computer.md) -###### [Configure the AppLocker reference device](applocker\configure-the-appLocker-reference-device.md) -### [AppLocker technical reference](applocker\applocker-technical-reference.md) -#### [What Is AppLocker?](applocker\what-is-applocker.md) -#### [Requirements to use AppLocker](applocker\requirements-to-use-applocker.md) -#### [AppLocker policy use scenarios](applocker\applocker-policy-use-scenarios.md) -#### [How AppLocker works](applocker\how-applocker-works-techref.md) -##### [Understanding AppLocker rule behavior](applocker\understanding-applocker-rule-behavior.md) -##### [Understanding AppLocker rule exceptions](applocker\understanding-applocker-rule-exceptions.md) -##### [Understanding AppLocker rule collections](applocker\understanding-applocker-rule-collections.md) -##### [Understanding AppLocker allow and deny actions on rules](applocker\understanding-applocker-allow-and-deny-actions-on-rules.md) -##### [Understanding AppLocker rule condition types](applocker\understanding-applocker-rule-condition-types.md) -###### [Understanding the publisher rule condition in AppLocker](applocker\understanding-the-publisher-rule-condition-in-applocker.md) -###### [Understanding the path rule condition in AppLocker](applocker\understanding-the-path-rule-condition-in-applocker.md) -###### [Understanding the file hash rule condition in AppLocker](applocker\understanding-the-file-hash-rule-condition-in-applocker.md) -##### [Understanding AppLocker default rules](applocker\understanding-applocker-default-rules.md) -###### [Executable rules in AppLocker](applocker\executable-rules-in-applocker.md) -###### [Windows Installer rules in AppLocker](applocker\windows-installer-rules-in-applocker.md) -###### [Script rules in AppLocker](applocker\script-rules-in-applocker.md) -###### [DLL rules in AppLocker](applocker\dll-rules-in-applocker.md) -###### [Packaged apps and packaged app installer rules in AppLocker](applocker\packaged-apps-and-packaged-app-installer-rules-in-applocker.md) -#### [AppLocker architecture and components](applocker\applocker-architecture-and-components.md) -#### [AppLocker processes and interactions](applocker\applocker-processes-and-interactions.md) -#### [AppLocker functions](applocker\applocker-functions.md) -#### [Security considerations for AppLocker](applocker\security-considerations-for-applocker.md) -#### [Tools to Use with AppLocker](applocker\tools-to-use-with-applocker.md) -##### [Using Event Viewer with AppLocker](applocker\using-event-viewer-with-applocker.md) -#### [AppLocker Settings](applocker\applocker-settings.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml new file mode 100644 index 0000000000..ba1a8198e1 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml @@ -0,0 +1,296 @@ +- name: Application Control for Windows + href: windows-defender-application-control.md + items: + - name: WDAC and AppLocker Overview + href: wdac-and-applocker-overview.md + items: + - name: WDAC and AppLocker Feature Availability + href: feature-availability.md + - name: Virtualization-based protection of code integrity + href: ../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md + - name: WDAC design guide + href: windows-defender-application-control-design-guide.md + items: + - name: Plan for WDAC policy lifecycle management + href: plan-windows-defender-application-control-management.md + - name: Design your WDAC policy + items: + - name: Understand WDAC policy design decisions + href: understand-windows-defender-application-control-policy-design-decisions.md + - name: Understand WDAC policy rules and file rules + href: select-types-of-rules-to-create.md + items: + - name: Allow apps installed by a managed installer + href: use-windows-defender-application-control-with-managed-installer.md + - name: Configure managed installer rules + href: configure-wdac-managed-installer.md + - name: Allow reputable apps with Intelligent Security Graph (ISG) + href: use-windows-defender-application-control-with-intelligent-security-graph.md + - name: Allow COM object registration + href: allow-com-object-registration-in-windows-defender-application-control-policy.md + - name: Use WDAC with .NET hardening + href: use-windows-defender-application-control-with-dynamic-code-security.md + - name: Manage packaged apps with WDAC + href: manage-packaged-apps-with-windows-defender-application-control.md + - name: Use WDAC to control specific plug-ins, add-ins, and modules + href: use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md + - name: Use multiple WDAC policies + href: deploy-multiple-windows-defender-application-control-policies.md + - name: Create your WDAC policy + items: + - name: Example WDAC base policies + href: example-wdac-base-policies.md + - name: Policy creation for common WDAC usage scenarios + href: types-of-devices.md + items: + - name: Create a WDAC policy for lightly-managed devices + href: create-wdac-policy-for-lightly-managed-devices.md + - name: Create a WDAC policy for fully-managed devices + href: create-wdac-policy-for-fully-managed-devices.md + - name: Create a WDAC policy for fixed-workload devices + href: create-initial-default-policy.md + - name: Microsoft recommended block rules + href: microsoft-recommended-block-rules.md + - name: Microsoft recommended driver block rules + href: microsoft-recommended-driver-block-rules.md + - name: Use the WDAC Wizard tool + href: wdac-wizard.md + items: + - name: Create a base WDAC policy with the Wizard + href: wdac-wizard-create-base-policy.md + - name: Create a supplemental WDAC policy with the Wizard + href: wdac-wizard-create-supplemental-policy.md + - name: Editing a WDAC policy with the Wizard + href: wdac-wizard-editing-policy.md + - name: Merging multiple WDAC policies with the Wizard + href: wdac-wizard-merging-policies.md + - name: WDAC deployment guide + href: windows-defender-application-control-deployment-guide.md + items: + - name: Deploy WDAC policies with MDM + href: deploy-windows-defender-application-control-policies-using-intune.md + - name: Deploy WDAC policies with MEMCM + href: deployment/deploy-wdac-policies-with-memcm.md + - name: Deploy WDAC policies with script + href: deployment/deploy-wdac-policies-with-script.md + - name: Deploy WDAC policies with Group Policy + href: deploy-windows-defender-application-control-policies-using-group-policy.md + - name: Audit WDAC policies + href: audit-windows-defender-application-control-policies.md + - name: Merge WDAC policies + href: merge-windows-defender-application-control-policies.md + - name: Enforce WDAC policies + href: enforce-windows-defender-application-control-policies.md + - name: Use code signing to simplify application control for classic Windows applications + href: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md + items: + - name: "Optional: Use the WDAC Signing Portal in the Microsoft Store for Business" + href: use-device-guard-signing-portal-in-microsoft-store-for-business.md + - name: "Optional: Create a code signing cert for WDAC" + href: create-code-signing-cert-for-windows-defender-application-control.md + - name: Deploy catalog files to support WDAC + href: deploy-catalog-files-to-support-windows-defender-application-control.md + - name: Use signed policies to protect Windows Defender Application Control against tampering + href: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md + - name: Disable WDAC policies + href: disable-windows-defender-application-control-policies.md + - name: LOB Win32 Apps on S Mode + href: LOB-win32-apps-on-s.md + - name: Windows Defender Application Control operational guide + href: windows-defender-application-control-operational-guide.md + items: + - name: Understanding Application Control event IDs + href: event-id-explanations.md + - name: Understanding Application Control event tags + href: event-tag-explanations.md + - name: Query WDAC events with Advanced hunting + href: querying-application-control-events-centrally-using-advanced-hunting.md + - name: Known Issues + href: operations/known-issues.md + - name: AppLocker + href: applocker\applocker-overview.md) + items: + - name: Administer AppLocker + href: applocker\administer-applocker.md + items: + - name: Maintain AppLocker policies + href: applocker\maintain-applocker-policies.md + - name: Edit an AppLocker policy + href: applocker\edit-an-applocker-policy.md + - name: Test and update an AppLocker policy + href: applocker\test-and-update-an-applocker-policy.md + - name: Deploy AppLocker policies by using the enforce rules setting + href: applocker\deploy-applocker-policies-by-using-the-enforce-rules-setting.md + - name: Use the AppLocker Windows PowerShell cmdlets + href: applocker\use-the-applocker-windows-powershell-cmdlets.md + - name: Use AppLocker and Software Restriction Policies in the same domain + href: applocker\use-applocker-and-software-restriction-policies-in-the-same-domain.md + - name: Optimize AppLocker performance + href: applocker\optimize-applocker-performance.md + - name: Monitor app usage with AppLocker + href: applocker\monitor-application-usage-with-applocker.md + - name: Manage packaged apps with AppLocker + href: applocker\manage-packaged-apps-with-applocker.md + - name: Working with AppLocker rules + href: applocker\working-with-applocker-rules.md + items: + - name: Create a rule that uses a file hash condition + href: applocker\create-a-rule-that-uses-a-file-hash-condition.md + - name: Create a rule that uses a path condition + href: applocker\create-a-rule-that-uses-a-path-condition.md + - name: Create a rule that uses a publisher condition + href: applocker\create-a-rule-that-uses-a-publisher-condition.md + - name: Create AppLocker default rules + href: applocker\create-applocker-default-rules.md + - name: Add exceptions for an AppLocker rule + href: applocker\configure-exceptions-for-an-applocker-rule.md + - name: Create a rule for packaged apps + href: applocker\create-a-rule-for-packaged-apps.md + - name: Delete an AppLocker rule + href: applocker\delete-an-applocker-rule.md + - name: Edit AppLocker rules + href: applocker\edit-applocker-rules.md + - name: Enable the DLL rule collection + href: applocker\enable-the-dll-rule-collection.md + - name: Enforce AppLocker rules + href: applocker\enforce-applocker-rules.md + - name: Run the Automatically Generate Rules wizard + href: applocker\run-the-automatically-generate-rules-wizard.md + - name: Working with AppLocker policies + href: applocker\working-with-applocker-policies.md + items: + - name: Configure the Application Identity service + href: applocker\configure-the-application-identity-service.md + - name: Configure an AppLocker policy for audit only + href: applocker\configure-an-applocker-policy-for-audit-only.md + - name: Configure an AppLocker policy for enforce rules + href: applocker\configure-an-applocker-policy-for-enforce-rules.md + - name: Display a custom URL message when users try to run a blocked app + href: applocker\display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md + - name: Export an AppLocker policy from a GPO + href: applocker\export-an-applocker-policy-from-a-gpo.md + - name: Export an AppLocker policy to an XML file + href: applocker\export-an-applocker-policy-to-an-xml-file.md + - name: Import an AppLocker policy from another computer + href: applocker\import-an-applocker-policy-from-another-computer.md + - name: Import an AppLocker policy into a GPO + href: applocker\import-an-applocker-policy-into-a-gpo.md + - name: Add rules for packaged apps to existing AppLocker rule-set + href: applocker\add-rules-for-packaged-apps-to-existing-applocker-rule-set.md + - name: Merge AppLocker policies by using Set-ApplockerPolicy + href: applocker\merge-applocker-policies-by-using-set-applockerpolicy.md + - name: Merge AppLocker policies manually + href: applocker\merge-applocker-policies-manually.md + - name: Refresh an AppLocker policy + href: applocker\refresh-an-applocker-policy.md + - name: Test an AppLocker policy by using Test-AppLockerPolicy + href: applocker\test-an-applocker-policy-by-using-test-applockerpolicy.md + - name: AppLocker design guide + href: applocker\applocker-policies-design-guide.md + items: + - name: Understand AppLocker policy design decisions + href: applocker\understand-applocker-policy-design-decisions.md + - name: Determine your application control objectives + href: applocker\determine-your-application-control-objectives.md + - name: Create a list of apps deployed to each business group + href: applocker\create-list-of-applications-deployed-to-each-business-group.md + items: + - name: Document your app list + href: applocker\document-your-application-list.md + - name: Select the types of rules to create + href: applocker\select-types-of-rules-to-create.md + items: + - name: Document your AppLocker rules + href: applocker\document-your-applocker-rules.md + - name: Determine the Group Policy structure and rule enforcement + href: applocker\determine-group-policy-structure-and-rule-enforcement.md + items: + - name: Understand AppLocker enforcement settings + href: applocker\understand-applocker-enforcement-settings.md + - name: Understand AppLocker rules and enforcement setting inheritance in Group Policy + href: applocker\understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md + - name: Document the Group Policy structure and AppLocker rule enforcement + href: applocker\document-group-policy-structure-and-applocker-rule-enforcement.md + - name: Plan for AppLocker policy management + href: applocker\plan-for-applocker-policy-management.md + - name: AppLocker deployment guide + href: applocker\applocker-policies-deployment-guide.md + items: + - name: Understand the AppLocker policy deployment process + href: applocker\understand-the-applocker-policy-deployment-process.md + - name: Requirements for Deploying AppLocker Policies + href: applocker\requirements-for-deploying-applocker-policies.md + - name: Use Software Restriction Policies and AppLocker policies + href: applocker\using-software-restriction-policies-and-applocker-policies.md + - name: Create Your AppLocker policies + href: applocker\create-your-applocker-policies.md + items: + - name: Create Your AppLocker rules + href: applocker\create-your-applocker-rules.md + - name: Deploy the AppLocker policy into production + href: applocker\deploy-the-applocker-policy-into-production.md + items: + - name: Use a reference device to create and maintain AppLocker policies + href: applocker\use-a-reference-computer-to-create-and-maintain-applocker-policies.md + items: + - name: Determine which apps are digitally signed on a reference device + href: applocker\determine-which-applications-are-digitally-signed-on-a-reference-computer.md + - name: Configure the AppLocker reference device + href: applocker\configure-the-appLocker-reference-device.md + - name: AppLocker technical reference + href: applocker\applocker-technical-reference.md + items: + - name: What Is AppLocker? + href: applocker\what-is-applocker.md + - name: Requirements to use AppLocker + href: applocker\requirements-to-use-applocker.md + - name: AppLocker policy use scenarios + href: applocker\applocker-policy-use-scenarios.md + - name: How AppLocker works + href: applocker\how-applocker-works-techref.md + items: + - name: Understanding AppLocker rule behavior + href: applocker\understanding-applocker-rule-behavior.md + - name: Understanding AppLocker rule exceptions + href: applocker\understanding-applocker-rule-exceptions.md + - name: Understanding AppLocker rule collections + href: applocker\understanding-applocker-rule-collections.md + - name: Understanding AppLocker allow and deny actions on rules + href: applocker\understanding-applocker-allow-and-deny-actions-on-rules.md + - name: Understanding AppLocker rule condition types + href: applocker\understanding-applocker-rule-condition-types.md + items: + - name: Understanding the publisher rule condition in AppLocker + href: applocker\understanding-the-publisher-rule-condition-in-applocker.md + - name: Understanding the path rule condition in AppLocker + href: applocker\understanding-the-path-rule-condition-in-applocker.md + - name: Understanding the file hash rule condition in AppLocker + href: applocker\understanding-the-file-hash-rule-condition-in-applocker.md + - name: Understanding AppLocker default rules + href: applocker\understanding-applocker-default-rules.md + items: + - name: Executable rules in AppLocker + href: applocker\executable-rules-in-applocker.md + - name: Windows Installer rules in AppLocker + href: applocker\windows-installer-rules-in-applocker.md + - name: Script rules in AppLocker + href: applocker\script-rules-in-applocker.md + - name: DLL rules in AppLocker + href: applocker\dll-rules-in-applocker.md + - name: Packaged apps and packaged app installer rules in AppLocker + href: applocker\packaged-apps-and-packaged-app-installer-rules-in-applocker.md + - name: AppLocker architecture and components + href: applocker\applocker-architecture-and-components.md + - name: AppLocker processes and interactions + href: applocker\applocker-processes-and-interactions.md + - name: AppLocker functions + href: applocker\applocker-functions.md + - name: Security considerations for AppLocker + href: applocker\security-considerations-for-applocker.md + - name: Tools to Use with AppLocker + href: applocker\tools-to-use-with-applocker.md + items: + - name: Using Event Viewer with AppLocker + href: applocker\using-event-viewer-with-applocker.md + - name: AppLocker Settings + href: applocker\applocker-settings.md From 38e1781359fc066b3efd686127b8435c8d7e67ba Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 21:15:25 -0700 Subject: [PATCH 068/156] Conversion to YAML: ./windows/security/threat-protection/windows-firewall/TOC.md --- .../threat-protection/windows-firewall/TOC.md | 184 ------------- .../windows-firewall/TOC.yml | 252 ++++++++++++++++++ 2 files changed, 252 insertions(+), 184 deletions(-) delete mode 100644 windows/security/threat-protection/windows-firewall/TOC.md create mode 100644 windows/security/threat-protection/windows-firewall/TOC.yml diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md deleted file mode 100644 index 00a5fecc08..0000000000 --- a/windows/security/threat-protection/windows-firewall/TOC.md +++ /dev/null @@ -1,184 +0,0 @@ -# [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md) - -## [Plan deployment]() - -### [Design guide](windows-firewall-with-advanced-security-design-guide.md) - -### [Design process](understanding-the-windows-firewall-with-advanced-security-design-process.md) - -### [Implementation goals]() -#### [Identify implementation goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md) -#### [Protect devices from unwanted network traffic](protect-devices-from-unwanted-network-traffic.md) -#### [Restrict access to only trusted devices](restrict-access-to-only-trusted-devices.md) -#### [Require encryption](require-encryption-when-accessing-sensitive-network-resources.md) -#### [Restrict access](restrict-access-to-only-specified-users-or-devices.md) - -### [Implementation designs]() -#### [Mapping goals to a design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md) - -#### [Basic firewall design](basic-firewall-policy-design.md) -##### [Basic firewall design example](firewall-policy-design-example.md) - - -#### [Domain isolation design](domain-isolation-policy-design.md) -##### [Domain isolation design example](domain-isolation-policy-design-example.md) - - -#### [Server isolation design](server-isolation-policy-design.md) -##### [Server Isolation design example](server-isolation-policy-design-example.md) - - -#### [Certificate-based isolation design](certificate-based-isolation-policy-design.md) -##### [Certificate-based Isolation design example](certificate-based-isolation-policy-design-example.md) - -### [Design planning]() -#### [Planning your design](planning-your-windows-firewall-with-advanced-security-design.md) - -#### [Planning settings for a basic firewall policy](planning-settings-for-a-basic-firewall-policy.md) - -#### [Planning domain isolation zones]() -##### [Domain isolation zones](planning-domain-isolation-zones.md) -##### [Exemption list](exemption-list.md) -##### [Isolated domain](isolated-domain.md) -##### [Boundary zone](boundary-zone.md) -##### [Encryption zone](encryption-zone.md) - -#### [Planning server isolation zones](planning-server-isolation-zones.md) - -#### [Planning certificate-based authentication](planning-certificate-based-authentication.md) -##### [Documenting the Zones](documenting-the-zones.md) - -##### [Planning group policy deployment for your isolation zones](planning-group-policy-deployment-for-your-isolation-zones.md) -###### [Planning isolation groups for the zones](planning-isolation-groups-for-the-zones.md) -###### [Planning network access groups](planning-network-access-groups.md) - -###### [Planning the GPOs](planning-the-gpos.md) -####### [Firewall GPOs](firewall-gpos.md) -######## [GPO_DOMISO_Firewall](gpo-domiso-firewall.md) -####### [Isolated domain GPOs](isolated-domain-gpos.md) -######## [GPO_DOMISO_IsolatedDomain_Clients](gpo-domiso-isolateddomain-clients.md) -######## [GPO_DOMISO_IsolatedDomain_Servers](gpo-domiso-isolateddomain-servers.md) -####### [Boundary zone GPOs](boundary-zone-gpos.md) -######## [GPO_DOMISO_Boundary](gpo-domiso-boundary.md) -####### [Encryption zone GPOs](encryption-zone-gpos.md) -######## [GPO_DOMISO_Encryption](gpo-domiso-encryption.md) -####### [Server isolation GPOs](server-isolation-gpos.md) - -###### [Planning GPO deployment](planning-gpo-deployment.md) - - -### [Planning to deploy](planning-to-deploy-windows-firewall-with-advanced-security.md) - - -## [Deployment guide]() -### [Deployment overview](windows-firewall-with-advanced-security-deployment-guide.md) - -### [Implementing your plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md) - -### [Basic firewall deployment]() -#### [Checklist: Implementing a basic firewall policy design](checklist-implementing-a-basic-firewall-policy-design.md) - - - -### [Domain isolation deployment]() -#### [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md) - - - -### [Server isolation deployment]() -#### [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md) - - - -### [Certificate-based authentication]() -#### [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md) - - - -## [Best practices]() -### [Configuring the firewall](best-practices-configuring.md) -### [Securing IPsec](securing-end-to-end-ipsec-connections-by-using-ikev2.md) -### [PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md) -### [Isolating Microsoft Store Apps on Your Network](isolating-apps-on-your-network.md) - - -## [How-to]() -### [Add Production devices to the membership group for a zone](add-production-devices-to-the-membership-group-for-a-zone.md) -### [Add test devices to the membership group for a zone](add-test-devices-to-the-membership-group-for-a-zone.md) -### [Assign security group filters to the GPO](assign-security-group-filters-to-the-gpo.md) -### [Change rules from request to require mode](Change-Rules-From-Request-To-Require-Mode.Md) -### [Configure authentication methods](Configure-authentication-methods.md) -### [Configure data protection (Quick Mode) settings](configure-data-protection-quick-mode-settings.md) -### [Configure Group Policy to autoenroll and deploy certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md) -### [Configure key exchange (main mode) settings](configure-key-exchange-main-mode-settings.md) -### [Configure the rules to require encryption](configure-the-rules-to-require-encryption.md) -### [Configure the Windows Firewall log](configure-the-windows-firewall-log.md) -### [Configure the workstation authentication certificate template](configure-the-workstation-authentication-certificate-template.md) -### [Configure Windows Firewall to suppress notifications when a program is blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md) -### [Confirm that certificates are deployed correctly](confirm-that-certificates-are-deployed-correctly.md) -### [Copy a GPO to create a new GPO](copy-a-gpo-to-create-a-new-gpo.md) -### [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md) -### [Create a Group Policy Object](create-a-group-policy-object.md) -### [Create an authentication exemption list rule](create-an-authentication-exemption-list-rule.md) -### [Create an authentication request rule](create-an-authentication-request-rule.md) -### [Create an inbound ICMP rule](create-an-inbound-icmp-rule.md) -### [Create an inbound port rule](create-an-inbound-port-rule.md) -### [Create an inbound program or service rule](create-an-inbound-program-or-service-rule.md) -### [Create an outbound port rule](create-an-outbound-port-rule.md) -### [Create an outbound program or service rule](create-an-outbound-program-or-service-rule.md) -### [Create inbound rules to support RPC](create-inbound-rules-to-support-rpc.md) -### [Create WMI filters for the GPO](create-wmi-filters-for-the-gpo.md) -### [Create Windows Firewall rules in Intune](create-windows-firewall-rules-in-intune.md) -### [Enable predefined inbound rules](enable-predefined-inbound-rules.md) -### [Enable predefined outbound rules](enable-predefined-outbound-rules.md) -### [Exempt ICMP from authentication](exempt-icmp-from-authentication.md) -### [Link the GPO to the domain](link-the-gpo-to-the-domain.md) -### [Modify GPO filters](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md) -### [Open IP security policies](open-the-group-policy-management-console-to-ip-security-policies.md) -### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall.md) -### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md) -### [Open Windows Firewall](open-windows-firewall-with-advanced-security.md) -### [Restrict server access](restrict-server-access-to-members-of-a-group-only.md) -### [Enable Windows Firewall](turn-on-windows-firewall-and-configure-default-behavior.md) -### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md) - - -## [References]() -### [Checklist: Creating Group Policy objects](checklist-creating-group-policy-objects.md) -### [Checklist: Creating inbound firewall rules](checklist-creating-inbound-firewall-rules.md) -### [Checklist: Creating outbound firewall rules](checklist-creating-outbound-firewall-rules.md) -### [Checklist: Configuring basic firewall settings](checklist-configuring-basic-firewall-settings.md) - - -### [Checklist: Configuring rules for the isolated domain](checklist-configuring-rules-for-the-isolated-domain.md) -### [Checklist: Configuring rules for the boundary zone](checklist-configuring-rules-for-the-boundary-zone.md) -### [Checklist: Configuring rules for the encryption zone](checklist-configuring-rules-for-the-encryption-zone.md) -### [Checklist: Configuring rules for an isolated server zone](checklist-configuring-rules-for-an-isolated-server-zone.md) - -### [Checklist: Configuring rules for servers in a standalone isolated server zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md) -### [Checklist: Creating rules for clients of a standalone isolated server zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md) - - -### [Appendix A: Sample GPO template files for settings used in this guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) - - - -## [Troubleshooting]() -### [Troubleshooting UWP app connectivity issues in Windows Firewall](troubleshooting-uwp-firewall.md) -### [Filter origin audit log improvements](filter-origin-documentation.md) -### [Quarantine behavior](quarantine.md) -### [Firewall settings lost on upgrade](firewall-settings-lost-on-upgrade.md) - - - - - - - - - - - - - - diff --git a/windows/security/threat-protection/windows-firewall/TOC.yml b/windows/security/threat-protection/windows-firewall/TOC.yml new file mode 100644 index 0000000000..efaa07fa4e --- /dev/null +++ b/windows/security/threat-protection/windows-firewall/TOC.yml @@ -0,0 +1,252 @@ +- name: Windows Firewall with Advanced Security + href: windows-firewall-with-advanced-security.md + items: + - name: Plan deployment + items: + - name: Design guide + href: windows-firewall-with-advanced-security-design-guide.md + - name: Design process + href: understanding-the-windows-firewall-with-advanced-security-design-process.md + - name: Implementation goals + items: + - name: Identify implementation goals + href: identifying-your-windows-firewall-with-advanced-security-deployment-goals.md + - name: Protect devices from unwanted network traffic + href: protect-devices-from-unwanted-network-traffic.md + - name: Restrict access to only trusted devices + href: restrict-access-to-only-trusted-devices.md + - name: Require encryption + href: require-encryption-when-accessing-sensitive-network-resources.md + - name: Restrict access + href: restrict-access-to-only-specified-users-or-devices.md + - name: Implementation designs + items: + - name: Mapping goals to a design + href: mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md + - name: Basic firewall design + href: basic-firewall-policy-design.md + items: + - name: Basic firewall design example + href: firewall-policy-design-example.md + - name: Domain isolation design + href: domain-isolation-policy-design.md + items: + - name: Domain isolation design example + href: domain-isolation-policy-design-example.md + - name: Server isolation design + href: server-isolation-policy-design.md + items: + - name: Server Isolation design example + href: server-isolation-policy-design-example.md + - name: Certificate-based isolation design + href: certificate-based-isolation-policy-design.md + items: + - name: Certificate-based Isolation design example + href: certificate-based-isolation-policy-design-example.md + - name: Design planning + items: + - name: Planning your design + href: planning-your-windows-firewall-with-advanced-security-design.md + - name: Planning settings for a basic firewall policy + href: planning-settings-for-a-basic-firewall-policy.md + - name: Planning domain isolation zones + items: + - name: Domain isolation zones + href: planning-domain-isolation-zones.md + - name: Exemption list + href: exemption-list.md + - name: Isolated domain + href: isolated-domain.md + - name: Boundary zone + href: boundary-zone.md + - name: Encryption zone + href: encryption-zone.md + - name: Planning server isolation zones + href: planning-server-isolation-zones.md + - name: Planning certificate-based authentication + href: planning-certificate-based-authentication.md + items: + - name: Documenting the Zones + href: documenting-the-zones.md + - name: Planning group policy deployment for your isolation zones + href: planning-group-policy-deployment-for-your-isolation-zones.md + items: + - name: Planning isolation groups for the zones + href: planning-isolation-groups-for-the-zones.md + - name: Planning network access groups + href: planning-network-access-groups.md + - name: Planning the GPOs + href: planning-the-gpos.md + items: + - name: Firewall GPOs + href: firewall-gpos.md + items: + - name: GPO_DOMISO_Firewall + href: gpo-domiso-firewall.md + - name: Isolated domain GPOs + href: isolated-domain-gpos.md + items: + - name: GPO_DOMISO_IsolatedDomain_Clients + href: gpo-domiso-isolateddomain-clients.md + - name: GPO_DOMISO_IsolatedDomain_Servers + href: gpo-domiso-isolateddomain-servers.md + - name: Boundary zone GPOs + href: boundary-zone-gpos.md + items: + - name: GPO_DOMISO_Boundary + href: gpo-domiso-boundary.md + - name: Encryption zone GPOs + href: encryption-zone-gpos.md + items: + - name: GPO_DOMISO_Encryption + href: gpo-domiso-encryption.md + - name: Server isolation GPOs + href: server-isolation-gpos.md + - name: Planning GPO deployment + href: planning-gpo-deployment.md + - name: Planning to deploy + href: planning-to-deploy-windows-firewall-with-advanced-security.md + - name: Deployment guide + items: + - name: Deployment overview + href: windows-firewall-with-advanced-security-deployment-guide.md + - name: Implementing your plan + href: implementing-your-windows-firewall-with-advanced-security-design-plan.md + - name: Basic firewall deployment + items: + - name: "Checklist: Implementing a basic firewall policy design" + href: checklist-implementing-a-basic-firewall-policy-design.md + - name: Domain isolation deployment + items: + - name: "Checklist: Implementing a Domain Isolation Policy Design" + href: checklist-implementing-a-domain-isolation-policy-design.md + - name: Server isolation deployment + items: + - name: "Checklist: Implementing a Standalone Server Isolation Policy Design" + href: checklist-implementing-a-standalone-server-isolation-policy-design.md + - name: Certificate-based authentication + items: + - name: "Checklist: Implementing a Certificate-based Isolation Policy Design" + href: checklist-implementing-a-certificate-based-isolation-policy-design.md + - name: Best practices + items: + - name: Configuring the firewall + href: best-practices-configuring.md + - name: Securing IPsec + href: securing-end-to-end-ipsec-connections-by-using-ikev2.md + - name: PowerShell + href: windows-firewall-with-advanced-security-administration-with-windows-powershell.md + - name: Isolating Microsoft Store Apps on Your Network + href: isolating-apps-on-your-network.md + - name: How-to + items: + - name: Add Production devices to the membership group for a zone + href: add-production-devices-to-the-membership-group-for-a-zone.md + - name: Add test devices to the membership group for a zone + href: add-test-devices-to-the-membership-group-for-a-zone.md + - name: Assign security group filters to the GPO + href: assign-security-group-filters-to-the-gpo.md + - name: Change rules from request to require mode + href: Change-Rules-From-Request-To-Require-Mode.Md + - name: Configure authentication methods + href: Configure-authentication-methods.md + - name: Configure data protection (Quick Mode) settings + href: configure-data-protection-quick-mode-settings.md + - name: Configure Group Policy to autoenroll and deploy certificates + href: configure-group-policy-to-autoenroll-and-deploy-certificates.md + - name: Configure key exchange (main mode) settings + href: configure-key-exchange-main-mode-settings.md + - name: Configure the rules to require encryption + href: configure-the-rules-to-require-encryption.md + - name: Configure the Windows Firewall log + href: configure-the-windows-firewall-log.md + - name: Configure the workstation authentication certificate template + href: configure-the-workstation-authentication-certificate-template.md + - name: Configure Windows Firewall to suppress notifications when a program is blocked + href: configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md + - name: Confirm that certificates are deployed correctly + href: confirm-that-certificates-are-deployed-correctly.md + - name: Copy a GPO to create a new GPO + href: copy-a-gpo-to-create-a-new-gpo.md + - name: Create a Group Account in Active Directory + href: create-a-group-account-in-active-directory.md + - name: Create a Group Policy Object + href: create-a-group-policy-object.md + - name: Create an authentication exemption list rule + href: create-an-authentication-exemption-list-rule.md + - name: Create an authentication request rule + href: create-an-authentication-request-rule.md + - name: Create an inbound ICMP rule + href: create-an-inbound-icmp-rule.md + - name: Create an inbound port rule + href: create-an-inbound-port-rule.md + - name: Create an inbound program or service rule + href: create-an-inbound-program-or-service-rule.md + - name: Create an outbound port rule + href: create-an-outbound-port-rule.md + - name: Create an outbound program or service rule + href: create-an-outbound-program-or-service-rule.md + - name: Create inbound rules to support RPC + href: create-inbound-rules-to-support-rpc.md + - name: Create WMI filters for the GPO + href: create-wmi-filters-for-the-gpo.md + - name: Create Windows Firewall rules in Intune + href: create-windows-firewall-rules-in-intune.md + - name: Enable predefined inbound rules + href: enable-predefined-inbound-rules.md + - name: Enable predefined outbound rules + href: enable-predefined-outbound-rules.md + - name: Exempt ICMP from authentication + href: exempt-icmp-from-authentication.md + - name: Link the GPO to the domain + href: link-the-gpo-to-the-domain.md + - name: Modify GPO filters + href: modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md + - name: Open IP security policies + href: open-the-group-policy-management-console-to-ip-security-policies.md + - name: Open Group Policy + href: open-the-group-policy-management-console-to-windows-firewall.md + - name: Open Group Policy + href: open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md + - name: Open Windows Firewall + href: open-windows-firewall-with-advanced-security.md + - name: Restrict server access + href: restrict-server-access-to-members-of-a-group-only.md + - name: Enable Windows Firewall + href: turn-on-windows-firewall-and-configure-default-behavior.md + - name: Verify Network Traffic + href: verify-that-network-traffic-is-authenticated.md + - name: References + items: + - name: "Checklist: Creating Group Policy objects" + href: checklist-creating-group-policy-objects.md + - name: "Checklist: Creating inbound firewall rules" + href: checklist-creating-inbound-firewall-rules.md + - name: "Checklist: Creating outbound firewall rules" + href: checklist-creating-outbound-firewall-rules.md + - name: "Checklist: Configuring basic firewall settings" + href: checklist-configuring-basic-firewall-settings.md + - name: "Checklist: Configuring rules for the isolated domain" + href: checklist-configuring-rules-for-the-isolated-domain.md + - name: "Checklist: Configuring rules for the boundary zone" + href: checklist-configuring-rules-for-the-boundary-zone.md + - name: "Checklist: Configuring rules for the encryption zone" + href: checklist-configuring-rules-for-the-encryption-zone.md + - name: "Checklist: Configuring rules for an isolated server zone" + href: checklist-configuring-rules-for-an-isolated-server-zone.md + - name: "Checklist: Configuring rules for servers in a standalone isolated server zone" + href: checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md + - name: "Checklist: Creating rules for clients of a standalone isolated server zone" + href: checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md + - name: "Appendix A: Sample GPO template files for settings used in this guide" + href: appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md + - name: Troubleshooting + items: + - name: Troubleshooting UWP app connectivity issues in Windows Firewall + href: troubleshooting-uwp-firewall.md + - name: Filter origin audit log improvements + href: filter-origin-documentation.md + - name: Quarantine behavior + href: quarantine.md + - name: Firewall settings lost on upgrade + href: firewall-settings-lost-on-upgrade.md From bfd81b97a4ed5a2ff2cc0c5dcb07b28815bfd86d Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 21:18:13 -0700 Subject: [PATCH 069/156] Conversion to YAML: ./windows/security/threat-protection/windows-security-configuration-framework/TOC.md --- .../windows-security-configuration-framework/TOC.md | 5 ----- .../windows-security-configuration-framework/TOC.yml | 9 +++++++++ 2 files changed, 9 insertions(+), 5 deletions(-) delete mode 100644 windows/security/threat-protection/windows-security-configuration-framework/TOC.md create mode 100644 windows/security/threat-protection/windows-security-configuration-framework/TOC.yml diff --git a/windows/security/threat-protection/windows-security-configuration-framework/TOC.md b/windows/security/threat-protection/windows-security-configuration-framework/TOC.md deleted file mode 100644 index 10de1f0c1c..0000000000 --- a/windows/security/threat-protection/windows-security-configuration-framework/TOC.md +++ /dev/null @@ -1,5 +0,0 @@ -# Windows security guidance for enterprises - -## [Windows security baselines](windows-security-baselines.md) -### [Security Compliance Toolkit](security-compliance-toolkit-10.md) -### [Get support](get-support-for-security-baselines.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-security-configuration-framework/TOC.yml b/windows/security/threat-protection/windows-security-configuration-framework/TOC.yml new file mode 100644 index 0000000000..f7e0955409 --- /dev/null +++ b/windows/security/threat-protection/windows-security-configuration-framework/TOC.yml @@ -0,0 +1,9 @@ +- name: Windows security guidance for enterprises + items: + - name: Windows security baselines + href: windows-security-baselines.md + items: + - name: Security Compliance Toolkit + href: security-compliance-toolkit-10.md + - name: Get support + href: get-support-for-security-baselines.md From efbc6d4d8faccbb7b9e12d86a8a8bc46866a2797 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 21:23:40 -0700 Subject: [PATCH 070/156] Conversion to YAML: ./windows/whats-new/ltsc/TOC.md --- windows/whats-new/ltsc/TOC.md | 4 ---- windows/whats-new/ltsc/TOC.yml | 9 +++++++++ 2 files changed, 9 insertions(+), 4 deletions(-) delete mode 100644 windows/whats-new/ltsc/TOC.md create mode 100644 windows/whats-new/ltsc/TOC.yml diff --git a/windows/whats-new/ltsc/TOC.md b/windows/whats-new/ltsc/TOC.md deleted file mode 100644 index a16525cda0..0000000000 --- a/windows/whats-new/ltsc/TOC.md +++ /dev/null @@ -1,4 +0,0 @@ -# [Windows 10 Enterprise LTSC](index.md) -## [What's new in Windows 10 Enterprise LTSC 2019](whats-new-windows-10-2019.md) -## [What's new in Windows 10 Enterprise LTSC 2016](whats-new-windows-10-2016.md) -## [What's new in Windows 10 Enterprise LTSC 2015](whats-new-windows-10-2015.md) diff --git a/windows/whats-new/ltsc/TOC.yml b/windows/whats-new/ltsc/TOC.yml new file mode 100644 index 0000000000..aaabcc56ee --- /dev/null +++ b/windows/whats-new/ltsc/TOC.yml @@ -0,0 +1,9 @@ +- name: Windows 10 Enterprise LTSC + href: index.md + items: + - name: What's new in Windows 10 Enterprise LTSC 2019 + href: whats-new-windows-10-2019.md + - name: What's new in Windows 10 Enterprise LTSC 2016 + href: whats-new-windows-10-2016.md + - name: What's new in Windows 10 Enterprise LTSC 2015 + href: whats-new-windows-10-2015.md From 0f210198ad1b5ac4aff74caca951fcf1b7f6aed5 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 21:30:28 -0700 Subject: [PATCH 071/156] Conversion to YAML: ./store-for-business/education/TOC.md --- store-for-business/education/TOC.md | 39 ------------- store-for-business/education/TOC.yml | 86 ++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+), 39 deletions(-) delete mode 100644 store-for-business/education/TOC.md create mode 100644 store-for-business/education/TOC.yml diff --git a/store-for-business/education/TOC.md b/store-for-business/education/TOC.md deleted file mode 100644 index f6d8cc393d..0000000000 --- a/store-for-business/education/TOC.md +++ /dev/null @@ -1,39 +0,0 @@ -# [Microsoft Store for Education](../index.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -## [What's new in Microsoft Store for Business and Education](../whats-new-microsoft-store-business-education.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -## [Sign up and get started](../sign-up-microsoft-store-for-business-overview.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Microsoft Store for Business and Education overview](../microsoft-store-for-business-overview.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Prerequisites for Microsoft Store for Business and Education](../prerequisites-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Sign up for Microsoft Store for Business or Microsoft Store for Education](/microsoft-store/sign-up-microsoft-store-for-business?toc=/microsoft-store/education/toc.json) -### [Roles and permissions in the Microsoft Store for Business and Education](../roles-and-permissions-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Settings reference: Microsoft Store for Business and Education](../settings-reference-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -## [Working with Microsoft Store for Education](/education/windows/education-scenarios-store-for-business?toc=/microsoft-store/education/toc.json) -## [Find and acquire apps](../find-and-acquire-apps-overview.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Apps in the Microsoft Store for Business and Education](../apps-in-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Acquire apps in the Microsoft Store for Business and Education](../acquire-apps-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Working with line-of-business apps](../working-with-line-of-business-apps.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -## [Get Minecraft: Education Edition](/education/windows/get-minecraft-for-education?toc=/microsoft-store/education/toc.json) -### [For teachers: get Minecraft Education Edition](/education/windows/teacher-get-minecraft?toc=/microsoft-store/education/toc.json) -### [For IT administrators: get Minecraft Education Edition](/education/windows/school-get-minecraft?toc=/microsoft-store/education/toc.json) -### [Get Minecraft: Education Edition with Windows 10 device promotion](/education/windows/get-minecraft-device-promotion?toc=/microsoft-store/education/toc.json) -## [Distribute apps to your employees from the Microsoft Store for Business and Education](../distribute-apps-to-your-employees-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Distribute apps using your private store](../distribute-apps-from-your-private-store.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Assign apps to employees](../assign-apps-to-employees.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Distribute apps with a management tool](../distribute-apps-with-management-tool.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Distribute offline apps](../distribute-offline-apps.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -## [Manage products and services](../manage-apps-microsoft-store-for-business-overview.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [App inventory management for Microsoft Store for Business](../app-inventory-management-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Manage app orders in Microsoft Store for Business and Education](../manage-orders-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Manage access to private store](../manage-access-to-private-store.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Manage private store settings](../manage-private-store-settings.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Configure MDM provider](../configure-mdm-provider-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Manage Windows device deployment with Windows Autopilot Deployment](../add-profile-to-devices.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Microsoft Store for Business and Education PowerShell module - preview](../microsoft-store-for-business-education-powershell-module.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](../manage-mpsa-software-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -## [Device Guard signing portal](../device-guard-signing-portal.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Add unsigned app to code integrity policy](../add-unsigned-app-to-code-integrity-policy.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Sign code integrity policy with Device Guard signing](../sign-code-integrity-policy-with-device-guard-signing.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -## [Manage settings in the Microsoft Store for Business and Education](../manage-settings-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Update Microsoft Store for Business and Microsoft Store for Education account settings](../update-microsoft-store-for-business-account-settings.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -### [Manage user accounts in Microsoft Store for Business and Education](../manage-users-and-groups-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -## [Troubleshoot Microsoft Store for Business](../troubleshoot-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) -## [Notifications in Microsoft Store for Business and Education](../notifications-microsoft-store-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json) \ No newline at end of file diff --git a/store-for-business/education/TOC.yml b/store-for-business/education/TOC.yml new file mode 100644 index 0000000000..edb38bce1a --- /dev/null +++ b/store-for-business/education/TOC.yml @@ -0,0 +1,86 @@ +- name: Microsoft Store for Education + href: ../index.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + items: + - name: What's new in Microsoft Store for Business and Education + href: ../whats-new-microsoft-store-business-education.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Sign up and get started + href: ../sign-up-microsoft-store-for-business-overview.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + items: + - name: Microsoft Store for Business and Education overview + href: ../microsoft-store-for-business-overview.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Prerequisites for Microsoft Store for Business and Education + href: ../prerequisites-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Sign up for Microsoft Store for Business or Microsoft Store for Education + href: /microsoft-store/sign-up-microsoft-store-for-business?toc=/microsoft-store/education/toc.json + - name: Roles and permissions in the Microsoft Store for Business and Education + href: ../roles-and-permissions-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: "Settings reference: Microsoft Store for Business and Education" + href: ../settings-reference-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Working with Microsoft Store for Education + href: /education/windows/education-scenarios-store-for-business?toc=/microsoft-store/education/toc.json + - name: Find and acquire apps + href: ../find-and-acquire-apps-overview.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + items: + - name: Apps in the Microsoft Store for Business and Education + href: ../apps-in-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Acquire apps in the Microsoft Store for Business and Education + href: ../acquire-apps-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Working with line-of-business apps + href: ../working-with-line-of-business-apps.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: "Get Minecraft: Education Edition" + href: /education/windows/get-minecraft-for-education?toc=/microsoft-store/education/toc.json + items: + - name: "For teachers: get Minecraft Education Edition" + href: /education/windows/teacher-get-minecraft?toc=/microsoft-store/education/toc.json + - name: "For IT administrators: get Minecraft Education Edition" + href: /education/windows/school-get-minecraft?toc=/microsoft-store/education/toc.json + - name: "Get Minecraft: Education Edition with Windows 10 device promotion" + href: /education/windows/get-minecraft-device-promotion?toc=/microsoft-store/education/toc.json + - name: Distribute apps to your employees from the Microsoft Store for Business and Education + href: ../distribute-apps-to-your-employees-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + items: + - name: Distribute apps using your private store + href: ../distribute-apps-from-your-private-store.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Assign apps to employees + href: ../assign-apps-to-employees.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Distribute apps with a management tool + href: ../distribute-apps-with-management-tool.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Distribute offline apps + href: ../distribute-offline-apps.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Manage products and services + href: ../manage-apps-microsoft-store-for-business-overview.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + items: + - name: App inventory management for Microsoft Store for Business + href: ../app-inventory-management-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Manage app orders in Microsoft Store for Business and Education + href: ../manage-orders-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Manage access to private store + href: ../manage-access-to-private-store.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Manage private store settings + href: ../manage-private-store-settings.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Configure MDM provider + href: ../configure-mdm-provider-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Manage Windows device deployment with Windows Autopilot Deployment + href: ../add-profile-to-devices.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Microsoft Store for Business and Education PowerShell module - preview + href: ../microsoft-store-for-business-education-powershell-module.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business + href: ../manage-mpsa-software-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Device Guard signing portal + href: ../device-guard-signing-portal.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + items: + - name: Add unsigned app to code integrity policy + href: ../add-unsigned-app-to-code-integrity-policy.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Sign code integrity policy with Device Guard signing + href: ../sign-code-integrity-policy-with-device-guard-signing.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Manage settings in the Microsoft Store for Business and Education + href: ../manage-settings-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + items: + - name: Update Microsoft Store for Business and Microsoft Store for Education account settings + href: ../update-microsoft-store-for-business-account-settings.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Manage user accounts in Microsoft Store for Business and Education + href: ../manage-users-and-groups-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Troubleshoot Microsoft Store for Business + href: ../troubleshoot-microsoft-store-for-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json + - name: Notifications in Microsoft Store for Business and Education + href: ../notifications-microsoft-store-business.md?toc=%2fmicrosoft-store%2feducation%2ftoc.json From aea941ea825cfe0ff5beec512ce19b520198e8b2 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 21:32:19 -0700 Subject: [PATCH 072/156] Conversion to YAML: ./windows/application-management/TOC.md --- windows/application-management/TOC.md | 112 ------------ windows/application-management/TOC.yml | 244 +++++++++++++++++++++++++ 2 files changed, 244 insertions(+), 112 deletions(-) delete mode 100644 windows/application-management/TOC.md create mode 100644 windows/application-management/TOC.yml diff --git a/windows/application-management/TOC.md b/windows/application-management/TOC.md deleted file mode 100644 index 45491337c3..0000000000 --- a/windows/application-management/TOC.md +++ /dev/null @@ -1,112 +0,0 @@ -# [Manage applications in Windows 10](index.md) -## [Sideload apps](sideload-apps-in-windows-10.md) -## [Remove background task resource restrictions](enterprise-background-activity-controls.md) -## [Enable or block Windows Mixed Reality apps in the enterprise](manage-windows-mixed-reality.md) -## [Understand apps in Windows 10](apps-in-windows-10.md) -## [Add apps and features in Windows 10](add-apps-and-features.md) -## [Repackage win32 apps in the MSIX format](msix-app-packaging-tool.md) -## [Application Virtualization (App-V) for Windows](app-v/appv-for-windows.md) -### [Getting Started with App-V](app-v/appv-getting-started.md) -#### [What's new in App-V for Windows 10, version 1703 and earlier](app-v/appv-about-appv.md) -##### [Release Notes for App-V for Windows 10, version 1607](app-v/appv-release-notes-for-appv-for-windows.md) -##### [Release Notes for App-V for Windows 10, version 1703](app-v/appv-release-notes-for-appv-for-windows-1703.md) -#### [Evaluating App-V](app-v/appv-evaluating-appv.md) -#### [High Level Architecture for App-V](app-v/appv-high-level-architecture.md) -### [Planning for App-V](app-v/appv-planning-for-appv.md) -#### [Preparing Your Environment for App-V](app-v/appv-preparing-your-environment.md) -##### [App-V Prerequisites](app-v/appv-prerequisites.md) -##### [App-V Security Considerations](app-v/appv-security-considerations.md) -#### [Planning to Deploy App-V](app-v/appv-planning-to-deploy-appv.md) -##### [App-V Supported Configurations](app-v/appv-supported-configurations.md) -##### [App-V Capacity Planning](app-v/appv-capacity-planning.md) -##### [Planning for High Availability with App-V](app-v/appv-planning-for-high-availability-with-appv.md) -##### [Planning to Deploy App-V with an Electronic Software Distribution System](app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md) -##### [Planning for the App-V Server Deployment](app-v/appv-planning-for-appv-server-deployment.md) -##### [Planning for the App-V Sequencer and Client Deployment](app-v/appv-planning-for-sequencer-and-client-deployment.md) -##### [Planning for Using App-V with Office](app-v/appv-planning-for-using-appv-with-office.md) -##### [Planning to Use Folder Redirection with App-V](app-v/appv-planning-folder-redirection-with-appv.md) -#### [App-V Planning Checklist](app-v/appv-planning-checklist.md) -### [Deploying App-V](app-v/appv-deploying-appv.md) -#### [Deploying the App-V Sequencer and Configuring the Client](app-v/appv-deploying-the-appv-sequencer-and-client.md) -##### [About Client Configuration Settings](app-v/appv-client-configuration-settings.md) -##### [Enable the App-V desktop client](app-v/appv-enable-the-app-v-desktop-client.md) -##### [How to Install the Sequencer](app-v/appv-install-the-sequencer.md) -#### [Deploying the App-V Server](app-v/appv-deploying-the-appv-server.md) -##### [How to Deploy the App-V Server](app-v/appv-deploy-the-appv-server.md) -##### [How to Deploy the App-V Server Using a Script](app-v/appv-deploy-the-appv-server-with-a-script.md) -##### [How to Deploy the App-V Databases by Using SQL Scripts](app-v/appv-deploy-appv-databases-with-sql-scripts.md) -##### [How to Install the Publishing Server on a Remote Computer](app-v/appv-install-the-publishing-server-on-a-remote-computer.md) -##### [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md) -##### [How to install the Management Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-management-server-on-a-standalone-computer.md) -##### [About App-V Reporting](app-v/appv-reporting.md) -##### [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-reporting-server-on-a-standalone-computer.md) -#### [App-V Deployment Checklist](app-v/appv-deployment-checklist.md) -#### [Deploying Microsoft Office 2016 by Using App-V](app-v/appv-deploying-microsoft-office-2016-with-appv.md) -#### [Deploying Microsoft Office 2013 by Using App-V](app-v/appv-deploying-microsoft-office-2013-with-appv.md) -#### [Deploying Microsoft Office 2010 by Using App-V](app-v/appv-deploying-microsoft-office-2010-wth-appv.md) -### [Operations for App-V](app-v/appv-operations.md) -#### [Creating and Managing App-V Virtualized Applications](app-v/appv-creating-and-managing-virtualized-applications.md) -##### [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-provision-a-vm.md) -##### [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-sequencing.md) -##### [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-updating.md) -##### [Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-sequence-a-new-application.md) -##### [How to Modify an Existing Virtual Application Package](app-v/appv-modify-an-existing-virtual-application-package.md) -##### [How to Create and Use a Project Template](app-v/appv-create-and-use-a-project-template.md) -##### [How to Create a Package Accelerator](app-v/appv-create-a-package-accelerator.md) -##### [How to Create a Virtual Application Package Using an App-V Package Accelerator](app-v/appv-create-a-virtual-application-package-package-accelerator.md) -#### [Administering App-V Virtual Applications by Using the Management Console](app-v/appv-administering-virtual-applications-with-the-management-console.md) -##### [About App-V Dynamic Configuration](app-v/appv-dynamic-configuration.md) -##### [How to Connect to the Management Console](app-v/appv-connect-to-the-management-console.md) -##### [How to Add or Upgrade Packages by Using the Management Console](app-v/appv-add-or-upgrade-packages-with-the-management-console.md) -##### [How to Configure Access to Packages by Using the Management Console](app-v/appv-configure-access-to-packages-with-the-management-console.md) -##### [How to Publish a Package by Using the Management Console](app-v/appv-publish-a-packages-with-the-management-console.md) -##### [How to Delete a Package in the Management Console](app-v/appv-delete-a-package-with-the-management-console.md) -##### [How to Add or Remove an Administrator by Using the Management Console](app-v/appv-add-or-remove-an-administrator-with-the-management-console.md) -##### [How to Register and Unregister a Publishing Server by Using the Management Console](app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md) -##### [How to Create a Custom Configuration File by Using the App-V Management Console](app-v/appv-create-a-custom-configuration-file-with-the-management-console.md) -##### [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md) -##### [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](app-v/appv-customize-virtual-application-extensions-with-the-management-console.md) -##### [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md) -#### [Managing Connection Groups](app-v/appv-managing-connection-groups.md) -##### [About the Connection Group Virtual Environment](app-v/appv-connection-group-virtual-environment.md) -##### [About the Connection Group File](app-v/appv-connection-group-file.md) -##### [How to Create a Connection Group](app-v/appv-create-a-connection-group.md) -##### [How to Create a Connection Group with User-Published and Globally Published Packages](app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md) -##### [How to Delete a Connection Group](app-v/appv-delete-a-connection-group.md) -##### [How to Publish a Connection Group](app-v/appv-publish-a-connection-group.md) -##### [How to Make a Connection Group Ignore the Package Version](app-v/appv-configure-connection-groups-to-ignore-the-package-version.md) -##### [How to Allow Only Administrators to Enable Connection Groups](app-v/appv-allow-administrators-to-enable-connection-groups.md) -#### [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md) -##### [How to deploy App-V Packages Using Electronic Software Distribution](app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md) -##### [How to Enable Only Administrators to Publish Packages by Using an ESD](app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md) -#### [Using the App-V Client Management Console](app-v/appv-using-the-client-management-console.md) -##### [Automatically clean-up unpublished packages on the App-V client](app-v/appv-auto-clean-unpublished-packages.md) -#### [Migrating to App-V from a Previous Version](app-v/appv-migrating-to-appv-from-a-previous-version.md) -##### [How to Convert a Package Created in a Previous Version of App-V](app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md) -#### [Maintaining App-V](app-v/appv-maintaining-appv.md) -##### [How to Move the App-V Server to Another Computer](app-v/appv-move-the-appv-server-to-another-computer.md) -#### [Administering App-V by Using Windows PowerShell](app-v/appv-administering-appv-with-powershell.md) -##### [How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help](app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md) -##### [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md) -##### [How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md) -##### [How to Modify Client Configuration by Using Windows PowerShell](app-v/appv-modify-client-configuration-with-powershell.md) -##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) -##### [How to Apply the User Configuration File by Using Windows PowerShell](app-v/appv-apply-the-user-configuration-file-with-powershell.md) -##### [How to Apply the Deployment Configuration File by Using Windows PowerShell](app-v/appv-apply-the-deployment-configuration-file-with-powershell.md) -##### [How to Sequence a Package by Using Windows PowerShell](app-v/appv-sequence-a-package-with-powershell.md) -##### [How to Create a Package Accelerator by Using Windows PowerShell](app-v/appv-create-a-package-accelerator-with-powershell.md) -##### [How to Enable Reporting on the App-V Client by Using Windows PowerShell](app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md) -##### [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md) -### [Troubleshooting App-V](app-v/appv-troubleshooting.md) -### [Technical Reference for App-V](app-v/appv-technical-reference.md) -#### [Available Mobile Device Management (MDM) settings for App-V](app-v/appv-available-mdm-settings.md) -#### [Performance Guidance for Application Virtualization](app-v/appv-performance-guidance.md) -#### [Application Publishing and Client Interaction](app-v/appv-application-publishing-and-client-interaction.md) -#### [Viewing App-V Server Publishing Metadata](app-v/appv-viewing-appv-server-publishing-metadata.md) -#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md) -## [Service Host process refactoring](svchost-service-refactoring.md) -## [Per-user services in Windows](per-user-services-in-windows.md) -## [Disabling System Services in Windows Server](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server) -## [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) -## [Change history for Application management](change-history-for-application-management.md) -## [How to keep apps removed from Windows 10 from returning during an update](remove-provisioned-apps-during-update.md) \ No newline at end of file diff --git a/windows/application-management/TOC.yml b/windows/application-management/TOC.yml new file mode 100644 index 0000000000..0235d54cc0 --- /dev/null +++ b/windows/application-management/TOC.yml @@ -0,0 +1,244 @@ +- name: Manage applications in Windows 10 + href: index.md + items: + - name: Sideload apps + href: sideload-apps-in-windows-10.md + - name: Remove background task resource restrictions + href: enterprise-background-activity-controls.md + - name: Enable or block Windows Mixed Reality apps in the enterprise + href: manage-windows-mixed-reality.md + - name: Understand apps in Windows 10 + href: apps-in-windows-10.md + - name: Add apps and features in Windows 10 + href: add-apps-and-features.md + - name: Repackage win32 apps in the MSIX format + href: msix-app-packaging-tool.md + - name: Application Virtualization (App-V) for Windows + href: app-v/appv-for-windows.md + items: + - name: Getting Started with App-V + href: app-v/appv-getting-started.md + items: + - name: What's new in App-V for Windows 10, version 1703 and earlier + href: app-v/appv-about-appv.md + items: + - name: Release Notes for App-V for Windows 10, version 1607 + href: app-v/appv-release-notes-for-appv-for-windows.md + - name: Release Notes for App-V for Windows 10, version 1703 + href: app-v/appv-release-notes-for-appv-for-windows-1703.md + - name: Evaluating App-V + href: app-v/appv-evaluating-appv.md + - name: High Level Architecture for App-V + href: app-v/appv-high-level-architecture.md + - name: Planning for App-V + href: app-v/appv-planning-for-appv.md + items: + - name: Preparing Your Environment for App-V + href: app-v/appv-preparing-your-environment.md + items: + - name: App-V Prerequisites + href: app-v/appv-prerequisites.md + - name: App-V Security Considerations + href: app-v/appv-security-considerations.md + - name: Planning to Deploy App-V + href: app-v/appv-planning-to-deploy-appv.md + items: + - name: App-V Supported Configurations + href: app-v/appv-supported-configurations.md + - name: App-V Capacity Planning + href: app-v/appv-capacity-planning.md + - name: Planning for High Availability with App-V + href: app-v/appv-planning-for-high-availability-with-appv.md + - name: Planning to Deploy App-V with an Electronic Software Distribution System + href: app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md + - name: Planning for the App-V Server Deployment + href: app-v/appv-planning-for-appv-server-deployment.md + - name: Planning for the App-V Sequencer and Client Deployment + href: app-v/appv-planning-for-sequencer-and-client-deployment.md + - name: Planning for Using App-V with Office + href: app-v/appv-planning-for-using-appv-with-office.md + - name: Planning to Use Folder Redirection with App-V + href: app-v/appv-planning-folder-redirection-with-appv.md + - name: App-V Planning Checklist + href: app-v/appv-planning-checklist.md + - name: Deploying App-V + href: app-v/appv-deploying-appv.md + items: + - name: Deploying the App-V Sequencer and Configuring the Client + href: app-v/appv-deploying-the-appv-sequencer-and-client.md + items: + - name: About Client Configuration Settings + href: app-v/appv-client-configuration-settings.md + - name: Enable the App-V desktop client + href: app-v/appv-enable-the-app-v-desktop-client.md + - name: How to Install the Sequencer + href: app-v/appv-install-the-sequencer.md + - name: Deploying the App-V Server + href: app-v/appv-deploying-the-appv-server.md + items: + - name: How to Deploy the App-V Server + href: app-v/appv-deploy-the-appv-server.md + - name: How to Deploy the App-V Server Using a Script + href: app-v/appv-deploy-the-appv-server-with-a-script.md + - name: How to Deploy the App-V Databases by Using SQL Scripts + href: app-v/appv-deploy-appv-databases-with-sql-scripts.md + - name: How to Install the Publishing Server on a Remote Computer + href: app-v/appv-install-the-publishing-server-on-a-remote-computer.md + - name: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services + href: app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md + - name: How to install the Management Server on a Standalone Computer and Connect it to the Database + href: app-v/appv-install-the-management-server-on-a-standalone-computer.md + - name: About App-V Reporting + href: app-v/appv-reporting.md + - name: How to install the Reporting Server on a Standalone Computer and Connect it to the Database + href: app-v/appv-install-the-reporting-server-on-a-standalone-computer.md + - name: App-V Deployment Checklist + href: app-v/appv-deployment-checklist.md + - name: Deploying Microsoft Office 2016 by Using App-V + href: app-v/appv-deploying-microsoft-office-2016-with-appv.md + - name: Deploying Microsoft Office 2013 by Using App-V + href: app-v/appv-deploying-microsoft-office-2013-with-appv.md + - name: Deploying Microsoft Office 2010 by Using App-V + href: app-v/appv-deploying-microsoft-office-2010-wth-appv.md + - name: Operations for App-V + href: app-v/appv-operations.md + items: + - name: Creating and Managing App-V Virtualized Applications + href: app-v/appv-creating-and-managing-virtualized-applications.md + items: + - name: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-auto-provision-a-vm.md + - name: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-auto-batch-sequencing.md + - name: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-auto-batch-updating.md + - name: Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-sequence-a-new-application.md + - name: How to Modify an Existing Virtual Application Package + href: app-v/appv-modify-an-existing-virtual-application-package.md + - name: How to Create and Use a Project Template + href: app-v/appv-create-and-use-a-project-template.md + - name: How to Create a Package Accelerator + href: app-v/appv-create-a-package-accelerator.md + - name: How to Create a Virtual Application Package Using an App-V Package Accelerator + href: app-v/appv-create-a-virtual-application-package-package-accelerator.md + - name: Administering App-V Virtual Applications by Using the Management Console + href: app-v/appv-administering-virtual-applications-with-the-management-console.md + items: + - name: About App-V Dynamic Configuration + href: app-v/appv-dynamic-configuration.md + - name: How to Connect to the Management Console + href: app-v/appv-connect-to-the-management-console.md + - name: How to Add or Upgrade Packages by Using the Management Console + href: app-v/appv-add-or-upgrade-packages-with-the-management-console.md + - name: How to Configure Access to Packages by Using the Management Console + href: app-v/appv-configure-access-to-packages-with-the-management-console.md + - name: How to Publish a Package by Using the Management Console + href: app-v/appv-publish-a-packages-with-the-management-console.md + - name: How to Delete a Package in the Management Console + href: app-v/appv-delete-a-package-with-the-management-console.md + - name: How to Add or Remove an Administrator by Using the Management Console + href: app-v/appv-add-or-remove-an-administrator-with-the-management-console.md + - name: How to Register and Unregister a Publishing Server by Using the Management Console + href: app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md + - name: How to Create a Custom Configuration File by Using the App-V Management Console + href: app-v/appv-create-a-custom-configuration-file-with-the-management-console.md + - name: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console + href: app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md + - name: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console + href: app-v/appv-customize-virtual-application-extensions-with-the-management-console.md + - name: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console + href: app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md + - name: Managing Connection Groups + href: app-v/appv-managing-connection-groups.md + items: + - name: About the Connection Group Virtual Environment + href: app-v/appv-connection-group-virtual-environment.md + - name: About the Connection Group File + href: app-v/appv-connection-group-file.md + - name: How to Create a Connection Group + href: app-v/appv-create-a-connection-group.md + - name: How to Create a Connection Group with User-Published and Globally Published Packages + href: app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md + - name: How to Delete a Connection Group + href: app-v/appv-delete-a-connection-group.md + - name: How to Publish a Connection Group + href: app-v/appv-publish-a-connection-group.md + - name: How to Make a Connection Group Ignore the Package Version + href: app-v/appv-configure-connection-groups-to-ignore-the-package-version.md + - name: How to Allow Only Administrators to Enable Connection Groups + href: app-v/appv-allow-administrators-to-enable-connection-groups.md + - name: Deploying App-V Packages by Using Electronic Software Distribution (ESD) + href: app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md + items: + - name: How to deploy App-V Packages Using Electronic Software Distribution + href: app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md + - name: How to Enable Only Administrators to Publish Packages by Using an ESD + href: app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md + - name: Using the App-V Client Management Console + href: app-v/appv-using-the-client-management-console.md + items: + - name: Automatically clean-up unpublished packages on the App-V client + href: app-v/appv-auto-clean-unpublished-packages.md + - name: Migrating to App-V from a Previous Version + href: app-v/appv-migrating-to-appv-from-a-previous-version.md + items: + - name: How to Convert a Package Created in a Previous Version of App-V + href: app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md + - name: Maintaining App-V + href: app-v/appv-maintaining-appv.md + items: + - name: How to Move the App-V Server to Another Computer + href: app-v/appv-move-the-appv-server-to-another-computer.md + - name: Administering App-V by Using Windows PowerShell + href: app-v/appv-administering-appv-with-powershell.md + items: + - name: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help + href: app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md + - name: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell + href: app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md + - name: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell + href: app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md + - name: How to Modify Client Configuration by Using Windows PowerShell + href: app-v/appv-modify-client-configuration-with-powershell.md + - name: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server + href: app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md + - name: How to Apply the User Configuration File by Using Windows PowerShell + href: app-v/appv-apply-the-user-configuration-file-with-powershell.md + - name: How to Apply the Deployment Configuration File by Using Windows PowerShell + href: app-v/appv-apply-the-deployment-configuration-file-with-powershell.md + - name: How to Sequence a Package by Using Windows PowerShell + href: app-v/appv-sequence-a-package-with-powershell.md + - name: How to Create a Package Accelerator by Using Windows PowerShell + href: app-v/appv-create-a-package-accelerator-with-powershell.md + - name: How to Enable Reporting on the App-V Client by Using Windows PowerShell + href: app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md + - name: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell + href: app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md + - name: Troubleshooting App-V + href: app-v/appv-troubleshooting.md + - name: Technical Reference for App-V + href: app-v/appv-technical-reference.md + items: + - name: Available Mobile Device Management (MDM) settings for App-V + href: app-v/appv-available-mdm-settings.md + - name: Performance Guidance for Application Virtualization + href: app-v/appv-performance-guidance.md + - name: Application Publishing and Client Interaction + href: app-v/appv-application-publishing-and-client-interaction.md + - name: Viewing App-V Server Publishing Metadata + href: app-v/appv-viewing-appv-server-publishing-metadata.md + - name: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications + href: app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md + - name: Service Host process refactoring + href: svchost-service-refactoring.md + - name: Per-user services in Windows + href: per-user-services-in-windows.md + - name: Disabling System Services in Windows Server + href: /windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server + - name: Deploy app upgrades on Windows 10 Mobile + href: deploy-app-upgrades-windows-10-mobile.md + - name: Change history for Application management + href: change-history-for-application-management.md + - name: How to keep apps removed from Windows 10 from returning during an update + href: remove-provisioned-apps-during-update.md From e66a75b88926798a251c25168646b78abfccc768 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 21:37:49 -0700 Subject: [PATCH 073/156] Conversion to YAML: ./windows/hub/TOC.md --- windows/hub/TOC.md | 11 ----------- windows/hub/TOC.yml | 23 +++++++++++++++++++++++ 2 files changed, 23 insertions(+), 11 deletions(-) delete mode 100644 windows/hub/TOC.md create mode 100644 windows/hub/TOC.yml diff --git a/windows/hub/TOC.md b/windows/hub/TOC.md deleted file mode 100644 index 13fc91f2bb..0000000000 --- a/windows/hub/TOC.md +++ /dev/null @@ -1,11 +0,0 @@ -# [Windows 10](index.yml) -## [What's new](/windows/whats-new) -## [Release information](/windows/release-health) -## [Deployment](/windows/deployment) -## [Configuration](/windows/configuration) -## [Client management](/windows/client-management) -## [Application management](/windows/application-management) -## [Security](/windows/security) -## [Privacy](/windows/privacy) -## [Troubleshooting](/windows/client-management/windows-10-support-solutions) -## [Previous Windows versions](/previous-versions/windows) \ No newline at end of file diff --git a/windows/hub/TOC.yml b/windows/hub/TOC.yml new file mode 100644 index 0000000000..2d99b5fb17 --- /dev/null +++ b/windows/hub/TOC.yml @@ -0,0 +1,23 @@ +- name: Windows 10 + href: index.yml + items: + - name: What's new + href: /windows/whats-new + - name: Release information + href: /windows/release-health + - name: Deployment + href: /windows/deployment + - name: Configuration + href: /windows/configuration + - name: Client management + href: /windows/client-management + - name: Application management + href: /windows/application-management + - name: Security + href: /windows/security + - name: Privacy + href: /windows/privacy + - name: Troubleshooting + href: /windows/client-management/windows-10-support-solutions + - name: Previous Windows versions + href: /previous-versions/windows From 2f21761ea1562c12a6f99a23d64b4de9f4f32c1a Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 21:38:58 -0700 Subject: [PATCH 074/156] Conversion to YAML: ./windows/client-management/mdm/TOC.md --- windows/client-management/mdm/TOC.md | 435 ------------ windows/client-management/mdm/TOC.yml | 954 ++++++++++++++++++++++++++ 2 files changed, 954 insertions(+), 435 deletions(-) delete mode 100644 windows/client-management/mdm/TOC.md create mode 100644 windows/client-management/mdm/TOC.yml diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md deleted file mode 100644 index 2f21a06d6f..0000000000 --- a/windows/client-management/mdm/TOC.md +++ /dev/null @@ -1,435 +0,0 @@ -# [Mobile device management](index.md) -## [What's new in MDM enrollment and management](new-in-windows-mdm-enrollment-management.md) -### [Change history for MDM documentation](change-history-for-mdm-documentation.md) -## [Mobile device enrollment](mobile-device-enrollment.md) -### [MDM enrollment of Windows devices](mdm-enrollment-of-windows-devices.md) -#### [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md) -### [Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md) -### [Federated authentication device enrollment](federated-authentication-device-enrollment.md) -### [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md) -### [On-premises authentication device enrollment](on-premise-authentication-device-enrollment.md) -## [Understanding ADMX-backed policies](understanding-admx-backed-policies.md) -## [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md) -## [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) -## [Implement server-side support for mobile application management on Windows](implement-server-side-mobile-application-management.md) -## [Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md) -## [Deploy and configure App-V apps using MDM](appv-deploy-and-config.md) -## [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md) -### [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md) -### [Register your free Azure Active Directory subscription](register-your-free-azure-active-directory-subscription.md) -## [Enterprise app management](enterprise-app-management.md) -## [Mobile device management (MDM) for device updates](device-update-management.md) -## [Bulk enrollment](bulk-enrollment-using-windows-provisioning-tool.md) -## [Management tool for the Microsoft Store for Business](management-tool-for-windows-store-for-business.md) -### [REST API reference for Microsoft Store for Business](rest-api-reference-windows-store-for-business.md) -#### [Data structures for Microsoft Store for Business](data-structures-windows-store-for-business.md) -#### [Get Inventory](get-inventory.md) -#### [Get product details](get-product-details.md) -#### [Get localized product details](get-localized-product-details.md) -#### [Get offline license](get-offline-license.md) -#### [Get product packages](get-product-packages.md) -#### [Get product package](get-product-package.md) -#### [Get seats](get-seats.md) -#### [Get seat](get-seat.md) -#### [Assign seats](assign-seats.md) -#### [Reclaim seat from user](reclaim-seat-from-user.md) -#### [Bulk assign and reclaim seats from users](bulk-assign-and-reclaim-seats-from-user.md) -#### [Get seats assigned to a user](get-seats-assigned-to-a-user.md) -## [Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices](enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md) -## [Certificate renewal](certificate-renewal-windows-mdm.md) -## [Disconnecting from the management infrastructure (unenrollment)](disconnecting-from-mdm-unenrollment.md) -## [Enterprise settings, policies, and app management](windows-mdm-enterprise-settings.md) -## [Push notification support for device management](push-notification-windows-mdm.md) -## [OMA DM protocol support](oma-dm-protocol-support.md) -## [Structure of OMA DM provisioning files](structure-of-oma-dm-provisioning-files.md) -## [Server requirements for OMA DM](server-requirements-windows-mdm.md) -## [DMProcessConfigXMLFiltered](dmprocessconfigxmlfiltered.md) -## [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md) -## [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md) -## [Configuration service provider reference](configuration-service-provider-reference.md) -### [AccountManagement CSP](accountmanagement-csp.md) -#### [AccountManagement DDF file](accountmanagement-ddf.md) -### [Accounts CSP](accounts-csp.md) -#### [Accounts DDF file](accounts-ddf-file.md) -### [ActiveSync CSP](activesync-csp.md) -#### [ActiveSync DDF file](activesync-ddf-file.md) -### [AllJoynManagement CSP](alljoynmanagement-csp.md) -#### [AllJoynManagement DDF](alljoynmanagement-ddf.md) -### [APPLICATION CSP](application-csp.md) -### [ApplicationControl CSP](applicationcontrol-csp.md) -#### [ApplicationControl DDF file](applicationcontrol-csp-ddf.md) -### [AppLocker CSP](applocker-csp.md) -#### [AppLocker DDF file](applocker-ddf-file.md) -#### [AppLocker XSD](applocker-xsd.md) -### [AssignedAccess CSP](assignedaccess-csp.md) -#### [AssignedAccess DDF file](assignedaccess-ddf.md) -### [BitLocker CSP](bitlocker-csp.md) -#### [BitLocker DDF file](bitlocker-ddf-file.md) -### [BOOTSTRAP CSP](bootstrap-csp.md) -### [BrowserFavorite CSP](browserfavorite-csp.md) -### [CellularSettings CSP](cellularsettings-csp.md) -### [CertificateStore CSP](certificatestore-csp.md) -#### [CertificateStore DDF file](certificatestore-ddf-file.md) -### [CleanPC CSP](cleanpc-csp.md) -#### [CleanPC DDF](cleanpc-ddf.md) -### [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) -#### [ClientCertificateInstall DDF file](clientcertificateinstall-ddf-file.md) -### [CM_CellularEntries CSP](cm-cellularentries-csp.md) -### [CM_ProxyEntries CSP](cm-proxyentries-csp.md) -### [CMPolicy CSP](cmpolicy-csp.md) -### [CMPolicyEnterprise CSP](cmpolicyenterprise-csp.md) -#### [CMPolicyEnterprise DDF file](cmpolicyenterprise-ddf-file.md) -### [CustomDeviceUI CSP](customdeviceui-csp.md) -#### [CustomDeviceUI DDF file](customdeviceui-ddf.md) -### [Defender CSP](defender-csp.md) -#### [Defender DDF file](defender-ddf.md) -### [DevDetail CSP](devdetail-csp.md) -#### [DevDetail DDF file](devdetail-ddf-file.md) -### [DeveloperSetup CSP](developersetup-csp.md) -#### [DeveloperSetup DDF](developersetup-ddf.md) -### [DeviceInstanceService CSP](deviceinstanceservice-csp.md) -### [DeviceLock CSP](devicelock-csp.md) -#### [DeviceLock DDF file](devicelock-ddf-file.md) -### [DeviceManageability CSP](devicemanageability-csp.md) -#### [DeviceManageability DDF](devicemanageability-ddf.md) -### [DeviceStatus CSP](devicestatus-csp.md) -#### [DeviceStatus DDF](devicestatus-ddf.md) -### [DevInfo CSP](devinfo-csp.md) -#### [DevInfo DDF file](devinfo-ddf-file.md) -### [DiagnosticLog CSP](diagnosticlog-csp.md) -#### [DiagnosticLog DDF file](diagnosticlog-ddf.md) -### [DMAcc CSP](dmacc-csp.md) -#### [DMAcc DDF file](dmacc-ddf-file.md) -### [DMClient CSP](dmclient-csp.md) -#### [DMClient DDF file](dmclient-ddf-file.md) -### [DMSessionActions CSP](dmsessionactions-csp.md) -#### [DMSessionActions DDF file](dmsessionactions-ddf.md) -### [DynamicManagement CSP](dynamicmanagement-csp.md) -#### [DynamicManagement DDF file](dynamicmanagement-ddf.md) -### [EMAIL2 CSP](email2-csp.md) -#### [EMAIL2 DDF file](email2-ddf-file.md) -### [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) -#### [EnrollmentStatusTracking DDF file](enrollmentstatustracking-csp-ddf.md) -### [EnterpriseAPN CSP](enterpriseapn-csp.md) -#### [EnterpriseAPN DDF](enterpriseapn-ddf.md) -### [EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md) -### [EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md) -#### [EnterpriseAppVManagement DDF file](enterpriseappvmanagement-ddf.md) -### [EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md) -#### [EnterpriseAssignedAccess DDF file](enterpriseassignedaccess-ddf.md) -#### [EnterpriseAssignedAccess XSD](enterpriseassignedaccess-xsd.md) -### [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) -#### [EnterpriseDataProtection DDF file](enterprisedataprotection-ddf-file.md) -### [EnterpriseDesktopAppManagement CSP](enterprisedesktopappmanagement-csp.md) -#### [EnterpriseDesktopAppManagement DDF](enterprisedesktopappmanagement-ddf-file.md) -#### [EnterpriseDesktopAppManagement XSD](enterprisedesktopappmanagement2-xsd.md) -### [EnterpriseExt CSP](enterpriseext-csp.md) -#### [EnterpriseExt DDF file](enterpriseext-ddf.md) -### [EnterpriseExtFileSystem CSP](enterpriseextfilessystem-csp.md) -#### [EnterpriseExtFileSystem DDF file](enterpriseextfilesystem-ddf.md) -### [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) -#### [EnterpriseModernAppManagement DDF](enterprisemodernappmanagement-ddf.md) -#### [EnterpriseModernAppManagement XSD](enterprisemodernappmanagement-xsd.md) -### [eUICCs CSP](euiccs-csp.md) -#### [eUICCs DDF file](euiccs-ddf-file.md) -### [FileSystem CSP](filesystem-csp.md) -### [Firewall CSP](firewall-csp.md) -#### [Firewall DDF file](firewall-ddf-file.md) -### [HealthAttestation CSP](healthattestation-csp.md) -#### [HealthAttestation DDF](healthattestation-ddf.md) -### [HotSpot CSP](hotspot-csp.md) -### [Maps CSP](maps-csp.md) -#### [Maps DDF](maps-ddf-file.md) -### [Messaging CSP](messaging-csp.md) -#### [Messaging DDF file](messaging-ddf.md) -### [MultiSIM CSP](multisim-csp.md) -#### [MultiSIM DDF file](multisim-ddf.md) -### [NAP CSP](nap-csp.md) -### [NAPDEF CSP](napdef-csp.md) -### [NetworkProxy CSP](networkproxy-csp.md) -#### [NetworkProxy DDF file](networkproxy-ddf.md) -### [NetworkQoSPolicy CSP](networkqospolicy-csp.md) -#### [NetworkQoSPolicy DDF file](networkqospolicy-ddf.md) -### [NodeCache CSP](nodecache-csp.md) -#### [NodeCache DDF file](nodecache-ddf-file.md) -### [Office CSP](office-csp.md) -#### [Office DDF](office-ddf.md) -### [PassportForWork CSP](passportforwork-csp.md) -#### [PassportForWork DDF file](passportforwork-ddf.md) -### [Personalization CSP](personalization-csp.md) -#### [Personalization DDF file](personalization-ddf.md) -### [Policy CSP](policy-configuration-service-provider.md) -#### [Policy CSP DDF file](policy-ddf-file.md) -#### [Policies in Policy CSP supported by Group Policy](policies-in-policy-csp-supported-by-group-policy.md) -#### [ADMX-backed policies in Policy CSP](policies-in-policy-csp-admx-backed.md) -#### [Policies in Policy CSP supported by HoloLens 2](policies-in-policy-csp-supported-by-hololens2.md) -#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md) -#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md) -#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](./configuration-service-provider-reference.md) -#### [Policies in Policy CSP supported by Windows 10 IoT Core](policies-in-policy-csp-supported-by-iot-core.md) -#### [Policies in Policy CSP supported by Microsoft Surface Hub](policies-in-policy-csp-supported-by-surface-hub.md) -#### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policies-in-policy-csp-that-can-be-set-using-eas.md) -#### [AboveLock](policy-csp-abovelock.md) -#### [Accounts](policy-csp-accounts.md) -#### [ActiveXControls](policy-csp-activexcontrols.md) -#### [ADMX_ActiveXInstallService](policy-csp-admx-activexinstallservice.md) -#### [ADMX_AddRemovePrograms](policy-csp-admx-addremoveprograms.md) -#### [ADMX_AppCompat](policy-csp-admx-appcompat.md) -#### [ADMX_AppxPackageManager](policy-csp-admx-appxpackagemanager.md) -#### [ADMX_AppXRuntime](policy-csp-admx-appxruntime.md) -#### [ADMX_AttachmentManager](policy-csp-admx-attachmentmanager.md) -#### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md) -#### [ADMX_Bits](policy-csp-admx-bits.md) -#### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md) -#### [ADMX_COM](policy-csp-admx-com.md) -#### [ADMX_ControlPanel](policy-csp-admx-controlpanel.md) -#### [ADMX_ControlPanelDisplay](policy-csp-admx-controlpaneldisplay.md) -#### [ADMX_Cpls](policy-csp-admx-cpls.md) -#### [ADMX_CredentialProviders](policy-csp-admx-credentialproviders.md) -#### [ADMX_CredSsp](policy-csp-admx-credssp.md) -#### [ADMX_CredUI](policy-csp-admx-credui.md) -#### [ADMX_CtrlAltDel](policy-csp-admx-ctrlaltdel.md) -#### [ADMX_DataCollection](policy-csp-admx-datacollection.md) -#### [ADMX_Desktop](policy-csp-admx-desktop.md) -#### [ADMX_DeviceInstallation](policy-csp-admx-deviceinstallation.md) -#### [ADMX_DeviceSetup](policy-csp-admx-devicesetup.md) -#### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) -#### [ADMX_DistributedLinkTracking](policy-csp-admx-distributedlinktracking.md) -#### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) -#### [ADMX_DWM](policy-csp-admx-dwm.md) -#### [ADMX_EAIME](policy-csp-admx-eaime.md) -#### [ADMX_EncryptFilesonMove](policy-csp-admx-encryptfilesonmove.md) -#### [ADMX_EnhancedStorage](policy-csp-admx-enhancedstorage.md) -#### [ADMX_ErrorReporting](policy-csp-admx-errorreporting.md) -#### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) -#### [ADMX_EventLog](policy-csp-admx-eventlog.md) -#### [ADMX_Explorer](policy-csp-admx-explorer.md) -#### [ADMX_FileRecovery](policy-csp-admx-filerecovery.md) -#### [ADMX_FileServerVSSProvider](policy-csp-admx-fileservervssprovider.md) -#### [ADMX_FileSys](policy-csp-admx-filesys.md) -#### [ADMX_FolderRedirection](policy-csp-admx-folderredirection.md) -#### [ADMX_Globalization](policy-csp-admx-globalization.md) -#### [ADMX_GroupPolicy](policy-csp-admx-grouppolicy.md) -#### [ADMX_Help](policy-csp-admx-help.md) -#### [ADMX_HelpAndSupport](policy-csp-admx-helpandsupport.md) -#### [ADMX_ICM](policy-csp-admx-icm.md) -#### [ADMX_kdc](policy-csp-admx-kdc.md) -#### [ADMX_Kerberos](policy-csp-admx-kerberos.md) -#### [ADMX_LanmanServer](policy-csp-admx-lanmanserver.md) -#### [ADMX_LanmanWorkstation](policy-csp-admx-lanmanworkstation.md) -#### [ADMX_LinkLayerTopologyDiscovery](policy-csp-admx-linklayertopologydiscovery.md) -#### [ADMX_Logon](policy-csp-admx-logon.md) -#### [ADMX_MicrosoftDefenderAntivirus](policy-csp-admx-microsoftdefenderantivirus.md) -#### [ADMX_MMC](policy-csp-admx-mmc.md) -#### [ADMX_MMCSnapins](policy-csp-admx-mmcsnapins.md) -#### [ADMX_MSAPolicy](policy-csp-admx-msapolicy.md) -#### [ADMX_msched](policy-csp-admx-msched.md) -#### [ADMX_MSDT](policy-csp-admx-msdt.md) -#### [ADMX_MSI](policy-csp-admx-msi.md) -#### [ADMX_nca](policy-csp-admx-nca.md) -#### [ADMX_NCSI](policy-csp-admx-ncsi.md) -#### [ADMX_Netlogon](policy-csp-admx-netlogon.md) -#### [ADMX_NetworkConnections](policy-csp-admx-networkconnections.md) -#### [ADMX_OfflineFiles](policy-csp-admx-offlinefiles.md) -#### [ADMX_PeerToPeerCaching](policy-csp-admx-peertopeercaching.md) -#### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md) -#### [ADMX_Power](policy-csp-admx-power.md) -#### [ADMX_PowerShellExecutionPolicy](policy-csp-admx-powershellexecutionpolicy.md) -#### [ADMX_Printing](policy-csp-admx-printing.md) -#### [ADMX_Printing2](policy-csp-admx-printing2.md) -#### [ADMX_Programs](policy-csp-admx-programs.md) -#### [ADMX_Reliability](policy-csp-admx-reliability.md) -#### [ADMX_RemoteAssistance](policy-csp-admx-remoteassistance.md) -#### [ADMX_RemovableStorage](policy-csp-admx-removablestorage.md) -#### [ADMX_RPC](policy-csp-admx-rpc.md) -#### [ADMX_Scripts](policy-csp-admx-scripts.md) -#### [ADMX_sdiageng](policy-csp-admx-sdiageng.md) -#### [ADMX_Securitycenter](policy-csp-admx-securitycenter.md) -#### [ADMX_Sensors](policy-csp-admx-sensors.md) -#### [ADMX_Servicing](policy-csp-admx-servicing.md) -#### [ADMX_SettingSync](policy-csp-admx-settingsync.md) -#### [ADMX_SharedFolders](policy-csp-admx-sharedfolders.md) -#### [ADMX_Sharing](policy-csp-admx-sharing.md) -#### [ADMX_ShellCommandPromptRegEditTools](policy-csp-admx-shellcommandpromptregedittools.md) -#### [ADMX_SkyDrive](policy-csp-admx-skydrive.md) -#### [ADMX_Smartcard](policy-csp-admx-smartcard.md) -#### [ADMX_Snmp](policy-csp-admx-snmp.md) -#### [ADMX_StartMenu](policy-csp-admx-startmenu.md) -#### [ADMX_SystemRestore](policy-csp-admx-systemrestore.md) -#### [ADMX_Taskbar](policy-csp-admx-taskbar.md) -#### [ADMX_tcpip](policy-csp-admx-tcpip.md) -#### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md) -#### [ADMX_TPM](policy-csp-admx-tpm.md) -#### [ADMX_UserExperienceVirtualization](policy-csp-admx-userexperiencevirtualization.md) -#### [ADMX_UserProfiles](policy-csp-admx-userprofiles.md) -#### [ADMX_W32Time](policy-csp-admx-w32time.md) -#### [ADMX_WCM](policy-csp-admx-wcm.md) -#### [ADMX_WinCal](policy-csp-admx-wincal.md) -#### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md) -#### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md) -#### [ADMX_WindowsExplorer](policy-csp-admx-windowsexplorer.md) -#### [ADMX_WindowsFileProtection](policy-csp-admx-windowsfileprotection.md) -#### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md) -#### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md) -#### [ADMX_WindowsRemoteManagement](policy-csp-admx-windowsremotemanagement.md) -#### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md) -#### [ADMX_WinInit](policy-csp-admx-wininit.md) -#### [ADMX_WinLogon](policy-csp-admx-winlogon.md) -#### [ADMX-Winsrv](policy-csp-admx-winsrv.md) -#### [ADMX_wlansvc](policy-csp-admx-wlansvc.md) -#### [ADMX_WPN](policy-csp-admx-wpn.md) -#### [ApplicationDefaults](policy-csp-applicationdefaults.md) -#### [ApplicationManagement](policy-csp-applicationmanagement.md) -#### [AppRuntime](policy-csp-appruntime.md) -#### [AppVirtualization](policy-csp-appvirtualization.md) -#### [AttachmentManager](policy-csp-attachmentmanager.md) -#### [Audit](policy-csp-audit.md) -#### [Authentication](policy-csp-authentication.md) -#### [Autoplay](policy-csp-autoplay.md) -#### [BitLocker](policy-csp-bitlocker.md) -#### [BITS](policy-csp-bits.md) -#### [Bluetooth](policy-csp-bluetooth.md) -#### [Browser](policy-csp-browser.md) -#### [Camera](policy-csp-camera.md) -#### [Cellular](policy-csp-cellular.md) -#### [Connectivity](policy-csp-connectivity.md) -#### [ControlPolicyConflict](policy-csp-controlpolicyconflict.md) -#### [CredentialsDelegation](policy-csp-credentialsdelegation.md) -#### [CredentialProviders](policy-csp-credentialproviders.md) -#### [CredentialsUI](policy-csp-credentialsui.md) -#### [Cryptography](policy-csp-cryptography.md) -#### [DataProtection](policy-csp-dataprotection.md) -#### [DataUsage](policy-csp-datausage.md) -#### [Defender](policy-csp-defender.md) -#### [DeliveryOptimization](policy-csp-deliveryoptimization.md) -#### [Desktop](policy-csp-desktop.md) -#### [DeviceGuard](policy-csp-deviceguard.md) -#### [DeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md) -#### [DeviceInstallation](policy-csp-deviceinstallation.md) -#### [DeviceLock](policy-csp-devicelock.md) -#### [Display](policy-csp-display.md) -#### [DmaGuard](policy-csp-dmaguard.md) -#### [Education](policy-csp-education.md) -#### [EnterpriseCloudPrint](policy-csp-enterprisecloudprint.md) -#### [ErrorReporting](policy-csp-errorreporting.md) -#### [EventLogService](policy-csp-eventlogservice.md) -#### [Experience](policy-csp-experience.md) -#### [ExploitGuard](policy-csp-exploitguard.md) -#### [FileExplorer](policy-csp-fileexplorer.md) -#### [Games](policy-csp-games.md) -#### [Handwriting](policy-csp-handwriting.md) -#### [InternetExplorer](policy-csp-internetexplorer.md) -#### [Kerberos](policy-csp-kerberos.md) -#### [KioskBrowser](policy-csp-kioskbrowser.md) -#### [LanmanWorkstation](policy-csp-lanmanworkstation.md) -#### [Licensing](policy-csp-licensing.md) -#### [LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md) -#### [LocalUsersAndGroups](policy-csp-localusersandgroups.md) -#### [LockDown](policy-csp-lockdown.md) -#### [Maps](policy-csp-maps.md) -#### [Messaging](policy-csp-messaging.md) -#### [MixedReality](policy-csp-mixedreality.md) -#### [MSSecurityGuide](policy-csp-mssecurityguide.md) -#### [MSSLegacy](policy-csp-msslegacy.md) -#### [Multitasking](policy-csp-multitasking.md) -#### [NetworkIsolation](policy-csp-networkisolation.md) -#### [Notifications](policy-csp-notifications.md) -#### [Power](policy-csp-power.md) -#### [Printers](policy-csp-printers.md) -#### [Privacy](policy-csp-privacy.md) -#### [RemoteAssistance](policy-csp-remoteassistance.md) -#### [RemoteDesktopServices](policy-csp-remotedesktopservices.md) -#### [RemoteManagement](policy-csp-remotemanagement.md) -#### [RemoteProcedureCall](policy-csp-remoteprocedurecall.md) -#### [RemoteShell](policy-csp-remoteshell.md) -#### [RestrictedGroups](policy-csp-restrictedgroups.md) -#### [Search](policy-csp-search.md) -#### [Security](policy-csp-security.md) -#### [ServiceControlManager](policy-csp-servicecontrolmanager.md) -#### [Settings](policy-csp-settings.md) -#### [Speech](policy-csp-speech.md) -#### [Start](policy-csp-start.md) -#### [Storage](policy-csp-storage.md) -#### [System](policy-csp-system.md) -#### [SystemServices](policy-csp-systemservices.md) -#### [TaskManager](policy-csp-taskmanager.md) -#### [TaskScheduler](policy-csp-taskscheduler.md) -#### [TextInput](policy-csp-textinput.md) -#### [TimeLanguageSettings](policy-csp-timelanguagesettings.md) -#### [Troubleshooting](policy-csp-troubleshooting.md) -#### [Update](policy-csp-update.md) -#### [UserRights](policy-csp-userrights.md) -#### [Wifi](policy-csp-wifi.md) -#### [WindowsConnectionManager](policy-csp-windowsconnectionmanager.md) -#### [WindowsDefenderSecurityCenter](policy-csp-windowsdefendersecuritycenter.md) -#### [WindowsDefenderSmartScreen](policy-csp-smartscreen.md) -#### [WindowsInkWorkspace](policy-csp-windowsinkworkspace.md) -#### [WindowsLogon](policy-csp-windowslogon.md) -#### [WindowsPowerShell](policy-csp-windowspowershell.md) -#### [WindowsSandbox](policy-csp-windowssandbox.md) -#### [WirelessDisplay](policy-csp-wirelessdisplay.md) -### [PolicyManager CSP](policymanager-csp.md) -### [Provisioning CSP](provisioning-csp.md) -### [PROXY CSP](proxy-csp.md) -### [PXLOGICAL CSP](pxlogical-csp.md) -### [Reboot CSP](reboot-csp.md) -#### [Reboot DDF file](reboot-ddf-file.md) -### [Registry CSP](registry-csp.md) -#### [Registry DDF file](registry-ddf-file.md) -### [RemoteFind CSP](remotefind-csp.md) -#### [RemoteFind DDF file](remotefind-ddf-file.md) -### [RemoteLock CSP](remotelock-csp.md) -#### [RemoteLock DDF file](remotelock-ddf-file.md) -### [RemoteRing CSP](remotering-csp.md) -#### [RemoteRing DDF file](remotering-ddf-file.md) -### [RemoteWipe CSP](remotewipe-csp.md) -#### [RemoteWipe DDF file](remotewipe-ddf-file.md) -### [Reporting CSP](reporting-csp.md) -#### [Reporting DDF file](reporting-ddf-file.md) -### [RootCATrustedCertificates CSP](rootcacertificates-csp.md) -#### [RootCATrustedCertificates DDF file](rootcacertificates-ddf-file.md) -### [SecureAssessment CSP](secureassessment-csp.md) -#### [SecureAssessment DDF file](secureassessment-ddf-file.md) -### [SecurityPolicy CSP](securitypolicy-csp.md) -### [SharedPC CSP](sharedpc-csp.md) -#### [SharedPC DDF file](sharedpc-ddf-file.md) -### [Storage CSP](storage-csp.md) -#### [Storage DDF file](storage-ddf-file.md) -### [SUPL CSP](supl-csp.md) -#### [SUPL DDF file](supl-ddf-file.md) -### [SurfaceHub CSP](surfacehub-csp.md) -#### [SurfaceHub DDF file](surfacehub-ddf-file.md) -### [TenantLockdown CSP](tenantlockdown-csp.md) -#### [TenantLockdown DDF file](tenantlockdown-ddf.md) -### [TPMPolicy CSP](tpmpolicy-csp.md) -#### [TPMPolicy DDF file](tpmpolicy-ddf-file.md) -### [UEFI CSP](uefi-csp.md) -#### [UEFI DDF file](uefi-ddf.md) -### [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md) -#### [UnifiedWriteFilter DDF file](unifiedwritefilter-ddf.md) -### [Update CSP](update-csp.md) -#### [Update DDF file](update-ddf-file.md) -### [VPN CSP](vpn-csp.md) -#### [VPN DDF file](vpn-ddf-file.md) -### [VPNv2 CSP](vpnv2-csp.md) -#### [VPNv2 DDF file](vpnv2-ddf-file.md) -#### [ProfileXML XSD](vpnv2-profile-xsd.md) -#### [EAP configuration](eap-configuration.md) -### [w4 APPLICATION CSP](w4-application-csp.md) -### [w7 APPLICATION CSP](w7-application-csp.md) -### [WiFi CSP](wifi-csp.md) -#### [WiFi DDF file](wifi-ddf-file.md) -### [Win32AppInventory CSP](win32appinventory-csp.md) -#### [Win32AppInventory DDF file](win32appinventory-ddf-file.md) -### [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md) -#### [Win32CompatibilityAppraiser DDF file](win32compatibilityappraiser-ddf.md) -### [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) -#### [WindowsAdvancedThreatProtection DDF file](windowsadvancedthreatprotection-ddf.md) -### [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) -#### [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md) -### [WindowsLicensing CSP](windowslicensing-csp.md) -#### [WindowsLicensing DDF file](windowslicensing-ddf-file.md) -### [WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md) -#### [WindowsSecurityAuditing DDF file](windowssecurityauditing-ddf-file.md) -### [WiredNetwork CSP](wirednetwork-csp.md) -#### [WiredNetwork DDF file](wirednetwork-ddf-file.md) \ No newline at end of file diff --git a/windows/client-management/mdm/TOC.yml b/windows/client-management/mdm/TOC.yml new file mode 100644 index 0000000000..8a50f6ccd9 --- /dev/null +++ b/windows/client-management/mdm/TOC.yml @@ -0,0 +1,954 @@ +- name: Mobile device management + href: index.md + items: + - name: What's new in MDM enrollment and management + href: new-in-windows-mdm-enrollment-management.md + items: + - name: Change history for MDM documentation + href: change-history-for-mdm-documentation.md + - name: Mobile device enrollment + href: mobile-device-enrollment.md + items: + - name: MDM enrollment of Windows devices + href: mdm-enrollment-of-windows-devices.md + items: + - name: "Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal" + href: azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md + - name: Enroll a Windows 10 device automatically using Group Policy + href: enroll-a-windows-10-device-automatically-using-group-policy.md + - name: Federated authentication device enrollment + href: federated-authentication-device-enrollment.md + - name: Certificate authentication device enrollment + href: certificate-authentication-device-enrollment.md + - name: On-premises authentication device enrollment + href: on-premise-authentication-device-enrollment.md + - name: Understanding ADMX-backed policies + href: understanding-admx-backed-policies.md + - name: Enable ADMX-backed policies in MDM + href: enable-admx-backed-policies-in-mdm.md + - name: Win32 and Desktop Bridge app policy configuration + href: win32-and-centennial-app-policy-configuration.md + - name: Implement server-side support for mobile application management on Windows + href: implement-server-side-mobile-application-management.md + - name: Diagnose MDM failures in Windows 10 + href: diagnose-mdm-failures-in-windows-10.md + - name: Deploy and configure App-V apps using MDM + href: appv-deploy-and-config.md + - name: Azure Active Directory integration with MDM + href: azure-active-directory-integration-with-mdm.md + items: + - name: Add an Azure AD tenant and Azure AD subscription + href: add-an-azure-ad-tenant-and-azure-ad-subscription.md + - name: Register your free Azure Active Directory subscription + href: register-your-free-azure-active-directory-subscription.md + - name: Enterprise app management + href: enterprise-app-management.md + - name: Mobile device management (MDM) for device updates + href: device-update-management.md + - name: Bulk enrollment + href: bulk-enrollment-using-windows-provisioning-tool.md + - name: Management tool for the Microsoft Store for Business + href: management-tool-for-windows-store-for-business.md + items: + - name: REST API reference for Microsoft Store for Business + href: rest-api-reference-windows-store-for-business.md + items: + - name: Data structures for Microsoft Store for Business + href: data-structures-windows-store-for-business.md + - name: Get Inventory + href: get-inventory.md + - name: Get product details + href: get-product-details.md + - name: Get localized product details + href: get-localized-product-details.md + - name: Get offline license + href: get-offline-license.md + - name: Get product packages + href: get-product-packages.md + - name: Get product package + href: get-product-package.md + - name: Get seats + href: get-seats.md + - name: Get seat + href: get-seat.md + - name: Assign seats + href: assign-seats.md + - name: Reclaim seat from user + href: reclaim-seat-from-user.md + - name: Bulk assign and reclaim seats from users + href: bulk-assign-and-reclaim-seats-from-user.md + - name: Get seats assigned to a user + href: get-seats-assigned-to-a-user.md + - name: Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices + href: enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md + - name: Certificate renewal + href: certificate-renewal-windows-mdm.md + - name: Disconnecting from the management infrastructure (unenrollment) + href: disconnecting-from-mdm-unenrollment.md + - name: Enterprise settings, policies, and app management + href: windows-mdm-enterprise-settings.md + - name: Push notification support for device management + href: push-notification-windows-mdm.md + - name: OMA DM protocol support + href: oma-dm-protocol-support.md + - name: Structure of OMA DM provisioning files + href: structure-of-oma-dm-provisioning-files.md + - name: Server requirements for OMA DM + href: server-requirements-windows-mdm.md + - name: DMProcessConfigXMLFiltered + href: dmprocessconfigxmlfiltered.md + - name: Using PowerShell scripting with the WMI Bridge Provider + href: using-powershell-scripting-with-the-wmi-bridge-provider.md + - name: WMI providers supported in Windows 10 + href: wmi-providers-supported-in-windows.md + - name: Configuration service provider reference + href: configuration-service-provider-reference.md + items: + - name: AccountManagement CSP + href: accountmanagement-csp.md + items: + - name: AccountManagement DDF file + href: accountmanagement-ddf.md + - name: Accounts CSP + href: accounts-csp.md + items: + - name: Accounts DDF file + href: accounts-ddf-file.md + - name: ActiveSync CSP + href: activesync-csp.md + items: + - name: ActiveSync DDF file + href: activesync-ddf-file.md + - name: AllJoynManagement CSP + href: alljoynmanagement-csp.md + items: + - name: AllJoynManagement DDF + href: alljoynmanagement-ddf.md + - name: APPLICATION CSP + href: application-csp.md + - name: ApplicationControl CSP + href: applicationcontrol-csp.md + items: + - name: ApplicationControl DDF file + href: applicationcontrol-csp-ddf.md + - name: AppLocker CSP + href: applocker-csp.md + items: + - name: AppLocker DDF file + href: applocker-ddf-file.md + - name: AppLocker XSD + href: applocker-xsd.md + - name: AssignedAccess CSP + href: assignedaccess-csp.md + items: + - name: AssignedAccess DDF file + href: assignedaccess-ddf.md + - name: BitLocker CSP + href: bitlocker-csp.md + items: + - name: BitLocker DDF file + href: bitlocker-ddf-file.md + - name: BOOTSTRAP CSP + href: bootstrap-csp.md + - name: BrowserFavorite CSP + href: browserfavorite-csp.md + - name: CellularSettings CSP + href: cellularsettings-csp.md + - name: CertificateStore CSP + href: certificatestore-csp.md + items: + - name: CertificateStore DDF file + href: certificatestore-ddf-file.md + - name: CleanPC CSP + href: cleanpc-csp.md + items: + - name: CleanPC DDF + href: cleanpc-ddf.md + - name: ClientCertificateInstall CSP + href: clientcertificateinstall-csp.md + items: + - name: ClientCertificateInstall DDF file + href: clientcertificateinstall-ddf-file.md + - name: CM_CellularEntries CSP + href: cm-cellularentries-csp.md + - name: CM_ProxyEntries CSP + href: cm-proxyentries-csp.md + - name: CMPolicy CSP + href: cmpolicy-csp.md + - name: CMPolicyEnterprise CSP + href: cmpolicyenterprise-csp.md + items: + - name: CMPolicyEnterprise DDF file + href: cmpolicyenterprise-ddf-file.md + - name: CustomDeviceUI CSP + href: customdeviceui-csp.md + items: + - name: CustomDeviceUI DDF file + href: customdeviceui-ddf.md + - name: Defender CSP + href: defender-csp.md + items: + - name: Defender DDF file + href: defender-ddf.md + - name: DevDetail CSP + href: devdetail-csp.md + items: + - name: DevDetail DDF file + href: devdetail-ddf-file.md + - name: DeveloperSetup CSP + href: developersetup-csp.md + items: + - name: DeveloperSetup DDF + href: developersetup-ddf.md + - name: DeviceInstanceService CSP + href: deviceinstanceservice-csp.md + - name: DeviceLock CSP + href: devicelock-csp.md + items: + - name: DeviceLock DDF file + href: devicelock-ddf-file.md + - name: DeviceManageability CSP + href: devicemanageability-csp.md + items: + - name: DeviceManageability DDF + href: devicemanageability-ddf.md + - name: DeviceStatus CSP + href: devicestatus-csp.md + items: + - name: DeviceStatus DDF + href: devicestatus-ddf.md + - name: DevInfo CSP + href: devinfo-csp.md + items: + - name: DevInfo DDF file + href: devinfo-ddf-file.md + - name: DiagnosticLog CSP + href: diagnosticlog-csp.md + items: + - name: DiagnosticLog DDF file + href: diagnosticlog-ddf.md + - name: DMAcc CSP + href: dmacc-csp.md + items: + - name: DMAcc DDF file + href: dmacc-ddf-file.md + - name: DMClient CSP + href: dmclient-csp.md + items: + - name: DMClient DDF file + href: dmclient-ddf-file.md + - name: DMSessionActions CSP + href: dmsessionactions-csp.md + items: + - name: DMSessionActions DDF file + href: dmsessionactions-ddf.md + - name: DynamicManagement CSP + href: dynamicmanagement-csp.md + items: + - name: DynamicManagement DDF file + href: dynamicmanagement-ddf.md + - name: EMAIL2 CSP + href: email2-csp.md + items: + - name: EMAIL2 DDF file + href: email2-ddf-file.md + - name: EnrollmentStatusTracking CSP + href: enrollmentstatustracking-csp.md + items: + - name: EnrollmentStatusTracking DDF file + href: enrollmentstatustracking-csp-ddf.md + - name: EnterpriseAPN CSP + href: enterpriseapn-csp.md + items: + - name: EnterpriseAPN DDF + href: enterpriseapn-ddf.md + - name: EnterpriseAppManagement CSP + href: enterpriseappmanagement-csp.md + - name: EnterpriseAppVManagement CSP + href: enterpriseappvmanagement-csp.md + items: + - name: EnterpriseAppVManagement DDF file + href: enterpriseappvmanagement-ddf.md + - name: EnterpriseAssignedAccess CSP + href: enterpriseassignedaccess-csp.md + items: + - name: EnterpriseAssignedAccess DDF file + href: enterpriseassignedaccess-ddf.md + - name: EnterpriseAssignedAccess XSD + href: enterpriseassignedaccess-xsd.md + - name: EnterpriseDataProtection CSP + href: enterprisedataprotection-csp.md + items: + - name: EnterpriseDataProtection DDF file + href: enterprisedataprotection-ddf-file.md + - name: EnterpriseDesktopAppManagement CSP + href: enterprisedesktopappmanagement-csp.md + items: + - name: EnterpriseDesktopAppManagement DDF + href: enterprisedesktopappmanagement-ddf-file.md + - name: EnterpriseDesktopAppManagement XSD + href: enterprisedesktopappmanagement2-xsd.md + - name: EnterpriseExt CSP + href: enterpriseext-csp.md + items: + - name: EnterpriseExt DDF file + href: enterpriseext-ddf.md + - name: EnterpriseExtFileSystem CSP + href: enterpriseextfilessystem-csp.md + items: + - name: EnterpriseExtFileSystem DDF file + href: enterpriseextfilesystem-ddf.md + - name: EnterpriseModernAppManagement CSP + href: enterprisemodernappmanagement-csp.md + items: + - name: EnterpriseModernAppManagement DDF + href: enterprisemodernappmanagement-ddf.md + - name: EnterpriseModernAppManagement XSD + href: enterprisemodernappmanagement-xsd.md + - name: eUICCs CSP + href: euiccs-csp.md + items: + - name: eUICCs DDF file + href: euiccs-ddf-file.md + - name: FileSystem CSP + href: filesystem-csp.md + - name: Firewall CSP + href: firewall-csp.md + items: + - name: Firewall DDF file + href: firewall-ddf-file.md + - name: HealthAttestation CSP + href: healthattestation-csp.md + items: + - name: HealthAttestation DDF + href: healthattestation-ddf.md + - name: HotSpot CSP + href: hotspot-csp.md + - name: Maps CSP + href: maps-csp.md + items: + - name: Maps DDF + href: maps-ddf-file.md + - name: Messaging CSP + href: messaging-csp.md + items: + - name: Messaging DDF file + href: messaging-ddf.md + - name: MultiSIM CSP + href: multisim-csp.md + items: + - name: MultiSIM DDF file + href: multisim-ddf.md + - name: NAP CSP + href: nap-csp.md + - name: NAPDEF CSP + href: napdef-csp.md + - name: NetworkProxy CSP + href: networkproxy-csp.md + items: + - name: NetworkProxy DDF file + href: networkproxy-ddf.md + - name: NetworkQoSPolicy CSP + href: networkqospolicy-csp.md + items: + - name: NetworkQoSPolicy DDF file + href: networkqospolicy-ddf.md + - name: NodeCache CSP + href: nodecache-csp.md + items: + - name: NodeCache DDF file + href: nodecache-ddf-file.md + - name: Office CSP + href: office-csp.md + items: + - name: Office DDF + href: office-ddf.md + - name: PassportForWork CSP + href: passportforwork-csp.md + items: + - name: PassportForWork DDF file + href: passportforwork-ddf.md + - name: Personalization CSP + href: personalization-csp.md + items: + - name: Personalization DDF file + href: personalization-ddf.md + - name: Policy CSP + href: policy-configuration-service-provider.md + items: + - name: Policy CSP DDF file + href: policy-ddf-file.md + - name: Policies in Policy CSP supported by Group Policy + href: policies-in-policy-csp-supported-by-group-policy.md + - name: ADMX-backed policies in Policy CSP + href: policies-in-policy-csp-admx-backed.md + - name: Policies in Policy CSP supported by HoloLens 2 + href: policies-in-policy-csp-supported-by-hololens2.md + - name: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite + href: policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md + - name: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition + href: policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md + - name: Policies in Policy CSP supported by Windows 10 IoT Enterprise + href: ./configuration-service-provider-reference.md + - name: Policies in Policy CSP supported by Windows 10 IoT Core + href: policies-in-policy-csp-supported-by-iot-core.md + - name: Policies in Policy CSP supported by Microsoft Surface Hub + href: policies-in-policy-csp-supported-by-surface-hub.md + - name: Policy CSPs that can be set using Exchange Active Sync (EAS) + href: policies-in-policy-csp-that-can-be-set-using-eas.md + - name: AboveLock + href: policy-csp-abovelock.md + - name: Accounts + href: policy-csp-accounts.md + - name: ActiveXControls + href: policy-csp-activexcontrols.md + - name: ADMX_ActiveXInstallService + href: policy-csp-admx-activexinstallservice.md + - name: ADMX_AddRemovePrograms + href: policy-csp-admx-addremoveprograms.md + - name: ADMX_AppCompat + href: policy-csp-admx-appcompat.md + - name: ADMX_AppxPackageManager + href: policy-csp-admx-appxpackagemanager.md + - name: ADMX_AppXRuntime + href: policy-csp-admx-appxruntime.md + - name: ADMX_AttachmentManager + href: policy-csp-admx-attachmentmanager.md + - name: ADMX_AuditSettings + href: policy-csp-admx-auditsettings.md + - name: ADMX_Bits + href: policy-csp-admx-bits.md + - name: ADMX_CipherSuiteOrder + href: policy-csp-admx-ciphersuiteorder.md + - name: ADMX_COM + href: policy-csp-admx-com.md + - name: ADMX_ControlPanel + href: policy-csp-admx-controlpanel.md + - name: ADMX_ControlPanelDisplay + href: policy-csp-admx-controlpaneldisplay.md + - name: ADMX_Cpls + href: policy-csp-admx-cpls.md + - name: ADMX_CredentialProviders + href: policy-csp-admx-credentialproviders.md + - name: ADMX_CredSsp + href: policy-csp-admx-credssp.md + - name: ADMX_CredUI + href: policy-csp-admx-credui.md + - name: ADMX_CtrlAltDel + href: policy-csp-admx-ctrlaltdel.md + - name: ADMX_DataCollection + href: policy-csp-admx-datacollection.md + - name: ADMX_Desktop + href: policy-csp-admx-desktop.md + - name: ADMX_DeviceInstallation + href: policy-csp-admx-deviceinstallation.md + - name: ADMX_DeviceSetup + href: policy-csp-admx-devicesetup.md + - name: ADMX_DigitalLocker + href: policy-csp-admx-digitallocker.md + - name: ADMX_DistributedLinkTracking + href: policy-csp-admx-distributedlinktracking.md + - name: ADMX_DnsClient + href: policy-csp-admx-dnsclient.md + - name: ADMX_DWM + href: policy-csp-admx-dwm.md + - name: ADMX_EAIME + href: policy-csp-admx-eaime.md + - name: ADMX_EncryptFilesonMove + href: policy-csp-admx-encryptfilesonmove.md + - name: ADMX_EnhancedStorage + href: policy-csp-admx-enhancedstorage.md + - name: ADMX_ErrorReporting + href: policy-csp-admx-errorreporting.md + - name: ADMX_EventForwarding + href: policy-csp-admx-eventforwarding.md + - name: ADMX_EventLog + href: policy-csp-admx-eventlog.md + - name: ADMX_Explorer + href: policy-csp-admx-explorer.md + - name: ADMX_FileRecovery + href: policy-csp-admx-filerecovery.md + - name: ADMX_FileServerVSSProvider + href: policy-csp-admx-fileservervssprovider.md + - name: ADMX_FileSys + href: policy-csp-admx-filesys.md + - name: ADMX_FolderRedirection + href: policy-csp-admx-folderredirection.md + - name: ADMX_Globalization + href: policy-csp-admx-globalization.md + - name: ADMX_GroupPolicy + href: policy-csp-admx-grouppolicy.md + - name: ADMX_Help + href: policy-csp-admx-help.md + - name: ADMX_HelpAndSupport + href: policy-csp-admx-helpandsupport.md + - name: ADMX_ICM + href: policy-csp-admx-icm.md + - name: ADMX_kdc + href: policy-csp-admx-kdc.md + - name: ADMX_Kerberos + href: policy-csp-admx-kerberos.md + - name: ADMX_LanmanServer + href: policy-csp-admx-lanmanserver.md + - name: ADMX_LanmanWorkstation + href: policy-csp-admx-lanmanworkstation.md + - name: ADMX_LinkLayerTopologyDiscovery + href: policy-csp-admx-linklayertopologydiscovery.md + - name: ADMX_Logon + href: policy-csp-admx-logon.md + - name: ADMX_MicrosoftDefenderAntivirus + href: policy-csp-admx-microsoftdefenderantivirus.md + - name: ADMX_MMC + href: policy-csp-admx-mmc.md + - name: ADMX_MMCSnapins + href: policy-csp-admx-mmcsnapins.md + - name: ADMX_MSAPolicy + href: policy-csp-admx-msapolicy.md + - name: ADMX_msched + href: policy-csp-admx-msched.md + - name: ADMX_MSDT + href: policy-csp-admx-msdt.md + - name: ADMX_MSI + href: policy-csp-admx-msi.md + - name: ADMX_nca + href: policy-csp-admx-nca.md + - name: ADMX_NCSI + href: policy-csp-admx-ncsi.md + - name: ADMX_Netlogon + href: policy-csp-admx-netlogon.md + - name: ADMX_NetworkConnections + href: policy-csp-admx-networkconnections.md + - name: ADMX_OfflineFiles + href: policy-csp-admx-offlinefiles.md + - name: ADMX_PeerToPeerCaching + href: policy-csp-admx-peertopeercaching.md + - name: ADMX_PerformanceDiagnostics + href: policy-csp-admx-performancediagnostics.md + - name: ADMX_Power + href: policy-csp-admx-power.md + - name: ADMX_PowerShellExecutionPolicy + href: policy-csp-admx-powershellexecutionpolicy.md + - name: ADMX_Printing + href: policy-csp-admx-printing.md + - name: ADMX_Printing2 + href: policy-csp-admx-printing2.md + - name: ADMX_Programs + href: policy-csp-admx-programs.md + - name: ADMX_Reliability + href: policy-csp-admx-reliability.md + - name: ADMX_RemoteAssistance + href: policy-csp-admx-remoteassistance.md + - name: ADMX_RemovableStorage + href: policy-csp-admx-removablestorage.md + - name: ADMX_RPC + href: policy-csp-admx-rpc.md + - name: ADMX_Scripts + href: policy-csp-admx-scripts.md + - name: ADMX_sdiageng + href: policy-csp-admx-sdiageng.md + - name: ADMX_Securitycenter + href: policy-csp-admx-securitycenter.md + - name: ADMX_Sensors + href: policy-csp-admx-sensors.md + - name: ADMX_Servicing + href: policy-csp-admx-servicing.md + - name: ADMX_SettingSync + href: policy-csp-admx-settingsync.md + - name: ADMX_SharedFolders + href: policy-csp-admx-sharedfolders.md + - name: ADMX_Sharing + href: policy-csp-admx-sharing.md + - name: ADMX_ShellCommandPromptRegEditTools + href: policy-csp-admx-shellcommandpromptregedittools.md + - name: ADMX_SkyDrive + href: policy-csp-admx-skydrive.md + - name: ADMX_Smartcard + href: policy-csp-admx-smartcard.md + - name: ADMX_Snmp + href: policy-csp-admx-snmp.md + - name: ADMX_StartMenu + href: policy-csp-admx-startmenu.md + - name: ADMX_SystemRestore + href: policy-csp-admx-systemrestore.md + - name: ADMX_Taskbar + href: policy-csp-admx-taskbar.md + - name: ADMX_tcpip + href: policy-csp-admx-tcpip.md + - name: ADMX_Thumbnails + href: policy-csp-admx-thumbnails.md + - name: ADMX_TPM + href: policy-csp-admx-tpm.md + - name: ADMX_UserExperienceVirtualization + href: policy-csp-admx-userexperiencevirtualization.md + - name: ADMX_UserProfiles + href: policy-csp-admx-userprofiles.md + - name: ADMX_W32Time + href: policy-csp-admx-w32time.md + - name: ADMX_WCM + href: policy-csp-admx-wcm.md + - name: ADMX_WinCal + href: policy-csp-admx-wincal.md + - name: ADMX_WindowsAnytimeUpgrade + href: policy-csp-admx-windowsanytimeupgrade.md + - name: ADMX_WindowsConnectNow + href: policy-csp-admx-windowsconnectnow.md + - name: ADMX_WindowsExplorer + href: policy-csp-admx-windowsexplorer.md + - name: ADMX_WindowsFileProtection + href: policy-csp-admx-windowsfileprotection.md + - name: ADMX_WindowsMediaDRM + href: policy-csp-admx-windowsmediadrm.md + - name: ADMX_WindowsMediaPlayer + href: policy-csp-admx-windowsmediaplayer.md + - name: ADMX_WindowsRemoteManagement + href: policy-csp-admx-windowsremotemanagement.md + - name: ADMX_WindowsStore + href: policy-csp-admx-windowsstore.md + - name: ADMX_WinInit + href: policy-csp-admx-wininit.md + - name: ADMX_WinLogon + href: policy-csp-admx-winlogon.md + - name: ADMX-Winsrv + href: policy-csp-admx-winsrv.md + - name: ADMX_wlansvc + href: policy-csp-admx-wlansvc.md + - name: ADMX_WPN + href: policy-csp-admx-wpn.md + - name: ApplicationDefaults + href: policy-csp-applicationdefaults.md + - name: ApplicationManagement + href: policy-csp-applicationmanagement.md + - name: AppRuntime + href: policy-csp-appruntime.md + - name: AppVirtualization + href: policy-csp-appvirtualization.md + - name: AttachmentManager + href: policy-csp-attachmentmanager.md + - name: Audit + href: policy-csp-audit.md + - name: Authentication + href: policy-csp-authentication.md + - name: Autoplay + href: policy-csp-autoplay.md + - name: BitLocker + href: policy-csp-bitlocker.md + - name: BITS + href: policy-csp-bits.md + - name: Bluetooth + href: policy-csp-bluetooth.md + - name: Browser + href: policy-csp-browser.md + - name: Camera + href: policy-csp-camera.md + - name: Cellular + href: policy-csp-cellular.md + - name: Connectivity + href: policy-csp-connectivity.md + - name: ControlPolicyConflict + href: policy-csp-controlpolicyconflict.md + - name: CredentialsDelegation + href: policy-csp-credentialsdelegation.md + - name: CredentialProviders + href: policy-csp-credentialproviders.md + - name: CredentialsUI + href: policy-csp-credentialsui.md + - name: Cryptography + href: policy-csp-cryptography.md + - name: DataProtection + href: policy-csp-dataprotection.md + - name: DataUsage + href: policy-csp-datausage.md + - name: Defender + href: policy-csp-defender.md + - name: DeliveryOptimization + href: policy-csp-deliveryoptimization.md + - name: Desktop + href: policy-csp-desktop.md + - name: DeviceGuard + href: policy-csp-deviceguard.md + - name: DeviceHealthMonitoring + href: policy-csp-devicehealthmonitoring.md + - name: DeviceInstallation + href: policy-csp-deviceinstallation.md + - name: DeviceLock + href: policy-csp-devicelock.md + - name: Display + href: policy-csp-display.md + - name: DmaGuard + href: policy-csp-dmaguard.md + - name: Education + href: policy-csp-education.md + - name: EnterpriseCloudPrint + href: policy-csp-enterprisecloudprint.md + - name: ErrorReporting + href: policy-csp-errorreporting.md + - name: EventLogService + href: policy-csp-eventlogservice.md + - name: Experience + href: policy-csp-experience.md + - name: ExploitGuard + href: policy-csp-exploitguard.md + - name: FileExplorer + href: policy-csp-fileexplorer.md + - name: Games + href: policy-csp-games.md + - name: Handwriting + href: policy-csp-handwriting.md + - name: InternetExplorer + href: policy-csp-internetexplorer.md + - name: Kerberos + href: policy-csp-kerberos.md + - name: KioskBrowser + href: policy-csp-kioskbrowser.md + - name: LanmanWorkstation + href: policy-csp-lanmanworkstation.md + - name: Licensing + href: policy-csp-licensing.md + - name: LocalPoliciesSecurityOptions + href: policy-csp-localpoliciessecurityoptions.md + - name: LocalUsersAndGroups + href: policy-csp-localusersandgroups.md + - name: LockDown + href: policy-csp-lockdown.md + - name: Maps + href: policy-csp-maps.md + - name: Messaging + href: policy-csp-messaging.md + - name: MixedReality + href: policy-csp-mixedreality.md + - name: MSSecurityGuide + href: policy-csp-mssecurityguide.md + - name: MSSLegacy + href: policy-csp-msslegacy.md + - name: Multitasking + href: policy-csp-multitasking.md + - name: NetworkIsolation + href: policy-csp-networkisolation.md + - name: Notifications + href: policy-csp-notifications.md + - name: Power + href: policy-csp-power.md + - name: Printers + href: policy-csp-printers.md + - name: Privacy + href: policy-csp-privacy.md + - name: RemoteAssistance + href: policy-csp-remoteassistance.md + - name: RemoteDesktopServices + href: policy-csp-remotedesktopservices.md + - name: RemoteManagement + href: policy-csp-remotemanagement.md + - name: RemoteProcedureCall + href: policy-csp-remoteprocedurecall.md + - name: RemoteShell + href: policy-csp-remoteshell.md + - name: RestrictedGroups + href: policy-csp-restrictedgroups.md + - name: Search + href: policy-csp-search.md + - name: Security + href: policy-csp-security.md + - name: ServiceControlManager + href: policy-csp-servicecontrolmanager.md + - name: Settings + href: policy-csp-settings.md + - name: Speech + href: policy-csp-speech.md + - name: Start + href: policy-csp-start.md + - name: Storage + href: policy-csp-storage.md + - name: System + href: policy-csp-system.md + - name: SystemServices + href: policy-csp-systemservices.md + - name: TaskManager + href: policy-csp-taskmanager.md + - name: TaskScheduler + href: policy-csp-taskscheduler.md + - name: TextInput + href: policy-csp-textinput.md + - name: TimeLanguageSettings + href: policy-csp-timelanguagesettings.md + - name: Troubleshooting + href: policy-csp-troubleshooting.md + - name: Update + href: policy-csp-update.md + - name: UserRights + href: policy-csp-userrights.md + - name: Wifi + href: policy-csp-wifi.md + - name: WindowsConnectionManager + href: policy-csp-windowsconnectionmanager.md + - name: WindowsDefenderSecurityCenter + href: policy-csp-windowsdefendersecuritycenter.md + - name: WindowsDefenderSmartScreen + href: policy-csp-smartscreen.md + - name: WindowsInkWorkspace + href: policy-csp-windowsinkworkspace.md + - name: WindowsLogon + href: policy-csp-windowslogon.md + - name: WindowsPowerShell + href: policy-csp-windowspowershell.md + - name: WindowsSandbox + href: policy-csp-windowssandbox.md + - name: WirelessDisplay + href: policy-csp-wirelessdisplay.md + - name: PolicyManager CSP + href: policymanager-csp.md + - name: Provisioning CSP + href: provisioning-csp.md + - name: PROXY CSP + href: proxy-csp.md + - name: PXLOGICAL CSP + href: pxlogical-csp.md + - name: Reboot CSP + href: reboot-csp.md + items: + - name: Reboot DDF file + href: reboot-ddf-file.md + - name: Registry CSP + href: registry-csp.md + items: + - name: Registry DDF file + href: registry-ddf-file.md + - name: RemoteFind CSP + href: remotefind-csp.md + items: + - name: RemoteFind DDF file + href: remotefind-ddf-file.md + - name: RemoteLock CSP + href: remotelock-csp.md + items: + - name: RemoteLock DDF file + href: remotelock-ddf-file.md + - name: RemoteRing CSP + href: remotering-csp.md + items: + - name: RemoteRing DDF file + href: remotering-ddf-file.md + - name: RemoteWipe CSP + href: remotewipe-csp.md + items: + - name: RemoteWipe DDF file + href: remotewipe-ddf-file.md + - name: Reporting CSP + href: reporting-csp.md + items: + - name: Reporting DDF file + href: reporting-ddf-file.md + - name: RootCATrustedCertificates CSP + href: rootcacertificates-csp.md + items: + - name: RootCATrustedCertificates DDF file + href: rootcacertificates-ddf-file.md + - name: SecureAssessment CSP + href: secureassessment-csp.md + items: + - name: SecureAssessment DDF file + href: secureassessment-ddf-file.md + - name: SecurityPolicy CSP + href: securitypolicy-csp.md + - name: SharedPC CSP + href: sharedpc-csp.md + items: + - name: SharedPC DDF file + href: sharedpc-ddf-file.md + - name: Storage CSP + href: storage-csp.md + items: + - name: Storage DDF file + href: storage-ddf-file.md + - name: SUPL CSP + href: supl-csp.md + items: + - name: SUPL DDF file + href: supl-ddf-file.md + - name: SurfaceHub CSP + href: surfacehub-csp.md + items: + - name: SurfaceHub DDF file + href: surfacehub-ddf-file.md + - name: TenantLockdown CSP + href: tenantlockdown-csp.md + items: + - name: TenantLockdown DDF file + href: tenantlockdown-ddf.md + - name: TPMPolicy CSP + href: tpmpolicy-csp.md + items: + - name: TPMPolicy DDF file + href: tpmpolicy-ddf-file.md + - name: UEFI CSP + href: uefi-csp.md + items: + - name: UEFI DDF file + href: uefi-ddf.md + - name: UnifiedWriteFilter CSP + href: unifiedwritefilter-csp.md + items: + - name: UnifiedWriteFilter DDF file + href: unifiedwritefilter-ddf.md + - name: Update CSP + href: update-csp.md + items: + - name: Update DDF file + href: update-ddf-file.md + - name: VPN CSP + href: vpn-csp.md + items: + - name: VPN DDF file + href: vpn-ddf-file.md + - name: VPNv2 CSP + href: vpnv2-csp.md + items: + - name: VPNv2 DDF file + href: vpnv2-ddf-file.md + - name: ProfileXML XSD + href: vpnv2-profile-xsd.md + - name: EAP configuration + href: eap-configuration.md + - name: w4 APPLICATION CSP + href: w4-application-csp.md + - name: w7 APPLICATION CSP + href: w7-application-csp.md + - name: WiFi CSP + href: wifi-csp.md + items: + - name: WiFi DDF file + href: wifi-ddf-file.md + - name: Win32AppInventory CSP + href: win32appinventory-csp.md + items: + - name: Win32AppInventory DDF file + href: win32appinventory-ddf-file.md + - name: Win32CompatibilityAppraiser CSP + href: win32compatibilityappraiser-csp.md + items: + - name: Win32CompatibilityAppraiser DDF file + href: win32compatibilityappraiser-ddf.md + - name: WindowsAdvancedThreatProtection CSP + href: windowsadvancedthreatprotection-csp.md + items: + - name: WindowsAdvancedThreatProtection DDF file + href: windowsadvancedthreatprotection-ddf.md + - name: WindowsDefenderApplicationGuard CSP + href: windowsdefenderapplicationguard-csp.md + items: + - name: WindowsDefenderApplicationGuard DDF file + href: windowsdefenderapplicationguard-ddf-file.md + - name: WindowsLicensing CSP + href: windowslicensing-csp.md + items: + - name: WindowsLicensing DDF file + href: windowslicensing-ddf-file.md + - name: WindowsSecurityAuditing CSP + href: windowssecurityauditing-csp.md + items: + - name: WindowsSecurityAuditing DDF file + href: windowssecurityauditing-ddf-file.md + - name: WiredNetwork CSP + href: wirednetwork-csp.md + items: + - name: WiredNetwork DDF file + href: wirednetwork-ddf-file.md From fff3332ea50a899bcf8624550b5357e367290f3c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 21:41:56 -0700 Subject: [PATCH 075/156] Conversion to YAML: ./windows/security/identity-protection/TOC.md --- windows/security/identity-protection/TOC.md | 75 ----------- windows/security/identity-protection/TOC.yml | 134 +++++++++++++++++++ 2 files changed, 134 insertions(+), 75 deletions(-) delete mode 100644 windows/security/identity-protection/TOC.md create mode 100644 windows/security/identity-protection/TOC.yml diff --git a/windows/security/identity-protection/TOC.md b/windows/security/identity-protection/TOC.md deleted file mode 100644 index 16e55efb95..0000000000 --- a/windows/security/identity-protection/TOC.md +++ /dev/null @@ -1,75 +0,0 @@ -# [Identity and access management](index.md) - -## [Technical support policy for lost or forgotten passwords](password-support-policy.md) - -## [Access Control Overview](access-control/access-control.md) -### [Dynamic Access Control Overview](access-control/dynamic-access-control.md) -### [Security identifiers](access-control/security-identifiers.md) -### [Security Principals](access-control/security-principals.md) -### [Local Accounts](access-control/local-accounts.md) -### [Active Directory Accounts](access-control/active-directory-accounts.md) -### [Microsoft Accounts](access-control/microsoft-accounts.md) -### [Service Accounts](access-control/service-accounts.md) -### [Active Directory Security Groups](access-control/active-directory-security-groups.md) -### [Special Identities](access-control/special-identities.md) - -### [User Account Control](user-account-control\user-account-control-overview.md) -#### [How User Account Control works](user-account-control\how-user-account-control-works.md) -#### [User Account Control security policy settings](user-account-control\user-account-control-security-policy-settings.md) -#### [User Account Control Group Policy and registry key settings](user-account-control\user-account-control-group-policy-and-registry-key-settings.md) - -## [Windows Hello for Business](hello-for-business/index.yml) - -## [Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md) -### [How Credential Guard works](credential-guard/credential-guard-how-it-works.md) -### [Credential Guard Requirements](credential-guard/credential-guard-requirements.md) -### [Manage Credential Guard](credential-guard/credential-guard-manage.md) -### [Hardware readiness tool](credential-guard/dg-readiness-tool.md) -### [Credential Guard protection limits](credential-guard/credential-guard-protection-limits.md) -### [Considerations when using Credential Guard](credential-guard/credential-guard-considerations.md) -### [Credential Guard: Additional mitigations](credential-guard/additional-mitigations.md) -### [Credential Guard: Known issues](credential-guard/credential-guard-known-issues.md) - -## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) - -## [Smart Cards](smart-cards/smart-card-windows-smart-card-technical-reference.md) -### [How Smart Card Sign-in Works in Windows](smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md) -#### [Smart Card Architecture](smart-cards/smart-card-architecture.md) -#### [Certificate Requirements and Enumeration](smart-cards/smart-card-certificate-requirements-and-enumeration.md) -#### [Smart Card and Remote Desktop Services](smart-cards/smart-card-and-remote-desktop-services.md) -#### [Smart Cards for Windows Service](smart-cards/smart-card-smart-cards-for-windows-service.md) -#### [Certificate Propagation Service](smart-cards/smart-card-certificate-propagation-service.md) -#### [Smart Card Removal Policy Service](smart-cards/smart-card-removal-policy-service.md) -### [Smart Card Tools and Settings](smart-cards/smart-card-tools-and-settings.md) -#### [Smart Cards Debugging Information](smart-cards/smart-card-debugging-information.md) -#### [Smart Card Group Policy and Registry Settings](smart-cards/smart-card-group-policy-and-registry-settings.md) -#### [Smart Card Events](smart-cards/smart-card-events.md) - -### [Virtual Smart Cards](virtual-smart-cards\virtual-smart-card-overview.md) -#### [Understanding and Evaluating Virtual Smart Cards](virtual-smart-cards\virtual-smart-card-understanding-and-evaluating.md) -##### [Get Started with Virtual Smart Cards: Walkthrough Guide](virtual-smart-cards\virtual-smart-card-get-started.md) -##### [Use Virtual Smart Cards](virtual-smart-cards\virtual-smart-card-use-virtual-smart-cards.md) -##### [Deploy Virtual Smart Cards](virtual-smart-cards\virtual-smart-card-deploy-virtual-smart-cards.md) -##### [Evaluate Virtual Smart Card Security](virtual-smart-cards\virtual-smart-card-evaluate-security.md) -#### [Tpmvscmgr](virtual-smart-cards\virtual-smart-card-tpmvscmgr.md) - -## [Enterprise Certificate Pinning](enterprise-certificate-pinning.md) - -## [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) - -## [Windows 10 credential theft mitigation guide abstract](windows-credential-theft-mitigation-guide-abstract.md) - -## [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md) - -## [VPN technical guide](vpn\vpn-guide.md) -### [VPN connection types](vpn\vpn-connection-type.md) -### [VPN routing decisions](vpn\vpn-routing.md) -### [VPN authentication options](vpn\vpn-authentication.md) -### [VPN and conditional access](vpn\vpn-conditional-access.md) -### [VPN name resolution](vpn\vpn-name-resolution.md) -### [VPN auto-triggered profile options](vpn\vpn-auto-trigger-profile.md) -### [VPN security features](vpn\vpn-security-features.md) -### [VPN profile options](vpn\vpn-profile-options.md) -### [How to configure Diffie Hellman protocol over IKEv2 VPN connections](vpn\how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md) -### [How to use single sign-on (SSO) over VPN and Wi-Fi connections](vpn\how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md) -### [Optimizing Office 365 traffic with the Windows 10 VPN client](vpn\vpn-office-365-optimization.md) diff --git a/windows/security/identity-protection/TOC.yml b/windows/security/identity-protection/TOC.yml new file mode 100644 index 0000000000..6d3b4a3ff6 --- /dev/null +++ b/windows/security/identity-protection/TOC.yml @@ -0,0 +1,134 @@ +- name: Identity and access management + href: index.md + items: + - name: Technical support policy for lost or forgotten passwords + href: password-support-policy.md + - name: Access Control Overview + href: access-control/access-control.md + items: + - name: Dynamic Access Control Overview + href: access-control/dynamic-access-control.md + - name: Security identifiers + href: access-control/security-identifiers.md + - name: Security Principals + href: access-control/security-principals.md + - name: Local Accounts + href: access-control/local-accounts.md + - name: Active Directory Accounts + href: access-control/active-directory-accounts.md + - name: Microsoft Accounts + href: access-control/microsoft-accounts.md + - name: Service Accounts + href: access-control/service-accounts.md + - name: Active Directory Security Groups + href: access-control/active-directory-security-groups.md + - name: Special Identities + href: access-control/special-identities.md + - name: User Account Control + href: user-account-control\user-account-control-overview.md + items: + - name: How User Account Control works + href: user-account-control\how-user-account-control-works.md + - name: User Account Control security policy settings + href: user-account-control\user-account-control-security-policy-settings.md + - name: User Account Control Group Policy and registry key settings + href: user-account-control\user-account-control-group-policy-and-registry-key-settings.md + - name: Windows Hello for Business + href: hello-for-business/index.yml + - name: Protect derived domain credentials with Credential Guard + href: credential-guard/credential-guard.md + items: + - name: How Credential Guard works + href: credential-guard/credential-guard-how-it-works.md + - name: Credential Guard Requirements + href: credential-guard/credential-guard-requirements.md + - name: Manage Credential Guard + href: credential-guard/credential-guard-manage.md + - name: Hardware readiness tool + href: credential-guard/dg-readiness-tool.md + - name: Credential Guard protection limits + href: credential-guard/credential-guard-protection-limits.md + - name: Considerations when using Credential Guard + href: credential-guard/credential-guard-considerations.md + - name: "Credential Guard: Additional mitigations" + href: credential-guard/additional-mitigations.md + - name: "Credential Guard: Known issues" + href: credential-guard/credential-guard-known-issues.md + - name: Protect Remote Desktop credentials with Remote Credential Guard + href: remote-credential-guard.md + - name: Smart Cards + href: smart-cards/smart-card-windows-smart-card-technical-reference.md + items: + - name: How Smart Card Sign-in Works in Windows + href: smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md + items: + - name: Smart Card Architecture + href: smart-cards/smart-card-architecture.md + - name: Certificate Requirements and Enumeration + href: smart-cards/smart-card-certificate-requirements-and-enumeration.md + - name: Smart Card and Remote Desktop Services + href: smart-cards/smart-card-and-remote-desktop-services.md + - name: Smart Cards for Windows Service + href: smart-cards/smart-card-smart-cards-for-windows-service.md + - name: Certificate Propagation Service + href: smart-cards/smart-card-certificate-propagation-service.md + - name: Smart Card Removal Policy Service + href: smart-cards/smart-card-removal-policy-service.md + - name: Smart Card Tools and Settings + href: smart-cards/smart-card-tools-and-settings.md + items: + - name: Smart Cards Debugging Information + href: smart-cards/smart-card-debugging-information.md + - name: Smart Card Group Policy and Registry Settings + href: smart-cards/smart-card-group-policy-and-registry-settings.md + - name: Smart Card Events + href: smart-cards/smart-card-events.md + - name: Virtual Smart Cards + href: virtual-smart-cards\virtual-smart-card-overview.md + items: + - name: Understanding and Evaluating Virtual Smart Cards + href: virtual-smart-cards\virtual-smart-card-understanding-and-evaluating.md + items: + - name: "Get Started with Virtual Smart Cards: Walkthrough Guide" + href: virtual-smart-cards\virtual-smart-card-get-started.md + - name: Use Virtual Smart Cards + href: virtual-smart-cards\virtual-smart-card-use-virtual-smart-cards.md + - name: Deploy Virtual Smart Cards + href: virtual-smart-cards\virtual-smart-card-deploy-virtual-smart-cards.md + - name: Evaluate Virtual Smart Card Security + href: virtual-smart-cards\virtual-smart-card-evaluate-security.md + - name: Tpmvscmgr + href: virtual-smart-cards\virtual-smart-card-tpmvscmgr.md + - name: Enterprise Certificate Pinning + href: enterprise-certificate-pinning.md + - name: Install digital certificates on Windows 10 Mobile + href: installing-digital-certificates-on-windows-10-mobile.md + - name: Windows 10 credential theft mitigation guide abstract + href: windows-credential-theft-mitigation-guide-abstract.md + - name: Configure S/MIME for Windows 10 and Windows 10 Mobile + href: configure-s-mime.md + - name: VPN technical guide + href: vpn\vpn-guide.md + items: + - name: VPN connection types + href: vpn\vpn-connection-type.md + - name: VPN routing decisions + href: vpn\vpn-routing.md + - name: VPN authentication options + href: vpn\vpn-authentication.md + - name: VPN and conditional access + href: vpn\vpn-conditional-access.md + - name: VPN name resolution + href: vpn\vpn-name-resolution.md + - name: VPN auto-triggered profile options + href: vpn\vpn-auto-trigger-profile.md + - name: VPN security features + href: vpn\vpn-security-features.md + - name: VPN profile options + href: vpn\vpn-profile-options.md + - name: How to configure Diffie Hellman protocol over IKEv2 VPN connections + href: vpn\how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md + - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections + href: vpn\how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md + - name: Optimizing Office 365 traffic with the Windows 10 VPN client + href: vpn\vpn-office-365-optimization.md From a58d47d3e4ea2b3f77367625ba7d20daeea3fb15 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 21:45:30 -0700 Subject: [PATCH 076/156] Conversion to YAML: ./windows/security/threat-protection/TOC.md --- windows/security/threat-protection/TOC.md | 723 ---------- windows/security/threat-protection/TOC.yml | 1412 ++++++++++++++++++++ 2 files changed, 1412 insertions(+), 723 deletions(-) delete mode 100644 windows/security/threat-protection/TOC.md create mode 100644 windows/security/threat-protection/TOC.yml diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md deleted file mode 100644 index 0ac50df65e..0000000000 --- a/windows/security/threat-protection/TOC.md +++ /dev/null @@ -1,723 +0,0 @@ -# [Threat protection](index.md) - -## [Next-generation protection with Microsoft Defender Antivirus]() -### [Microsoft Defender Antivirus overview](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10) -### [Evaluate Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus) - -### [Configure Microsoft Defender Antivirus]() -#### [Configure Microsoft Defender Antivirus features](/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features) - -#### [Use Microsoft cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus) -##### [Prevent security settings changes with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection) -##### [Enable Block at first sight](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus) -##### [Configure the cloud block timeout period](/microsoft-365/security/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus) - -#### [Configure behavioral, heuristic, and real-time protection]() -##### [Configuration overview](/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus) -##### [Detect and block Potentially Unwanted Applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) -##### [Enable and configure always-on protection and monitoring](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus) - -#### [Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server) - -#### [Antivirus compatibility]() -##### [Compatibility charts](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility) -##### [Use limited periodic antivirus scanning](/microsoft-365/security/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus) - -#### [Manage Microsoft Defender Antivirus in your business]() -##### [Management overview](/microsoft-365/security/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus) -##### [Use Microsoft Intune and Microsoft Endpoint Manager to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus) -##### [Use Group Policy settings to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus) -##### [Use PowerShell cmdlets to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus) -##### [Use Windows Management Instrumentation (WMI) to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/use-wmi-microsoft-defender-antivirus) -##### [Use the mpcmdrun.exe command line tool to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus) - -#### [Deploy, manage updates, and report on Microsoft Defender Antivirus]() -##### [Preparing to deploy](/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus) -##### [Deploy and enable Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/deploy-microsoft-defender-antivirus) -##### [Deployment guide for VDI environments](/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus) - -##### [Report on antivirus protection]() -##### [Review protection status and alerts](/microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus) -##### [Troubleshoot antivirus reporting in Update Compliance](/microsoft-365/security/defender-endpoint/troubleshoot-reporting) -##### [Learn about the recent updates](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus) -##### [Manage protection and security intelligence updates](/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus) -##### [Manage when protection updates should be downloaded and applied](/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus) -##### [Manage updates for endpoints that are out of date](/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus) -##### [Manage event-based forced updates](/microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus) -##### [Manage updates for mobile devices and VMs](/microsoft-365/security/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus) - -#### [Customize, initiate, and review the results of scans and remediation]() -##### [Configuration overview](/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus) - -##### [Configure and validate exclusions in antivirus scans](/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus) -##### [Configure and validate exclusions based on file name, extension, and folder location](/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus) -##### [Configure and validate exclusions for files opened by processes](/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus) -##### [Configure antivirus exclusions Windows Server](/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus) -##### [Common mistakes when defining exclusions](/microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus) -##### [Configure scanning antivirus options](/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus) -##### [Configure remediation for scans](/microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus) -##### [Configure scheduled scans](/microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus) -##### [Configure and run scans](/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus) -##### [Review scan results](/microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus) -##### [Run and review the results of an offline scan](/microsoft-365/security/defender-endpoint//microsoft-defender-offline) - -#### [Restore quarantined files](/microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus) - -#### [Manage scans and remediation]() -##### [Management overview](/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus) - -##### [Configure and validate exclusions in antivirus scans]() -##### [Exclusions overview](/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus) -##### [Configure and validate exclusions based on file name, extension, and folder location](/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus) -##### [Configure and validate exclusions for files opened by processes](/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus) -##### [Configure antivirus exclusions on Windows Server](/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus) - -##### [Configure scanning options](/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus) - -#### [Configure remediation for scans](/microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus) -##### [Configure scheduled scans](/microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus) -##### [Configure and run scans](/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus) -##### [Review scan results](/microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus) -##### [Run and review the results of an offline scan](/microsoft-365/security/defender-endpoint/microsoft-defender-offline) -##### [Restore quarantined files](/microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus) - -### [Troubleshoot Microsoft Defender Antivirus]() -#### [Troubleshoot Microsoft Defender Antivirus issues](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus) -#### [Troubleshoot Microsoft Defender Antivirus migration issues](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating) - -## [Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/why-use-microsoft-defender-antivirus) -## [Better together: Microsoft Defender Antivirus and Office 365](/microsoft-365/security/defender-endpoint/office-365-microsoft-defender-antivirus) - -## [Hardware-based isolation]() - -### [Hardware-based isolation evaluation](microsoft-defender-application-guard/test-scenarios-md-app-guard.md) - -### [Application isolation]() -#### [Application guard overview](microsoft-defender-application-guard/md-app-guard-overview.md) -#### [System requirements](microsoft-defender-application-guard/reqs-md-app-guard.md) -#### [Install Microsoft Defender Application Guard](microsoft-defender-application-guard/install-md-app-guard.md) -#### [Install Microsoft Defender Application Guard Extension](microsoft-defender-application-guard/md-app-guard-browser-extension.md) - -### [Application control](windows-defender-application-control/windows-defender-application-control.md) -#### [Audit Application control policies](windows-defender-application-control/audit-windows-defender-application-control-policies.md) - -### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md) - -### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) - -## [Code integrity](device-guard/enable-virtualization-based-protection-of-code-integrity.md) -## [Network firewall]() -### [Network firewall overview](windows-firewall/windows-firewall-with-advanced-security.md) -### [Network firewall evaluation](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) - -## [Security intelligence](intelligence/index.md) -### [Understand malware & other threats](intelligence/understanding-malware.md) -#### [Prevent malware infection](intelligence/prevent-malware-infection.md) -#### [Malware names](intelligence/malware-naming.md) -#### [Coin miners](intelligence/coinminer-malware.md) -#### [Exploits and exploit kits](intelligence/exploits-malware.md) -#### [Fileless threats](intelligence/fileless-threats.md) -#### [Macro malware](intelligence/macro-malware.md) -#### [Phishing](intelligence/phishing.md) -#### [Ransomware](intelligence/ransomware-malware.md) -#### [Rootkits](intelligence/rootkits-malware.md) -#### [Supply chain attacks](intelligence/supply-chain-malware.md) -#### [Tech support scams](intelligence/support-scams.md) -#### [Trojans](intelligence/trojans-malware.md) -#### [Unwanted software](intelligence/unwanted-software.md) -#### [Worms](intelligence/worms-malware.md) -### [How Microsoft identifies malware and PUA](intelligence/criteria.md) -### [Submit files for analysis](intelligence/submission-guide.md) -### [Safety Scanner download](intelligence/safety-scanner-download.md) -### [Industry collaboration programs](intelligence/cybersecurity-industry-partners.md) -#### [Virus information alliance](intelligence/virus-information-alliance-criteria.md) -#### [Microsoft virus initiative](intelligence/virus-initiative-criteria.md) -#### [Coordinated malware eradication](intelligence/coordinated-malware-eradication.md) -### [Information for developers]() -#### [Software developer FAQ](intelligence/developer-faq.md) -#### [Software developer resources](intelligence/developer-resources.md) - -## [The Windows Security app](windows-defender-security-center/windows-defender-security-center.md) -### [Customize the Windows Security app for your organization](windows-defender-security-center/wdsc-customize-contact-information.md) -### [Hide Windows Security app notifications](windows-defender-security-center/wdsc-hide-notifications.md) -### [Manage Windows Security app in Windows 10 in S mode](windows-defender-security-center/wdsc-windows-10-in-s-mode.md) -### [Virus and threat protection](windows-defender-security-center/wdsc-virus-threat-protection.md) -### [Account protection](windows-defender-security-center/wdsc-account-protection.md) -### [Firewall and network protection](windows-defender-security-center/wdsc-firewall-network-protection.md) -### [App and browser control](windows-defender-security-center/wdsc-app-browser-control.md) -### [Device security](windows-defender-security-center/wdsc-device-security.md) -### [Device performance and health](windows-defender-security-center/wdsc-device-performance-health.md) -#### [Family options](windows-defender-security-center/wdsc-family-options.md) - -## [Microsoft Defender SmartScreen](microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) -### [Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md) -### [Set up and use Microsoft Defender SmartScreen on individual devices](microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md) - - -## [Windows Sandbox](windows-sandbox/windows-sandbox-overview.md) -### [Windows Sandbox architecture](windows-sandbox/windows-sandbox-architecture.md) -### [Windows Sandbox configuration](windows-sandbox/windows-sandbox-configure-using-wsb-file.md) - -### [Windows Defender Device Guard: virtualization-based security and WDAC](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) - - -## Windows Certifications - -### [FIPS 140 Validations](fips-140-validation.md) -### [Common Criteria Certifications](windows-platform-common-criteria.md) - - -## More Windows 10 security -### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) - -### [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md) - -### [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) - -### [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-intrusion-detection.md) - -### [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) - -### [Security auditing](auditing/security-auditing-overview.md) - -#### [Basic security audit policies](auditing/basic-security-audit-policies.md) -##### [Create a basic audit policy for an event category](auditing/create-a-basic-audit-policy-settings-for-an-event-category.md) -##### [Apply a basic audit policy on a file or folder](auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md) -##### [View the security event log](auditing/view-the-security-event-log.md) - -##### [Basic security audit policy settings](auditing/basic-security-audit-policy-settings.md) -###### [Audit account logon events](auditing/basic-audit-account-logon-events.md) -###### [Audit account management](auditing/basic-audit-account-management.md) -###### [Audit directory service access](auditing/basic-audit-directory-service-access.md) -###### [Audit logon events](auditing/basic-audit-logon-events.md) -###### [Audit object access](auditing/basic-audit-object-access.md) -###### [Audit policy change](auditing/basic-audit-policy-change.md) -###### [Audit privilege use](auditing/basic-audit-privilege-use.md) -###### [Audit process tracking](auditing/basic-audit-process-tracking.md) -###### [Audit system events](auditing/basic-audit-system-events.md) - -#### [Advanced security audit policies](auditing/advanced-security-auditing.md) -##### [Planning and deploying advanced security audit policies](auditing/planning-and-deploying-advanced-security-audit-policies.md) -##### [Advanced security auditing FAQ](auditing/advanced-security-auditing-faq.md) -###### [Which editions of Windows support advanced audit policy configuration](auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md) -###### [How to list XML elements in \](auditing/how-to-list-xml-elements-in-eventdata.md) - -###### [Using advanced security auditing options to monitor dynamic access control objects](auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md) -####### [Monitor the central access policies that apply on a file server](auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md) -####### [Monitor the use of removable storage devices](auditing/monitor-the-use-of-removable-storage-devices.md) -####### [Monitor resource attribute definitions](auditing/monitor-resource-attribute-definitions.md) -####### [Monitor central access policy and rule definitions](auditing/monitor-central-access-policy-and-rule-definitions.md) -####### [Monitor user and device claims during sign-in](auditing/monitor-user-and-device-claims-during-sign-in.md) -####### [Monitor the resource attributes on files and folders](auditing/monitor-the-resource-attributes-on-files-and-folders.md) -####### [Monitor the central access policies associated with files and folders](auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md) -####### [Monitor claim types](auditing/monitor-claim-types.md) - -###### [Advanced security audit policy settings](auditing/advanced-security-audit-policy-settings.md) -####### [Audit Credential Validation](auditing/audit-credential-validation.md) -####### [Event 4774 S, F: An account was mapped for logon.](auditing/event-4774.md) -####### [Event 4775 F: An account could not be mapped for logon.](auditing/event-4775.md) -####### [Event 4776 S, F: The computer attempted to validate the credentials for an account.](auditing/event-4776.md) -####### [Event 4777 F: The domain controller failed to validate the credentials for an account.](auditing/event-4777.md) -###### [Audit Kerberos Authentication Service](auditing/audit-kerberos-authentication-service.md) -####### [Event 4768 S, F: A Kerberos authentication ticket, TGT, was requested.](auditing/event-4768.md) -####### [Event 4771 F: Kerberos pre-authentication failed.](auditing/event-4771.md) -####### [Event 4772 F: A Kerberos authentication ticket request failed.](auditing/event-4772.md) -###### [Audit Kerberos Service Ticket Operations](auditing/audit-kerberos-service-ticket-operations.md) -####### [Event 4769 S, F: A Kerberos service ticket was requested.](auditing/event-4769.md) -####### [Event 4770 S: A Kerberos service ticket was renewed.](auditing/event-4770.md) -####### [Event 4773 F: A Kerberos service ticket request failed.](auditing/event-4773.md) -###### [Audit Other Account Logon Events](auditing/audit-other-account-logon-events.md) -###### [Audit Application Group Management](auditing/audit-application-group-management.md) -###### [Audit Computer Account Management](auditing/audit-computer-account-management.md) -####### [Event 4741 S: A computer account was created.](auditing/event-4741.md) -####### [Event 4742 S: A computer account was changed.](auditing/event-4742.md) -####### [Event 4743 S: A computer account was deleted.](auditing/event-4743.md) -###### [Audit Distribution Group Management](auditing/audit-distribution-group-management.md) -####### [Event 4749 S: A security-disabled global group was created.](auditing/event-4749.md) -####### [Event 4750 S: A security-disabled global group was changed.](auditing/event-4750.md) -####### [Event 4751 S: A member was added to a security-disabled global group.](auditing/event-4751.md) -####### [Event 4752 S: A member was removed from a security-disabled global group.](auditing/event-4752.md) -####### [Event 4753 S: A security-disabled global group was deleted.](auditing/event-4753.md) -###### [Audit Other Account Management Events](auditing/audit-other-account-management-events.md) -####### [Event 4782 S: The password hash of an account was accessed.](auditing/event-4782.md) -####### [Event 4793 S: The Password Policy Checking API was called.](auditing/event-4793.md) -###### [Audit Security Group Management](auditing/audit-security-group-management.md) -####### [Event 4731 S: A security-enabled local group was created.](auditing/event-4731.md) -####### [Event 4732 S: A member was added to a security-enabled local group.](auditing/event-4732.md) -####### [Event 4733 S: A member was removed from a security-enabled local group.](auditing/event-4733.md) -####### [Event 4734 S: A security-enabled local group was deleted.](auditing/event-4734.md) -####### [Event 4735 S: A security-enabled local group was changed.](auditing/event-4735.md) -####### [Event 4764 S: A group�s type was changed.](auditing/event-4764.md) -####### [Event 4799 S: A security-enabled local group membership was enumerated.](auditing/event-4799.md) -###### [Audit User Account Management](auditing/audit-user-account-management.md) -####### [Event 4720 S: A user account was created.](auditing/event-4720.md) -####### [Event 4722 S: A user account was enabled.](auditing/event-4722.md) -####### [Event 4723 S, F: An attempt was made to change an account's password.](auditing/event-4723.md) -####### [Event 4724 S, F: An attempt was made to reset an account's password.](auditing/event-4724.md) -####### [Event 4725 S: A user account was disabled.](auditing/event-4725.md) -####### [Event 4726 S: A user account was deleted.](auditing/event-4726.md) -####### [Event 4738 S: A user account was changed.](auditing/event-4738.md) -####### [Event 4740 S: A user account was locked out.](auditing/event-4740.md) -####### [Event 4765 S: SID History was added to an account.](auditing/event-4765.md) -####### [Event 4766 F: An attempt to add SID History to an account failed.](auditing/event-4766.md) -####### [Event 4767 S: A user account was unlocked.](auditing/event-4767.md) -####### [Event 4780 S: The ACL was set on accounts that are members of administrators groups.](auditing/event-4780.md) -####### [Event 4781 S: The name of an account was changed.](auditing/event-4781.md) -####### [Event 4794 S, F: An attempt was made to set the Directory Services Restore Mode administrator password.](auditing/event-4794.md) -####### [Event 4798 S: A user's local group membership was enumerated.](auditing/event-4798.md) -####### [Event 5376 S: Credential Manager credentials were backed up.](auditing/event-5376.md) -####### [Event 5377 S: Credential Manager credentials were restored from a backup.](auditing/event-5377.md) -###### [Audit DPAPI Activity](auditing/audit-dpapi-activity.md) -####### [Event 4692 S, F: Backup of data protection master key was attempted.](auditing/event-4692.md) -####### [Event 4693 S, F: Recovery of data protection master key was attempted.](auditing/event-4693.md) -####### [Event 4694 S, F: Protection of auditable protected data was attempted.](auditing/event-4694.md) -####### [Event 4695 S, F: Unprotection of auditable protected data was attempted.](auditing/event-4695.md) -###### [Audit PNP Activity](auditing/audit-pnp-activity.md) -####### [Event 6416 S: A new external device was recognized by the System.](auditing/event-6416.md) -####### [Event 6419 S: A request was made to disable a device.](auditing/event-6419.md) -####### [Event 6420 S: A device was disabled.](auditing/event-6420.md) -####### [Event 6421 S: A request was made to enable a device.](auditing/event-6421.md) -####### [Event 6422 S: A device was enabled.](auditing/event-6422.md) -####### [Event 6423 S: The installation of this device is forbidden by system policy.](auditing/event-6423.md) -####### [Event 6424 S: The installation of this device was allowed, after having previously been forbidden by policy.](auditing/event-6424.md) -###### [Audit Process Creation](auditing/audit-process-creation.md) -####### [Event 4688 S: A new process has been created.](auditing/event-4688.md) -####### [Event 4696 S: A primary token was assigned to process.](auditing/event-4696.md) -###### [Audit Process Termination](auditing/audit-process-termination.md) -####### [Event 4689 S: A process has exited.](auditing/event-4689.md) -###### [Audit RPC Events](auditing/audit-rpc-events.md) -####### [Event 5712 S: A Remote Procedure Call, RPC, was attempted.](auditing/event-5712.md) -###### [Audit Token Right Adjusted](auditing/audit-token-right-adjusted.md) -####### [Event 4703 S: A user right was adjusted.](auditing/event-4703.md) -###### [Audit Detailed Directory Service Replication](auditing/audit-detailed-directory-service-replication.md) -####### [Event 4928 S, F: An Active Directory replica source naming context was established.](auditing/event-4928.md) -####### [Event 4929 S, F: An Active Directory replica source naming context was removed.](auditing/event-4929.md) -####### [Event 4930 S, F: An Active Directory replica source naming context was modified.](auditing/event-4930.md) -####### [Event 4931 S, F: An Active Directory replica destination naming context was modified.](auditing/event-4931.md) -####### [Event 4934 S: Attributes of an Active Directory object were replicated.](auditing/event-4934.md) -####### [Event 4935 F: Replication failure begins.](auditing/event-4935.md) -####### [Event 4936 S: Replication failure ends.](auditing/event-4936.md) -####### [Event 4937 S: A lingering object was removed from a replica.](auditing/event-4937.md) -###### [Audit Directory Service Access](auditing/audit-directory-service-access.md) -####### [Event 4662 S, F: An operation was performed on an object.](auditing/event-4662.md) -####### [Event 4661 S, F: A handle to an object was requested.](auditing/event-4661.md) -###### [Audit Directory Service Changes](auditing/audit-directory-service-changes.md) -####### [Event 5136 S: A directory service object was modified.](auditing/event-5136.md) -####### [Event 5137 S: A directory service object was created.](auditing/event-5137.md) -####### [Event 5138 S: A directory service object was undeleted.](auditing/event-5138.md) -####### [Event 5139 S: A directory service object was moved.](auditing/event-5139.md) -####### [Event 5141 S: A directory service object was deleted.](auditing/event-5141.md) -###### [Audit Directory Service Replication](auditing/audit-directory-service-replication.md) -####### [Event 4932 S: Synchronization of a replica of an Active Directory naming context has begun.](auditing/event-4932.md) -####### [Event 4933 S, F: Synchronization of a replica of an Active Directory naming context has ended.](auditing/event-4933.md) -###### [Audit Account Lockout](auditing/audit-account-lockout.md) -####### [Event 4625 F: An account failed to log on.](auditing/event-4625.md) -###### [Audit User/Device Claims](auditing/audit-user-device-claims.md) -####### [Event 4626 S: User/Device claims information.](auditing/event-4626.md) -###### [Audit Group Membership](auditing/audit-group-membership.md) -####### [Event 4627 S: Group membership information.](auditing/event-4627.md) -###### [Audit IPsec Extended Mode](auditing/audit-ipsec-extended-mode.md) -###### [Audit IPsec Main Mode](auditing/audit-ipsec-main-mode.md) -###### [Audit IPsec Quick Mode](auditing/audit-ipsec-quick-mode.md) -###### [Audit Logoff](auditing/audit-logoff.md) -####### [Event 4634 S: An account was logged off.](auditing/event-4634.md) -####### [Event 4647 S: User initiated logoff.](auditing/event-4647.md) -###### [Audit Logon](auditing/audit-logon.md) -####### [Event 4624 S: An account was successfully logged on.](auditing/event-4624.md) -####### [Event 4625 F: An account failed to log on.](auditing/event-4625.md) -####### [Event 4648 S: A logon was attempted using explicit credentials.](auditing/event-4648.md) -####### [Event 4675 S: SIDs were filtered.](auditing/event-4675.md) -###### [Audit Network Policy Server](auditing/audit-network-policy-server.md) -###### [Audit Other Logon/Logoff Events](auditing/audit-other-logonlogoff-events.md) -####### [Event 4649 S: A replay attack was detected.](auditing/event-4649.md) -####### [Event 4778 S: A session was reconnected to a Window Station.](auditing/event-4778.md) -####### [Event 4779 S: A session was disconnected from a Window Station.](auditing/event-4779.md) -####### [Event 4800 S: The workstation was locked.](auditing/event-4800.md) -####### [Event 4801 S: The workstation was unlocked.](auditing/event-4801.md) -####### [Event 4802 S: The screen saver was invoked.](auditing/event-4802.md) -####### [Event 4803 S: The screen saver was dismissed.](auditing/event-4803.md) -####### [Event 5378 F: The requested credentials delegation was disallowed by policy.](auditing/event-5378.md) -####### [Event 5632 S, F: A request was made to authenticate to a wireless network.](auditing/event-5632.md) -####### [Event 5633 S, F: A request was made to authenticate to a wired network.](auditing/event-5633.md) -###### [Audit Special Logon](auditing/audit-special-logon.md) -####### [Event 4964 S: Special groups have been assigned to a new logon.](auditing/event-4964.md) -####### [Event 4672 S: Special privileges assigned to new logon.](auditing/event-4672.md) -###### [Audit Application Generated](auditing/audit-application-generated.md) -###### [Audit Certification Services](auditing/audit-certification-services.md) -###### [Audit Detailed File Share](auditing/audit-detailed-file-share.md) -####### [Event 5145 S, F: A network share object was checked to see whether client can be granted desired access.](auditing/event-5145.md) -###### [Audit File Share](auditing/audit-file-share.md) -####### [Event 5140 S, F: A network share object was accessed.](auditing/event-5140.md) -####### [Event 5142 S: A network share object was added.](auditing/event-5142.md) -####### [Event 5143 S: A network share object was modified.](auditing/event-5143.md) -####### [Event 5144 S: A network share object was deleted.](auditing/event-5144.md) -####### [Event 5168 F: SPN check for SMB/SMB2 failed.](auditing/event-5168.md) -###### [Audit File System](auditing/audit-file-system.md) -####### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md) -####### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md) -####### [Event 4660 S: An object was deleted.](auditing/event-4660.md) -####### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md) -####### [Event 4664 S: An attempt was made to create a hard link.](auditing/event-4664.md) -####### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md) -####### [Event 5051: A file was virtualized.](auditing/event-5051.md) -####### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md) -###### [Audit Filtering Platform Connection](auditing/audit-filtering-platform-connection.md) -####### [Event 5031 F: The Windows Firewall Service blocked an application from accepting incoming connections on the network.](auditing/event-5031.md) -####### [Event 5150: The Windows Filtering Platform blocked a packet.](auditing/event-5150.md) -####### [Event 5151: A more restrictive Windows Filtering Platform filter has blocked a packet.](auditing/event-5151.md) -####### [Event 5154 S: The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.](auditing/event-5154.md) -####### [Event 5155 F: The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.](auditing/event-5155.md) -####### [Event 5156 S: The Windows Filtering Platform has permitted a connection.](auditing/event-5156.md) -####### [Event 5157 F: The Windows Filtering Platform has blocked a connection.](auditing/event-5157.md) -####### [Event 5158 S: The Windows Filtering Platform has permitted a bind to a local port.](auditing/event-5158.md) -####### [Event 5159 F: The Windows Filtering Platform has blocked a bind to a local port.](auditing/event-5159.md) -###### [Audit Filtering Platform Packet Drop](auditing/audit-filtering-platform-packet-drop.md) -####### [Event 5152 F: The Windows Filtering Platform blocked a packet.](auditing/event-5152.md) -####### [Event 5153 S: A more restrictive Windows Filtering Platform filter has blocked a packet.](auditing/event-5153.md) -###### [Audit Handle Manipulation](auditing/audit-handle-manipulation.md) -####### [Event 4690 S: An attempt was made to duplicate a handle to an object.](auditing/event-4690.md) -###### [Audit Kernel Object](auditing/audit-kernel-object.md) -####### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md) -####### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md) -####### [Event 4660 S: An object was deleted.](auditing/event-4660.md) -####### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md) -###### [Audit Other Object Access Events](auditing/audit-other-object-access-events.md) -####### [Event 4671: An application attempted to access a blocked ordinal through the TBS.](auditing/event-4671.md) -####### [Event 4691 S: Indirect access to an object was requested.](auditing/event-4691.md) -####### [Event 5148 F: The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.](auditing/event-5148.md) -####### [Event 5149 F: The DoS attack has subsided and normal processing is being resumed.](auditing/event-5149.md) -####### [Event 4698 S: A scheduled task was created.](auditing/event-4698.md) -####### [Event 4699 S: A scheduled task was deleted.](auditing/event-4699.md) -####### [Event 4700 S: A scheduled task was enabled.](auditing/event-4700.md) -####### [Event 4701 S: A scheduled task was disabled.](auditing/event-4701.md) -####### [Event 4702 S: A scheduled task was updated.](auditing/event-4702.md) -####### [Event 5888 S: An object in the COM+ Catalog was modified.](auditing/event-5888.md) -####### [Event 5889 S: An object was deleted from the COM+ Catalog.](auditing/event-5889.md) -####### [Event 5890 S: An object was added to the COM+ Catalog.](auditing/event-5890.md) -###### [Audit Registry](auditing/audit-registry.md) -####### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md) -####### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md) -####### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md) -####### [Event 4660 S: An object was deleted.](auditing/event-4660.md) -####### [Event 4657 S: A registry value was modified.](auditing/event-4657.md) -####### [Event 5039: A registry key was virtualized.](auditing/event-5039.md) -####### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md) -###### [Audit Removable Storage](auditing/audit-removable-storage.md) -###### [Audit SAM](auditing/audit-sam.md) -####### [Event 4661 S, F: A handle to an object was requested.](auditing/event-4661.md) -###### [Audit Central Access Policy Staging](auditing/audit-central-access-policy-staging.md) -####### [Event 4818 S: Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.](auditing/event-4818.md) -###### [Audit Audit Policy Change](auditing/audit-audit-policy-change.md) -####### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md) -####### [Event 4715 S: The audit policy, SACL, on an object was changed.](auditing/event-4715.md) -####### [Event 4719 S: System audit policy was changed.](auditing/event-4719.md) -####### [Event 4817 S: Auditing settings on object were changed.](auditing/event-4817.md) -####### [Event 4902 S: The Per-user audit policy table was created.](auditing/event-4902.md) -####### [Event 4906 S: The CrashOnAuditFail value has changed.](auditing/event-4906.md) -####### [Event 4907 S: Auditing settings on object were changed.](auditing/event-4907.md) -####### [Event 4908 S: Special Groups Logon table modified.](auditing/event-4908.md) -####### [Event 4912 S: Per User Audit Policy was changed.](auditing/event-4912.md) -####### [Event 4904 S: An attempt was made to register a security event source.](auditing/event-4904.md) -####### [Event 4905 S: An attempt was made to unregister a security event source.](auditing/event-4905.md) -###### [Audit Authentication Policy Change](auditing/audit-authentication-policy-change.md) -####### [Event 4706 S: A new trust was created to a domain.](auditing/event-4706.md) -####### [Event 4707 S: A trust to a domain was removed.](auditing/event-4707.md) -####### [Event 4716 S: Trusted domain information was modified.](auditing/event-4716.md) -####### [Event 4713 S: Kerberos policy was changed.](auditing/event-4713.md) -####### [Event 4717 S: System security access was granted to an account.](auditing/event-4717.md) -####### [Event 4718 S: System security access was removed from an account.](auditing/event-4718.md) -####### [Event 4739 S: Domain Policy was changed.](auditing/event-4739.md) -####### [Event 4864 S: A namespace collision was detected.](auditing/event-4864.md) -####### [Event 4865 S: A trusted forest information entry was added.](auditing/event-4865.md) -####### [Event 4866 S: A trusted forest information entry was removed.](auditing/event-4866.md) -####### [Event 4867 S: A trusted forest information entry was modified.](auditing/event-4867.md) -###### [Audit Authorization Policy Change](auditing/audit-authorization-policy-change.md) -####### [Event 4703 S: A user right was adjusted.](auditing/event-4703.md) -####### [Event 4704 S: A user right was assigned.](auditing/event-4704.md) -####### [Event 4705 S: A user right was removed.](auditing/event-4705.md) -####### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md) -####### [Event 4911 S: Resource attributes of the object were changed.](auditing/event-4911.md) -####### [Event 4913 S: Central Access Policy on the object was changed.](auditing/event-4913.md) -###### [Audit Filtering Platform Policy Change](auditing/audit-filtering-platform-policy-change.md) -###### [Audit MPSSVC Rule-Level Policy Change](auditing/audit-mpssvc-rule-level-policy-change.md) -####### [Event 4944 S: The following policy was active when the Windows Firewall started.](auditing/event-4944.md) -####### [Event 4945 S: A rule was listed when the Windows Firewall started.](auditing/event-4945.md) -####### [Event 4946 S: A change has been made to Windows Firewall exception list. A rule was added.](auditing/event-4946.md) -####### [Event 4947 S: A change has been made to Windows Firewall exception list. A rule was modified.](auditing/event-4947.md) -####### [Event 4948 S: A change has been made to Windows Firewall exception list. A rule was deleted.](auditing/event-4948.md) -####### [Event 4949 S: Windows Firewall settings were restored to the default values.](auditing/event-4949.md) -####### [Event 4950 S: A Windows Firewall setting has changed.](auditing/event-4950.md) -####### [Event 4951 F: A rule has been ignored because its major version number was not recognized by Windows Firewall.](auditing/event-4951.md) -####### [Event 4952 F: Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced.](auditing/event-4952.md) -####### [Event 4953 F: Windows Firewall ignored a rule because it could not be parsed.](auditing/event-4953.md) -####### [Event 4954 S: Windows Firewall Group Policy settings have changed. The new settings have been applied.](auditing/event-4954.md) -####### [Event 4956 S: Windows Firewall has changed the active profile.](auditing/event-4956.md) -####### [Event 4957 F: Windows Firewall did not apply the following rule.](auditing/event-4957.md) -####### [Event 4958 F: Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.](auditing/event-4958.md) -###### [Audit Other Policy Change Events](auditing/audit-other-policy-change-events.md) -####### [Event 4714 S: Encrypted data recovery policy was changed.](auditing/event-4714.md) -####### [Event 4819 S: Central Access Policies on the machine have been changed.](auditing/event-4819.md) -####### [Event 4826 S: Boot Configuration Data loaded.](auditing/event-4826.md) -####### [Event 4909: The local policy settings for the TBS were changed.](auditing/event-4909.md) -####### [Event 4910: The group policy settings for the TBS were changed.](auditing/event-4910.md) -####### [Event 5063 S, F: A cryptographic provider operation was attempted.](auditing/event-5063.md) -####### [Event 5064 S, F: A cryptographic context operation was attempted.](auditing/event-5064.md) -####### [Event 5065 S, F: A cryptographic context modification was attempted.](auditing/event-5065.md) -####### [Event 5066 S, F: A cryptographic function operation was attempted.](auditing/event-5066.md) -####### [Event 5067 S, F: A cryptographic function modification was attempted.](auditing/event-5067.md) -####### [Event 5068 S, F: A cryptographic function provider operation was attempted.](auditing/event-5068.md) -####### [Event 5069 S, F: A cryptographic function property operation was attempted.](auditing/event-5069.md) -####### [Event 5070 S, F: A cryptographic function property modification was attempted.](auditing/event-5070.md) -####### [Event 5447 S: A Windows Filtering Platform filter has been changed.](auditing/event-5447.md) -####### [Event 6144 S: Security policy in the group policy objects has been applied successfully.](auditing/event-6144.md) -####### [Event 6145 F: One or more errors occurred while processing security policy in the group policy objects.](auditing/event-6145.md) -###### [Audit Sensitive Privilege Use](auditing/audit-sensitive-privilege-use.md) -####### [Event 4673 S, F: A privileged service was called.](auditing/event-4673.md) -####### [Event 4674 S, F: An operation was attempted on a privileged object.](auditing/event-4674.md) -####### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md) -###### [Audit Non Sensitive Privilege Use](auditing/audit-non-sensitive-privilege-use.md) -####### [Event 4673 S, F: A privileged service was called.](auditing/event-4673.md) -####### [Event 4674 S, F: An operation was attempted on a privileged object.](auditing/event-4674.md) -####### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md) -###### [Audit Other Privilege Use Events](auditing/audit-other-privilege-use-events.md) -####### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md) -###### [Audit IPsec Driver](auditing/audit-ipsec-driver.md) -###### [Audit Other System Events](auditing/audit-other-system-events.md) -####### [Event 5024 S: The Windows Firewall Service has started successfully.](auditing/event-5024.md) -####### [Event 5025 S: The Windows Firewall Service has been stopped.](auditing/event-5025.md) -####### [Event 5027 F: The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.](auditing/event-5027.md) -####### [Event 5028 F: The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.](auditing/event-5028.md) -####### [Event 5029 F: The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.](auditing/event-5029.md) -####### [Event 5030 F: The Windows Firewall Service failed to start.](auditing/event-5030.md) -####### [Event 5032 F: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.](auditing/event-5032.md) -####### [Event 5033 S: The Windows Firewall Driver has started successfully.](auditing/event-5033.md) -####### [Event 5034 S: The Windows Firewall Driver was stopped.](auditing/event-5034.md) -####### [Event 5035 F: The Windows Firewall Driver failed to start.](auditing/event-5035.md) -####### [Event 5037 F: The Windows Firewall Driver detected critical runtime error. Terminating.](auditing/event-5037.md) -####### [Event 5058 S, F: Key file operation.](auditing/event-5058.md) -####### [Event 5059 S, F: Key migration operation.](auditing/event-5059.md) -####### [Event 6400: BranchCache: Received an incorrectly formatted response while discovering availability of content.](auditing/event-6400.md) -####### [Event 6401: BranchCache: Received invalid data from a peer. Data discarded.](auditing/event-6401.md) -####### [Event 6402: BranchCache: The message to the hosted cache offering it data is incorrectly formatted.](auditing/event-6402.md) -####### [Event 6403: BranchCache: The hosted cache sent an incorrectly formatted response to the client.](auditing/event-6403.md) -####### [Event 6404: BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.](auditing/event-6404.md) -####### [Event 6405: BranchCache: %2 instances of event id %1 occurred.](auditing/event-6405.md) -####### [Event 6406: %1 registered to Windows Firewall to control filtering for the following: %2.](auditing/event-6406.md) -####### [Event 6407: 1%.](auditing/event-6407.md) -####### [Event 6408: Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.](auditing/event-6408.md) -####### [Event 6409: BranchCache: A service connection point object could not be parsed.](auditing/event-6409.md) -###### [Audit Security State Change](auditing/audit-security-state-change.md) -####### [Event 4608 S: Windows is starting up.](auditing/event-4608.md) -####### [Event 4616 S: The system time was changed.](auditing/event-4616.md) -####### [Event 4621 S: Administrator recovered system from CrashOnAuditFail.](auditing/event-4621.md) -###### [Audit Security System Extension](auditing/audit-security-system-extension.md) -####### [Event 4610 S: An authentication package has been loaded by the Local Security Authority.](auditing/event-4610.md) -####### [Event 4611 S: A trusted logon process has been registered with the Local Security Authority.](auditing/event-4611.md) -####### [Event 4614 S: A notification package has been loaded by the Security Account Manager.](auditing/event-4614.md) -####### [Event 4622 S: A security package has been loaded by the Local Security Authority.](auditing/event-4622.md) -####### [Event 4697 S: A service was installed in the system.](auditing/event-4697.md) -###### [Audit System Integrity](auditing/audit-system-integrity.md) -####### [Event 4612 S: Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.](auditing/event-4612.md) -####### [Event 4615 S: Invalid use of LPC port.](auditing/event-4615.md) -####### [Event 4618 S: A monitored security event pattern has occurred.](auditing/event-4618.md) -####### [Event 4816 S: RPC detected an integrity violation while decrypting an incoming message.](auditing/event-4816.md) -####### [Event 5038 F: Code integrity determined that the image hash of a file is not valid.](auditing/event-5038.md) -####### [Event 5056 S: A cryptographic self-test was performed.](auditing/event-5056.md) -####### [Event 5062 S: A kernel-mode cryptographic self-test was performed.](auditing/event-5062.md) -####### [Event 5057 F: A cryptographic primitive operation failed.](auditing/event-5057.md) -####### [Event 5060 F: Verification operation failed.](auditing/event-5060.md) -####### [Event 5061 S, F: Cryptographic operation.](auditing/event-5061.md) -####### [Event 6281 F: Code Integrity determined that the page hashes of an image file are not valid.](auditing/event-6281.md) -####### [Event 6410 F: Code integrity determined that a file does not meet the security requirements to load into a process.](auditing/event-6410.md) -###### [Other Events](auditing/other-events.md) -####### [Event 1100 S: The event logging service has shut down.](auditing/event-1100.md) -####### [Event 1102 S: The audit log was cleared.](auditing/event-1102.md) -####### [Event 1104 S: The security log is now full.](auditing/event-1104.md) -####### [Event 1105 S: Event log automatic backup.](auditing/event-1105.md) -####### [Event 1108 S: The event logging service encountered an error while processing an incoming event published from %1.](auditing/event-1108.md) -###### [Appendix A: Security monitoring recommendations for many audit events](auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md) -###### [Registry (Global Object Access Auditing)](auditing/registry-global-object-access-auditing.md) -###### [File System (Global Object Access Auditing)](auditing/file-system-global-object-access-auditing.md) - - - - - -### [Security policy settings](security-policy-settings/security-policy-settings.md) -#### [Administer security policy settings](security-policy-settings/administer-security-policy-settings.md) -##### [Network List Manager policies](security-policy-settings/network-list-manager-policies.md) -#### [Configure security policy settings](security-policy-settings/how-to-configure-security-policy-settings.md) -#### [Security policy settings reference](security-policy-settings/security-policy-settings-reference.md) -##### [Account Policies](security-policy-settings/account-policies.md) -###### [Password Policy](security-policy-settings/password-policy.md) -####### [Enforce password history](security-policy-settings/enforce-password-history.md) -####### [Maximum password age](security-policy-settings/maximum-password-age.md) -####### [Minimum password age](security-policy-settings/minimum-password-age.md) -####### [Minimum password length](security-policy-settings/minimum-password-length.md) -####### [Password must meet complexity requirements](security-policy-settings/password-must-meet-complexity-requirements.md) -####### [Store passwords using reversible encryption](security-policy-settings/store-passwords-using-reversible-encryption.md) -###### [Account Lockout Policy](security-policy-settings/account-lockout-policy.md) -####### [Account lockout duration](security-policy-settings/account-lockout-duration.md) -####### [Account lockout threshold](security-policy-settings/account-lockout-threshold.md) -####### [Reset account lockout counter after](security-policy-settings/reset-account-lockout-counter-after.md) -###### [Kerberos Policy](security-policy-settings/kerberos-policy.md) -####### [Enforce user logon restrictions](security-policy-settings/enforce-user-logon-restrictions.md) -####### [Maximum lifetime for service ticket](security-policy-settings/maximum-lifetime-for-service-ticket.md) -####### [Maximum lifetime for user ticket](security-policy-settings/maximum-lifetime-for-user-ticket.md) -####### [Maximum lifetime for user ticket renewal](security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md) -####### [Maximum tolerance for computer clock synchronization](security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md) -##### [Audit Policy](security-policy-settings/audit-policy.md) -##### [Security Options](security-policy-settings/security-options.md) -###### [Accounts: Administrator account status](security-policy-settings/accounts-administrator-account-status.md) -###### [Accounts: Block Microsoft accounts](security-policy-settings/accounts-block-microsoft-accounts.md) -###### [Accounts: Guest account status](security-policy-settings/accounts-guest-account-status.md) -###### [Accounts: Limit local account use of blank passwords to console logon only](security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md) -###### [Accounts: Rename administrator account](security-policy-settings/accounts-rename-administrator-account.md) -###### [Accounts: Rename guest account](security-policy-settings/accounts-rename-guest-account.md) -###### [Audit: Audit the access of global system objects](security-policy-settings/audit-audit-the-access-of-global-system-objects.md) -###### [Audit: Audit the use of Backup and Restore privilege](security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md) -###### [Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings](security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md) -###### [Audit: Shut down system immediately if unable to log security audits](security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md) -###### [DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md) -###### [DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md) -###### [Devices: Allow undock without having to log on](security-policy-settings/devices-allow-undock-without-having-to-log-on.md) -###### [Devices: Allowed to format and eject removable media](security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md) -###### [Devices: Prevent users from installing printer drivers](security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md) -###### [Devices: Restrict CD-ROM access to locally logged-on user only](security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md) -###### [Devices: Restrict floppy access to locally logged-on user only](security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md) -###### [Domain controller: Allow server operators to schedule tasks](security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md) -###### [Domain controller: LDAP server signing requirements](security-policy-settings/domain-controller-ldap-server-signing-requirements.md) -###### [Domain controller: Refuse machine account password changes](security-policy-settings/domain-controller-refuse-machine-account-password-changes.md) -###### [Domain member: Digitally encrypt or sign secure channel data (always)](security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md) -###### [Domain member: Digitally encrypt secure channel data (when possible)](security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md) -###### [Domain member: Digitally sign secure channel data (when possible)](security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md) -###### [Domain member: Disable machine account password changes](security-policy-settings/domain-member-disable-machine-account-password-changes.md) -###### [Domain member: Maximum machine account password age](security-policy-settings/domain-member-maximum-machine-account-password-age.md) -###### [Domain member: Require strong (Windows 2000 or later) session key](security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md) -###### [Interactive logon: Display user information when the session is locked](security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md) -###### [Interactive logon: Don't display last signed-in](security-policy-settings/interactive-logon-do-not-display-last-user-name.md) -###### [Interactive logon: Don't display username at sign-in](security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md) -###### [Interactive logon: Do not require CTRL+ALT+DEL](security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md) -###### [Interactive logon: Machine account lockout threshold](security-policy-settings/interactive-logon-machine-account-lockout-threshold.md) -###### [Interactive logon: Machine inactivity limit](security-policy-settings/interactive-logon-machine-inactivity-limit.md) -###### [Interactive logon: Message text for users attempting to log on](security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md) -###### [Interactive logon: Message title for users attempting to log on](security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md) -###### [Interactive logon: Number of previous logons to cache (in case domain controller is not available)](security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md) -###### [Interactive logon: Prompt user to change password before expiration](security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md) -###### [Interactive logon: Require Domain Controller authentication to unlock workstation](security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md) -###### [Interactive logon: Require smart card](security-policy-settings/interactive-logon-require-smart-card.md) -###### [Interactive logon: Smart card removal behavior](security-policy-settings/interactive-logon-smart-card-removal-behavior.md) -###### [Microsoft network client: Digitally sign communications (always)](security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md) -###### [SMBv1 Microsoft network client: Digitally sign communications (always)](security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md) -###### [SMBv1 Microsoft network client: Digitally sign communications (if server agrees)](security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md) -###### [Microsoft network client: Send unencrypted password to third-party SMB servers](security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md) -###### [Microsoft network server: Amount of idle time required before suspending session](security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md) -###### [Microsoft network server: Attempt S4U2Self to obtain claim information](security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md) -###### [Microsoft network server: Digitally sign communications (always)](security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md) -###### [SMBv1 Microsoft network server: Digitally sign communications (always)](security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md) -###### [SMBv1 Microsoft network server: Digitally sign communications (if client agrees)](security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md) -###### [Microsoft network server: Disconnect clients when logon hours expire](security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md) -###### [Microsoft network server: Server SPN target name validation level](security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md) -###### [Network access: Allow anonymous SID/Name translation](security-policy-settings/network-access-allow-anonymous-sidname-translation.md) -###### [Network access: Do not allow anonymous enumeration of SAM accounts](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md) -###### [Network access: Do not allow anonymous enumeration of SAM accounts and shares](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md) -###### [Network access: Do not allow storage of passwords and credentials for network authentication](security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md) -###### [Network access: Let Everyone permissions apply to anonymous users](security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md) -###### [Network access: Named Pipes that can be accessed anonymously](security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md) -###### [Network access: Remotely accessible registry paths](security-policy-settings/network-access-remotely-accessible-registry-paths.md) -###### [Network access: Remotely accessible registry paths and subpaths](security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md) -###### [Network access: Restrict anonymous access to Named Pipes and Shares](security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md) -###### [Network access: Restrict clients allowed to make remote calls to SAM](security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md) -###### [Network access: Shares that can be accessed anonymously](security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md) -###### [Network access: Sharing and security model for local accounts](security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md) -###### [Network security: Allow Local System to use computer identity for NTLM](security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md) -###### [Network security: Allow LocalSystem NULL session fallback](security-policy-settings/network-security-allow-localsystem-null-session-fallback.md) -###### [Network security: Allow PKU2U authentication requests to this computer to use online identities](security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md) -###### [Network security: Configure encryption types allowed for Kerberos](security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md) -###### [Network security: Do not store LAN Manager hash value on next password change](security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md) -###### [Network security: Force logoff when logon hours expire](security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md) -###### [Network security: LAN Manager authentication level](security-policy-settings/network-security-lan-manager-authentication-level.md) -###### [Network security: LDAP client signing requirements](security-policy-settings/network-security-ldap-client-signing-requirements.md) -###### [Network security: Minimum session security for NTLM SSP based (including secure RPC) clients](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md) -###### [Network security: Minimum session security for NTLM SSP based (including secure RPC) servers](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md) -###### [Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication](security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md) -###### [Network security: Restrict NTLM: Add server exceptions in this domain](security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md) -###### [Network security: Restrict NTLM: Audit incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md) -###### [Network security: Restrict NTLM: Audit NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md) -###### [Network security: Restrict NTLM: Incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md) -###### [Network security: Restrict NTLM: NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md) -###### [Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers](security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md) -###### [Recovery console: Allow automatic administrative logon](security-policy-settings/recovery-console-allow-automatic-administrative-logon.md) -###### [Recovery console: Allow floppy copy and access to all drives and folders](security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md) -###### [Shutdown: Allow system to be shut down without having to log on](security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md) -###### [Shutdown: Clear virtual memory pagefile](security-policy-settings/shutdown-clear-virtual-memory-pagefile.md) -###### [System cryptography: Force strong key protection for user keys stored on the computer](security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md) -###### [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md) -###### [System objects: Require case insensitivity for non-Windows subsystems](security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md) -###### [System objects: Strengthen default permissions of internal system objects (Symbolic Links)](security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md) -###### [System settings: Optional subsystems](security-policy-settings/system-settings-optional-subsystems.md) -###### [System settings: Use certificate rules on Windows executables for Software Restriction Policies](security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md) -###### [User Account Control: Admin Approval Mode for the Built-in Administrator account](security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md) -###### [User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop](security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md) -###### [User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md) -###### [User Account Control: Behavior of the elevation prompt for standard users](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md) -###### [User Account Control: Detect application installations and prompt for elevation](security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md) -###### [User Account Control: Only elevate executables that are signed and validated](security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md) -###### [User Account Control: Only elevate UIAccess applications that are installed in secure locations](security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md) -###### [User Account Control: Run all administrators in Admin Approval Mode](security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md) -###### [User Account Control: Switch to the secure desktop when prompting for elevation](security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md) -###### [User Account Control: Virtualize file and registry write failures to per-user locations](security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md) -##### [Advanced security audit policy settings](security-policy-settings/secpol-advanced-security-audit-policy-settings.md) -##### [User Rights Assignment](security-policy-settings/user-rights-assignment.md) -###### [Access Credential Manager as a trusted caller](security-policy-settings/access-credential-manager-as-a-trusted-caller.md) -###### [Access this computer from the network](security-policy-settings/access-this-computer-from-the-network.md) -###### [Act as part of the operating system](security-policy-settings/act-as-part-of-the-operating-system.md) -###### [Add workstations to domain](security-policy-settings/add-workstations-to-domain.md) -###### [Adjust memory quotas for a process](security-policy-settings/adjust-memory-quotas-for-a-process.md) -###### [Allow log on locally](security-policy-settings/allow-log-on-locally.md) -###### [Allow log on through Remote Desktop Services](security-policy-settings/allow-log-on-through-remote-desktop-services.md) -###### [Back up files and directories](security-policy-settings/back-up-files-and-directories.md) -###### [Bypass traverse checking](security-policy-settings/bypass-traverse-checking.md) -###### [Change the system time](security-policy-settings/change-the-system-time.md) -###### [Change the time zone](security-policy-settings/change-the-time-zone.md) -###### [Create a pagefile](security-policy-settings/create-a-pagefile.md) -###### [Create a token object](security-policy-settings/create-a-token-object.md) -###### [Create global objects](security-policy-settings/create-global-objects.md) -###### [Create permanent shared objects](security-policy-settings/create-permanent-shared-objects.md) -###### [Create symbolic links](security-policy-settings/create-symbolic-links.md) -###### [Debug programs](security-policy-settings/debug-programs.md) -###### [Deny access to this computer from the network](security-policy-settings/deny-access-to-this-computer-from-the-network.md) -###### [Deny log on as a batch job](security-policy-settings/deny-log-on-as-a-batch-job.md) -###### [Deny log on as a service](security-policy-settings/deny-log-on-as-a-service.md) -###### [Deny log on locally](security-policy-settings/deny-log-on-locally.md) -###### [Deny log on through Remote Desktop Services](security-policy-settings/deny-log-on-through-remote-desktop-services.md) -###### [Enable computer and user accounts to be trusted for delegation](security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md) -###### [Force shutdown from a remote system](security-policy-settings/force-shutdown-from-a-remote-system.md) -###### [Generate security audits](security-policy-settings/generate-security-audits.md) -###### [Impersonate a client after authentication](security-policy-settings/impersonate-a-client-after-authentication.md) -###### [Increase a process working set](security-policy-settings/increase-a-process-working-set.md) -###### [Increase scheduling priority](security-policy-settings/increase-scheduling-priority.md) -###### [Load and unload device drivers](security-policy-settings/load-and-unload-device-drivers.md) -###### [Lock pages in memory](security-policy-settings/lock-pages-in-memory.md) -###### [Log on as a batch job](security-policy-settings/log-on-as-a-batch-job.md) -###### [Log on as a service](security-policy-settings/log-on-as-a-service.md) -###### [Manage auditing and security log](security-policy-settings/manage-auditing-and-security-log.md) -###### [Modify an object label](security-policy-settings/modify-an-object-label.md) -###### [Modify firmware environment values](security-policy-settings/modify-firmware-environment-values.md) -###### [Perform volume maintenance tasks](security-policy-settings/perform-volume-maintenance-tasks.md) -###### [Profile single process](security-policy-settings/profile-single-process.md) -###### [Profile system performance](security-policy-settings/profile-system-performance.md) -###### [Remove computer from docking station](security-policy-settings/remove-computer-from-docking-station.md) -###### [Replace a process level token](security-policy-settings/replace-a-process-level-token.md) -###### [Restore files and directories](security-policy-settings/restore-files-and-directories.md) -###### [Shut down the system](security-policy-settings/shut-down-the-system.md) -###### [Synchronize directory service data](security-policy-settings/synchronize-directory-service-data.md) -###### [Take ownership of files or other objects](security-policy-settings/take-ownership-of-files-or-other-objects.md) - -### Windows security guidance for enterprises - -#### [Windows security baselines](windows-security-configuration-framework/windows-security-baselines.md) -##### [Security Compliance Toolkit](windows-security-configuration-framework/security-compliance-toolkit-10.md) -##### [Get support](windows-security-configuration-framework/get-support-for-security-baselines.md) - -### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md) diff --git a/windows/security/threat-protection/TOC.yml b/windows/security/threat-protection/TOC.yml new file mode 100644 index 0000000000..9e2e05229f --- /dev/null +++ b/windows/security/threat-protection/TOC.yml @@ -0,0 +1,1412 @@ +- name: Threat protection + href: index.md + items: + - name: Next-generation protection with Microsoft Defender Antivirus + items: + - name: Microsoft Defender Antivirus overview + href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10 + - name: Evaluate Microsoft Defender Antivirus + href: /microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus + - name: Configure Microsoft Defender Antivirus + items: + - name: Configure Microsoft Defender Antivirus features + href: /microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features + - name: Use Microsoft cloud-delivered protection + href: /microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus + items: + - name: Prevent security settings changes with tamper protection + href: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection + - name: Enable Block at first sight + href: /microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus + - name: Configure the cloud block timeout period + href: /microsoft-365/security/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus + - name: Configure behavioral, heuristic, and real-time protection + items: + - name: Configuration overview + href: /microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus + - name: Detect and block Potentially Unwanted Applications + href: /microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus + - name: Enable and configure always-on protection and monitoring + href: /microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus + - name: Antivirus on Windows Server + href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server + - name: Antivirus compatibility + items: + - name: Compatibility charts + href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility + - name: Use limited periodic antivirus scanning + href: /microsoft-365/security/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus + - name: Manage Microsoft Defender Antivirus in your business + items: + - name: Management overview + href: /microsoft-365/security/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus + - name: Use Microsoft Intune and Microsoft Endpoint Manager to manage Microsoft Defender Antivirus + href: /microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus + - name: Use Group Policy settings to manage Microsoft Defender Antivirus + href: /microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus + - name: Use PowerShell cmdlets to manage Microsoft Defender Antivirus + href: /microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus + - name: Use Windows Management Instrumentation (WMI) to manage Microsoft Defender Antivirus + href: /microsoft-365/security/defender-endpoint/use-wmi-microsoft-defender-antivirus + - name: Use the mpcmdrun.exe command line tool to manage Microsoft Defender Antivirus + href: /microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus + - name: Deploy, manage updates, and report on Microsoft Defender Antivirus + items: + - name: Preparing to deploy + href: /microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus + - name: Deploy and enable Microsoft Defender Antivirus + href: /microsoft-365/security/defender-endpoint/deploy-microsoft-defender-antivirus + - name: Deployment guide for VDI environments + href: /microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus + - name: Report on antivirus protection + - name: Review protection status and alerts + href: /microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus + - name: Troubleshoot antivirus reporting in Update Compliance + href: /microsoft-365/security/defender-endpoint/troubleshoot-reporting + - name: Learn about the recent updates + href: /microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus + - name: Manage protection and security intelligence updates + href: /microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus + - name: Manage when protection updates should be downloaded and applied + href: /microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus + - name: Manage updates for endpoints that are out of date + href: /microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus + - name: Manage event-based forced updates + href: /microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus + - name: Manage updates for mobile devices and VMs + href: /microsoft-365/security/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus + - name: Customize, initiate, and review the results of scans and remediation + items: + - name: Configuration overview + href: /microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus + - name: Configure and validate exclusions in antivirus scans + href: /microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus + - name: Configure and validate exclusions based on file name, extension, and folder location + href: /microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus + - name: Configure and validate exclusions for files opened by processes + href: /microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus + - name: Configure antivirus exclusions Windows Server + href: /microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus + - name: Common mistakes when defining exclusions + href: /microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus + - name: Configure scanning antivirus options + href: /microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus + - name: Configure remediation for scans + href: /microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus + - name: Configure scheduled scans + href: /microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus + - name: Configure and run scans + href: /microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus + - name: Review scan results + href: /microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus + - name: Run and review the results of an offline scan + href: /microsoft-365/security/defender-endpoint//microsoft-defender-offline + - name: Restore quarantined files + href: /microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus + - name: Manage scans and remediation + items: + - name: Management overview + href: /microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus + - name: Configure and validate exclusions in antivirus scans + - name: Exclusions overview + href: /microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus + - name: Configure and validate exclusions based on file name, extension, and folder location + href: /microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus + - name: Configure and validate exclusions for files opened by processes + href: /microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus + - name: Configure antivirus exclusions on Windows Server + href: /microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus + - name: Configure scanning options + href: /microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus + - name: Configure remediation for scans + href: /microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus + items: + - name: Configure scheduled scans + href: /microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus + - name: Configure and run scans + href: /microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus + - name: Review scan results + href: /microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus + - name: Run and review the results of an offline scan + href: /microsoft-365/security/defender-endpoint/microsoft-defender-offline + - name: Restore quarantined files + href: /microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus + - name: Troubleshoot Microsoft Defender Antivirus + items: + - name: Troubleshoot Microsoft Defender Antivirus issues + href: /microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus + - name: Troubleshoot Microsoft Defender Antivirus migration issues + href: /microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating + - name: "Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint" + href: /microsoft-365/security/defender-endpoint/why-use-microsoft-defender-antivirus + - name: "Better together: Microsoft Defender Antivirus and Office 365" + href: /microsoft-365/security/defender-endpoint/office-365-microsoft-defender-antivirus + - name: Hardware-based isolation + items: + - name: Hardware-based isolation evaluation + href: microsoft-defender-application-guard/test-scenarios-md-app-guard.md + - name: Application isolation + items: + - name: Application guard overview + href: microsoft-defender-application-guard/md-app-guard-overview.md + - name: System requirements + href: microsoft-defender-application-guard/reqs-md-app-guard.md + - name: Install Microsoft Defender Application Guard + href: microsoft-defender-application-guard/install-md-app-guard.md + - name: Install Microsoft Defender Application Guard Extension + href: microsoft-defender-application-guard/md-app-guard-browser-extension.md + - name: Application control + href: windows-defender-application-control/windows-defender-application-control.md + items: + - name: Audit Application control policies + href: windows-defender-application-control/audit-windows-defender-application-control-policies.md + - name: System isolation + href: windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md + - name: System integrity + href: windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md + - name: Code integrity + href: device-guard/enable-virtualization-based-protection-of-code-integrity.md + - name: Network firewall + items: + - name: Network firewall overview + href: windows-firewall/windows-firewall-with-advanced-security.md + - name: Network firewall evaluation + href: windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md + - name: Security intelligence + href: intelligence/index.md + items: + - name: Understand malware & other threats + href: intelligence/understanding-malware.md + items: + - name: Prevent malware infection + href: intelligence/prevent-malware-infection.md + - name: Malware names + href: intelligence/malware-naming.md + - name: Coin miners + href: intelligence/coinminer-malware.md + - name: Exploits and exploit kits + href: intelligence/exploits-malware.md + - name: Fileless threats + href: intelligence/fileless-threats.md + - name: Macro malware + href: intelligence/macro-malware.md + - name: Phishing + href: intelligence/phishing.md + - name: Ransomware + href: intelligence/ransomware-malware.md + - name: Rootkits + href: intelligence/rootkits-malware.md + - name: Supply chain attacks + href: intelligence/supply-chain-malware.md + - name: Tech support scams + href: intelligence/support-scams.md + - name: Trojans + href: intelligence/trojans-malware.md + - name: Unwanted software + href: intelligence/unwanted-software.md + - name: Worms + href: intelligence/worms-malware.md + - name: How Microsoft identifies malware and PUA + href: intelligence/criteria.md + - name: Submit files for analysis + href: intelligence/submission-guide.md + - name: Safety Scanner download + href: intelligence/safety-scanner-download.md + - name: Industry collaboration programs + href: intelligence/cybersecurity-industry-partners.md + items: + - name: Virus information alliance + href: intelligence/virus-information-alliance-criteria.md + - name: Microsoft virus initiative + href: intelligence/virus-initiative-criteria.md + - name: Coordinated malware eradication + href: intelligence/coordinated-malware-eradication.md + - name: Information for developers + items: + - name: Software developer FAQ + href: intelligence/developer-faq.md + - name: Software developer resources + href: intelligence/developer-resources.md + - name: The Windows Security app + href: windows-defender-security-center/windows-defender-security-center.md + items: + - name: Customize the Windows Security app for your organization + href: windows-defender-security-center/wdsc-customize-contact-information.md + - name: Hide Windows Security app notifications + href: windows-defender-security-center/wdsc-hide-notifications.md + - name: Manage Windows Security app in Windows 10 in S mode + href: windows-defender-security-center/wdsc-windows-10-in-s-mode.md + - name: Virus and threat protection + href: windows-defender-security-center/wdsc-virus-threat-protection.md + - name: Account protection + href: windows-defender-security-center/wdsc-account-protection.md + - name: Firewall and network protection + href: windows-defender-security-center/wdsc-firewall-network-protection.md + - name: App and browser control + href: windows-defender-security-center/wdsc-app-browser-control.md + - name: Device security + href: windows-defender-security-center/wdsc-device-security.md + - name: Device performance and health + href: windows-defender-security-center/wdsc-device-performance-health.md + items: + - name: Family options + href: windows-defender-security-center/wdsc-family-options.md + - name: Microsoft Defender SmartScreen + href: microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md + items: + - name: Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings + href: microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md + - name: Set up and use Microsoft Defender SmartScreen on individual devices + href: microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md + - name: Windows Sandbox + href: windows-sandbox/windows-sandbox-overview.md + items: + - name: Windows Sandbox architecture + href: windows-sandbox/windows-sandbox-architecture.md + - name: Windows Sandbox configuration + href: windows-sandbox/windows-sandbox-configure-using-wsb-file.md + - name: "Windows Defender Device Guard: virtualization-based security and WDAC" + href: device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md + - name: Windows Certifications + items: + - name: FIPS 140 Validations + href: fips-140-validation.md + - name: Common Criteria Certifications + href: windows-platform-common-criteria.md + - name: More Windows 10 security + items: + - name: Control the health of Windows 10-based devices + href: protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md + - name: Mitigate threats by using Windows 10 security features + href: overview-of-threat-mitigations-in-windows-10.md + - name: Override Process Mitigation Options to help enforce app-related security policies + href: override-mitigation-options-for-app-related-security-policies.md + - name: Use Windows Event Forwarding to help with intrusion detection + href: use-windows-event-forwarding-to-assist-in-intrusion-detection.md + - name: Block untrusted fonts in an enterprise + href: block-untrusted-fonts-in-enterprise.md + - name: Security auditing + href: auditing/security-auditing-overview.md + items: + - name: Basic security audit policies + href: auditing/basic-security-audit-policies.md + items: + - name: Create a basic audit policy for an event category + href: auditing/create-a-basic-audit-policy-settings-for-an-event-category.md + - name: Apply a basic audit policy on a file or folder + href: auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md + - name: View the security event log + href: auditing/view-the-security-event-log.md + - name: Basic security audit policy settings + href: auditing/basic-security-audit-policy-settings.md + items: + - name: Audit account logon events + href: auditing/basic-audit-account-logon-events.md + - name: Audit account management + href: auditing/basic-audit-account-management.md + - name: Audit directory service access + href: auditing/basic-audit-directory-service-access.md + - name: Audit logon events + href: auditing/basic-audit-logon-events.md + - name: Audit object access + href: auditing/basic-audit-object-access.md + - name: Audit policy change + href: auditing/basic-audit-policy-change.md + - name: Audit privilege use + href: auditing/basic-audit-privilege-use.md + - name: Audit process tracking + href: auditing/basic-audit-process-tracking.md + - name: Audit system events + href: auditing/basic-audit-system-events.md + - name: Advanced security audit policies + href: auditing/advanced-security-auditing.md + items: + - name: Planning and deploying advanced security audit policies + href: auditing/planning-and-deploying-advanced-security-audit-policies.md + - name: Advanced security auditing FAQ + href: auditing/advanced-security-auditing-faq.md + items: + - name: Which editions of Windows support advanced audit policy configuration + href: auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md + - name: How to list XML elements in \ + href: auditing/how-to-list-xml-elements-in-eventdata.md + - name: Using advanced security auditing options to monitor dynamic access control objects + href: auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md + items: + - name: Monitor the central access policies that apply on a file server + href: auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md + - name: Monitor the use of removable storage devices + href: auditing/monitor-the-use-of-removable-storage-devices.md + - name: Monitor resource attribute definitions + href: auditing/monitor-resource-attribute-definitions.md + - name: Monitor central access policy and rule definitions + href: auditing/monitor-central-access-policy-and-rule-definitions.md + - name: Monitor user and device claims during sign-in + href: auditing/monitor-user-and-device-claims-during-sign-in.md + - name: Monitor the resource attributes on files and folders + href: auditing/monitor-the-resource-attributes-on-files-and-folders.md + - name: Monitor the central access policies associated with files and folders + href: auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md + - name: Monitor claim types + href: auditing/monitor-claim-types.md + - name: Advanced security audit policy settings + href: auditing/advanced-security-audit-policy-settings.md + items: + - name: Audit Credential Validation + href: auditing/audit-credential-validation.md + - name: "Event 4774 S, F: An account was mapped for logon." + href: auditing/event-4774.md + - name: "Event 4775 F: An account could not be mapped for logon." + href: auditing/event-4775.md + - name: "Event 4776 S, F: The computer attempted to validate the credentials for an account." + href: auditing/event-4776.md + - name: "Event 4777 F: The domain controller failed to validate the credentials for an account." + href: auditing/event-4777.md + - name: Audit Kerberos Authentication Service + href: auditing/audit-kerberos-authentication-service.md + items: + - name: "Event 4768 S, F: A Kerberos authentication ticket, TGT, was requested." + href: auditing/event-4768.md + - name: "Event 4771 F: Kerberos pre-authentication failed." + href: auditing/event-4771.md + - name: "Event 4772 F: A Kerberos authentication ticket request failed." + href: auditing/event-4772.md + - name: Audit Kerberos Service Ticket Operations + href: auditing/audit-kerberos-service-ticket-operations.md + items: + - name: "Event 4769 S, F: A Kerberos service ticket was requested." + href: auditing/event-4769.md + - name: "Event 4770 S: A Kerberos service ticket was renewed." + href: auditing/event-4770.md + - name: "Event 4773 F: A Kerberos service ticket request failed." + href: auditing/event-4773.md + - name: Audit Other Account Logon Events + href: auditing/audit-other-account-logon-events.md + - name: Audit Application Group Management + href: auditing/audit-application-group-management.md + - name: Audit Computer Account Management + href: auditing/audit-computer-account-management.md + items: + - name: "Event 4741 S: A computer account was created." + href: auditing/event-4741.md + - name: "Event 4742 S: A computer account was changed." + href: auditing/event-4742.md + - name: "Event 4743 S: A computer account was deleted." + href: auditing/event-4743.md + - name: Audit Distribution Group Management + href: auditing/audit-distribution-group-management.md + items: + - name: "Event 4749 S: A security-disabled global group was created." + href: auditing/event-4749.md + - name: "Event 4750 S: A security-disabled global group was changed." + href: auditing/event-4750.md + - name: "Event 4751 S: A member was added to a security-disabled global group." + href: auditing/event-4751.md + - name: "Event 4752 S: A member was removed from a security-disabled global group." + href: auditing/event-4752.md + - name: "Event 4753 S: A security-disabled global group was deleted." + href: auditing/event-4753.md + - name: Audit Other Account Management Events + href: auditing/audit-other-account-management-events.md + items: + - name: "Event 4782 S: The password hash of an account was accessed." + href: auditing/event-4782.md + - name: "Event 4793 S: The Password Policy Checking API was called." + href: auditing/event-4793.md + - name: Audit Security Group Management + href: auditing/audit-security-group-management.md + items: + - name: "Event 4731 S: A security-enabled local group was created." + href: auditing/event-4731.md + - name: "Event 4732 S: A member was added to a security-enabled local group." + href: auditing/event-4732.md + - name: "Event 4733 S: A member was removed from a security-enabled local group." + href: auditing/event-4733.md + - name: "Event 4734 S: A security-enabled local group was deleted." + href: auditing/event-4734.md + - name: "Event 4735 S: A security-enabled local group was changed." + href: auditing/event-4735.md + - name: "Event 4764 S: A group�s type was changed." + href: auditing/event-4764.md + - name: "Event 4799 S: A security-enabled local group membership was enumerated." + href: auditing/event-4799.md + - name: Audit User Account Management + href: auditing/audit-user-account-management.md + items: + - name: "Event 4720 S: A user account was created." + href: auditing/event-4720.md + - name: "Event 4722 S: A user account was enabled." + href: auditing/event-4722.md + - name: "Event 4723 S, F: An attempt was made to change an account's password." + href: auditing/event-4723.md + - name: "Event 4724 S, F: An attempt was made to reset an account's password." + href: auditing/event-4724.md + - name: "Event 4725 S: A user account was disabled." + href: auditing/event-4725.md + - name: "Event 4726 S: A user account was deleted." + href: auditing/event-4726.md + - name: "Event 4738 S: A user account was changed." + href: auditing/event-4738.md + - name: "Event 4740 S: A user account was locked out." + href: auditing/event-4740.md + - name: "Event 4765 S: SID History was added to an account." + href: auditing/event-4765.md + - name: "Event 4766 F: An attempt to add SID History to an account failed." + href: auditing/event-4766.md + - name: "Event 4767 S: A user account was unlocked." + href: auditing/event-4767.md + - name: "Event 4780 S: The ACL was set on accounts that are members of administrators groups." + href: auditing/event-4780.md + - name: "Event 4781 S: The name of an account was changed." + href: auditing/event-4781.md + - name: "Event 4794 S, F: An attempt was made to set the Directory Services Restore Mode administrator password." + href: auditing/event-4794.md + - name: "Event 4798 S: A user's local group membership was enumerated." + href: auditing/event-4798.md + - name: "Event 5376 S: Credential Manager credentials were backed up." + href: auditing/event-5376.md + - name: "Event 5377 S: Credential Manager credentials were restored from a backup." + href: auditing/event-5377.md + - name: Audit DPAPI Activity + href: auditing/audit-dpapi-activity.md + items: + - name: "Event 4692 S, F: Backup of data protection master key was attempted." + href: auditing/event-4692.md + - name: "Event 4693 S, F: Recovery of data protection master key was attempted." + href: auditing/event-4693.md + - name: "Event 4694 S, F: Protection of auditable protected data was attempted." + href: auditing/event-4694.md + - name: "Event 4695 S, F: Unprotection of auditable protected data was attempted." + href: auditing/event-4695.md + - name: Audit PNP Activity + href: auditing/audit-pnp-activity.md + items: + - name: "Event 6416 S: A new external device was recognized by the System." + href: auditing/event-6416.md + - name: "Event 6419 S: A request was made to disable a device." + href: auditing/event-6419.md + - name: "Event 6420 S: A device was disabled." + href: auditing/event-6420.md + - name: "Event 6421 S: A request was made to enable a device." + href: auditing/event-6421.md + - name: "Event 6422 S: A device was enabled." + href: auditing/event-6422.md + - name: "Event 6423 S: The installation of this device is forbidden by system policy." + href: auditing/event-6423.md + - name: "Event 6424 S: The installation of this device was allowed, after having previously been forbidden by policy." + href: auditing/event-6424.md + - name: Audit Process Creation + href: auditing/audit-process-creation.md + items: + - name: "Event 4688 S: A new process has been created." + href: auditing/event-4688.md + - name: "Event 4696 S: A primary token was assigned to process." + href: auditing/event-4696.md + - name: Audit Process Termination + href: auditing/audit-process-termination.md + items: + - name: "Event 4689 S: A process has exited." + href: auditing/event-4689.md + - name: Audit RPC Events + href: auditing/audit-rpc-events.md + items: + - name: "Event 5712 S: A Remote Procedure Call, RPC, was attempted." + href: auditing/event-5712.md + - name: Audit Token Right Adjusted + href: auditing/audit-token-right-adjusted.md + items: + - name: "Event 4703 S: A user right was adjusted." + href: auditing/event-4703.md + - name: Audit Detailed Directory Service Replication + href: auditing/audit-detailed-directory-service-replication.md + items: + - name: "Event 4928 S, F: An Active Directory replica source naming context was established." + href: auditing/event-4928.md + - name: "Event 4929 S, F: An Active Directory replica source naming context was removed." + href: auditing/event-4929.md + - name: "Event 4930 S, F: An Active Directory replica source naming context was modified." + href: auditing/event-4930.md + - name: "Event 4931 S, F: An Active Directory replica destination naming context was modified." + href: auditing/event-4931.md + - name: "Event 4934 S: Attributes of an Active Directory object were replicated." + href: auditing/event-4934.md + - name: "Event 4935 F: Replication failure begins." + href: auditing/event-4935.md + - name: "Event 4936 S: Replication failure ends." + href: auditing/event-4936.md + - name: "Event 4937 S: A lingering object was removed from a replica." + href: auditing/event-4937.md + - name: Audit Directory Service Access + href: auditing/audit-directory-service-access.md + items: + - name: "Event 4662 S, F: An operation was performed on an object." + href: auditing/event-4662.md + - name: "Event 4661 S, F: A handle to an object was requested." + href: auditing/event-4661.md + - name: Audit Directory Service Changes + href: auditing/audit-directory-service-changes.md + items: + - name: "Event 5136 S: A directory service object was modified." + href: auditing/event-5136.md + - name: "Event 5137 S: A directory service object was created." + href: auditing/event-5137.md + - name: "Event 5138 S: A directory service object was undeleted." + href: auditing/event-5138.md + - name: "Event 5139 S: A directory service object was moved." + href: auditing/event-5139.md + - name: "Event 5141 S: A directory service object was deleted." + href: auditing/event-5141.md + - name: Audit Directory Service Replication + href: auditing/audit-directory-service-replication.md + items: + - name: "Event 4932 S: Synchronization of a replica of an Active Directory naming context has begun." + href: auditing/event-4932.md + - name: "Event 4933 S, F: Synchronization of a replica of an Active Directory naming context has ended." + href: auditing/event-4933.md + - name: Audit Account Lockout + href: auditing/audit-account-lockout.md + items: + - name: "Event 4625 F: An account failed to log on." + href: auditing/event-4625.md + - name: Audit User/Device Claims + href: auditing/audit-user-device-claims.md + items: + - name: "Event 4626 S: User/Device claims information." + href: auditing/event-4626.md + - name: Audit Group Membership + href: auditing/audit-group-membership.md + items: + - name: "Event 4627 S: Group membership information." + href: auditing/event-4627.md + - name: Audit IPsec Extended Mode + href: auditing/audit-ipsec-extended-mode.md + - name: Audit IPsec Main Mode + href: auditing/audit-ipsec-main-mode.md + - name: Audit IPsec Quick Mode + href: auditing/audit-ipsec-quick-mode.md + - name: Audit Logoff + href: auditing/audit-logoff.md + items: + - name: "Event 4634 S: An account was logged off." + href: auditing/event-4634.md + - name: "Event 4647 S: User initiated logoff." + href: auditing/event-4647.md + - name: Audit Logon + href: auditing/audit-logon.md + items: + - name: "Event 4624 S: An account was successfully logged on." + href: auditing/event-4624.md + - name: "Event 4625 F: An account failed to log on." + href: auditing/event-4625.md + - name: "Event 4648 S: A logon was attempted using explicit credentials." + href: auditing/event-4648.md + - name: "Event 4675 S: SIDs were filtered." + href: auditing/event-4675.md + - name: Audit Network Policy Server + href: auditing/audit-network-policy-server.md + - name: Audit Other Logon/Logoff Events + href: auditing/audit-other-logonlogoff-events.md + items: + - name: "Event 4649 S: A replay attack was detected." + href: auditing/event-4649.md + - name: "Event 4778 S: A session was reconnected to a Window Station." + href: auditing/event-4778.md + - name: "Event 4779 S: A session was disconnected from a Window Station." + href: auditing/event-4779.md + - name: "Event 4800 S: The workstation was locked." + href: auditing/event-4800.md + - name: "Event 4801 S: The workstation was unlocked." + href: auditing/event-4801.md + - name: "Event 4802 S: The screen saver was invoked." + href: auditing/event-4802.md + - name: "Event 4803 S: The screen saver was dismissed." + href: auditing/event-4803.md + - name: "Event 5378 F: The requested credentials delegation was disallowed by policy." + href: auditing/event-5378.md + - name: "Event 5632 S, F: A request was made to authenticate to a wireless network." + href: auditing/event-5632.md + - name: "Event 5633 S, F: A request was made to authenticate to a wired network." + href: auditing/event-5633.md + - name: Audit Special Logon + href: auditing/audit-special-logon.md + items: + - name: "Event 4964 S: Special groups have been assigned to a new logon." + href: auditing/event-4964.md + - name: "Event 4672 S: Special privileges assigned to new logon." + href: auditing/event-4672.md + - name: Audit Application Generated + href: auditing/audit-application-generated.md + - name: Audit Certification Services + href: auditing/audit-certification-services.md + - name: Audit Detailed File Share + href: auditing/audit-detailed-file-share.md + items: + - name: "Event 5145 S, F: A network share object was checked to see whether client can be granted desired access." + href: auditing/event-5145.md + - name: Audit File Share + href: auditing/audit-file-share.md + items: + - name: "Event 5140 S, F: A network share object was accessed." + href: auditing/event-5140.md + - name: "Event 5142 S: A network share object was added." + href: auditing/event-5142.md + - name: "Event 5143 S: A network share object was modified." + href: auditing/event-5143.md + - name: "Event 5144 S: A network share object was deleted." + href: auditing/event-5144.md + - name: "Event 5168 F: SPN check for SMB/SMB2 failed." + href: auditing/event-5168.md + - name: Audit File System + href: auditing/audit-file-system.md + items: + - name: "Event 4656 S, F: A handle to an object was requested." + href: auditing/event-4656.md + - name: "Event 4658 S: The handle to an object was closed." + href: auditing/event-4658.md + - name: "Event 4660 S: An object was deleted." + href: auditing/event-4660.md + - name: "Event 4663 S: An attempt was made to access an object." + href: auditing/event-4663.md + - name: "Event 4664 S: An attempt was made to create a hard link." + href: auditing/event-4664.md + - name: "Event 4985 S: The state of a transaction has changed." + href: auditing/event-4985.md + - name: "Event 5051: A file was virtualized." + href: auditing/event-5051.md + - name: "Event 4670 S: Permissions on an object were changed." + href: auditing/event-4670.md + - name: Audit Filtering Platform Connection + href: auditing/audit-filtering-platform-connection.md + items: + - name: "Event 5031 F: The Windows Firewall Service blocked an application from accepting incoming connections on the network." + href: auditing/event-5031.md + - name: "Event 5150: The Windows Filtering Platform blocked a packet." + href: auditing/event-5150.md + - name: "Event 5151: A more restrictive Windows Filtering Platform filter has blocked a packet." + href: auditing/event-5151.md + - name: "Event 5154 S: The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections." + href: auditing/event-5154.md + - name: "Event 5155 F: The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections." + href: auditing/event-5155.md + - name: "Event 5156 S: The Windows Filtering Platform has permitted a connection." + href: auditing/event-5156.md + - name: "Event 5157 F: The Windows Filtering Platform has blocked a connection." + href: auditing/event-5157.md + - name: "Event 5158 S: The Windows Filtering Platform has permitted a bind to a local port." + href: auditing/event-5158.md + - name: "Event 5159 F: The Windows Filtering Platform has blocked a bind to a local port." + href: auditing/event-5159.md + - name: Audit Filtering Platform Packet Drop + href: auditing/audit-filtering-platform-packet-drop.md + items: + - name: "Event 5152 F: The Windows Filtering Platform blocked a packet." + href: auditing/event-5152.md + - name: "Event 5153 S: A more restrictive Windows Filtering Platform filter has blocked a packet." + href: auditing/event-5153.md + - name: Audit Handle Manipulation + href: auditing/audit-handle-manipulation.md + items: + - name: "Event 4690 S: An attempt was made to duplicate a handle to an object." + href: auditing/event-4690.md + - name: Audit Kernel Object + href: auditing/audit-kernel-object.md + items: + - name: "Event 4656 S, F: A handle to an object was requested." + href: auditing/event-4656.md + - name: "Event 4658 S: The handle to an object was closed." + href: auditing/event-4658.md + - name: "Event 4660 S: An object was deleted." + href: auditing/event-4660.md + - name: "Event 4663 S: An attempt was made to access an object." + href: auditing/event-4663.md + - name: Audit Other Object Access Events + href: auditing/audit-other-object-access-events.md + items: + - name: "Event 4671: An application attempted to access a blocked ordinal through the TBS." + href: auditing/event-4671.md + - name: "Event 4691 S: Indirect access to an object was requested." + href: auditing/event-4691.md + - name: "Event 5148 F: The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded." + href: auditing/event-5148.md + - name: "Event 5149 F: The DoS attack has subsided and normal processing is being resumed." + href: auditing/event-5149.md + - name: "Event 4698 S: A scheduled task was created." + href: auditing/event-4698.md + - name: "Event 4699 S: A scheduled task was deleted." + href: auditing/event-4699.md + - name: "Event 4700 S: A scheduled task was enabled." + href: auditing/event-4700.md + - name: "Event 4701 S: A scheduled task was disabled." + href: auditing/event-4701.md + - name: "Event 4702 S: A scheduled task was updated." + href: auditing/event-4702.md + - name: "Event 5888 S: An object in the COM+ Catalog was modified." + href: auditing/event-5888.md + - name: "Event 5889 S: An object was deleted from the COM+ Catalog." + href: auditing/event-5889.md + - name: "Event 5890 S: An object was added to the COM+ Catalog." + href: auditing/event-5890.md + - name: Audit Registry + href: auditing/audit-registry.md + items: + - name: "Event 4663 S: An attempt was made to access an object." + href: auditing/event-4663.md + - name: "Event 4656 S, F: A handle to an object was requested." + href: auditing/event-4656.md + - name: "Event 4658 S: The handle to an object was closed." + href: auditing/event-4658.md + - name: "Event 4660 S: An object was deleted." + href: auditing/event-4660.md + - name: "Event 4657 S: A registry value was modified." + href: auditing/event-4657.md + - name: "Event 5039: A registry key was virtualized." + href: auditing/event-5039.md + - name: "Event 4670 S: Permissions on an object were changed." + href: auditing/event-4670.md + - name: Audit Removable Storage + href: auditing/audit-removable-storage.md + - name: Audit SAM + href: auditing/audit-sam.md + items: + - name: "Event 4661 S, F: A handle to an object was requested." + href: auditing/event-4661.md + - name: Audit Central Access Policy Staging + href: auditing/audit-central-access-policy-staging.md + items: + - name: "Event 4818 S: Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy." + href: auditing/event-4818.md + - name: Audit Audit Policy Change + href: auditing/audit-audit-policy-change.md + items: + - name: "Event 4670 S: Permissions on an object were changed." + href: auditing/event-4670.md + - name: "Event 4715 S: The audit policy, SACL, on an object was changed." + href: auditing/event-4715.md + - name: "Event 4719 S: System audit policy was changed." + href: auditing/event-4719.md + - name: "Event 4817 S: Auditing settings on object were changed." + href: auditing/event-4817.md + - name: "Event 4902 S: The Per-user audit policy table was created." + href: auditing/event-4902.md + - name: "Event 4906 S: The CrashOnAuditFail value has changed." + href: auditing/event-4906.md + - name: "Event 4907 S: Auditing settings on object were changed." + href: auditing/event-4907.md + - name: "Event 4908 S: Special Groups Logon table modified." + href: auditing/event-4908.md + - name: "Event 4912 S: Per User Audit Policy was changed." + href: auditing/event-4912.md + - name: "Event 4904 S: An attempt was made to register a security event source." + href: auditing/event-4904.md + - name: "Event 4905 S: An attempt was made to unregister a security event source." + href: auditing/event-4905.md + - name: Audit Authentication Policy Change + href: auditing/audit-authentication-policy-change.md + items: + - name: "Event 4706 S: A new trust was created to a domain." + href: auditing/event-4706.md + - name: "Event 4707 S: A trust to a domain was removed." + href: auditing/event-4707.md + - name: "Event 4716 S: Trusted domain information was modified." + href: auditing/event-4716.md + - name: "Event 4713 S: Kerberos policy was changed." + href: auditing/event-4713.md + - name: "Event 4717 S: System security access was granted to an account." + href: auditing/event-4717.md + - name: "Event 4718 S: System security access was removed from an account." + href: auditing/event-4718.md + - name: "Event 4739 S: Domain Policy was changed." + href: auditing/event-4739.md + - name: "Event 4864 S: A namespace collision was detected." + href: auditing/event-4864.md + - name: "Event 4865 S: A trusted forest information entry was added." + href: auditing/event-4865.md + - name: "Event 4866 S: A trusted forest information entry was removed." + href: auditing/event-4866.md + - name: "Event 4867 S: A trusted forest information entry was modified." + href: auditing/event-4867.md + - name: Audit Authorization Policy Change + href: auditing/audit-authorization-policy-change.md + items: + - name: "Event 4703 S: A user right was adjusted." + href: auditing/event-4703.md + - name: "Event 4704 S: A user right was assigned." + href: auditing/event-4704.md + - name: "Event 4705 S: A user right was removed." + href: auditing/event-4705.md + - name: "Event 4670 S: Permissions on an object were changed." + href: auditing/event-4670.md + - name: "Event 4911 S: Resource attributes of the object were changed." + href: auditing/event-4911.md + - name: "Event 4913 S: Central Access Policy on the object was changed." + href: auditing/event-4913.md + - name: Audit Filtering Platform Policy Change + href: auditing/audit-filtering-platform-policy-change.md + - name: Audit MPSSVC Rule-Level Policy Change + href: auditing/audit-mpssvc-rule-level-policy-change.md + items: + - name: "Event 4944 S: The following policy was active when the Windows Firewall started." + href: auditing/event-4944.md + - name: "Event 4945 S: A rule was listed when the Windows Firewall started." + href: auditing/event-4945.md + - name: "Event 4946 S: A change has been made to Windows Firewall exception list. A rule was added." + href: auditing/event-4946.md + - name: "Event 4947 S: A change has been made to Windows Firewall exception list. A rule was modified." + href: auditing/event-4947.md + - name: "Event 4948 S: A change has been made to Windows Firewall exception list. A rule was deleted." + href: auditing/event-4948.md + - name: "Event 4949 S: Windows Firewall settings were restored to the default values." + href: auditing/event-4949.md + - name: "Event 4950 S: A Windows Firewall setting has changed." + href: auditing/event-4950.md + - name: "Event 4951 F: A rule has been ignored because its major version number was not recognized by Windows Firewall." + href: auditing/event-4951.md + - name: "Event 4952 F: Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced." + href: auditing/event-4952.md + - name: "Event 4953 F: Windows Firewall ignored a rule because it could not be parsed." + href: auditing/event-4953.md + - name: "Event 4954 S: Windows Firewall Group Policy settings have changed. The new settings have been applied." + href: auditing/event-4954.md + - name: "Event 4956 S: Windows Firewall has changed the active profile." + href: auditing/event-4956.md + - name: "Event 4957 F: Windows Firewall did not apply the following rule." + href: auditing/event-4957.md + - name: "Event 4958 F: Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer." + href: auditing/event-4958.md + - name: Audit Other Policy Change Events + href: auditing/audit-other-policy-change-events.md + items: + - name: "Event 4714 S: Encrypted data recovery policy was changed." + href: auditing/event-4714.md + - name: "Event 4819 S: Central Access Policies on the machine have been changed." + href: auditing/event-4819.md + - name: "Event 4826 S: Boot Configuration Data loaded." + href: auditing/event-4826.md + - name: "Event 4909: The local policy settings for the TBS were changed." + href: auditing/event-4909.md + - name: "Event 4910: The group policy settings for the TBS were changed." + href: auditing/event-4910.md + - name: "Event 5063 S, F: A cryptographic provider operation was attempted." + href: auditing/event-5063.md + - name: "Event 5064 S, F: A cryptographic context operation was attempted." + href: auditing/event-5064.md + - name: "Event 5065 S, F: A cryptographic context modification was attempted." + href: auditing/event-5065.md + - name: "Event 5066 S, F: A cryptographic function operation was attempted." + href: auditing/event-5066.md + - name: "Event 5067 S, F: A cryptographic function modification was attempted." + href: auditing/event-5067.md + - name: "Event 5068 S, F: A cryptographic function provider operation was attempted." + href: auditing/event-5068.md + - name: "Event 5069 S, F: A cryptographic function property operation was attempted." + href: auditing/event-5069.md + - name: "Event 5070 S, F: A cryptographic function property modification was attempted." + href: auditing/event-5070.md + - name: "Event 5447 S: A Windows Filtering Platform filter has been changed." + href: auditing/event-5447.md + - name: "Event 6144 S: Security policy in the group policy objects has been applied successfully." + href: auditing/event-6144.md + - name: "Event 6145 F: One or more errors occurred while processing security policy in the group policy objects." + href: auditing/event-6145.md + - name: Audit Sensitive Privilege Use + href: auditing/audit-sensitive-privilege-use.md + items: + - name: "Event 4673 S, F: A privileged service was called." + href: auditing/event-4673.md + - name: "Event 4674 S, F: An operation was attempted on a privileged object." + href: auditing/event-4674.md + - name: "Event 4985 S: The state of a transaction has changed." + href: auditing/event-4985.md + - name: Audit Non Sensitive Privilege Use + href: auditing/audit-non-sensitive-privilege-use.md + items: + - name: "Event 4673 S, F: A privileged service was called." + href: auditing/event-4673.md + - name: "Event 4674 S, F: An operation was attempted on a privileged object." + href: auditing/event-4674.md + - name: "Event 4985 S: The state of a transaction has changed." + href: auditing/event-4985.md + - name: Audit Other Privilege Use Events + href: auditing/audit-other-privilege-use-events.md + items: + - name: "Event 4985 S: The state of a transaction has changed." + href: auditing/event-4985.md + - name: Audit IPsec Driver + href: auditing/audit-ipsec-driver.md + - name: Audit Other System Events + href: auditing/audit-other-system-events.md + items: + - name: "Event 5024 S: The Windows Firewall Service has started successfully." + href: auditing/event-5024.md + - name: "Event 5025 S: The Windows Firewall Service has been stopped." + href: auditing/event-5025.md + - name: "Event 5027 F: The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy." + href: auditing/event-5027.md + - name: "Event 5028 F: The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy." + href: auditing/event-5028.md + - name: "Event 5029 F: The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy." + href: auditing/event-5029.md + - name: "Event 5030 F: The Windows Firewall Service failed to start." + href: auditing/event-5030.md + - name: "Event 5032 F: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network." + href: auditing/event-5032.md + - name: "Event 5033 S: The Windows Firewall Driver has started successfully." + href: auditing/event-5033.md + - name: "Event 5034 S: The Windows Firewall Driver was stopped." + href: auditing/event-5034.md + - name: "Event 5035 F: The Windows Firewall Driver failed to start." + href: auditing/event-5035.md + - name: "Event 5037 F: The Windows Firewall Driver detected critical runtime error. Terminating." + href: auditing/event-5037.md + - name: "Event 5058 S, F: Key file operation." + href: auditing/event-5058.md + - name: "Event 5059 S, F: Key migration operation." + href: auditing/event-5059.md + - name: "Event 6400: BranchCache: Received an incorrectly formatted response while discovering availability of content." + href: auditing/event-6400.md + - name: "Event 6401: BranchCache: Received invalid data from a peer. Data discarded." + href: auditing/event-6401.md + - name: "Event 6402: BranchCache: The message to the hosted cache offering it data is incorrectly formatted." + href: auditing/event-6402.md + - name: "Event 6403: BranchCache: The hosted cache sent an incorrectly formatted response to the client." + href: auditing/event-6403.md + - name: "Event 6404: BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate." + href: auditing/event-6404.md + - name: "Event 6405: BranchCache: %2 instances of event id %1 occurred." + href: auditing/event-6405.md + - name: "Event 6406: %1 registered to Windows Firewall to control filtering for the following: %2." + href: auditing/event-6406.md + - name: "Event 6407: 1%." + href: auditing/event-6407.md + - name: "Event 6408: Registered product %1 failed and Windows Firewall is now controlling the filtering for %2." + href: auditing/event-6408.md + - name: "Event 6409: BranchCache: A service connection point object could not be parsed." + href: auditing/event-6409.md + - name: Audit Security State Change + href: auditing/audit-security-state-change.md + items: + - name: "Event 4608 S: Windows is starting up." + href: auditing/event-4608.md + - name: "Event 4616 S: The system time was changed." + href: auditing/event-4616.md + - name: "Event 4621 S: Administrator recovered system from CrashOnAuditFail." + href: auditing/event-4621.md + - name: Audit Security System Extension + href: auditing/audit-security-system-extension.md + items: + - name: "Event 4610 S: An authentication package has been loaded by the Local Security Authority." + href: auditing/event-4610.md + - name: "Event 4611 S: A trusted logon process has been registered with the Local Security Authority." + href: auditing/event-4611.md + - name: "Event 4614 S: A notification package has been loaded by the Security Account Manager." + href: auditing/event-4614.md + - name: "Event 4622 S: A security package has been loaded by the Local Security Authority." + href: auditing/event-4622.md + - name: "Event 4697 S: A service was installed in the system." + href: auditing/event-4697.md + - name: Audit System Integrity + href: auditing/audit-system-integrity.md + items: + - name: "Event 4612 S: Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits." + href: auditing/event-4612.md + - name: "Event 4615 S: Invalid use of LPC port." + href: auditing/event-4615.md + - name: "Event 4618 S: A monitored security event pattern has occurred." + href: auditing/event-4618.md + - name: "Event 4816 S: RPC detected an integrity violation while decrypting an incoming message." + href: auditing/event-4816.md + - name: "Event 5038 F: Code integrity determined that the image hash of a file is not valid." + href: auditing/event-5038.md + - name: "Event 5056 S: A cryptographic self-test was performed." + href: auditing/event-5056.md + - name: "Event 5062 S: A kernel-mode cryptographic self-test was performed." + href: auditing/event-5062.md + - name: "Event 5057 F: A cryptographic primitive operation failed." + href: auditing/event-5057.md + - name: "Event 5060 F: Verification operation failed." + href: auditing/event-5060.md + - name: "Event 5061 S, F: Cryptographic operation." + href: auditing/event-5061.md + - name: "Event 6281 F: Code Integrity determined that the page hashes of an image file are not valid." + href: auditing/event-6281.md + - name: "Event 6410 F: Code integrity determined that a file does not meet the security requirements to load into a process." + href: auditing/event-6410.md + - name: Other Events + href: auditing/other-events.md + items: + - name: "Event 1100 S: The event logging service has shut down." + href: auditing/event-1100.md + - name: "Event 1102 S: The audit log was cleared." + href: auditing/event-1102.md + - name: "Event 1104 S: The security log is now full." + href: auditing/event-1104.md + - name: "Event 1105 S: Event log automatic backup." + href: auditing/event-1105.md + - name: "Event 1108 S: The event logging service encountered an error while processing an incoming event published from %1." + href: auditing/event-1108.md + - name: "Appendix A: Security monitoring recommendations for many audit events" + href: auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md + - name: Registry (Global Object Access Auditing) + href: auditing/registry-global-object-access-auditing.md + - name: File System (Global Object Access Auditing) + href: auditing/file-system-global-object-access-auditing.md + - name: Security policy settings + href: security-policy-settings/security-policy-settings.md + items: + - name: Administer security policy settings + href: security-policy-settings/administer-security-policy-settings.md + items: + - name: Network List Manager policies + href: security-policy-settings/network-list-manager-policies.md + - name: Configure security policy settings + href: security-policy-settings/how-to-configure-security-policy-settings.md + - name: Security policy settings reference + href: security-policy-settings/security-policy-settings-reference.md + items: + - name: Account Policies + href: security-policy-settings/account-policies.md + items: + - name: Password Policy + href: security-policy-settings/password-policy.md + items: + - name: Enforce password history + href: security-policy-settings/enforce-password-history.md + - name: Maximum password age + href: security-policy-settings/maximum-password-age.md + - name: Minimum password age + href: security-policy-settings/minimum-password-age.md + - name: Minimum password length + href: security-policy-settings/minimum-password-length.md + - name: Password must meet complexity requirements + href: security-policy-settings/password-must-meet-complexity-requirements.md + - name: Store passwords using reversible encryption + href: security-policy-settings/store-passwords-using-reversible-encryption.md + - name: Account Lockout Policy + href: security-policy-settings/account-lockout-policy.md + items: + - name: Account lockout duration + href: security-policy-settings/account-lockout-duration.md + - name: Account lockout threshold + href: security-policy-settings/account-lockout-threshold.md + - name: Reset account lockout counter after + href: security-policy-settings/reset-account-lockout-counter-after.md + - name: Kerberos Policy + href: security-policy-settings/kerberos-policy.md + items: + - name: Enforce user logon restrictions + href: security-policy-settings/enforce-user-logon-restrictions.md + - name: Maximum lifetime for service ticket + href: security-policy-settings/maximum-lifetime-for-service-ticket.md + - name: Maximum lifetime for user ticket + href: security-policy-settings/maximum-lifetime-for-user-ticket.md + - name: Maximum lifetime for user ticket renewal + href: security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md + - name: Maximum tolerance for computer clock synchronization + href: security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md + - name: Audit Policy + href: security-policy-settings/audit-policy.md + - name: Security Options + href: security-policy-settings/security-options.md + items: + - name: "Accounts: Administrator account status" + href: security-policy-settings/accounts-administrator-account-status.md + - name: "Accounts: Block Microsoft accounts" + href: security-policy-settings/accounts-block-microsoft-accounts.md + - name: "Accounts: Guest account status" + href: security-policy-settings/accounts-guest-account-status.md + - name: "Accounts: Limit local account use of blank passwords to console logon only" + href: security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md + - name: "Accounts: Rename administrator account" + href: security-policy-settings/accounts-rename-administrator-account.md + - name: "Accounts: Rename guest account" + href: security-policy-settings/accounts-rename-guest-account.md + - name: "Audit: Audit the access of global system objects" + href: security-policy-settings/audit-audit-the-access-of-global-system-objects.md + - name: "Audit: Audit the use of Backup and Restore privilege" + href: security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md + - name: "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" + href: security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md + - name: "Audit: Shut down system immediately if unable to log security audits" + href: security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md + - name: "DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax" + href: security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md + - name: "DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax" + href: security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md + - name: "Devices: Allow undock without having to log on" + href: security-policy-settings/devices-allow-undock-without-having-to-log-on.md + - name: "Devices: Allowed to format and eject removable media" + href: security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md + - name: "Devices: Prevent users from installing printer drivers" + href: security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md + - name: "Devices: Restrict CD-ROM access to locally logged-on user only" + href: security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md + - name: "Devices: Restrict floppy access to locally logged-on user only" + href: security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md + - name: "Domain controller: Allow server operators to schedule tasks" + href: security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md + - name: "Domain controller: LDAP server signing requirements" + href: security-policy-settings/domain-controller-ldap-server-signing-requirements.md + - name: "Domain controller: Refuse machine account password changes" + href: security-policy-settings/domain-controller-refuse-machine-account-password-changes.md + - name: "Domain member: Digitally encrypt or sign secure channel data (always)" + href: security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md + - name: "Domain member: Digitally encrypt secure channel data (when possible)" + href: security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md + - name: "Domain member: Digitally sign secure channel data (when possible)" + href: security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md + - name: "Domain member: Disable machine account password changes" + href: security-policy-settings/domain-member-disable-machine-account-password-changes.md + - name: "Domain member: Maximum machine account password age" + href: security-policy-settings/domain-member-maximum-machine-account-password-age.md + - name: "Domain member: Require strong (Windows 2000 or later) session key" + href: security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md + - name: "Interactive logon: Display user information when the session is locked" + href: security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md + - name: "Interactive logon: Don't display last signed-in" + href: security-policy-settings/interactive-logon-do-not-display-last-user-name.md + - name: "Interactive logon: Don't display username at sign-in" + href: security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md + - name: "Interactive logon: Do not require CTRL+ALT+DEL" + href: security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md + - name: "Interactive logon: Machine account lockout threshold" + href: security-policy-settings/interactive-logon-machine-account-lockout-threshold.md + - name: "Interactive logon: Machine inactivity limit" + href: security-policy-settings/interactive-logon-machine-inactivity-limit.md + - name: "Interactive logon: Message text for users attempting to log on" + href: security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md + - name: "Interactive logon: Message title for users attempting to log on" + href: security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md + - name: "Interactive logon: Number of previous logons to cache (in case domain controller is not available)" + href: security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md + - name: "Interactive logon: Prompt user to change password before expiration" + href: security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md + - name: "Interactive logon: Require Domain Controller authentication to unlock workstation" + href: security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md + - name: "Interactive logon: Require smart card" + href: security-policy-settings/interactive-logon-require-smart-card.md + - name: "Interactive logon: Smart card removal behavior" + href: security-policy-settings/interactive-logon-smart-card-removal-behavior.md + - name: "Microsoft network client: Digitally sign communications (always)" + href: security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md + - name: "SMBv1 Microsoft network client: Digitally sign communications (always)" + href: security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md + - name: "SMBv1 Microsoft network client: Digitally sign communications (if server agrees)" + href: security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md + - name: "Microsoft network client: Send unencrypted password to third-party SMB servers" + href: security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md + - name: "Microsoft network server: Amount of idle time required before suspending session" + href: security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md + - name: "Microsoft network server: Attempt S4U2Self to obtain claim information" + href: security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md + - name: "Microsoft network server: Digitally sign communications (always)" + href: security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md + - name: "SMBv1 Microsoft network server: Digitally sign communications (always)" + href: security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md + - name: "SMBv1 Microsoft network server: Digitally sign communications (if client agrees)" + href: security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md + - name: "Microsoft network server: Disconnect clients when logon hours expire" + href: security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md + - name: "Microsoft network server: Server SPN target name validation level" + href: security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md + - name: "Network access: Allow anonymous SID/Name translation" + href: security-policy-settings/network-access-allow-anonymous-sidname-translation.md + - name: "Network access: Do not allow anonymous enumeration of SAM accounts" + href: security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md + - name: "Network access: Do not allow anonymous enumeration of SAM accounts and shares" + href: security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md + - name: "Network access: Do not allow storage of passwords and credentials for network authentication" + href: security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md + - name: "Network access: Let Everyone permissions apply to anonymous users" + href: security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md + - name: "Network access: Named Pipes that can be accessed anonymously" + href: security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md + - name: "Network access: Remotely accessible registry paths" + href: security-policy-settings/network-access-remotely-accessible-registry-paths.md + - name: "Network access: Remotely accessible registry paths and subpaths" + href: security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md + - name: "Network access: Restrict anonymous access to Named Pipes and Shares" + href: security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md + - name: "Network access: Restrict clients allowed to make remote calls to SAM" + href: security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md + - name: "Network access: Shares that can be accessed anonymously" + href: security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md + - name: "Network access: Sharing and security model for local accounts" + href: security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md + - name: "Network security: Allow Local System to use computer identity for NTLM" + href: security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md + - name: "Network security: Allow LocalSystem NULL session fallback" + href: security-policy-settings/network-security-allow-localsystem-null-session-fallback.md + - name: "Network security: Allow PKU2U authentication requests to this computer to use online identities" + href: security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md + - name: "Network security: Configure encryption types allowed for Kerberos" + href: security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md + - name: "Network security: Do not store LAN Manager hash value on next password change" + href: security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md + - name: "Network security: Force logoff when logon hours expire" + href: security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md + - name: "Network security: LAN Manager authentication level" + href: security-policy-settings/network-security-lan-manager-authentication-level.md + - name: "Network security: LDAP client signing requirements" + href: security-policy-settings/network-security-ldap-client-signing-requirements.md + - name: "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients" + href: security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md + - name: "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers" + href: security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md + - name: "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication" + href: security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md + - name: "Network security: Restrict NTLM: Add server exceptions in this domain" + href: security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md + - name: "Network security: Restrict NTLM: Audit incoming NTLM traffic" + href: security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md + - name: "Network security: Restrict NTLM: Audit NTLM authentication in this domain" + href: security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md + - name: "Network security: Restrict NTLM: Incoming NTLM traffic" + href: security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md + - name: "Network security: Restrict NTLM: NTLM authentication in this domain" + href: security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md + - name: "Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers" + href: security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md + - name: "Recovery console: Allow automatic administrative logon" + href: security-policy-settings/recovery-console-allow-automatic-administrative-logon.md + - name: "Recovery console: Allow floppy copy and access to all drives and folders" + href: security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md + - name: "Shutdown: Allow system to be shut down without having to log on" + href: security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md + - name: "Shutdown: Clear virtual memory pagefile" + href: security-policy-settings/shutdown-clear-virtual-memory-pagefile.md + - name: "System cryptography: Force strong key protection for user keys stored on the computer" + href: security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md + - name: "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" + href: security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md + - name: "System objects: Require case insensitivity for non-Windows subsystems" + href: security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md + - name: "System objects: Strengthen default permissions of internal system objects (Symbolic Links)" + href: security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md + - name: "System settings: Optional subsystems" + href: security-policy-settings/system-settings-optional-subsystems.md + - name: "System settings: Use certificate rules on Windows executables for Software Restriction Policies" + href: security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md + - name: "User Account Control: Admin Approval Mode for the Built-in Administrator account" + href: security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md + - name: "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop" + href: security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md + - name: "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" + href: security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md + - name: "User Account Control: Behavior of the elevation prompt for standard users" + href: security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md + - name: "User Account Control: Detect application installations and prompt for elevation" + href: security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md + - name: "User Account Control: Only elevate executables that are signed and validated" + href: security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md + - name: "User Account Control: Only elevate UIAccess applications that are installed in secure locations" + href: security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md + - name: "User Account Control: Run all administrators in Admin Approval Mode" + href: security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md + - name: "User Account Control: Switch to the secure desktop when prompting for elevation" + href: security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md + - name: "User Account Control: Virtualize file and registry write failures to per-user locations" + href: security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md + - name: Advanced security audit policy settings + href: security-policy-settings/secpol-advanced-security-audit-policy-settings.md + - name: User Rights Assignment + href: security-policy-settings/user-rights-assignment.md + items: + - name: Access Credential Manager as a trusted caller + href: security-policy-settings/access-credential-manager-as-a-trusted-caller.md + - name: Access this computer from the network + href: security-policy-settings/access-this-computer-from-the-network.md + - name: Act as part of the operating system + href: security-policy-settings/act-as-part-of-the-operating-system.md + - name: Add workstations to domain + href: security-policy-settings/add-workstations-to-domain.md + - name: Adjust memory quotas for a process + href: security-policy-settings/adjust-memory-quotas-for-a-process.md + - name: Allow log on locally + href: security-policy-settings/allow-log-on-locally.md + - name: Allow log on through Remote Desktop Services + href: security-policy-settings/allow-log-on-through-remote-desktop-services.md + - name: Back up files and directories + href: security-policy-settings/back-up-files-and-directories.md + - name: Bypass traverse checking + href: security-policy-settings/bypass-traverse-checking.md + - name: Change the system time + href: security-policy-settings/change-the-system-time.md + - name: Change the time zone + href: security-policy-settings/change-the-time-zone.md + - name: Create a pagefile + href: security-policy-settings/create-a-pagefile.md + - name: Create a token object + href: security-policy-settings/create-a-token-object.md + - name: Create global objects + href: security-policy-settings/create-global-objects.md + - name: Create permanent shared objects + href: security-policy-settings/create-permanent-shared-objects.md + - name: Create symbolic links + href: security-policy-settings/create-symbolic-links.md + - name: Debug programs + href: security-policy-settings/debug-programs.md + - name: Deny access to this computer from the network + href: security-policy-settings/deny-access-to-this-computer-from-the-network.md + - name: Deny log on as a batch job + href: security-policy-settings/deny-log-on-as-a-batch-job.md + - name: Deny log on as a service + href: security-policy-settings/deny-log-on-as-a-service.md + - name: Deny log on locally + href: security-policy-settings/deny-log-on-locally.md + - name: Deny log on through Remote Desktop Services + href: security-policy-settings/deny-log-on-through-remote-desktop-services.md + - name: Enable computer and user accounts to be trusted for delegation + href: security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md + - name: Force shutdown from a remote system + href: security-policy-settings/force-shutdown-from-a-remote-system.md + - name: Generate security audits + href: security-policy-settings/generate-security-audits.md + - name: Impersonate a client after authentication + href: security-policy-settings/impersonate-a-client-after-authentication.md + - name: Increase a process working set + href: security-policy-settings/increase-a-process-working-set.md + - name: Increase scheduling priority + href: security-policy-settings/increase-scheduling-priority.md + - name: Load and unload device drivers + href: security-policy-settings/load-and-unload-device-drivers.md + - name: Lock pages in memory + href: security-policy-settings/lock-pages-in-memory.md + - name: Log on as a batch job + href: security-policy-settings/log-on-as-a-batch-job.md + - name: Log on as a service + href: security-policy-settings/log-on-as-a-service.md + - name: Manage auditing and security log + href: security-policy-settings/manage-auditing-and-security-log.md + - name: Modify an object label + href: security-policy-settings/modify-an-object-label.md + - name: Modify firmware environment values + href: security-policy-settings/modify-firmware-environment-values.md + - name: Perform volume maintenance tasks + href: security-policy-settings/perform-volume-maintenance-tasks.md + - name: Profile single process + href: security-policy-settings/profile-single-process.md + - name: Profile system performance + href: security-policy-settings/profile-system-performance.md + - name: Remove computer from docking station + href: security-policy-settings/remove-computer-from-docking-station.md + - name: Replace a process level token + href: security-policy-settings/replace-a-process-level-token.md + - name: Restore files and directories + href: security-policy-settings/restore-files-and-directories.md + - name: Shut down the system + href: security-policy-settings/shut-down-the-system.md + - name: Synchronize directory service data + href: security-policy-settings/synchronize-directory-service-data.md + - name: Take ownership of files or other objects + href: security-policy-settings/take-ownership-of-files-or-other-objects.md + - name: Windows security guidance for enterprises + items: + - name: Windows security baselines + href: windows-security-configuration-framework/windows-security-baselines.md + items: + - name: Security Compliance Toolkit + href: windows-security-configuration-framework/security-compliance-toolkit-10.md + - name: Get support + href: windows-security-configuration-framework/get-support-for-security-baselines.md + - name: Windows 10 Mobile security guide + href: windows-10-mobile-security-guide.md From 94a4a1f080b641f3024fe46c595c0eb546623f0a Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 21:52:20 -0700 Subject: [PATCH 077/156] Conversion to YAML: ./windows/security/threat-protection/windows-defender-application-control/applocker/TOC.md --- .../applocker/TOC.md | 89 --------- .../applocker/TOC.yml | 186 ++++++++++++++++++ 2 files changed, 186 insertions(+), 89 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-application-control/applocker/TOC.md create mode 100644 windows/security/threat-protection/windows-defender-application-control/applocker/TOC.yml diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.md b/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.md deleted file mode 100644 index 7bf12c4b20..0000000000 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.md +++ /dev/null @@ -1,89 +0,0 @@ - -# [AppLocker](applocker-overview.md) - -## [Administer AppLocker](administer-applocker.md) -### [Maintain AppLocker policies](maintain-applocker-policies.md) -### [Edit an AppLocker policy](edit-an-applocker-policy.md) -### [Test and update an AppLocker policy](test-and-update-an-applocker-policy.md) -### [Deploy AppLocker policies by using the enforce rules setting](deploy-applocker-policies-by-using-the-enforce-rules-setting.md) -### [Use the AppLocker Windows PowerShell cmdlets](use-the-applocker-windows-powershell-cmdlets.md) -### [Use AppLocker and Software Restriction Policies in the same domain](use-applocker-and-software-restriction-policies-in-the-same-domain.md) -### [Optimize AppLocker performance](optimize-applocker-performance.md) -### [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md) -### [Manage packaged apps with AppLocker](manage-packaged-apps-with-applocker.md) -### [Working with AppLocker rules](working-with-applocker-rules.md) -#### [Create a rule that uses a file hash condition](create-a-rule-that-uses-a-file-hash-condition.md) -#### [Create a rule that uses a path condition](create-a-rule-that-uses-a-path-condition.md) -#### [Create a rule that uses a publisher condition](create-a-rule-that-uses-a-publisher-condition.md) -#### [Create AppLocker default rules](create-applocker-default-rules.md) -#### [Add exceptions for an AppLocker rule](configure-exceptions-for-an-applocker-rule.md) -#### [Create a rule for packaged apps](create-a-rule-for-packaged-apps.md) -#### [Delete an AppLocker rule](delete-an-applocker-rule.md) -#### [Edit AppLocker rules](edit-applocker-rules.md) -#### [Enable the DLL rule collection](enable-the-dll-rule-collection.md) -#### [Enforce AppLocker rules](enforce-applocker-rules.md) -#### [Run the Automatically Generate Rules wizard](run-the-automatically-generate-rules-wizard.md) -### [Working with AppLocker policies](working-with-applocker-policies.md) -#### [Configure the Application Identity service](configure-the-application-identity-service.md) -#### [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md) -#### [Configure an AppLocker policy for enforce rules](configure-an-applocker-policy-for-enforce-rules.md) -#### [Display a custom URL message when users try to run a blocked app](display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md) -#### [Export an AppLocker policy from a GPO](export-an-applocker-policy-from-a-gpo.md) -#### [Export an AppLocker policy to an XML file](export-an-applocker-policy-to-an-xml-file.md) -#### [Import an AppLocker policy from another computer](import-an-applocker-policy-from-another-computer.md) -#### [Import an AppLocker policy into a GPO](import-an-applocker-policy-into-a-gpo.md) -#### [Add rules for packaged apps to existing AppLocker rule-set](add-rules-for-packaged-apps-to-existing-applocker-rule-set.md) -#### [Merge AppLocker policies by using Set-ApplockerPolicy](merge-applocker-policies-by-using-set-applockerpolicy.md) -#### [Merge AppLocker policies manually](merge-applocker-policies-manually.md) -#### [Refresh an AppLocker policy](refresh-an-applocker-policy.md) -#### [Test an AppLocker policy by using Test-AppLockerPolicy](test-an-applocker-policy-by-using-test-applockerpolicy.md) -## [AppLocker design guide](applocker-policies-design-guide.md) -### [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md) -### [Determine your application control objectives](determine-your-application-control-objectives.md) -### [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md) -#### [Document your app list](document-your-application-list.md) -### [Select the types of rules to create](select-types-of-rules-to-create.md) -#### [Document your AppLocker rules](document-your-applocker-rules.md) -### [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md) -#### [Understand AppLocker enforcement settings](understand-applocker-enforcement-settings.md) -#### [Understand AppLocker rules and enforcement setting inheritance in Group Policy](understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md) -#### [Document the Group Policy structure and AppLocker rule enforcement](document-group-policy-structure-and-applocker-rule-enforcement.md) -### [Plan for AppLocker policy management](plan-for-applocker-policy-management.md) -## [AppLocker deployment guide](applocker-policies-deployment-guide.md) -### [Understand the AppLocker policy deployment process](understand-the-applocker-policy-deployment-process.md) -### [Requirements for Deploying AppLocker Policies](requirements-for-deploying-applocker-policies.md) -### [Use Software Restriction Policies and AppLocker policies](using-software-restriction-policies-and-applocker-policies.md) -### [Create Your AppLocker policies](create-your-applocker-policies.md) -#### [Create Your AppLocker rules](create-your-applocker-rules.md) -### [Deploy the AppLocker policy into production](deploy-the-applocker-policy-into-production.md) -#### [Use a reference device to create and maintain AppLocker policies](use-a-reference-computer-to-create-and-maintain-applocker-policies.md) -#### [Determine which apps are digitally signed on a reference device](determine-which-applications-are-digitally-signed-on-a-reference-computer.md) -### [Configure the AppLocker reference device](configure-the-appLocker-reference-device.md) -## [AppLocker technical reference](applocker-technical-reference.md) -### [What Is AppLocker?](what-is-applocker.md) -### [Requirements to use AppLocker](requirements-to-use-applocker.md) -### [AppLocker policy use scenarios](applocker-policy-use-scenarios.md) -### [How AppLocker works](how-applocker-works-techref.md) -#### [Understanding AppLocker rule behavior](understanding-applocker-rule-behavior.md) -#### [Understanding AppLocker rule exceptions](understanding-applocker-rule-exceptions.md) -#### [Understanding AppLocker rule collections](understanding-applocker-rule-collections.md) -#### [Understanding AppLocker allow and deny actions on rules](understanding-applocker-allow-and-deny-actions-on-rules.md) -#### [Understanding AppLocker rule condition types](understanding-applocker-rule-condition-types.md) -##### [Understanding the publisher rule condition in AppLocker](understanding-the-publisher-rule-condition-in-applocker.md) -##### [Understanding the path rule condition in AppLocker](understanding-the-path-rule-condition-in-applocker.md) -##### [Understanding the file hash rule condition in AppLocker](understanding-the-file-hash-rule-condition-in-applocker.md) -#### [Understanding AppLocker default rules](understanding-applocker-default-rules.md) -##### [Executable rules in AppLocker](executable-rules-in-applocker.md) -##### [Windows Installer rules in AppLocker](windows-installer-rules-in-applocker.md) -##### [Script rules in AppLocker](script-rules-in-applocker.md) -##### [DLL rules in AppLocker](dll-rules-in-applocker.md) -##### [Packaged apps and packaged app installer rules in AppLocker](packaged-apps-and-packaged-app-installer-rules-in-applocker.md) -### [AppLocker architecture and components](applocker-architecture-and-components.md) -### [AppLocker processes and interactions](applocker-processes-and-interactions.md) -### [AppLocker functions](applocker-functions.md) -### [Security considerations for AppLocker](security-considerations-for-applocker.md) -### [Tools to Use with AppLocker](tools-to-use-with-applocker.md) -#### [Using Event Viewer with AppLocker](using-event-viewer-with-applocker.md) -### [AppLocker Settings](applocker-settings.md) - - diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.yml new file mode 100644 index 0000000000..b796c0e95e --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.yml @@ -0,0 +1,186 @@ +- name: AppLocker + href: applocker-overview.md + items: + - name: Administer AppLocker + href: administer-applocker.md + items: + - name: Maintain AppLocker policies + href: maintain-applocker-policies.md + - name: Edit an AppLocker policy + href: edit-an-applocker-policy.md + - name: Test and update an AppLocker policy + href: test-and-update-an-applocker-policy.md + - name: Deploy AppLocker policies by using the enforce rules setting + href: deploy-applocker-policies-by-using-the-enforce-rules-setting.md + - name: Use the AppLocker Windows PowerShell cmdlets + href: use-the-applocker-windows-powershell-cmdlets.md + - name: Use AppLocker and Software Restriction Policies in the same domain + href: use-applocker-and-software-restriction-policies-in-the-same-domain.md + - name: Optimize AppLocker performance + href: optimize-applocker-performance.md + - name: Monitor app usage with AppLocker + href: monitor-application-usage-with-applocker.md + - name: Manage packaged apps with AppLocker + href: manage-packaged-apps-with-applocker.md + - name: Working with AppLocker rules + href: working-with-applocker-rules.md + items: + - name: Create a rule that uses a file hash condition + href: create-a-rule-that-uses-a-file-hash-condition.md + - name: Create a rule that uses a path condition + href: create-a-rule-that-uses-a-path-condition.md + - name: Create a rule that uses a publisher condition + href: create-a-rule-that-uses-a-publisher-condition.md + - name: Create AppLocker default rules + href: create-applocker-default-rules.md + - name: Add exceptions for an AppLocker rule + href: configure-exceptions-for-an-applocker-rule.md + - name: Create a rule for packaged apps + href: create-a-rule-for-packaged-apps.md + - name: Delete an AppLocker rule + href: delete-an-applocker-rule.md + - name: Edit AppLocker rules + href: edit-applocker-rules.md + - name: Enable the DLL rule collection + href: enable-the-dll-rule-collection.md + - name: Enforce AppLocker rules + href: enforce-applocker-rules.md + - name: Run the Automatically Generate Rules wizard + href: run-the-automatically-generate-rules-wizard.md + - name: Working with AppLocker policies + href: working-with-applocker-policies.md + items: + - name: Configure the Application Identity service + href: configure-the-application-identity-service.md + - name: Configure an AppLocker policy for audit only + href: configure-an-applocker-policy-for-audit-only.md + - name: Configure an AppLocker policy for enforce rules + href: configure-an-applocker-policy-for-enforce-rules.md + - name: Display a custom URL message when users try to run a blocked app + href: display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md + - name: Export an AppLocker policy from a GPO + href: export-an-applocker-policy-from-a-gpo.md + - name: Export an AppLocker policy to an XML file + href: export-an-applocker-policy-to-an-xml-file.md + - name: Import an AppLocker policy from another computer + href: import-an-applocker-policy-from-another-computer.md + - name: Import an AppLocker policy into a GPO + href: import-an-applocker-policy-into-a-gpo.md + - name: Add rules for packaged apps to existing AppLocker rule-set + href: add-rules-for-packaged-apps-to-existing-applocker-rule-set.md + - name: Merge AppLocker policies by using Set-ApplockerPolicy + href: merge-applocker-policies-by-using-set-applockerpolicy.md + - name: Merge AppLocker policies manually + href: merge-applocker-policies-manually.md + - name: Refresh an AppLocker policy + href: refresh-an-applocker-policy.md + - name: Test an AppLocker policy by using Test-AppLockerPolicy + href: test-an-applocker-policy-by-using-test-applockerpolicy.md + - name: AppLocker design guide + href: applocker-policies-design-guide.md + items: + - name: Understand AppLocker policy design decisions + href: understand-applocker-policy-design-decisions.md + - name: Determine your application control objectives + href: determine-your-application-control-objectives.md + - name: Create a list of apps deployed to each business group + href: create-list-of-applications-deployed-to-each-business-group.md + items: + - name: Document your app list + href: document-your-application-list.md + - name: Select the types of rules to create + href: select-types-of-rules-to-create.md + items: + - name: Document your AppLocker rules + href: document-your-applocker-rules.md + - name: Determine the Group Policy structure and rule enforcement + href: determine-group-policy-structure-and-rule-enforcement.md + items: + - name: Understand AppLocker enforcement settings + href: understand-applocker-enforcement-settings.md + - name: Understand AppLocker rules and enforcement setting inheritance in Group Policy + href: understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md + - name: Document the Group Policy structure and AppLocker rule enforcement + href: document-group-policy-structure-and-applocker-rule-enforcement.md + - name: Plan for AppLocker policy management + href: plan-for-applocker-policy-management.md + - name: AppLocker deployment guide + href: applocker-policies-deployment-guide.md + items: + - name: Understand the AppLocker policy deployment process + href: understand-the-applocker-policy-deployment-process.md + - name: Requirements for Deploying AppLocker Policies + href: requirements-for-deploying-applocker-policies.md + - name: Use Software Restriction Policies and AppLocker policies + href: using-software-restriction-policies-and-applocker-policies.md + - name: Create Your AppLocker policies + href: create-your-applocker-policies.md + items: + - name: Create Your AppLocker rules + href: create-your-applocker-rules.md + - name: Deploy the AppLocker policy into production + href: deploy-the-applocker-policy-into-production.md + items: + - name: Use a reference device to create and maintain AppLocker policies + href: use-a-reference-computer-to-create-and-maintain-applocker-policies.md + - name: Determine which apps are digitally signed on a reference device + href: determine-which-applications-are-digitally-signed-on-a-reference-computer.md + - name: Configure the AppLocker reference device + href: configure-the-appLocker-reference-device.md + - name: AppLocker technical reference + href: applocker-technical-reference.md + items: + - name: What Is AppLocker? + href: what-is-applocker.md + - name: Requirements to use AppLocker + href: requirements-to-use-applocker.md + - name: AppLocker policy use scenarios + href: applocker-policy-use-scenarios.md + - name: How AppLocker works + href: how-applocker-works-techref.md + items: + - name: Understanding AppLocker rule behavior + href: understanding-applocker-rule-behavior.md + - name: Understanding AppLocker rule exceptions + href: understanding-applocker-rule-exceptions.md + - name: Understanding AppLocker rule collections + href: understanding-applocker-rule-collections.md + - name: Understanding AppLocker allow and deny actions on rules + href: understanding-applocker-allow-and-deny-actions-on-rules.md + - name: Understanding AppLocker rule condition types + href: understanding-applocker-rule-condition-types.md + items: + - name: Understanding the publisher rule condition in AppLocker + href: understanding-the-publisher-rule-condition-in-applocker.md + - name: Understanding the path rule condition in AppLocker + href: understanding-the-path-rule-condition-in-applocker.md + - name: Understanding the file hash rule condition in AppLocker + href: understanding-the-file-hash-rule-condition-in-applocker.md + - name: Understanding AppLocker default rules + href: understanding-applocker-default-rules.md + items: + - name: Executable rules in AppLocker + href: executable-rules-in-applocker.md + - name: Windows Installer rules in AppLocker + href: windows-installer-rules-in-applocker.md + - name: Script rules in AppLocker + href: script-rules-in-applocker.md + - name: DLL rules in AppLocker + href: dll-rules-in-applocker.md + - name: Packaged apps and packaged app installer rules in AppLocker + href: packaged-apps-and-packaged-app-installer-rules-in-applocker.md + - name: AppLocker architecture and components + href: applocker-architecture-and-components.md + - name: AppLocker processes and interactions + href: applocker-processes-and-interactions.md + - name: AppLocker functions + href: applocker-functions.md + - name: Security considerations for AppLocker + href: security-considerations-for-applocker.md + - name: Tools to Use with AppLocker + href: tools-to-use-with-applocker.md + items: + - name: Using Event Viewer with AppLocker + href: using-event-viewer-with-applocker.md + - name: AppLocker Settings + href: applocker-settings.md From b2aac0a97e2e6d0da4aee2ce29a2797bdb338e17 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 22 Apr 2021 21:56:10 -0700 Subject: [PATCH 078/156] Removed parenthesis not removed by the converter --- .../windows-defender-application-control/TOC.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml index ba1a8198e1..eaf0d1aa66 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml @@ -108,7 +108,7 @@ - name: Known Issues href: operations/known-issues.md - name: AppLocker - href: applocker\applocker-overview.md) + href: applocker\applocker-overview.md items: - name: Administer AppLocker href: applocker\administer-applocker.md From 8a144e02db8f8b67ef1dcf2539c535d2346e5237 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 23 Apr 2021 10:15:55 -0700 Subject: [PATCH 079/156] new articles on deployment service --- windows/deployment/TOC.yml | 4 + .../update/deployment-service-overview.md | 147 +++++++++++++++++- .../deployment-service-troubleshooting.md | 33 ++++ windows/deployment/update/media/image1.png | Bin 0 -> 86655 bytes windows/deployment/update/media/image2.png | Bin 0 -> 40823 bytes 5 files changed, 182 insertions(+), 2 deletions(-) create mode 100644 windows/deployment/update/deployment-service-troubleshooting.md create mode 100644 windows/deployment/update/media/image1.png create mode 100644 windows/deployment/update/media/image2.png diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 36ad237ce3..1964f9049f 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -164,6 +164,10 @@ href: update/waas-manage-updates-wufb.md - name: Configure Windows Update for Business href: update/waas-configure-wufb.md + - name: Windows Update for Business deployment service + href: update/deployment-service-overview.md + - name: Troubleshooting the Windows Update for Business deployment service + href: update/deployment-service-overview.md - name: Enforcing compliance deadlines for updates href: update/wufb-compliancedeadlines.md - name: Integrate Windows Update for Business with management solutions diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index 0bb5ba0b66..3153e63472 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -11,8 +11,151 @@ ms.reviewer: manager: laurawi ms.topic: article --- -# Windows Update for Business deployment service > Applies to: Windows 10 -Lorem ipsum \ No newline at end of file +# Windows Update for Business deployment service + +The Windows Update for Business deployment service is a cloud service within the Windows Update for Business product family. It provides control over the approval, scheduling, and safeguarding of updates delivered from Windows Update. It's designed to work in harmony with your existing Windows Update for Business policies. + +The deployment service is designed for IT Pros who are looking for more control than is provided through deferral policies and deployment rings. It provides the following abilities: + +- You can schedule deployment of updates to start on a specific date (for example, deploy 20H2 to specified devices on March 14, 2021). +- You can stage deployments over a period of days or weeks by using rich expressions (for example, deploy 20H2 to 500 devices per day, beginning on March 14, 2021). +- You can bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization when emergencies arise. +- You can set up automatic pilot deployments tailored to your unique device population to ensure coverage of hardware and software in your organization. + +The service is compliant {COMPLIANT WITH WHAT? BY ITSELF THE WORD DOESN'T MEAN ANYTHING REALLY} and privacy focused. + +## How it works + +The deployment service complements existing Windows Update for Business capabilities, including existing device policies and Update Compliance. + +{BIG IMAGE} + +Unlike existing client policy, the deployment service does not interact with devices directly. The service is native to the cloud and all operations take place between various Microsoft services. It creates a direct communication channel between a management tool (including scripting tools such as Windows PowerShell) and the Windows Update service so that the approval and offering of content can be directly controlled by an IT Pro. + +{SMALLER IMAGE} + +The deployment service exposes these capabilities through Microsoft Graph REST APIs {LINK}. You can call the APIs directly, through a Graph SDK, or integrate them with a management tool such as Microsoft Endpoint Manager. + +## Prerequisites + +To work with the deployment service, devices must meet all these requirements: + +- Be running Windows 10, version 1709 or later +- Be joined to Azure Active Directory (AD) or Hybrid AD +- Have one of the following Windows 10 editions installed: + - Windows 10 Pro + - Windows 10 Enterprise + - Windows 10 Education + - Windows 10 Pro Education + - Windows 10 Pro for Workstations + +Additionally, your organization must have one of the following subscriptions: +- Windows 10 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) +- Windows 10 Education A3 or A5 (included in Microsoft 365 A3 or A5) +- Windows Virtual Desktop Access E3 or E5 +- Microsoft 365 Business Premium + + +## Getting started + +To use the deployment service, you use a management tool built on the platform, script common actions using PowerShell, or build your own application. + +### Using Microsoft Endpoint Manager + +Microsoft Endpoint Manager integrates with the deployment service to provide Windows 10 update management capabilities. For more information, see [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates). + +### Scripting common actions using PowerShell + +The Microsoft Graph SDK includes a PowerShell extension that you can use to script and automate common update actions. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/graph/powershell/get-started). + + +### Building your own application + +Microsoft Graph makes deployment service APIs available through. Get started with these learning paths: +- Learning Path: [Microsoft Graph Fundamentals](https://docs.microsoft.com/learn/paths/m365-msgraph-fundamentals/) +- Learning Path: [Build apps with Microsoft Graph](https://docs.microsoft.com/learn/paths/m365-msgraph-associate/) + +Once you are familiar with Microsoft Graph development, see {development resources--NEED LINK} for more. + +## Deployment protections + +The deployment service protects deployments through a combination of rollout controls and machine-learning algorithms that monitor deployments and react to issues during the rollout. + +### Schedule rollouts with automatic piloting + +The deployment service allows any update to be deployed over a period of days or weeks. Once an update has been scheduled, the deployment service optimizes the deployment based on the scheduling parameters and unique attributes spanning the devices being updated. The service does the following: {IN THIS ORDER SPECIFICALLY OR JUST IN GENERAL?} + +1. Determine the number of devices to be updated in each deployment wave, based on scheduling parameters. +2. Select devices for each deployment wave so that earlier waves have a diversity of hardware and software, to function as pilot device populations. +3. Start deploying to earlier waves to build coverage of device attributes present in the population. +4. Continue deploying at a uniform rate until all waves are complete and all devices are updated. + +This built-in piloting capability complements your existing ring structure and provides another support for reducing and managing risk during an update. Unlike tools such as Desktop Analytics, this capability is intended to operate within each ring. The deployment service does not provide a workflow for creating rings themselves. + +You should continue to use deployment rings as part of the servicing strategy for your organization, but use gradual rollouts to add scheduling convenience and additional protections within each ring. + +### Monitoring deployments to detect rollback issues + +During a feature update deployment, driver combinations can sometimes result in an unexpected update failure that makes the device revert to the previously installed operating system version. The deployment service can monitor devices for such issues and automatically pause deployments when this happens, giving you time to detect and mitigate issues. + + +### How to enable deployment protections + +Deployment scheduling controls are always available, but to take advantage of the unique deployment protections tailored to your organization, devices must share diagnostic data with Microsoft. + +#### Device prerequisites + +- Diagnostic data is set to *Required* or *Optional*. +- The **AllowWUfBCloudProcessing** policy is set to **1**. + +#### Set the **AllowWUfBCloudProcessing** policy + +To enroll devices in Windows Update for Business cloud processing {IS THIS THE SAME THING AS THE DEPLOYMENT SERVICE?}, set the **AllowWUfBCloudProcessing** policy using mobile device management (MDM) policy. + +> [!NOTE] +> Setting this policy by using Group Policy isn't currently supported. + +| Policy | Sets registry key under **HKLM\\Software** | +|--------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------| +| MDM for Windows 10, version 1809 or later: ../Vendor/MSFT/ Policy/Config/System/**AllowWUfBCloudProcessing** | \\Microsoft\\PolicyManager\\default\\System\\AllowWUfBCloudProcessing | + +Following is an example of setting the policy using Microsoft Endpoint Manager: + +1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +2. Select **Devices** > **Configuration profiles** > **Create profile**. +3. Select **Windows 10 and later** in **Platform**, select **Templates** in **Profile type**, select **Custom** in **Template name**, and then select **Create**. +4. In **Basics**, enter a meaningful name and a description for the policy, and then select **Next**. +5. In **Configuration settings**, select **Add**, enter the following settings, select **Save**, and then select **Next**. + - Name: **AllowWUfBCloudProcessing** + - Description: Enter a description. + - OMA-URI: \`./Vendor/MSFT/Policy/Config/System/AllowWUfBCloudProcessing\` + - Data type: **String** + - Value: **1** +6. In **Assignments**, select the groups that will receive the profile, and then select **Next**. +7. In **Review + create**, review your settings, and then select **Create**. +8. (Optional) To verify that the policy reached the client, check the value of the following registry entry: **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager \\default\\System\\AllowWUfBCloudProcessing**. + +## Best practices +Follow these suggestions for the best results with the service. + +### Device onboarding + +- Wait until devices finish provisioning before managing with the service. If a device is being provisioned by Autopilot, it can only be managed by the deployment service after it finishes provisioning (typically one day). +- Use the deployment service for feature update management without feature update deferral policy. If you want to use the deployment service to manage feature updates on a device that previously used a feature update deferral policy, it's best to set the feature update deferral policy to **0** days to avoid having multiple conditions governing feature updates. You should only change the feature update deferral policy value to 0 days after you've confirmed that the device was enrolled in the service with no errors. + +### General + +Avoid using different channels to manage the same resources. If you use Microsoft Endpoint Manager along with Microsoft Graph APIs or PowerShell, aspects of resources (such as devices, deployments, updatable asset groups) might be overwritten if you use both channels to manage the same resources. Instead, only manage each resource through the channel that created it. + + +## Next steps + +To learn more about the deployment service, try the following: + +- Release blogs +- [Windows 10 feature updates policy in Intune](mem/intune/protect/windows-10-feature-updates) +- Windows 10 quality updates policy in Intune {LINK?} +- [Windows updates API overview in Microsoft Graph](/graph/windowsupdates-concept-overview) diff --git a/windows/deployment/update/deployment-service-troubleshooting.md b/windows/deployment/update/deployment-service-troubleshooting.md new file mode 100644 index 0000000000..2780242f8f --- /dev/null +++ b/windows/deployment/update/deployment-service-troubleshooting.md @@ -0,0 +1,33 @@ +--- +title: Troubleshooting the Windows Update for Business deployment service +description: Solutions to common problems +ms.custom: seo-marvel-apr2020 +ms.prod: w10 +ms.mktglfcycl: manage +author: jaimeo +ms.localizationpriority: medium +ms.author: jaimeo +ms.reviewer: +manager: laurawi +ms.topic: article +--- + +> Applies to: Windows 10 + +# Troubleshooting the Windows Update for Business deployment service + +This troubleshooting guide addresses the most common issues that IT administrators face when using the Windows Update for Business [deployment service](deployment-service-overview.md). For a general troubleshooting guide for Windows Update, see [Windows Update troubleshooting](windows-update-troubleshooting.md). + +## The device isn't receiving an update that I deployed + +- Check that the device doesn't have updates of the relevant category paused. See [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates). +- **Feature updates only**: The device might have a safeguard hold applied for the given feature update version. For more about safeguard holds, see [Safeguard holds](safeguard-holds.md) and [Opt out of safeguard holds](safeguard-opt-out.md). +- Check that the deployment to which the device is assigned has the state *offering*. Deployments that have the states *paused* or *scheduled* won't deploy content to devices. +- Check that the device has scanned for updates and is scanning the Windows Update service. To learn more about scanning for updates, see [Scanning updates](how-windows-update-works.md#scanning-updates). +- **Feature updates only**: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is successfully enrolled will be represented by an Azure AD device resource with an update management enrollment for feature updates and have no Azure AD device registration errors. +- **Expedited quality updates only**: Check that the device has the Update Health Tools installed (available for Windows 10 version 1809 or later in the update described in [KB 4023057 - Update for Windows 10 Update Service components](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a), or a more recent quality update). The Update Health Tools are required for a device to receive an expedited quality update. On a device, the program can be located at **C:\\Program Files\\Microsoft Update Health Tools**. You can verify its presence by reviewing **Add or Remove Programs** or using the following PowerShell script: `Get-WmiObject -Class Win32\_Product \| Where-Object {$\_.Name -amatch "Microsoft Update Health Tools"}`. + +## The device is receiving an update that I didn't deploy + +- Check that the device is scanning the Windows Update service and not a different endpoint. If the device is scanning for updates from a WSUS endpoint, for example, it might receive different updates. To learn more about scanning for updates, see [Scanning updates](how-windows-update-works.md#scanning-updates). +- **Feature updates only***: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is not successfully enrolled might receive different updates according to its feature update deferral period, for example. A device that is successfully enrolled will be represented by an Azure AD device resource with an update management enrollment for feature updates and have no Azure AD device registration errors. diff --git a/windows/deployment/update/media/image1.png b/windows/deployment/update/media/image1.png new file mode 100644 index 0000000000000000000000000000000000000000..022773946c391aad9ee1e985503e24cdeea44c24 GIT binary patch literal 86655 zcmdSAWl)?=*YAr%(81jkAi;yXy9GjUcMBdE++lEc7+ezE-Q6{~&EUZ$xNPqGdEc`? z?NjIMeZHKkxoYZ~zGl_xp6=U|=xhWF^&LVBkP+7ZM86+b4@x zzBq4hur6vc;xLtyWQT7z2$o_>VlXf@v1m`mh;R4r9A&j#U|=x&{<&a>97@e#U|x&l zB*oN$2FKZm{`v#Iho)NFY&8<2+ps~RIO2{d_C>tRI-jl?SJdk3Wj~%)QU?UbiLU7{ zuCMEFxWDXoWVY)k#C6-(I{Thq-soowxLZv6O%i>K$Y=QH#l@X+*2f+oa=IsiFQtkn zrJCd`P43s2{(3wfj{uc?@t(?Azf}0A0Z;1CA!=_*@5L_JP{S1;bQe9v^de~VIo-mj z;6JuzyQ*tyv?mPx_NU}u(wHcF7A`T+oj~8+QXKv@jaTGnQgM$?&hXE-Pr4~(UbYba zy8*5Oc>?*w5+vE9Lj{Kq`j2<;L6vY9RD)Q36`;+VC)I$`e_fvKVn?8Hl(A2c5K334zM5_W&d8pvr= zq?^-vp#YrMIlp&3K#%*^85FuW#IkownKbSr*EN$k!>*THLcGs}IW<&~~40YLQm-|ExPRb;s*>5|IN9OVD@ z-#Lo22}hrO0({!+ELip)9|W&MC4Bw>yOR7}BIYI~`dg4D2&kDnwD&x`$w|? z_l33IsYNH~1|qnP{?xL6f2K0JK0?KPt_M3DczlOH72??7r~`j@8t(XMR8;!y$907_ zDK8I3i?Y|GhBbzlNMRe!wopN#BBWn6#R+fjPcrW0q*JEp84!0O7$J(n*LZe(-yu=H?8cI!SA^D_6V^uvgY66vmt1aFoM zZd*h?8Rgrg+|`6D@Z9)G?Rw>*ddY*n;7H&SyTN;%TN)J5@h~pSXD=B=sP8My+tRW` znfN8JrqjxTVS19yMC=KDhUQW+#ZgRDkBdkA<)tMTN+yG>+xl`W#_3jl ziyhsNU4h}z%pVsWZQeKKUp)}gHh0Dvvunt$zBp~M;Y7C8k;T1|18)D0Aas|B;CWnZ z?7Cr{H}rww+?%5E#ucM$h#H#$rxJ`{-8V22W8cLPD*lvp*n61gx*Ec6Hg>VNVv%18 z;PL!(1KBw`WUxk<0>1prbN$d&rJ6PP;<~#PbcSx6Ex;aUFC-%EixuNoB0$iu_FbY3 zG$5jnukzaLL?i^%hkFj%rb{~uJMw54Veq>TMMeUr9x};>N_&7{U8n%v)~=#8eo!6+A$u_zaRJU)lSrscNr7xIz-ZR*RY*W8%euR zxb^sxEY>%U0Yumq`tk*}o5iRynubE!R0ShBjP&N3s~SWDhr8YG8&~M3jFv63C~^Nt zv#tq+lJO~5V{HN75&AhsaV-&29Q00^NKiVjeb`@+1MapyiM5k^+Pl;h1P}b-2hj@V zG=!zy*VJ9Chm3M_x9wDav zvL)`pCn@AOl+6?l5@|K-yhxAbhgS3%{Jp7CdZZ_c6~&=@+!w84-B+ZzJpvx3tP|-( z-BUI+BFeh^IRxV0xGHvzc4bYsJ0=KC0EUpKr_$!FbSfBuJGV`HrsCcR3zD2IiPc2L zL&`Hch1T}72%tykP8L7*&%Oeo)Q8HXml3LB#U#WG0!Ub_j-gFAWq*oM(cfpM7loyy1M|KS8vuQpGY_ zXdEPX5O`>u)GKcJGH)agx&}-^+vUV|_Uu^UP{0-UUnLGMmm#xJ1Qc81h~`T5_o5*v z<+`jO>{#e{%}bKO7nKtxy3-b>80W~$(!$zw79rZK!D`W^6g?^97Zzy9N~XaC%|dKt z1}^pD_|}z;miJOERj||Gg)mdD#tBp6o)*f$M<$z|(d;5<4+-v>l%-4BjHLbNY++&149hw+(!&@9laDOp(MX7G5pjHR z-^Qk}MHj)uVjM&FU*oDcK3M!7e#T}AKD>KQ9Cilfd8j`n3{54YhMgu1|=w7s8Wwr2rXJYZ5K+)&TR+aHQqgeMl% z$Ti#y{mJ&c^zxGuWTz9Q@h$+Fb2lZDKN9yv(KM}&WV4tEdNwQ@AE01FfS)0sK%l&K zHS?y<_|&mz$wi&m@VAA=(H~SBRFNqT%<-IoduKeI6AAmlC7u@#;w=PFC(bY|CvA;& zrbE;r85iDo1Nv&wwG{Ocr!PvXJ@%YgjNF^{3<+$s9eMX|6Q|A>1{p#>Fp&lKE|AMd*#jqI!JHirxgN5+b641cud zELqovxDE!3@+UTJH>)cvq~>7vSbq%O=J+CMsN+jML|wwAEVAkFG5&E|ukiM;;9?SK zhDligI4G%X2%;t8lj5UjKFEbY8abUL8R)4bSpKq7c-$EWUnZ*8 zql@Y416`C4-{HPp-J%&5hIc>hSM*6~VWK+Yi=oCp4*c>az&*M2h3O|k7-*Rjm+V*n z-SFj8*y7Y`d~x)3aAKvTVU|%?w!xtWZvfkB_N9 z$BPm{^v*M3HK?(vDetk0f+p~&<~CuV;Kx*v6W+kt-%p)q?z$0D-XYanLY6vg7^dtu zBq9PCli0!_K7UlCR_girCiyv`exRFb5b#$v-wCiyU>3)hP?i*%iDjnTQ0I5=P!qZL zUgZ`sbp|y9_22p0?G|0l=Y6z>msmjPGpCMO$#Q zPrCp8CpNT2yxG|aDc2M2_=L*WdjnLTj!OU2y=FSt1?Uksx)1#gjUYxwu@WN7%iD|dnd%!|;;SGKgid?70@=LQsXB2^G2kq!|HP(Q)N z#`@&cd6{r@UjpHHtkigWy?=GA{|GKKR@k_c38!may&tY5x^wx<@G4n^RhY%Fh3S-E-v$WU}czr&BtW9%l zO{#H|iGwrHEe0z^Z*+Z<>NFLcn`;)&kSU{2Gm~b_kbiVMyFoo|ky>!w45~?g9+#CT z7Zmpp!Gz*xHyDw%z5TqO8biV=FP+q6@^?5Zkm0AS9`$6@5$&WSxxZ5B{7x#DdJ(~;5MPe#DG2Q{24I;j zOt;w0Bgp_kGZI}@m7=cQfZpl8EhtaF7Ipc6v|8Ial3I_7>bcq_d)3oG?%j*RW_{ zDKyF4$L0hMufE-TpGYY2H#c5HHz(}xA@7S!81EW3rp%%n4>;*}SS=Zj!kt9^M!dek zsUyS>#FK$|gLFW2{qJHzU>+WI<*r{Y^;$2o7%t{XXog|-X`Xvm4Oi_bEH3%H^iTN zL#UHFgNi$T@Z5l^aqO2)Q59pm<@pjdz$$crBljZ(q?g0v(idfAWl-ZCYjsQsb2$F> z?k_k`=ri6=vs?jKK@hNHLLa;eb79e+&IOd=oodGFwYRGyutlCrybp1MvmR(h$~f3G z$WW?c9xb$esfli+`xa5MK%$NbrCmFCu??NZT2(j{QdR&&ozF8yI6qlUswUaPNTWjw zC@5;Mebx1rnFjxgx@B`Jxux-&iNy3F`&1bb8S`Sm!c>!Mxc62pQ(L%!#oIjtvYL3&SKoDo12kczIfdyWUu!3}$mO=Lvcle}~z zL+e4T2`zT#T+aVVZcuWab zd)u3&kt?`&$cAWVSW{6B{6hi?SqKp{GH;ljT3BaK(Cu%h{`S$-bk5gc#6jrcwQ-3@;9M&6!-@#{lFi(TD;?44p+-3$~!JfoGu1j}hewFPN?hJu^r zaam>sdqYgmzgME1`|$cVH~t`lzzg0R9Au)NQGrV$HmNsSoP;N(y42cffm?5ZW^z=^ ztmdL}rM2D|?Ed+7t^#6XAKIU@!}p6Cc)O{2LF!BgRQS7#Fs7k1#cU>%%8j#4m|ey@ zv_bk-v}nR8)F3>NFwuI2+_#;x6WQN?zeA}5fDu@?MtNT)j`Uv}m=%l(5T5b_Q%^JzJp~3}0lrwBt~XZ& z{vlZ{`ba#nXJtRdRBo9^+T9DdIQaNByO=F=aA9rtI237Vw(Am58i*zb%yDrKlFG2aiW0-rSZ~-G9hVi@*QmUPDxlx{;E%qR{^K*U# zot(mf7m8|@<_d!`X!kmzSqbVIK<9itBK08QE4sN>`>C)F=}u=^I37D?{brX@X$a7@%G=3~!W7%*|CmcjzhMrD>_a6u z;1y{q6zi>I7=m96u%g0JV|PaH#Bf4s>eYT~i9{=?c@m;3E&G{^Y#<`qR{MQ;W}{YB zH3kPBmSM+s?$|YsLZ-1Eq|{%QHEg&>M{@AK-c=%=I?G zO{9ZZ6N!MLb30fR6cBb+n5~f{E4ugM6*|Dzy0?)m$mJq{>h4jguTbu4^2bo44 zktoIU5`I9NWCugG+%^I%#Gbgp6A!%pwook)*~=9bkS-YG77+v=Ty<1O1Zld7A*QOV zp}dvU0;q-Cb|N*7{VinZ$E7NN@^uulgZN16y=Awz(#;rH=`;1~f5}H$c)_m%M6YB7 zWXJ#(7wqv>N9JW4Uke~JWt#`lbK>?}Y-f#h+y6227H5h^Y4oY-uZu#~#SjYosV(M^ z$~Nv)ur2XLxXbw#p!Bubn)mslr~~;?hJ-AF!zBtrdMk71NG?cu)8y1n7D0O@+`s*n zvf4HAQ=Z%NEj*!J*vFV2xktM=G6!QhQ4d`@(1M-xrT7f~r`!jgOAIo%eGR-?`Jc*T z5Y0tNQE5Iy7ZDLHr%QN%`FZr_!UUL2Bh+c=V&T!K8e;~j&(gbkoh^+mke9OS;yd%@ z^t=UU9VDnL`s$o?k$=qtY44nje~_&lhzYb}%f{+8A%l0+rxnD}81qad)q|$-O5Up%L-8V~PkfOg?&*rf z|1QG{mJ(!xO_jE~f0toRN!*Wb_ojc?UN!KFZgcOys(NCQ-W4f6iTHW)F@KjtD_)v8 zt4te)xK-Po7%nX>9q&}_-_<3F{CKj4s0jEeGQ5NBL~ax^RxX%t*YUi$Eg1Q&t$UAO z#B)!81)B0!tPl0{*&{3}Z_h7Ry8I}1Sz7+I2E zp`TfeSHu(GZ9SPoH<1%DJ5jHDsV)=Ny88(Cf5ZX)SIYOlkRj=Rhb;X6#^ON44Q8VE z8!YnWwERo1P6bBTQ^L$Y+LKC%OqA}*zvg}tBp=xvn|XsuNvAZ!L*e#qRH1b5@3a~j zI*3Wj90Xo+)m`_e-nNS|v(M4HZ{#QmRzl94!)aM2KzP#3H0d9X@(ds)&CGuKOXiny zSrQ|{{A9f!E2pm|BH^MSa3aTCK=*PgH(Hj#@S$Y%@@P?2e^DIyGb2+MW`ITA&awQb zGW%M)Lq7RWq`Myc^*@ylO%Wb=RpY86B&0?de->On*^E_z;oW}b7keG6>DV_c#=mwJ>JLcYPw3>($mv`{j4f@rd^#qxFbOM}3wL!DcFs0r zJ$|5dTz^CA=-|xMIAtoj?V4&hKJ)3Suc=hkjCr?D25KED9iTPWLVx6!+{uI_^jve%eu z7p4rdfHQOo(k+bq2=+T^Mm{Y{6hv`teg_SV3!La%}_&Qx_;= zG?O>xp_50PkAFF&p`NiQX)*_!w$b>dUTg>Q$7uQSs|~5n!K9_eSMA>_9p>u;Cuq{M z1x?BgPY*wGYp=G(GOZnS`1HAXz%2YiF^%*oUzAmuTliNKv%lXqA7_)`dJQj<$u@{|eIM(iWe;|AHYc(hq!5^tgkBN!&dK*P8ioPhM0aJpQO^f@AN-cEM+M?a(w#8y_T3o zc5)~nEK<@OLr^u6o3h|G%J{P+aMn|&K`7RDDSj;`);Z5SYD??D941heHe_m z`{{*L2?oXVhdxKg#b4OU5BOi5Jm5)_k@y`v>-ENRiz*~+G-9#>0PdN$_+t$nYvjB4 zB3r;mV_TLF=HFCZOG^Y<^>!(JQ^f@m6+TAf5E2tpOg9mb=l&q$7W_)qg%+2lO?^=p zT@|f^r}yAOCnK+w957;8c4_^$^7F%LgM^u*2B-_|+wVr_R%=2ChnF~&64@V#0+R{r zVHkZ}JIuL3G>4!X@(f2^lMfx|=KK@cL=1<=juX9MZ7Iu%)-FriHDgOLU0r&KDv7*N z+hKQKTtTF7gu!9Mx~IAGK4K{JuTX2K!|%z@o-Wpn{e+FNq{q*R%FnYuf^NxAeHWYx zugPn*8O(PUr@5|h`?NpG=t5&tCcI)6%H%}{Lu1}lf>g_f2l7?h4*^R-@ zYi*l!v!NX!cKiGcpZXIomrj{C6C_6TQmS^hh3?jr9wQ2MaoauGzK-=H@zqp>2nC-! z#-AXxYX0VGtRZK%6!`N2;$;efUCA+Eaf62hefRZ~`&_ZhM&QUBDn+@R7nH)dG>UAW zC7TC(y0d*KnHY+EQO7?EZP4aSnhMbm)A#kWuI2qYttZI8VW>mZX+gTWV3AK{sA*&L zcsX*Zj*8_>PuTdiI>hj@E?4&}i--f>YE`AN*xGw%GET0h8Pu5A-dUs;dRdFdN7zl5 z?F|~6eXpKkxPxeOQkVWoYD^ek37KwROyV8dxA?a6jy=0`HI5lF#Z;OHVedqqI-C%^ z9HzA@UjIieCp-2V&e_-(lZ2%7ilc-R1j0|K;WsE<)1f8ke>8Vxi3I;`i#!;koZa1( zbSV}csv%~xRL5_WlF!CPd)&`O8F9Uxew5F$%>L+joLWV#T^6A zUDQGChm;O>*fnmvpMH^k46_ZN8w$~GBm=v5%HhTHXP$|8R*M+Al%X^*DZ6euN(X8p z*%<|dN}`$uSk~{eESU=(Pkc{j9tL*DG@BI4r1(PHdAe!nZ=v~L1h?c1LkpcW{lxnsl=PlS< zByD5#wHwZHpb@9_eEv)2RvM#{1kIY%xt0p;)dQ5t(^jrANj7}B;kx?>`5^vH&U!VF zz|}1yYJFSfifbO$@UzI6oD+vfm z6mnksSs+p9EMhB86dm=qU@f2D^I~qD)5V*2A{$4J(#70|Idb&!51nWHQ~-zZO`#)p zT9tQ8Z0G85GN92%Y2rk$*fa~S#&Oi#DMiv02^n++cl%--+0sHVQAZ1X>i4Ki{f;7- zY9$|n61eWK6cW^}cmMG5fF;!Qd3jIAlnk?q@?lEk@(%$)H>T^&&lx)ho5C{URvDir zY8g)0?z1V)!f^lfWIbsI?~a_k8l-b)_k@?IFqe&<0_1(1$$BF4C2`Hcn8$}1r)kypQeayZ`96`%6X2HFLU2fXkWZ)sZMPtGJtV~VG)r4I*?iP`HcYU>ENUF2B1~U`KP34wEP`%o83qI}pwFcP)EvFE?^x+R zSC!Sl<2#G@96R~~_9ZJYxGL`F z^54^npNkED-!L?Di=|~s*@nE6JVE55ozHN@{LHm>i^3?m+P3+A#!vf6+_e|5va&MU z!jW%%90xOrE@r~Xp#`KdE|}JC71l+?11U!BxVk$ft-QA}J4d1kvT!O6G2-%4TeZd* z5|dXhBEzcM?Kc*472br;{*fG@AoT;SWFHe1!?DqhPY@vgriDb%tBBnx%;pH- zuHqdh{x$4zwtxq{fDaeG<#JK}RX0fvTzPX1pnM%-gdPUrw=nhoLeV#OFH#RLIq%tg zKU}kE|EajH7~!jUp+L3(v)1W1-A!dF{Jp)6Chd8WA=3v;pxAQ@&H1gIeFU3^4 z{+cXL7P*w>M08STbV<~CVznVqhry@ybL>?s8gm-4Jmkr4NtnGyCWd23l~L&47!@P( zGR|i)n@hI;hrL`7Q2n!(9@tC1x_?I5mjLv&=nQ7{i~c4}J_3a>@OXSRT$z;g(*^Ly4$;pLX_Zr0m}xqCG83DY8{=juGh}|i zvVV3`03ijp<)2a`Z0F|GnfGX3@FfVx`{^Z;5k`UJvJ(|JUb=n8Loc-7 z6f=0E#qY>5mpFrQZ(5U2kTRB#WjyB`CdpZp(=Y!>H~w%#)-3?gvrOLP6K*{P07Hk) z1Jl`YRH~({l!8vYAc^ZV%}zc*b=DjKtx6#lYT1~cAN$JTxx02#fZN{<6G;iW6H{lS z9xdR;8mji2V+59=HLKkly_iJ;4+CDiEl9AYv!%($Y019z=y;DEt5AR0(&FI{ zIP7;YG}|eW($mRTq1B>JY&<1wZmH;WU)1e&yn54+r96V z(PP1?bz-4TJGQxp6krWAS3GnlYy)VBl*^@QSLUenSTx1cCY{1bTw%-OJbNC_(5;~e z__WhI3I!G!lS7h)t+y0i4_zg&&-ejeJIK{)YG|Ib-U+ch{Ehy}z5?mP(GK~YYnyOu z!b~kep~(N@M<_qi7lkix2y5Du4x~z9c}4maEt8+mF#%u?-t$ zB%pKoB*?ERZd{TtF4%w5Q$Rv-VDA*C#WKDn43elL@k?k3x7o!BAy`SG7f@OqG7mm7wJ)SZNGH4evnoV5z>q8A)g_n}oIO z9B5a^kGUoI{ymUurUaX~DnaTSDm@X1KFU=YbQ4das3FE2sZ^(lHBlvdj^t~=l2ARp z2n&|=??f%lg8>;}@gSpat!!29s4XKca_jAxh9SuBm6w0dul7rk_zT{!Ut0a;^6_7LOPIqVHColpoqtv<^{>)Kft1sB}8Z{)$WJY)GBS zhXRB<-bl^<^k`Zr5it>Xg-S%zIzQBa{KA6=cQ_6-|bxqC*Nk4T(gI&%_kqlk2?q6Gb|W9*;=c9<3Vr4oj1F0A&)T)Z-P#al#O zqn{b6Y71$4>lN8aE0By@6ryCA7J3${^1@7Gpd9)b>L9i_bxJVmlNy$-v(-mwAEy=C zh558tya4$9JfoI~WFq4@E|717)`R8{#4#%r&R4YIYmhAaQ$>n(8{>F&r_VOMWfGUR zpqHMbbwCx(T5_=?gWTA%rJv8~yS3yS!b`;JS<}ZITr+|uL|-p+W8b4(|G@V`ssiUU z)d?aCR(Z{izTcR}A;N`xYy?aRWg}8UVSM&yoKaMmpqGbj%J`WeI`1W~V61#Vj$$We zmO_BAUERGWP~~7VXToj0^!<%FIuHIRo*<@g&b-*CgX31#3O)YFd`b!&H@2?Ajx12o z6k?=kb7Q1-`#3ZsAhQnMr-@yLe?fWs`P{#wgDBe_t$&>yfA6FH?)r#1-uOF=cf{Qd zQ5ndmi0nbC1D49R&NjUJ}`jI;fW8$)uxwV#8&{QqB zT?^jzT#8O6@oCZa^M@ckE(cJ5I3po|$f^#}2YDGlT@Xb{@IIaR8JoJkijO`(dH_+j z=bD0F_N|yDc!(ZBRkFIxOv`m%3W+!szyQ7Cteh|jZv1>Mia~DebP-B(xfg+TJlWc@ zo1{C-0InVHMIt6{w;?3OQ7)a6zLRrtPt_|buhHR7zk^dOD#hy|N!5 zP!v%6Wj>7_^+C{!jo~ednQ0=8WT2V;b{hXyIM;TUbyXZPJ*y;TVwK&JB|G|S`|0qX za$D!Az)K5MEXO=e0`rTy#yO9Y(CLN3PrrUS6s4z#vHWcL>%7V9+ZpRSoVd^LB_F5W ztzpkLqdK}}Tad70wH!l^DqW5+yLfxJ zgI}WLkvqPcs#MTYXlSv9HLB1LMG$akOR(D~PI+1|viNwFh2mo%DmSdsShKKyw)L*F z_h>2L&@ar(m~Ho)B}Tkhp4BgDN*@$y#j4Ot3XijkrY40KN{*c`wj{^O;`OXPeT&`C z#_sWkGDFCqbrQj0nL*@SuX#(6!Vz{ryWjl;!r>$$cB751a0TS#APnmfeQKAtbI5?e zXR~r5q1c(SQU4-dcoxS(Nq7kVlf9#fcN@#sEIFPmo+xpx>%5<2&yN#6$l=?}T9+rb zh9{}^wljGKu8?vfCphC=tc)~lf`0rgR>1z4c9m#d?sy*zxQ7gh_ot_T3~8as0kStK z^t`aDkcNv+3m2(@+_vdF9^fuui34wjH*bciiHrPtZ$)UCr18+TsSN1*QMlb2sEF7~ z5&O6;@*ZeSMDz+adiy|y>mxg zWNRl!0)DIzpRiP{PwohTcJ@X*v4;@|G*E81*)|+^yRA3nN0y3{4lWr~U5C)I9@@%66G_BQ zuV_(0?DkH_F1+zuJ-)%(qDOzmhinJj!y5(Z5y7yC{A<=}k;{wQ#KS)=@lfqx9-NJt z5(m4Zd*HwGcr~ah9Gs6$Mfq<@D3mI))(Z zxiUkzNT9=$Moji?r$S26Wfb--jEk0Wr+7b)aGExy3-^m!_1YHVtq-FD!Of4j z&g!Unp;sNoIYi??%{P?uCL-J;)yT_tv34z&oBp9GR||y|_X*#|0UdgLs|_3`SE(Y% zGe-Y56!~(6Mr!u>D!i!>&HTN#Lqv6PNq(xmDad!p#vrv;AOIQrtFcy4%TEe#4~}QZ z=FtHwS<_wT<1$yR#vUuIGB?xq{OW?`K>IhW3zxlAvbH;^2c1^-%+ppAbbY@Kwse5r zTP`}6cGG{C3-93oGbg#_lHbkA$Lg0Yr*(mFE2ZbkL$v&~)Hd?DYr7`!1N`P4T_g#U z!qv0dmzLvj%UUGbhRr+f)yp!Du|~YPTitQo7c4V2OGsapeX)$;sqPl2@Cr6EYzeu$5+E?#gS5Y%JMZCO;S~Xoh z6CQ4QaM-ji#!;qyg61@TA~GzNV@9ZJ&?!>t`^ZE=@Z$}^A)S!>-iHV+09kh*=(mKL z^Dnc{cH?%K=O#CnNn^*SX+30Uk)%cj9~3>K--*{y9?`<-A>$gDCMa3k)RRRvWYwgw z2|A{2Eo=QiQ1~Ny0K0~jXbR0}uA-if!4oe3-s1QTiCH^U%4=@akEY&{Qt>H#q-vsW zF_V6;zjXkF%!FkBtO)omd&f&LF&36d0>4_x=Y`_)3cbHRpGY)gz$P%2xr33!2UAX2 zw4()+zQeg4sH0{o83Oy3(6-VRHLu{k`Y|7}t6P0Tgxuq2BF zGVh5OSC@;O#@^b#_a2vzHD!lzZ@`Mqaa;VB(WCLL+4%68yw^Wut4lALB{5cl$qjKT zK+cq%?^nEP(&HgjoB-PQZYC?Me{bXxyN$`Z4sYL zFaJzysk$og4L5CH?x$+5Z3TFo|CMaLKg?D)FlF)bgi} zCmZfwFmej0(zKk;jKtBt%iKn@z3zIW0opr86O(~Cya+Lfg*@eH=H(36Iauy96|q$b zTye3;OZZD3O+M-p>405*2kh-s$B! zm2e>vAV~xee*2q8dPQG^`J~MN5k_v_a~Ujj)Gi}3syUVNCNDP#MChPzNP3fxAxDLC zby?x;+XDTN#WD_S8WCKRM~G(Qa0}=w=zF%dXQu4jzE)Id!$Q|Dvt}N2OozzE_~d`&-jLBX%McpD=OKCK zG=``9Sa*ehkjEsap3vRPQ*Y0P`Gx9EI-4)07%CJLOkB!L4#9UX5!;pyHhj$6?vJNU z-c=PXc-Y5c?0QbXhYs@VSxc`20pD0gZ9L@1Ryi@p+pdLKRAEe~$ln^yyc9y~uAVi@r?*&aZ%MlEh;}&%#$JcoM(VwF-(_(%7TdVIr8y|9MzcK>-_x)U42Q$>Lwa7Tw` z?kZFE(*d8pulyaPwinI60L~5Z;&yz!WaQ7M9A=e*UeXV=+o9_b)f;9nJN=V$- z>kbK}KO3TRID!_Oc#U-dltASr;1c-~QGZJf9EJw}7;~k$ZgQVzad2M}>tbLu*121< zGghK8?J=lp{`ixV@0J7TQp;DPez-f-cVLyuX7SkQVk#f!0%prQkbLqJo4_wkzI`^I+RSuTHuI$Nt-r{KCqyo(D`j|I@t#uw|pH}n8iV>y1?cfYqlRHe|_8y)N5|&O_z}+DWHLmj;rqpO!%Dc z@`YwJy1rp58+=MBGQFQAu9S%-c?>zlQ)qhs;Fe;%q#}}|4lv$tXyM`#!yg*G(?t35 zb`Gt^?L&%1@57`7-?oI2@W5h+t6MwB8iqDF0`@fEohG&l1JGDuk$C4DJix z=kqVd=CN%oF-1RVpRAUsRCHSEl1Q2z2S(qETyFaL350JLWJt8Bm03wf(fd4^QdETI z+SnI3aO2HXTd91iv?~tVlr3EB9LaC+8kK}GMvQ&iIBCHx?pID$YRxyniHl>(FqIkYsxoXp41>y{y zO#O<-H`K6WEShmL*g3N9*$l+>~EUVEhoXl}$Ezp+98Y@%sDudIf6tVE02fGMYc)-H(D25qbQ8*krwG zyUl0Tvwatvk5%>Im}b9gr_l@FDl{H$OAareaw}#-_3({72-utyR0`6 zmVihuQO8{8XpQVw@9MF3B=$2G=lVCDsQ3#Cn$i*>XPCrRUJgG3Amy%4%>}>>Py$$3 zo%D9j(Z6LsfyT?4pyf!50aXMvc@!mH?OeKPW>gxiT^@vNq1C9K_>JrCSMHIF(Ire| zI6LN)W-dE=K@bWL^gZ0va3k!^@u)}8z){3ip1_uqVJo$QhFYMK=q>9~1<3-c)*t)| zbreQ2hJzcVworm<2Q92_OulozS5LnZARXjGFh>7uFrY=N2WiD@V1cZ$%!AXx2Ct*z zz#pX#8X@guUv8GkV;0AHVon<79>SHwq3utrh#QJDbFOuj(0R%dGe18|*L&57SWxJF zf8@s_|3rgXT~D2*>WJABju`K;-qOcFy&|*FD2z>}L`9*A%h8>{uO*Io#7}4WZC0Rs zO=z7=%D?+LdLGsZMfGk)^HFQ~Bq5|TI)mFL|6LY?igA39R3o;r6@~H}+fkuh8v*>_ zrAUXfrAj$h=oyn#I&42=r=ggRinRD$0zs@N!-@~_iSGe(h7BA9=k0x{h$9}VWfO;! z5`oEzd?71M7kUGyKM{=syv>;AQ9>mjra65(hCqX3=3Po7qNml}Tb9R$ikgL;OMNnLO4_aVnn)>b>t-VB!C%R5)` zi~bjjPE3EGclZD~7-MX*rz|<^tF5+19}{;r%~od#ivr zx;V-cr*U_O;O_435D4xBC%823ZXvk4Bq2Bi2u|Y;3GPmCce2GdJ2MaSIJ>V%S6};A z-MZ)e&L>wol2|&Q=GDVLUj_hoU)c#`8g=<(CMM+tjBC4@b!C;eBN~1_i`lebTmjj` z$u`9$Lr(v}QCtHoQx)Ui$2)uQlu< zxwn5rSy_N|!68CFh zGrm=Dj|oZiNq25^{M3D7dAiT!c?I{q8j@>>tvP20A7HpIt+36z}(5#Sl#tEgHS z3dUaSVi;a@Q+&2NW9~%qR;yTWd98*3c0%&TIe&KmR5c@eP67fxoP7D?(NWTvF>1liDH_iVD*T-h-f6O{MB`+B%I?`88Cc^dS1XGjf} z`~vpD5%qe59w>X;6Zz$IM)QlHOY8-CeB)G47ZxIvDhntM+J5mM{j;vc={(#;;&q6J zwV2@pZ6S4V(yzEYaH@vB!pL6sO(ZqbS9`3B;JtlJaRN3LvV+iBss1C~-d@VC#+XhM zT?UxqXjx1MjLF6Vn7!>RwudLD9|zgEiq?NVRIhCdm4|FmxnUH{OhPrxomsq`y?S%&`j>< z)~bYmRrzyqWYt%=Le(e;Bv^IQkXGiCN1?(gCf|=*xD1zD;D_^S_ZQQN7BKUX@<4jX z2nJ_vSbR5V`(8FZW!>4}wjySwcby%w1@qSYop4vdUby20*evsME4wb4l-YIFS0Ts5 ztvX0?+Nr@PyH$wr;phXNkK5rMHkNI)E{F%jovOL~<$LK9l+0RH-QJ!s zjo7rfn_epY>d<5meOD9}>Cdn2Xm|2+zYbSyeX7CuCkOyoUOW*Rs8aWFG5vmeb7YxbTI`tVO?-R|)C++6x z;;=es0fhOuq;ve7P-`c_ahTgaSkSNFIRWk1jpGo#(EXET&#Y9;6Xp556f?m-6(uiP z(c3+p=3i7EJ!6E`Qv%V5=o{IQFZ~@C^dea;;+J9^#|pX|DiX|#!bxNJAxO(mXLMT# zcIW|%vsd=Egi%Oai=^~?7TZ%z(8V}+oQ?tz)>DAj!d+}(E7m91CQFt7xysyf?BYSo z#WZ@pG9~rF zC7`iJV$s$>aoLJ4;1+y;OM`tb83faAc5Mv4`5tgtkBX@tsnK0Guzs#k%$LAReOH?1 zUIdBBJPRX$;Xe+maV&o_U6HtZ@yoj=Y4HsVZO^4&Tayd&4I~pizob+Ae6B(?52p|= zCy6jg$Au>nJYT@CZ4VXX>qNFXIxjQJU=KUDuY7;+4^sR1@mf~qALx3W8(Ta$TFTnz zv}E=AA<51S15D`ZER70n1k^54a!3=quJ3c+$#u=0SACJ~=awb}*T~vJq^)mVtSPTy zwt>Nva^q-DFB(Do7gMhntvA;kgX&(IX!IP0U#)t-BcIv6i#v)_OG*omKBv4Ynd}Q) zbZv}x$ki3CjfZz;T%Fhw&Q6l;;R-hO2Qf=V6auIoY}|sJl0i8w%c2&HyF}HctY~|Su>rwD6;`thNKz`h?4rE zb3?Khk%(Y?WdG6?lbpYRpkFS5Iq;dBl2X722~5xMoU6A(RAPU@KZBasm)?gql?mi~rq@;Y;;FLKEUSZt(mT?sBUCX_Qu`WnhBdLi->ID+k-4^|29 zyQxpH=$!F`0PN3nla1WWnSNo>FtOZvNCGh`Nj_du(j{`J=lJRS?92_;@mHucah_$V zsvm3mN)Fx`vn^C>{>I?VaaS}Ar;XPSo~+cN%=U(|&ywJ60m8BBdp}{ND^WS^k{IGU zhHBgNEfrlYZ+a}dVku4Di7xXQV1rZF9SD=ks3|Jlup;4+kIc!cc-Y$3_ z#|P&Str>gu%hb=Q$-yi&b3-hwV>VdEe-CqfzM*&K9E@%Hn`+=wo$t?a_Ym&4Bc?{C zt;P8LZhnYpK0F14V2fR}%OIaX3MT;JNN;FsRXnsd~XdWW?`aEOV+aV)D z{K8C$x(z0&j(~wRkrxr(a-k-mtK1}%fD~iE=bv11BP#zBfgm9qK=~JlQRPnLk*j7* zBxHc)5Fo*1AA1L#3aA56*>j1Q$(27+iwHl;gWVHwjbSFX_Pae@F@y3`W!0;|hSD zp6$XQWEf{$)d}0KRnu^=y#j$#q%c(Rftd&YVg#gQVGdE25$$d6Ev?@8JB>fqb*a|6 zL=Sm+nC8N&^9Y6yCnK8abl$sK&Gv{n5_WS^^~h)I{yg{jt{iy(({04M}v&mZhnso)<36obUUds9KDZ!Y0^^urStd=->= z{Q4=bX+f>9uV2m@Tt0qD+FoiVmB@>l%Luq&2m>jdL102OI3)`=Ie7BG)*pSJ+g3B_5y>{ZSs z!Zih+3f(_V(~A{wT9)onB7UTg2ncO}wjU3hg3!mfe|?aXUra=Hq!IP_EBaiPIP6o7P_M4Ygfc&Ya*$j}(zXP2z8GPU zM}_39J#UxrLJY|S1)J4lej~EoL+DFrHzSk7XJnzZaaDpuvnL`tWB1q*lEd6X&G#m! zii|04*v;=)e;SNvrKaT@t?l8?k4RuF80W@031`~Dz&Q6D>ovz+%pB(!YtyTdq<(e5 zE-auSC9lja5hiSpV%)&a_cr0& zH%2FTZ0hT4P1#17S0DbGKF4XwPC(R-BpG8DDPlxgmPItlEie=Hm)Nk>hj=moFf6$y z@)XDEtEI&U1Si1eI~{z}q@RQ_bY@`*X^|CI5b3*iHJ`ab`eD2sh2TPD&8#|y*+z&O z&WR@($c9*h#PJ!lMXbhQI;R0f2t_{9_fps+A;&6FwwFXiA?2r18{G z8OeqJ{>11e!K@F%HL3@>Wo`_3?%X9~{J^ERNs2F0nHta#0$*Ii9VaDD1gQfcLZp7d zec|U4RT3)QDUnA-F@$RknxyF0o_$STr81Gnwrdf!y=MH;M%U9}QDab(Fy`@e z7ekb5lcBg$goDz*Euhfy_Z{&|Ti9f5om@+PuVL+d-?hKh>Jd72;=A%Ni;4~~d(d$bKgVn2m-rVkf5J=t|qw{dTGN^fztoW^^HfOT1&4dUokW>qS3vr$!M5GjY};riB2Sr0DZViKu8Xcel?VN76Vt50IRQ@OpZ= z%Tg~?4n=duh-V^Cw&CGwVbIg_FZ@vjV*#f4!@sYdcVF`!scsRP>G5Y*C#%cWjk%O^ z0o>6Mxj~PWMVLU(lnq6`+Sp_q#{LBRF}`_DfjBv#Zex9(0>><9uS3S07wpFwHrQlCPwL2fjB;)FzdXg_@;K35WBsN7FB{YF zf7^)a09Dt)%!Ea9d9aysKqoSc~bg^GXf`yBKpbMTYM zLS8mk;rFCIa9R%I1nF^|gO6d4MJJ9NZ z;8mc{pDJ`mgVXY1h%i%fEFYm^apgeV$kCSYqsK3Y5jSqtTrP@Z)oGJ4FjfTR-+C0* zPoZckIF*P}j3}5h<*~k(d+1u#)Av*!|4>Y$*LJ+-rU@PaJSV)FZ zt#-jxMcq44({?rHzg}TIet5+N>9WK-K}nm5w%VxE;C#9g{Xt)S5?d#;R*maU7czJ; z?EQ20U*`gI7j!vpcUyL**5#%l-7sn5ATr%(bADqpePxwh(VI=lU6DxQv)J8*Q&z^2 zUXSCgIDw7|cBhYN-EM{(&*wSLKV#C)bTi`X%H_HQR>M3@U2yS{;^dQ_x}P!P5AE7Q z^^vORvrO8)R$hhAi=u{42(RxBfKjsmQrI=*!a52DHLC`;1-1s5;BpYn5eQB(ln0#1~hzF5YUw&>9 zMm{)k#uiRXGOZadjrh*R(iKQPMw`$gWT3(6iC+FFtWQ{%s5u5M8Bo|$!?EhKiVKfY z5g=RxPEHii8!O4Krc<^OwZj-~OEpyVeiaYd;lJ zC-$Mn=#m^9*L2^R@I<4GxklUR6b>Xu*NV}ehQ!Dv3yPbhQ*UXfyKIB_=uRQnB9*S) zI8psQ0iwn&`0o`zG_i8Yli2g?F~S{zEH9_tp*sgEc0`+skcjx{@nMh)d^A(}h(_~M zxK*XI&J88sM*e+_%0dhtcJtM`Ft+jnhgo8+y&wV-i92Tc2i{@g*_MKv-y)fGlo1hl z!1c?poK$LK(u_C;aVPqH2U^7Fk_Q|gG9frIhZ5FhRqdg?3<(@CEw}T>Lm9(D7mh7r zdo@zvT5XCg4&I*zy&>m?2vNh@7uB_=bX(*pUn~qrAi_G#J*|3GB7)18s5;Vjo4127 zr^it~I!HRa=_l?qcr1cC-#u}b90^621>tA12kMR4jFuj+g9 zzSC}LA+ z8I;O+Gr-#I3KOcUh;~r%LL)(}z@lSk-?IVODo68P=rrYHeWK=P9MimX-v@qm-PPns zheFkUKEBnW1;RJ-hFbB52|mtiy%j(M^HW33oR$8V&iCNY`1@t($`Erqey9tC3mO+m zH0LcYHI5+}z3%5fHMenv609eHvS?IUn$G`qd-bxH>b9_Rysep=p|LJL8QNNCP~}E% zN0_%FJ0I*POfs&cPmS1wUnK(b8LPn8`&YXFR8b7A-}x8QSBnA=g~rI%@mFu}=uAlO zvNNk%>Pdn72{t>n9SF%9ZJwi+2S1z$!ka$`WlkadF1YU_{xAbnt%U-v4O6sEdzPvn zid7jdsE&SpktzZ;+x;xaJdA}gTqe?7sffW#$g_0fq-9FPQTZE?kL8x5TQ`EK)9`#|Tw9M%+JSR@ z1M8S}?15RXQ_6R*^`tQsinu)9UA*1^1Nt`A9JN{|GR4P@dT^|AEzA@=u&a zN|YuwJM8NO?X~qWk;%yt7RF1(cXsbCdE@`Oh0X9}_pg`V3L1W7X}eqWoY_KHj-lP4 ze56d(cqOTU^@1a(UQjQ!WMPi2Cm$VtjX1$^q#;FY!EmIMFyWL@v>BV{TjO=4s79HF zcD>+RW@70VHqQGjr0fpsYOFzaPBfmp*kZ~ zZMBsQHS-5lU=|fv&6j@%!n|_|}a_Vh7*SB7H?C+MyicoP*5Zc_v8w+qp z%0V9VrKF1?@&ixGszfVu!He!q2pgtMN<1e?A}M2#b; z&8wY-{(ku?(sf{R3w4DqE{B8&y9xBpBsiQ9P(BV?er?mJwko8HRI8{Y+id%3#Pfb` zSSIo(!c%|WP%&>sWu%-NbU0Wh21FgBxMk85-Bo$m3j=_ z2`N&8VmdVBy`~)6fdXL!d2dV?76BjvGD?Rf6=#V?8Fw7U%wn0q>e3x2p&osq+Ah@h zKiyH#kDcltmgIuxqMgA>rz7TGFio!r4Guqm2oHRT2=q@fUHVhhrD-(%E)=vz?O;|b zW>Hk<d!quO`SAe^?DWP4+khf4v9qwa!6P)=-g-s+HBPdi&_qhLF!OsIp^(a+ z5n6B7XuQc;z($@?b_#Is#`|<95(_gib+N1!VD;+yCTEkKgy>_-^?VTOnlB0QO)fT1 zJ^BR07(UAqh;Zt)ejHeU$`)DCtqzGb()Vlt8Lr%YYfY|a8oMg68RGKP!)R-%j{qQR zGu>OT`65+8sPTWam-JI4DnDrd9J;`4(+hz!k%XYYk>|5>4W*gb)Y+}B#HDF$7>6H7 zhjg;mNwwFX(^+JRN1K84SZ<=a>Sj<+!&<@*r1Cp_o#0MXYtjV}CjC>X$(xV%(6Eb; z&Ol7>9mX~{OTlR|cH~}N$ zCi9u-7K2<_JF~8eb?#ZVHF{Us90MwxD4n8TP>&dW^s?t;5q8H$JQxWvJtnLVhEmkr z&d`X2@8LTIaEgvqzjOG5)C43TK%jvhN7$Tt0+8p>yhvCj1SphyEPMo6`l9Mr#upuP zTqhZ6Li@vP(3qZZ7RU>m*rNIwW~kZ&D3d;+J5oAQT*BYRuv$`9yCykIDi$u|$Kwje zlp$ZB*N!o#AHJ;8(#XP6wqP2&yfe!(X)h3FBT;1rAP9>*x!V|O$k7|0p}a5JdZA%C z6I!I7yT$sxgO~eh^lhH~3D_Z6m!NL$-qWoYk^qD8Dvxic7fe3bJ&x?c z`cCa5rM^e5vrEggxZWsM%x~g%F2Un12=Qdy9p@y4((I=ZGDx3eRE;LKe7lDzhgw?D zQ$_PVX>6!}Lv5CK+Ugwlz`@M32j@_j^FJCAcK=Bl>k$2#DeH_fpYC6V+3mUUqtAD+ zhty`^1x+K4zZdmR*xpD%Md2p%gj_;kQy}=s*RUCu0z>}W?vm)-CWKQ_e~<34LD020 z26|1lDmlLQug(M^xs%#|(&-HJCRT@y@xBJ4!g3VolQAOVGpODr%(TwuD$I@prr=m8 zWVT>B=iJ$Wbka3F5#j8qiaT(fnm963d{NKb<}pkcp8(SsH=IO-oEdC@)I2PL^Zl!E%~xL*5q%B z{~5$RGkQ<8N4q9B=zAeduf~4zg^zM=uWsS`!lh89lf62Q_KZ?&G8>!0L4@W;x?PuN*J@& zpDo6IF27e&=b<|_fAJl}(%&5T$_)b#$_r6IK!QAXO=+^MIZ1*gG{w%5%$5Gf)^kCI z{f)9*Q7Vb-kUAFf>`tn=eN}Y)Xl+WZE{ThL}P-9lgMG1so= zas>fI&>IG>MOa4Lx+lJ(LsaqyLNSW-7(X=ToQ1Sxcb~!CW%9B~^d63!p(%3)4pL*A zEQZd|O{B0=Gib1xFUo3@*UC_*ulIG6l@de;RVA+yNb-}WDjN5=(f_K-*_6ISkBqWZw)(^W0{ZL(Y${1ZTL-ZRsmyl_bEVnErFj7pMcBJ9 ztdt*WEEx!Ei~YmKbp@}nut*V4_3FSHA1gXZIG{gNFbkfqO&)+0;07B-?n~tslMv~k zbGzVmSXeURjO`LikWy0!xGt0@p`=;w@8sGO zs|@I+edeG3ZPYEu+oZuv^NCP$9TAwMI zAK(hob?`p8fcM6loyU>ln2%Hg$JgbsPnvdEvm0jlJT;(AWY_Ejm%28XLLi(1|I;Rd z9s!mKCCyfRC@5xxp;Y6u)B+R;u3ZKU!~QWO!T=F}V}MU4-u1P|`L*!y_s6a9k>mxu zcf`^vgoOKE@XHAS{pwxmjNOPndoUbm7CU z1Kh;(yb$|&7~=Rn;=N+tEbKi=s{EM@bRx{A%sQh{2{~b-g@jM{a-@YAbf>Txq7n$w z13jYC&Nwg9P-|q5@We-Y7zvkY<*r8PP0B3ViGF=Kplm&!b=O6Pwj>9$bL5icU`b4Z z$jX;O@$w$8>SS4jU+xhheSO1l5&2lowql?ym&E9+GN!deVus+snRge9bOAaV%b`

L{{oRfX6}X&dl!OHoph!5(vGvzp6n zyg*0WJR{a39bRl@6?ya%VR<}7a9*$b4MY=SLOTm09wv_p`*ZS4a0Zh4n!fn}?bV->w7jr}M$KyopjR%1k*2{p_>)V}es3+^Hd8sFErUxT<7R zG)gmAJ&78tqA)NK_F>P~Qq&jsBiU5*@sH8e+noq4@mLig60bht7#qHLv8@qOWbV1? z5O>VxObuPZKtH82ZKw$=&6t~HZj`@vGCb`kULO0QdOmdESMoq^O(r;m1?NEmKBj)C z9|)Mu?|XKj^tuq+3Bt)>qcNT3w72y!>9no?U8r&Cn&j=~Uu-&&X6!i_c4@6lj*d&t zMaud5obw}HC*?#AcXkdimPkQ@omYb@tHQ>m#YGpO8||SR0h0_$>SfKg*`p{(J^@Q! zE)Lf~|D6Are1v-iWjVfnvIU_tVIFQ7EU*t+!>In`kY?JwSq&ZU2PGggg@&@RWP1_% zNxsV!WKt>$Qg5s;DxiAgDMpo?uMD@PU`)bd>-=Wa*V5Ru`jhU z=^Psotqq&9s@B2QE;kt&s@ftp&MV_!c0X=Pf=xkATkE7@- zp(V$Z637sZ1Ql6{q*R>h8q<*vvgNt|PQjrR8p2v!6SGZj&OKm5`D24SvA>8)#xE4O zC2MrOiO;hAPlH@b8edApDSw{>;1Gq6#pBP@^Ucve(Z>rE2nUoK5!eY;zq+85n8Mqe zc^ivmzh3pQ9l}P7xfya;+;GGo&r6RZZNZt0BATqJkgx>6qHRQsGJQ)EqflTO;+Z35 zQ!&$vPvUv9DCL`w9n=SxV?I<)e_AtSnM9L}BKW&w#?FqSS`L2SQbG~rP69X^+^MDn z4U#<6aS>d?N*GDmDJ+PpZ?4;kiN}!cT>u{pm!Q2<##mw*f9D$e+Sn(=si-~^o6x8c^-mi{wN_32J{bCSpol@Mnjh)H@oaA6p9tB4Mz@Trl(J zJD1pBWTySi3E%T*u^1MxzUW~^D(^v**YU&AUTi7%@V1CsxK+)1E^oaBw|+=HJ1bU| z0-DlP%tJO<$=V;4#W8%x%oVe84~l^hzLE{RvvApk!t)N>9F{A1nLL@3C7HARzV;KXHfz+0C?!DhNm>T<^o z(-kU-hF*WE=R#0mWrclQfFk3_mvsepfL91&l&owGct!8}Zr|G_Mt(-W_59-f=l2X% zzylY`k)2*+>lQa%BJ;lZUR-oP9~hUPtg`egi#Aq`?V7y!5IlDuLtaFQrvrR7$tX3t z1wOfc`y_DCHGKfC2`d(;sFW;UmdxA~g@~Sy5$?u=*{oeVtO-y)D*N-+PLqvD5lw#4 zU!Yuvn(w<1a1t1y`Qd;^UW56q3@(-9sE|J^$8O4gBDL zz6GCNTZ*XuF zDjONm5xW{*wDzZ;Zm6M&X#cR(4xrwa(=jE10o7L03CKQap31 zMS%Mw0=Ac$wgADV(){;3c$A@@CSf(F!+@% z{Ez08$6$ouS2|D)7W(zFBsUt*=g?_hu@fF5cDWTDLV=&h(+ve z?NtbO)EWj6>o=T}?M$7-*bTD7*LVD^Yi(OM8a3>)d4f5l3gifz#7&9RJTrj!neu-;+?-nV^h_(}7LQ$-!$V*2n>Dbh(=YhXm}?L@uF>jVjU? z|EJS>(nE}gL1qMZ!2{D&D!|7Un(#*JKRzqCOy> zdHe-+h2@KD^trwOYI~*{yR>?g@q6G}DY0w_Bkki)KvIZ8D-PC%6p+u7+7eMIgTvWI zVkW-#Nk&}lTFYqS46@q4!cY7{k&J&^e;$~$P0O_KVGHYQdmGQ^OVZ|W_}~Rt&gYJA zWU;zCC(=9AZOFDwMn7@{)W%RG0$a<C>C)1}s+icGGQN1`NYi5t&6BW43KVBa~aXe1!#qzT1sX1`0Fo1ZdjGRcPDO zfkM0mq9bU*+NTzZe1a0YKbCzAPHrCD8mi*SkwRe+Ymgb|YMx?E%oXb)WMmT{jP@1YhGt@D4 zK1r8337Xj%W|S@4K6`6EB1M>Y_;d6TmH)z?gJ(W(B$*UpyuMI3MS-C@AUsi^kSfin z4VJ!$d7^w3ZJDw6=;`(2XwLcN;9_*emr6S&q~KRO3t~QvdV&$iK+SnlHvi!XY06Bn zfLj-5#!Qo@oVIM_%_atjQdYP;*z0Kf7{Zw`h+NApwGyfaY5#3M=*jM5Cp$^M_tvU$!Ls9ei~XIJVyGEngZSa zh1ok@so`5gNvoA5Te~BWz~{g@C7A&YMn3x`qBhF5+Y;=JO)kzu(Su?us^?i4rlSJp zMpL(SmV>uohYcv6+6nK}vM+tZJA^g7S587e?@-#e|S zT_7Vi6*~AWcol&sCGt_jF;kfLr-w#V8VIs}-`MCmb&M2(yR+}OSOPFa{=KEdjsy?P zj)$m`oX9sf^Ud5%K?Qkds^IRONdYe#u+DUVFU#@Ym+gkdDEj#e*3%=C#c*un&I3OQ zD}*hb^*;&DTkoKPVLI~k-XUlxKNay=^RPep2+llIL;$FA;CH0|>1j9sj3SNtytD~~ z4?oVG9$xcv(yb`a4;%jh+arjGwi#h{mX=h1PZR*8IU#oojf%jSw+q1k*ZrsnUvqf{ zGXZjQC0PK*;JxO@&;R|q*?*Xm{@zMGbz~rS2AX+ab+!}0t)K$f6hI=R=i*WO#vGd# zoRwmf*?+qr)LWESDs;rxk_43#*5AK1c*~mM}`!+P(a(52@M_j-U4{p6)X5N~_{LX-PK=P(x zGq8fVGb^jB6SH%OzgE?U+yazrAl2y)Z&qb-b(qq3)!$Q&#pzzfI{t+(EixV(e;Z(J z)DhW;jPs(OMI0G}#qWh7>sgWVe#u=)%&l!LUvhqt6qMe4k`*Mb^}}fQ3TDf~lOvc! zZE*acM#sm;C;V_E_{y@YP8MWv-$zT8^+uKl`a%iA@^4{tGyVuWQ$=nllhEf`nWqMl zuf_S5&C`*8b6Vk!%@hY|DdZSO2i?AL+An_0;x_EOrx*(iOJY5e&_%@YXP9__QdYMS z{7DR2TC>hH71e{jsMZ9uX3RM&?{TEo$;lFZ2WBw;+YD9`FAQU18nN5HmGQk8)%G>l zBns%POS|36tZeE_mn}>Hi9`#7I!#f+X{u>qW+x(-gd7>Z1|N)$|L{LU228eJ8?BX# zuU&a`2Y@)^NBp?VK7(%YfGX`mc2qeKNGPR@W!l zGQOwZr5=49m_P6>d=BeStq=>RCkcnADLl&lWILSb<@>im%AgT@e1i6X#ZFKOsKwrI zDaAKRqfWz{j6nVrBe2 zrQy8zHYC5^f;yCHDvCN216OjT{yjCvdfB-5^wa8k$IFRL6T;eHqbNM8vKePcc{cH; zcK{vLf%soX*?;@~?I7pR@bxW*r?#FIzFq*C2&|lN*U$R=&U>n?kx|YOeV|cyg>Q{A zQC9V&eQ9A#5Hp#V!Smdcqu+|)tFW4ZjNtM}e3Go+ew%+$FVcZZagFd+FlLTy?d?k`etrb}0NEd3c3v6K z(as&4RQaxNtijmam7OMt)eNz2m;Vh;O>xJMi00#o!X%yf7y$?}?F$)J%s5}Y^>y3H z;qRrHk8g$6&Fz2m2{kKsl9;iUtn8nc?~|L8(15@8`Jv4~NojnORVb^un1LSSzm6bQ zQc^nn-b9;fBv1<}g3cFgNY$gv(3F&{v-)1lFcKsGHZ&cfd*uMFo;7OjU9({`stSkh z*4}UQ$3SIr-nn@LpyU+i>b*6`ZH6;T#e))$xs*p!IY<8;ns#ku!|+FGW-tEfTUeiV z*_>=VS;3398oyf_CJ2?`TvK>$q18oR=U-)3mKln?CGfSlzW)8F4sdJ1iNfy(K3IEc z*}(28L~7~tiW0gP?1JY4ykBA*S=LFTxh_>xGtXPaE6yeS@AB^%S(z*FgzYQarscAA z@wlVo9<50XI=`o1#{G^1Za*=yZ>^!n&=NjTV=IS*hH$QLUW5t^Gtez1>-B2>v0nTJ z%&IHf{McCP;si!9R(_xL#a3yKf}DGvP4P;aiNyK6F^ubqd7K28UcQ8HLze5JQtq`> zpeZS6MensH9X(y1?q%=jRFRly$_LF`J-sp`dEzft9dh(C<3Pro`BG83B=c*Q`QBt{ ztm=P$X&g0APqZ?EW)1hFI@M3Gn%2QxyOs}VRd*CI=wd_T{fVdT?-EZtMDnS_jAVDr zJ0%hQ3|j{#kwlH&BBTSkgD`1jd^KbWnOEy56N{ycf|3;+9rzUq1JNOx%D>PC^-0on zwf`HLYtpwRA-I{UJ2&;3J6CW+-rVdtMbky5M4*CU#knZS`rLY2rSN!{N5eQZs0oKJ zCoX>VgvH|&&2Q}GEASH1Pa#7QP7wYFh`cU4nk0W`(#32oui;V49MD8pAhLRVSSB7{ z6cxyw`s((_%=b1i89)Weo%oN_Kw};5*ebizBh+_$BzIX#tq!HhZeNT@lTr}u$w9BF zv51T>Cn9Vy{iw~09sO@HUi~*Q!$UnYzT4+iR?V?&BqDg=TpLK0{)!d@)oa$7@Q940 zga#PPNc8#<>};!i@cgvXUp%?o*W+Ig&+d(Q>EZd=ug4)XT~~cr@W$;EJ3pfDNsfx| zc>=7q{<2a=9v0hO2qsT32)@}L8jK_?qyYJb_D^lBy6jiMvMK<5vJy}14*($2E$CvG z{HCzWR7T^=svhfj7eLZ2l)VG@`nK)H%B2v_2W|d~R#FhKO2}pYo6@Q2>2ymO)7`~L zN+b0bAPJ9vuCh!ZT9C1ORI%L?GdM;NKvzsCLzWn6p5J1Eztr0gCH5Q7mzzAxiTBLP zJ!$#3kmPaAWSn-sQ~OO1F+hoH7}!H+`e9Fp*m771Vd=IMv}$1&bzKHMb{$1V^Uq|- z+9MXAs#|K;GQaFkX!1}GXq~zbS8-f`#k^)+>>}k-u7Ql^>xJ>Yg8}#AgUzF;H;Q(e zO$)FAN51qdo*hJ(>c|*OMvOCz9-s-)$Wq~JWdEK_47|W3d0RA~|K_^Jl7S&ZM{Tl! zKILn?Sn8f7_;BiMa&|QzcmVv`R-F*IVj=~kkq)i?N!;pP1&|gOl>raAq>gqs6I@v7 zB)2+KfG_|jiTsh=1jzh6wG80{@+E)-RtM{;%17t|25R9 z9ynIA@#~Pd8-&cX`+UN|cnHon2X*+$`tKuP`$J zby)IyMJSt>PeR0#l1s&8FLo(X_PNRcFki@nKm)() z5G7cUtPEr4gkV4;z%qv?W_zkPmJY~DEUf=)tu*qjtOaxzwzWV?zCAzPQP{o3dYTmjWO6e+_#)b$Lx^e822hMuN7*uVJBkurz|%!ZsJkzMCb^ zo$pSH4Ft*|gJ{g#7DSCfcK1emb&ATQ-4Z&#rz#ZTV&cJ9NYm;Q%7^)%@2xdORh7<* z0uFh9FU(BHXWJ@U;I;k|ngV>pj6#qE{4r!4&1U8%rPHWAldPG@q)1!oS>8w9UM(;{ zS^(ail;;*BEFzk>@YcN-iMC}T7a9r+401(%a2Gg!Ajb5^j5tVP7$mPOMIt5V`Ox>> zXS-FChhgEvX&jxC2;1q=(Ee7KD_s-X32xseB-%EPPL!!dN19vH+=u4hOvu~g0I65H zbE+|B-2KT=!T$=NF+8;9JN{l6n~k3>%&CxF2y9=vEm-S<`6_s{3dp)eZtw8{X`52gB_cBI9rYYqrx9WiAd>L?#2tJ5z%^WoQ#RG*bF(FP#Te^- zrcR2}t-poqUg?5bW)?L-!ASD{(RhF=_E+ z$R$$Pvy(UR!tc2y+*#!)V2voA62t-**p~HFioX&7bWZOUzU<^5k~ka?hG2f2HK|;i zNf?~@elhvy@qH>0P=+gu40E6~p^%#uCY5{xZ=wX@RBFP0C`UN`<-UX-l^VPFpR8&@ zZ=NG*R`JwM*yAbkC=+VO=XcUQr1_`9BU zOs@f-1?K=32?48G6Y&TYuMvcu$<767+p7($6hr3ojos~6n=Fxuk-ao|L zWL(z~j}U)SQU#f^I5Q3_`ge3i$JXYYre^Qi6aE@QAdW1KrB=bTtQz+gDaR-bo_k(wxcinmQ#CX zAp#GUT!3K^CI1zDu{bc#|265iV$+3iV0JK}x5hk;ad zP=u`s(lMjB*$O4+!U1jAD)+B4`yI2N#+W)9=i_4+cADDSsQe7>HpBZMz%-H~ z5~rxvr*_`F@o&px7m{HHr9LPwRRGZh2zK+yvZ%HPuiqR#etdYkwO7VfL=nH%fr(qw z_#jN_SmSFXPr&s>5<(R-yjM$Tczo5gZ$z9tYsG#0lnj!a!~w80s1H;ovthcKKKwdM zX#MqKVZ5C8r31Tim@)n)Bl+{03TnO_AQQjIUyT$9$lj=IeOTHO>b@lOXeytG>+d<8 z)RWh)-PstgiIu-W#B{ABP>n%MRW`* zJZ`wb#AME~>auE!0R{PsUNQD`l-twum=N#^V5404^k_Cu+{f6c4v8$SON42z-gP~5QeI4GQ!VWL8CpRu?+LhtLOheE)0?qp$Mr2tG` za#Ssm5u1RaWNB1f-!GfkBk-6r6`I0H-;+`X?$G7ANd&E%3u{UxfhDCzTK_N|#h#RV zCNq&RF-o43DqhRErY{w+Zdr9FMCex&HuEn|#p~7RrbLIAXG2~E&nKF*WILdoNY7CO zL#+8D(T9pqEU+QG&jGb&j!{C#BdlPzInIPF-r4Re)@O>LxU4})S3pxlzqLO(@MQ!= z&+Dm-_tTJg#J06@s7$;^ zIW1k9TVlQ=SvOrU6%cUs@*ov)(z(6a9okt-vA;NvP|wQ>LRIFm93x0Rj1@1lhb zzbb3GwYv{WbbTM|ByAk~0UZ^DdnwG;n7~zIc^gKAD?>CHpgYJ&e&dBRp4!k8cCIp8 zSE>>?QToJ)##RSQ4LQ!YJ%jzu^yYMhM!%$QyGFt}aV|eYZ(HyDT z<0kgwFdtATOnZ$yX5^%k2p@8@e&Z3uy~f7hNU#%~yUFBaAlM+oop1HG9*B9!&8@9_ zAlRXPM}6s842y;+Y63JAIw?b8#(@NbermG3t}WZv_N=P7IHfu6@2RLZver_onggbq zj{~gMpWLc7^9R$9%@s0FkjbGc#>;6ZSI-hrjqxQ%M9 zzY!Vhz@>UO9r)fC!-0UVQ$s5}0vIB6s=8OfN=3jXx3sh@*QW_9X;?t@wRnpJH23RK z*IuHKZrAg1ghKY_1NbS9s=ArYkH&#d2mC?3L|eY|tlW9)K?;06?yVi_4n{=Zjx%Dc z0)mt|%5mD7E+}f8h6sy~4_Gn3uZrBMJPkkQo~a)@P46@YJVp+W{F#?@RF)LmZs(+5 zkAaEmQuQwrd3yFu?SmqaF5gfMSuf+qM((g^0x2J0yz;g@+F5y&|Gpi54gl{s)mCL7$Bv>u)P}&KVxP!{ zsXWuuBARkK0ZzFmGsKeyt!FW=`!>lub(FB}AP*$yUZR5Z$QgTn)lcPr~6 z5{x+?+$pejL*c3h*s&<=UH3)KL9T8O>?B36^qQoeuoa#)RaIppVDo1eFD9Z1htg(# zPQGkA!2xy=Ld;Ga_Jm3XHG9(eUuuq=?99RB!%$rn72;~A23TLdEPf{`pTD$sbNlZ4 zb-lBbm{8pPBYhqVuegPTmL{WpnR;r9uH=FdN$0|@EEJ(+UE1v-8B+}>Y)b;OtyD-Y zI4WjroPQ3iwvEL@nQ*==cKxj_CtK{`+ z^YNx_wg#mx;OvUOi@Nf^y$zGo*N%eOGcM$5Owsxb72Q9|-#HzZOqqi?OVSF)B#(~1 zv>u3(1@x5Xq$03RU@Qvic|Jgns11FDKcUUworwb_3$?GhjrYGrlr>4;A>|dOt%olS z^_%NL7Gi(3m2cbrOjetFJwLH5@j1w|zARHkKtxWhb_JY_HB59AoS4>COdM>kw8koV zLgaV#EG|G}cTve5JO&a{r(*j0IdoJMNf{2znpKzBOZkW4WR+gW5eXBfXn>mz1C6e=n%&NZ7Sg zE`DI+EG`&buoFaqo36_D(L{UARq>zMKOQ!0pWS^hzTn{K-_sAke2LcP%Rk zF~uUTK!})t{IAtlfxfS|EY;I8+m7=3*FUc0;ytBb4Xwp1nJbGpA{A;*y=Y^XKx!C4-eG@DRzadV^K4``CDN24REI4 z-tM_ZiHNKD;^4ZcpbFzwiDu1Cb^ds-;yNBYHi6|v5^X*F&kZMT(Cg2Ei_?TrY+ki?M=C`k3 z7p-a$Y>d>STC@J8Qy*DC7|;DsCwO-L_Qhc>Tbzk$o#w+EZw?ZDW@?(dY_X>{x2m_^ z=^u}vcJe9PAc#kRA5{8fO;gj*9OyCh#a+*l@;lX_MtJ8yFNi|FMF(stxzB!OiH()q z0oJmkVp>7A!WA=1#h;jCD!P~NyqrJvf9rkY20uTvwFdg-+{+0n!~77nw{a}t+TZ}S z{7cY;a9K?_Xom4%R%42=-jX5{gagMbiGn_2D>u7u7-y$UTji~rqz#qhnZG;2^cO;({2i>Q=`t#&V^o$5)c^uegV~~ z$VSo|wGz4Mh&P(lD}P$)6oQ^%`gA(ItJRf+;B$pYoCK6Rkpc^~?^P7Lyxea#uUoCa z3gGail2=LCv~dy`24&W!69xV9*^9H zTtpd*uo*2&(7n4viU5z&3;;PUOUtW6mK}c=UwL&T$E5Fx0<+KVO!ZqbZuyIvk5Bct zT31e(JW)m#hSG?$SR1FypBPav*77X%O~oq9nriZv{mW%(+pq?8ATf0JBRnxq@}W(k zl7Yo_F;32SP|f0-4QQ7(F%&}2OUE}kF%f0GUnIAGb5%5NoF_ry(!IE-j+4d9Ic> zYcS~#D7&?J)WH^HRE~MA7Juv4XzSTRdK6&&S5+lrJNzg)XI~5kX?yVQvN@Q$yj~Yf+kO>R~ z@Oj81>xH+HA|vmAr_5xTnL5MGf8pr0Spez&cbz{63`U@~n@Kvp%wPUMam9_UmtbJc z_OwYr4(O|nML_V-PAX+H{cP@_^yRIwG+sT<*Xg1I*K>IuB$QgDk`L>2o$Mx^h3jsf!b+|X}!!9372Um&N=FVki(_vUk8{*FX# ziGlU3IFok_qdqW90g=%Aee@P^cwVZxqaaR!AVX6kx&UGhM4iyw&`{NjtBisjELU4A z384+V*~;qXtn_(uZD|D1p*}4_neOMt4u*Lo*eHTEV+E9A>6Uh~U;FYTY0V37Y>xdr zI?N>*$tm_>Op|6SN)~>zCZ{;n)`5ur{5)m?Cd-|AuH<)=IBwYu3!KbuQQQPpi4NqzHp z{ke5LGG}95lFzqX$ee>t&Flx)&5G>>fYyp!!ukLaHCjLjN8wHdz5Y5i zelexoAKE0jz|h6}sU-Nzn3xw^GuvRHV9rfX|o z+LZk=>|F2B3!#_i2{}IAlPEcDM=S+3+aw;In(w!6Jg74cogZ75AX2X{I-E$&t)?`6 z9f#Ca^MzzA&&<+RB>29u9f)lIA)#6!58P@bPg@yJX4d$({h-HM%QN_NoN+~ zsf3YJP>L|ftElN{C^2~HXh_7Z-POCpFvSvJ7|=C{zK|0q2C|^l(lhXeEvYlv6<+%4 zE{)8!_HvB&lEe3gDkruB9*#+`i6}0m6Q(!_w{9h9K{)HVYDx~+43=9X_PkI)(gD=C zT@UFK!i0KLs-CjF-jC7)+{c4F-5kavF<^X>g|4m~JK!%n*xJ$;S`e8GfWG+t-ky?G zL5}DHGhFeL1<}O#%z5_NB{S|8#87ynPZ!1vo{h?bF_z@X48FXuaDN5`R(U1seEp#~ zURDVqarAKse#xJn>1s8cq(}HSebOPntPBn17uWUfwkxv6mbP-hKi<~%qDYj)3fr?C zi|AY$F9P}SU{4gnSlJ$nP#3&5=ZT$aohpoBe0k4l5kK&V0VL`G@+Ok_+yd~LHa~3u zN=K2$p89~``ZI^8mj;Bi$5C32wUci;vvoZfp4FR*n>yB!*9q?J(w+sM0LTl;%zvqO z@K=)}!66QD(x-wle2Co-p2FzNoEiCe`3(})(+W!K+an!Rn9^5}H*FjOQC1i3J=^DP zn9@u%&DLsg!DnB?s27o6YO89BU##MzDxFmHxyn!e%unE|aA7q9*^&Aq7b z6Q8rnFFVk_D5qs|jHA$W*t@e0){Kw`@6*$hYyahOsH|F|sIeNKgM!nQ=ZS0()IMKN zytNhkN9i58XNd{oNNB436s>J$*O)JP(r(Tv^gk@nf#h8!j0VtIp*mVpH`Aj?P`OU& zkE!TQ_7U04 z+%ba(OQ%U7m71+16#<_^s_HXFI~E4U5IJMWySESF7XR=33Y2y-R4XJHjyNgsHHfY+ z+AdcpliJneZ&CFPxBIX?PWQtCZqB$F0xIeOQpK=LI;ISe#g-o~#XP9u9P#lt2F%n+ zPWmuu)}y2>4T4gl8A+iC3$C+Sk}Wrq=;&WC#zF%EKflZ z^SZ@%&=@?t8AgsBBqco5)d^D%tp>U>EBJlAPp1t2c@(n1bodHfycikN^72~w^!RR; z{;bSbl<{Xzjjk8aM!|0VxIb)FH)GSrKC7LG?FycE)TKzP$G{FTmOt7+5^oN(J zAu*PICX_yX)C?dsIw;g&4XbJG$U}ciSm=!xqiJ!Ib9M_W_ zyX8G@(gtDX^Q|Y=^UuUM3T!03`+6`M35kS^B@v4klZoXOyZ^;M`f65kK4eQ@#kqlT zbP^(0XVX}Gxan)_VAEu;g;XBm)EZ*iuI=@nH(J=!DM~oK6ObAj3h4{pLXu}_Kb=SE zj^+gmwYIbrQ)7E)2@(V;n22%H;~J8CMu>5+w+rxRL4{i$M^<>=NSeDh$CYjk#gblsAE_z1FE{DAo3<-p;;qC{}xl z$;RwpPI{(}dUk+%ivC1G4-3Vd?DWu7V)pgMxvkVWNCx4~jnoUr&(+hVqEXc87VLf? z{^_YTioLvqkcSAowqOKaPD)VUJEilR-}z}zT#3?FEMmwOFDTf@Wbh*LgU<7I#qCvZ ziUjE>Qv7(8^m~f?^;Xbla)$hoG$h~MEyxeYB?aKN~br z_^~MucwxCmgxiTQ5M7b~Ty|Mk{=%=XE4n}UT)N-?LT?U@_^&loRo9k|PmsHo+%8uj zRp9q`QLy^_?cWq!^T~R7zJI6r2}oA?bza#>-l?LzD+Ew(AOWCoQkL_oiO7rxe3VO) zK|RzNL*f#Q!21G{XK&4Ac1}*^LU-0ZF> zSAyQiX9tJ6wPAi}tNj6MGnyK;ZsK%rL+1rKM?U*oqMlIoNU?RsKxToV8@(BQW~$BaZ_rE07*-gSH3G z4XXe*WVJ9Dm7}LDJtx;)Sn}JhnfK+5jm!yfjs4+Hoo3iUH<1*0f5?`5@c0XS0~`-XzjjY=&vi#c z)y*`2GhJkXHb-X2Tc;+lX&1u3#x`wjycw)Ai`RZF-_q`uGxiGQlK`z3dvJ)_YirtSnYC6utlG+!0n-g{I@` z)^rjc_*y@HyzH67y^ys1e&!7{7d%!KU7JOZZS0T54|LhlaOjolB%#X_zWx;z(fUt$ zjwP5*zd1H{M9=Jk6c6iMK1Gaqp^&Kk_w<&SJ#qgHLBJ*jq!BI9t8yq>WA^pSdf3C< zy^v%pc04?^Wk|6RT zz0tx#XAcMRn$||i_|4@$B$c{VM!b%AN+b{66DgVML(QlfZi)SAqel}Pz>3yto6+3y zx8_P64*4TbjdW9?^Uiy}dy*iMR2mf|kcQdwGMIzXpMW2q(%3ZfXe!X(1dt<**|Qa0 zhR3sYTp9^2_;yw;4W}OyoCqxfMAj@lP{Wj0+U$ASi3AHodga&^1x0=%pGc+*WR{)_ z;77AFe$m$7`nB>O!l%wK$+#Poi=W6q`5(Nm#nrb#IcJs(ztC^ z)&Jw{fx4M_QAz5Qr$WYoq|dhEyFn&a3s(hOQh>4CLKZK}^YGEl;kotr3J6Ut0tp>^SMlES zm;vU6|9fF21+=RJ+>5^;A=RE(8N`7TrD0x_MQB$>#0X%lPC8)JDIM`S7U`4P>A|He z+57C_^a}EU6MBxnaNvP=IF#2oADjX270=FwSi8@)hcnCTSXZ$>ayX6~a{>Q)QhhEC zU2QWUn0s@=nr;7;S$g___CL^TFp#v`nv;EXcq5Iz|GE@i7vhCF>TB2;bsl%(#C$qA zy;b19#{FZ<$WxWq;~%6r<50!mz3Hc4kpW*?&Fx|gN$wuDpEiko9b7V2$2B5frfy&w z13H<79|Z(|O7&)n`7@qp!6Ir#bN?bk60mM}NMujCzALPp4;oO+lo|3L^=9*F!=r0ho&^s2l2rB<;8-&$s{T3gDnEtJ{}AkiD=tjDP|^fSBZZS z5{Q0gB*@k@PklhLncVjBgec3vT0v7(tAK6ac7ifgz#T;x-g+mS@MF30~yrVzt|FW z6p%2*+yVMrr>*nvSfC5pE5@0W5l%qJ|@Q5r_VWU^7^jF2s8c9STBuktf9B!Xg5xTuqt5`W^L}VSnO+@6#bWP!Jn?4 z{u-653+D;XnjqzsfT4HMZai%PH?L_Mlf;;FCMli;_GcJjzj4}i|DsSpt2$Ol9)L~C zNd$n_k~D1AX+;2s@N&O`4W)xf@5P;ZB{YJ^NmQSG#jdMZ-W(3LXu#Yn7_O;@C8jjV zXQz_k?ldvZ!UlUo8jd~7@G#3O^Jq@T{>7O&CyS=}ExhF@H$e(KHKh3b98Vab0Vs4eyHe-X?O%M2;D2Q3wfyK|-9bJF`Gi;p)g&7;-E58U1QuY-<6mGiNBx##BZQCS6p@C(#Y+#2s zufn;4?}LS)yc!qpZ?-9=P2G@D&4(n-PMzyv|I76a))rAMotEq z;m6~G@ucFi!Xptpjxs!Py)IYiRcJ2V)Tf^#AA^{X5+S`w%5ORE>B11HwlYzx702xo z_Yhn8d4%U>BqfEJn25vp_~;h^D&dn-&ZMuH=FsThp!EKReShoIRj58p6x1tYr{?wxe5<#cT`e@_3)Ds^nQm* zA$gs9Qhz$_EaK|m__h+cqEM`G*fw!utEU%Vz}V2`mA^5Q$fD8ji{eTr61q21hQIm~ zi=!b0ucX;?$!}l>3eek?TR9zm`#s=}$H^8y`c|TRF=ky6M;xr@nsUZL+cPWZ) zf4hK#E;&#j2<;m-*PO;x481ZH8lW$Umt+k*@!AQ`U;FcK_Y)ggtkX$}M(A;)p zevRXCVMm;dd+(NeHu8U3#nNwT%R-pS<&9SZ&qR{jEJwo3ve@k-ftW5I40O?km_8Z= zq^G!?{46uSZu>DOl%5Eyd{=}(C1)Q>5yiawwdd)6!6)&pJf@VWmi7(aTi|^nogaK4 zZsm9Art~3i^2y^V=P$i4z_wk_l=*sU&SFY=m2e_G|HX~G3h;yLW_ZiKSUL+LrlH8Z z&?D^|Ge4!kR=cKt|1PCRypc|`tw7C!3fpcMHaZP6kF$Fq`Fm416i_C_XZqR$yT_C5 z@GHL;74w(K>xS9F#}#T`62h7>ksN8spUXo303`3Htq8US@yPeMFZP81zWsC`uh{*g z_T^g{r{tAeVfo^Y6QMLLyRG%`I|6z_W5~hUvUpiwqo7V6vlnx8x*fB(DTfl?rObm7 zF^$qmE+&KZI-E(3qjhHBd*{1bVddfw7xaQJT=L3Rz9M*nYmn1bH_!g;3W+zQ(|(57 z_htj%R(MLD9xWQ+C(oHQ;F+(PQ>RO9Dr$da^*QE%gz%bH$nd< ztG^h5ukCEkzI?ed#>YF83)+td&*jEwj^G_Mte~XKYkh)&b-d#ln8^^vM>WhOh4(u> zHuwD-hLt0{Tu5xD_P7^o=RYP4_P=Bs$?t)_eXL5Ss%0}H#9u)3_ zKY)tkcC+C#R2&U>t=7T5QsBK$K`;<4bmcdRBmgCeasF&A3~=s80g~uKJR2ja6EU-K zSHsGec?%xY@BI%j*2sQ#HrPz&Hxv63m&m|oaiFli858%txkJ*wZ?I{#)xi^jMBT^R zb3gN$Cr1OE&Y=uNnWLcFZ=43?iq>J;`<$rf5ByD#B*las_657m4e0)>i0r|=Je#yf zcvsx1AeT?`lKAzkEgp2BWJ1vO=wev}?(ktk9zBDSo*p_dPd{xa@P>ZM8F|}O0taPA zHHyZkJG|vX(4YmaHWnHi8p?Uh_kFqWf?} z=}1@=z=ez->%G6)kRt3l@e+!lW#Zt++Lwyxel3 z%(jhuSR@3&&NfYmf;Pef@e@(F_xB`@Id`ThAI93^-S&z>fBX5;8VQz__C9 zj5nG!TJf$F$8C)SAa7W%nukN3m{W4;zp`o(w2K`&@T-db=e3%n&wtnr>p&Cq!-1?@ zY0vjD;qB8NXTjvB@zKv1TV8sUqvMjg?e|VV?@@7P0&o_csQ{BxYEF+ieu}|~adaot zmOm{bqWhD&n+R(NrGXevaL&ZV1cv6zF%_66b?O$#1wEWR&Yx<)-rd?rqRiK7V$ z3YuPipPBz`ZuPXOa((AXX2MgSpd09gBO7iVX*|$jC=KMZtG0=+1 z`aKW#9Ek;3=T0*be$I@>Z07wkuj~;smuz7Xj2Xb{ili_pjq~f_38r;(B|SBmBujSy zK3e_?mPy#y(eoIBUdZ%AncEt}({dvQ_1t;I5^RDfSrx^xAqoIyQGv9(wW*ClgasDc z^o>0UOgrKDZrpB&Ddhz9ziJDF%fVG~`;~XfrO6M(zRk6Jk4l4PRG_F-0u`5Q7PdJ# zI@oLNN-TV{)yCJg zB0|h)77+bPI z&()M+cDB=OUUpakU2!ymkgEd027O+8l8uqiJi> zzf|Aym^x%8q~!~>L1JqhoWI5vt@_!7Xt=?N3$Z1OHWq`$cky^nXjUl${iyE&7ADAq z##fHjeA=QYlP8UVB@&O{0)}@UdG-dh{xG9YUyFbAR^XHj2Y5UaS@{L>>-@ayNgOnL znOz?XW2y>=n|1rPKgWtxDz$%_5Dxkj4%=1Xz!pfnT(NEZ4}^At=wxyy;%?mr$wtnI z6`=7-;E@G=w|-i>kB;{@Ou)o2Y@@&+0jU3a`*w{G$h^C<&&^JXT|fL&cd7awO#S)t ztxn;^G+!`xzy+mh_9B#$tnGkjvk(njd0Q%`xrXGJ)YB<{KA1n* z2rhvE!zWSM#Tb-zm@~P}iZpC(<6R^pPq{xVwA(I)D-yLylc)zO#E%DRpbzq;e-I?4 zKgpq+VPh_L*3r%iUmfj*r1X`lYU{j)}f=sp8;w_*#wRK9nD%kJ?zvfWs2vJReQ4q^zN_fKU`&`Wz#>JiWS$I!gZGHI;XoQ@)hAX%F9xN8DE`IMjhH~5 z&EL-x%O)a5(l7}}F4#hopKh|j7-0$$)O{I6|JR_jUEI=9$jYnTljGD^6*qexIDd1| zYVg$b;jr+S{MzSai)$-M>B{@Qg4ldLUa1Xwjk?%}oRbM8m>1AbdiwXu_<(fnfzNTf zAa~(`_Uqzz!&paLGy36G9b2))kzi6^54_1_(-=5Ly0Dd1Q->$~N3aoeG`U0|p-MKFgqBJIyV{HkOO+j>Z`lOMO;YD8Zq>upwR*eXC zfg3GTE-!AiHz!uwcJ@=4ks~&$ce|fhh#Fn*plx^qRpT9h^QPogRu{G67tYKAQe)8M z%x-NPx!7VbR6BXbu|{i0{51u2xRHAYF1W#Yn4!Y2%hHTny1`}EL7(GPd!Jr86;s_X zf=F0icZ4!MKwUr0o@9D|UZCh-`qfJAl=169t2B z2X`-1WaFJ<8Ym)!gF4>28I%J*cu#noJo_~p9nFq}Dm)Sht` zb#_#qVK0h;o&i6>Hno%&PZhMGSX~1;6n3%*crwJDZPj z#q4e1uupa8S+is3zy12ZVX^_B&&V`L_QGCT#OA|qU~i-jnMc2(0h|RlhU>j}cgd*d z{Yir7-Biqt;^uB_5+#+DPbVvd`LP4tNjt*A&R5YO3bE7}hsYz zNtGQeFc0xkwuXIr=s}POC!{<4iXfcWM%LLNYt9iS1Mv5P?7XEU3M}Q+qsZsy=l9#S zeZ3AB2I4?3p7yJo;1zTbNx$MAnXqj9txg;%^hWzHc1_LYA%%W7=HcB>PJP+GlI_~R zoJN03Wb3lb2?RY1^GGpB26e1sSwY ze#0vZHYD57Aao64&ch#H+hP0UI77R5aO)Mz4MTOpP2h2``EU7uW5aJ zT|#6le2A>ipJF3OWn#kE;8L`}2C5+g(Ez@RDAZ?9g~-gzZ)m`xS&mFfVi`kHlpaVV zK8^!LK9F&@64M~ZNNau#_p56XagZd1G~O1*-Q++o?e;k>n{zOtSYC2H#CCoy(k1A! z2X;toOk(Vqjl?iIf#+eLH4_njbZ=iU=F3a5pDnq)`FUZ*44fne(U%yF$T3o`b_XjA zPo^m7rGr+oV%du09s4^4sGhe_ac zLQY{U0S&?5$YMHZY8)7^Njpn36$+4l4(Rp@j+%LTX=$Alz``Yr{4U)(+(~R~>*&aU z-=vQa?ilk^uhb&tYaIEjle6osQ_$V9P0ecULe=<~n3z`Ht~{ff4Hs@Ry=2-`BAaMhMde; zVK1Jk(q-ApK#W+Y?+<*>;$=j}NxYTu*F9^aWDkyLz;RX=QOV=0ATqbG7eALMPGEpW zbwAsLz#+j&8q7bmV`!yhKk!oi6v)L*IQ(4sH%}KBYUvGXQdT&cc-i4D3Mh1<^=HWv zeH1A|;++-5lSHSaL&|En1c{QF+*F|FJI7at$t*$#PtoI3qP zz{iX+4C@}*(C}pR-wld6G<2BNMpMU-o%u5xImX(?623hpVf^WtR+0vc_rYrnQA$?Y z;rl2r){h3Y8_~>Gl+N=qlw0v9YuS}9<@i)~&KW2j#n{nC2qSxbf?-yq1DPr+ zm#;d8KIWY;Dn%h>R1alMmx*vc#-AwOT;6YN__u%Z3M!IbM(jOexU5y%bo!fr+F#A7 zanQqyko(3X7VIRXOtc$eH)|ag(x>4d8f%6ddGmda#$|J^zVqhXJN}Y-=x0m+D4v|I zPVGQ|zfgSvR;U}brBoMLpOP>$THub3hW3oe`bg(|72po zzFPXDF$-67@VBb8cNGA;I=(Ps&$`D$c`&`wV@RqLs&zUWCMv^}vX~X=x_bQ4xS;dz z(&u=BW#mC@@%w1Df6kv?U!mA+opD}w_%2+w;esfoI~m>1yB!>@YvmTOG2jSSHZXbe z@!}Q%O~_(}+A84v&0fg`1yi!Jg71>9LJ5?UMy{C)@N<%+Q;(^!vI#TI%8X&n-z~+_ z>iJqQpYIhTI+D6HxnQW#f)G$yCTS-h|Hy5*9N^94ZVXH4(|Xu?I-!K=X6e!C2lW1( zuM}D;3p~OznlCk=_YZj6GQb07cC2`h1UHoI&6@Hwd?y}JR9;a?P;e7l>VaDc{>*GS zWG}>n*P@Z-{p!c(JpO*z5{vy!1KflV3-f&%qCdQ_2&FoOl+(y1zh0&*$qtV$25S=Z z9s_;IwCx)t#HwLe{iX@VA;`udEfp;hEE7p>NL|8jLB?XZOG45_E_~!0tntH@H5DkC z+XHY%T5aA34PodQpo{lW)^+MXTIs9l1u=NjuB<^4(A-u&RjOaB)-ALi(3b=FO`2X) zaQ8yq^LttAoj&t>DT>NgdC-tB6B83F938;xQBSLrE2J~thO0S2-k??0)rq;Np=;Yu z{OoO$(rs_U_9+JkC2!Dt_}vV5l_o^%Gf`R0>EoX3BwbE!j&v~v1X+>`vg3Sen;T6nzHnPD7x(7;!wmQb@w-&@fe!|Kxwe1%Uo zPi8YvHg-~Q5t?^S;TyUcWYc`LjG7rbd$U`UtpYl>1EZ8Lak7zS62c^_ajM3n_*Gxm zEQv_iA@qX?vzRW;2kU`UlrJe6At>iCu6S!04F@wZyi=C1QOh`TJ}XOYnz`%c((DPL3P4pVn! z6bW^IEXXigjrg&jpZC?uYHA?M%fGD_6eKALAf{-kQs7m<;Q4sa*4D_>ZJK9N)J63_ z+N0a7v~IdM;7#%y3I6pEGBE2`rx}f=JO~LB($XXnqA{m)zu>x zZt=e!>zG-2Qr#-ps_JPZ{r&4}KU0r$Gx0bPJkS998X$;HNGi@chI&yFfXF2qoBT+Am1V?XtHW+Ysbj`7_85e|9Yrh+}e!IrT+0HZP~(& z8x04BGTiUyiostI6BWs*ry`>tB>R$R&ri>!yu4^PY-X496N!p!iNJQuOY+YWXX7d>JzQbuBVXnGOTczav_!G&4+VAU0PbNNHsgQKI; zt)b%LVmL%Z8Cl)%S^cZiqlm_9*>KnVS8Ob-b9{UA{}Rz*>pgF8@6$B9K{7J+j|jP~ z@or{AWb$_iF@2n7<-_o02#64Blw7h3>6~C+{%>#|GiKsaz&Sn43&ZPCpaF|NLjY`q z{|+hKF=1eSfg=(4yC3{q^1o-1O{mmpKs5XBqzw3PO#k<<=V8Dv`|lZ&1&Jal5IX;R z{9+0@|G#I$tFZt7N7_RQ3JH>a43AHTCKE`z4XtcwKrNo_2x|-COIz$;)Zg_A)?M1c z^Qy!Y8aF>qVK7e1HE*h#nCzGcCs2?MbmF&YAC}bD8(*=H?xjhsO)yuDWS0VJlr-td zubLVLNrCypb98JIeU)aoGJupV;`LJ=Qgx%DdGeF{V7LDp;iix{zDxbTwp0-nT*A1$ zK8k-mX1K6X^WY38`kxu`>|eqQn!lcC?Y8h`T2f9rhm4rG%y;$GAw575bo%#0~l{9uAN9msas{H-hMAF@c>QVyrGxnBJRUEaefA76ZHSidU7 z?kBUBR#h9_PR2;=&#{rs{R=b09S=VQeKK@6Y}VGsicI9Cob_6^ppku7R50IIV~sbN z+I399UF9;Y>3r_fmK@@r)57s3rT>L`lBlxqPx@}?^FCXViY;!WXVU68`JSqQPEseF zNghA>HWfB-4p=sp;BTzPbO|b&$Gybx^MT z_*Pw4H+&OjK1Vm`JDWp6jg|z_N?yQ5j~?=#Dz|Cr0gEtl06R|3NBy&J4A?PpJ*%G- z332OuT!Lz(I8n~fLyYsqx9ot`iskEtps};{_iq3)CHPD!`gXjm*yWN-+HDwk*HFv* z|LPY;cM?>RaZ>u~XtTr?#~#Dh^2~XwC>IBiOXi@T?S`6FEP+A#v3?0=xKRjo;FAOe z@v_76$OP7RkLRk-Wm*3k*UTYra9y__DZ^o3x?w71FN+qL^WBCe{DJToIgjNGK72Yz zeK@tOuc;r#QxA~}cRnuwK1|^Og$#FtMZYdGypU)g^3TJzb$^zqU?gxXkKKe>i0VkT zmw~+40!4qk=nS(0^1e_d^E6zV5o8hMTf$?g(Q5)#zkrx|5(>}EV4lAelomsi6fNW3 zh$oZ70gM>iNxYJ{dsai@gNVWVF_=5jj8jMqVw*QeTp*t`w||HRIZo#T*pG>Mow7j} z>dXy4q>|E92}S1ODS%s#!>`}kBBuf3*W5?+O5(L8U{``TQS4r zIc7IDH0UKUtECq;j5Ol@{#~b@DRfWie%h&3)z^y}Z#awD{aG37s1^y}jAHvQuD6TG8*9n0@a0u=a zg1bAx-QC^YeF6k`cXxLNcXxMp7~GvZ->F-5tL~rkcWP>C&#JY0_v(J1x3vmoWD|6V z1?>k~ovoLX0^0K&(J)kUN*W*v585A!0-T7GR2TCLGUnFYOIkW8uMUB02kf^Y{nNqa3|qQZ+x zs_kD(X#j`~UiMv|oo+iw`Y#?k0^ z5&e2ZAhjDQc^CYF;`H26H9^*mqi2s0)fc4bBAZyHUv(s0)9qG6X{|3@^9zf4omCha zq|0)fUl0pU<~R|Jpo-N>&^{ z*uCPnjbMAb_H{~nD-&766UTFWkgpygl5pTlt{xCFBK~cq+KVKQ)EceitF;_`_qvG| zqt!K7#ncK-hR#|N_kf{igd~?-7~xS-y5pU9*JG!+my3H?xw?u|8V_=w9Q>ju_iG?X zfBr8b7AFxDucDEb50X|nW(Xeoxa3jfRFeM4D$NL_@748f05F=rz5Ur<<78Nj*_}9@ z+eHy&L0KiIwG4G(;XqshW-yTav9EN`Gi9NdgQiUQt1r77sqUvWqpICxK=Qs6q25UT z&B@6Doi{Dug9YJ2CR5pTVPQO5r6lofrO*e<*XKnbgP{%%;%$7Vi&l_&=XI;1n_Ov$ zs5l45*Z1p{;m6IxPlM%#$Vv=9ZUEz|l#NT`K7Hvc)!5FtM)(gQCHtO&PVjYnrO}4E zKm|@XZAR}!pZKtPl~!&4zl2SVI#dWLUFc^aS>9t5uo@Blz@(&-N)U(`+x*nvo5E6- zuBi^cm&{;x;@bY!13|Nv66rbh1rjnyyl~)+l3(+KhbQBWGP337Msa>AAxBOV-q&eR zAOb&b6k@9*cP5RJwtBEFK6xjAvb=`64IVtb)YNN`YM;iA59glX0m&wPW(JKv_$xo zn9&_D>iKrEGZm|*e(^D5PD`WP0mm-B(&lN!=-+2l=xF9vcTk-l4*K{W_%FYCl<<-7 z7GL+n-ml8)yn(~->6ASD>R@~V1~z;FVumW)NTS2_CwOX`;l!dK&&!qt*Owj!@l0jq zsdipyW{k_l(J^hlDAs$&DIa9;aqcOjd3%jaeeLgL)nvn75pll?yo^=brF^Cy-S}#W z$9=kki44E>R~#ioios>`_v6c=R5)r#wzN)UGM_r+=Qf4=GhX`WP-yyDw`7czkTb6D z=*zqBsu=)dF_EOC%<9xQ6Hly@8?K8mBxvo}_2OQ5>g4U==PNtk{i>zO(%@sb>n<3N z6d)rfWM5_R25h}K|M+;kx3p*%krMLfD;qk^WbqZaDJ}-WgkX8!ynk^L|+#N$-sI$L2GFI`?Ot1JE>2| zXAbe39lhMYV8_-kQynTg_J5K5-+Uf8J8VhUg1*1>cKtC%n{>m%ID_Wbqn{AxRV2B7 zlF4_N6M09*KCG5fv}Qmx^mpz(eP{ma6Gghed_D80Rma*m$CSyo_$Zm|H;DiM4&jD3 z=(eeaCe$x?#{CGS^5ngW^XQphS*JfB%k$plaq4tzlhpTn&_v=6F04CzHYck|zuv23 z2Gv00v$yS*(aeKOus3hr3JGD-4~t-z{65}FlM#A!R$8u5C=0qAmt{BWIM5DtDNrRi4#F;<2fb1%9f80ZY%f7E@_2cGP361I4t ziQY@`=)bFy9bvDNVgTMZ^fUEpb4w1g`N`>!qPd=+gGj39zae!#@jAkdt%I}(X$6Ux zAeY7nX@xs^pu4`v!mceNy$xN7!2P)CxpkB7KK=+@O&m==@A=WA}EHUWu2BsMu?74kbJ}=dLY7L#}2z-5h3?hmTj=2#Ahs&LY zSxucszLMobNftTL_^oGQ-yO6?4^3b`_EpQCMF8FmAgg%Fi^KkyHp9stM|6#G5$sKF zA&R~}#pK6e`$9+*1A&C?-a=QacK`C?8oJp=4^%**cDZv9S|jG8vbWQGO1HvYdh8RsP!oq-w4?79 z+p2P|w(@C!@oRRUupQTK{pR;)XQ<+0N88W~mP%exH}dIN06hTB?|jdHrckK4Ar0bJ z{DOgS7o_oF5{Z*sswU23cEC8R7jMHo2I_JCkOB3$lqNT}m!!kdoYQr*8b+>?VoJzh zK?gn4PHl>V-n%#Lg|}%IjT57*K9esgc3Wn_o?3kC?g%h>FY0rAAe^vzX588OU9o@+ z9XaAWweaaG9sR;ZR4X8Uo?a)rRA~jT9^Uc|;uHlLEsS-R;@$F)>yazJ@cPg!TtRhU z+Bx{hX)3G2e^=6aQzZng)XWleii~{`?YCjX+J1V)_k*k0kPt<~pocG|gXUYOqL@Qh z5Q8*kKS5>Cg|P zhczpFV;@ZH)9B-xFO_oPV`clzV>RAJQ6IA9Ltyy8E%6{bs=7}f8e+4bl_&WC3FW32Uv-P=&Dq223r zF{|k1_?t)ZQlpih4ui{R>wtTPb$1l6iB@qgpX+g(J%_jH2g}m-*GHl2*Lttg!rQ{O z--gnk!mMS}Uz~0SzFiedec!fQLP&01l&j2aAR(a7#*{wIOA@{SY6E%#-xmF;@|>iPs)fX zt(2OT-fJ`RuOUdIy(kEDKj_|Ch|cE&&k^s!C-YT|_L~(Poh>>x^|p}9X2Y7aQ8k;9 zg?oM|9~yA;2@KMcS2lQMWz%D`O3FL}IJ%}b$33h|gS!AZA#;x78m$W*ljhVF%P~5eE^=5sQva^Q{M%~XaQu6FKN&8!K5#rpY7KT7 zUemJ?xNIoWxUrk#{$!jVEJeSw8bfA??`PQJi@v_T7U2PLMxS!v;SWbA~f)Lz=n~*RR zcuK@*vU~w#1U^osnkv!jIlDhT{~~*{1HuQ>>}*)P{5X7OFy?#PB=Q()tT^N}l{jzW zW+0Y^HEf8rgAnhKG3 zXNt}z$bO99;uxh)D>qotFLl={?Yn~nc-5=r~X-knBRs5 zqS1t>WCKs{hT_X^L}%AoCk!PK#BG)4tO?8C)@mb@i>@c{5^T$`*eEE;AGoaLk5bhW zu`PZbmK7;f34ysD;`}*lzuC{iI&QzIQj}lPfQrpoc>18COy#cZ?-J<(gEdazzKIchwm4Gye++jq8KwMdC9w^ zHC0wpSlT;YbQ6-6^!FwO&v$tZ%)L;;p;lSPP25~V(@vfh=lBDDJ8*qet)#hiC&5c!iPj+|i62T~puldclT>zgl!u$T9jLHTCrhQJqmq|-lJTp~ z=2x{D6+O%{e8kCbRQioRna4WI5odNu^$9fxx)4>XmF;KX0Go%al)+q- z_SrB^Qr&`FC%#9IZ0!&cw2;?ezF0BLS=>w5y_l)+busVtvQJ8uJB+x1MUdJ7|F z^g0Ku!j7-yT@FLx0;AY$3X#8SUz9h`>xU#|fMvtvzF_UieD+&Gt^fV6c!69^Mb${J ztn}d5EWI3C&E%|EAHsmi9YOY}Q5>WNs>(=HT5vEK>zS+|86onEdOl0(o2!G1{J`)k zfD){~OWFv$(eV4vjIqyVDLI1VBL5PYqa_JRmo<-0jtI)>M6FLUIsSstS#uYxUmi4M zTux5MB(EuT?r`B?!QtgiWlAUWsSuP$alr6#9S~|58Kb_sUu;ZYe7M_0P1q14{P%-MU^ zfAvF_UHg+neB3c76EY_405Z9jt=hbog1yYm`XNI1qCvq;~TNO6>InvasxLb2I?2SJ1s??bX2) zeOZEZO7QM1RU=HDV`Lc2vCfNn3LZy_oJy_O6~Cor;o&fde|M zB-IQfu`=@$>jgJ_Jw9SDNc$uUlvZ|6n|GY{DE+E@S&zqp-j$h)z^mUE> zvSakVSd1{V-c%^T7_Gu5Z7_H!3Q-387>))_I97opY{Ny{JHHcylg9VS%w>(}E_<7# zhq4)&@cZKOtO+&0Rui{aSHD;AoCkbdoPBZ^Wun8%aWtD+AG;0jf|?I%O1j=_QZ7=i zb`))hDB{OWFS{b|@#H{03a>qeu{t2$UNI@+iH&a@4g2r}h(23pkXw&tU`sD8@~Y(b zLg~w_10O}0z>6NT>(`mP^P8Th9jJV=nOY8eUVvN9fM06#kbP?*{!?6?q2*K6&5xPh zS>&|mOc|W4@QocAGDLI&EPBgIT#||ey>;G z(DN{>Gqlr*iD4di9}N;S7r8xqE#IbmPCNMO1@-aLM(loH&#DhaEi)0e6%Uf%as zwHTfKAN+`4_QFK}2IpG+bU6Kehz-lXC{?kCch})!HwK(cHBM*9=7=oSd|uy5o4iNZ zC`<7?{JIF>f!^}s&9+uLp9Fe$od_MzTXb$#oorK4S&0mLZX+E%ifmQQC>~bKhPGF8 z>E>W|sAWot89Zyw==A|3w81JW)`v()zp?p6`dVaQfW9Te*ae{l|~Y z>!Y#nr!1IvTjz6}utP{T#rddqEzVzFTta&&^A+dQ1gv24;dOju?Iz&xW&k~*I?jkq zUBirYT&2|BWZAX;+s@c{CL{N18Jpk!e7z{;d8&~-4CqwG2rfeAKuO98EKuvXu!S9nwU zwtOUQ!3#V_#ipr3XH{Db*`L?#UFv`r?(6JZc#MC*bA3reZ%42BWI~c!UPYZI4nbTO zPA!KCexGNF!GDMc=W&UDdl(si<~Yl^pv^PbSaXK2p}Pz4U* zMFyFJ&L>U2bfn`Ty{bO7dLXC-G+!Y92C6hsui;XfTdWCx7PzNby2e^h+Coy^BKU!p zkyoprJlpE+on9%hAKquMm-QmZx*N|Dg?Q8bR540bCQm{#W4=*SIQ3Mco5mlF7bX(b zdvvFugn1_T`Xs+@@4#;@Mc-Sb6L`9NeZPLb+)$4^gk)7br!rk9>frkEL#Kg6|MA4- z=zekZ??-!vn2q}uWF@?9n;|mOL&DC69ebXaBxDtL*QMNIo3zx?g8|k$uWY4928a7~ z8jTGaYGc{(Bs}fl1=9mvjlaGcb}_0!GCqGX?JA`OY#*;0f|A)wbg|tZ`qK3e#}%SV z?dqSFaPxnL1&w)%aCEuWvUM1!m>W2KDae=q{>{E@G^rl%&QCb|$m&&Mj)e zb7$^M$}3}o7gMN;poDrxBFs| ziH`YWAQp#rn|I7Fd`_d!W6A3~B_bq2BL{Q$k89s!;(`d#={vo-+qRcZZrpOfC>qo&?7MNvvR@!Lv4(28cE^RK* zLnrT%i-J>d7z_)Gjrj09Kz2z0yu72I9#0uL@V^Mokf-v6*dUtm>>Fur!A_!2kR znp{Sqg3&uAySn@}%){_vRGJ23=IJfC-2T>x*+ol}7}phqnq_cvcFt9dD`ZeNmd1=R zeVKBkT}LP8yA`ySm6reWh`pjD1#R=ErJS8awJWc}_^4YHI3BRh4WFmTUQAi(6PWh@ zy66i`;>*hRe{LFsKIJLp`TSUV4Uf6K^>&^`is7+jvCHfI=JI7^rs{>l{K=O9&b=z& z2Sw+an33wY!|QyT2K}u4w^+tlTC2aKQ#003B%v?}G3g(3^k{@!dd)%fXrHdXmyN@> zDBqsHJU@Q)hSHM(my#OKoN{cUe#_!`*pegMMYlc`RB@4eIn$=@fgm{k`?fb7WkpJl9ywYE z?_%s0V#ePve!hHIo8-E}(b0!r%?LO2FoqN|=ae0MLac|Xj&4RZ5fVqd-FB}Kv1Z8s z++=||%r=i8pUz$m7!fA_}R4smWw{@YF57;|oohJl-I@3&=~ zH1EEhNd>HT8=uQ=CTisIE#|+FTRzW`k_ig?b;bY1g8-J&{$PiGWBa=_<3vCj1 z3YbMo4Ol&9{?#p2SheZJ_-OW%aKD)R@wCR;cQuVbszNj4InBq1g`~?b2)ipzd-X#P z>xGN=V@Ls~>cY<|c<+Jwdkb@st)ub|>)i!j;E*jr<;lUZ*x+yh`o(Cy=gB-Vhp|xHBVT zOMeQ$vQ28eT!EzQpDlQQRYwmt9^I=d492D(MaV6bT4#&~c*Nn{KE?&B>#o0~e@)@B z;x3|Fr6u`!IwVfPgHP@WU6go~Ul?~g>X0)rD&ytc8U><14iEmcD;SjNdR=+OagE0q zo_R-g5!{xNJFm*^$!9RI=Wf4-5(>sI+A8KDk&E{9F%`WH zzQo86!m~BnKGKgWZ0j{Cc2iple=mn!1b~gg8gz^r$Wywaa94GYNO)of;s$>lo{as9 zW|CaVo!5a5aNz~L!I8JTB}A)sOm5Z_0jgEaGTjJx`8DR*%PnjVX}A3N`Pr~pby4CB zeCWMM&1Y1u`2%Y*I&uG^0=3=w(V_XI z7F)fIOmFtI_R)KsV?7xu;%F{e_rv!h>iWrbQ&w899hZKS6$RkwT@0s1>1UOfeVXbtO+lHJ_L6{k;12H-r6in_{W;Y8^_o*q>k?Ka_F!no>&fNL z0inS-gth+uzJ!}8=Or0$C%HvSLFV{yT}QB;A39hFKFPq>#s?!PT+s{ zla}*Z`l|_lX~;lP4tl5j9$U3m*$m#!pT1s~Za2Cur$R>yhp%h}YCIP&8}e_bO(T{r zZkrmr^SD)9y$6RqYRR5SL-wcm#lHK`7oCnJ;1O)unZ+)@Zc!bg7Kj-kkt9e@XV{ZY z?-USridZlh>DyXMGadas{GV47+3~}R>$5=Syaiv6TLH3j_TIti!HA+NCQyb#Wmk7P zW~7{SUNw<3J5C(sI(+21F87k+&vl*}m5*o+`A;(^P zs!#NqLVG-^`Wmt=4Iok!34aZiLK3xGj#iads4n>iq9)23wSLCYS zD;S0*iRPk0GJPnj=mfpcc2d(rib3WwvyMujV?m}aJh@J-Txx6rQF(2 z08YNnT!X7qS&`KwD3V{7=}Yw1SzXZW6Ix)gM5f@(5Z6D2LG>jjLZnOFOQvOQe!fI#4)dCuKkoTRYPNdiW^M;N}mh;-uS1=>|(CJP@d_^84ed zT4TAc9NA5mQyu>raN;#pA_H)ht9KXz_lkPl(i=f^z#PFneQ;UKshd_izK|rYQx~bT zUA!^_{s_3#J%d~dEGwrfl>Z^7`8o)XV#;C$)=?HXU=&YfgbKF(vwzggZ<$lW(XU1EC2_=||AlApKKxQ>WLPrKI6$?`5jYE33dnM| z;w+-gY zrXI59m9PX|?b31%C_OY<&8Audr zB9=l$eQ(d!C1Ax`=hm2;Ni%;?W4084J+&-f=t-0OS9y}qj~wYLutlQTPLY815he@r zZi(9!oGc~IBS*LBk^ zrAo~%T*m4s!;=el5s7;0j~jmss+XN@^64_I^Qs{&Z13LP=Ey-8S8aRSS`#z=oQxTN z3JxwZ>U)4#Ctu6rqZ6Ucb?!g1g9kSW3t&)++Eqm@IV_B!ZG2{8vzTX`P`CAFnRdg+ z!)mib=4B;vo5eH@e?s3DK1?r9syN!L2c<@MG=inPnRNf=ycyu<+~8dCm;FiBR1=a7 z)VEw6BVT1pEE{Y^5zZ(eYPDe>2Z4@wHcwTbsNwoj!6rf`BB=?5_#0LcNdkh-6s^UB zdF>faAl6N<(K=p=X|X*lr?B6eWxxwMK?#q=jln~=$d<`{J&U3k?KSyOF+o%!i(P z%)6PCDfpA4#bD3EJC%&zF6>9VCYf?T23Y~QZwR1ixkB9{-1)MJ7DxQAtpH2MX2gfq zqq5w%PViy$$_<$B%LqvLinn{j5q(+)+yC#`+-S|5(|)qcA%MFl zze;iR%4cky)UPFhBs`#*#V~XppQTCL@rYghxBtZquGmgOEM+SKh-s)gdXA=c?cq-; z`N~>9SK^|;A`+S}-M6qY+JLPUvhm9(E!0T*irct7e}}DwzN>+88^vhand`4#U$HT? zhwMjw7WI@uZ>Yo)gx{n1czfu+kk+T|8Q*<+yPyy}U6N=!4=r(tMkqUuCIjY% z8H8#R2NdF+S9!ezaTcv7<|vRzMQ9dBYQchh&>iN1V|%=q%lvpxsI45{rfzlck>TNv zhXq3Wb>0UTl&Ga+NmJ|M$aR^qUgvaFiHWH``|?EwQzo0yS+{Vb=)*BuVEu3BSqu!o zkwXg{z^G`~;j+~+L=)mUQ{)?MGN|crFJT7XMe}P^Ypc7WS|g3=VUlDT1dGo2dW1eB z7|&Xj2;#F9_j=~W?tAGkj~+tuU;B1I2IY9EG+oYYbc16P`gE+H;pAU1bA>el z%@-FICz!$3gv<3yq|_7SX+5@< zf~rQqQ;NWS`BBr^Y$5XgipJ8kO4vqk1oPx$`2A1JUdx{A(j)C$AF|zlH*NR~%zinUX#{OJ zP4WJ?S=s+J6l`>orn8)=6A`mbm74Sfp2smU>iN9S-X) zbJJP(MXfp=XzR(b!*#AM-E-%Z1}#yURJDncqO5loVMU#C4L-(3>`qpmA1Q5BN*JDe z;JXz&YjrS0v{C@WE%Rv~@Yao}xSQ1kCh!D;lg>wggABQC0JC~*k?y-DTc6OI%U?-b zg_cdDAlQ7B_>bUr)iB8@*z{T!or|&ttnyKmeWk!IU1k)A%YoxxQ^4Am z8ds|<)uxJYj)3p^#15Wid*8{eev!CR&nZge4h{ZlE9D%H+hJ+Btg&sq{inXZ0*C z8~Qk)i9Q(BYz;3N?&NT~%#y)gntd9SG~DsHIYzv9YqIidY!hX?u7tsvFMWfB9pTw^ z^85PDurcJn!Mv(016S?eHqeuP;_dsywTVKt%gAXJD{0%zJZ^?&_k(c~@`%tg_Gu`Zcpe#V>+mSK9rj~(Lm*$#wf&8eF^5m5Em9V$ zKbwChp$>gpB7O&K#6iXJ+qJu6`MPDv@GdCsBuKOKKT(=ij*GerS5$D`v=6+*#8){* zO^E5~`4{3onEM>fqgJRwx(EYJE&hCKPb9cbPTnMHF4{2PylY9)`MIqypA&nSX%v6#vED@rjF8DatJUp zm(jtQ*$!BF6zerYXF+fc6Z=msA(5!N9)4=e3$eARzZqceG3;cUI=9YZyj#Pf?JcRN zoOn0_r%I3Hu~l#zIFl@@+weX>yfY@Fut!GA@PgF&dj8!;=4xR7<-d=mMz`E~Hj?d1 zaXa^A*%>fDCS4HM7gv&dqlS(s5#8}Lh63q19h&y|yjNNx<2i8%mR5qUxJ3xM9F>`? zV*y=nCpc=h7GLJZSU8VdM0Fj!%E9$6P%17Rek5Y8F9kiVJ^H*D%-Bsu zyP~vCvy@kD$!vyW790qs*E1NTA;xi^YfBDt;a(916@PajT;l!+(B8Ugmc^I&dWtv1 z$tO3`h2J;z6(p*WVbj3py!5!9ywu@wC93z-N7$nim_Y9d<2^9-=wcWV@03s>jTuGEQ6(^;44v@`= z*l2doY4}AbfuievI>|i4H&Zmp@b|5kY5nF3Q@w!?Gk2#FIBoqS0qrnP>s6n}ckP7a z%lLghD_9`Sw*GQ#43>8GOl40c6u!m&ks=ULvZ{i!7%)a(=2#MEuf$0}H`%LWe%VFB zj8u$WjYGj-xSuZpvpbldk&)0KyJ_>HjLh&+$(twIcZ3es{<&yeznRVB5e|lM8?9$>SoXx4=^_O$ z0f!|uoQvV%;ILN1e&a)HjOzH{&)@}$$*JD{TzvcUKvKh?!s7-!bE^M&A zA&-K8jWzVxKod1msE75XqS+n^OXAoM_qTyMe|VbV8CKdP5A_09@+#0>^Z#OQ}{K;)jxP}l-1O78Yl?C zYPQ|#C4%68De~Z0Z)JQ@cm6bVt5i$d29awJdv&v$z?=lc!AA*#cTv|>g`8Stdiz)> zZa%B{!}X=8(Y}W65Q7@|hnRZD^D}Du`!kap`9P`Xo~*c$28g5 ztoQXuCT0yhM~M_Y8m8|C71Djl(ERe3w(B9$-AP)Fn{%4Mn2PR}NH|0YqfAH;3EWXX~vf5srv#fs4 zfG}H(t8_n~8&L0{#B3z+g@J+b2O@#^4(T6*lDd5T32!j@&1owV-&8bogUZU78p08} zvG=^T+kd{6M7vlOEWil|qvJANou477H+Uv1OL{m4ZeHCy1Oyis)8N(gX-)4QTzO^8SZJb9rr??8N;LC+$H}$9KHZ*`T&eJVw zAV+t^lF=G-s}LZ#Fj_xMn(cSK@g;(;8Ajtoe_g2U-4&3bgO;K%hk@z-YIb7k}%mh7>I8z z4-23Ko->q~F~#lnvG~hqxI9AOtcBMh-%4Q`nDwQ%LHJ z^p6gRHKx(4x5{@E!WA}6%Agrkit>uS#%Q`Z`$YN=k1zh;)M;>nX0XP!W5c~Z+c1hF zrMnT13R{MH9XMW0jqS6 znqZO)O_b$Xf7Nz=e!<}7hF85SUbEkP@;{^vEqP(P97?04sx%k~gg&eo?@Mx?46(x! zRjMzpf!(5=T(qTsIh56Eg~o0{zt982f~bd;lYMD612_QAt`gYzBa;>YV;VIWYa@nR zJT!PN5=0Naa~Y*8nU_{vgU@h5$ggC!(LiLopqhC*IY00_Pc=zt{YT8Zfr}O7pq`+z zxVx8%UE<1p@2C&sHJ36JaTxxi-w3iYXq>3u;m!DWY8?k|s%arZ#P7hx_bD^8vV-Z7 zY_w2qHD%RvT_dc)9f7^!Rhxk;hpGHA2c|-F)+c+>R$ulsa_|$OY|(p~;tzlMqG%)` z{6~4BCn%H5lGAxR8){&|9gt>%3ML9W)3O6IR}QF<@t@pGeFrv!GQj|#tceRgUur64 zb|V!$zB=ZlW^A|%_c&&4%YQr}Sn(ZDz3^CLn+*@9xqii0jI%1W8L*(V1gfOe4Ig+l z>pdihW)ZgF^?$p@Z@TuC-&J)xJ)qG7-Qx3E%uw|i-It&H>)9yFcXZ6n5 z&S3t|4Qr7DH09mfmedlPU5R#td|E-!#~|1o*YBJjNoQl+y4?r3?2Ur3C%@yYa3=au z`UM>=a*J+!5Ro~CMM|28z=W#&^lInM89$^~;|yf%K!x)$5lCBVhiPJ@Cffpn25*EP zP-F{F)=lMbD=?EV)yrW+YuHa{*x1Q!2HC2?^};Vu61&Dpz%XQ_Nkxkl);n zb1AcCquOs8GG}~PER*1amJ_{mrs6?`_@k|&Q)5^?HIc*18WrLVYZ}gy_beSJEb7Of zR`5EC5grO@KH;|d$}>1lHZhBlmqEp9BqOx>oYonLN_GDHOQc-I>`5jUA6S@0PO zh2Mtza#4T#)+VYiuw;(_6wAfJ+m77fB`xG@2tA2r#gHgWyEgGe7>^KY;VXki8t4uYl<*HQp&=8N3&6?)2FN|G$FI|2s=P^TjL;Y?=|#6!9NV9r2yvG~n^;E)y=; zi-hcde!kgYxI+&=IbuuN5{Vuq3`|+up#KkBjc~k349Tk`$ZFdP_6N}#_z%~fzzJ$k zZ(+fwWbCY9R4K z@9%=vjr|ex?UkCw)1#aMm{I6@cO%~X@XYtEE~^qUVKo~0W`fS@{x(tgw6r!Rud9&{ zLhN5hPi=m#OF zH(#K>@2020HO6$7<#izuBbOfw#-))wL{vBo>@$>Yi)JDhrEGL~i)fZhp``!9G=z<6 zMi3@MWV|`@JoZR7L?ekrh78w!LtSWnn)jlf0ZKK5wH)zl2eNA2f`Mr?z46tc<`RL8 z!}`=U@P*#*e(e^e8dQdidK~Usx3yJgi>c_l#g@@3%S6oLATuIdNXD6>7I@Ad~&O$BqcfLQ=Zl^MQ zl#)2b%5-y*XU!2}tE;U$*3y^jizaNc!dGvelGJhhFthF~+r0 zf6&VzwLlY-#JO#!dvMqA)?;0Icc6fP=tP`!>X&_ON^GGioBu9_jqPOUg^LRq&!VqZ88|Xa39*;vMH7u|^!if;ujf_e-MfqN8#z8by^HFFPJhM~A#M*hT~i@m!~l zh4qSL!N7H^xWZ4={csc?R0e=b(aTp^jcruZ4sNkh_q&)+wlkXkp)EU6iPSN@?7=9@PQ4*sqOBu`p|mlryYIrt+Bz$3$OdrJ=qJ; z$Y=jZ8^sjxc}Y@mlt9D`ghzUFBQ~uTU)sV?s+j75Bdi>R-m)14t9ac{;uqWxZW~*t z-s$Q3;~F_B;+>Sfbp8f8i9Gpm8Bu@Se!!j~#{%_TF#hX_VpLD4I!Mf@t0)CS>uQDo zg^3Q)lZSYwcw)*v=@r;Rvgfw%GK+noB&l#xUi{p{EwSSy*%YC<`PP<_PIsR6?{~U|~(EJxN0m z)RV_pak=`<<9n`Fs^Ex_^6mh+i%4|?#jgR#z1Vcov5#0TyWD#G;-a0)&rTN_+cs+= zuyJ~=g_@uB-VZrWJ|9do`YGgC&CryPFT#PZ`SOsUw?vKBu5ZADOQ0Sj%;(FTdcm(C z!-XR4#>MkZrLY=g{(jN#=B*gjV>98#Tv52Qh*O(<1ekbR8dWP&f!E-oR0;zJHn;GT z0#P=37q8Qr`}*@*4~f0ig61&YP0Sa&tp+fWLv=DX74|zhlqSc=yLgfXA8n8x6YNnjas)3y;l!ckGG0e zIp01DRBFJM4bb^4$M+j>ZI#b@i6Q)A+7}`Z#WnCTdl#8QSHXQ&TogDK_0n5PMXJLy zK0jku>BbxVaEk(7p~KCMfOWwzqJmbx=hF3*{US1$?oRLmzv>u0WaasI*M!ZOqa-J1 zZ+?4k?JxN}II3?V)@drff{!yoMeif=Y@weT^6IIwtpXbph$%=UYLcvwb(q^UMfDfS zkpsc5mc6V;ccS7sNPMZaP+Rro?L9u=Sk0mMU&wV(&P9*t{2OcV0k*S2^tz$m-V+Kp zj0+P8LF#IPbmL=IYtsaY3@bd^3&2JTK?r}DRlD3-!ZbQh@?PJjJh}z>>e=@b^kveTdh&$0S4f97Z@EyvFGTnS7zzL+5U0i9`~U$!NF{z%Jcr zXg!Sxu`TVgljB9kbr(Y8ori)}@D8>&kRXE%FP{h03JHe5nz;gRaro1kuyg-(w$jd7 z-b^z@4EF!`)(}I0CDKIja&~m_lf}!3FzDE`e|S>H|BHfs80?#wk3w)3%x5vvyc4Y^e{Er~Yty+)e5jNwwq#2Xh>5VP9h{Hf$HQ$Tl| zi4)4N!z2J%mHhHPgJ~}&%GfJhQftKx*5*ITMIiS6wVhG#G>C@Xqn^4b+!zGvu)zd) z_FJgAh{qt=c6lRzcMV7XiuE_k(V8En=HHrPd(>I_U%l*g6=9du7rh%VYvCN%N^((X z5X^O~&(G`fpKZ%9HsCA(y;yjsnAtzI@Cs}|LR7i?abv;46y4r|0>)sscdWcfS%%mC z%a}=Xt2znDwI6?o-bD`is3AC2^YUDHy7DDeO$`DrxnzA%z-h0e`sMq5AS;KRH|ivI z^1iMW3)%m(G3pI9e2g+?g99&rB}9{Bn@hxWsogTV*RO_fI8n>GF;ok%-2?_B_Xucm=Sx!N$iEx@9a22fx8*{%1?PUTyeiHXjns zT}`y(U$D|~7_b`QDkY$|?UAvQMf}M?#t#8^8UGJsZy6B9AO4G42+~Nmbc2AzlF}fJ zba!{>BHbm@-Q6JI(kU(79ZN6WafaXjoO|zici$=qJ2QUgc|OV0%sJV+OM$W;xG?*$ z>D6+&&2yb95^zq@cDn7Ev73si_Wd)-9>N~Qb{>q&D4Z`Z%YX9mbB0V6@N?D;UrrF8 zxfC6L;NVaW{al~+77Ax9*$BLPm)G}GQ8Rr3|1>fzBU@3P^YCwfF2_89YbDvUk$St$ z?OZM7Z|lxKb5c@&u4BR1kC5I^42{UM{9j}t4QU_c3P(Cd;y-1HQ?Q$#f;6sMxp5Z$zafDkKO_|A}%^&dH#4Q$8Jk+)iI)+d^1pD{bi)?x4~tiHbw$rjkKsEU{Yhk%X0T>4nDd6TA82&A#}qr zPX$5Auf0w;r*CvCeJ4kSFOEJ&X*M$#dYvv1dGi>Ri5okRmv3RKtgSw4RbB_g8Na+r z$pipjSs{y5e~U_rr%u)YxYuOb6E*nse)pcq{r&*uxEQFrLPYBLVO!()#Q0**YklH} z!+x1~W*bFETUCz5~kM z2XB4Z&o_o6JACQ<%qp8Cla>;!fO9s0w-PUMGo=1|PLF$kN^=2yWbjq^tb&^zxIq_A zM^!iF=_zRl-g1t|b=h>_cO+eUTM?G;or^DJKU~=>lk`mqUA1h{o&BacUCta#NO1+W!O0olYMpvZSsj2m>Dn`|VO;VQQ7%2*# zwKiPb&}w=$-@a>6T16RM7dbm`cDIml!O;rIaq&^X$~pvgUu_RnmUQlxR)jqwjF=(& z^)Q_acdbdJ(=0c&;^Oo+V=hh@eFqBe)%Q3kFnUKcJ8FY}4ll7WYNi#;eigc(Q6v1E zEC1%n9;}C5IwV@ovf2a>^J)CRr8`B6`JO7`gkk1>?D%3CMCBR%49U(4T|aU>YUX~v z84bl5_u2!*B#i4j8DckMUJPH1SM`_)i^*>Qfp&QDa?tz`yZsQ=+kbR)$h>T5V}q7> z;s^ho5rY2YC)^m?hpEdgbzgfw!fA*Ww@X_Oz?Q{sfF&JpStRP8EgjKfoc3Y#M&=DS zb=7Z)MPzRX5N*X_VMeaKBIUc-|LA@5Xu8~1T>cG-%q0oar1wK*x4+Lew+kS^BbA=n zUaR3sELDlpfiwqU7vtne#BqT2YYP)*gf^g?QDm(fFU!QA&tj zGV@DqfF=!H58iCDDmTk*Ye;^IYIpPpGD$1kLY=+9(=@uj{%=|?xpRaB=(UT!rQ)fj zyov26oMyo|_`O}Wn%iE*HHywUqCSZN39v{p0Xi0=!6G57LT{F0tAp|Fw% zt>BzWS?!W|;2bi;7D1Y@?eJX=0^5e?(-=h|A`ftVfwi&#k$V@fuLuN z%;gG)y;XOYS?+6%JD8-JX^Qc(lVu;1PF^9n1`Do{2`jqVs}2>BbfZ*6-Niq2*K@VN zqb>zY2O(IUQRoR@pEl8mQBHQhrg>_M=0X>pnm%aFTiq6^Vp1L2c~Q8s>N0i3^+RuO zr7ZXNV=1qX&L+KfTOY=<`q%G}?kyXyo!lZNY7wp(NRvxvfdAwFb4?E424OI{Z`F^} z-Po=(V{2X5m0`WkJx2}qFR82$%g$=NBXRs8nF6^_(wV520iD<(%4rhQwRDL*PF+`4 z=PNOV0M_|wv)BL@z}3L&CPppn?>(Ir*MFICxlLZoy^Jh|7K98R6*$O=$_GE$Tj_8& z+j?_Kkj`BmU^`Z6;>yq;{wWvR77(9alBHAi4=@#XtYtcQw%+G!wDG=mz9H--nH;TL z_ursjc6ELh#V+GzkC^@=#X!Rpdl7G}cIWqw9MWUd^*C)7FA#9yWqgMKx9;ec#5O6` z-r32&F_qiouEY6lu(Zb72Nh?KKj&}3Nr4GFUys@&>AdXNcOG)r^Ge}Xn)+{SQ5O=( zzs!0oPp8w)zZ@}e9*$RJ;UexZ8Lw1l0xR&4t#EfC zL&x7;inPij-n##IZfounae3FV!wRk|T}T+Wm+v6;uue*WPFFjBUP!2tnkV-z1*hYx z`e;2Kb@<6P7XP8Z4nHE|N$)>h2cB2ddOc>Uwjfi+<*0ZG*N(u>0Z;jG>9W&-ixEfI z&^C{u@*yfL{?m0H4yoL7`B=G+b|}IWt&~})?sZb#?>yyqTrjQsKy+_Do4U-T18P*; zBAux!?>1GK7!X#-4Qu*RzN-5pNl+_-z0cXdT|3X<3pJ-?!L38J5dASK%A<3SK{X@I zfTM_ykB{%|7lITZN`AWYLq!z4f8sFkPTYE$ z`4bw0I`x`O7ET9=yJ@FolP8TE*nk*AW&JeJfwaHK-@zK_X{4q?{~N*rv;N;9fPL~^ z7{logDdXZ`#NY`hF!T#uI&%S8dM-78ku&TefC+^<`&rHecMhPtO2QWuI~!TZIDw<*FM{dvI^a(i8)HK8?-}4t)WQkcu)S?o`|;D)ni11~@E4+f%Ga+V`=L#xB9e%I}bk-0zVl~tzq^Cu(0 zXQNz%U(Vnuvg#w8WM6lilLKE91^`mdjuzoG;#~8!5Cx+zu)p*(O6C$(dJc?j>LZTi;M}ReVtNc%r&^J>%;E` z2|og0w5Wa=ce_I7r4mIoZU@jh`=jNGYjcc8s;+o7Yh+%K?62hqZs01vfJ`?Sk&i>_ zt;oLpk`ybMB<|aF4eAXbdEX-Wbs)4vydm_XJbisYwTT->=A(YXlkE6;OcJie4G&^c zh^|JtK;%G8C&4ij9j7Ek)W4!QhhPv3Y47l&o}F@zsPA8>fF{$M&oZJ~H3%Ix1Z}qK zsfqWp_fiEdl|&){bOy zZyB|8wiLpEL5NYD8@&#rogk=H=$QwUsSN(i+Hh+WRV=;7hf4WFXFZEUHM~Xdo;}=x zg3*j=+kD&ps0V%OJ#faDt@5prGh!3GY~TJHYlB~C2P8eTTu#3~QUa@hp)IkIY~A%f z!15rF)hruWcSzB{&A%bww3XRLy{IJ0&V~qcDMb(urrTmSR3;QR^-uwCHaD*xn(P4; zktbJNgyR%cN|R&Iu242$+56wqnL{+hHT0`wHcRkj^!Kt)6+Q$|HGMY*u`L$A<+{<| zOJ4Rd>glYUViZN8e|i=wJm{VMx3!TiX1~89gIi6lxIH;LQ$|Xu3az6qf0roOy~665O9$K6#aZB=oX4cQPzrL#GEMvW z1|PsTD{EyagYLb>8za;?64s0VHtjwzju|NS$Bb~yb6z~*;0U~#c_acd1`Rr z0uIjofW~0gMhnu4>`ecCTst>9JP7VT z`>K8R^&gfbvjNMdO6)^U#uOeyVzf^54@p4$n9*EjB# zuH7CN3(Tf~c4a={2&%^$&jK-nr4GuYz5?29WfsFhBT#NO{Dl)NJhh|{oK0y3SLj67Yw|CW9p?&TkoEX+Wdbumn zUj@T;F?LXF6Ls@wb;5ZNRb305ND(zl)mH>p-kPBu4^e%c=q3f>V0rLoV2&$K*NL@W>=K?!Kr zHz^heh0Wpe;KuiUA1_jAJ`$}yx>CG%jp+qukfzJ9`6lQsocnP=g5?J!d#wR({lJ;J zqE)>diun1-y9nsZv!@y>5qH)ac?!b)pxe#XAK|LTwgY$ z3)sg1F6t_g0&9t~Wi_Y91CO@k1{Af7Y3ZQjf+FW`V6vMqdf{P+Pr5t5wwOh8#NG`0 zoL^i_Rh|yX!~9?BzBdCM-#w+lQ+`KHwbvn%EHVc=CB0>8abLe9dM!#*g= zxO%r`{cxG$k=#y?d1;GO4q#K??@r6*wHv&JUpA1?>NHnd}Z=*jT_2Aj&_M2rhJ&f{9M`9u|8L}a#(^PJEV>davV;`^p z3B;pb8L`VIphCQJGT9*;`{mIfp##oSH zoN$x!G0U}^xaE23H)G<-7uEYBe&2YPAuE?4<(L+uDR8Wygd>ON1*ekzU4_RW1Jl1E zX5G14RQYAU{Pg6B6&dXkvk|lrd(wnujwMzJV|JLTPK#d!jQSt7NqDM*zC-NmPkmUJ zzuw>IBOhZF^_$b80z~cPpwoH!sEfjOsURo_<7B)7Z{Ud4I@Yv9?lg z$^$h__2AF-yIx_pT~r|Yc-(#2qT98ca{M?s`5A?e`P!j}%%TZx?8p;b32T90TEPej zv~Zk&S)1Vn3xTyafPDEc-{+1V{yj%cF@KNlYrXvG7dlaSyn|9S?QzGl>HIYmpa`Tp zUa(~*M9q2b1{C-#?wS5R55P%T1`Hv9&@}sq52Gbg#Jo{gM0B}+T|Nl#bQ56(7&v-9>#q1O4n^nTEq$@_xwl5fx z1K22M(8~o_pxoXzNv@$JUM(*ck*$FDZqe@g=VzqcVxpsy0Z0aPV(fNc;!;v!FTui* zGg1G2&!@||8U{i=COQ$ZhJGQDgVRP!jIi&j%K8V z`^%oPRYjk+_7r1kTD{{I$aH%Ou+xCw09>BWj+`g^5f3XcEFk`KC45nHiG=KO+w#bR zRz<{F|KG|E2ayd75|aHp;QERL&zDsmuc5Hz-Tu#=lr}UZ0{a*uG865^+!SW<;0>)7C z#_Bh2kG2TH0Tt3SIo0`ym{m{cxLH#uK&01L>kKy$DmD7Z_X|8Wp8;DSiHoKbq&@NS z=}h!pU2#^DTRzD9=!U{nRgIhy;a#^qNUmymS25G-_&@u&pk&_GBCzmL;RJl{j|eZM>qag8(&ex><6>+;(s61iu%DHw#Nf1wS=Ej= zh;Ua5G&Uyg0Te}F(PSf#xJ~fZt7onD`yV4S*AKeShQu3rZ-CAUl2Jis*@}Ry;kodi zwU#~NH!r!7`?t>zTh_#X)&y)# zZ+V6|n6=vBryCl$ovdkOh$c`Awx``sH#vai57)pk11gmoauwd6=9meTSFF?IHmgs7 zk9(B88|`sb?FOeWv|TmP_^%cnmx8QnFJOMlhL=kar*9{NW>(`W69b+J>0GQR6nE5X z9L<7zpaKNci}BUuLcOdh6<9Z0b7A9_yNBbLSAqC??W9++)l9yiw?C5np}%1Iszi(l z5s9e~puF9z_U_YFE=U5)vLP1M4Wx#^_?{<2!N9zYI&O z$a$C5?EJWOGpay^*l91>>91k!?+1PwR;ASzA!QTnn#@>q0Qm;&GxQPChavCoN<$5< zVZSfPtrt{^pX`8S(~~&1$49!flfI;bYOt38iKh+gpx9agWw5!A(7Lz*my-pLK=L1r z=xqvE4!mk;cJAN3IN_RKW!qI%F*M{Nk17vT{qM*ad(eJt)bc_8oslaTzfG?m6DBub92`k?;CRv{Q3fm;et@TvNW;Sf;o`gx%HA0MDlu}6 zS{|H5w&!`h7=>_h-325|xo<@k(3?M>uYB_cc@Zl86y|umZf`;d)I;Rr5hv@{X;hD1 z=$OYW8%}A68}Fo8f)0SC@+F`U&~0#7+9SlCw*j*IR>77k;GvxO!u~iUh9GdiPR}n8 zb1x{>Pu{Gn+x^@&ADS{WK^2v7bHIMSrAZG+0+97amYHXNBVLkMkK}Fcij0#F3}EEx4yK2*b&Iq|Mz~oeR5{ z2hYl#VuQJbtA<)Tuq>9J+rM#hm zL#gzcNj)Q|srb{t-`AS@!@8L{K?`MBRnw0euWCQ3GgtISF0nDKc@A=LC-!(Su%B+w zl+`fhscUtdt2Ju|l7idC*v{XN%<=Px?fJOx1SH%jAoetuv0+dK={s6~7D#DRLFy$= z>D5fGn5XYgI`XjdII05Is3PSYkvC0Jp5J?VtsBu+v)7M?9pkz%JEvuZDr8D#+5L%0is)y4!=D%L|>ff&@E za2QeVj^->C2Bep2l4FrG#;co>aOGzZyhrFo9>Pjo2FhTh^Rh|M9#NrvcWuuSlFxdyN zx+dtg$meV?#_1bZiz3Ux0!Aep;wxA_Fjn%GTo%U%cQfJvxES}t70ET z9Gjn2-_nqD_S0hfDbsoy0g@k``rDX`Iduw-OK(XJZa;lHh5ljZ+x(c(B>kYLX^}N= zzC^k%rdRqCcp0G;cgeJ5iVhcgQiLnGOG4rGfsO#F=o{M;h@yco-;IZC9* zeWarY5eF=X5&VwJ2aUM;k@-$h2-3FayHR=eSAk!=L1u))1#KoVX-`MY{T@%Lsh-G3 z#6>0o2k~V5Ok>0!{!ciXNj#%hMMy1xgbBh!-XO^Ci+J@~?C8~T;7ZRx*PfDaEU!gE zTUx5VmF)$Tq{U{a<&Z;-EKEEkM_7GMZTX&d*p{R5H#7)+KTzNq~NX(76nH zNsWI?&l_)+!3FgxQ6#)p|!Bg)J~WIZVWYNlkUS zWbhNb~otY*+$;UEovC(qHEsixNQ=`JqnC*n%YO|3nd?yJa;M}x^! zT`7qgD)T6(ASM?+B)*>gbAl}4wb(D1>K~_W}svPa) zTsR*=cmfD8wv&fdUgA}N%ebH=#WT*|bo#zHuJdThm~ebFe8Z7ZKRhEzus169u-&BS z2-8SBC&J1ls_w>e(5YW~ju&_B_|Ux|<+ELJJ@A69^Sw*{aO;0B_4?}p!J`CTctlFv zGTH@8NkY_{t!t~%qaX=8f&!L{(Q-qJ+h0H@+6Optt#3nOpNP5gTYuLAaTLj>KQ0%~ zfZ$(OPd?3UoG`q@WOV@l*d#C5#$>2Zy;qE?plwZs8LTqLCcu&2M`iY1MscWdO=M8PSDl*Xc#}?xn7xS zJSV4zSV%=Ce$f_uGb<^bP%t2lks~6?O%uUw{Kvy5A)!IDqZ(ab`hg`0rRVJ|s>J;b zdV@H1Kb%EbOpum~Yy}R=q#9}ZJ`QS>*(_Ea7^lqQ=fEK|@ew&stzUP55~ z;LTS7kHJDpIpX1vkqTcg8*Zms-@P@mYxQvk;Xpq}^L%-gF7P}47wdM@d5Xu)X1nQn zOw5>)^ekv|vR-J!k%^*F8Jrcd_{@$A^4MP3>}FO-EJ#q{An&nMR8}fjy?v_TD~zR_ zR$`u9t@=i=tfEv{)8Z)l5t1G8js7LAdovL4B`3dkIG*vwxe}p`qZ{tJj7^y_w|pO#b?SPvqp?+%m_W zc&vJ$2b-dOcgMczl=($1!t$qash^VMloBiF4;IjA?wv)4AAJRn1}NLA{EiQNvP^w6 zfw#b`3qf}$!g+_KEtfiHm>(kn2m^39J%Y9u$enlNK9+oESGcIb9%6R<{V>;MG7Ddk z8rVJ^{wgoqc*xFoj^it7NRdF&8Ymg z{vhb@{M?1Z0S1XJUkkM%C0~xNm{lE4Wt2t z{!?|>)u9uQdHeZfg;~A|7@b2_Gv`GD6Jtyg_U2)5sWJ`rRQt)BOJ*U z_MRO&lq{eZHRZq7_e~Gq#S~r@j+KZ_6e6ZTZElv|NM9Qz@c+*T!y+kETEDMYT+@5+tAwZXcnwoj z*9^lwPA--kQF}Hbh>jQDngL`E^Nrp)L9ZaLRRRz$ApeXEn0N!d^pay@NO&~ZHwxT* z%Y?6+dHW7_TLquJIKfWe+=wfFYXy=|jxt+kUgw3#Cpa_pZZ$8S4lef}gtjxlp5+i* z(T_ZH>`byo6_x(otU-c!FI%j!1C1zMbupQX&vQf4Z5q%cyyey;dNHh7#rdwyst%$6#>QIzG2=(^k z>T1+Xo!PJSuzzrUV~A#AbZz*JsVFRA6fS{!YZehY+E4VzCnqXr;Sm-7$#t`qN=y&u zH%UL*x0x9uA7W>8@$}Gv)w)Y6CeTMrjN-Rn=KNcBS_Hg*EM#=dtQLc%7W_xh$#~QQ zDVQv|NqgkrU0zOJnS6~MEH2=N=mF;GFbOrY@u^!-g(5n0puzr zpeOt6v1JwCXOb623J|p}w*J0!nlxe;`($d>=nggrihj6XPT^P4Z#1UeO|oJ9^fR>Ip!)!97{?z^*LGB6(R)b^ZR(^|zzg4Zf5D}vv# z9|`~<|JNEgPJQdT!}hT0Gy4hq?t}RI>GhI>1p_xZd|Mw7Zf3|Fbj+wH=oF8*2JA(4 z>`tL4k?R;ch*I=!Z5Y!!cCbctpZ3zGu!>D$fRlqLOh(UX^t4~dO#<^Su8y?}9gLD= zN9HpHy2LY!xuH7YMh=od;(pwU!Iok0;aQ{!B&yB&46k}dV$bvCZhghxR1dCIZg(j{0)6=S0a_!o#{KQzb7c#h75E;$u{=1X2c$6Mu5y=dl65m$+WD$d${E$`=CC|6o(5IhaS_KSz@XM?CDk>9N_hqbjb_gb}~E99r}} zw-F6eRBX+^+%|a7HHvh@NQ|shM9nqraoMW|b5>I$LD(=AGuNkUCxa#~gxb z?y3qm3R(EeR=&3a5n0_5nX7)4>q%eBfIefddi|-Y=RbL=4eyEW*;f%)EQ-?R3!5zr zx!E6Qo!oXWxYK{#7p*ySgCl7jL*IhbC4E_~Aad>tKcQ!AkpVRpUeu;lF0xJ{vbbyC zW8#AY1JTa$Rh0GB@%00V6qh}rjTrKJpk7*kj! zmPsQi@6;dvC=mP0<{%U&F;5<9&VQX2KWhYN@=*8(_q6dE!u_Mjgh8ExMjxHR+2G|= z`ar5?jMB4n?a10+$=Ga8Z6D=c5AIS*v392Fb~Qb&4lm}M&!0V{gCpa4G5c7-2W6K$ zB5#LWj=L>-aViEn!(}UX)pU3QjbgOlHfqt%jx<|le5r|qX7eYW@;ygV?eTEniE+K< z-okA*_0A?`EE3=3H>9lm;3x<}W6pCu1v4j}pD!H>GglP%K~`-il82Bz2$(LBjd-1S zYEc%?U2L^7V}$S!MAE=~HW7tULWJ%lT^5cjXlFElbC;*6O2k+gkusyRjTa^(g|$pQzq?1IC=W`Z9%0J&7Q=-A^FR{#$0J zyGD_Uq8K}i0X$EWL3><|FRYdU`N_H1taC9E0`}+UFsOq zLUW^LxzAX@wVKyZ53WB$H%#PTS1~$;&G|DZx*|`1(tXZ)Hcud#9rCeVkqW&CcW2eL|$*Nd5Gi@Vs`Ah~#)8;B^ zO8a!3v2OWHHWs~pIoG7G|ADh7`ThIgIY#o~l!wfXl&Ij@{IZN+i`8jpS zcSWZpH~k!+owl3sOjmROGAq~f*+NLY>x6-OGa);%RBFjA3W_5A3iM0*9a z;M~`FmPsam>Q7-IkC`FU%rwu)cZoGDZ$(g4y#NwMEe|)+fbeMSTfm+ID67;1P(w+^ zr5^EjY@bVd>Y81@5nIx6}g z)}RlY4D8YTlVh=t^=s49Z(1jF?Ki5g=#TLxlXK3J#S2{~LQ&}r@l)#!@W;+lw>j7C zjNqvc_)S6uGcA_`i}3&OKwTc+=qFN2xeA?P3&$bh)=6XlnZ7vwhZmM?*;0 z!l{W)XJ}Ee#i8r0q}B@06lO|?KCg6=Ak!hQvlaGB(rR1&IkkY?zhcDq*$&i}NyGB1 zg$U+dCnWNo^@4C@GVowt^X9xAx|RvuIe1%`cR^vtI4&crdt=_fgXzm0H1Ps(yA8g- zOw*4DW$9~WVf?3mi1w{4l&LS+{$grXSDTipcKc7% zG1~<4%FJJPR=)mCp!aiTm-wd~G#w>otShbJLU0J&g7X{ELfot@eX$N(%DmE7@fg3+ zgdq!R_Vo%^P=lf(4_Owo%Ale?`-7H#OBUbG(Q^s~(;xl?lZ*0tT?^uZpyX?_z6s}% zEpJ^A9QJQ2#MfPW1*tG= z+!jHr#Tz$SoFrs#vu>wNhN3Dfh&qRAQ(k_!>xCt2NvQ9DJV@KdL3;pG!H2Vo`U_%d zF5XItE+G814#p4Wb(B;^NBrBHo`fMc**| z$aze zI`|B4`zPlghQo|96}h8yJ5uKicuPuIR4mWv2oV#Mpfxn%@Z4BcHC^6D2fM;OJ9l@@ z6{0!*VJp`)8-1OA_wkIyprMb!@KvOAZ@4g$vSxHdZM_=)O)Q8bksoNnuc&24Y_m}~ zJ>H~Dl_ux8JGpLN@x8xZXE#rl3#kpaJR*;F=#Nqb{5i(gcCxaq(WZr$4ge9x=W@W^ zAbcjk-4@5koW)-iG28Feji8%u^*e_F=h>8tCx{#Z9N>dfeQ$bMRzJvQ@%ok15aVLO zgUud04vy(zuP1wcpgdoffjwiI%j)={zg?bY8lu(`}PHQ`FOmq>pM_GaKp4*IZ1IXN;!HvnA`}3{rlCobz}D)uPTDVoSU0y2V*J-I9a?69;^Q%&O>OTr!pG2RXNIm1af|gw8KcUc$;Xtu0G<+GNuvRATEAb1L6@wgYyUm9b=4uX4ug_Jb z(Fj97jQd&c89i;-l{Z1Yfi)OW_~13IJ)OfR250CRKZq4l;Argd_&V_-z87w1*TkE( zb>dK0vm2d6OgG_=nLcqx$q9-|BnzG}648jRJkWuT3%Z~LiJ8Y{CDQS6=DZF-d3rRH zx5OpP&5_Pv-+#16rT&NJG*tPfqUi623yA#Ce;QGO48l++dVu7L&pu3-gJ}~!zQHVu#my)>$*f;{P1`014vv~-66>VsPQXGo?*y%`1m&$ql6Z3cUH4)!X|&HXigOyK0WG^YiIc z$ueD$8^>{}6sC`NW&b=91ekfLD3a7v%Stj+BA_M)LJ^zX81?lsr&L;Pthhjkaj!TX z7Ms)1X(@uBCMEu4vSFXcIzd+n!i;2}VbYtb3^<$Gdeqz63AJGS-MHDL(qxl}QW*(2 z&ukyDJ}h$csaiPE}L@y%gE@_+7f~_83>03W7n#|vODA{PMmRy z!;0kN%3{yzd|KYIrmKxLD$B%A5OxMyq6H9awzB}k%yFYmWmF;9_TbNR*uJ?;XW#Y4 z1#89y-(l_s`({I(bbv*^9aa`YMg3by|L*y-aNtR3+r<7aqw$!~8DmWlM3N`5(yUPy zp9E|ac0A^#si9JYp|AdLe1iLHw8*#>o=wVE43vv&ip}>_79{*aXN(45<6-9=2i3xQ z=5g||pye^^;_t{o()?@c&2trpQ%G1;d;$i|ye3b~d{ic%4x-y7^Wykv>(A<>?}3_| zaYz44>F&z0;B?mC@u;=>u(w0beZ@5O)SzWZ{nEJQ-`azX_&=8T=Sf97yV*gRO7HK& zzgkKfCr^oxuk2zrD~syd$D#>uyUWpWsSY|OLfrWH<-OS5SIR~mqK2P{zoY7g+ zQW|@o%LLmmoZ(m3K3jDNNDj+(t_2f~(R&*{kzvUHHXWZjBPea;+abbUK680)fIir2 z>0zZLPE-CQJso$#&xN%Lx(X}r@Bzk|vpOB`&_4+OB)iz|S5w*tLCq+Ty$?~Z%Xuw?O!y@T+SswOTau>U1hzY@(G0n} zB0X;=hbvY0s+6j2ANaVtD7rS`G_k{>@j}yNbZ~fYP+-U<>`V+1uhjgTyH5 z*YR1S2s_kSwD<9QTF%*n6kO4cRSrV0or_vtd59&@qg(joPO`#v!?t)iut{uv^|B-(O)6Fbt|NfAC=SbID zFE34L02|T}8NZRs6duy6yLaOb_Xf@4rq-@NM_I@WzpLP6+&#c~P1tVpGLz;T{%nlF zd1GoS&}~Z>w=mLqJooJ7{%7d`W8v}S#7g>P>1fmCE+F_p0+GxW`mi_q_Tsh{UBB@I z6Z%+7`$v{lpLAP^p;I-d-!J7?`))k+b!qpB((r3fxHyA8cm>e|s7cH0a7j`;yD?pF zLJ|_*!Z8!KdqiD?nA}+;Y=3#r=xyF=?B_ZQ3pPjHaAo{Q)Wni8Vqs7Si*`7?wY+0{ zI1eDD9*jmP?{0tor%0pL_Bc&6U?s>0(|Z$xL8uu*Qze~no%hPEHKh!NMDCZ*#X{yDz^E6GR zP5L7-tz#2$MKH>>S+kTCK2tScb77|ssxIjP>RmI&G3;T7$bW{f63U4(dn(Ugxb_Dq zY&YsYpjxP4$U=cQhB^6aJaJgh@m>dx89W~tvtWr4PIlLyQ7-w9{nWYRD{|t0Nedyk z5o?ki9Dl20*6rp$+fy~lff4)9y3VXDl>r^TdMbBaj8%>FYX%^9Gg~ zOSMlDy-YeuO#Y>kKEqEySrLcVBq*_a*8-#o;gA>YcD0b|A(x-xXK+D<6-|~dz2&EY zAnroMv%YAK%&~1@A@H#@7GPJ9d6V62G_A6abTBHLZP*X86e~K*L##zpG0io zYn7XiN%}*6qIOZ4Ke*VtA5UuS5yoj%miQ)92MH_s!fH!WaK$cKd5c}YEE)E}2WJmD zVCAe$>dwdWFN@kgWzTlE+LlNQ&{*b=Q$-{lOiBne2wT3p68ug3{+gxlshZDifbc`n4QCUYp^U@5QxW7j{0vSB+uF_JCZwMNZrb?Vf?T z?w3^-Dd){NtFbSMk#G7v#J4KONgmZX18YJq)kDqDG@zP(QH<36D zqnKjba_t~gf*h&TC;Kl9la~F7+AJ6rhn)GvYh50tyG0$x13reU&t|-85fiO8EnnQWP(I{l#iL&P99|A6^Pu} zVz8x?M(XgS(}XXVs-=&A55k9$!l-7)lg}y|ws2u3TEAmd&!`XxKFlfAD`(kKQk^iF@@l<}9_4;@`1y4mUu)@WjZ3B1fXE_51X|ciaLOVkFfqeg1hPl$=PjCD%{?|Uq{Yb8P&tUs)Nu%N`p~K0yH=FewTMWFStn_oH z#v#5|KF))z|j@QSm~X1}=e@t=|-3y&t{xn5v@bn?IM@yqp+>y&(YN%ubY3`vancT#YeuBj3p0e$DZkro7&WJBn5Qp zV9&HplMG$4;^w*>J;&OUE}UM? zx45c(asKmyit1}`fwwRMwPu4>GaoK+o*1EjbWwZz^hkc*!x@*sf(F2IL%u<_ClI~O z0JJ0FH)ugQP%qEn8{kd-AhBb1kX6%x@$vnuW-;sk=>={Lmw#Zc7n2V>>g84;)0a<| zy~U0tbAy+VPiWe-zeWnUrd{jWy4ww=x49m^+?X%DbKgF`zq?!xA3rYLeJy3zqE$QU zm8Z1D$(2f6vXpJWdc`9Y)v{d;<51Gan`rK>V6yNy+Pr>Df1o+~o&WtDWo_IxOxaySEhn;xD zaimtKNu(j>#$2C?9;X$LD!MKPMKH(}QFeWz6O$$=O`PV^<-EN5r#sWc`r^cLBXKU* z<=Hpa0Jofg;%zOnJIAKgGY?IeAEP0+^Un#b6Yu*JO2phPAR#KDEAP%><#aJJL}n5* zr@gztECa}v>5RP=K+$hS28}$zB7?C6)dy%E=d)Bc_Dk1y6%uM#( z*au@~zI(j&zWu(xSS90-;mqLtII@d%xPcWW>-{4U|m=7H;eHtrnuoQ>3+|5i25EwWtsC!Jj%ySisz z^4rG`LoS61oI1nPaMDbH0l|6XV&F;nQ^+e@o_9Vh<&(Xkx0n@6C3epSt#T;~!y8RMVtv%t?{A_D%stadVo=3a-3f7#P$sf{08 zqR0OG=!3lVqfpg&K8fqf9;@SaL7Zu%tvvk7O5{x2=;8Jz?9Dly{O{(Ub#BX9^`6os z`~7PV@-~k`!t__Tn|Ox+<1;9AImiTB>$NlUy3S@AK13Z@ru*J)OHIU2SKsJ(M1+jOc>fW3N7{g#GzV z-IJQ$^aJ?yNO<`|?anC14+GOPN zE#+p0ulu7K8Q$e^lHZccWF^-Tl(=TL?>Z69F8@5;vc?KE3Lf!Ix!bqSiX|+{y^Ek`A9^j*d-A zk3iL6jjpp_c$HjheooSJHQLEsDKY%K%=&beA5FsY*%}MwZez0=KZ5qS@o%$xYkw@q zEhs>x>{w1(ac6R^8}1-G@WI{pMZ}hGjWzhz4f)t3j}-3}nQZqiC+SnvzU%`lO+`NW zA$k<@Qz^U4*VT3lDP3GIAMLiAjO|R3cF{fxIeW$RNJ5|2a>st zkW-oqlw@(%r!?h>%j51q89nJ4N*z328 zRu$zv_wLHOB2LowkPZm}w!CyIm{)cWejbOC4W5WkuB9_(rj3enMERucQnh4wEdNj* zgFpmtuz77h{W#VHX2(ME+vYEWiBiB`p#&50d{Jm8Ewp5yDa%yoE|BhZeE zX@Mz{?)!a7@P?bmjCL1x_B51}fO`bGs#DROFN;Wg3fu*pEtAQ$r^xOv$l}+A4v^1o z*qH=#ezSFhPqW}&9~6g1)W{%Nbrr0Y7(UmIQsY?seyi%d9C>@8u-xlr>VxHq)Iw!ivmLVVHi zx#docaV-jn^~)Hz3_D-dn?SdP-Z@c2NC5A0Tin&AZ!wQ+QMxvgVR9h!n$)K4Z;sQv-qf z!ATGWJ%tn_&sQw|gkj)HuC14NxPY5%|Gd#P{P!-=?t)#alZ+jgA?CIx6dTmW0!yGu zvaJCQ7beChN?0EOXD3`=gP9-QhKa2BTdC0ux%l!69Qo=Fg$ULI3w{eW`?DNpTJLob zj{@X%E~U9n&r@+HIBE%z>m(}3QFJU_O8mG{#LQb=ebaNbcUAwpUXhO-%88ZQ-}|SA z>^?Sxcp-bH(=?>e9P+vR_P>h>P-(dXvH|6N5N#wkQ81_Mtr9Hia-x+>~c>zZVsh0}Ls- zB>k`5QD-sRbUpdJd#lWN&>##-?d%{RS$fxSKJ!=n#&&Nc!EeUX#ej`LWpP918pw&E z|MxLD(_F=$PX9QS-&u!Wg&kg6=)RDtyqv<^C($ENxuYNyGCk)I?x=OggXcF$f3@MP zDPY&rJ9n2p^+zpd7H*3}7AAbIbN!J7*obHU_YPnqnlWq_{@RG|Gwu4(vWRVtr!QvE z5n?jDZ|W9jl7?hCiT)U>1vI$>v}5nvlzeDb2^Sxf>~lGY^}kK@&(*=Hp6hrW9&YGv zy_J0ZUpMYZ5*z#5K;5~U&kw=jJ+i)@lNTfN#59ldRl&ywoE!a!11;)bbwGSq*@uH8 z0OvS4)_FNnRdgbx5%S>XJ8H7Hkn^Spzd0pMare^zE1f;2eIc#%V4?-#gytbq&S-Q0 zG1!g4F--J-zAgN#`B8REW5jl(tVtHVb1E@bq;O_q=IR;Q6?dfHkk!OH&W`=;OnK!N zw`TQr=4&G*AhQZRi87uoq!mrr0?9>>7IM}%hEdb7ZnC6fEJap$e>Iy~rY}lK)b>n9 zu&O=<4_=w%r<`gJ@ zyNt>4+&M&B?(%Mpx6tSW%WZbq$4ibQgLHd?^?L7(>9+2^3uyb${J#sCO)aLIq>c9X zX&?9k9I|bz zesLGG&A$TxR1c)DI*EO{R-UBT*J`n9Lwy>uPJNy$6}NBSz8O-n2VxFcp0_)?hjW;7 zA#3C+#&lOv)}hb=#K`3iS#vy+^_4#|pEFCytvMP*$gi?@3J(Ff&-XY$N2Z9L2Wf^-#BC6II`g7Vq%wU#LyYFk8DFc{74>Chlnc z8FC#uE0iB%C8Q7~?)G*%T3zMtC6z3PzASZ7Kf}W?(kKQ32}NtW_Ev8=$Z)I7gJJds zCfm{I(2VHojI@~s0_ta_eZQ=H%e>}NNe_8@ai2r;iI}>w&vK}`JkD#SRbp?h&u{mk zz@Z=F>2uidzp7Rwc^brqCmAD?rD3SNG37mN<4UR(Rt<6;&Gy!b5sC}XLr1@M=!~uk z3As%6GUZn-?xOg6zx&IyCw>#Nl6ai2(}B8}#DT7L(-S?dTxOk6QZbiwA3 zmV4%PTUMIl9vP#zege19XU1RslNJ^RRWRjD*#T92__G&v`h&W>tj<9^PWrSwuiBDbr2VP;RI z)605y%8^26yxssrG5HU`Z>(pNJx5m=Hujqkhakf8qh(ECz^hIRCs3r^yq8Q6J|?JC z1D?D!ufzE2I9^S(5qN$YmF&zn9l}H{z3=8e7049U>>`UG`~@ME^W02;pz2Htac@OpAIv zj_&EX3|V?U?kTNmCdb@*BU<>WWjV9CkT_*E)Mh&|u)_%7Sh7cOtu{uiir#Q)?taGK zu_Nx{B|z-DV`Fs$ibIRv`Onuh(Ezjr%?EPVV_|HXhL4G&$h`FR$Sx*DZDGGToQ2wq zB-%WK9vtLw`dby>s5SuU4cQ?N9&F2|mBPCG$2`yI75H47Z(KhFBDaV~p{!ydh~35S zea5Nu`z}&o>z#Zqd&qVeeX<&+4=Fcj7mWV!

h3-|oiMJ=TXlJ$J_{3jT$bB4UR;QJwC9Kc~N7fKhiB<}l z^I8JVStO|3WcFgH&e0tb&?LOy83ki1vK5u?F?z7y*QyQoCGa#Z#_7}ezxzXWFFHgI?q@Yw`y}R@y`IP|6o+XSDK~V#iQ!th zw0c?g)a6gpM_9erBcD&f5ZqkCxdAF{;=CtvrcHs9S~Dof7+Ji9k})n-UNH?{wVl$^ zCeHzxKpIE)=0BLxU+y}fDsM9JA}Jm>l=c-7YYy_$K&DQ3mWf!o<`hq99|hKh#@^Ik zDr*B^il%G30|Jna8U+?sIi3r)_^c@g#cJ9!a;9 z%M?G-VJ3-T{HZQ#qWVtZkQ9T^fV7Qaz9JChc!+VNc{8Zk*v35sJr z(u#1T6$v1S#0pO{BwTRVJ@OyO=2}B{@0V#-cFKr_DRwyZUJA7bG97rMh}t;D(&HZa zt%`3KKo}RkbfM#;@p#KbOx2wkN}W>k)i%}u3fDxs90m_oP?C}!ed!$n< zrL}qF3$5zmc%AwxQawQkdT<)@;8Wf9&M;=x9HnElvo=LbAShoS>3O9%L~(Rp;jlE5 zzcU?i3Dj?}kf70te~1J2B*gh+7paG6`A-D0wWhVxI~&Ph zDrx0EWG=1Js%qu#y2b!xyz%e`?RTk+{IpF_Iz9ycfx@+4o?A8C`gGv1S5)urwd{%I zcY*pnE@+l+j*ejGKv((=-Ht4(1zbbIp!0C)T!olS{n|SbmA&cZYP5jwm9w{}7SaK5 zfTVew`?>FR!V-uJUD^C-kwa&4?nU`g6{4Z{2zy&Q$y@+zEi|S}?|jWl7HDt<5OVO! zOuIm%QRT+^gA?JGNju=KPQ2~$4!IMpTk8sChx9eWG%p{IT+lg#5_6 zV$%s+6*nPr=DtL<|9T_Q9Bl_J*chBBL8B0LQRUvoJ+#fyV5x4O78$Yu+;5B}vRj-Z z_QplZHdwURWLK`Ba5Wi-mI!~hNe%iUBjyvu9weiX-bnQv$2H<3T?qT0VJyeQZFzSzHXks`sSE5*FlLUoOaiQA6T#kW#^dMYNH@X6Nz)x%xCyWy}AaS8LpRg)F5 zeC&n3q{wN_9?e$=`qRXNSy|&#S<*Dm)Jz@<3Hgf@xcVM^UJK;&?PWUu>BmY5!HWp+8^(e)ZkEzU-fLv|HH+V?TQtHlD~CP ziUKQ=o9LWaztQ~2s;iP&!0%k7W?vu!ZIQUbs z@-9l^+^AQG9Pg5tO9C-W)tKZ5xASZdJ{OiD?b8wQ3Hma}%)D1<{S@=- zzfUI}hD@J@@Y@5c5^zA_FlMFlkGSWlwWw{#n?EI_b}c86`c$y z&OoUKO7PVhn=o{!Dj;a{Z~(w)5T;K+&bjdNyYD@1Fe~t}P1WW}6B1gdEg;~84?({E)k(>+mAyJ|Y9RO7kc+@jiYz7oTBoayb&taJ_?@h~=teG9?5(cA<1 z3(?G)cA54rv?9X(vjSED_o}5??FCRRwfzHcE)gZ__qW%)%ebp6>gqO{*5Uq}sYuDh z4CgPx#fY(Y;Jd9f^htsxU#X!LJnpS}ato8=a{8ay*h8@dOsMvP8+)o^~|b z4^&Lkv3x3>JAw+E*8FQlU#^quSmzWs)EuCRLs)#7?HOa@CBg+;rFJyKxN%8~G0&RP?Q%;V{n5`FR97@v+&f zay-p}Rys0QEwCZgRb#X(!)-Sz=6MRO`#y!v{=xefThVB*4}!(M0Y8%T*CHi+>wXIfML7rQdv7mn-6j;mw&934nUyn| zcEcIPOVl?9Fp^SX!bf}eZ< z5ytF#1lorGb$46vGsDoFb`j29{RlLeQZg-?Hf@nPldAaxB9a_qbxoHxU--OcRJjjw zR-o~q&EsTL9w@!e*XhQom0C2he>tKdgLed%%+-?P5s3Y0HK-=+$Q!Z^hB z_f<`4j4+TX@4EY922{&z_B<8&w2E&dp-L0`5slSsvwWV4E%_>R4gITvk7W*QrFI3X zQlY`Rpe+EK3*-sU2GkcE_*iA6hlY!vf76!``)o0^Ps`0k%l0w>^7K4FVYqz|OuM)& zHh5;K|68^^%?0i$D#O%5p19pR$#z8c=za;0TcO%d(l&X;YF7%etXveblpkFZ&)n`X zs=;>8i)mTDX)R%lXv`H$SIfn&XVh6g@zy*2Q`uv80kPbBdvWXayq>%YoBpEumwKMosK`d1dw;7#F$eWsU4ho5hHZl!@z{?GanMF1%B{E9rZaE9OfR#% zR}G5A#xs-a>{z3`(pRJoTIS5S|Me}Yu(Ag~b|$L57B*`+yaeB!H>k94=kRPeSX_!8l-X0$T;|XSbkBCrJQYE?lK+|KUXTa+<=2q{yh{g0@81yfqO zip&vb=7mmB@wB~$I>h*7vUhoBZqJXQo1Ao_bJYwo6#*SZg;Mhs#_hMoeY<*|29;sr zv-pmEKjM;$lYE@&#`nv~2A;tL-+h6mH;b7OWN|_t7}Uq*D72M4+S-U+l!C#r5>4M- zyyfMrG-f|Pt1M=6LY9R6OFgZOR{Rh3M73UQN?UAK+ZUC`@>wa1QUF)wyVv%GM>3EQ z)@O=!ED7gY54U{bZ1B)MpaqXg=#^92lBlb=_hh@~RSef^w(4YDY-k4h24m4o-SSw% z=5kofR3Q(gDXa!+<9%f}g~1Jnkp*0YACwvT8UU7F&1A3jGY>4?}N=OIO(=FWZb!?(GcsfC@*xT}mk6 zfzo#GdgQU3e(SmNK#_=fqnPOIrn;1}r&9ygdzbC84Kd`-&|FpFjs{~X@{&Y^M_4?I9kq`nS{~6|5HHMvO;%N}?-~Z~k zD!>?`JMG5){&SKF2L9ITlI+d(>|ZO&eH`)hs&OK1zP=m%eyZn>C)!1eNjmhm1_skp zq~}EeHm4>mmOj(AW^F`a>@-Akv|@;;`uJvtD#6$cFwi%;8sz?BU<}#fy{H}!0|gC|0&thB_~7Z0ZS5SfGK9~om* zg1Sc7DM!$7VoMXTnnp|BV5XzT6H{gLWNM)Z7e7Kb>NL7(Ze`g;NPCwh zBuhrz9@0;|S^kJzXR%Bd>BYF4_p45yAe_S=^z?z=JO!p%`(Y>U9;}Qydop8-SKosl zqaNyX1`{djGSMn!^I+i}uL!{z{W`BM@-h#)?2bth&w6c2M;xrToj!N}Mzjy>%Iv_$ zvDx$fW0l_ZneFWn(7CvH0zB4ZsbQ!$BbBh>*)*p2q>bjEIzTKg+Wge;<|u2^SWFg| zqHHW$_ z>%w$i9fi6U(RUIu&c*qAZ5A(QzVTylX*|zk_WBsJyp;D<-U%C+F$XWB&X1)VW*j}w z6qb&CaK8E4=FzR5$*^k?CepnsLG+&3eDp^4P1;`BJ3Q=KLIoSM^OBz9^*QTXzw$0S zQmw=nnVj)8*6V$w;aIxp!7N}#ZDc>Xers|=b50=jJ+gA@8|=KnsS~*#8%Lo{vC-7M zv!TT=7FsXQm1m9W`{$=pj@|PdnI(i?w|z7fiuSxD>WGBrx1Ejdwb}Juf0ohmjv3lb zR{LG|d+K@nh4Zd+H};k@rbWWqE4Z)cuk`ie-`p7&!b*S>IxY32VYgAtTT&(76L-Q$ zZU(21(P17*g&QLqGQ~-yM`-6nIQN)*EkAtxT%ELXjY}(+9(zu2bBA$u|0*mp=UvRTc zV%awCeLx%F77zJ}e|nBN1%UcrXuG*G3V7(iPRT4lzdN%cxYBMxm9C{l^OHYcqU%|d zTb)!|RZ%H_mEm_c>{N~1NxsDCt#<~-%FgGPvYMxRUl%$sWai({v|F241yZ6Q9Sm_Y znt&xPNrIvZk#LJivl_pu(2*6~&OsaR$d*gZqDtLxd%70X2J(-Ty;l^`-k6?>q`>dU z%SWKwT7c5b?0ZmW|33Nb7>YMgJJUJ_BYCglddBl?6ZCq$F^LzH^UR%seI2k`?bqFO}mA?-AhpLOIqa_u06yiwZe9pIJZ|J1IGTnl7tzdJZw7EE&J2<|3xz{y5Il)e9^2+9o>nFagvQrV3 zz4lg&@d$Ltj3_YTJ(~w$vm0G;vYt$(Jj$?OiNX5@H7bRh-)HT5egq$EcO4k9Zlp`O zeOIbR@^Q*O9qI@rf~qEgQZ&Q=(h=xeK60Hb>-|)8%{p;674EQv9WtwxEORj*lRh>b zboNhyFqA0b@V_7nU}qUAkDIpIk~7F}883G4ZCLewQ#BvmNfA%$-CZ#gTr)EN(4krw ziH{@UVY~C1JzqY?DQb|m7`K)lxm_ui(WFj9yAZGJ!abh6y3M=z%NR4hGbZcy4s<8t zK*9fX)pzpp?9pZoDSZAOJ-HpBzP({rXgy-HGYT6NpSZIOYc}$-gf!(Osn*cP?b(A?&lu-}k-{dJ9%(%)hvnMceWV|~GqPdn=jCKLY_Hn1nA}Ap zvGahZWTjQxCeS*uGJ|d!$;CmQZVv?jc%@mJt6&3!e&Thn(;%Kqn+68RydgGH6yF64 zfD!joo6c2;FBqFWre`$mqdx*=O(Ago#U5Iz>Mx&oc>Jn?>lb)|ydUwyUBa#x8r z*u6h6xUUs@I^$P3YSi-2!`o_>EXN`eX7RHP;)RABsH&y$Jq`qp5Ej@w zgtpv(9vgHSz56G`RQPP$ljyN}!v2ywox>&!L>sp?K<>-)Sv29D;F*i@-VQ<5BGGOS zks=e5nF7VEMrW5liX%O2CO4k0FE*shw_At2YD(b0eJ6^(Z%3r}!KrEJ)kuA5kINzGR`z2=jRF-F5y`yJ9@jf9&11c(fa ztORxk7PCO#&LJs$(_>%2hNpgi|HBx@j7_*(n24Hb^^@M3-zP2f(F)pBk`qj=uR*Zt6-e3( z5_sZxe{YJRaRw--5`>ED2Y2K#q2b2=w&BjhmaqR0g&af@N|ikKM)0iOtnyxZmSz~v z4N4wb!|KJ%2h86V%;6h9K*n}_)I|~>@Vlg%?}W9!JyqJZw%1P8#PZB)<_7VlpSY|< zsa%2-H>e>cmbiLW-JWq8eCYO5@Vmq$6rI#kv)Dc8P=qot82Qrul{phz6Z8rr!IwuX zW8-;N=aHi93BnkA2B@sIzkl%b_Z#}M+82_UPDjrN+mdxL)|6anlPHRk#sz`(wsEjr z^teZ(4{MnzuM{@!Oc6&`q!zcOQpP23Ija|Y&L!v6Z%*uzA=9yXTJ9%4^z#mFFQ71` zrrGF?@+ak7#_-7AW$&`l5F`Hs+WK>QEpb?x6zijJcPC2uWc`I~?ioo&+dzF*d-)|# zQ%F+=;ycHunSPIbJ4yR+o#^d*ldid#<~~A>~*|2AOd? z&@(|DmL8**Q~%N^<&)Ndo( zX=7hRT%IASpUKiEP(F9c}os6gFStWsG zfBxMrgz5~)LgBYvh(3g)$ZS)tVx!39*Y((mF1VjYy<3a4>h#l>?hM|fM@QE3oi)Ic zD66g4v8kYc4)tac-l@FE`@~u`85&~|`gqL#(J>y4>Q-!RDB=@;52rh7QcRoX#8(9M zknqxCg-m7(dL`+8=Mx@O%jW#k{*(;@>*J1I3#^;Dx_gMu#5vx#S9-qXe>2Ty%$WaX zay{)LDBLk|vv|Yc+^_PwTN8>?O|0)oPi%iN?R0XpL&k#(S)Uhfr2ed*YWP){XBkaP zblZq^XOQq-{OK3Qah!6{4=66j0kU!^U@i zD)y_#NbNt+{LA6=z8pOrez&Gh$!Z~}%UCh|6}+_IQH`_hM49BM|1cJ$k|5D=bG0D( z_(GaH`4Fc`j=LNQT?eaAVID5ScXT+Bn-D4;%QYCn#FW87vOMMt8tI`s^fRgAGmcP@ zE46!ov{*ZsW5-ewDH3!%yPjr;Io94eJH9LGiH5*qWPsQnL2llR(3NL5ma z`#V6K$ag8_3d2x^Fpb&Nmu>GUjf?z~WDb~=R&#~c8_whly-?bZ9ji32Ppykx3&u}&Z}XANc%%20#ko8Z;ojgk*u1u$_WK+f=ORHt zyY;IlE||WEt}`>bt&SA7OyAYR#!v+PVp!szQ*rR}8vdU`&vE_*kG#0W*5k>+s*mlG zxl+}+E2~=Syk{2P0S$SYC6G${eESKI8KrJC5QAhTABF7y$}he~<(W~;ta9Il%?Fp@ zi9-9;Y+_XlTTaUmC)+8)&Jz~k_)0Awk2&YDhQla4KdRoeRs$q%f;{t#rwMrLQTMuA zZl6mIgqY^K+>R?Ts@)hi7OsN8qB5GkBQVdN;eH>2<55p^%*}^eZ1xBLG(g3Gj=$B#&Nuq>#W%d zXiIAc)}FMPgpv`B-p8~QqxK%Lw6Ie8temJm;E-JaS7AAkqeCktRpX((R;l}DP!?a{ zq}NHq1q+%OxL0u$3O$xzfYRJS^auuAnki6~%Pd2FfAb5g09#ER8;w4$l<6GH7KTYv96}L-^}4T4fdD<~1u|li77Uq-C1j zsf9*BwU_-6lo&hX{XjD`!`l-@>>S2b%G)^%x*P|s&(_*9_fZOFy(oC$vA&aJaVRho zavKj?s`iKJJo%lznfJH68<7S6(f>NeK%VaZ5R5kKJS+hDs+lR4J{_7!15bghw@{AH zfRjq^VqiWeoaJSgQsegxm3u!M9fkN{04w1DJv>qFzQRUR1GYE2TVHI9J?pmeYneI; zd+hQ?2i;S}90i+nyKN3sffjBt$8sJliZ^(w;+*&|^%jhbNZ-oZ8wEPmg#{dOC+zMm z-n^y&6*DNEk}u&Kb1k;Pe+W-c>0%STT4fWeqkPoCXmsq6V$gNB7?$HXR{-eTJ=I=Q z&zQUu<9Va4^No*7c4#e!;Z(nA7PQh)a%uK`$QZ^@#6fdrTpF%xdODmS1z= zdU^X2zhMevd}8x!S=kZO(hZLxyH{@coZph&WDcgBG)BJu2)TSW7`4Bc-|pI3aM+yO zSbN0!mpXm13J`irFPJFhgQwN+fJUS$tPDn69rGXT<=-5XDY3wi8bE1MN?_39ZGrh< zbo$eTJd(z2{Ee`>-X|)EbrwykX}Kb;1ZaN|Yo<^sS+%Ri1c28Z;d?-9FapDHJZ)9U zkMYCr7X>$+tx@J+BaIhz;J`EOaK#*osVESzIbE9xq$_ z@Zbb8gYqaeZ=D$bIRS3*@bR--4xx?PQ*Zp+cfy#jRyrCNYXp<+Tnpc~qhOU9pqoz2 zL}ZP6vZRPh_=?2;%8nR%$_+cyx>4|{pDk<7W-u`G34$j}iRuh@V~kb^+{C4oDbsN2 zW$u<wS+z4{abs}w z5~x0`%;ETomD1xOchSg(r&v<5XqZ{?jHIkxl_6=jp9%g$#$}s#z<-t96=;8BAzQz_ z*9YJGy1@_M-?SUi|Af5;u1DqyDu`lP9_NTm=DXzz$BbyOPFFEsm`3Wu=<_OHHy_nk zwS0cYG`Qr|ow7Wt)294Aub52OJ%pvgl{1c99#L1+I$8ylF^JD9UX7#I89XFZEK-1ezt19YJzdy@Abxzv%A($wO&e)u$HLbx; zl=L+Ta<|$RvOomin!z{M1e}R}#eJIst0j2%6_7YlfLa>bY<3WBkk~KEuh~Rd73Jj~ zN*4nU3nhWx(QsoYxVqQgz|o>Po~s-QVpdpu5EX~%TwbC|Z=*+qJX7(8gYqPGkga;7 zeY=-H5qCt>+fc@X5mi-_)$S+E`tEFI_xtYz(OMidCm_(4)l6VN#`k!|e=3a&v1{_e zb_-K^YelX@)$BlLM-fQ5`Aql3|M+}R%+hP41%SeW)4_jet} z^yIWAi(Y=Mpb>9_u7eIk@AX=b?TAg8Pm%y6P>LkqWcRm2r~<};}$HqfY?ixZGaX+Z7#ho_;^UZ4Q%AUxlln1?5DnSoEP9_a9Z<_dZ3E)X{wo z?3)>GdNA#&G6L`1lU3N&o@AtnQX-*WY09tvkeOmo&sKBGF7vdZZ(I4g$np~^!bvZ$ za=XJgCo&o3Rm02}GW!Qu`Mq)K@pJU0PIMK9uKvB!u}L360sCdbxW9#Z4q4;e{*oy9 z=xrY0!s4aM4>8({e+JDONVVh#3T1-yebQi3zdg|8t2o@B2Qvq)kh{h;tEf+3Rd0*& zkwl(LMGkYFrmu>VT5&5vkk1fr{I7X9swOSl&TFNwvaD#^qWsBUinH~t&!vh^Hm10~ z);{?;Kcx*(``Q-B6*C?z^T=kxuH@GXQpv`YJc;~gG#8qm*;a~Y)`*ank-(NAdi5M2 z5*1nlUU?Y2FY*w2(idy%NifwFqyS)Z0G70O% zk-Z=dgXIjw*7^CR9Hok!L5?)2kIAePjZ+=)~tSB|GHS+ z_#>t9t1Ly4rroSuo9PEFuk_d>zt3fr5vrSY<(y`&_ijrI{p*7E)gsxFgh_LSW^N!H z>#{cUS>OR9a~6Aoe+>4&0N%Hjm=FXB;%5F_MN&oF%R z7&ucqL_Z^2=APr&Z_EmfDBqp&?EQ$!nGxn`_QI(##cnu9blt*O!}Wm$6(847DKpDR zRkcvb^tUO<+X{%q9XUR|C|OdpayHPq+v(qYC8CYp5(&$(t(<1yISMsB-yqrBIdNSr z9;i@<%-}Jk!1UYruC|&txstt38_)DXh@O*l6>4x$ZSBXqbGPD}c0IpQK~5CmU0xFo zhOk@LIzY9^eAlcZS)nrpw>9L+zcq$_(septb#F3E0RR2>P|Kl=O)RBS3U|v)Z3g&P z1AHOf|B*KpAKmA1ceHDxAIE93xMxv~pOH0*P3D#e#ywkUX|ulKQ6W_OK=c*L^wFg4 z9l1KE=9lfdBjR%ke*3RJGOTbhSW&&ZAzQeSsGSjff66uFH!YNPiynHNQtgzy+)U&< zzybB--B$wR3rinD&X@ijbMur@vz8#{0{5Y&7Ky8SrgDCv`nx~?eyk(Xt&Z0J85rgY zpSo+3as<-%ogj9Xm}-thF1ca9ghZqs!%X6~hs@CkOWkg*-g!xkVOT6kI-Is>(rgQa z@=ttS@f5h%pi$^^keim70jQV4n=|zEGEC(d_ls#l;*RbF7a$9G;xJB`7~<(d2%bk=}AJkiT%-PnP0TRR4nv!IBRdzq+H#n|FkbF#@MotUgx$WSeD! zjXMSNzM4H)bWFH;Ft~mF3G{~QTVZmY8u@=_ZUVr-DP6)lwJSY33lUosfzJ7) zRvJkxOS6i;6ojr`TAQCZBTpKl)}bx--qZJ#I_G$mG+|UNMFGhQ_j9Qe0nEaZam|Wn zm}O)sn#8O@Ws{{n%|e)sYc|%?o)n)s9B(;VN9RwrknW!`BvS#rWt{xWVE_ zM3*`N3<*quMKxeG7V6o=y?%Zt12b)YbUC(0RR<+$+)85}<;aKYczW4UiBivR=}U0$ zIlO$k4EH}Kz^2*bhM81+g-$we*yk}a({foOe0hX8T+;!v?EUUi`p|$j;W%c~mvJtk zQa>+T0xtsarUb+Lj8_Z6=xcW&Fg@B^bkPkr9PVpg%*{1#Bh9#{&6#Du4<<^}?(_mE zFv1Ce^nGbK>VkJfxnvvFY$M=a*dJ7&0;{r|nUdEf_T48v%dta^L$(r&AMVFaaxI6i z8&F2@6d9nR4Mw}JgOcUg5&G!Kt5P0~Le{KqHk*S- z<-5YO;W*`s)}$&KOvnFscQ=%aGR1$W{IS*>&}!5s*Vzx1_{t5&l^gH6%i>15NDZ;J z_*FjhhVgxnp!+?*95hL1{DnT6upZ*nNGa;G``oEJxek3UtWT^M&UuA5hOlR@PtKDF zWM+30Ya(*{?Gm9L2v~F|MD?l6dznY5nQB*@-pBrUV>rk zYUfQ7zy!^>eb8RmzO)I9Uz8*mPZBpJ;=e}5DU+t;R#+i|;dLIrx;u#O%%t0KKJnCr zeAeM2HAwDJlTwi-8HADwXwdy|V`$WPvQ>M$p*fIKU6Zbz(j<+uHpBgtIE2q?o&r3J z4-kDI5;&E0QOK#TbH6V|PKT@hRpa z<3F|pzUh&8KYbWmUV_o+r7<*Nrw?gZSf= zF$N4D03BDZ2y_nMC?JuA&MWo-o?~v17b0j{4;H5}+j;r-Jq~R|S)K%(g61c`h2>u! z^TQ%-$esf!Gp><{GmqQpOC|J+g0~&G_$?U^nwrY)HqjRpgI3P^cUC73M*OT;W65VF zQ?Lau_^aT?C*O3tO)bY!(Qi*H4udssEl1p5y%m%9f#Jz|Z-RFZ10E^pKm~d0VFtr@ zYxrMJ)d5xm=BN+B>Er0sL)(M|Kv6zR{4|`F`d*IE!ja)-0snQHrKM2^_+GpDsLVci z6Pad*IC+#3;av3cLV` z*mO*UaXgp;BIr~H`bEUuF3JDn0}#mKg|tafvv1vL;#cNI3c0LgpyMn75!H$-wq>cY zINk$t%5gI!aTY$l!Kx+igYhFdECkFS(BJ!&!3i3i>P!%bE|?Jt&*V3&8y0oAnI`0d zk{VM)i@-F4g29aZ5;)sKcV)b0Dpvj&yhQ^%u3aH+2~<;{+55(X1f~5KXuz01q6J07 z8vEadD#2y&%t?HZ&kQ?&H6SN>5a{)lwH|?_y#j^2rCk^ke`$x$NzD?!Ez>e85d#nt zI7qmzo#5-^cFmfUThAF$iEIl7ah9}Xv%5D#gsloQS9)L%$2980B3Lfkk z09XncGIu~Am)ajKiBi#A<4*9XTPsyR19{K}v%uz)uG$+ESyW~RuKE#(@jsNKD0B!* zjfD1{9#3G1{^FjiT1`%irbds6mESQYuHd}{pyA6GF|S1Ghl~q@mmg$xHSRua`WO;q z#T=ah3PI1krDD>19)f;Nh_D95NGSK3Vr6$1g1a0eAds9Z$8rh;R_NioK~94~0k2ll zF^SSSO}FGI@H?a?=2@iw~u>P`oGSV+u+t+h}Ui%7E!z-!SJdsnAo zo2mYJ=Sg>Lal?Ka@dDpZ&`~mt!tVBm5y4cX7H4bEx+HbLfMxh4RbV= z-9%#ivCqyeAR6&2Xu=A5l+OgVB74v*OM0IV6Mmj-Bz*hZ-wGe;oA5;$w8TAY_aW?7?I>NhHfW-snW?C75Jr zk!%U*7u^W19JnKlmMt|Bkn zxpO5Se?B`(m9dtaof1u{w>8ul5gBR2E_IE*;7WRMdU|?%*YbF^HZ{T-X}|Y+*@)G= z&a3Cur9r7KI}1U<5j|>i?-|CcZS$W+T~G(#n9U8ql=glT6^A8z2EM)VAgn`Smbq~^ zSXX$3fWsjCz_4^yB0%}<|L`gxZd8Gnc5qrwW{-#!Cwh)iDg!Ip0g>9|^^t!Tp{CkY zs7;uXB{VbPi~~Qng5fuYB4fn=qwCEBq5i)AalML)O36|rCF|JAS`tyRWjC0yCA+aN z*(p*XVVDuJ6K3p;eXT4*vXfny>?32}e|M_)^7(u}zvn*@o^$S5ANQPd&n1F0>A1A| z!;LVZx=1=+8K=qT3>IMKQ0&I)HlaN>j|Y((47MXEJ>w|3`4-Y;rn`5%*RvTcM0bn5 z)-2nt4%f3}Y^JAMA`CPct%r)tUemYL`xj>}zIv*Wu85pGlojh&>W>QbvOW7woTyF!J*Dc-KlLwAm;`K)C0 zCz-?52z2K@K`5ZRd8KYIAJ9o0!xDgOPz)C0cHgfBS3g@W_Wk)K6*^h7qBL?#iK|3W!Bbzkw`dEuC}ukaJ1Djd~a{5 z@x?P64 zLg5*%dBwhAXCAdeq;x}$>?8DOoSlO`Xn>*X5`fitZ! zGOJ%MCI=i=qAWL8CJGX++;RC5Dh#?E`$&^i5IJRVLM2W_H^vLdA7{8*n)Y_duOnVe zOVDS_agN>mLls_u&CgsuE<)x|zug0j?~=bfv>#`c6y*XMVaD21AG~&pZb*|4+fT?@ zKlfiuiPT;O>#nZftIkx3g|A;*Tklmr=^UnK;s?c!d(E-}0fV7mUa9A7auQB-Unl}R z$fK5HX7gK*Lf3Ckh3WPco3)(F+g(dOvXhS!vHE7cBho2lCNCg3;Ij1n7GGPdnnkHr zo%3|_Byr2@7HY(yx`T^vEr@Nu!Qp#P_9Wv$@6~^k)6lokuV+HJMHwd(aG0LdkJSs< zozEJOT$`0Sf?><-hMvj`02%i}yq?GljFdYLVkU>9`1JCvD^E>bc2F28voA?QOHBA` zW2ad0*`<*0-LuI7b^~(|onNwZ zq|D6BbmPJNF+sD;OTL?L(Pks-$mN{2x}V&5BgQNzKGW7-KK9Xy(xin2^ z=eEsl5|DNY#>Mwg(=B<~-rQcw-+nxC7D4McUG)Tf&eIHaLo7?7#EW_! z$7bCSh^;la`bTRINTaTuFwtvk2P**qgf*1{B+sD0!ppCo;G4^<-M>(Vf<`pGfX7q24*lfcli@p$0g1 zKVKT)1@q?oGpxY;HP^y=G9&hgalq9Niu=VSA1qll7NApWUNJp$@94%?Kj+au&Y*ki z`M!x{ahgrrx#C^ZVasSynX(lZACDg|CNr_Ye`(8{GCm?Tgu-VI?qeUGe;qlG3q9JL zn2M}e?4?EYe}Aa*K~P-*PB=P$*5q2A@rc@ag7mfAgp_TYHb+Bi#xW1EkQr`!psdxf5pBNV{|j`)k|8 zaf{Q@?1?)}rqPIz2JPmy=Z7oHJV42&wfZIch7=ahZUqdWCAFS=UC^p_FoUUhxR(2OO-Ju~(kqL)(Phkvq_s@vYn z={yrC9DQU4J3M>oDdpnW>eHe(Os3dPp{atRyN&-KoQ6V$j6-puSMUVKs4J$m2hTp- z;!`eSOw?cev?;6Dz*PSdB32ekm+oHh6`A-y7SdDTr8&=_g&e8=n#ABfbr?haX>ztR zc~E@Uug405=?Pl}J)C7}yDSbU$4`Z!X=j!tl62W?MNt7=^x6ws^;LGZ;g=$uoxJ!*?b-m861MtwC5$QsK?~;P0S&aX6ln~V2!$G? zEGg=-1WP?L@!w*4HiiLX5Y~&jhK22dHdS+ZHaeWKJhe24#NK+sJ>4iML%@qM)i?Fb zSWb3*zp@?|g}x5|_RjaHk6fwm!BSFLe0}e|c4E3eH_0ca3uos~RyWQb7Jhfay0Xx> zIW+$L13uNWJrI(_d^cZ4&Dv~db>YJ$ped*S(b0{P{4P}{i&A}QA8p^?I%G=O0!#&imYf^4!)s)y1kO6VAK31v>_U#pMA$exPzHr7Ur>KX{ zbjNo9;;KdU%f*BFP1G{d10~qaGqvlYp1ATcNXimVE zk8C5Q2C|jZ=xse=T?5Pp*l=R#3o-!ctfDz3$|t&b#jZX? z5h>Q8uW5_w1&qOLt~?S<`c{Vss5^KxSEX+kM^|jjtuM`7i9+9HZ;yS#qO)WIv$2hS zO6IO^>_i^a>gsD5?W>4nR z>JF0?LHADHCoHDB-YF;|4_5MML|lHvS|C;97II(Q zgAD4!qysLt3}?dO@;)dAl!H)isas`XC{et~7vs$Kz0SbLLoby6LwaYq!-awXLox9S z@eJ_{VrmM<5Vw>>PXAHXCv;*p{MLx@aohB2Mst8^9mLjj7O5_QUxntwTvm0kF9`tn z!U?6+1(-)iUV5d5z5bu=2TKkEH7*Yulhu^(s^-=ngRZ89Vv}9ThqKdq!9o>hJu{n? zRbCR-VAVaYPvtX5X!rz-1as4>Rc&kJ+MJx<&Gi1TW=S2|?umR~oo_KzY=O)x3hB!2 z%FT9`q_z%f4q!R^hrotDy;3**AmGo)Zc;wLQ30l@=F{%8-|&jTB9{jj0`-KV3wr9S z2jx~j6&aYI{c~HV(R*VObHV6S?dAG5l{aji>OVm+XLA17d`)#paA$wpaT$Y;f2@e; zkvU}rYY!%`b72UQ1_7idZ3WWn!W~u|EZgek+9EfrQrQ}*E504b_->udtVc2R!hcX1 znq6!!SC3-Axk<6^ATQkgLobEMLt>BVy{cgz{$yutK4$u9dG#^(U-sTx0`3->m-&?Q zUc!U*`c;oy_$hBO%y$iE3Q{`peX{t6MHfzd!#w&QE1IK~es6GexqBMZrw`K%F%>c> zdu(tu!l5sf@QDOov|-1fi9$Uh2%@J=#0YFrg*}XX0_7e7d9-w-K3nW{0hBO^-Fkh9 z;*s>Pe`ur9qO7t~yTF%`@#I4>(=zOEV{5MEPRx-MSIdpSR^5Kp+-$$An51{U4iv@O ze19_mH_c`QSqIXw;h#tXM1zIKDhwladwInsWv&fyTYRay-NsPd(IotZRMqW8p}pon zp+N&1Q5QY|zlUj22h`X%m_QW5!aX?G#?(xPo$k$N78J9Ad`N0l=Ck>UPWVOXYsB{2zlRODJv6TY7WCyTY6q=3kJtE%SUX`rA#KPiQ zfBh#h*9mNJZd+;}UfuqrjJ*;y=MVH)3%c4<38gRon8@5RXx>`1&2(kEO`>c8^5E>i z&>t|t(_aG3z)=6Z>8ZK^ zTHqAqb_a)Ny#6XfLustBIygR#ZJVO=X{$eRMW`Pm<;O z``f*zk3Ik9#sHlW$Vjq1xTarQt?^{RDK_GZ46Ath9OZr2*>5;0_ysNxhQFhipT~h3 zw-xcx)KdVL{PivD?7r4-P}Wn5o}HsqA{7vGK@vF7h{|0I~1Lt*{(Xj7&R7HNF<7aF&CSAwcNy{c2tczFA(s{@yj z@qkj8#+AZ zwc=tw=^btEuDa-cRI6*bZ!z3A(EE)=bYnteG?KhW^$sFa5$?=pL8CRkpsrq7YvA8( zP)b@=zR2DgpYZwiy=vET9JXo0Y{%cmydJNH3_cj_waSxqP(+`!l=28YoEi1vv*iw` zAAT||(g};=K82q%Q-Y6F7;jA=ESgO|s@ki%8*e1mB42nuaGoxbqM(>NOU{Xia;>D> z{kl_gbc>-J(cbBa;+mPs5y`LRI1pUmp8ZyhV^JF8|5%~MKOq#pR34?~ojTab{CwQY zrqlo6Mn`q=T8rz7OF*mcjPpt*-brPe`jPPYwzu_<6Ncj#YI6La)}#XFvXS!(%+u0( z26c&Sy7;{T`-qAIxPLQN^g5ASdJ1>v=*~T_g|{f(8Sg^hdeP#EN0K>hN8Jp3q3gS_ z<6U=2j5z_RVY<=|@>jQfOyZ|jcq%-m+6P}e9{|~c zBtBSLvtM?Z@0UE1RFy*s!-jmziw;o~*B7zFr72E65~!dFP(o29B(A* zOmWqC*5}JcB#BYnBjn2#)sT;?f81`P@EE%vz*sS+$S-64-;2w)8rJ~B(8*)k@0*P( zIJ9R~h_A{+xYZM#x4PYV4~cnBIMR1NXRTfppG^cyG8X3>w$y#}gI@J;89FA^ty0V$ z5in?iuRdPZz}42FMtD`=h)$}TZS8=2qF#~&ZPQZi_%|DBJNWze!|D>zY*lUng@}&o-Z|2Uq3^y zvxA3cR5(Pd&{75#Xzt-n5>8 zZO2{;a5k<8a#3;2ueD4>7O-jBd~LYzv{>JW_?}naK2fnJvNe%3qi#$yhDwP?Wxxp3 zfFVeM1M_9LavlEXLBajGt3i#eIS)pvT@|mCbaNyif}ZBr611np^Eu*>)%l_?T>515 zlJ^fm2LdcCUmfW%Q|t5Kw5^egx<{M@y&u04f^}RKI2tgj`nOp;gG+N7FJ2%XFX7l3 z-Ge=Ae0_xLc#_zJLiBWg_V=lG{m~{caTo`?suHr)chtJP`F_iEJnvYg7;A?uyp-fT z-<9`fM@fN&wn5KE&M=kB2)5?Iy0wDgH)&}0jcFa*Sz?i2h>-O{X^{v{FuEol3us zB9$-BNuXQ2Ge`v{`P`3^vBkbBTii-VLrdK(p?rNa!_^pJN1om97Emdh9+4FghQMU_ z-##??jzIDaYc4jJkEH@GQvLH!MaUr8lq#Jw>026CCELX1YW=Lh2CIC6DXAea71 zpuw<2%lNdTiLY{R(LzGXcB<;zingj|8 z4RFW6?xDe*0p{B7UL~T@Z0+LZh8dS+c``eHO7~K+p-_7cDMwBB1(Y1vlYimbOddHe zi!E;QgyX)1X6F)z`I#lEOP_3&HAgFeZtkI{Uu%@{LK-`~uDDaA85 zhd2dWd{ZRS3T&$|{bu0xVEE#@_9nIc?IN_bixr&&cYY=!eTcbj{XEdV)e}|6-HvE; zBwsX$RrPVu^g->plv)+7 zFHBb&6}yR=&r$_UzaSbNQQTx;lV=dX1V@g3$y42q6+5v!Hs~MJ`a0C-jZ9?AqM;mF z9hy+>Ssp-7|FTROGF0EnC&YEozDi}H?T$|longYRRa~9Q`V58DP0ds^_1o$R4^(a6kG^YDA?7AwS6=W0S1UDU zh$K5Y=a7qRPx?>uqX(s7<4a0fA8QpHdE!y@_1EO_67&L5=3Zn6H+Od6!D2i5OI(AJ z_~+zcC8_W6 zv&+RPWzofUY#U!eqrj{ZWE*Y$BCy#R1x`Rq-Vwx(P$6-6IaKZfSzSh}QjbvfKLWiR za`InIS>@eE?W?#|J577s*ebYsk<5bNF)G9MshNn&m#z`xDU1}*dc~Gw1`$3!JxpGt zg2&*4$?SB78cu~FrjhqY8(8D7=G5WaY&i7K54Ic*skh;})O!q^e)3P26@&Q4CAdn7 zlNFED`ifp9@*UnW_kS`)GAARpxZuElz+c6x+yScISTb$nMr9x)sfg_u9tn&%Sd&FfW=8Db3PDYy$ zj&>_#FeE=z#n;*1knRo3_H}cQ)fZAuRuHdAL4(tQoG!}FtM9Mjbq9Eo5q3K<6{?0) zG`2x@*I+D$>Cuk|N;zRf>bqPcDQMz^Mxb5F3`;24ezP3>@-14-S-_nZK}A>LY&31! zjb{QFxmJI1I}bMK=>F{exEG(Ae<4iRfHG7f1QCS1#uCP|{rOq@72^3AMr9Bhj4Ks& zIcaFOBny-Sh5OmH%JGs4Z%XTDUOZQ@Ka? z%G{`{Nk%eR)PK3bAV2QowOu+_0dhbKQSp_vk39PYNAwz;dEN4ouiRIqSPJ%?rtw{% zodWAftk;8XIVE&~@LQ4qfUS$E8z>VE<1)Lr($NyD2!cU#b92T%v3jM_&@PtOsc7Unf*jQs%W)zy&eK2n~)Qu=Yxmc>H$;=mQvB!-d%qRlCU z1@cdJ7hTM8U$!uayT{v?EAC{N`YpsVGa&Ay{WU{JVKBN|d1U?-+Gdp|Gy0vn1{fYb z&BVBsD`2KOrgi8wNVQuLWprFbH!dPQKYULsbuZp@oKEShJDuZ{v}JX{E$Ttz61^JLF4zkM+Gl%w{R(h63!jRg`9C8Hj=&5z3-aQfbSb+Du-C`IP z0^r$2fdmAK17wV8pv9PWV9srO-lT|hpQGj~-vQfwPIz4+%_+R+XyjCr>Tg*UBr}^) zQH9lg;;an28CZ|NSBb|5nsB-h(4F8NhR_W|c$YE9gn2My)lAx{#(wUeN;H#eR@dz} zEKUao(o^rcSAa~LxY@SeR-_IjHJFR?I1~WW#SU}h4{K6SB(${Eq>>ll^LcXY1jTcz zqBC%lO!pat@N8%K0rz93^&q*yJVDz%P@BZs`@%UBx0mw-*Y?*s4Q#5(4R>LTtm@Y) zdjb22pl~_Dg&YitF`$W{LF=b83P`yx=t#ZR;yF7tj@;{qw3k+VLMC$9_>jMNchA7) z3r2*H?2!s3rI5KE=g){T-+8llW=SZ$;?v~a_icGK+a~xyI;8^n`kz0fUARXO1IxF@ z4J+WFEF1Skm0Q1vF29W=;6-4ELEYuZLB6gAQ$u>cr{-2jBDg+q2~+iQ4d5*42vbgooEZY%h21#O)VV$RvB_ zDYtX}3&1qe89H95-#Fz_)y0vZFW-zZ_~S$SU32z6za0syk#X8dA8=9CW$t)h|B8q~ zhD|zLY@c=7J6p%`qvA+!`y!STIc4_th)v7=pJ_Vol@3LY_G%fWs>ZE#a_|*p;ahu^ z20T>q(bJ26B5!-j1{AI^5T?10vol)xR{hT;u#!5^?l-n^qPVj8W?(z)B_aS=i=v~f zrzN-$L5oF4$+61e5ER!DAzhO%V-T&ft>a?XE*Lgw)>$Bzbl}Q9mlIf!QjxjO=uFzC z#k;XuFQtB^3&ZEEQ{QTE8G8J9#1ky6=(Y57U|C|NvhZ;jqjD$dZN+K@d3san#r9Hb z)669Ii|w9mGAoe9k8wb7AN+@7%y*tSgvcU&MR8gyB6%5}s$cRh?yx;I@=fVY~U(9X<5HcO{nlEmpl%Yz#mw7s;~ z6-nhtOZcT^gVFcV*Lji`O}<^yomoA(B!sJ$Q);|b<+61YiMjZm>1HbeSkR&Cg>|mB z4;%+qN%8JSufPJtbEa8B0e=5+(^CTM`@{h#z*eQy@bCQ)GRl(Iz-j2iH11?Bq?MFQS5-#T9m$MKh87E5Hb2kBJ0Yy}Q`Y;`J2_SbUQa{IP4E&2q z^2j`Jt4B}}OR@S=<@S#yFM&@(X zsSSMPnuC%Y(%^*)XZ!{yaCq^A}N1XWFr68H zNtP1JU9XiTVexXM+Guk&uy;=-XiL_mRzTXVe#^}nfR-$pHp<*Yh1g2M3uB`nf|S4J z%T8)WrrZ1o}4C9?Y_Z=OWmQK8MG#r3j+5p?uQr~w|5-~MuzxfIK4?hQs zH|So}s9Y{q?d=R}rVXUwE%kG1e9==FZlRSiaQ1-$^e0_3NdOU<6l?*GG2z1m9*!Dw z&;+BoXO*%1y;>Tekd|StB9PnXT3pk!mS60^{9Ww%WVBTzxMb(fVd3&!uZ71ofstn# zK!jKdSky-PUK$XW)e zg9Ub(+=-`VT&z)NaqQ0iJ)h0iGGU6vcC&C{=MW)S0zdul7+R;nphJli064M$0?Q9> z8ePjT?Gj!lBbsCDulL>{cKn^OEYMh+=gOnD?+DtZvd%0N_l2COsKCW=i~!d48)yt9 zFH@sS{F=s^an2#>P*&LD67~D)+Pk%PS3B)dj&W{R&j~NaoeF-{6u4BgWh)&nou)|18ifs$ zK-N`+iu}R)8qyP0^;P>Uqrzi&?~Y~h{BV^IftaT)B0if-uoBDgXY3Jq`9?eFcZbBd z$jfh5*wdkC{1?tTbNgbA-{5UW4ywVRSoWB#{pMc9h5C(LUQjOr#jcqaqwuJs_ne~} zMeX#FZ$}y`V$T$1#x1=WaIS8W`#G4=Fs1g1TyK7VOP@BcpgFMExc`>8_(z$2hSwJ# z4j^_Z@L>oZ;C%f1V3|pP{TzGfVNA3qnj$emq`zD)H+-Iv;DXYULfr1AUsoMp4&Y>%_yby#KmM@g6M9RZ_` zy|zQW4VZI3Q&pHR8|Haa?pao%b(wFwlsElq(U{+UG@3{W-O&eESw9f-|g2FWh5WIoy{OC;oZN5eKDLFJEzq0v25MA2s`L?>Dse2P0 zGUuPk=QW8QG;$;rpy%jnA`cH%uYgb;#ON?XF!IeWq(bUso(d< zSrkn^@o9UebU!m~oet9075wvEMkdwuDX5*ZYP0a=a#Wb$ZP$^Nq_omDVcy;28n@;< z>Q6PxKYZG_!9%7ljN_l4thWkm26xqKLcS$P4~VP%ABtBrzBSY^}G8{9sjNYq0-@>5SEm*Wr*`{*3meQ zNZA;IxN!Gq)wi#hbpDvbl(M~U6)&E(0CjlgstRBZYx(=XMrQ8-f3>LG>WSQX30gC2 zL|tE8u@O3c_k9(E!VcPN#%c5?X%gt}fQvwP%dzs1rEf-;qU@6YxBtSVC>zW9m*SO0 zIKlqnEPro)3g*e+A9c82bg;K&aOnrj#BEou8kMPEzY29b;zU|PKbqZ_-!VmbLTd=p+L!W(AfgBsUo7#)LvS96i{Ma?w!pdndNsqH@cebJ?5V8Tw%^_ETXx zZCBn@XQ_~wnRxr)iB5j}r314jg6Xeby+X^Srz=wY{flwzU7#uG^bX{egXDs}AXQkzBaOG3`oN552D%t7R)KOk=d+3O)>G zzH#HmaF3OH@GZKQct&w_PM7#$fq(z)$kf#9?LMQlxi-3NG#wD8?hDKwQDc<}L#MXP zq0IempFSPLJOJlae?JZDmWxC}+J$%ay>%!CuV7*i`|U2l=chigiICTAAz3x zWIpnZ))_j!3rn$nlCzNg@#4RGs-M^OhE0Q-|TBbf-KU9BV6H@4lVl&0w!q|`#_)lDXpRM+Qa+wf(XPaDz<(&r= zMso4BMa|c)->B=HK(9jhl1DL>%!8Y?A}u;T`6s7v66b>+2F-+T4<%Nw)Ob`%Z;byFAB_1X*zPA^m7iI>*>Ua(Ul4m2lVj z7*%@~l^FvA_US;Wwi%+&)-q0QUooWG_n~7T`{;q1xVHp$5HwFfUYjjTt}2Mxlhyli zU{QJtx#)XP!IEL+K`eXZZX<)9Pk*#|7Z#LEEm~z6H-72O{PJh1^gzu0*b+E!4J&Dh8*9D-R8Y-a^2?fA0vX-Xklk zic5L0Omue(5ZYyO_ieEdLeE*J_c*AK-LIdI58Fq0b$;(Q+g;t5$-$b$XWJG_Q%Dp~ z;FHy_siyBg>dT{rYDAM`uhpcTSG%xi5|1%!!Dz`0`=(Z;68{iqSHka=@NL zPeUwyZWL}Qti#%nL0iGZd?(xHjtIrg{)%9KkL&Vw;E2UYg+VR?v}eJh^yc#MZ&pH( z8R5a8nNYI`VyQ~QVnDN^g~Xgp8+G)x@0^>y=9CERxw$*0~YpGG!){B->>&gO&dw34lD^UfxJ{IrB4r{} zCdD6^8~|^#0_$&C?`_UibqoiMw@4ob=1m-x-1S)Wumnc61BzcgpE%}Q#Lyf*QGPI^ zhgCh4yh_4U2h0VQxECO44js{BHicSn=>o)3d8@)K!sfUie=qbGzjga<7;X?XE(03D zAXzgFhI(U>mB_;}n)}F_r)$PWls;!LqAc84hn!XVxf&bYR|_&FL=-=(G7DdLjFh<^ z3kTLA>X_S+GI2YUoGioMdR-IWw*I>A;{e4A|@?P&O;i1^Kqs#5AHji26%!V}a zHgBQKt_3Feu`8!QH9fC}#zXZLIl4g)9ie3B)*M+_@@E!f&ta&+lh&Cw*#-pO{y zV?@GhknJ^3abJX!yoILqjiFLlE^HGX#PeGSgUfqcAR8{SluTZrStx3u$e?6Gol;a=I#9h_fhkb9Gz& zwS&vgua}vwT@WNff!Tu7b7ViGps~ZRGe3aaHPw7Kn#=>6A0HKsJ5dJr~^T#Nq6;8F8C8lxU#Kaix!|No&0a zIgg*E?z!BExu=}^j82A0izlZipy3}>^AgvGlm2}ZIAD*l?@06oT*~5Vq6;}IfzD=Ff22;*reTOJ!L%2QZ5O!@=06kKdC*Q2!}XD;gPJFCc`@b%~|MLiO%{YXFafTOu<&<5u(jUD-{_rNV4aHEK5~Z0y&)&%#b2JROaA(od-p)(#LZD z6;M2Sspd(97Zgt#R+p`5P9>m{;-$QnqY2)pjOviMX!DXuo%0d0<$1UMN+a3hujzc6 z`LZCpvuL7vR*QgBM=$2L*Ha)9Q+x>A;zPwx*36-`v-fuB@??EVKtTY#AARAsiSYE< ztkRB#9O-GNJTbxF={tCK#i`#)Kz+0%I=AN&Qadl`@l{K0tCAWuNQb&HHz&iDk6kvW zlW4}wTs+|xalV`hr&*0}QuO!zHVKLp1@bXTu5fVo!}{ih9nlI_4{xIKyKgeO&4al@cp{#xHGy%Kfe+5GYm$!%_HHJ|xCDW9zgn)rVm zEX@~%?nvBE2@N>%zXMUJLp%Q)*uJvK` z6t<^BAiBV;q(YXQwSuGUBxentJ1`Fi7@M5iOB(zh!ZKqI zitHo|gtb@^UA;+}GtCD}fPK^$EuJnziRbj`(+}=a!@023!(l09T4q*S#uQZ~tkN@q z`OJHJYjt$*NN&mk+KTZ_0Z7UOZr~Gd@A!1nwZ{zf*}%Tw!b@qXqwT5JcPMZfx0?#W z-verw;c`Q--Sa~$%Npv8@Wan1wQkTsF%20z6JM&=}gzBHIPvn}R-#PL}rYDhr`1ZK3`GpC2`UuOM(?;PVBSWYmMQ zEG`U+_ek?RF2na89q$9p3Gi7yYjiHeS}1T>IUK4jGC$13jTjrtd29gZ;&jj`RFZ|J z%)G~S2`7qfD+^|W@d>nK<^PyA8Ljn4)R@5LqN!&5aGP)kz(d#(8x=T>$g>GilYY3bY8aD-Huq|Un5v(BJ*7qdI2C`}Rr+Dlb*8A{bL z!*$InqOiGt2^YylpqNH_Q|~H)pEAkXXEvub#(m{m$!^ZcovxdrqD-LIA@E*x-8q-w z$H}B~jH2szaak>ApQu=$>cPv=+LMf;@^0K)F~bPLLtC)wrnXD!>B8T#L~U`0kTMjT`I@&XU>3u1wd7m@uVR7)TLW0zbA=sBaJYES2VvwEc+n2J))WeE{Hjon}QXl78g2ti6JLQjW-nKi`hV)eF|vQ#<|pXJr|N9 z)CuyYC1pfh_%+_Fz}a814FTI{Rv~VIy;(+Eaz7^Mt;&a_Itp>=wGZZN1AJ?nVMuca zi+|R1#e?fykSl$Z(aE_0H-!ZrMpF+nVvAvh z|ENo5a>0zYMx%oB0b|0^yk;4aZs_LWb8fc%4COiQjfW9}8CE^A!*25WnT>=qxq@wv!pf~QP8k@b%kzY-f?x&6+a-1YVT+cF&e zcWpQ#R3xHa!0L9d;cg}^PX#HXnWQ|}J&&~>$M14K<6b$hk+iqWdW8EicSa@DL=%K9 zvQEu=G2zvy`#eKzQ~S_6|B9vj@6nSwAFH#SpW|iN#yD2q7JG#K zCll2z986X}D1t$})UQ&5$(wvK&l+_^HLT2%~*IoZxBCs7VE!;r*i&+v~ae3~{- znvC2tuxCh1)yYTC_IhU7i8Tu}_h&jDX#bnBt#?lhX|!1wcwIZNHtpAQ!RzH(ZWL*| zpTkP~K|5)cpdOfDtwqNvOK2PJOO9wO-uswh-ZMd?N+TLpOpFSx?o0T39EyW>)FfQW ziLja+)B`6gKjf$;tVWGQW~}LsOx$l{WkO4#`latH9VSPx6fViBT(P%{Lo0(wEGv^> zBU7A8xW_rGfGM?_Z(G*Wkwl4Y5QV5QA24Rb4Zb1aWois)?>i0>fX|h#C4XGkh6w|p zy*1xAD}DVW-tVP0+&b==7j)O=rkXI_mS$Jfr3 zr~T|qEe-#ZM2C1mtx+m)qKq0u=B5BJo8p`5`*zAmZk;4bKf7fqsL4&QwQI~?)W0hm z&DWW($YtueBncPj3lzQ0>bVk%Q8($|R6?an37@oPcbwNuc{)Gd(w`3Dd4& zf6GitqET9<%S->0`rcp5C!l$=7F7Be0Cww!cxm8jg<$%mj`HSX%AI&uqn%@6kJJWN zCuzQk=R1Xd=%7}!NSoOgb%88yfZYqUWwct)#W4H7xZygte1mlPtDj}`NzxsG?RADo z_*RkXa69+c+v{mKvSzx2pfcZa_R*$RVH!vBla1cGcd|4zl0p-8Dbb`GeN;r61dEtB z{RD zl%f--|KGPzP@I9Fuf0&l9O8d*4@f)~qoBBSikuatcrM#S$DyIrFLU|u%kHZjP`f=& zPLch2zPf>e!uLAAz5SiF`l!py%*N`q7cl=dUo5#6D_$8MS_@|g5J`gg7tI4|C8eVpMO@l-w;&IK>$-n zSR@?!NXNo+=5V|&*U-s1>q@0x%|Tuev%E(hZugf$LuSv&0D+autgQY0%YZ08W-u5! z+`{svAC-W}Wz4x0+dXiv)!#F76e6+tCMFe5jilvAj~-=+Uv`L_TCd<22~ypa(qX;d zzj;6&p84mo%%9p=q+t>S6}Et*!vnOVgrsDZ=jzjC*%hpJ*7x;$(qZAR*|9QoLuLY%Ty}4t{Q18ZJNks?mMoj zT*eGtU7`|U$1P%|T$a)(*M=_Cim9ZsBYD0Xne#la^LqX{ujlvYkKgz5`@KKc@B8za zG3)CRqGI{`N1)eFNyQ~)YNdC_1Xy&9b@<^xK5*vgZA+sdMdV0f0?JzV@_t07_`oW+ zb2!M(rub)r-9jySbRJ)xobM56bgnmGrX^1=JRz&8iFhO=BFK*m%`4t!U z!gSmb6~0|NUI)zh!w(zl?*la6f}_ zY`bd(-OlE(Gyjt8wy2^E4q2{}mKOg8g8)5F7jpdJN}D7jEMnFlu<5c&7Sgc=e05nF zNHaX-&nSu?3#TR$^k+aK-ag7s58flQ$*n^tiYayCcGPTSTXkEg6y#z0+`@`qvy8Fz z1-3k*pHr7rciJ$*Mq)hCv9cbId1a{*qzwC&w(Qosnh2~I%h9XP2X*eKWWr+l;zyO9;!Kc*xS1`aP#9>)asfmNdSlpK%!|%O9~tY2c&dgh^lM1ZJ%jT z^zO8TVmM2UH^lTP8a8Bv7h(Yo_CZ{Im_y|T=;{uS^icy(l?wqRe$d39G{`YFI%SbC z*!MhS${+~SlYfduE%Ok%z*x8{3`W=DyZ+H1!Wjd~69cluAlj8E@?tfUhCzK^Xl3k2 z+naEK;a4M~{q6cuHH52kvyzU!q6YIX5)z+tuJK})0yYCn{@iZvX!^pAbE-Mc%TB#{ zL~S8G#(;FK>&+NdyliO4T{b(lj`RY|S39A@k>xj!Nv!MR4ER{psz9MsDSU9hTbm#? zeErPGuR$8YW|)!q4I}q--SH8$f&8M-Rty6u)F?a9R4Z8*RwT&eu^M3jwCXq?lHB$e z2JE~f#8dT|ow;L{u-5SkcA)w!0bROK$x4CpxE=XcB}7Rt(4-=GXKzE(S;&F2K_o*g z>y67x>cFMrhh)6wVd%nkv-+i+$_=il;2;Z}jc~57z)|yLzJSL(m!B7?N0xmx%TU+M zGxyWwtbkY1ruCqy-aIh%{KS)+`U0hE9T3t$E@Lt#DbH%*c~>MW-cL2|Ma4p`2@<MJ>GPn|>ime5<@#$^94}JU2aS4vE=9^)YfYz<*<87y@aEmgeQT2J zT=;Q7c$F0u)5d`H22MbQ9-2^)L^3up2?yUnP$lp&DLL6*sRs)TzuEZEdv%uqBnma& ztf`=j)t)(U$oTl1pz|CJEs?ItLg`0(W(R@eA+Du-J8+dMcboevs`i5RYN#?B1n3mi zJ>kY?X4n)PZ9^ix3U~lLCDvzEnSK+=EAXNX?^0DXECYG53I;P~?rVz|6 zLEzKZ5K%{ymXdnstZ50G+9!u_y7dXz2tZ)Ui311!icG3FhTB$)R*u%E`}ds$X#BD< ztVb+mZ0F8co8YV81v)`Jp)ic5g|KiIdVa#U^0Z|;QW*C&3Yi-EzidUJNPKODyre@p zjZhe@J(Mu&AyH616tm69NGs_zCF%6E41@Si>ozfW>skn&dNk67r3ZXEEAxWi7N9_R zry*(MwEFr6U#mQ3>4@$6$usH0kL|#g(!bCK10Au`xZC4KAA&S(Q(zgGV5)t$MI1F} z)uQL~*V9vr?G?0=s8iomI<9=R$7-lEE^EbZ71XE&_R!H(OmO{KY*}N|=Eov%WT7^C z$r%2gfOBTBR|;xyO21kLJ*5GyFskdfteCnY)kizdeb0%R7P!M8c?Uz#s?aejSd})%f#dE?0E_g)a^Zc34@Hun zg_>+uyJxL-to@?j_Sot?1q7{ss#b0Q7aq=;D7jEy7sfOWnIRrle!h8KiXDA)tscV} z>6q73>TPbFkGg;VK4zp%$?UHKK1>1l0!@2mS+&L$#N2#AMDIVz?Estc2EHJ8$PuvO z!y(?9T#qA4oxKC*BaLyAz-V@2r=|P1@a*$7Q1vTpsxriNieJTp0`SCmZ0zLgp&IKJ z%@NiXAGXYbvbtN5mr0z8XAqH-Ga-=qiGT!b0bL{+k6T+$FSi4nD^3ASaUZ)S*<&-}*VSsz6+D{vHAKBs zlng10m<~ep$VMm|fS5=%vApxq)KrbqH8(&7nkf7RLMPytGCL#5WU~HS1?|nkT3w;k zdA{i+$KWa9qS>}VmaJV2!&5SQEx^x}{ZwcF1-5ViEJDj S6JsyfJKEY|$1O|G=zjyB&8znS literal 0 HcmV?d00001 From c27ca2536266c1c2d037f0f2c5b14f028c0a9cea Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 23 Apr 2021 10:17:45 -0700 Subject: [PATCH 080/156] removing images --- windows/deployment/update/media/image1.png | Bin 86655 -> 0 bytes windows/deployment/update/media/image2.png | Bin 40823 -> 0 bytes 2 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 windows/deployment/update/media/image1.png delete mode 100644 windows/deployment/update/media/image2.png diff --git a/windows/deployment/update/media/image1.png b/windows/deployment/update/media/image1.png deleted file mode 100644 index 022773946c391aad9ee1e985503e24cdeea44c24..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 86655 zcmdSAWl)?=*YAr%(81jkAi;yXy9GjUcMBdE++lEc7+ezE-Q6{~&EUZ$xNPqGdEc`? z?NjIMeZHKkxoYZ~zGl_xp6=U|=xhWF^&LVBkP+7ZM86+b4@x zzBq4hur6vc;xLtyWQT7z2$o_>VlXf@v1m`mh;R4r9A&j#U|=x&{<&a>97@e#U|x&l zB*oN$2FKZm{`v#Iho)NFY&8<2+ps~RIO2{d_C>tRI-jl?SJdk3Wj~%)QU?UbiLU7{ zuCMEFxWDXoWVY)k#C6-(I{Thq-soowxLZv6O%i>K$Y=QH#l@X+*2f+oa=IsiFQtkn zrJCd`P43s2{(3wfj{uc?@t(?Azf}0A0Z;1CA!=_*@5L_JP{S1;bQe9v^de~VIo-mj z;6JuzyQ*tyv?mPx_NU}u(wHcF7A`T+oj~8+QXKv@jaTGnQgM$?&hXE-Pr4~(UbYba zy8*5Oc>?*w5+vE9Lj{Kq`j2<;L6vY9RD)Q36`;+VC)I$`e_fvKVn?8Hl(A2c5K334zM5_W&d8pvr= zq?^-vp#YrMIlp&3K#%*^85FuW#IkownKbSr*EN$k!>*THLcGs}IW<&~~40YLQm-|ExPRb;s*>5|IN9OVD@ z-#Lo22}hrO0({!+ELip)9|W&MC4Bw>yOR7}BIYI~`dg4D2&kDnwD&x`$w|? z_l33IsYNH~1|qnP{?xL6f2K0JK0?KPt_M3DczlOH72??7r~`j@8t(XMR8;!y$907_ zDK8I3i?Y|GhBbzlNMRe!wopN#BBWn6#R+fjPcrW0q*JEp84!0O7$J(n*LZe(-yu=H?8cI!SA^D_6V^uvgY66vmt1aFoM zZd*h?8Rgrg+|`6D@Z9)G?Rw>*ddY*n;7H&SyTN;%TN)J5@h~pSXD=B=sP8My+tRW` znfN8JrqjxTVS19yMC=KDhUQW+#ZgRDkBdkA<)tMTN+yG>+xl`W#_3jl ziyhsNU4h}z%pVsWZQeKKUp)}gHh0Dvvunt$zBp~M;Y7C8k;T1|18)D0Aas|B;CWnZ z?7Cr{H}rww+?%5E#ucM$h#H#$rxJ`{-8V22W8cLPD*lvp*n61gx*Ec6Hg>VNVv%18 z;PL!(1KBw`WUxk<0>1prbN$d&rJ6PP;<~#PbcSx6Ex;aUFC-%EixuNoB0$iu_FbY3 zG$5jnukzaLL?i^%hkFj%rb{~uJMw54Veq>TMMeUr9x};>N_&7{U8n%v)~=#8eo!6+A$u_zaRJU)lSrscNr7xIz-ZR*RY*W8%euR zxb^sxEY>%U0Yumq`tk*}o5iRynubE!R0ShBjP&N3s~SWDhr8YG8&~M3jFv63C~^Nt zv#tq+lJO~5V{HN75&AhsaV-&29Q00^NKiVjeb`@+1MapyiM5k^+Pl;h1P}b-2hj@V zG=!zy*VJ9Chm3M_x9wDav zvL)`pCn@AOl+6?l5@|K-yhxAbhgS3%{Jp7CdZZ_c6~&=@+!w84-B+ZzJpvx3tP|-( z-BUI+BFeh^IRxV0xGHvzc4bYsJ0=KC0EUpKr_$!FbSfBuJGV`HrsCcR3zD2IiPc2L zL&`Hch1T}72%tykP8L7*&%Oeo)Q8HXml3LB#U#WG0!Ub_j-gFAWq*oM(cfpM7loyy1M|KS8vuQpGY_ zXdEPX5O`>u)GKcJGH)agx&}-^+vUV|_Uu^UP{0-UUnLGMmm#xJ1Qc81h~`T5_o5*v z<+`jO>{#e{%}bKO7nKtxy3-b>80W~$(!$zw79rZK!D`W^6g?^97Zzy9N~XaC%|dKt z1}^pD_|}z;miJOERj||Gg)mdD#tBp6o)*f$M<$z|(d;5<4+-v>l%-4BjHLbNY++&149hw+(!&@9laDOp(MX7G5pjHR z-^Qk}MHj)uVjM&FU*oDcK3M!7e#T}AKD>KQ9Cilfd8j`n3{54YhMgu1|=w7s8Wwr2rXJYZ5K+)&TR+aHQqgeMl% z$Ti#y{mJ&c^zxGuWTz9Q@h$+Fb2lZDKN9yv(KM}&WV4tEdNwQ@AE01FfS)0sK%l&K zHS?y<_|&mz$wi&m@VAA=(H~SBRFNqT%<-IoduKeI6AAmlC7u@#;w=PFC(bY|CvA;& zrbE;r85iDo1Nv&wwG{Ocr!PvXJ@%YgjNF^{3<+$s9eMX|6Q|A>1{p#>Fp&lKE|AMd*#jqI!JHirxgN5+b641cud zELqovxDE!3@+UTJH>)cvq~>7vSbq%O=J+CMsN+jML|wwAEVAkFG5&E|ukiM;;9?SK zhDligI4G%X2%;t8lj5UjKFEbY8abUL8R)4bSpKq7c-$EWUnZ*8 zql@Y416`C4-{HPp-J%&5hIc>hSM*6~VWK+Yi=oCp4*c>az&*M2h3O|k7-*Rjm+V*n z-SFj8*y7Y`d~x)3aAKvTVU|%?w!xtWZvfkB_N9 z$BPm{^v*M3HK?(vDetk0f+p~&<~CuV;Kx*v6W+kt-%p)q?z$0D-XYanLY6vg7^dtu zBq9PCli0!_K7UlCR_girCiyv`exRFb5b#$v-wCiyU>3)hP?i*%iDjnTQ0I5=P!qZL zUgZ`sbp|y9_22p0?G|0l=Y6z>msmjPGpCMO$#Q zPrCp8CpNT2yxG|aDc2M2_=L*WdjnLTj!OU2y=FSt1?Uksx)1#gjUYxwu@WN7%iD|dnd%!|;;SGKgid?70@=LQsXB2^G2kq!|HP(Q)N z#`@&cd6{r@UjpHHtkigWy?=GA{|GKKR@k_c38!may&tY5x^wx<@G4n^RhY%Fh3S-E-v$WU}czr&BtW9%l zO{#H|iGwrHEe0z^Z*+Z<>NFLcn`;)&kSU{2Gm~b_kbiVMyFoo|ky>!w45~?g9+#CT z7Zmpp!Gz*xHyDw%z5TqO8biV=FP+q6@^?5Zkm0AS9`$6@5$&WSxxZ5B{7x#DdJ(~;5MPe#DG2Q{24I;j zOt;w0Bgp_kGZI}@m7=cQfZpl8EhtaF7Ipc6v|8Ial3I_7>bcq_d)3oG?%j*RW_{ zDKyF4$L0hMufE-TpGYY2H#c5HHz(}xA@7S!81EW3rp%%n4>;*}SS=Zj!kt9^M!dek zsUyS>#FK$|gLFW2{qJHzU>+WI<*r{Y^;$2o7%t{XXog|-X`Xvm4Oi_bEH3%H^iTN zL#UHFgNi$T@Z5l^aqO2)Q59pm<@pjdz$$crBljZ(q?g0v(idfAWl-ZCYjsQsb2$F> z?k_k`=ri6=vs?jKK@hNHLLa;eb79e+&IOd=oodGFwYRGyutlCrybp1MvmR(h$~f3G z$WW?c9xb$esfli+`xa5MK%$NbrCmFCu??NZT2(j{QdR&&ozF8yI6qlUswUaPNTWjw zC@5;Mebx1rnFjxgx@B`Jxux-&iNy3F`&1bb8S`Sm!c>!Mxc62pQ(L%!#oIjtvYL3&SKoDo12kczIfdyWUu!3}$mO=Lvcle}~z zL+e4T2`zT#T+aVVZcuWab zd)u3&kt?`&$cAWVSW{6B{6hi?SqKp{GH;ljT3BaK(Cu%h{`S$-bk5gc#6jrcwQ-3@;9M&6!-@#{lFi(TD;?44p+-3$~!JfoGu1j}hewFPN?hJu^r zaam>sdqYgmzgME1`|$cVH~t`lzzg0R9Au)NQGrV$HmNsSoP;N(y42cffm?5ZW^z=^ ztmdL}rM2D|?Ed+7t^#6XAKIU@!}p6Cc)O{2LF!BgRQS7#Fs7k1#cU>%%8j#4m|ey@ zv_bk-v}nR8)F3>NFwuI2+_#;x6WQN?zeA}5fDu@?MtNT)j`Uv}m=%l(5T5b_Q%^JzJp~3}0lrwBt~XZ& z{vlZ{`ba#nXJtRdRBo9^+T9DdIQaNByO=F=aA9rtI237Vw(Am58i*zb%yDrKlFG2aiW0-rSZ~-G9hVi@*QmUPDxlx{;E%qR{^K*U# zot(mf7m8|@<_d!`X!kmzSqbVIK<9itBK08QE4sN>`>C)F=}u=^I37D?{brX@X$a7@%G=3~!W7%*|CmcjzhMrD>_a6u z;1y{q6zi>I7=m96u%g0JV|PaH#Bf4s>eYT~i9{=?c@m;3E&G{^Y#<`qR{MQ;W}{YB zH3kPBmSM+s?$|YsLZ-1Eq|{%QHEg&>M{@AK-c=%=I?G zO{9ZZ6N!MLb30fR6cBb+n5~f{E4ugM6*|Dzy0?)m$mJq{>h4jguTbu4^2bo44 zktoIU5`I9NWCugG+%^I%#Gbgp6A!%pwook)*~=9bkS-YG77+v=Ty<1O1Zld7A*QOV zp}dvU0;q-Cb|N*7{VinZ$E7NN@^uulgZN16y=Awz(#;rH=`;1~f5}H$c)_m%M6YB7 zWXJ#(7wqv>N9JW4Uke~JWt#`lbK>?}Y-f#h+y6227H5h^Y4oY-uZu#~#SjYosV(M^ z$~Nv)ur2XLxXbw#p!Bubn)mslr~~;?hJ-AF!zBtrdMk71NG?cu)8y1n7D0O@+`s*n zvf4HAQ=Z%NEj*!J*vFV2xktM=G6!QhQ4d`@(1M-xrT7f~r`!jgOAIo%eGR-?`Jc*T z5Y0tNQE5Iy7ZDLHr%QN%`FZr_!UUL2Bh+c=V&T!K8e;~j&(gbkoh^+mke9OS;yd%@ z^t=UU9VDnL`s$o?k$=qtY44nje~_&lhzYb}%f{+8A%l0+rxnD}81qad)q|$-O5Up%L-8V~PkfOg?&*rf z|1QG{mJ(!xO_jE~f0toRN!*Wb_ojc?UN!KFZgcOys(NCQ-W4f6iTHW)F@KjtD_)v8 zt4te)xK-Po7%nX>9q&}_-_<3F{CKj4s0jEeGQ5NBL~ax^RxX%t*YUi$Eg1Q&t$UAO z#B)!81)B0!tPl0{*&{3}Z_h7Ry8I}1Sz7+I2E zp`TfeSHu(GZ9SPoH<1%DJ5jHDsV)=Ny88(Cf5ZX)SIYOlkRj=Rhb;X6#^ON44Q8VE z8!YnWwERo1P6bBTQ^L$Y+LKC%OqA}*zvg}tBp=xvn|XsuNvAZ!L*e#qRH1b5@3a~j zI*3Wj90Xo+)m`_e-nNS|v(M4HZ{#QmRzl94!)aM2KzP#3H0d9X@(ds)&CGuKOXiny zSrQ|{{A9f!E2pm|BH^MSa3aTCK=*PgH(Hj#@S$Y%@@P?2e^DIyGb2+MW`ITA&awQb zGW%M)Lq7RWq`Myc^*@ylO%Wb=RpY86B&0?de->On*^E_z;oW}b7keG6>DV_c#=mwJ>JLcYPw3>($mv`{j4f@rd^#qxFbOM}3wL!DcFs0r zJ$|5dTz^CA=-|xMIAtoj?V4&hKJ)3Suc=hkjCr?D25KED9iTPWLVx6!+{uI_^jve%eu z7p4rdfHQOo(k+bq2=+T^Mm{Y{6hv`teg_SV3!La%}_&Qx_;= zG?O>xp_50PkAFF&p`NiQX)*_!w$b>dUTg>Q$7uQSs|~5n!K9_eSMA>_9p>u;Cuq{M z1x?BgPY*wGYp=G(GOZnS`1HAXz%2YiF^%*oUzAmuTliNKv%lXqA7_)`dJQj<$u@{|eIM(iWe;|AHYc(hq!5^tgkBN!&dK*P8ioPhM0aJpQO^f@AN-cEM+M?a(w#8y_T3o zc5)~nEK<@OLr^u6o3h|G%J{P+aMn|&K`7RDDSj;`);Z5SYD??D941heHe_m z`{{*L2?oXVhdxKg#b4OU5BOi5Jm5)_k@y`v>-ENRiz*~+G-9#>0PdN$_+t$nYvjB4 zB3r;mV_TLF=HFCZOG^Y<^>!(JQ^f@m6+TAf5E2tpOg9mb=l&q$7W_)qg%+2lO?^=p zT@|f^r}yAOCnK+w957;8c4_^$^7F%LgM^u*2B-_|+wVr_R%=2ChnF~&64@V#0+R{r zVHkZ}JIuL3G>4!X@(f2^lMfx|=KK@cL=1<=juX9MZ7Iu%)-FriHDgOLU0r&KDv7*N z+hKQKTtTF7gu!9Mx~IAGK4K{JuTX2K!|%z@o-Wpn{e+FNq{q*R%FnYuf^NxAeHWYx zugPn*8O(PUr@5|h`?NpG=t5&tCcI)6%H%}{Lu1}lf>g_f2l7?h4*^R-@ zYi*l!v!NX!cKiGcpZXIomrj{C6C_6TQmS^hh3?jr9wQ2MaoauGzK-=H@zqp>2nC-! z#-AXxYX0VGtRZK%6!`N2;$;efUCA+Eaf62hefRZ~`&_ZhM&QUBDn+@R7nH)dG>UAW zC7TC(y0d*KnHY+EQO7?EZP4aSnhMbm)A#kWuI2qYttZI8VW>mZX+gTWV3AK{sA*&L zcsX*Zj*8_>PuTdiI>hj@E?4&}i--f>YE`AN*xGw%GET0h8Pu5A-dUs;dRdFdN7zl5 z?F|~6eXpKkxPxeOQkVWoYD^ek37KwROyV8dxA?a6jy=0`HI5lF#Z;OHVedqqI-C%^ z9HzA@UjIieCp-2V&e_-(lZ2%7ilc-R1j0|K;WsE<)1f8ke>8Vxi3I;`i#!;koZa1( zbSV}csv%~xRL5_WlF!CPd)&`O8F9Uxew5F$%>L+joLWV#T^6A zUDQGChm;O>*fnmvpMH^k46_ZN8w$~GBm=v5%HhTHXP$|8R*M+Al%X^*DZ6euN(X8p z*%<|dN}`$uSk~{eESU=(Pkc{j9tL*DG@BI4r1(PHdAe!nZ=v~L1h?c1LkpcW{lxnsl=PlS< zByD5#wHwZHpb@9_eEv)2RvM#{1kIY%xt0p;)dQ5t(^jrANj7}B;kx?>`5^vH&U!VF zz|}1yYJFSfifbO$@UzI6oD+vfm z6mnksSs+p9EMhB86dm=qU@f2D^I~qD)5V*2A{$4J(#70|Idb&!51nWHQ~-zZO`#)p zT9tQ8Z0G85GN92%Y2rk$*fa~S#&Oi#DMiv02^n++cl%--+0sHVQAZ1X>i4Ki{f;7- zY9$|n61eWK6cW^}cmMG5fF;!Qd3jIAlnk?q@?lEk@(%$)H>T^&&lx)ho5C{URvDir zY8g)0?z1V)!f^lfWIbsI?~a_k8l-b)_k@?IFqe&<0_1(1$$BF4C2`Hcn8$}1r)kypQeayZ`96`%6X2HFLU2fXkWZ)sZMPtGJtV~VG)r4I*?iP`HcYU>ENUF2B1~U`KP34wEP`%o83qI}pwFcP)EvFE?^x+R zSC!Sl<2#G@96R~~_9ZJYxGL`F z^54^npNkED-!L?Di=|~s*@nE6JVE55ozHN@{LHm>i^3?m+P3+A#!vf6+_e|5va&MU z!jW%%90xOrE@r~Xp#`KdE|}JC71l+?11U!BxVk$ft-QA}J4d1kvT!O6G2-%4TeZd* z5|dXhBEzcM?Kc*472br;{*fG@AoT;SWFHe1!?DqhPY@vgriDb%tBBnx%;pH- zuHqdh{x$4zwtxq{fDaeG<#JK}RX0fvTzPX1pnM%-gdPUrw=nhoLeV#OFH#RLIq%tg zKU}kE|EajH7~!jUp+L3(v)1W1-A!dF{Jp)6Chd8WA=3v;pxAQ@&H1gIeFU3^4 z{+cXL7P*w>M08STbV<~CVznVqhry@ybL>?s8gm-4Jmkr4NtnGyCWd23l~L&47!@P( zGR|i)n@hI;hrL`7Q2n!(9@tC1x_?I5mjLv&=nQ7{i~c4}J_3a>@OXSRT$z;g(*^Ly4$;pLX_Zr0m}xqCG83DY8{=juGh}|i zvVV3`03ijp<)2a`Z0F|GnfGX3@FfVx`{^Z;5k`UJvJ(|JUb=n8Loc-7 z6f=0E#qY>5mpFrQZ(5U2kTRB#WjyB`CdpZp(=Y!>H~w%#)-3?gvrOLP6K*{P07Hk) z1Jl`YRH~({l!8vYAc^ZV%}zc*b=DjKtx6#lYT1~cAN$JTxx02#fZN{<6G;iW6H{lS z9xdR;8mji2V+59=HLKkly_iJ;4+CDiEl9AYv!%($Y019z=y;DEt5AR0(&FI{ zIP7;YG}|eW($mRTq1B>JY&<1wZmH;WU)1e&yn54+r96V z(PP1?bz-4TJGQxp6krWAS3GnlYy)VBl*^@QSLUenSTx1cCY{1bTw%-OJbNC_(5;~e z__WhI3I!G!lS7h)t+y0i4_zg&&-ejeJIK{)YG|Ib-U+ch{Ehy}z5?mP(GK~YYnyOu z!b~kep~(N@M<_qi7lkix2y5Du4x~z9c}4maEt8+mF#%u?-t$ zB%pKoB*?ERZd{TtF4%w5Q$Rv-VDA*C#WKDn43elL@k?k3x7o!BAy`SG7f@OqG7mm7wJ)SZNGH4evnoV5z>q8A)g_n}oIO z9B5a^kGUoI{ymUurUaX~DnaTSDm@X1KFU=YbQ4das3FE2sZ^(lHBlvdj^t~=l2ARp z2n&|=??f%lg8>;}@gSpat!!29s4XKca_jAxh9SuBm6w0dul7rk_zT{!Ut0a;^6_7LOPIqVHColpoqtv<^{>)Kft1sB}8Z{)$WJY)GBS zhXRB<-bl^<^k`Zr5it>Xg-S%zIzQBa{KA6=cQ_6-|bxqC*Nk4T(gI&%_kqlk2?q6Gb|W9*;=c9<3Vr4oj1F0A&)T)Z-P#al#O zqn{b6Y71$4>lN8aE0By@6ryCA7J3${^1@7Gpd9)b>L9i_bxJVmlNy$-v(-mwAEy=C zh558tya4$9JfoI~WFq4@E|717)`R8{#4#%r&R4YIYmhAaQ$>n(8{>F&r_VOMWfGUR zpqHMbbwCx(T5_=?gWTA%rJv8~yS3yS!b`;JS<}ZITr+|uL|-p+W8b4(|G@V`ssiUU z)d?aCR(Z{izTcR}A;N`xYy?aRWg}8UVSM&yoKaMmpqGbj%J`WeI`1W~V61#Vj$$We zmO_BAUERGWP~~7VXToj0^!<%FIuHIRo*<@g&b-*CgX31#3O)YFd`b!&H@2?Ajx12o z6k?=kb7Q1-`#3ZsAhQnMr-@yLe?fWs`P{#wgDBe_t$&>yfA6FH?)r#1-uOF=cf{Qd zQ5ndmi0nbC1D49R&NjUJ}`jI;fW8$)uxwV#8&{QqB zT?^jzT#8O6@oCZa^M@ckE(cJ5I3po|$f^#}2YDGlT@Xb{@IIaR8JoJkijO`(dH_+j z=bD0F_N|yDc!(ZBRkFIxOv`m%3W+!szyQ7Cteh|jZv1>Mia~DebP-B(xfg+TJlWc@ zo1{C-0InVHMIt6{w;?3OQ7)a6zLRrtPt_|buhHR7zk^dOD#hy|N!5 zP!v%6Wj>7_^+C{!jo~ednQ0=8WT2V;b{hXyIM;TUbyXZPJ*y;TVwK&JB|G|S`|0qX za$D!Az)K5MEXO=e0`rTy#yO9Y(CLN3PrrUS6s4z#vHWcL>%7V9+ZpRSoVd^LB_F5W ztzpkLqdK}}Tad70wH!l^DqW5+yLfxJ zgI}WLkvqPcs#MTYXlSv9HLB1LMG$akOR(D~PI+1|viNwFh2mo%DmSdsShKKyw)L*F z_h>2L&@ar(m~Ho)B}Tkhp4BgDN*@$y#j4Ot3XijkrY40KN{*c`wj{^O;`OXPeT&`C z#_sWkGDFCqbrQj0nL*@SuX#(6!Vz{ryWjl;!r>$$cB751a0TS#APnmfeQKAtbI5?e zXR~r5q1c(SQU4-dcoxS(Nq7kVlf9#fcN@#sEIFPmo+xpx>%5<2&yN#6$l=?}T9+rb zh9{}^wljGKu8?vfCphC=tc)~lf`0rgR>1z4c9m#d?sy*zxQ7gh_ot_T3~8as0kStK z^t`aDkcNv+3m2(@+_vdF9^fuui34wjH*bciiHrPtZ$)UCr18+TsSN1*QMlb2sEF7~ z5&O6;@*ZeSMDz+adiy|y>mxg zWNRl!0)DIzpRiP{PwohTcJ@X*v4;@|G*E81*)|+^yRA3nN0y3{4lWr~U5C)I9@@%66G_BQ zuV_(0?DkH_F1+zuJ-)%(qDOzmhinJj!y5(Z5y7yC{A<=}k;{wQ#KS)=@lfqx9-NJt z5(m4Zd*HwGcr~ah9Gs6$Mfq<@D3mI))(Z zxiUkzNT9=$Moji?r$S26Wfb--jEk0Wr+7b)aGExy3-^m!_1YHVtq-FD!Of4j z&g!Unp;sNoIYi??%{P?uCL-J;)yT_tv34z&oBp9GR||y|_X*#|0UdgLs|_3`SE(Y% zGe-Y56!~(6Mr!u>D!i!>&HTN#Lqv6PNq(xmDad!p#vrv;AOIQrtFcy4%TEe#4~}QZ z=FtHwS<_wT<1$yR#vUuIGB?xq{OW?`K>IhW3zxlAvbH;^2c1^-%+ppAbbY@Kwse5r zTP`}6cGG{C3-93oGbg#_lHbkA$Lg0Yr*(mFE2ZbkL$v&~)Hd?DYr7`!1N`P4T_g#U z!qv0dmzLvj%UUGbhRr+f)yp!Du|~YPTitQo7c4V2OGsapeX)$;sqPl2@Cr6EYzeu$5+E?#gS5Y%JMZCO;S~Xoh z6CQ4QaM-ji#!;qyg61@TA~GzNV@9ZJ&?!>t`^ZE=@Z$}^A)S!>-iHV+09kh*=(mKL z^Dnc{cH?%K=O#CnNn^*SX+30Uk)%cj9~3>K--*{y9?`<-A>$gDCMa3k)RRRvWYwgw z2|A{2Eo=QiQ1~Ny0K0~jXbR0}uA-if!4oe3-s1QTiCH^U%4=@akEY&{Qt>H#q-vsW zF_V6;zjXkF%!FkBtO)omd&f&LF&36d0>4_x=Y`_)3cbHRpGY)gz$P%2xr33!2UAX2 zw4()+zQeg4sH0{o83Oy3(6-VRHLu{k`Y|7}t6P0Tgxuq2BF zGVh5OSC@;O#@^b#_a2vzHD!lzZ@`Mqaa;VB(WCLL+4%68yw^Wut4lALB{5cl$qjKT zK+cq%?^nEP(&HgjoB-PQZYC?Me{bXxyN$`Z4sYL zFaJzysk$og4L5CH?x$+5Z3TFo|CMaLKg?D)FlF)bgi} zCmZfwFmej0(zKk;jKtBt%iKn@z3zIW0opr86O(~Cya+Lfg*@eH=H(36Iauy96|q$b zTye3;OZZD3O+M-p>405*2kh-s$B! zm2e>vAV~xee*2q8dPQG^`J~MN5k_v_a~Ujj)Gi}3syUVNCNDP#MChPzNP3fxAxDLC zby?x;+XDTN#WD_S8WCKRM~G(Qa0}=w=zF%dXQu4jzE)Id!$Q|Dvt}N2OozzE_~d`&-jLBX%McpD=OKCK zG=``9Sa*ehkjEsap3vRPQ*Y0P`Gx9EI-4)07%CJLOkB!L4#9UX5!;pyHhj$6?vJNU z-c=PXc-Y5c?0QbXhYs@VSxc`20pD0gZ9L@1Ryi@p+pdLKRAEe~$ln^yyc9y~uAVi@r?*&aZ%MlEh;}&%#$JcoM(VwF-(_(%7TdVIr8y|9MzcK>-_x)U42Q$>Lwa7Tw` z?kZFE(*d8pulyaPwinI60L~5Z;&yz!WaQ7M9A=e*UeXV=+o9_b)f;9nJN=V$- z>kbK}KO3TRID!_Oc#U-dltASr;1c-~QGZJf9EJw}7;~k$ZgQVzad2M}>tbLu*121< zGghK8?J=lp{`ixV@0J7TQp;DPez-f-cVLyuX7SkQVk#f!0%prQkbLqJo4_wkzI`^I+RSuTHuI$Nt-r{KCqyo(D`j|I@t#uw|pH}n8iV>y1?cfYqlRHe|_8y)N5|&O_z}+DWHLmj;rqpO!%Dc z@`YwJy1rp58+=MBGQFQAu9S%-c?>zlQ)qhs;Fe;%q#}}|4lv$tXyM`#!yg*G(?t35 zb`Gt^?L&%1@57`7-?oI2@W5h+t6MwB8iqDF0`@fEohG&l1JGDuk$C4DJix z=kqVd=CN%oF-1RVpRAUsRCHSEl1Q2z2S(qETyFaL350JLWJt8Bm03wf(fd4^QdETI z+SnI3aO2HXTd91iv?~tVlr3EB9LaC+8kK}GMvQ&iIBCHx?pID$YRxyniHl>(FqIkYsxoXp41>y{y zO#O<-H`K6WEShmL*g3N9*$l+>~EUVEhoXl}$Ezp+98Y@%sDudIf6tVE02fGMYc)-H(D25qbQ8*krwG zyUl0Tvwatvk5%>Im}b9gr_l@FDl{H$OAareaw}#-_3({72-utyR0`6 zmVihuQO8{8XpQVw@9MF3B=$2G=lVCDsQ3#Cn$i*>XPCrRUJgG3Amy%4%>}>>Py$$3 zo%D9j(Z6LsfyT?4pyf!50aXMvc@!mH?OeKPW>gxiT^@vNq1C9K_>JrCSMHIF(Ire| zI6LN)W-dE=K@bWL^gZ0va3k!^@u)}8z){3ip1_uqVJo$QhFYMK=q>9~1<3-c)*t)| zbreQ2hJzcVworm<2Q92_OulozS5LnZARXjGFh>7uFrY=N2WiD@V1cZ$%!AXx2Ct*z zz#pX#8X@guUv8GkV;0AHVon<79>SHwq3utrh#QJDbFOuj(0R%dGe18|*L&57SWxJF zf8@s_|3rgXT~D2*>WJABju`K;-qOcFy&|*FD2z>}L`9*A%h8>{uO*Io#7}4WZC0Rs zO=z7=%D?+LdLGsZMfGk)^HFQ~Bq5|TI)mFL|6LY?igA39R3o;r6@~H}+fkuh8v*>_ zrAUXfrAj$h=oyn#I&42=r=ggRinRD$0zs@N!-@~_iSGe(h7BA9=k0x{h$9}VWfO;! z5`oEzd?71M7kUGyKM{=syv>;AQ9>mjra65(hCqX3=3Po7qNml}Tb9R$ikgL;OMNnLO4_aVnn)>b>t-VB!C%R5)` zi~bjjPE3EGclZD~7-MX*rz|<^tF5+19}{;r%~od#ivr zx;V-cr*U_O;O_435D4xBC%823ZXvk4Bq2Bi2u|Y;3GPmCce2GdJ2MaSIJ>V%S6};A z-MZ)e&L>wol2|&Q=GDVLUj_hoU)c#`8g=<(CMM+tjBC4@b!C;eBN~1_i`lebTmjj` z$u`9$Lr(v}QCtHoQx)Ui$2)uQlu< zxwn5rSy_N|!68CFh zGrm=Dj|oZiNq25^{M3D7dAiT!c?I{q8j@>>tvP20A7HpIt+36z}(5#Sl#tEgHS z3dUaSVi;a@Q+&2NW9~%qR;yTWd98*3c0%&TIe&KmR5c@eP67fxoP7D?(NWTvF>1liDH_iVD*T-h-f6O{MB`+B%I?`88Cc^dS1XGjf} z`~vpD5%qe59w>X;6Zz$IM)QlHOY8-CeB)G47ZxIvDhntM+J5mM{j;vc={(#;;&q6J zwV2@pZ6S4V(yzEYaH@vB!pL6sO(ZqbS9`3B;JtlJaRN3LvV+iBss1C~-d@VC#+XhM zT?UxqXjx1MjLF6Vn7!>RwudLD9|zgEiq?NVRIhCdm4|FmxnUH{OhPrxomsq`y?S%&`j>< z)~bYmRrzyqWYt%=Le(e;Bv^IQkXGiCN1?(gCf|=*xD1zD;D_^S_ZQQN7BKUX@<4jX z2nJ_vSbR5V`(8FZW!>4}wjySwcby%w1@qSYop4vdUby20*evsME4wb4l-YIFS0Ts5 ztvX0?+Nr@PyH$wr;phXNkK5rMHkNI)E{F%jovOL~<$LK9l+0RH-QJ!s zjo7rfn_epY>d<5meOD9}>Cdn2Xm|2+zYbSyeX7CuCkOyoUOW*Rs8aWFG5vmeb7YxbTI`tVO?-R|)C++6x z;;=es0fhOuq;ve7P-`c_ahTgaSkSNFIRWk1jpGo#(EXET&#Y9;6Xp556f?m-6(uiP z(c3+p=3i7EJ!6E`Qv%V5=o{IQFZ~@C^dea;;+J9^#|pX|DiX|#!bxNJAxO(mXLMT# zcIW|%vsd=Egi%Oai=^~?7TZ%z(8V}+oQ?tz)>DAj!d+}(E7m91CQFt7xysyf?BYSo z#WZ@pG9~rF zC7`iJV$s$>aoLJ4;1+y;OM`tb83faAc5Mv4`5tgtkBX@tsnK0Guzs#k%$LAReOH?1 zUIdBBJPRX$;Xe+maV&o_U6HtZ@yoj=Y4HsVZO^4&Tayd&4I~pizob+Ae6B(?52p|= zCy6jg$Au>nJYT@CZ4VXX>qNFXIxjQJU=KUDuY7;+4^sR1@mf~qALx3W8(Ta$TFTnz zv}E=AA<51S15D`ZER70n1k^54a!3=quJ3c+$#u=0SACJ~=awb}*T~vJq^)mVtSPTy zwt>Nva^q-DFB(Do7gMhntvA;kgX&(IX!IP0U#)t-BcIv6i#v)_OG*omKBv4Ynd}Q) zbZv}x$ki3CjfZz;T%Fhw&Q6l;;R-hO2Qf=V6auIoY}|sJl0i8w%c2&HyF}HctY~|Su>rwD6;`thNKz`h?4rE zb3?Khk%(Y?WdG6?lbpYRpkFS5Iq;dBl2X722~5xMoU6A(RAPU@KZBasm)?gql?mi~rq@;Y;;FLKEUSZt(mT?sBUCX_Qu`WnhBdLi->ID+k-4^|29 zyQxpH=$!F`0PN3nla1WWnSNo>FtOZvNCGh`Nj_du(j{`J=lJRS?92_;@mHucah_$V zsvm3mN)Fx`vn^C>{>I?VaaS}Ar;XPSo~+cN%=U(|&ywJ60m8BBdp}{ND^WS^k{IGU zhHBgNEfrlYZ+a}dVku4Di7xXQV1rZF9SD=ks3|Jlup;4+kIc!cc-Y$3_ z#|P&Str>gu%hb=Q$-yi&b3-hwV>VdEe-CqfzM*&K9E@%Hn`+=wo$t?a_Ym&4Bc?{C zt;P8LZhnYpK0F14V2fR}%OIaX3MT;JNN;FsRXnsd~XdWW?`aEOV+aV)D z{K8C$x(z0&j(~wRkrxr(a-k-mtK1}%fD~iE=bv11BP#zBfgm9qK=~JlQRPnLk*j7* zBxHc)5Fo*1AA1L#3aA56*>j1Q$(27+iwHl;gWVHwjbSFX_Pae@F@y3`W!0;|hSD zp6$XQWEf{$)d}0KRnu^=y#j$#q%c(Rftd&YVg#gQVGdE25$$d6Ev?@8JB>fqb*a|6 zL=Sm+nC8N&^9Y6yCnK8abl$sK&Gv{n5_WS^^~h)I{yg{jt{iy(({04M}v&mZhnso)<36obUUds9KDZ!Y0^^urStd=->= z{Q4=bX+f>9uV2m@Tt0qD+FoiVmB@>l%Luq&2m>jdL102OI3)`=Ie7BG)*pSJ+g3B_5y>{ZSs z!Zih+3f(_V(~A{wT9)onB7UTg2ncO}wjU3hg3!mfe|?aXUra=Hq!IP_EBaiPIP6o7P_M4Ygfc&Ya*$j}(zXP2z8GPU zM}_39J#UxrLJY|S1)J4lej~EoL+DFrHzSk7XJnzZaaDpuvnL`tWB1q*lEd6X&G#m! zii|04*v;=)e;SNvrKaT@t?l8?k4RuF80W@031`~Dz&Q6D>ovz+%pB(!YtyTdq<(e5 zE-auSC9lja5hiSpV%)&a_cr0& zH%2FTZ0hT4P1#17S0DbGKF4XwPC(R-BpG8DDPlxgmPItlEie=Hm)Nk>hj=moFf6$y z@)XDEtEI&U1Si1eI~{z}q@RQ_bY@`*X^|CI5b3*iHJ`ab`eD2sh2TPD&8#|y*+z&O z&WR@($c9*h#PJ!lMXbhQI;R0f2t_{9_fps+A;&6FwwFXiA?2r18{G z8OeqJ{>11e!K@F%HL3@>Wo`_3?%X9~{J^ERNs2F0nHta#0$*Ii9VaDD1gQfcLZp7d zec|U4RT3)QDUnA-F@$RknxyF0o_$STr81Gnwrdf!y=MH;M%U9}QDab(Fy`@e z7ekb5lcBg$goDz*Euhfy_Z{&|Ti9f5om@+PuVL+d-?hKh>Jd72;=A%Ni;4~~d(d$bKgVn2m-rVkf5J=t|qw{dTGN^fztoW^^HfOT1&4dUokW>qS3vr$!M5GjY};riB2Sr0DZViKu8Xcel?VN76Vt50IRQ@OpZ= z%Tg~?4n=duh-V^Cw&CGwVbIg_FZ@vjV*#f4!@sYdcVF`!scsRP>G5Y*C#%cWjk%O^ z0o>6Mxj~PWMVLU(lnq6`+Sp_q#{LBRF}`_DfjBv#Zex9(0>><9uS3S07wpFwHrQlCPwL2fjB;)FzdXg_@;K35WBsN7FB{YF zf7^)a09Dt)%!Ea9d9aysKqoSc~bg^GXf`yBKpbMTYM zLS8mk;rFCIa9R%I1nF^|gO6d4MJJ9NZ z;8mc{pDJ`mgVXY1h%i%fEFYm^apgeV$kCSYqsK3Y5jSqtTrP@Z)oGJ4FjfTR-+C0* zPoZckIF*P}j3}5h<*~k(d+1u#)Av*!|4>Y$*LJ+-rU@PaJSV)FZ zt#-jxMcq44({?rHzg}TIet5+N>9WK-K}nm5w%VxE;C#9g{Xt)S5?d#;R*maU7czJ; z?EQ20U*`gI7j!vpcUyL**5#%l-7sn5ATr%(bADqpePxwh(VI=lU6DxQv)J8*Q&z^2 zUXSCgIDw7|cBhYN-EM{(&*wSLKV#C)bTi`X%H_HQR>M3@U2yS{;^dQ_x}P!P5AE7Q z^^vORvrO8)R$hhAi=u{42(RxBfKjsmQrI=*!a52DHLC`;1-1s5;BpYn5eQB(ln0#1~hzF5YUw&>9 zMm{)k#uiRXGOZadjrh*R(iKQPMw`$gWT3(6iC+FFtWQ{%s5u5M8Bo|$!?EhKiVKfY z5g=RxPEHii8!O4Krc<^OwZj-~OEpyVeiaYd;lJ zC-$Mn=#m^9*L2^R@I<4GxklUR6b>Xu*NV}ehQ!Dv3yPbhQ*UXfyKIB_=uRQnB9*S) zI8psQ0iwn&`0o`zG_i8Yli2g?F~S{zEH9_tp*sgEc0`+skcjx{@nMh)d^A(}h(_~M zxK*XI&J88sM*e+_%0dhtcJtM`Ft+jnhgo8+y&wV-i92Tc2i{@g*_MKv-y)fGlo1hl z!1c?poK$LK(u_C;aVPqH2U^7Fk_Q|gG9frIhZ5FhRqdg?3<(@CEw}T>Lm9(D7mh7r zdo@zvT5XCg4&I*zy&>m?2vNh@7uB_=bX(*pUn~qrAi_G#J*|3GB7)18s5;Vjo4127 zr^it~I!HRa=_l?qcr1cC-#u}b90^621>tA12kMR4jFuj+g9 zzSC}LA+ z8I;O+Gr-#I3KOcUh;~r%LL)(}z@lSk-?IVODo68P=rrYHeWK=P9MimX-v@qm-PPns zheFkUKEBnW1;RJ-hFbB52|mtiy%j(M^HW33oR$8V&iCNY`1@t($`Erqey9tC3mO+m zH0LcYHI5+}z3%5fHMenv609eHvS?IUn$G`qd-bxH>b9_Rysep=p|LJL8QNNCP~}E% zN0_%FJ0I*POfs&cPmS1wUnK(b8LPn8`&YXFR8b7A-}x8QSBnA=g~rI%@mFu}=uAlO zvNNk%>Pdn72{t>n9SF%9ZJwi+2S1z$!ka$`WlkadF1YU_{xAbnt%U-v4O6sEdzPvn zid7jdsE&SpktzZ;+x;xaJdA}gTqe?7sffW#$g_0fq-9FPQTZE?kL8x5TQ`EK)9`#|Tw9M%+JSR@ z1M8S}?15RXQ_6R*^`tQsinu)9UA*1^1Nt`A9JN{|GR4P@dT^|AEzA@=u&a zN|YuwJM8NO?X~qWk;%yt7RF1(cXsbCdE@`Oh0X9}_pg`V3L1W7X}eqWoY_KHj-lP4 ze56d(cqOTU^@1a(UQjQ!WMPi2Cm$VtjX1$^q#;FY!EmIMFyWL@v>BV{TjO=4s79HF zcD>+RW@70VHqQGjr0fpsYOFzaPBfmp*kZ~ zZMBsQHS-5lU=|fv&6j@%!n|_|}a_Vh7*SB7H?C+MyicoP*5Zc_v8w+qp z%0V9VrKF1?@&ixGszfVu!He!q2pgtMN<1e?A}M2#b; z&8wY-{(ku?(sf{R3w4DqE{B8&y9xBpBsiQ9P(BV?er?mJwko8HRI8{Y+id%3#Pfb` zSSIo(!c%|WP%&>sWu%-NbU0Wh21FgBxMk85-Bo$m3j=_ z2`N&8VmdVBy`~)6fdXL!d2dV?76BjvGD?Rf6=#V?8Fw7U%wn0q>e3x2p&osq+Ah@h zKiyH#kDcltmgIuxqMgA>rz7TGFio!r4Guqm2oHRT2=q@fUHVhhrD-(%E)=vz?O;|b zW>Hk<d!quO`SAe^?DWP4+khf4v9qwa!6P)=-g-s+HBPdi&_qhLF!OsIp^(a+ z5n6B7XuQc;z($@?b_#Is#`|<95(_gib+N1!VD;+yCTEkKgy>_-^?VTOnlB0QO)fT1 zJ^BR07(UAqh;Zt)ejHeU$`)DCtqzGb()Vlt8Lr%YYfY|a8oMg68RGKP!)R-%j{qQR zGu>OT`65+8sPTWam-JI4DnDrd9J;`4(+hz!k%XYYk>|5>4W*gb)Y+}B#HDF$7>6H7 zhjg;mNwwFX(^+JRN1K84SZ<=a>Sj<+!&<@*r1Cp_o#0MXYtjV}CjC>X$(xV%(6Eb; z&Ol7>9mX~{OTlR|cH~}N$ zCi9u-7K2<_JF~8eb?#ZVHF{Us90MwxD4n8TP>&dW^s?t;5q8H$JQxWvJtnLVhEmkr z&d`X2@8LTIaEgvqzjOG5)C43TK%jvhN7$Tt0+8p>yhvCj1SphyEPMo6`l9Mr#upuP zTqhZ6Li@vP(3qZZ7RU>m*rNIwW~kZ&D3d;+J5oAQT*BYRuv$`9yCykIDi$u|$Kwje zlp$ZB*N!o#AHJ;8(#XP6wqP2&yfe!(X)h3FBT;1rAP9>*x!V|O$k7|0p}a5JdZA%C z6I!I7yT$sxgO~eh^lhH~3D_Z6m!NL$-qWoYk^qD8Dvxic7fe3bJ&x?c z`cCa5rM^e5vrEggxZWsM%x~g%F2Un12=Qdy9p@y4((I=ZGDx3eRE;LKe7lDzhgw?D zQ$_PVX>6!}Lv5CK+Ugwlz`@M32j@_j^FJCAcK=Bl>k$2#DeH_fpYC6V+3mUUqtAD+ zhty`^1x+K4zZdmR*xpD%Md2p%gj_;kQy}=s*RUCu0z>}W?vm)-CWKQ_e~<34LD020 z26|1lDmlLQug(M^xs%#|(&-HJCRT@y@xBJ4!g3VolQAOVGpODr%(TwuD$I@prr=m8 zWVT>B=iJ$Wbka3F5#j8qiaT(fnm963d{NKb<}pkcp8(SsH=IO-oEdC@)I2PL^Zl!E%~xL*5q%B z{~5$RGkQ<8N4q9B=zAeduf~4zg^zM=uWsS`!lh89lf62Q_KZ?&G8>!0L4@W;x?PuN*J@& zpDo6IF27e&=b<|_fAJl}(%&5T$_)b#$_r6IK!QAXO=+^MIZ1*gG{w%5%$5Gf)^kCI z{f)9*Q7Vb-kUAFf>`tn=eN}Y)Xl+WZE{ThL}P-9lgMG1so= zas>fI&>IG>MOa4Lx+lJ(LsaqyLNSW-7(X=ToQ1Sxcb~!CW%9B~^d63!p(%3)4pL*A zEQZd|O{B0=Gib1xFUo3@*UC_*ulIG6l@de;RVA+yNb-}WDjN5=(f_K-*_6ISkBqWZw)(^W0{ZL(Y${1ZTL-ZRsmyl_bEVnErFj7pMcBJ9 ztdt*WEEx!Ei~YmKbp@}nut*V4_3FSHA1gXZIG{gNFbkfqO&)+0;07B-?n~tslMv~k zbGzVmSXeURjO`LikWy0!xGt0@p`=;w@8sGO zs|@I+edeG3ZPYEu+oZuv^NCP$9TAwMI zAK(hob?`p8fcM6loyU>ln2%Hg$JgbsPnvdEvm0jlJT;(AWY_Ejm%28XLLi(1|I;Rd z9s!mKCCyfRC@5xxp;Y6u)B+R;u3ZKU!~QWO!T=F}V}MU4-u1P|`L*!y_s6a9k>mxu zcf`^vgoOKE@XHAS{pwxmjNOPndoUbm7CU z1Kh;(yb$|&7~=Rn;=N+tEbKi=s{EM@bRx{A%sQh{2{~b-g@jM{a-@YAbf>Txq7n$w z13jYC&Nwg9P-|q5@We-Y7zvkY<*r8PP0B3ViGF=Kplm&!b=O6Pwj>9$bL5icU`b4Z z$jX;O@$w$8>SS4jU+xhheSO1l5&2lowql?ym&E9+GN!deVus+snRge9bOAaV%b`

L{{oRfX6}X&dl!OHoph!5(vGvzp6n zyg*0WJR{a39bRl@6?ya%VR<}7a9*$b4MY=SLOTm09wv_p`*ZS4a0Zh4n!fn}?bV->w7jr}M$KyopjR%1k*2{p_>)V}es3+^Hd8sFErUxT<7R zG)gmAJ&78tqA)NK_F>P~Qq&jsBiU5*@sH8e+noq4@mLig60bht7#qHLv8@qOWbV1? z5O>VxObuPZKtH82ZKw$=&6t~HZj`@vGCb`kULO0QdOmdESMoq^O(r;m1?NEmKBj)C z9|)Mu?|XKj^tuq+3Bt)>qcNT3w72y!>9no?U8r&Cn&j=~Uu-&&X6!i_c4@6lj*d&t zMaud5obw}HC*?#AcXkdimPkQ@omYb@tHQ>m#YGpO8||SR0h0_$>SfKg*`p{(J^@Q! zE)Lf~|D6Are1v-iWjVfnvIU_tVIFQ7EU*t+!>In`kY?JwSq&ZU2PGggg@&@RWP1_% zNxsV!WKt>$Qg5s;DxiAgDMpo?uMD@PU`)bd>-=Wa*V5Ru`jhU z=^Psotqq&9s@B2QE;kt&s@ftp&MV_!c0X=Pf=xkATkE7@- zp(V$Z637sZ1Ql6{q*R>h8q<*vvgNt|PQjrR8p2v!6SGZj&OKm5`D24SvA>8)#xE4O zC2MrOiO;hAPlH@b8edApDSw{>;1Gq6#pBP@^Ucve(Z>rE2nUoK5!eY;zq+85n8Mqe zc^ivmzh3pQ9l}P7xfya;+;GGo&r6RZZNZt0BATqJkgx>6qHRQsGJQ)EqflTO;+Z35 zQ!&$vPvUv9DCL`w9n=SxV?I<)e_AtSnM9L}BKW&w#?FqSS`L2SQbG~rP69X^+^MDn z4U#<6aS>d?N*GDmDJ+PpZ?4;kiN}!cT>u{pm!Q2<##mw*f9D$e+Sn(=si-~^o6x8c^-mi{wN_32J{bCSpol@Mnjh)H@oaA6p9tB4Mz@Trl(J zJD1pBWTySi3E%T*u^1MxzUW~^D(^v**YU&AUTi7%@V1CsxK+)1E^oaBw|+=HJ1bU| z0-DlP%tJO<$=V;4#W8%x%oVe84~l^hzLE{RvvApk!t)N>9F{A1nLL@3C7HARzV;KXHfz+0C?!DhNm>T<^o z(-kU-hF*WE=R#0mWrclQfFk3_mvsepfL91&l&owGct!8}Zr|G_Mt(-W_59-f=l2X% zzylY`k)2*+>lQa%BJ;lZUR-oP9~hUPtg`egi#Aq`?V7y!5IlDuLtaFQrvrR7$tX3t z1wOfc`y_DCHGKfC2`d(;sFW;UmdxA~g@~Sy5$?u=*{oeVtO-y)D*N-+PLqvD5lw#4 zU!Yuvn(w<1a1t1y`Qd;^UW56q3@(-9sE|J^$8O4gBDL zz6GCNTZ*XuF zDjONm5xW{*wDzZ;Zm6M&X#cR(4xrwa(=jE10o7L03CKQap31 zMS%Mw0=Ac$wgADV(){;3c$A@@CSf(F!+@% z{Ez08$6$ouS2|D)7W(zFBsUt*=g?_hu@fF5cDWTDLV=&h(+ve z?NtbO)EWj6>o=T}?M$7-*bTD7*LVD^Yi(OM8a3>)d4f5l3gifz#7&9RJTrj!neu-;+?-nV^h_(}7LQ$-!$V*2n>Dbh(=YhXm}?L@uF>jVjU? z|EJS>(nE}gL1qMZ!2{D&D!|7Un(#*JKRzqCOy> zdHe-+h2@KD^trwOYI~*{yR>?g@q6G}DY0w_Bkki)KvIZ8D-PC%6p+u7+7eMIgTvWI zVkW-#Nk&}lTFYqS46@q4!cY7{k&J&^e;$~$P0O_KVGHYQdmGQ^OVZ|W_}~Rt&gYJA zWU;zCC(=9AZOFDwMn7@{)W%RG0$a<C>C)1}s+icGGQN1`NYi5t&6BW43KVBa~aXe1!#qzT1sX1`0Fo1ZdjGRcPDO zfkM0mq9bU*+NTzZe1a0YKbCzAPHrCD8mi*SkwRe+Ymgb|YMx?E%oXb)WMmT{jP@1YhGt@D4 zK1r8337Xj%W|S@4K6`6EB1M>Y_;d6TmH)z?gJ(W(B$*UpyuMI3MS-C@AUsi^kSfin z4VJ!$d7^w3ZJDw6=;`(2XwLcN;9_*emr6S&q~KRO3t~QvdV&$iK+SnlHvi!XY06Bn zfLj-5#!Qo@oVIM_%_atjQdYP;*z0Kf7{Zw`h+NApwGyfaY5#3M=*jM5Cp$^M_tvU$!Ls9ei~XIJVyGEngZSa zh1ok@so`5gNvoA5Te~BWz~{g@C7A&YMn3x`qBhF5+Y;=JO)kzu(Su?us^?i4rlSJp zMpL(SmV>uohYcv6+6nK}vM+tZJA^g7S587e?@-#e|S zT_7Vi6*~AWcol&sCGt_jF;kfLr-w#V8VIs}-`MCmb&M2(yR+}OSOPFa{=KEdjsy?P zj)$m`oX9sf^Ud5%K?Qkds^IRONdYe#u+DUVFU#@Ym+gkdDEj#e*3%=C#c*un&I3OQ zD}*hb^*;&DTkoKPVLI~k-XUlxKNay=^RPep2+llIL;$FA;CH0|>1j9sj3SNtytD~~ z4?oVG9$xcv(yb`a4;%jh+arjGwi#h{mX=h1PZR*8IU#oojf%jSw+q1k*ZrsnUvqf{ zGXZjQC0PK*;JxO@&;R|q*?*Xm{@zMGbz~rS2AX+ab+!}0t)K$f6hI=R=i*WO#vGd# zoRwmf*?+qr)LWESDs;rxk_43#*5AK1c*~mM}`!+P(a(52@M_j-U4{p6)X5N~_{LX-PK=P(x zGq8fVGb^jB6SH%OzgE?U+yazrAl2y)Z&qb-b(qq3)!$Q&#pzzfI{t+(EixV(e;Z(J z)DhW;jPs(OMI0G}#qWh7>sgWVe#u=)%&l!LUvhqt6qMe4k`*Mb^}}fQ3TDf~lOvc! zZE*acM#sm;C;V_E_{y@YP8MWv-$zT8^+uKl`a%iA@^4{tGyVuWQ$=nllhEf`nWqMl zuf_S5&C`*8b6Vk!%@hY|DdZSO2i?AL+An_0;x_EOrx*(iOJY5e&_%@YXP9__QdYMS z{7DR2TC>hH71e{jsMZ9uX3RM&?{TEo$;lFZ2WBw;+YD9`FAQU18nN5HmGQk8)%G>l zBns%POS|36tZeE_mn}>Hi9`#7I!#f+X{u>qW+x(-gd7>Z1|N)$|L{LU228eJ8?BX# zuU&a`2Y@)^NBp?VK7(%YfGX`mc2qeKNGPR@W!l zGQOwZr5=49m_P6>d=BeStq=>RCkcnADLl&lWILSb<@>im%AgT@e1i6X#ZFKOsKwrI zDaAKRqfWz{j6nVrBe2 zrQy8zHYC5^f;yCHDvCN216OjT{yjCvdfB-5^wa8k$IFRL6T;eHqbNM8vKePcc{cH; zcK{vLf%soX*?;@~?I7pR@bxW*r?#FIzFq*C2&|lN*U$R=&U>n?kx|YOeV|cyg>Q{A zQC9V&eQ9A#5Hp#V!Smdcqu+|)tFW4ZjNtM}e3Go+ew%+$FVcZZagFd+FlLTy?d?k`etrb}0NEd3c3v6K z(as&4RQaxNtijmam7OMt)eNz2m;Vh;O>xJMi00#o!X%yf7y$?}?F$)J%s5}Y^>y3H z;qRrHk8g$6&Fz2m2{kKsl9;iUtn8nc?~|L8(15@8`Jv4~NojnORVb^un1LSSzm6bQ zQc^nn-b9;fBv1<}g3cFgNY$gv(3F&{v-)1lFcKsGHZ&cfd*uMFo;7OjU9({`stSkh z*4}UQ$3SIr-nn@LpyU+i>b*6`ZH6;T#e))$xs*p!IY<8;ns#ku!|+FGW-tEfTUeiV z*_>=VS;3398oyf_CJ2?`TvK>$q18oR=U-)3mKln?CGfSlzW)8F4sdJ1iNfy(K3IEc z*}(28L~7~tiW0gP?1JY4ykBA*S=LFTxh_>xGtXPaE6yeS@AB^%S(z*FgzYQarscAA z@wlVo9<50XI=`o1#{G^1Za*=yZ>^!n&=NjTV=IS*hH$QLUW5t^Gtez1>-B2>v0nTJ z%&IHf{McCP;si!9R(_xL#a3yKf}DGvP4P;aiNyK6F^ubqd7K28UcQ8HLze5JQtq`> zpeZS6MensH9X(y1?q%=jRFRly$_LF`J-sp`dEzft9dh(C<3Pro`BG83B=c*Q`QBt{ ztm=P$X&g0APqZ?EW)1hFI@M3Gn%2QxyOs}VRd*CI=wd_T{fVdT?-EZtMDnS_jAVDr zJ0%hQ3|j{#kwlH&BBTSkgD`1jd^KbWnOEy56N{ycf|3;+9rzUq1JNOx%D>PC^-0on zwf`HLYtpwRA-I{UJ2&;3J6CW+-rVdtMbky5M4*CU#knZS`rLY2rSN!{N5eQZs0oKJ zCoX>VgvH|&&2Q}GEASH1Pa#7QP7wYFh`cU4nk0W`(#32oui;V49MD8pAhLRVSSB7{ z6cxyw`s((_%=b1i89)Weo%oN_Kw};5*ebizBh+_$BzIX#tq!HhZeNT@lTr}u$w9BF zv51T>Cn9Vy{iw~09sO@HUi~*Q!$UnYzT4+iR?V?&BqDg=TpLK0{)!d@)oa$7@Q940 zga#PPNc8#<>};!i@cgvXUp%?o*W+Ig&+d(Q>EZd=ug4)XT~~cr@W$;EJ3pfDNsfx| zc>=7q{<2a=9v0hO2qsT32)@}L8jK_?qyYJb_D^lBy6jiMvMK<5vJy}14*($2E$CvG z{HCzWR7T^=svhfj7eLZ2l)VG@`nK)H%B2v_2W|d~R#FhKO2}pYo6@Q2>2ymO)7`~L zN+b0bAPJ9vuCh!ZT9C1ORI%L?GdM;NKvzsCLzWn6p5J1Eztr0gCH5Q7mzzAxiTBLP zJ!$#3kmPaAWSn-sQ~OO1F+hoH7}!H+`e9Fp*m771Vd=IMv}$1&bzKHMb{$1V^Uq|- z+9MXAs#|K;GQaFkX!1}GXq~zbS8-f`#k^)+>>}k-u7Ql^>xJ>Yg8}#AgUzF;H;Q(e zO$)FAN51qdo*hJ(>c|*OMvOCz9-s-)$Wq~JWdEK_47|W3d0RA~|K_^Jl7S&ZM{Tl! zKILn?Sn8f7_;BiMa&|QzcmVv`R-F*IVj=~kkq)i?N!;pP1&|gOl>raAq>gqs6I@v7 zB)2+KfG_|jiTsh=1jzh6wG80{@+E)-RtM{;%17t|25R9 z9ynIA@#~Pd8-&cX`+UN|cnHon2X*+$`tKuP`$J zby)IyMJSt>PeR0#l1s&8FLo(X_PNRcFki@nKm)() z5G7cUtPEr4gkV4;z%qv?W_zkPmJY~DEUf=)tu*qjtOaxzwzWV?zCAzPQP{o3dYTmjWO6e+_#)b$Lx^e822hMuN7*uVJBkurz|%!ZsJkzMCb^ zo$pSH4Ft*|gJ{g#7DSCfcK1emb&ATQ-4Z&#rz#ZTV&cJ9NYm;Q%7^)%@2xdORh7<* z0uFh9FU(BHXWJ@U;I;k|ngV>pj6#qE{4r!4&1U8%rPHWAldPG@q)1!oS>8w9UM(;{ zS^(ail;;*BEFzk>@YcN-iMC}T7a9r+401(%a2Gg!Ajb5^j5tVP7$mPOMIt5V`Ox>> zXS-FChhgEvX&jxC2;1q=(Ee7KD_s-X32xseB-%EPPL!!dN19vH+=u4hOvu~g0I65H zbE+|B-2KT=!T$=NF+8;9JN{l6n~k3>%&CxF2y9=vEm-S<`6_s{3dp)eZtw8{X`52gB_cBI9rYYqrx9WiAd>L?#2tJ5z%^WoQ#RG*bF(FP#Te^- zrcR2}t-poqUg?5bW)?L-!ASD{(RhF=_E+ z$R$$Pvy(UR!tc2y+*#!)V2voA62t-**p~HFioX&7bWZOUzU<^5k~ka?hG2f2HK|;i zNf?~@elhvy@qH>0P=+gu40E6~p^%#uCY5{xZ=wX@RBFP0C`UN`<-UX-l^VPFpR8&@ zZ=NG*R`JwM*yAbkC=+VO=XcUQr1_`9BU zOs@f-1?K=32?48G6Y&TYuMvcu$<767+p7($6hr3ojos~6n=Fxuk-ao|L zWL(z~j}U)SQU#f^I5Q3_`ge3i$JXYYre^Qi6aE@QAdW1KrB=bTtQz+gDaR-bo_k(wxcinmQ#CX zAp#GUT!3K^CI1zDu{bc#|265iV$+3iV0JK}x5hk;ad zP=u`s(lMjB*$O4+!U1jAD)+B4`yI2N#+W)9=i_4+cADDSsQe7>HpBZMz%-H~ z5~rxvr*_`F@o&px7m{HHr9LPwRRGZh2zK+yvZ%HPuiqR#etdYkwO7VfL=nH%fr(qw z_#jN_SmSFXPr&s>5<(R-yjM$Tczo5gZ$z9tYsG#0lnj!a!~w80s1H;ovthcKKKwdM zX#MqKVZ5C8r31Tim@)n)Bl+{03TnO_AQQjIUyT$9$lj=IeOTHO>b@lOXeytG>+d<8 z)RWh)-PstgiIu-W#B{ABP>n%MRW`* zJZ`wb#AME~>auE!0R{PsUNQD`l-twum=N#^V5404^k_Cu+{f6c4v8$SON42z-gP~5QeI4GQ!VWL8CpRu?+LhtLOheE)0?qp$Mr2tG` za#Ssm5u1RaWNB1f-!GfkBk-6r6`I0H-;+`X?$G7ANd&E%3u{UxfhDCzTK_N|#h#RV zCNq&RF-o43DqhRErY{w+Zdr9FMCex&HuEn|#p~7RrbLIAXG2~E&nKF*WILdoNY7CO zL#+8D(T9pqEU+QG&jGb&j!{C#BdlPzInIPF-r4Re)@O>LxU4})S3pxlzqLO(@MQ!= z&+Dm-_tTJg#J06@s7$;^ zIW1k9TVlQ=SvOrU6%cUs@*ov)(z(6a9okt-vA;NvP|wQ>LRIFm93x0Rj1@1lhb zzbb3GwYv{WbbTM|ByAk~0UZ^DdnwG;n7~zIc^gKAD?>CHpgYJ&e&dBRp4!k8cCIp8 zSE>>?QToJ)##RSQ4LQ!YJ%jzu^yYMhM!%$QyGFt}aV|eYZ(HyDT z<0kgwFdtATOnZ$yX5^%k2p@8@e&Z3uy~f7hNU#%~yUFBaAlM+oop1HG9*B9!&8@9_ zAlRXPM}6s842y;+Y63JAIw?b8#(@NbermG3t}WZv_N=P7IHfu6@2RLZver_onggbq zj{~gMpWLc7^9R$9%@s0FkjbGc#>;6ZSI-hrjqxQ%M9 zzY!Vhz@>UO9r)fC!-0UVQ$s5}0vIB6s=8OfN=3jXx3sh@*QW_9X;?t@wRnpJH23RK z*IuHKZrAg1ghKY_1NbS9s=ArYkH&#d2mC?3L|eY|tlW9)K?;06?yVi_4n{=Zjx%Dc z0)mt|%5mD7E+}f8h6sy~4_Gn3uZrBMJPkkQo~a)@P46@YJVp+W{F#?@RF)LmZs(+5 zkAaEmQuQwrd3yFu?SmqaF5gfMSuf+qM((g^0x2J0yz;g@+F5y&|Gpi54gl{s)mCL7$Bv>u)P}&KVxP!{ zsXWuuBARkK0ZzFmGsKeyt!FW=`!>lub(FB}AP*$yUZR5Z$QgTn)lcPr~6 z5{x+?+$pejL*c3h*s&<=UH3)KL9T8O>?B36^qQoeuoa#)RaIppVDo1eFD9Z1htg(# zPQGkA!2xy=Ld;Ga_Jm3XHG9(eUuuq=?99RB!%$rn72;~A23TLdEPf{`pTD$sbNlZ4 zb-lBbm{8pPBYhqVuegPTmL{WpnR;r9uH=FdN$0|@EEJ(+UE1v-8B+}>Y)b;OtyD-Y zI4WjroPQ3iwvEL@nQ*==cKxj_CtK{`+ z^YNx_wg#mx;OvUOi@Nf^y$zGo*N%eOGcM$5Owsxb72Q9|-#HzZOqqi?OVSF)B#(~1 zv>u3(1@x5Xq$03RU@Qvic|Jgns11FDKcUUworwb_3$?GhjrYGrlr>4;A>|dOt%olS z^_%NL7Gi(3m2cbrOjetFJwLH5@j1w|zARHkKtxWhb_JY_HB59AoS4>COdM>kw8koV zLgaV#EG|G}cTve5JO&a{r(*j0IdoJMNf{2znpKzBOZkW4WR+gW5eXBfXn>mz1C6e=n%&NZ7Sg zE`DI+EG`&buoFaqo36_D(L{UARq>zMKOQ!0pWS^hzTn{K-_sAke2LcP%Rk zF~uUTK!})t{IAtlfxfS|EY;I8+m7=3*FUc0;ytBb4Xwp1nJbGpA{A;*y=Y^XKx!C4-eG@DRzadV^K4``CDN24REI4 z-tM_ZiHNKD;^4ZcpbFzwiDu1Cb^ds-;yNBYHi6|v5^X*F&kZMT(Cg2Ei_?TrY+ki?M=C`k3 z7p-a$Y>d>STC@J8Qy*DC7|;DsCwO-L_Qhc>Tbzk$o#w+EZw?ZDW@?(dY_X>{x2m_^ z=^u}vcJe9PAc#kRA5{8fO;gj*9OyCh#a+*l@;lX_MtJ8yFNi|FMF(stxzB!OiH()q z0oJmkVp>7A!WA=1#h;jCD!P~NyqrJvf9rkY20uTvwFdg-+{+0n!~77nw{a}t+TZ}S z{7cY;a9K?_Xom4%R%42=-jX5{gagMbiGn_2D>u7u7-y$UTji~rqz#qhnZG;2^cO;({2i>Q=`t#&V^o$5)c^uegV~~ z$VSo|wGz4Mh&P(lD}P$)6oQ^%`gA(ItJRf+;B$pYoCK6Rkpc^~?^P7Lyxea#uUoCa z3gGail2=LCv~dy`24&W!69xV9*^9H zTtpd*uo*2&(7n4viU5z&3;;PUOUtW6mK}c=UwL&T$E5Fx0<+KVO!ZqbZuyIvk5Bct zT31e(JW)m#hSG?$SR1FypBPav*77X%O~oq9nriZv{mW%(+pq?8ATf0JBRnxq@}W(k zl7Yo_F;32SP|f0-4QQ7(F%&}2OUE}kF%f0GUnIAGb5%5NoF_ry(!IE-j+4d9Ic> zYcS~#D7&?J)WH^HRE~MA7Juv4XzSTRdK6&&S5+lrJNzg)XI~5kX?yVQvN@Q$yj~Yf+kO>R~ z@Oj81>xH+HA|vmAr_5xTnL5MGf8pr0Spez&cbz{63`U@~n@Kvp%wPUMam9_UmtbJc z_OwYr4(O|nML_V-PAX+H{cP@_^yRIwG+sT<*Xg1I*K>IuB$QgDk`L>2o$Mx^h3jsf!b+|X}!!9372Um&N=FVki(_vUk8{*FX# ziGlU3IFok_qdqW90g=%Aee@P^cwVZxqaaR!AVX6kx&UGhM4iyw&`{NjtBisjELU4A z384+V*~;qXtn_(uZD|D1p*}4_neOMt4u*Lo*eHTEV+E9A>6Uh~U;FYTY0V37Y>xdr zI?N>*$tm_>Op|6SN)~>zCZ{;n)`5ur{5)m?Cd-|AuH<)=IBwYu3!KbuQQQPpi4NqzHp z{ke5LGG}95lFzqX$ee>t&Flx)&5G>>fYyp!!ukLaHCjLjN8wHdz5Y5i zelexoAKE0jz|h6}sU-Nzn3xw^GuvRHV9rfX|o z+LZk=>|F2B3!#_i2{}IAlPEcDM=S+3+aw;In(w!6Jg74cogZ75AX2X{I-E$&t)?`6 z9f#Ca^MzzA&&<+RB>29u9f)lIA)#6!58P@bPg@yJX4d$({h-HM%QN_NoN+~ zsf3YJP>L|ftElN{C^2~HXh_7Z-POCpFvSvJ7|=C{zK|0q2C|^l(lhXeEvYlv6<+%4 zE{)8!_HvB&lEe3gDkruB9*#+`i6}0m6Q(!_w{9h9K{)HVYDx~+43=9X_PkI)(gD=C zT@UFK!i0KLs-CjF-jC7)+{c4F-5kavF<^X>g|4m~JK!%n*xJ$;S`e8GfWG+t-ky?G zL5}DHGhFeL1<}O#%z5_NB{S|8#87ynPZ!1vo{h?bF_z@X48FXuaDN5`R(U1seEp#~ zURDVqarAKse#xJn>1s8cq(}HSebOPntPBn17uWUfwkxv6mbP-hKi<~%qDYj)3fr?C zi|AY$F9P}SU{4gnSlJ$nP#3&5=ZT$aohpoBe0k4l5kK&V0VL`G@+Ok_+yd~LHa~3u zN=K2$p89~``ZI^8mj;Bi$5C32wUci;vvoZfp4FR*n>yB!*9q?J(w+sM0LTl;%zvqO z@K=)}!66QD(x-wle2Co-p2FzNoEiCe`3(})(+W!K+an!Rn9^5}H*FjOQC1i3J=^DP zn9@u%&DLsg!DnB?s27o6YO89BU##MzDxFmHxyn!e%unE|aA7q9*^&Aq7b z6Q8rnFFVk_D5qs|jHA$W*t@e0){Kw`@6*$hYyahOsH|F|sIeNKgM!nQ=ZS0()IMKN zytNhkN9i58XNd{oNNB436s>J$*O)JP(r(Tv^gk@nf#h8!j0VtIp*mVpH`Aj?P`OU& zkE!TQ_7U04 z+%ba(OQ%U7m71+16#<_^s_HXFI~E4U5IJMWySESF7XR=33Y2y-R4XJHjyNgsHHfY+ z+AdcpliJneZ&CFPxBIX?PWQtCZqB$F0xIeOQpK=LI;ISe#g-o~#XP9u9P#lt2F%n+ zPWmuu)}y2>4T4gl8A+iC3$C+Sk}Wrq=;&WC#zF%EKflZ z^SZ@%&=@?t8AgsBBqco5)d^D%tp>U>EBJlAPp1t2c@(n1bodHfycikN^72~w^!RR; z{;bSbl<{Xzjjk8aM!|0VxIb)FH)GSrKC7LG?FycE)TKzP$G{FTmOt7+5^oN(J zAu*PICX_yX)C?dsIw;g&4XbJG$U}ciSm=!xqiJ!Ib9M_W_ zyX8G@(gtDX^Q|Y=^UuUM3T!03`+6`M35kS^B@v4klZoXOyZ^;M`f65kK4eQ@#kqlT zbP^(0XVX}Gxan)_VAEu;g;XBm)EZ*iuI=@nH(J=!DM~oK6ObAj3h4{pLXu}_Kb=SE zj^+gmwYIbrQ)7E)2@(V;n22%H;~J8CMu>5+w+rxRL4{i$M^<>=NSeDh$CYjk#gblsAE_z1FE{DAo3<-p;;qC{}xl z$;RwpPI{(}dUk+%ivC1G4-3Vd?DWu7V)pgMxvkVWNCx4~jnoUr&(+hVqEXc87VLf? z{^_YTioLvqkcSAowqOKaPD)VUJEilR-}z}zT#3?FEMmwOFDTf@Wbh*LgU<7I#qCvZ ziUjE>Qv7(8^m~f?^;Xbla)$hoG$h~MEyxeYB?aKN~br z_^~MucwxCmgxiTQ5M7b~Ty|Mk{=%=XE4n}UT)N-?LT?U@_^&loRo9k|PmsHo+%8uj zRp9q`QLy^_?cWq!^T~R7zJI6r2}oA?bza#>-l?LzD+Ew(AOWCoQkL_oiO7rxe3VO) zK|RzNL*f#Q!21G{XK&4Ac1}*^LU-0ZF> zSAyQiX9tJ6wPAi}tNj6MGnyK;ZsK%rL+1rKM?U*oqMlIoNU?RsKxToV8@(BQW~$BaZ_rE07*-gSH3G z4XXe*WVJ9Dm7}LDJtx;)Sn}JhnfK+5jm!yfjs4+Hoo3iUH<1*0f5?`5@c0XS0~`-XzjjY=&vi#c z)y*`2GhJkXHb-X2Tc;+lX&1u3#x`wjycw)Ai`RZF-_q`uGxiGQlK`z3dvJ)_YirtSnYC6utlG+!0n-g{I@` z)^rjc_*y@HyzH67y^ys1e&!7{7d%!KU7JOZZS0T54|LhlaOjolB%#X_zWx;z(fUt$ zjwP5*zd1H{M9=Jk6c6iMK1Gaqp^&Kk_w<&SJ#qgHLBJ*jq!BI9t8yq>WA^pSdf3C< zy^v%pc04?^Wk|6RT zz0tx#XAcMRn$||i_|4@$B$c{VM!b%AN+b{66DgVML(QlfZi)SAqel}Pz>3yto6+3y zx8_P64*4TbjdW9?^Uiy}dy*iMR2mf|kcQdwGMIzXpMW2q(%3ZfXe!X(1dt<**|Qa0 zhR3sYTp9^2_;yw;4W}OyoCqxfMAj@lP{Wj0+U$ASi3AHodga&^1x0=%pGc+*WR{)_ z;77AFe$m$7`nB>O!l%wK$+#Poi=W6q`5(Nm#nrb#IcJs(ztC^ z)&Jw{fx4M_QAz5Qr$WYoq|dhEyFn&a3s(hOQh>4CLKZK}^YGEl;kotr3J6Ut0tp>^SMlES zm;vU6|9fF21+=RJ+>5^;A=RE(8N`7TrD0x_MQB$>#0X%lPC8)JDIM`S7U`4P>A|He z+57C_^a}EU6MBxnaNvP=IF#2oADjX270=FwSi8@)hcnCTSXZ$>ayX6~a{>Q)QhhEC zU2QWUn0s@=nr;7;S$g___CL^TFp#v`nv;EXcq5Iz|GE@i7vhCF>TB2;bsl%(#C$qA zy;b19#{FZ<$WxWq;~%6r<50!mz3Hc4kpW*?&Fx|gN$wuDpEiko9b7V2$2B5frfy&w z13H<79|Z(|O7&)n`7@qp!6Ir#bN?bk60mM}NMujCzALPp4;oO+lo|3L^=9*F!=r0ho&^s2l2rB<;8-&$s{T3gDnEtJ{}AkiD=tjDP|^fSBZZS z5{Q0gB*@k@PklhLncVjBgec3vT0v7(tAK6ac7ifgz#T;x-g+mS@MF30~yrVzt|FW z6p%2*+yVMrr>*nvSfC5pE5@0W5l%qJ|@Q5r_VWU^7^jF2s8c9STBuktf9B!Xg5xTuqt5`W^L}VSnO+@6#bWP!Jn?4 z{u-653+D;XnjqzsfT4HMZai%PH?L_Mlf;;FCMli;_GcJjzj4}i|DsSpt2$Ol9)L~C zNd$n_k~D1AX+;2s@N&O`4W)xf@5P;ZB{YJ^NmQSG#jdMZ-W(3LXu#Yn7_O;@C8jjV zXQz_k?ldvZ!UlUo8jd~7@G#3O^Jq@T{>7O&CyS=}ExhF@H$e(KHKh3b98Vab0Vs4eyHe-X?O%M2;D2Q3wfyK|-9bJF`Gi;p)g&7;-E58U1QuY-<6mGiNBx##BZQCS6p@C(#Y+#2s zufn;4?}LS)yc!qpZ?-9=P2G@D&4(n-PMzyv|I76a))rAMotEq z;m6~G@ucFi!Xptpjxs!Py)IYiRcJ2V)Tf^#AA^{X5+S`w%5ORE>B11HwlYzx702xo z_Yhn8d4%U>BqfEJn25vp_~;h^D&dn-&ZMuH=FsThp!EKReShoIRj58p6x1tYr{?wxe5<#cT`e@_3)Ds^nQm* zA$gs9Qhz$_EaK|m__h+cqEM`G*fw!utEU%Vz}V2`mA^5Q$fD8ji{eTr61q21hQIm~ zi=!b0ucX;?$!}l>3eek?TR9zm`#s=}$H^8y`c|TRF=ky6M;xr@nsUZL+cPWZ) zf4hK#E;&#j2<;m-*PO;x481ZH8lW$Umt+k*@!AQ`U;FcK_Y)ggtkX$}M(A;)p zevRXCVMm;dd+(NeHu8U3#nNwT%R-pS<&9SZ&qR{jEJwo3ve@k-ftW5I40O?km_8Z= zq^G!?{46uSZu>DOl%5Eyd{=}(C1)Q>5yiawwdd)6!6)&pJf@VWmi7(aTi|^nogaK4 zZsm9Art~3i^2y^V=P$i4z_wk_l=*sU&SFY=m2e_G|HX~G3h;yLW_ZiKSUL+LrlH8Z z&?D^|Ge4!kR=cKt|1PCRypc|`tw7C!3fpcMHaZP6kF$Fq`Fm416i_C_XZqR$yT_C5 z@GHL;74w(K>xS9F#}#T`62h7>ksN8spUXo303`3Htq8US@yPeMFZP81zWsC`uh{*g z_T^g{r{tAeVfo^Y6QMLLyRG%`I|6z_W5~hUvUpiwqo7V6vlnx8x*fB(DTfl?rObm7 zF^$qmE+&KZI-E(3qjhHBd*{1bVddfw7xaQJT=L3Rz9M*nYmn1bH_!g;3W+zQ(|(57 z_htj%R(MLD9xWQ+C(oHQ;F+(PQ>RO9Dr$da^*QE%gz%bH$nd< ztG^h5ukCEkzI?ed#>YF83)+td&*jEwj^G_Mte~XKYkh)&b-d#ln8^^vM>WhOh4(u> zHuwD-hLt0{Tu5xD_P7^o=RYP4_P=Bs$?t)_eXL5Ss%0}H#9u)3_ zKY)tkcC+C#R2&U>t=7T5QsBK$K`;<4bmcdRBmgCeasF&A3~=s80g~uKJR2ja6EU-K zSHsGec?%xY@BI%j*2sQ#HrPz&Hxv63m&m|oaiFli858%txkJ*wZ?I{#)xi^jMBT^R zb3gN$Cr1OE&Y=uNnWLcFZ=43?iq>J;`<$rf5ByD#B*las_657m4e0)>i0r|=Je#yf zcvsx1AeT?`lKAzkEgp2BWJ1vO=wev}?(ktk9zBDSo*p_dPd{xa@P>ZM8F|}O0taPA zHHyZkJG|vX(4YmaHWnHi8p?Uh_kFqWf?} z=}1@=z=ez->%G6)kRt3l@e+!lW#Zt++Lwyxel3 z%(jhuSR@3&&NfYmf;Pef@e@(F_xB`@Id`ThAI93^-S&z>fBX5;8VQz__C9 zj5nG!TJf$F$8C)SAa7W%nukN3m{W4;zp`o(w2K`&@T-db=e3%n&wtnr>p&Cq!-1?@ zY0vjD;qB8NXTjvB@zKv1TV8sUqvMjg?e|VV?@@7P0&o_csQ{BxYEF+ieu}|~adaot zmOm{bqWhD&n+R(NrGXevaL&ZV1cv6zF%_66b?O$#1wEWR&Yx<)-rd?rqRiK7V$ z3YuPipPBz`ZuPXOa((AXX2MgSpd09gBO7iVX*|$jC=KMZtG0=+1 z`aKW#9Ek;3=T0*be$I@>Z07wkuj~;smuz7Xj2Xb{ili_pjq~f_38r;(B|SBmBujSy zK3e_?mPy#y(eoIBUdZ%AncEt}({dvQ_1t;I5^RDfSrx^xAqoIyQGv9(wW*ClgasDc z^o>0UOgrKDZrpB&Ddhz9ziJDF%fVG~`;~XfrO6M(zRk6Jk4l4PRG_F-0u`5Q7PdJ# zI@oLNN-TV{)yCJg zB0|h)77+bPI z&()M+cDB=OUUpakU2!ymkgEd027O+8l8uqiJi> zzf|Aym^x%8q~!~>L1JqhoWI5vt@_!7Xt=?N3$Z1OHWq`$cky^nXjUl${iyE&7ADAq z##fHjeA=QYlP8UVB@&O{0)}@UdG-dh{xG9YUyFbAR^XHj2Y5UaS@{L>>-@ayNgOnL znOz?XW2y>=n|1rPKgWtxDz$%_5Dxkj4%=1Xz!pfnT(NEZ4}^At=wxyy;%?mr$wtnI z6`=7-;E@G=w|-i>kB;{@Ou)o2Y@@&+0jU3a`*w{G$h^C<&&^JXT|fL&cd7awO#S)t ztxn;^G+!`xzy+mh_9B#$tnGkjvk(njd0Q%`xrXGJ)YB<{KA1n* z2rhvE!zWSM#Tb-zm@~P}iZpC(<6R^pPq{xVwA(I)D-yLylc)zO#E%DRpbzq;e-I?4 zKgpq+VPh_L*3r%iUmfj*r1X`lYU{j)}f=sp8;w_*#wRK9nD%kJ?zvfWs2vJReQ4q^zN_fKU`&`Wz#>JiWS$I!gZGHI;XoQ@)hAX%F9xN8DE`IMjhH~5 z&EL-x%O)a5(l7}}F4#hopKh|j7-0$$)O{I6|JR_jUEI=9$jYnTljGD^6*qexIDd1| zYVg$b;jr+S{MzSai)$-M>B{@Qg4ldLUa1Xwjk?%}oRbM8m>1AbdiwXu_<(fnfzNTf zAa~(`_Uqzz!&paLGy36G9b2))kzi6^54_1_(-=5Ly0Dd1Q->$~N3aoeG`U0|p-MKFgqBJIyV{HkOO+j>Z`lOMO;YD8Zq>upwR*eXC zfg3GTE-!AiHz!uwcJ@=4ks~&$ce|fhh#Fn*plx^qRpT9h^QPogRu{G67tYKAQe)8M z%x-NPx!7VbR6BXbu|{i0{51u2xRHAYF1W#Yn4!Y2%hHTny1`}EL7(GPd!Jr86;s_X zf=F0icZ4!MKwUr0o@9D|UZCh-`qfJAl=169t2B z2X`-1WaFJ<8Ym)!gF4>28I%J*cu#noJo_~p9nFq}Dm)Sht` zb#_#qVK0h;o&i6>Hno%&PZhMGSX~1;6n3%*crwJDZPj z#q4e1uupa8S+is3zy12ZVX^_B&&V`L_QGCT#OA|qU~i-jnMc2(0h|RlhU>j}cgd*d z{Yir7-Biqt;^uB_5+#+DPbVvd`LP4tNjt*A&R5YO3bE7}hsYz zNtGQeFc0xkwuXIr=s}POC!{<4iXfcWM%LLNYt9iS1Mv5P?7XEU3M}Q+qsZsy=l9#S zeZ3AB2I4?3p7yJo;1zTbNx$MAnXqj9txg;%^hWzHc1_LYA%%W7=HcB>PJP+GlI_~R zoJN03Wb3lb2?RY1^GGpB26e1sSwY ze#0vZHYD57Aao64&ch#H+hP0UI77R5aO)Mz4MTOpP2h2``EU7uW5aJ zT|#6le2A>ipJF3OWn#kE;8L`}2C5+g(Ez@RDAZ?9g~-gzZ)m`xS&mFfVi`kHlpaVV zK8^!LK9F&@64M~ZNNau#_p56XagZd1G~O1*-Q++o?e;k>n{zOtSYC2H#CCoy(k1A! z2X;toOk(Vqjl?iIf#+eLH4_njbZ=iU=F3a5pDnq)`FUZ*44fne(U%yF$T3o`b_XjA zPo^m7rGr+oV%du09s4^4sGhe_ac zLQY{U0S&?5$YMHZY8)7^Njpn36$+4l4(Rp@j+%LTX=$Alz``Yr{4U)(+(~R~>*&aU z-=vQa?ilk^uhb&tYaIEjle6osQ_$V9P0ecULe=<~n3z`Ht~{ff4Hs@Ry=2-`BAaMhMde; zVK1Jk(q-ApK#W+Y?+<*>;$=j}NxYTu*F9^aWDkyLz;RX=QOV=0ATqbG7eALMPGEpW zbwAsLz#+j&8q7bmV`!yhKk!oi6v)L*IQ(4sH%}KBYUvGXQdT&cc-i4D3Mh1<^=HWv zeH1A|;++-5lSHSaL&|En1c{QF+*F|FJI7at$t*$#PtoI3qP zz{iX+4C@}*(C}pR-wld6G<2BNMpMU-o%u5xImX(?623hpVf^WtR+0vc_rYrnQA$?Y z;rl2r){h3Y8_~>Gl+N=qlw0v9YuS}9<@i)~&KW2j#n{nC2qSxbf?-yq1DPr+ zm#;d8KIWY;Dn%h>R1alMmx*vc#-AwOT;6YN__u%Z3M!IbM(jOexU5y%bo!fr+F#A7 zanQqyko(3X7VIRXOtc$eH)|ag(x>4d8f%6ddGmda#$|J^zVqhXJN}Y-=x0m+D4v|I zPVGQ|zfgSvR;U}brBoMLpOP>$THub3hW3oe`bg(|72po zzFPXDF$-67@VBb8cNGA;I=(Ps&$`D$c`&`wV@RqLs&zUWCMv^}vX~X=x_bQ4xS;dz z(&u=BW#mC@@%w1Df6kv?U!mA+opD}w_%2+w;esfoI~m>1yB!>@YvmTOG2jSSHZXbe z@!}Q%O~_(}+A84v&0fg`1yi!Jg71>9LJ5?UMy{C)@N<%+Q;(^!vI#TI%8X&n-z~+_ z>iJqQpYIhTI+D6HxnQW#f)G$yCTS-h|Hy5*9N^94ZVXH4(|Xu?I-!K=X6e!C2lW1( zuM}D;3p~OznlCk=_YZj6GQb07cC2`h1UHoI&6@Hwd?y}JR9;a?P;e7l>VaDc{>*GS zWG}>n*P@Z-{p!c(JpO*z5{vy!1KflV3-f&%qCdQ_2&FoOl+(y1zh0&*$qtV$25S=Z z9s_;IwCx)t#HwLe{iX@VA;`udEfp;hEE7p>NL|8jLB?XZOG45_E_~!0tntH@H5DkC z+XHY%T5aA34PodQpo{lW)^+MXTIs9l1u=NjuB<^4(A-u&RjOaB)-ALi(3b=FO`2X) zaQ8yq^LttAoj&t>DT>NgdC-tB6B83F938;xQBSLrE2J~thO0S2-k??0)rq;Np=;Yu z{OoO$(rs_U_9+JkC2!Dt_}vV5l_o^%Gf`R0>EoX3BwbE!j&v~v1X+>`vg3Sen;T6nzHnPD7x(7;!wmQb@w-&@fe!|Kxwe1%Uo zPi8YvHg-~Q5t?^S;TyUcWYc`LjG7rbd$U`UtpYl>1EZ8Lak7zS62c^_ajM3n_*Gxm zEQv_iA@qX?vzRW;2kU`UlrJe6At>iCu6S!04F@wZyi=C1QOh`TJ}XOYnz`%c((DPL3P4pVn! z6bW^IEXXigjrg&jpZC?uYHA?M%fGD_6eKALAf{-kQs7m<;Q4sa*4D_>ZJK9N)J63_ z+N0a7v~IdM;7#%y3I6pEGBE2`rx}f=JO~LB($XXnqA{m)zu>x zZt=e!>zG-2Qr#-ps_JPZ{r&4}KU0r$Gx0bPJkS998X$;HNGi@chI&yFfXF2qoBT+Am1V?XtHW+Ysbj`7_85e|9Yrh+}e!IrT+0HZP~(& z8x04BGTiUyiostI6BWs*ry`>tB>R$R&ri>!yu4^PY-X496N!p!iNJQuOY+YWXX7d>JzQbuBVXnGOTczav_!G&4+VAU0PbNNHsgQKI; zt)b%LVmL%Z8Cl)%S^cZiqlm_9*>KnVS8Ob-b9{UA{}Rz*>pgF8@6$B9K{7J+j|jP~ z@or{AWb$_iF@2n7<-_o02#64Blw7h3>6~C+{%>#|GiKsaz&Sn43&ZPCpaF|NLjY`q z{|+hKF=1eSfg=(4yC3{q^1o-1O{mmpKs5XBqzw3PO#k<<=V8Dv`|lZ&1&Jal5IX;R z{9+0@|G#I$tFZt7N7_RQ3JH>a43AHTCKE`z4XtcwKrNo_2x|-COIz$;)Zg_A)?M1c z^Qy!Y8aF>qVK7e1HE*h#nCzGcCs2?MbmF&YAC}bD8(*=H?xjhsO)yuDWS0VJlr-td zubLVLNrCypb98JIeU)aoGJupV;`LJ=Qgx%DdGeF{V7LDp;iix{zDxbTwp0-nT*A1$ zK8k-mX1K6X^WY38`kxu`>|eqQn!lcC?Y8h`T2f9rhm4rG%y;$GAw575bo%#0~l{9uAN9msas{H-hMAF@c>QVyrGxnBJRUEaefA76ZHSidU7 z?kBUBR#h9_PR2;=&#{rs{R=b09S=VQeKK@6Y}VGsicI9Cob_6^ppku7R50IIV~sbN z+I399UF9;Y>3r_fmK@@r)57s3rT>L`lBlxqPx@}?^FCXViY;!WXVU68`JSqQPEseF zNghA>HWfB-4p=sp;BTzPbO|b&$Gybx^MT z_*Pw4H+&OjK1Vm`JDWp6jg|z_N?yQ5j~?=#Dz|Cr0gEtl06R|3NBy&J4A?PpJ*%G- z332OuT!Lz(I8n~fLyYsqx9ot`iskEtps};{_iq3)CHPD!`gXjm*yWN-+HDwk*HFv* z|LPY;cM?>RaZ>u~XtTr?#~#Dh^2~XwC>IBiOXi@T?S`6FEP+A#v3?0=xKRjo;FAOe z@v_76$OP7RkLRk-Wm*3k*UTYra9y__DZ^o3x?w71FN+qL^WBCe{DJToIgjNGK72Yz zeK@tOuc;r#QxA~}cRnuwK1|^Og$#FtMZYdGypU)g^3TJzb$^zqU?gxXkKKe>i0VkT zmw~+40!4qk=nS(0^1e_d^E6zV5o8hMTf$?g(Q5)#zkrx|5(>}EV4lAelomsi6fNW3 zh$oZ70gM>iNxYJ{dsai@gNVWVF_=5jj8jMqVw*QeTp*t`w||HRIZo#T*pG>Mow7j} z>dXy4q>|E92}S1ODS%s#!>`}kBBuf3*W5?+O5(L8U{``TQS4r zIc7IDH0UKUtECq;j5Ol@{#~b@DRfWie%h&3)z^y}Z#awD{aG37s1^y}jAHvQuD6TG8*9n0@a0u=a zg1bAx-QC^YeF6k`cXxLNcXxMp7~GvZ->F-5tL~rkcWP>C&#JY0_v(J1x3vmoWD|6V z1?>k~ovoLX0^0K&(J)kUN*W*v585A!0-T7GR2TCLGUnFYOIkW8uMUB02kf^Y{nNqa3|qQZ+x zs_kD(X#j`~UiMv|oo+iw`Y#?k0^ z5&e2ZAhjDQc^CYF;`H26H9^*mqi2s0)fc4bBAZyHUv(s0)9qG6X{|3@^9zf4omCha zq|0)fUl0pU<~R|Jpo-N>&^{ z*uCPnjbMAb_H{~nD-&766UTFWkgpygl5pTlt{xCFBK~cq+KVKQ)EceitF;_`_qvG| zqt!K7#ncK-hR#|N_kf{igd~?-7~xS-y5pU9*JG!+my3H?xw?u|8V_=w9Q>ju_iG?X zfBr8b7AFxDucDEb50X|nW(Xeoxa3jfRFeM4D$NL_@748f05F=rz5Ur<<78Nj*_}9@ z+eHy&L0KiIwG4G(;XqshW-yTav9EN`Gi9NdgQiUQt1r77sqUvWqpICxK=Qs6q25UT z&B@6Doi{Dug9YJ2CR5pTVPQO5r6lofrO*e<*XKnbgP{%%;%$7Vi&l_&=XI;1n_Ov$ zs5l45*Z1p{;m6IxPlM%#$Vv=9ZUEz|l#NT`K7Hvc)!5FtM)(gQCHtO&PVjYnrO}4E zKm|@XZAR}!pZKtPl~!&4zl2SVI#dWLUFc^aS>9t5uo@Blz@(&-N)U(`+x*nvo5E6- zuBi^cm&{;x;@bY!13|Nv66rbh1rjnyyl~)+l3(+KhbQBWGP337Msa>AAxBOV-q&eR zAOb&b6k@9*cP5RJwtBEFK6xjAvb=`64IVtb)YNN`YM;iA59glX0m&wPW(JKv_$xo zn9&_D>iKrEGZm|*e(^D5PD`WP0mm-B(&lN!=-+2l=xF9vcTk-l4*K{W_%FYCl<<-7 z7GL+n-ml8)yn(~->6ASD>R@~V1~z;FVumW)NTS2_CwOX`;l!dK&&!qt*Owj!@l0jq zsdipyW{k_l(J^hlDAs$&DIa9;aqcOjd3%jaeeLgL)nvn75pll?yo^=brF^Cy-S}#W z$9=kki44E>R~#ioios>`_v6c=R5)r#wzN)UGM_r+=Qf4=GhX`WP-yyDw`7czkTb6D z=*zqBsu=)dF_EOC%<9xQ6Hly@8?K8mBxvo}_2OQ5>g4U==PNtk{i>zO(%@sb>n<3N z6d)rfWM5_R25h}K|M+;kx3p*%krMLfD;qk^WbqZaDJ}-WgkX8!ynk^L|+#N$-sI$L2GFI`?Ot1JE>2| zXAbe39lhMYV8_-kQynTg_J5K5-+Uf8J8VhUg1*1>cKtC%n{>m%ID_Wbqn{AxRV2B7 zlF4_N6M09*KCG5fv}Qmx^mpz(eP{ma6Gghed_D80Rma*m$CSyo_$Zm|H;DiM4&jD3 z=(eeaCe$x?#{CGS^5ngW^XQphS*JfB%k$plaq4tzlhpTn&_v=6F04CzHYck|zuv23 z2Gv00v$yS*(aeKOus3hr3JGD-4~t-z{65}FlM#A!R$8u5C=0qAmt{BWIM5DtDNrRi4#F;<2fb1%9f80ZY%f7E@_2cGP361I4t ziQY@`=)bFy9bvDNVgTMZ^fUEpb4w1g`N`>!qPd=+gGj39zae!#@jAkdt%I}(X$6Ux zAeY7nX@xs^pu4`v!mceNy$xN7!2P)CxpkB7KK=+@O&m==@A=WA}EHUWu2BsMu?74kbJ}=dLY7L#}2z-5h3?hmTj=2#Ahs&LY zSxucszLMobNftTL_^oGQ-yO6?4^3b`_EpQCMF8FmAgg%Fi^KkyHp9stM|6#G5$sKF zA&R~}#pK6e`$9+*1A&C?-a=QacK`C?8oJp=4^%**cDZv9S|jG8vbWQGO1HvYdh8RsP!oq-w4?79 z+p2P|w(@C!@oRRUupQTK{pR;)XQ<+0N88W~mP%exH}dIN06hTB?|jdHrckK4Ar0bJ z{DOgS7o_oF5{Z*sswU23cEC8R7jMHo2I_JCkOB3$lqNT}m!!kdoYQr*8b+>?VoJzh zK?gn4PHl>V-n%#Lg|}%IjT57*K9esgc3Wn_o?3kC?g%h>FY0rAAe^vzX588OU9o@+ z9XaAWweaaG9sR;ZR4X8Uo?a)rRA~jT9^Uc|;uHlLEsS-R;@$F)>yazJ@cPg!TtRhU z+Bx{hX)3G2e^=6aQzZng)XWleii~{`?YCjX+J1V)_k*k0kPt<~pocG|gXUYOqL@Qh z5Q8*kKS5>Cg|P zhczpFV;@ZH)9B-xFO_oPV`clzV>RAJQ6IA9Ltyy8E%6{bs=7}f8e+4bl_&WC3FW32Uv-P=&Dq223r zF{|k1_?t)ZQlpih4ui{R>wtTPb$1l6iB@qgpX+g(J%_jH2g}m-*GHl2*Lttg!rQ{O z--gnk!mMS}Uz~0SzFiedec!fQLP&01l&j2aAR(a7#*{wIOA@{SY6E%#-xmF;@|>iPs)fX zt(2OT-fJ`RuOUdIy(kEDKj_|Ch|cE&&k^s!C-YT|_L~(Poh>>x^|p}9X2Y7aQ8k;9 zg?oM|9~yA;2@KMcS2lQMWz%D`O3FL}IJ%}b$33h|gS!AZA#;x78m$W*ljhVF%P~5eE^=5sQva^Q{M%~XaQu6FKN&8!K5#rpY7KT7 zUemJ?xNIoWxUrk#{$!jVEJeSw8bfA??`PQJi@v_T7U2PLMxS!v;SWbA~f)Lz=n~*RR zcuK@*vU~w#1U^osnkv!jIlDhT{~~*{1HuQ>>}*)P{5X7OFy?#PB=Q()tT^N}l{jzW zW+0Y^HEf8rgAnhKG3 zXNt}z$bO99;uxh)D>qotFLl={?Yn~nc-5=r~X-knBRs5 zqS1t>WCKs{hT_X^L}%AoCk!PK#BG)4tO?8C)@mb@i>@c{5^T$`*eEE;AGoaLk5bhW zu`PZbmK7;f34ysD;`}*lzuC{iI&QzIQj}lPfQrpoc>18COy#cZ?-J<(gEdazzKIchwm4Gye++jq8KwMdC9w^ zHC0wpSlT;YbQ6-6^!FwO&v$tZ%)L;;p;lSPP25~V(@vfh=lBDDJ8*qet)#hiC&5c!iPj+|i62T~puldclT>zgl!u$T9jLHTCrhQJqmq|-lJTp~ z=2x{D6+O%{e8kCbRQioRna4WI5odNu^$9fxx)4>XmF;KX0Go%al)+q- z_SrB^Qr&`FC%#9IZ0!&cw2;?ezF0BLS=>w5y_l)+busVtvQJ8uJB+x1MUdJ7|F z^g0Ku!j7-yT@FLx0;AY$3X#8SUz9h`>xU#|fMvtvzF_UieD+&Gt^fV6c!69^Mb${J ztn}d5EWI3C&E%|EAHsmi9YOY}Q5>WNs>(=HT5vEK>zS+|86onEdOl0(o2!G1{J`)k zfD){~OWFv$(eV4vjIqyVDLI1VBL5PYqa_JRmo<-0jtI)>M6FLUIsSstS#uYxUmi4M zTux5MB(EuT?r`B?!QtgiWlAUWsSuP$alr6#9S~|58Kb_sUu;ZYe7M_0P1q14{P%-MU^ zfAvF_UHg+neB3c76EY_405Z9jt=hbog1yYm`XNI1qCvq;~TNO6>InvasxLb2I?2SJ1s??bX2) zeOZEZO7QM1RU=HDV`Lc2vCfNn3LZy_oJy_O6~Cor;o&fde|M zB-IQfu`=@$>jgJ_Jw9SDNc$uUlvZ|6n|GY{DE+E@S&zqp-j$h)z^mUE> zvSakVSd1{V-c%^T7_Gu5Z7_H!3Q-387>))_I97opY{Ny{JHHcylg9VS%w>(}E_<7# zhq4)&@cZKOtO+&0Rui{aSHD;AoCkbdoPBZ^Wun8%aWtD+AG;0jf|?I%O1j=_QZ7=i zb`))hDB{OWFS{b|@#H{03a>qeu{t2$UNI@+iH&a@4g2r}h(23pkXw&tU`sD8@~Y(b zLg~w_10O}0z>6NT>(`mP^P8Th9jJV=nOY8eUVvN9fM06#kbP?*{!?6?q2*K6&5xPh zS>&|mOc|W4@QocAGDLI&EPBgIT#||ey>;G z(DN{>Gqlr*iD4di9}N;S7r8xqE#IbmPCNMO1@-aLM(loH&#DhaEi)0e6%Uf%as zwHTfKAN+`4_QFK}2IpG+bU6Kehz-lXC{?kCch})!HwK(cHBM*9=7=oSd|uy5o4iNZ zC`<7?{JIF>f!^}s&9+uLp9Fe$od_MzTXb$#oorK4S&0mLZX+E%ifmQQC>~bKhPGF8 z>E>W|sAWot89Zyw==A|3w81JW)`v()zp?p6`dVaQfW9Te*ae{l|~Y z>!Y#nr!1IvTjz6}utP{T#rddqEzVzFTta&&^A+dQ1gv24;dOju?Iz&xW&k~*I?jkq zUBirYT&2|BWZAX;+s@c{CL{N18Jpk!e7z{;d8&~-4CqwG2rfeAKuO98EKuvXu!S9nwU zwtOUQ!3#V_#ipr3XH{Db*`L?#UFv`r?(6JZc#MC*bA3reZ%42BWI~c!UPYZI4nbTO zPA!KCexGNF!GDMc=W&UDdl(si<~Yl^pv^PbSaXK2p}Pz4U* zMFyFJ&L>U2bfn`Ty{bO7dLXC-G+!Y92C6hsui;XfTdWCx7PzNby2e^h+Coy^BKU!p zkyoprJlpE+on9%hAKquMm-QmZx*N|Dg?Q8bR540bCQm{#W4=*SIQ3Mco5mlF7bX(b zdvvFugn1_T`Xs+@@4#;@Mc-Sb6L`9NeZPLb+)$4^gk)7br!rk9>frkEL#Kg6|MA4- z=zekZ??-!vn2q}uWF@?9n;|mOL&DC69ebXaBxDtL*QMNIo3zx?g8|k$uWY4928a7~ z8jTGaYGc{(Bs}fl1=9mvjlaGcb}_0!GCqGX?JA`OY#*;0f|A)wbg|tZ`qK3e#}%SV z?dqSFaPxnL1&w)%aCEuWvUM1!m>W2KDae=q{>{E@G^rl%&QCb|$m&&Mj)e zb7$^M$}3}o7gMN;poDrxBFs| ziH`YWAQp#rn|I7Fd`_d!W6A3~B_bq2BL{Q$k89s!;(`d#={vo-+qRcZZrpOfC>qo&?7MNvvR@!Lv4(28cE^RK* zLnrT%i-J>d7z_)Gjrj09Kz2z0yu72I9#0uL@V^Mokf-v6*dUtm>>Fur!A_!2kR znp{Sqg3&uAySn@}%){_vRGJ23=IJfC-2T>x*+ol}7}phqnq_cvcFt9dD`ZeNmd1=R zeVKBkT}LP8yA`ySm6reWh`pjD1#R=ErJS8awJWc}_^4YHI3BRh4WFmTUQAi(6PWh@ zy66i`;>*hRe{LFsKIJLp`TSUV4Uf6K^>&^`is7+jvCHfI=JI7^rs{>l{K=O9&b=z& z2Sw+an33wY!|QyT2K}u4w^+tlTC2aKQ#003B%v?}G3g(3^k{@!dd)%fXrHdXmyN@> zDBqsHJU@Q)hSHM(my#OKoN{cUe#_!`*pegMMYlc`RB@4eIn$=@fgm{k`?fb7WkpJl9ywYE z?_%s0V#ePve!hHIo8-E}(b0!r%?LO2FoqN|=ae0MLac|Xj&4RZ5fVqd-FB}Kv1Z8s z++=||%r=i8pUz$m7!fA_}R4smWw{@YF57;|oohJl-I@3&=~ zH1EEhNd>HT8=uQ=CTisIE#|+FTRzW`k_ig?b;bY1g8-J&{$PiGWBa=_<3vCj1 z3YbMo4Ol&9{?#p2SheZJ_-OW%aKD)R@wCR;cQuVbszNj4InBq1g`~?b2)ipzd-X#P z>xGN=V@Ls~>cY<|c<+Jwdkb@st)ub|>)i!j;E*jr<;lUZ*x+yh`o(Cy=gB-Vhp|xHBVT zOMeQ$vQ28eT!EzQpDlQQRYwmt9^I=d492D(MaV6bT4#&~c*Nn{KE?&B>#o0~e@)@B z;x3|Fr6u`!IwVfPgHP@WU6go~Ul?~g>X0)rD&ytc8U><14iEmcD;SjNdR=+OagE0q zo_R-g5!{xNJFm*^$!9RI=Wf4-5(>sI+A8KDk&E{9F%`WH zzQo86!m~BnKGKgWZ0j{Cc2iple=mn!1b~gg8gz^r$Wywaa94GYNO)of;s$>lo{as9 zW|CaVo!5a5aNz~L!I8JTB}A)sOm5Z_0jgEaGTjJx`8DR*%PnjVX}A3N`Pr~pby4CB zeCWMM&1Y1u`2%Y*I&uG^0=3=w(V_XI z7F)fIOmFtI_R)KsV?7xu;%F{e_rv!h>iWrbQ&w899hZKS6$RkwT@0s1>1UOfeVXbtO+lHJ_L6{k;12H-r6in_{W;Y8^_o*q>k?Ka_F!no>&fNL z0inS-gth+uzJ!}8=Or0$C%HvSLFV{yT}QB;A39hFKFPq>#s?!PT+s{ zla}*Z`l|_lX~;lP4tl5j9$U3m*$m#!pT1s~Za2Cur$R>yhp%h}YCIP&8}e_bO(T{r zZkrmr^SD)9y$6RqYRR5SL-wcm#lHK`7oCnJ;1O)unZ+)@Zc!bg7Kj-kkt9e@XV{ZY z?-USridZlh>DyXMGadas{GV47+3~}R>$5=Syaiv6TLH3j_TIti!HA+NCQyb#Wmk7P zW~7{SUNw<3J5C(sI(+21F87k+&vl*}m5*o+`A;(^P zs!#NqLVG-^`Wmt=4Iok!34aZiLK3xGj#iads4n>iq9)23wSLCYS zD;S0*iRPk0GJPnj=mfpcc2d(rib3WwvyMujV?m}aJh@J-Txx6rQF(2 z08YNnT!X7qS&`KwD3V{7=}Yw1SzXZW6Ix)gM5f@(5Z6D2LG>jjLZnOFOQvOQe!fI#4)dCuKkoTRYPNdiW^M;N}mh;-uS1=>|(CJP@d_^84ed zT4TAc9NA5mQyu>raN;#pA_H)ht9KXz_lkPl(i=f^z#PFneQ;UKshd_izK|rYQx~bT zUA!^_{s_3#J%d~dEGwrfl>Z^7`8o)XV#;C$)=?HXU=&YfgbKF(vwzggZ<$lW(XU1EC2_=||AlApKKxQ>WLPrKI6$?`5jYE33dnM| z;w+-gY zrXI59m9PX|?b31%C_OY<&8Audr zB9=l$eQ(d!C1Ax`=hm2;Ni%;?W4084J+&-f=t-0OS9y}qj~wYLutlQTPLY815he@r zZi(9!oGc~IBS*LBk^ zrAo~%T*m4s!;=el5s7;0j~jmss+XN@^64_I^Qs{&Z13LP=Ey-8S8aRSS`#z=oQxTN z3JxwZ>U)4#Ctu6rqZ6Ucb?!g1g9kSW3t&)++Eqm@IV_B!ZG2{8vzTX`P`CAFnRdg+ z!)mib=4B;vo5eH@e?s3DK1?r9syN!L2c<@MG=inPnRNf=ycyu<+~8dCm;FiBR1=a7 z)VEw6BVT1pEE{Y^5zZ(eYPDe>2Z4@wHcwTbsNwoj!6rf`BB=?5_#0LcNdkh-6s^UB zdF>faAl6N<(K=p=X|X*lr?B6eWxxwMK?#q=jln~=$d<`{J&U3k?KSyOF+o%!i(P z%)6PCDfpA4#bD3EJC%&zF6>9VCYf?T23Y~QZwR1ixkB9{-1)MJ7DxQAtpH2MX2gfq zqq5w%PViy$$_<$B%LqvLinn{j5q(+)+yC#`+-S|5(|)qcA%MFl zze;iR%4cky)UPFhBs`#*#V~XppQTCL@rYghxBtZquGmgOEM+SKh-s)gdXA=c?cq-; z`N~>9SK^|;A`+S}-M6qY+JLPUvhm9(E!0T*irct7e}}DwzN>+88^vhand`4#U$HT? zhwMjw7WI@uZ>Yo)gx{n1czfu+kk+T|8Q*<+yPyy}U6N=!4=r(tMkqUuCIjY% z8H8#R2NdF+S9!ezaTcv7<|vRzMQ9dBYQchh&>iN1V|%=q%lvpxsI45{rfzlck>TNv zhXq3Wb>0UTl&Ga+NmJ|M$aR^qUgvaFiHWH``|?EwQzo0yS+{Vb=)*BuVEu3BSqu!o zkwXg{z^G`~;j+~+L=)mUQ{)?MGN|crFJT7XMe}P^Ypc7WS|g3=VUlDT1dGo2dW1eB z7|&Xj2;#F9_j=~W?tAGkj~+tuU;B1I2IY9EG+oYYbc16P`gE+H;pAU1bA>el z%@-FICz!$3gv<3yq|_7SX+5@< zf~rQqQ;NWS`BBr^Y$5XgipJ8kO4vqk1oPx$`2A1JUdx{A(j)C$AF|zlH*NR~%zinUX#{OJ zP4WJ?S=s+J6l`>orn8)=6A`mbm74Sfp2smU>iN9S-X) zbJJP(MXfp=XzR(b!*#AM-E-%Z1}#yURJDncqO5loVMU#C4L-(3>`qpmA1Q5BN*JDe z;JXz&YjrS0v{C@WE%Rv~@Yao}xSQ1kCh!D;lg>wggABQC0JC~*k?y-DTc6OI%U?-b zg_cdDAlQ7B_>bUr)iB8@*z{T!or|&ttnyKmeWk!IU1k)A%YoxxQ^4Am z8ds|<)uxJYj)3p^#15Wid*8{eev!CR&nZge4h{ZlE9D%H+hJ+Btg&sq{inXZ0*C z8~Qk)i9Q(BYz;3N?&NT~%#y)gntd9SG~DsHIYzv9YqIidY!hX?u7tsvFMWfB9pTw^ z^85PDurcJn!Mv(016S?eHqeuP;_dsywTVKt%gAXJD{0%zJZ^?&_k(c~@`%tg_Gu`Zcpe#V>+mSK9rj~(Lm*$#wf&8eF^5m5Em9V$ zKbwChp$>gpB7O&K#6iXJ+qJu6`MPDv@GdCsBuKOKKT(=ij*GerS5$D`v=6+*#8){* zO^E5~`4{3onEM>fqgJRwx(EYJE&hCKPb9cbPTnMHF4{2PylY9)`MIqypA&nSX%v6#vED@rjF8DatJUp zm(jtQ*$!BF6zerYXF+fc6Z=msA(5!N9)4=e3$eARzZqceG3;cUI=9YZyj#Pf?JcRN zoOn0_r%I3Hu~l#zIFl@@+weX>yfY@Fut!GA@PgF&dj8!;=4xR7<-d=mMz`E~Hj?d1 zaXa^A*%>fDCS4HM7gv&dqlS(s5#8}Lh63q19h&y|yjNNx<2i8%mR5qUxJ3xM9F>`? zV*y=nCpc=h7GLJZSU8VdM0Fj!%E9$6P%17Rek5Y8F9kiVJ^H*D%-Bsu zyP~vCvy@kD$!vyW790qs*E1NTA;xi^YfBDt;a(916@PajT;l!+(B8Ugmc^I&dWtv1 z$tO3`h2J;z6(p*WVbj3py!5!9ywu@wC93z-N7$nim_Y9d<2^9-=wcWV@03s>jTuGEQ6(^;44v@`= z*l2doY4}AbfuievI>|i4H&Zmp@b|5kY5nF3Q@w!?Gk2#FIBoqS0qrnP>s6n}ckP7a z%lLghD_9`Sw*GQ#43>8GOl40c6u!m&ks=ULvZ{i!7%)a(=2#MEuf$0}H`%LWe%VFB zj8u$WjYGj-xSuZpvpbldk&)0KyJ_>HjLh&+$(twIcZ3es{<&yeznRVB5e|lM8?9$>SoXx4=^_O$ z0f!|uoQvV%;ILN1e&a)HjOzH{&)@}$$*JD{TzvcUKvKh?!s7-!bE^M&A zA&-K8jWzVxKod1msE75XqS+n^OXAoM_qTyMe|VbV8CKdP5A_09@+#0>^Z#OQ}{K;)jxP}l-1O78Yl?C zYPQ|#C4%68De~Z0Z)JQ@cm6bVt5i$d29awJdv&v$z?=lc!AA*#cTv|>g`8Stdiz)> zZa%B{!}X=8(Y}W65Q7@|hnRZD^D}Du`!kap`9P`Xo~*c$28g5 ztoQXuCT0yhM~M_Y8m8|C71Djl(ERe3w(B9$-AP)Fn{%4Mn2PR}NH|0YqfAH;3EWXX~vf5srv#fs4 zfG}H(t8_n~8&L0{#B3z+g@J+b2O@#^4(T6*lDd5T32!j@&1owV-&8bogUZU78p08} zvG=^T+kd{6M7vlOEWil|qvJANou477H+Uv1OL{m4ZeHCy1Oyis)8N(gX-)4QTzO^8SZJb9rr??8N;LC+$H}$9KHZ*`T&eJVw zAV+t^lF=G-s}LZ#Fj_xMn(cSK@g;(;8Ajtoe_g2U-4&3bgO;K%hk@z-YIb7k}%mh7>I8z z4-23Ko->q~F~#lnvG~hqxI9AOtcBMh-%4Q`nDwQ%LHJ z^p6gRHKx(4x5{@E!WA}6%Agrkit>uS#%Q`Z`$YN=k1zh;)M;>nX0XP!W5c~Z+c1hF zrMnT13R{MH9XMW0jqS6 znqZO)O_b$Xf7Nz=e!<}7hF85SUbEkP@;{^vEqP(P97?04sx%k~gg&eo?@Mx?46(x! zRjMzpf!(5=T(qTsIh56Eg~o0{zt982f~bd;lYMD612_QAt`gYzBa;>YV;VIWYa@nR zJT!PN5=0Naa~Y*8nU_{vgU@h5$ggC!(LiLopqhC*IY00_Pc=zt{YT8Zfr}O7pq`+z zxVx8%UE<1p@2C&sHJ36JaTxxi-w3iYXq>3u;m!DWY8?k|s%arZ#P7hx_bD^8vV-Z7 zY_w2qHD%RvT_dc)9f7^!Rhxk;hpGHA2c|-F)+c+>R$ulsa_|$OY|(p~;tzlMqG%)` z{6~4BCn%H5lGAxR8){&|9gt>%3ML9W)3O6IR}QF<@t@pGeFrv!GQj|#tceRgUur64 zb|V!$zB=ZlW^A|%_c&&4%YQr}Sn(ZDz3^CLn+*@9xqii0jI%1W8L*(V1gfOe4Ig+l z>pdihW)ZgF^?$p@Z@TuC-&J)xJ)qG7-Qx3E%uw|i-It&H>)9yFcXZ6n5 z&S3t|4Qr7DH09mfmedlPU5R#td|E-!#~|1o*YBJjNoQl+y4?r3?2Ur3C%@yYa3=au z`UM>=a*J+!5Ro~CMM|28z=W#&^lInM89$^~;|yf%K!x)$5lCBVhiPJ@Cffpn25*EP zP-F{F)=lMbD=?EV)yrW+YuHa{*x1Q!2HC2?^};Vu61&Dpz%XQ_Nkxkl);n zb1AcCquOs8GG}~PER*1amJ_{mrs6?`_@k|&Q)5^?HIc*18WrLVYZ}gy_beSJEb7Of zR`5EC5grO@KH;|d$}>1lHZhBlmqEp9BqOx>oYonLN_GDHOQc-I>`5jUA6S@0PO zh2Mtza#4T#)+VYiuw;(_6wAfJ+m77fB`xG@2tA2r#gHgWyEgGe7>^KY;VXki8t4uYl<*HQp&=8N3&6?)2FN|G$FI|2s=P^TjL;Y?=|#6!9NV9r2yvG~n^;E)y=; zi-hcde!kgYxI+&=IbuuN5{Vuq3`|+up#KkBjc~k349Tk`$ZFdP_6N}#_z%~fzzJ$k zZ(+fwWbCY9R4K z@9%=vjr|ex?UkCw)1#aMm{I6@cO%~X@XYtEE~^qUVKo~0W`fS@{x(tgw6r!Rud9&{ zLhN5hPi=m#OF zH(#K>@2020HO6$7<#izuBbOfw#-))wL{vBo>@$>Yi)JDhrEGL~i)fZhp``!9G=z<6 zMi3@MWV|`@JoZR7L?ekrh78w!LtSWnn)jlf0ZKK5wH)zl2eNA2f`Mr?z46tc<`RL8 z!}`=U@P*#*e(e^e8dQdidK~Usx3yJgi>c_l#g@@3%S6oLATuIdNXD6>7I@Ad~&O$BqcfLQ=Zl^MQ zl#)2b%5-y*XU!2}tE;U$*3y^jizaNc!dGvelGJhhFthF~+r0 zf6&VzwLlY-#JO#!dvMqA)?;0Icc6fP=tP`!>X&_ON^GGioBu9_jqPOUg^LRq&!VqZ88|Xa39*;vMH7u|^!if;ujf_e-MfqN8#z8by^HFFPJhM~A#M*hT~i@m!~l zh4qSL!N7H^xWZ4={csc?R0e=b(aTp^jcruZ4sNkh_q&)+wlkXkp)EU6iPSN@?7=9@PQ4*sqOBu`p|mlryYIrt+Bz$3$OdrJ=qJ; z$Y=jZ8^sjxc}Y@mlt9D`ghzUFBQ~uTU)sV?s+j75Bdi>R-m)14t9ac{;uqWxZW~*t z-s$Q3;~F_B;+>Sfbp8f8i9Gpm8Bu@Se!!j~#{%_TF#hX_VpLD4I!Mf@t0)CS>uQDo zg^3Q)lZSYwcw)*v=@r;Rvgfw%GK+noB&l#xUi{p{EwSSy*%YC<`PP<_PIsR6?{~U|~(EJxN0m z)RV_pak=`<<9n`Fs^Ex_^6mh+i%4|?#jgR#z1Vcov5#0TyWD#G;-a0)&rTN_+cs+= zuyJ~=g_@uB-VZrWJ|9do`YGgC&CryPFT#PZ`SOsUw?vKBu5ZADOQ0Sj%;(FTdcm(C z!-XR4#>MkZrLY=g{(jN#=B*gjV>98#Tv52Qh*O(<1ekbR8dWP&f!E-oR0;zJHn;GT z0#P=37q8Qr`}*@*4~f0ig61&YP0Sa&tp+fWLv=DX74|zhlqSc=yLgfXA8n8x6YNnjas)3y;l!ckGG0e zIp01DRBFJM4bb^4$M+j>ZI#b@i6Q)A+7}`Z#WnCTdl#8QSHXQ&TogDK_0n5PMXJLy zK0jku>BbxVaEk(7p~KCMfOWwzqJmbx=hF3*{US1$?oRLmzv>u0WaasI*M!ZOqa-J1 zZ+?4k?JxN}II3?V)@drff{!yoMeif=Y@weT^6IIwtpXbph$%=UYLcvwb(q^UMfDfS zkpsc5mc6V;ccS7sNPMZaP+Rro?L9u=Sk0mMU&wV(&P9*t{2OcV0k*S2^tz$m-V+Kp zj0+P8LF#IPbmL=IYtsaY3@bd^3&2JTK?r}DRlD3-!ZbQh@?PJjJh}z>>e=@b^kveTdh&$0S4f97Z@EyvFGTnS7zzL+5U0i9`~U$!NF{z%Jcr zXg!Sxu`TVgljB9kbr(Y8ori)}@D8>&kRXE%FP{h03JHe5nz;gRaro1kuyg-(w$jd7 z-b^z@4EF!`)(}I0CDKIja&~m_lf}!3FzDE`e|S>H|BHfs80?#wk3w)3%x5vvyc4Y^e{Er~Yty+)e5jNwwq#2Xh>5VP9h{Hf$HQ$Tl| zi4)4N!z2J%mHhHPgJ~}&%GfJhQftKx*5*ITMIiS6wVhG#G>C@Xqn^4b+!zGvu)zd) z_FJgAh{qt=c6lRzcMV7XiuE_k(V8En=HHrPd(>I_U%l*g6=9du7rh%VYvCN%N^((X z5X^O~&(G`fpKZ%9HsCA(y;yjsnAtzI@Cs}|LR7i?abv;46y4r|0>)sscdWcfS%%mC z%a}=Xt2znDwI6?o-bD`is3AC2^YUDHy7DDeO$`DrxnzA%z-h0e`sMq5AS;KRH|ivI z^1iMW3)%m(G3pI9e2g+?g99&rB}9{Bn@hxWsogTV*RO_fI8n>GF;ok%-2?_B_Xucm=Sx!N$iEx@9a22fx8*{%1?PUTyeiHXjns zT}`y(U$D|~7_b`QDkY$|?UAvQMf}M?#t#8^8UGJsZy6B9AO4G42+~Nmbc2AzlF}fJ zba!{>BHbm@-Q6JI(kU(79ZN6WafaXjoO|zici$=qJ2QUgc|OV0%sJV+OM$W;xG?*$ z>D6+&&2yb95^zq@cDn7Ev73si_Wd)-9>N~Qb{>q&D4Z`Z%YX9mbB0V6@N?D;UrrF8 zxfC6L;NVaW{al~+77Ax9*$BLPm)G}GQ8Rr3|1>fzBU@3P^YCwfF2_89YbDvUk$St$ z?OZM7Z|lxKb5c@&u4BR1kC5I^42{UM{9j}t4QU_c3P(Cd;y-1HQ?Q$#f;6sMxp5Z$zafDkKO_|A}%^&dH#4Q$8Jk+)iI)+d^1pD{bi)?x4~tiHbw$rjkKsEU{Yhk%X0T>4nDd6TA82&A#}qr zPX$5Auf0w;r*CvCeJ4kSFOEJ&X*M$#dYvv1dGi>Ri5okRmv3RKtgSw4RbB_g8Na+r z$pipjSs{y5e~U_rr%u)YxYuOb6E*nse)pcq{r&*uxEQFrLPYBLVO!()#Q0**YklH} z!+x1~W*bFETUCz5~kM z2XB4Z&o_o6JACQ<%qp8Cla>;!fO9s0w-PUMGo=1|PLF$kN^=2yWbjq^tb&^zxIq_A zM^!iF=_zRl-g1t|b=h>_cO+eUTM?G;or^DJKU~=>lk`mqUA1h{o&BacUCta#NO1+W!O0olYMpvZSsj2m>Dn`|VO;VQQ7%2*# zwKiPb&}w=$-@a>6T16RM7dbm`cDIml!O;rIaq&^X$~pvgUu_RnmUQlxR)jqwjF=(& z^)Q_acdbdJ(=0c&;^Oo+V=hh@eFqBe)%Q3kFnUKcJ8FY}4ll7WYNi#;eigc(Q6v1E zEC1%n9;}C5IwV@ovf2a>^J)CRr8`B6`JO7`gkk1>?D%3CMCBR%49U(4T|aU>YUX~v z84bl5_u2!*B#i4j8DckMUJPH1SM`_)i^*>Qfp&QDa?tz`yZsQ=+kbR)$h>T5V}q7> z;s^ho5rY2YC)^m?hpEdgbzgfw!fA*Ww@X_Oz?Q{sfF&JpStRP8EgjKfoc3Y#M&=DS zb=7Z)MPzRX5N*X_VMeaKBIUc-|LA@5Xu8~1T>cG-%q0oar1wK*x4+Lew+kS^BbA=n zUaR3sELDlpfiwqU7vtne#BqT2YYP)*gf^g?QDm(fFU!QA&tj zGV@DqfF=!H58iCDDmTk*Ye;^IYIpPpGD$1kLY=+9(=@uj{%=|?xpRaB=(UT!rQ)fj zyov26oMyo|_`O}Wn%iE*HHywUqCSZN39v{p0Xi0=!6G57LT{F0tAp|Fw% zt>BzWS?!W|;2bi;7D1Y@?eJX=0^5e?(-=h|A`ftVfwi&#k$V@fuLuN z%;gG)y;XOYS?+6%JD8-JX^Qc(lVu;1PF^9n1`Do{2`jqVs}2>BbfZ*6-Niq2*K@VN zqb>zY2O(IUQRoR@pEl8mQBHQhrg>_M=0X>pnm%aFTiq6^Vp1L2c~Q8s>N0i3^+RuO zr7ZXNV=1qX&L+KfTOY=<`q%G}?kyXyo!lZNY7wp(NRvxvfdAwFb4?E424OI{Z`F^} z-Po=(V{2X5m0`WkJx2}qFR82$%g$=NBXRs8nF6^_(wV520iD<(%4rhQwRDL*PF+`4 z=PNOV0M_|wv)BL@z}3L&CPppn?>(Ir*MFICxlLZoy^Jh|7K98R6*$O=$_GE$Tj_8& z+j?_Kkj`BmU^`Z6;>yq;{wWvR77(9alBHAi4=@#XtYtcQw%+G!wDG=mz9H--nH;TL z_ursjc6ELh#V+GzkC^@=#X!Rpdl7G}cIWqw9MWUd^*C)7FA#9yWqgMKx9;ec#5O6` z-r32&F_qiouEY6lu(Zb72Nh?KKj&}3Nr4GFUys@&>AdXNcOG)r^Ge}Xn)+{SQ5O=( zzs!0oPp8w)zZ@}e9*$RJ;UexZ8Lw1l0xR&4t#EfC zL&x7;inPij-n##IZfounae3FV!wRk|T}T+Wm+v6;uue*WPFFjBUP!2tnkV-z1*hYx z`e;2Kb@<6P7XP8Z4nHE|N$)>h2cB2ddOc>Uwjfi+<*0ZG*N(u>0Z;jG>9W&-ixEfI z&^C{u@*yfL{?m0H4yoL7`B=G+b|}IWt&~})?sZb#?>yyqTrjQsKy+_Do4U-T18P*; zBAux!?>1GK7!X#-4Qu*RzN-5pNl+_-z0cXdT|3X<3pJ-?!L38J5dASK%A<3SK{X@I zfTM_ykB{%|7lITZN`AWYLq!z4f8sFkPTYE$ z`4bw0I`x`O7ET9=yJ@FolP8TE*nk*AW&JeJfwaHK-@zK_X{4q?{~N*rv;N;9fPL~^ z7{logDdXZ`#NY`hF!T#uI&%S8dM-78ku&TefC+^<`&rHecMhPtO2QWuI~!TZIDw<*FM{dvI^a(i8)HK8?-}4t)WQkcu)S?o`|;D)ni11~@E4+f%Ga+V`=L#xB9e%I}bk-0zVl~tzq^Cu(0 zXQNz%U(Vnuvg#w8WM6lilLKE91^`mdjuzoG;#~8!5Cx+zu)p*(O6C$(dJc?j>LZTi;M}ReVtNc%r&^J>%;E` z2|og0w5Wa=ce_I7r4mIoZU@jh`=jNGYjcc8s;+o7Yh+%K?62hqZs01vfJ`?Sk&i>_ zt;oLpk`ybMB<|aF4eAXbdEX-Wbs)4vydm_XJbisYwTT->=A(YXlkE6;OcJie4G&^c zh^|JtK;%G8C&4ij9j7Ek)W4!QhhPv3Y47l&o}F@zsPA8>fF{$M&oZJ~H3%Ix1Z}qK zsfqWp_fiEdl|&){bOy zZyB|8wiLpEL5NYD8@&#rogk=H=$QwUsSN(i+Hh+WRV=;7hf4WFXFZEUHM~Xdo;}=x zg3*j=+kD&ps0V%OJ#faDt@5prGh!3GY~TJHYlB~C2P8eTTu#3~QUa@hp)IkIY~A%f z!15rF)hruWcSzB{&A%bww3XRLy{IJ0&V~qcDMb(urrTmSR3;QR^-uwCHaD*xn(P4; zktbJNgyR%cN|R&Iu242$+56wqnL{+hHT0`wHcRkj^!Kt)6+Q$|HGMY*u`L$A<+{<| zOJ4Rd>glYUViZN8e|i=wJm{VMx3!TiX1~89gIi6lxIH;LQ$|Xu3az6qf0roOy~665O9$K6#aZB=oX4cQPzrL#GEMvW z1|PsTD{EyagYLb>8za;?64s0VHtjwzju|NS$Bb~yb6z~*;0U~#c_acd1`Rr z0uIjofW~0gMhnu4>`ecCTst>9JP7VT z`>K8R^&gfbvjNMdO6)^U#uOeyVzf^54@p4$n9*EjB# zuH7CN3(Tf~c4a={2&%^$&jK-nr4GuYz5?29WfsFhBT#NO{Dl)NJhh|{oK0y3SLj67Yw|CW9p?&TkoEX+Wdbumn zUj@T;F?LXF6Ls@wb;5ZNRb305ND(zl)mH>p-kPBu4^e%c=q3f>V0rLoV2&$K*NL@W>=K?!Kr zHz^heh0Wpe;KuiUA1_jAJ`$}yx>CG%jp+qukfzJ9`6lQsocnP=g5?J!d#wR({lJ;J zqE)>diun1-y9nsZv!@y>5qH)ac?!b)pxe#XAK|LTwgY$ z3)sg1F6t_g0&9t~Wi_Y91CO@k1{Af7Y3ZQjf+FW`V6vMqdf{P+Pr5t5wwOh8#NG`0 zoL^i_Rh|yX!~9?BzBdCM-#w+lQ+`KHwbvn%EHVc=CB0>8abLe9dM!#*g= zxO%r`{cxG$k=#y?d1;GO4q#K??@r6*wHv&JUpA1?>NHnd}Z=*jT_2Aj&_M2rhJ&f{9M`9u|8L}a#(^PJEV>davV;`^p z3B;pb8L`VIphCQJGT9*;`{mIfp##oSH zoN$x!G0U}^xaE23H)G<-7uEYBe&2YPAuE?4<(L+uDR8Wygd>ON1*ekzU4_RW1Jl1E zX5G14RQYAU{Pg6B6&dXkvk|lrd(wnujwMzJV|JLTPK#d!jQSt7NqDM*zC-NmPkmUJ zzuw>IBOhZF^_$b80z~cPpwoH!sEfjOsURo_<7B)7Z{Ud4I@Yv9?lg z$^$h__2AF-yIx_pT~r|Yc-(#2qT98ca{M?s`5A?e`P!j}%%TZx?8p;b32T90TEPej zv~Zk&S)1Vn3xTyafPDEc-{+1V{yj%cF@KNlYrXvG7dlaSyn|9S?QzGl>HIYmpa`Tp zUa(~*M9q2b1{C-#?wS5R55P%T1`Hv9&@}sq52Gbg#Jo{gM0B}+T|Nl#bQ56(7&v-9>#q1O4n^nTEq$@_xwl5fx z1K22M(8~o_pxoXzNv@$JUM(*ck*$FDZqe@g=VzqcVxpsy0Z0aPV(fNc;!;v!FTui* zGg1G2&!@||8U{i=COQ$ZhJGQDgVRP!jIi&j%K8V z`^%oPRYjk+_7r1kTD{{I$aH%Ou+xCw09>BWj+`g^5f3XcEFk`KC45nHiG=KO+w#bR zRz<{F|KG|E2ayd75|aHp;QERL&zDsmuc5Hz-Tu#=lr}UZ0{a*uG865^+!SW<;0>)7C z#_Bh2kG2TH0Tt3SIo0`ym{m{cxLH#uK&01L>kKy$DmD7Z_X|8Wp8;DSiHoKbq&@NS z=}h!pU2#^DTRzD9=!U{nRgIhy;a#^qNUmymS25G-_&@u&pk&_GBCzmL;RJl{j|eZM>qag8(&ex><6>+;(s61iu%DHw#Nf1wS=Ej= zh;Ua5G&Uyg0Te}F(PSf#xJ~fZt7onD`yV4S*AKeShQu3rZ-CAUl2Jis*@}Ry;kodi zwU#~NH!r!7`?t>zTh_#X)&y)# zZ+V6|n6=vBryCl$ovdkOh$c`Awx``sH#vai57)pk11gmoauwd6=9meTSFF?IHmgs7 zk9(B88|`sb?FOeWv|TmP_^%cnmx8QnFJOMlhL=kar*9{NW>(`W69b+J>0GQR6nE5X z9L<7zpaKNci}BUuLcOdh6<9Z0b7A9_yNBbLSAqC??W9++)l9yiw?C5np}%1Iszi(l z5s9e~puF9z_U_YFE=U5)vLP1M4Wx#^_?{<2!N9zYI&O z$a$C5?EJWOGpay^*l91>>91k!?+1PwR;ASzA!QTnn#@>q0Qm;&GxQPChavCoN<$5< zVZSfPtrt{^pX`8S(~~&1$49!flfI;bYOt38iKh+gpx9agWw5!A(7Lz*my-pLK=L1r z=xqvE4!mk;cJAN3IN_RKW!qI%F*M{Nk17vT{qM*ad(eJt)bc_8oslaTzfG?m6DBub92`k?;CRv{Q3fm;et@TvNW;Sf;o`gx%HA0MDlu}6 zS{|H5w&!`h7=>_h-325|xo<@k(3?M>uYB_cc@Zl86y|umZf`;d)I;Rr5hv@{X;hD1 z=$OYW8%}A68}Fo8f)0SC@+F`U&~0#7+9SlCw*j*IR>77k;GvxO!u~iUh9GdiPR}n8 zb1x{>Pu{Gn+x^@&ADS{WK^2v7bHIMSrAZG+0+97amYHXNBVLkMkK}Fcij0#F3}EEx4yK2*b&Iq|Mz~oeR5{ z2hYl#VuQJbtA<)Tuq>9J+rM#hm zL#gzcNj)Q|srb{t-`AS@!@8L{K?`MBRnw0euWCQ3GgtISF0nDKc@A=LC-!(Su%B+w zl+`fhscUtdt2Ju|l7idC*v{XN%<=Px?fJOx1SH%jAoetuv0+dK={s6~7D#DRLFy$= z>D5fGn5XYgI`XjdII05Is3PSYkvC0Jp5J?VtsBu+v)7M?9pkz%JEvuZDr8D#+5L%0is)y4!=D%L|>ff&@E za2QeVj^->C2Bep2l4FrG#;co>aOGzZyhrFo9>Pjo2FhTh^Rh|M9#NrvcWuuSlFxdyN zx+dtg$meV?#_1bZiz3Ux0!Aep;wxA_Fjn%GTo%U%cQfJvxES}t70ET z9Gjn2-_nqD_S0hfDbsoy0g@k``rDX`Iduw-OK(XJZa;lHh5ljZ+x(c(B>kYLX^}N= zzC^k%rdRqCcp0G;cgeJ5iVhcgQiLnGOG4rGfsO#F=o{M;h@yco-;IZC9* zeWarY5eF=X5&VwJ2aUM;k@-$h2-3FayHR=eSAk!=L1u))1#KoVX-`MY{T@%Lsh-G3 z#6>0o2k~V5Ok>0!{!ciXNj#%hMMy1xgbBh!-XO^Ci+J@~?C8~T;7ZRx*PfDaEU!gE zTUx5VmF)$Tq{U{a<&Z;-EKEEkM_7GMZTX&d*p{R5H#7)+KTzNq~NX(76nH zNsWI?&l_)+!3FgxQ6#)p|!Bg)J~WIZVWYNlkUS zWbhNb~otY*+$;UEovC(qHEsixNQ=`JqnC*n%YO|3nd?yJa;M}x^! zT`7qgD)T6(ASM?+B)*>gbAl}4wb(D1>K~_W}svPa) zTsR*=cmfD8wv&fdUgA}N%ebH=#WT*|bo#zHuJdThm~ebFe8Z7ZKRhEzus169u-&BS z2-8SBC&J1ls_w>e(5YW~ju&_B_|Ux|<+ELJJ@A69^Sw*{aO;0B_4?}p!J`CTctlFv zGTH@8NkY_{t!t~%qaX=8f&!L{(Q-qJ+h0H@+6Optt#3nOpNP5gTYuLAaTLj>KQ0%~ zfZ$(OPd?3UoG`q@WOV@l*d#C5#$>2Zy;qE?plwZs8LTqLCcu&2M`iY1MscWdO=M8PSDl*Xc#}?xn7xS zJSV4zSV%=Ce$f_uGb<^bP%t2lks~6?O%uUw{Kvy5A)!IDqZ(ab`hg`0rRVJ|s>J;b zdV@H1Kb%EbOpum~Yy}R=q#9}ZJ`QS>*(_Ea7^lqQ=fEK|@ew&stzUP55~ z;LTS7kHJDpIpX1vkqTcg8*Zms-@P@mYxQvk;Xpq}^L%-gF7P}47wdM@d5Xu)X1nQn zOw5>)^ekv|vR-J!k%^*F8Jrcd_{@$A^4MP3>}FO-EJ#q{An&nMR8}fjy?v_TD~zR_ zR$`u9t@=i=tfEv{)8Z)l5t1G8js7LAdovL4B`3dkIG*vwxe}p`qZ{tJj7^y_w|pO#b?SPvqp?+%m_W zc&vJ$2b-dOcgMczl=($1!t$qash^VMloBiF4;IjA?wv)4AAJRn1}NLA{EiQNvP^w6 zfw#b`3qf}$!g+_KEtfiHm>(kn2m^39J%Y9u$enlNK9+oESGcIb9%6R<{V>;MG7Ddk z8rVJ^{wgoqc*xFoj^it7NRdF&8Ymg z{vhb@{M?1Z0S1XJUkkM%C0~xNm{lE4Wt2t z{!?|>)u9uQdHeZfg;~A|7@b2_Gv`GD6Jtyg_U2)5sWJ`rRQt)BOJ*U z_MRO&lq{eZHRZq7_e~Gq#S~r@j+KZ_6e6ZTZElv|NM9Qz@c+*T!y+kETEDMYT+@5+tAwZXcnwoj z*9^lwPA--kQF}Hbh>jQDngL`E^Nrp)L9ZaLRRRz$ApeXEn0N!d^pay@NO&~ZHwxT* z%Y?6+dHW7_TLquJIKfWe+=wfFYXy=|jxt+kUgw3#Cpa_pZZ$8S4lef}gtjxlp5+i* z(T_ZH>`byo6_x(otU-c!FI%j!1C1zMbupQX&vQf4Z5q%cyyey;dNHh7#rdwyst%$6#>QIzG2=(^k z>T1+Xo!PJSuzzrUV~A#AbZz*JsVFRA6fS{!YZehY+E4VzCnqXr;Sm-7$#t`qN=y&u zH%UL*x0x9uA7W>8@$}Gv)w)Y6CeTMrjN-Rn=KNcBS_Hg*EM#=dtQLc%7W_xh$#~QQ zDVQv|NqgkrU0zOJnS6~MEH2=N=mF;GFbOrY@u^!-g(5n0puzr zpeOt6v1JwCXOb623J|p}w*J0!nlxe;`($d>=nggrihj6XPT^P4Z#1UeO|oJ9^fR>Ip!)!97{?z^*LGB6(R)b^ZR(^|zzg4Zf5D}vv# z9|`~<|JNEgPJQdT!}hT0Gy4hq?t}RI>GhI>1p_xZd|Mw7Zf3|Fbj+wH=oF8*2JA(4 z>`tL4k?R;ch*I=!Z5Y!!cCbctpZ3zGu!>D$fRlqLOh(UX^t4~dO#<^Su8y?}9gLD= zN9HpHy2LY!xuH7YMh=od;(pwU!Iok0;aQ{!B&yB&46k}dV$bvCZhghxR1dCIZg(j{0)6=S0a_!o#{KQzb7c#h75E;$u{=1X2c$6Mu5y=dl65m$+WD$d${E$`=CC|6o(5IhaS_KSz@XM?CDk>9N_hqbjb_gb}~E99r}} zw-F6eRBX+^+%|a7HHvh@NQ|shM9nqraoMW|b5>I$LD(=AGuNkUCxa#~gxb z?y3qm3R(EeR=&3a5n0_5nX7)4>q%eBfIefddi|-Y=RbL=4eyEW*;f%)EQ-?R3!5zr zx!E6Qo!oXWxYK{#7p*ySgCl7jL*IhbC4E_~Aad>tKcQ!AkpVRpUeu;lF0xJ{vbbyC zW8#AY1JTa$Rh0GB@%00V6qh}rjTrKJpk7*kj! zmPsQi@6;dvC=mP0<{%U&F;5<9&VQX2KWhYN@=*8(_q6dE!u_Mjgh8ExMjxHR+2G|= z`ar5?jMB4n?a10+$=Ga8Z6D=c5AIS*v392Fb~Qb&4lm}M&!0V{gCpa4G5c7-2W6K$ zB5#LWj=L>-aViEn!(}UX)pU3QjbgOlHfqt%jx<|le5r|qX7eYW@;ygV?eTEniE+K< z-okA*_0A?`EE3=3H>9lm;3x<}W6pCu1v4j}pD!H>GglP%K~`-il82Bz2$(LBjd-1S zYEc%?U2L^7V}$S!MAE=~HW7tULWJ%lT^5cjXlFElbC;*6O2k+gkusyRjTa^(g|$pQzq?1IC=W`Z9%0J&7Q=-A^FR{#$0J zyGD_Uq8K}i0X$EWL3><|FRYdU`N_H1taC9E0`}+UFsOq zLUW^LxzAX@wVKyZ53WB$H%#PTS1~$;&G|DZx*|`1(tXZ)Hcud#9rCeVkqW&CcW2eL|$*Nd5Gi@Vs`Ah~#)8;B^ zO8a!3v2OWHHWs~pIoG7G|ADh7`ThIgIY#o~l!wfXl&Ij@{IZN+i`8jpS zcSWZpH~k!+owl3sOjmROGAq~f*+NLY>x6-OGa);%RBFjA3W_5A3iM0*9a z;M~`FmPsam>Q7-IkC`FU%rwu)cZoGDZ$(g4y#NwMEe|)+fbeMSTfm+ID67;1P(w+^ zr5^EjY@bVd>Y81@5nIx6}g z)}RlY4D8YTlVh=t^=s49Z(1jF?Ki5g=#TLxlXK3J#S2{~LQ&}r@l)#!@W;+lw>j7C zjNqvc_)S6uGcA_`i}3&OKwTc+=qFN2xeA?P3&$bh)=6XlnZ7vwhZmM?*;0 z!l{W)XJ}Ee#i8r0q}B@06lO|?KCg6=Ak!hQvlaGB(rR1&IkkY?zhcDq*$&i}NyGB1 zg$U+dCnWNo^@4C@GVowt^X9xAx|RvuIe1%`cR^vtI4&crdt=_fgXzm0H1Ps(yA8g- zOw*4DW$9~WVf?3mi1w{4l&LS+{$grXSDTipcKc7% zG1~<4%FJJPR=)mCp!aiTm-wd~G#w>otShbJLU0J&g7X{ELfot@eX$N(%DmE7@fg3+ zgdq!R_Vo%^P=lf(4_Owo%Ale?`-7H#OBUbG(Q^s~(;xl?lZ*0tT?^uZpyX?_z6s}% zEpJ^A9QJQ2#MfPW1*tG= z+!jHr#Tz$SoFrs#vu>wNhN3Dfh&qRAQ(k_!>xCt2NvQ9DJV@KdL3;pG!H2Vo`U_%d zF5XItE+G814#p4Wb(B;^NBrBHo`fMc**| z$aze zI`|B4`zPlghQo|96}h8yJ5uKicuPuIR4mWv2oV#Mpfxn%@Z4BcHC^6D2fM;OJ9l@@ z6{0!*VJp`)8-1OA_wkIyprMb!@KvOAZ@4g$vSxHdZM_=)O)Q8bksoNnuc&24Y_m}~ zJ>H~Dl_ux8JGpLN@x8xZXE#rl3#kpaJR*;F=#Nqb{5i(gcCxaq(WZr$4ge9x=W@W^ zAbcjk-4@5koW)-iG28Feji8%u^*e_F=h>8tCx{#Z9N>dfeQ$bMRzJvQ@%ok15aVLO zgUud04vy(zuP1wcpgdoffjwiI%j)={zg?bY8lu(`}PHQ`FOmq>pM_GaKp4*IZ1IXN;!HvnA`}3{rlCobz}D)uPTDVoSU0y2V*J-I9a?69;^Q%&O>OTr!pG2RXNIm1af|gw8KcUc$;Xtu0G<+GNuvRATEAb1L6@wgYyUm9b=4uX4ug_Jb z(Fj97jQd&c89i;-l{Z1Yfi)OW_~13IJ)OfR250CRKZq4l;Argd_&V_-z87w1*TkE( zb>dK0vm2d6OgG_=nLcqx$q9-|BnzG}648jRJkWuT3%Z~LiJ8Y{CDQS6=DZF-d3rRH zx5OpP&5_Pv-+#16rT&NJG*tPfqUi623yA#Ce;QGO48l++dVu7L&pu3-gJ}~!zQHVu#my)>$*f;{P1`014vv~-66>VsPQXGo?*y%`1m&$ql6Z3cUH4)!X|&HXigOyK0WG^YiIc z$ueD$8^>{}6sC`NW&b=91ekfLD3a7v%Stj+BA_M)LJ^zX81?lsr&L;Pthhjkaj!TX z7Ms)1X(@uBCMEu4vSFXcIzd+n!i;2}VbYtb3^<$Gdeqz63AJGS-MHDL(qxl}QW*(2 z&ukyDJ}h$csaiPE}L@y%gE@_+7f~_83>03W7n#|vODA{PMmRy z!;0kN%3{yzd|KYIrmKxLD$B%A5OxMyq6H9awzB}k%yFYmWmF;9_TbNR*uJ?;XW#Y4 z1#89y-(l_s`({I(bbv*^9aa`YMg3by|L*y-aNtR3+r<7aqw$!~8DmWlM3N`5(yUPy zp9E|ac0A^#si9JYp|AdLe1iLHw8*#>o=wVE43vv&ip}>_79{*aXN(45<6-9=2i3xQ z=5g||pye^^;_t{o()?@c&2trpQ%G1;d;$i|ye3b~d{ic%4x-y7^Wykv>(A<>?}3_| zaYz44>F&z0;B?mC@u;=>u(w0beZ@5O)SzWZ{nEJQ-`azX_&=8T=Sf97yV*gRO7HK& zzgkKfCr^oxuk2zrD~syd$D#>uyUWpWsSY|OLfrWH<-OS5SIR~mqK2P{zoY7g+ zQW|@o%LLmmoZ(m3K3jDNNDj+(t_2f~(R&*{kzvUHHXWZjBPea;+abbUK680)fIir2 z>0zZLPE-CQJso$#&xN%Lx(X}r@Bzk|vpOB`&_4+OB)iz|S5w*tLCq+Ty$?~Z%Xuw?O!y@T+SswOTau>U1hzY@(G0n} zB0X;=hbvY0s+6j2ANaVtD7rS`G_k{>@j}yNbZ~fYP+-U<>`V+1uhjgTyH5 z*YR1S2s_kSwD<9QTF%*n6kO4cRSrV0or_vtd59&@qg(joPO`#v!?t)iut{uv^|B-(O)6Fbt|NfAC=SbID zFE34L02|T}8NZRs6duy6yLaOb_Xf@4rq-@NM_I@WzpLP6+&#c~P1tVpGLz;T{%nlF zd1GoS&}~Z>w=mLqJooJ7{%7d`W8v}S#7g>P>1fmCE+F_p0+GxW`mi_q_Tsh{UBB@I z6Z%+7`$v{lpLAP^p;I-d-!J7?`))k+b!qpB((r3fxHyA8cm>e|s7cH0a7j`;yD?pF zLJ|_*!Z8!KdqiD?nA}+;Y=3#r=xyF=?B_ZQ3pPjHaAo{Q)Wni8Vqs7Si*`7?wY+0{ zI1eDD9*jmP?{0tor%0pL_Bc&6U?s>0(|Z$xL8uu*Qze~no%hPEHKh!NMDCZ*#X{yDz^E6GR zP5L7-tz#2$MKH>>S+kTCK2tScb77|ssxIjP>RmI&G3;T7$bW{f63U4(dn(Ugxb_Dq zY&YsYpjxP4$U=cQhB^6aJaJgh@m>dx89W~tvtWr4PIlLyQ7-w9{nWYRD{|t0Nedyk z5o?ki9Dl20*6rp$+fy~lff4)9y3VXDl>r^TdMbBaj8%>FYX%^9Gg~ zOSMlDy-YeuO#Y>kKEqEySrLcVBq*_a*8-#o;gA>YcD0b|A(x-xXK+D<6-|~dz2&EY zAnroMv%YAK%&~1@A@H#@7GPJ9d6V62G_A6abTBHLZP*X86e~K*L##zpG0io zYn7XiN%}*6qIOZ4Ke*VtA5UuS5yoj%miQ)92MH_s!fH!WaK$cKd5c}YEE)E}2WJmD zVCAe$>dwdWFN@kgWzTlE+LlNQ&{*b=Q$-{lOiBne2wT3p68ug3{+gxlshZDifbc`n4QCUYp^U@5QxW7j{0vSB+uF_JCZwMNZrb?Vf?T z?w3^-Dd){NtFbSMk#G7v#J4KONgmZX18YJq)kDqDG@zP(QH<36D zqnKjba_t~gf*h&TC;Kl9la~F7+AJ6rhn)GvYh50tyG0$x13reU&t|-85fiO8EnnQWP(I{l#iL&P99|A6^Pu} zVz8x?M(XgS(}XXVs-=&A55k9$!l-7)lg}y|ws2u3TEAmd&!`XxKFlfAD`(kKQk^iF@@l<}9_4;@`1y4mUu)@WjZ3B1fXE_51X|ciaLOVkFfqeg1hPl$=PjCD%{?|Uq{Yb8P&tUs)Nu%N`p~K0yH=FewTMWFStn_oH z#v#5|KF))z|j@QSm~X1}=e@t=|-3y&t{xn5v@bn?IM@yqp+>y&(YN%ubY3`vancT#YeuBj3p0e$DZkro7&WJBn5Qp zV9&HplMG$4;^w*>J;&OUE}UM? zx45c(asKmyit1}`fwwRMwPu4>GaoK+o*1EjbWwZz^hkc*!x@*sf(F2IL%u<_ClI~O z0JJ0FH)ugQP%qEn8{kd-AhBb1kX6%x@$vnuW-;sk=>={Lmw#Zc7n2V>>g84;)0a<| zy~U0tbAy+VPiWe-zeWnUrd{jWy4ww=x49m^+?X%DbKgF`zq?!xA3rYLeJy3zqE$QU zm8Z1D$(2f6vXpJWdc`9Y)v{d;<51Gan`rK>V6yNy+Pr>Df1o+~o&WtDWo_IxOxaySEhn;xD zaimtKNu(j>#$2C?9;X$LD!MKPMKH(}QFeWz6O$$=O`PV^<-EN5r#sWc`r^cLBXKU* z<=Hpa0Jofg;%zOnJIAKgGY?IeAEP0+^Un#b6Yu*JO2phPAR#KDEAP%><#aJJL}n5* zr@gztECa}v>5RP=K+$hS28}$zB7?C6)dy%E=d)Bc_Dk1y6%uM#( z*au@~zI(j&zWu(xSS90-;mqLtII@d%xPcWW>-{4U|m=7H;eHtrnuoQ>3+|5i25EwWtsC!Jj%ySisz z^4rG`LoS61oI1nPaMDbH0l|6XV&F;nQ^+e@o_9Vh<&(Xkx0n@6C3epSt#T;~!y8RMVtv%t?{A_D%stadVo=3a-3f7#P$sf{08 zqR0OG=!3lVqfpg&K8fqf9;@SaL7Zu%tvvk7O5{x2=;8Jz?9Dly{O{(Ub#BX9^`6os z`~7PV@-~k`!t__Tn|Ox+<1;9AImiTB>$NlUy3S@AK13Z@ru*J)OHIU2SKsJ(M1+jOc>fW3N7{g#GzV z-IJQ$^aJ?yNO<`|?anC14+GOPN zE#+p0ulu7K8Q$e^lHZccWF^-Tl(=TL?>Z69F8@5;vc?KE3Lf!Ix!bqSiX|+{y^Ek`A9^j*d-A zk3iL6jjpp_c$HjheooSJHQLEsDKY%K%=&beA5FsY*%}MwZez0=KZ5qS@o%$xYkw@q zEhs>x>{w1(ac6R^8}1-G@WI{pMZ}hGjWzhz4f)t3j}-3}nQZqiC+SnvzU%`lO+`NW zA$k<@Qz^U4*VT3lDP3GIAMLiAjO|R3cF{fxIeW$RNJ5|2a>st zkW-oqlw@(%r!?h>%j51q89nJ4N*z328 zRu$zv_wLHOB2LowkPZm}w!CyIm{)cWejbOC4W5WkuB9_(rj3enMERucQnh4wEdNj* zgFpmtuz77h{W#VHX2(ME+vYEWiBiB`p#&50d{Jm8Ewp5yDa%yoE|BhZeE zX@Mz{?)!a7@P?bmjCL1x_B51}fO`bGs#DROFN;Wg3fu*pEtAQ$r^xOv$l}+A4v^1o z*qH=#ezSFhPqW}&9~6g1)W{%Nbrr0Y7(UmIQsY?seyi%d9C>@8u-xlr>VxHq)Iw!ivmLVVHi zx#docaV-jn^~)Hz3_D-dn?SdP-Z@c2NC5A0Tin&AZ!wQ+QMxvgVR9h!n$)K4Z;sQv-qf z!ATGWJ%tn_&sQw|gkj)HuC14NxPY5%|Gd#P{P!-=?t)#alZ+jgA?CIx6dTmW0!yGu zvaJCQ7beChN?0EOXD3`=gP9-QhKa2BTdC0ux%l!69Qo=Fg$ULI3w{eW`?DNpTJLob zj{@X%E~U9n&r@+HIBE%z>m(}3QFJU_O8mG{#LQb=ebaNbcUAwpUXhO-%88ZQ-}|SA z>^?Sxcp-bH(=?>e9P+vR_P>h>P-(dXvH|6N5N#wkQ81_Mtr9Hia-x+>~c>zZVsh0}Ls- zB>k`5QD-sRbUpdJd#lWN&>##-?d%{RS$fxSKJ!=n#&&Nc!EeUX#ej`LWpP918pw&E z|MxLD(_F=$PX9QS-&u!Wg&kg6=)RDtyqv<^C($ENxuYNyGCk)I?x=OggXcF$f3@MP zDPY&rJ9n2p^+zpd7H*3}7AAbIbN!J7*obHU_YPnqnlWq_{@RG|Gwu4(vWRVtr!QvE z5n?jDZ|W9jl7?hCiT)U>1vI$>v}5nvlzeDb2^Sxf>~lGY^}kK@&(*=Hp6hrW9&YGv zy_J0ZUpMYZ5*z#5K;5~U&kw=jJ+i)@lNTfN#59ldRl&ywoE!a!11;)bbwGSq*@uH8 z0OvS4)_FNnRdgbx5%S>XJ8H7Hkn^Spzd0pMare^zE1f;2eIc#%V4?-#gytbq&S-Q0 zG1!g4F--J-zAgN#`B8REW5jl(tVtHVb1E@bq;O_q=IR;Q6?dfHkk!OH&W`=;OnK!N zw`TQr=4&G*AhQZRi87uoq!mrr0?9>>7IM}%hEdb7ZnC6fEJap$e>Iy~rY}lK)b>n9 zu&O=<4_=w%r<`gJ@ zyNt>4+&M&B?(%Mpx6tSW%WZbq$4ibQgLHd?^?L7(>9+2^3uyb${J#sCO)aLIq>c9X zX&?9k9I|bz zesLGG&A$TxR1c)DI*EO{R-UBT*J`n9Lwy>uPJNy$6}NBSz8O-n2VxFcp0_)?hjW;7 zA#3C+#&lOv)}hb=#K`3iS#vy+^_4#|pEFCytvMP*$gi?@3J(Ff&-XY$N2Z9L2Wf^-#BC6II`g7Vq%wU#LyYFk8DFc{74>Chlnc z8FC#uE0iB%C8Q7~?)G*%T3zMtC6z3PzASZ7Kf}W?(kKQ32}NtW_Ev8=$Z)I7gJJds zCfm{I(2VHojI@~s0_ta_eZQ=H%e>}NNe_8@ai2r;iI}>w&vK}`JkD#SRbp?h&u{mk zz@Z=F>2uidzp7Rwc^brqCmAD?rD3SNG37mN<4UR(Rt<6;&Gy!b5sC}XLr1@M=!~uk z3As%6GUZn-?xOg6zx&IyCw>#Nl6ai2(}B8}#DT7L(-S?dTxOk6QZbiwA3 zmV4%PTUMIl9vP#zege19XU1RslNJ^RRWRjD*#T92__G&v`h&W>tj<9^PWrSwuiBDbr2VP;RI z)605y%8^26yxssrG5HU`Z>(pNJx5m=Hujqkhakf8qh(ECz^hIRCs3r^yq8Q6J|?JC z1D?D!ufzE2I9^S(5qN$YmF&zn9l}H{z3=8e7049U>>`UG`~@ME^W02;pz2Htac@OpAIv zj_&EX3|V?U?kTNmCdb@*BU<>WWjV9CkT_*E)Mh&|u)_%7Sh7cOtu{uiir#Q)?taGK zu_Nx{B|z-DV`Fs$ibIRv`Onuh(Ezjr%?EPVV_|HXhL4G&$h`FR$Sx*DZDGGToQ2wq zB-%WK9vtLw`dby>s5SuU4cQ?N9&F2|mBPCG$2`yI75H47Z(KhFBDaV~p{!ydh~35S zea5Nu`z}&o>z#Zqd&qVeeX<&+4=Fcj7mWV!

The root node.

Supported operation is Get. @@ -70,7 +71,7 @@ Update

Supported operations are Get and Add. -**ApprovedUpdates/***Approved Update Guid* +**ApprovedUpdates/_Approved Update Guid_**

Specifies the update GUID.

To auto-approve a class of updates, you can specify the Update Classifications GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. There are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly. @@ -93,7 +94,7 @@ Update

Supported operation is Get. -**FailedUpdates/***Failed Update Guid* +**FailedUpdates/_Failed Update Guid_**

Update identifier field of the UpdateIdentity GUID that represent an update that failed to download or install.

Supported operation is Get. @@ -118,7 +119,7 @@ Update

Supported operation is Get. -**InstalledUpdates/***Installed Update Guid* +**InstalledUpdates/_Installed Update Guid_**

UpdateIDs that represent the updates installed on a device.

Supported operation is Get. @@ -133,7 +134,7 @@ Update

Supported operation is Get. -**InstallableUpdates/***Installable Update Guid* +**InstallableUpdates/_Installable Update Guid_**

Update identifiers that represent the updates applicable and not installed on a device.

Supported operation is Get. @@ -141,9 +142,9 @@ Update **InstallableUpdates/*Installable Update Guid*/Type**

The UpdateClassification value of the update. Valid values are: -- 0 - None -- 1 - Security -- 2 = Critical +- 0 - None +- 1 - Security +- 2 - Critical

Supported operation is Get. @@ -157,7 +158,7 @@ Update

Supported operation is Get. -**PendingRebootUpdates/***Pending Reboot Update Guid* +**PendingRebootUpdates/_Pending Reboot Update Guid_**

Update identifiers for the pending reboot state.

Supported operation is Get. @@ -188,26 +189,25 @@ Added in Windows 10, version 1803. Node for the rollback operations. **Rollback/QualityUpdate** Added in Windows 10, version 1803. Roll back latest Quality Update, if the machine meets the following conditions: -- Condition 1: Device must be Windows Update for Business Connected -- Condition 2: Device must be in a Paused State -- Condition 3: Device must have the Latest Quality Update installed on the device (Current State) +- Condition 1: Device must be Windows Update for Business Connected +- Condition 2: Device must be in a Paused State +- Condition 3: Device must have the Latest Quality Update installed on the device (Current State) If the conditions are not true, the device will not Roll Back the Latest Quality Update. **Rollback/FeatureUpdate** Added in Windows 10, version 1803. Roll Back Latest Feature Update, if the machine meets the following conditions: -- Condition 1: Device must be Windows Update for Business Connected -- Condition 2: Device must be in Paused State -- Condition 3: Device must have the Latest Feature Update Installed on the device (Current State) -- Condition 4: Machine should be within the uninstall period +- Condition 1: Device must be Windows Update for Business Connected +- Condition 2: Device must be in Paused State +- Condition 3: Device must have the Latest Feature Update Installed on the device (Current State) +- Condition 4: Machine should be within the uninstall period -> [!Note] -> This only works for Semi Annual Channel Targeted devices. +> [!NOTE] +> This only works for Semi-Annual Channel Targeted devices. If the conditions are not true, the device will not Roll Back the Latest Feature Update. - **Rollback/QualityUpdateStatus** Added in Windows 10, version 1803. Returns the result of last RollBack QualityUpdate operation. @@ -217,6 +217,3 @@ Added in Windows 10, version 1803. Returns the result of last RollBack FeatureUp ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) - - - diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md index 1e0af5deb5..c8c22786a1 100644 --- a/windows/client-management/mdm/win32appinventory-csp.md +++ b/windows/client-management/mdm/win32appinventory-csp.md @@ -18,9 +18,9 @@ ms.date: 06/26/2017 The Win32AppInventory configuration service provider is used to provide an inventory of installed applications on a device. The following shows the Win32AppInventory configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM. + ``` -./Vendor/MSFT -Win32AppInventory +./Vendor/MSFT/Win32AppInventory ----Win32InstalledProgram --------InstalledProgram ------------Name @@ -32,40 +32,41 @@ Win32AppInventory ------------MsiProductCode ------------MsiPackageCode ``` -**./Vendor/MSFT/Win32AppInventory** + +**./Vendor/MSFT/Win32AppInventory** The root node for the Win32AppInventory configuration service provider. The supported operation is Get. -**Win32InstalledProgram** +**Win32InstalledProgram** This represents an inventory of installed Win32 applications on the device. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram +**Win32InstalledProgram/_InstalledProgram_** A node that contains information for a specific application. -**Win32InstalledProgram/**InstalledProgram**/Name** +**Win32InstalledProgram/_InstalledProgram_/Name** A string that specifies the name of the application. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram**/Publisher** +**Win32InstalledProgram/_InstalledProgram_/Publisher** A string that specifies the publisher of the application. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram**/Version** +**Win32InstalledProgram/_InstalledProgram_/Version** A string that specifies the version of the application. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram**/Language** +**Win32InstalledProgram/_InstalledProgram_/Language** A string that specifies the language of the application. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram**/RegKey** +**Win32InstalledProgram/_InstalledProgram_/RegKey** A string that specifies product code or registry subkey. For MSI-based applications this is the product code. @@ -74,32 +75,21 @@ For applications found in Add/Remove Programs, this is the registry subkey. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram**/Source** +**Win32InstalledProgram/_InstalledProgram_/Source** A string that specifies where the application was discovered, such as MSI or Add/Remove Programs. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram**/MsiProductCode** +**Win32InstalledProgram/_InstalledProgram_/MsiProductCode** A GUID that uniquely identifies a particular MSI product. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram**/MsiPackageCode** +**Win32InstalledProgram/_InstalledProgram_/MsiPackageCode** A GUID that identifies an MSI package. Multiple products can make up a single package. The supported operation is Get. ## Related topics - [Configuration service provider reference](configuration-service-provider-reference.md) - - - - - - - - - - From 65e31cc882942241996f04a3003462f0875db85a Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 24 Apr 2021 20:49:29 +0500 Subject: [PATCH 090/156] Update policy-configuration-service-provider.md --- .../mdm/policy-configuration-service-provider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 64caa2be1e..fbe229c166 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -37,7 +37,7 @@ The Policy configuration service provider has the following sub-categories: > - **./Device/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy. > - **./Device/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result. > -> For device wide configuration the **_Device/_** portion may be omitted from the path, deeming the following paths respectively equivalent: +> For device wide configuration the **_Device/_** portion may be omitted from the path, deeming the following paths respectively equivalent to the paths provided above: > > - **./Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy. > - **./Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result. From f9a95bc467c15515d0d1d6e604206b751ad9eb38 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 24 Apr 2021 21:01:56 +0500 Subject: [PATCH 091/156] Update waas-servicing-channels-windows-10-updates.md --- .../waas-servicing-channels-windows-10-updates.md | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md index fb18f2925e..182ef97bfa 100644 --- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md @@ -38,9 +38,6 @@ The Semi-Annual Channel is the default servicing channel for all Windows 10 devi | Enterprise LTSB | ![no](images/crossmark.png) | ![yes](images/checkmark.png) | ![no](images/crossmark.png) | | Pro Education | ![yes](images/checkmark.png) | ![no](images/crossmark.png) | ![yes](images/checkmark.png) | | Education | ![yes](images/checkmark.png) | ![no](images/crossmark.png) | ![yes](images/checkmark.png) | -| Mobile | ![no](images/crossmark.png) | ![no](images/crossmark.png) | ![yes](images/checkmark.png) | -| Mobile Enterprise | ![yes](images/checkmark.png) | ![no](images/crossmark.png) | ![yes](images/checkmark.png) | - >[!NOTE] @@ -70,12 +67,6 @@ The Semi-Annual Channel is the default servicing channel for all Windows 10 devi ../Vendor/MSFT/Policy/Config/Update/**BranchReadinessLevel** -**To assign Windows 10 Mobile Enterprise devices to the Semi-Annual Channel by using MDM** - - -- In Windows 10 Mobile Enterprise, version 1607 and later releases: - - ../Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel ## Enroll devices in the Windows Insider Program @@ -189,4 +180,4 @@ Administrators can disable the "Check for updates" option for users by enabling - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) - [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure) -- [Manage device restarts after updates](waas-restart.md) \ No newline at end of file +- [Manage device restarts after updates](waas-restart.md) From 08abc8ff4ab30cd37d9bc085a7056a0dd3008236 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Sat, 24 Apr 2021 10:50:54 -0700 Subject: [PATCH 092/156] Update enforce-windows-defender-application-control-policies.md --- ...s-defender-application-control-policies.md | 92 +++++++++++++------ 1 file changed, 66 insertions(+), 26 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md index 35566da77d..c2f2804ec8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md @@ -23,50 +23,90 @@ ms.localizationpriority: medium - Windows 10 - Windows Server 2016 and above -You should now have one or more WDAC policies broadly deployed in audit mode. You have analyzed events collected from the devices with those policies and you are ready to proceed to enforcement. Use this procedure to prepare and deploy your WDAC policy in enforcement mode. +You should now have one or more WDAC policies broadly deployed in audit mode. You have analyzed events collected from the devices with those policies and you're ready to enforce. Use this procedure to prepare and deploy your WDAC policies in enforcement mode. -## Convert WDAC policy from audit to enforced +> [!NOTE] +> Some of the steps described in this article only apply to Windows 10 version 1903 and above. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features. Evaluate the impact for any features that may be unavailable on your clients running earlier versions of Windows 10 and Windows Server. You may need to adapt this guidance to meet your specific organization's needs. -As described in [common WDAC deployment scenarios](types-of-devices.md), we will use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +## Convert WDAC **base** policy from audit to enforced -**Alice Pena** is the IT team lead tasked with the rollout of WDAC. +As described in [common WDAC deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. -Alice previously created and deployed a policy for the organization's [fully-managed devices](create-wdac-policy-for-fully-managed-devices.md). She updated the policy based on audit event data as described in [Use audit events to create WDAC policy rules](audit-windows-defender-application-control-policies.md) and re-deployed it. All remaining audit events appear to be expected and Alice is ready to switch to enforcement mode. +**Alice Pena** is the IT team lead responsible for Lamna's WDAC rollout. -1. Initialize the variables that will be used: +Alice previously created and deployed a policy for the organization's [fully managed devices](create-wdac-policy-for-fully-managed-devices.md). They updated the policy based on audit event data as described in [Use audit events to create WDAC policy rules](audit-windows-defender-application-control-policies.md) and redeployed it. All remaining audit events are as expected and Alice is ready to switch to enforcement mode. - `$CIPolicyPath=$env:userprofile+"\Desktop\"` +1. Initialize the variables that will be used and create the enforced policy by copying the audit version. - `$InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"` + ```powershell + $EnforcedPolicyName = "Lamna_FullyManagedClients_Enforced" + $AuditPolicyXML = $env:USERPROFILE+"\Desktop\Lamna_FullyManagedClients_Audit.xml" + $EnforcedPolicyXML = $env:USERPROFILE+"\Desktop\"+$EnforcedPolicyName+".xml" + cp $AuditPolicyXML $EnforcedPolicyXML + ``` - `$EnforcedCIPolicy=$CIPolicyPath+"EnforcedPolicy.xml"` +2. Use [Set-CIPolicyIdInfo](/powershell/module/configci/set-cipolicyidinfo) to give the new policy a unique ID, and descriptive name. Changing the ID and name lets you deploy the enforced policy side by side with the audit policy. Do this step if you plan to harden your WDAC policy over time. If you prefer to replace the audit policy in-place, you can skip this step. - `$CIPolicyBin=$CIPolicyPath+"EnforcedDeviceGuardPolicy.bin"` + ```powershell + $EnforcedPolicyID = Set-CIPolicyIdInfo -FilePath $EnforcedPolicyXML -PolicyName $EnforcedPolicyName -ResetPolicyID + $EnforcedPolicyID = $EnforcedPolicyID.Substring(11) + ``` > [!NOTE] - > The initial WDAC policy that this section refers to was created in the [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) section. If you are using a different WDAC policy, update the **CIPolicyPath** and **InitialCIPolicy** variables. + > If Set-CIPolicyIdInfo does not output the new PolicyID value on your Windows 10 version, you will need to obtain the *PolicyId* value from the XML directly. -2. Ensure that rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”) are set the way that you intend for this policy. We strongly recommend that you enable these rule options before you run any enforced policy for the first time. Enabling these options provides administrators with a pre-boot command prompt, and allows Windows to start even if the WDAC policy blocks a kernel-mode driver from running. When ready for enterprise deployment, you can remove these options. +3. *[Optionally]* Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to enable rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”). Option 9 allows users to disable WDAC enforcement for a single boot session from a pre-boot menu. Option 10 instructs Windows to switch the policy from enforcement to audit only if a boot critical kernel-mode driver is blocked. We strongly recommend these options when deploying a new enforced policy to your first deployment ring. Then, if no issues are found, you can remove the options and restart your deployment. - To ensure that these options are enabled in a policy, use [Set-RuleOption](/powershell/module/configci/set-ruleoption) as shown in the following commands. You can run these commands even if you're not sure whether options 9 and 10 are already enabled—if so, the commands have no effect. - - `Set-RuleOption -FilePath $InitialCIPolicy -Option 9` - - `Set-RuleOption -FilePath $InitialCIPolicy -Option 10` + ```powershell + Set-RuleOption -FilePath $EnforcedPolicyXML -Option 9 + Set-RuleOption -FilePath $EnforcedPolicyXML -Option 10 + ``` -3. Copy the initial file to maintain an original copy: +4. Use Set-RuleOption to delete the audit mode rule option, which changes the policy to enforcement: - `copy $InitialCIPolicy $EnforcedCIPolicy` + ```powershell + Set-RuleOption -FilePath $EnforcedPolicyXML -Option 3 -Delete + ``` -4. Use Set-RuleOption to delete the audit mode rule option: - - `Set-RuleOption -FilePath $EnforcedCIPolicy -Option 3 -Delete` +5. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the new WDAC policy to binary: > [!NOTE] - > To enforce a WDAC policy, you delete option 3, the **Audit Mode Enabled** option. There is no “enforced” option that can be placed in a WDAC policy. + > If you did not use -ResetPolicyID in Step 2 above, then you must replace $EnforcedPolicyID in the following command with the *PolicyID* attribute found in your base policy XML. -5. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the new WDAC policy to binary format: + ```powershell + $EnforcedPolicyBinary = $env:USERPROFILE+"\Desktop\"+$EnforcedPolicyName+"_"+$EnforcedPolicyID+".xml" + ConvertFrom-CIPolicy $EnforcedPolicyXML $EnforcedPolicyBinary + ``` - `ConvertFrom-CIPolicy $EnforcedCIPolicy $CIPolicyBin` +## Make copies of any needed **supplemental** policies to use with the enforced base policy -Now that this policy is in enforced mode, you can deploy it to your test computers. Rename the policy to SIPolicy.p7b and copy it to C:\\Windows\\System32\\CodeIntegrity for testing, or deploy the policy through Group Policy by following the instructions in [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md). You can also use other client management software to deploy and manage the policy. \ No newline at end of file +Since the enforced policy was given a unique PolicyID in the previous procedure, you need to duplicate any needed supplemental policies to use with the enforced policy. Supplemental policies always inherit the Audit or Enforcement mode from the base policy they modify. If you didn't reset the enforcement base policy's PolicyID, you can skip this procedure. + +1. Initialize the variables that will be used and create a copy of the current supplemental policy. Some variables and files from the previous procedure will also be used. + + ```powershell + $SupplementalPolicyName = "Lamna_Supplemental1" + $CurrentSupplementalPolicy = $env:USERPROFILE+"\Desktop\"+$SupplementalPolicyName+"_Audit.xml" + $EnforcedSupplementalPolicy = $env:USERPROFILE+"\Desktop\"+$SupplementalPolicyName+"_Enforced.xml" + ``` + +2. Use [Set-CIPolicyIdInfo](/powershell/module/configci/set-cipolicyidinfo) to give the new supplemental policy a unique ID and descriptive name, and change which base policy to supplement. + + ```powershell + $SupplementalPolicyID = Set-CIPolicyIdInfo -FilePath $EnforcedSupplementalPolicy -PolicyName $SupplementalPolicyName -SupplementsBasePolicyID $EnforcedPolicyID -BasePolicyToSupplementPath $EnforcedPolicyXML -ResetPolicyID + $SupplementalPolicyID = $SupplementalPolicyID.Substring(11) + ``` + + > [!NOTE] + > If Set-CIPolicyIdInfo does not output the new PolicyID value on your Windows 10 version, you will need to obtain the *PolicyId* value from the XML directly. + +3. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the new WDAC supplemental policy to binary: + + ```powershell + $EnforcedSuppPolicyBinary = $env:USERPROFILE+"\Desktop\"+$SupplementalPolicyName+"_"+$SupplementalPolicyID+".xml" + ConvertFrom-CIPolicy $EnforcedSupplementalPolicy $EnforcedSuppPolicyBinary + ``` + +## Deploy your enforced policy and supplemental policies + +Now that your base policy is in enforced mode, you can begin to deploy it to your managed endpoints. For information about deploying policies, see [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md). From a8f61c1efdd281d0d3fb908332457273e2933d84 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Sun, 25 Apr 2021 11:58:54 +0200 Subject: [PATCH 093/156] grammar improvements - Example > For example - must a > must be a - (missing end dot added). Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/provisioning-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md index c562978934..1da07a2506 100644 --- a/windows/client-management/mdm/provisioning-csp.md +++ b/windows/client-management/mdm/provisioning-csp.md @@ -48,7 +48,7 @@ Root node for Provisioning CSP. Node for defining bulk enrollment of users into an MDM service. **Provisioning/Enrollments/_UPN_** -Unique identifier for the enrollment. For bulk enrollment, this must a service account that is allowed to enroll multiple users. Example, "generic-device@contoso.com" +Unique identifier for the enrollment. For bulk enrollment, this must be a service account that is allowed to enroll multiple users. For example, "generic-device@contoso.com". **Provisioning/Enrollments/*UPN*/DiscoveryServiceFullURL** The full URL for the discovery service. From b8e8934dc2d86aab9988b2d4615cbd7ee0741cff Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Sun, 25 Apr 2021 12:00:29 +0200 Subject: [PATCH 094/156] minor grammar: compound noun "thumbprint" - "thumb print" > thumbprint Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/provisioning-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md index 1da07a2506..aad96d1dbf 100644 --- a/windows/client-management/mdm/provisioning-csp.md +++ b/windows/client-management/mdm/provisioning-csp.md @@ -58,7 +58,7 @@ This information is dependent on the AuthPolicy being used. Possible values: - Password string for on-premises authentication enrollment - Federated security token for federated enrollment -- Certificate thumb print for certificated based enrollment +- Certificate thumbprint for certificated based enrollment **Provisioning/Enrollments/*UPN*/AuthPolicy** Specifies the authentication policy used by the MDM service. Valid values: From d2e80a729acab2a85ddc931f32cba2646730f20a Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Sun, 25 Apr 2021 12:02:21 +0200 Subject: [PATCH 095/156] grammar; missing infinitive marker - "have be" > have to be Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/proxy-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md index 7e1fad2f77..2a474b9321 100644 --- a/windows/client-management/mdm/proxy-csp.md +++ b/windows/client-management/mdm/proxy-csp.md @@ -64,7 +64,7 @@ Defines the name of a proxy connection. It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two proxy connections, use "PROXY0" and "PROXY1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), but no spaces may appear in the name (use %20 instead). -The addition, update, and deletion of this sub-tree of nodes have be specified in a single atomic transaction. +The addition, update, and deletion of this sub-tree of nodes have to be specified in a single atomic transaction. ***ProxyName*/PROXYID** Specifies the unique identifier of the proxy connection. From 917a4d276d94d5fd6a533f9844f52170f1c9e6a0 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Sun, 25 Apr 2021 12:03:44 +0200 Subject: [PATCH 096/156] grammar / typo - There > These Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/update-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index 6239123fae..c4426dead2 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -74,7 +74,7 @@ The following shows the Update configuration service provider in tree format. **ApprovedUpdates/_Approved Update Guid_**

Specifies the update GUID. -

To auto-approve a class of updates, you can specify the Update Classifications GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. There are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly. +

To auto-approve a class of updates, you can specify the Update Classifications GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. These are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly.

Supported operations are Get and Add. From c23a9d21adba4683a9d40cfd323638f2c14ed9bf Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Sun, 25 Apr 2021 12:05:54 +0200 Subject: [PATCH 097/156] minor grammar: present tense, third person singular - represent > represents Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/update-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index c4426dead2..89c8d33d45 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -95,7 +95,7 @@ The following shows the Update configuration service provider in tree format.

Supported operation is Get. **FailedUpdates/_Failed Update Guid_** -

Update identifier field of the UpdateIdentity GUID that represent an update that failed to download or install. +

Update identifier field of the UpdateIdentity GUID that represents an update that failed to download or install.

Supported operation is Get. From 7052c7daa5ada8f550c6402dab179af24281e8f8 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Sun, 25 Apr 2021 12:06:19 +0200 Subject: [PATCH 098/156] minor grammar: present tense, third person singular - represent > represents Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/diagnosticlog-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index d33f4f7d36..ef43f3c484 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -1440,7 +1440,7 @@ Node to contain child nodes for log file transportation protocols and correspond Node to contain child nodes using DM channel for transport protocol. **FileDownload/DMChannel/_FileContext_** -Dynamic interior nodes that represents per log file context. +Dynamic interior nodes that represent per log file context. **FileDownload/DMChannel/*FileContext*/BlockSizeKB** Sets the log read buffer, in KB. From 69c16d531c37746e7dc362c141bdfc460c7591c0 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 26 Apr 2021 00:09:03 +0530 Subject: [PATCH 099/156] Updated --- windows/client-management/mdm/policy-csp-admx-wcm.md | 2 +- windows/client-management/mdm/policy-csp-admx-wincal.md | 2 +- .../mdm/policy-csp-admx-windowsanytimeupgrade.md | 2 +- .../client-management/mdm/policy-csp-admx-windowsconnectnow.md | 2 +- .../client-management/mdm/policy-csp-admx-windowsexplorer.md | 2 +- .../mdm/policy-csp-admx-windowsfileprotection.md | 2 +- .../client-management/mdm/policy-csp-admx-windowsmediadrm.md | 2 +- .../client-management/mdm/policy-csp-admx-windowsmediaplayer.md | 2 +- .../mdm/policy-csp-admx-windowsremotemanagement.md | 2 +- windows/client-management/mdm/policy-csp-admx-windowsstore.md | 2 +- windows/client-management/mdm/policy-csp-admx-wininit.md | 2 +- windows/client-management/mdm/policy-csp-admx-winlogon.md | 2 +- windows/client-management/mdm/policy-csp-admx-winsrv.md | 2 +- windows/client-management/mdm/policy-csp-admx-wlansvc.md | 2 +- windows/client-management/mdm/policy-csp-admx-wpn.md | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md index ba7e3b03ac..85f0ad3341 100644 --- a/windows/client-management/mdm/policy-csp-admx-wcm.md +++ b/windows/client-management/mdm/policy-csp-admx-wcm.md @@ -258,7 +258,7 @@ ADMX Info:

> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md index 3572b88a1f..de5d9fde63 100644 --- a/windows/client-management/mdm/policy-csp-admx-wincal.md +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -178,7 +178,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md index e395b7bdd3..5902416124 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md @@ -101,6 +101,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index d7d03ed259..d65677d585 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -250,7 +250,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index d3f576845c..234f5f9d6c 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -5354,6 +5354,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md b/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md index 11fb1acf4c..66662cba51 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md @@ -343,6 +343,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md index 5f3ad74aca..301c276ef2 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md @@ -102,7 +102,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 1fd8836c49..86aa3334d8 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -1600,7 +1600,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md index b7ea8b0cd6..89752639b2 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md @@ -171,6 +171,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md index 2bab9f4f0e..ce460a7d15 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md @@ -396,5 +396,5 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md index e37cf89e46..29981fc6c6 100644 --- a/windows/client-management/mdm/policy-csp-admx-wininit.md +++ b/windows/client-management/mdm/policy-csp-admx-wininit.md @@ -244,7 +244,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md index da4753fc16..1867096ce5 100644 --- a/windows/client-management/mdm/policy-csp-admx-winlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md @@ -480,6 +480,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md index 7ad280cc44..afef9cf403 100644 --- a/windows/client-management/mdm/policy-csp-admx-winsrv.md +++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md @@ -104,7 +104,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md index 075f7f19df..8dc6686b17 100644 --- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md +++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md @@ -246,7 +246,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md index 1bcc3aef41..99ac55e97e 100644 --- a/windows/client-management/mdm/policy-csp-admx-wpn.md +++ b/windows/client-management/mdm/policy-csp-admx-wpn.md @@ -476,7 +476,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. From 169d9f18e6271a86d62be2450facb8bb4453a4cf Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 26 Apr 2021 00:22:17 +0530 Subject: [PATCH 100/156] Updated --- windows/client-management/mdm/policy-csp-admx-rpc.md | 2 +- windows/client-management/mdm/policy-csp-admx-scripts.md | 2 +- windows/client-management/mdm/policy-csp-admx-sdiageng.md | 2 +- .../client-management/mdm/policy-csp-admx-securitycenter.md | 2 +- windows/client-management/mdm/policy-csp-admx-sensors.md | 2 +- windows/client-management/mdm/policy-csp-admx-servicing.md | 2 +- windows/client-management/mdm/policy-csp-admx-settingsync.md | 2 +- windows/client-management/mdm/policy-csp-admx-sharedfolders.md | 2 +- windows/client-management/mdm/policy-csp-admx-sharing.md | 2 +- .../mdm/policy-csp-admx-shellcommandpromptregedittools.md | 2 +- windows/client-management/mdm/policy-csp-admx-skydrive.md | 2 +- windows/client-management/mdm/policy-csp-admx-smartcard.md | 2 +- windows/client-management/mdm/policy-csp-admx-snmp.md | 2 +- windows/client-management/mdm/policy-csp-admx-startmenu.md | 2 +- windows/client-management/mdm/policy-csp-admx-systemrestore.md | 2 +- windows/client-management/mdm/policy-csp-admx-taskbar.md | 3 +-- windows/client-management/mdm/policy-csp-admx-tcpip.md | 2 +- windows/client-management/mdm/policy-csp-admx-thumbnails.md | 2 +- windows/client-management/mdm/policy-csp-admx-tpm.md | 2 +- .../mdm/policy-csp-admx-userexperiencevirtualization.md | 2 +- windows/client-management/mdm/policy-csp-admx-userprofiles.md | 2 +- windows/client-management/mdm/policy-csp-admx-w32time.md | 2 +- 22 files changed, 22 insertions(+), 23 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md index 0f178e38ad..053d6fda1d 100644 --- a/windows/client-management/mdm/policy-csp-admx-rpc.md +++ b/windows/client-management/mdm/policy-csp-admx-rpc.md @@ -376,7 +376,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md index 4ade7adf21..8019979d43 100644 --- a/windows/client-management/mdm/policy-csp-admx-scripts.md +++ b/windows/client-management/mdm/policy-csp-admx-scripts.md @@ -971,7 +971,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md index 0083654392..cf6bf9fdf7 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md @@ -246,6 +246,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index d4c3d28d8b..4e97164a9e 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -112,7 +112,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md index 908b0d3e1b..aa5c26fd6f 100644 --- a/windows/client-management/mdm/policy-csp-admx-sensors.md +++ b/windows/client-management/mdm/policy-csp-admx-sensors.md @@ -388,6 +388,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index 66955f6f02..6b62a42e86 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -102,7 +102,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md index c4ec63cfb7..b79d238174 100644 --- a/windows/client-management/mdm/policy-csp-admx-settingsync.md +++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md @@ -692,6 +692,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md index 6e368df47b..467cab854e 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md +++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md @@ -178,7 +178,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md index 4e5d49dd0c..faccab55d9 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharing.md +++ b/windows/client-management/mdm/policy-csp-admx-sharing.md @@ -99,6 +99,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md index 61bf9ccbcd..223fa3819b 100644 --- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md +++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md @@ -334,7 +334,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-skydrive.md b/windows/client-management/mdm/policy-csp-admx-skydrive.md index c4b58c6a66..464845261e 100644 --- a/windows/client-management/mdm/policy-csp-admx-skydrive.md +++ b/windows/client-management/mdm/policy-csp-admx-skydrive.md @@ -102,7 +102,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index 0c65d41cfc..227aeb686b 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -1215,7 +1215,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md index aa0567e0d3..9e6698333d 100644 --- a/windows/client-management/mdm/policy-csp-admx-snmp.md +++ b/windows/client-management/mdm/policy-csp-admx-snmp.md @@ -276,7 +276,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md index 63b6a174f2..43eb801c4d 100644 --- a/windows/client-management/mdm/policy-csp-admx-startmenu.md +++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md @@ -4997,6 +4997,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md index 8f370e73c8..d636e16649 100644 --- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md +++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md @@ -106,7 +106,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md index 87d11c980f..4237d69e83 100644 --- a/windows/client-management/mdm/policy-csp-admx-taskbar.md +++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md @@ -1649,7 +1649,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. - +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index 251e1df81d..c4ebc56f82 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -997,7 +997,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md index bfb42903be..d21e77ad3c 100644 --- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md +++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md @@ -249,7 +249,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md index f51e8eceff..a428786a24 100644 --- a/windows/client-management/mdm/policy-csp-admx-tpm.md +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -789,7 +789,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index 0eaacd598e..54ba484366 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -9462,6 +9462,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md index e02e5b7204..2382a9fb8e 100644 --- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md +++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md @@ -642,5 +642,5 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index 852d966a34..7a60fbadde 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -415,7 +415,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. From 1b464a4e5e2125a73dab6f364eb319648de85726 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 26 Apr 2021 00:30:33 +0530 Subject: [PATCH 101/156] Updated --- windows/client-management/mdm/policy-csp-admx-msched.md | 2 +- windows/client-management/mdm/policy-csp-admx-msdt.md | 2 +- windows/client-management/mdm/policy-csp-admx-msi.md | 2 +- windows/client-management/mdm/policy-csp-admx-nca.md | 2 +- windows/client-management/mdm/policy-csp-admx-ncsi.md | 3 +-- windows/client-management/mdm/policy-csp-admx-netlogon.md | 2 +- .../mdm/policy-csp-admx-networkconnections.md | 2 +- windows/client-management/mdm/policy-csp-admx-offlinefiles.md | 2 +- .../client-management/mdm/policy-csp-admx-peertopeercaching.md | 2 +- .../mdm/policy-csp-admx-performancediagnostics.md | 2 +- windows/client-management/mdm/policy-csp-admx-power.md | 2 +- .../mdm/policy-csp-admx-powershellexecutionpolicy.md | 2 +- windows/client-management/mdm/policy-csp-admx-printing.md | 2 +- windows/client-management/mdm/policy-csp-admx-printing2.md | 2 +- windows/client-management/mdm/policy-csp-admx-programs.md | 2 +- windows/client-management/mdm/policy-csp-admx-reliability.md | 2 +- .../client-management/mdm/policy-csp-admx-removablestorage.md | 2 +- 17 files changed, 17 insertions(+), 18 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md index 06b74542ae..85cdf6f62c 100644 --- a/windows/client-management/mdm/policy-csp-admx-msched.md +++ b/windows/client-management/mdm/policy-csp-admx-msched.md @@ -177,7 +177,7 @@ ADMX Info: > [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md index 6ea6e7e9b6..4af5ccff52 100644 --- a/windows/client-management/mdm/policy-csp-admx-msdt.md +++ b/windows/client-management/mdm/policy-csp-admx-msdt.md @@ -274,7 +274,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md index abda66e6cc..b3f1bd2e74 100644 --- a/windows/client-management/mdm/policy-csp-admx-msi.md +++ b/windows/client-management/mdm/policy-csp-admx-msi.md @@ -1861,6 +1861,6 @@ ADMX Info: > [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md index 648d68f528..da4cff082f 100644 --- a/windows/client-management/mdm/policy-csp-admx-nca.md +++ b/windows/client-management/mdm/policy-csp-admx-nca.md @@ -612,7 +612,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md index bf365a1993..7bca9000d2 100644 --- a/windows/client-management/mdm/policy-csp-admx-ncsi.md +++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md @@ -507,7 +507,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. - +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md index eb4562debb..76c9223297 100644 --- a/windows/client-management/mdm/policy-csp-admx-netlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md @@ -2754,6 +2754,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md index ceeadd2d54..deb0305f18 100644 --- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md +++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md @@ -2186,5 +2186,5 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md index 66e5b88aad..d9524a1f82 100644 --- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md +++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md @@ -3690,7 +3690,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md index 8425d19829..7704597e96 100644 --- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md +++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md @@ -792,6 +792,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md index a8d03acdb5..a19a43f761 100644 --- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md +++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md @@ -348,7 +348,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md index 3c47bc0634..e7609b69d8 100644 --- a/windows/client-management/mdm/policy-csp-admx-power.md +++ b/windows/client-management/mdm/policy-csp-admx-power.md @@ -1868,6 +1868,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md index f3e02c692a..cf73077bc0 100644 --- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md @@ -338,6 +338,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md index 65d75f432b..c831b4a527 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing.md +++ b/windows/client-management/mdm/policy-csp-admx-printing.md @@ -2014,6 +2014,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md index a418cf9614..60ed6563a3 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing2.md +++ b/windows/client-management/mdm/policy-csp-admx-printing2.md @@ -728,5 +728,5 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md index 2ac8853935..b325def568 100644 --- a/windows/client-management/mdm/policy-csp-admx-programs.md +++ b/windows/client-management/mdm/policy-csp-admx-programs.md @@ -554,7 +554,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md index 1577903718..794b2ccea4 100644 --- a/windows/client-management/mdm/policy-csp-admx-reliability.md +++ b/windows/client-management/mdm/policy-csp-admx-reliability.md @@ -347,7 +347,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md index e7fe35cb36..05f6d8b135 100644 --- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md +++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md @@ -2315,6 +2315,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file From 8c2cd5222b3ff167b2c116668a2537ff24710d79 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Sun, 25 Apr 2021 12:05:04 -0700 Subject: [PATCH 102/156] Update enforce-windows-defender-application-control-policies.md --- .../enforce-windows-defender-application-control-policies.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md index c2f2804ec8..784baf06c2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md @@ -106,6 +106,7 @@ Since the enforced policy was given a unique PolicyID in the previous procedure, $EnforcedSuppPolicyBinary = $env:USERPROFILE+"\Desktop\"+$SupplementalPolicyName+"_"+$SupplementalPolicyID+".xml" ConvertFrom-CIPolicy $EnforcedSupplementalPolicy $EnforcedSuppPolicyBinary ``` +4. Repeat the steps above if you have other supplemental policies to update. ## Deploy your enforced policy and supplemental policies From 1235d979a17a78621a465f8ab1b037a98001e09b Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 26 Apr 2021 00:47:16 +0530 Subject: [PATCH 103/156] Updated --- .../mdm/policy-csp-admx-activexinstallservice.md | 2 +- .../client-management/mdm/policy-csp-admx-addremoveprograms.md | 2 +- windows/client-management/mdm/policy-csp-admx-appcompat.md | 2 +- .../mdm/policy-csp-admx-appxpackagemanager.md | 2 +- windows/client-management/mdm/policy-csp-admx-appxruntime.md | 2 +- .../client-management/mdm/policy-csp-admx-attachmentmanager.md | 3 +-- windows/client-management/mdm/policy-csp-admx-auditsettings.md | 2 +- windows/client-management/mdm/policy-csp-admx-bits.md | 2 +- .../client-management/mdm/policy-csp-admx-ciphersuiteorder.md | 2 +- windows/client-management/mdm/policy-csp-admx-com.md | 3 +-- windows/client-management/mdm/policy-csp-admx-controlpanel.md | 2 +- .../mdm/policy-csp-admx-controlpaneldisplay.md | 2 +- windows/client-management/mdm/policy-csp-admx-cpls.md | 2 +- .../mdm/policy-csp-admx-credentialproviders.md | 1 + windows/client-management/mdm/policy-csp-admx-credssp.md | 2 +- windows/client-management/mdm/policy-csp-admx-credui.md | 2 +- windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md | 2 +- windows/client-management/mdm/policy-csp-admx-desktop.md | 2 +- .../mdm/policy-csp-admx-deviceinstallation.md | 2 +- windows/client-management/mdm/policy-csp-admx-devicesetup.md | 2 +- windows/client-management/mdm/policy-csp-admx-digitallocker.md | 2 +- .../mdm/policy-csp-admx-distributedlinktracking.md | 2 +- windows/client-management/mdm/policy-csp-admx-dnsclient.md | 2 +- windows/client-management/mdm/policy-csp-admx-dwm.md | 2 +- windows/client-management/mdm/policy-csp-admx-eaime.md | 2 +- .../mdm/policy-csp-admx-encryptfilesonmove.md | 2 +- .../client-management/mdm/policy-csp-admx-enhancedstorage.md | 2 +- .../client-management/mdm/policy-csp-admx-errorreporting.md | 2 +- .../client-management/mdm/policy-csp-admx-eventforwarding.md | 2 +- windows/client-management/mdm/policy-csp-admx-eventlog.md | 3 +-- windows/client-management/mdm/policy-csp-admx-explorer.md | 2 +- 31 files changed, 31 insertions(+), 33 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md index 63c274f786..a4020d12f2 100644 --- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md +++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md @@ -105,7 +105,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md index 041901fddd..647cff6ce4 100644 --- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md +++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md @@ -940,7 +940,7 @@ ADMX Info: > [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md index b883ae62e7..ff2c292c54 100644 --- a/windows/client-management/mdm/policy-csp-admx-appcompat.md +++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md @@ -730,7 +730,7 @@ ADMX Info: > [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md index c577b24544..9a4ac00b81 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md +++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md @@ -107,6 +107,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md index b5a0eb5cea..de1358be57 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md +++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md @@ -324,7 +324,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md index 2b3ad85842..8bc9cf11ea 100644 --- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md @@ -408,7 +408,6 @@ ADMX Info:
> [!NOTE] -> these policies are for upcoming release. - +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index 8ccd24e0cd..45e3546cb4 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -105,7 +105,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md index c55a326d68..a9c4c671d0 100644 --- a/windows/client-management/mdm/policy-csp-admx-bits.md +++ b/windows/client-management/mdm/policy-csp-admx-bits.md @@ -1087,7 +1087,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md index 0af87ecf2b..b258029bba 100644 --- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md +++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md @@ -189,6 +189,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md index ea1c5cea42..fe5fda7a65 100644 --- a/windows/client-management/mdm/policy-csp-admx-com.md +++ b/windows/client-management/mdm/policy-csp-admx-com.md @@ -183,7 +183,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. - +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md index 5f0568f57c..e2b1569c90 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md @@ -349,6 +349,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md index 327c8fa891..970899b339 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md @@ -1812,6 +1812,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md index 1577524bb9..765b443616 100644 --- a/windows/client-management/mdm/policy-csp-admx-cpls.md +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -103,7 +103,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md index e042f0d418..21edb1f061 100644 --- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md @@ -259,3 +259,4 @@ ADMX Info: +These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md index c0ee454b30..2cc80b3bec 100644 --- a/windows/client-management/mdm/policy-csp-admx-credssp.md +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -955,7 +955,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md index 6cd405fd88..f897258fbe 100644 --- a/windows/client-management/mdm/policy-csp-admx-credui.md +++ b/windows/client-management/mdm/policy-csp-admx-credui.md @@ -171,7 +171,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md index ca9e268545..b8b9047875 100644 --- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -325,7 +325,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md index e5431e10e3..60c1836ab2 100644 --- a/windows/client-management/mdm/policy-csp-admx-desktop.md +++ b/windows/client-management/mdm/policy-csp-admx-desktop.md @@ -2169,6 +2169,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md index c318ce4cd6..6dbde4ba7a 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md @@ -606,5 +606,5 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md index 2b071e5193..99a7d7da64 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md +++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md @@ -174,6 +174,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md index bf91f5089b..3bd65a3fa2 100644 --- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -176,7 +176,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md index 2133deafba..d1e758c1e7 100644 --- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md +++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md @@ -102,7 +102,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index f2a5c1aeac..9eab8af0c7 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -1711,6 +1711,6 @@ ADMX Info: > [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index 3154ceb788..faa2117abe 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -477,6 +477,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md index fb73918dcd..8a85ec79d6 100644 --- a/windows/client-management/mdm/policy-csp-admx-eaime.md +++ b/windows/client-management/mdm/policy-csp-admx-eaime.md @@ -957,6 +957,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md index 686432415e..96abbdd6f2 100644 --- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md +++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md @@ -102,7 +102,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md index 6bad22f6fb..01df1bdf33 100644 --- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md +++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md @@ -462,7 +462,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md index 264bbef1a3..3757e328fa 100644 --- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md @@ -2188,6 +2188,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md index 6a1f4f379f..f07d3af050 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md +++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md @@ -186,7 +186,7 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md index 78ee318472..bdeee9c870 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlog.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md @@ -1574,7 +1574,6 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. - +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md index 0938cd0bae..36140f5eeb 100644 --- a/windows/client-management/mdm/policy-csp-admx-explorer.md +++ b/windows/client-management/mdm/policy-csp-admx-explorer.md @@ -387,5 +387,5 @@ ADMX Info:
> [!NOTE] -> These policies are for upcoming release. +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file From 705808246bd24b90cf17c3009b0a2cbb74fc68fc Mon Sep 17 00:00:00 2001 From: jaimeo Date: Mon, 26 Apr 2021 09:18:38 -0700 Subject: [PATCH 104/156] adding images --- .../update/deployment-service-overview.md | 17 ++++++++++++++--- .../update/media/wufbds-interaction-small.png | Bin 0 -> 7785 bytes .../update/media/wufbds-product-large.png | Bin 0 -> 18536 bytes 3 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 windows/deployment/update/media/wufbds-interaction-small.png create mode 100644 windows/deployment/update/media/wufbds-product-large.png diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index 478de242b5..cc924134a2 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -27,17 +27,28 @@ The deployment service is designed for IT Pros who are looking for more control - You can bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization when emergencies arise. - You can set up automatic pilot deployments tailored to your unique device population to ensure coverage of hardware and software in your organization. -The service is compliant {COMPLIANT WITH WHAT? BY ITSELF THE WORD DOESN'T MEAN ANYTHING REALLY} and privacy focused. +The service is privacy focused and backed by leading industry compliance certifications. ## How it works The deployment service complements existing Windows Update for Business capabilities, including existing device policies and [Update Compliance](update-compliance-monitor.md). -{BIG IMAGE} +:::image type="content" source="media/wufbds-product-large.png" alt-text="Described in following text"::: + +Windows Update for Business is comprises three elements: +- Client policy to govern update experiences and timing – available through Group Policy and CSPs +- Deployment service APIs to approve and schedule specific updates – available through the Microsoft Graph and associated SDKs (including PowerShell) +- Update Compliance to monitor update deployment – available through the Azure Marketplace Unlike existing client policy, the deployment service does not interact with devices directly. The service is native to the cloud and all operations take place between various Microsoft services. It creates a direct communication channel between a management tool (including scripting tools such as Windows PowerShell) and the Windows Update service so that the approval and offering of content can be directly controlled by an IT Pro. -{SMALLER IMAGE} +:::image type="content" source="media/wufbds-interaction-small.png" alt-text="Described in following text"::: + +Using the deployment service typically follows a common pattern: +1. IT Pro uses a management tool to select devices and approve content to be deployed. This tool could be PowerShell, a Microsoft Graph app or a more complete management solution such as Microsoft Endpoint Manager. +2. The chosen tool conveys your approval, scheduling, and device selection information to the deployment service. +3. The deployment service processes the content approval and compares this with previously approved content. Final update applicability is determined and conveyed to Windows Update, which then offers approved content to devices on their next check for updates. + The deployment service exposes these capabilities through Microsoft [Graph REST APIs](/graph/overview). You can call the APIs directly, through a Graph SDK, or integrate them with a management tool such as Microsoft Endpoint Manager. diff --git a/windows/deployment/update/media/wufbds-interaction-small.png b/windows/deployment/update/media/wufbds-interaction-small.png new file mode 100644 index 0000000000000000000000000000000000000000..f06201edde1fce087b07f9e710a248e7d6201a48 GIT binary patch literal 7785 zcmcgxg;x{Y-ydBAHcCbh1O!AnrDGt{C5=coC`yhlC8eah6_jo%L8Orm2?1#wDInl` zpY#3?znw$uZ0vCF{eJSk*49)ZC8i^WKp>=#RF!lg5Ue`zy9FUO_|C!VDh_^Nz0g%r zfK-n%?0_e@_VOC?5J*h|$+Z<8cuwS@YWxBMp<(~;3+s{YT?_=mc>736Uf;*!Ajj8? zN`>a@5q1)b684*N7j@yEt~BG(M_(u@$CQaEr(>W^X$G^#d};O^coX!h^F!)M{L*yy_Q8O^Si;xL{c zl9iPe7S>y5KQ`{Dl`Z}@IeC43eX>H2ll!I>vZ7yWgB4CPKR<8U=px~RSv7U<*aVN= zU6V$a`6zPc!bYuJsn^&C`h*b~*AUs}fXibc`_ZRfe=wM?@{@jg_ooc49&0@%kKZi^ zoQ!~Fi8)P0s|iuOX|Nw29Hf)-!4NP9jDNK347y%tPN~GZyYYsa=kQ0Hm~}r?m_tp3 z+~W(qnA;a-)2JG2vMG_J|3cDvV( zZv7?LNF8oA>}h=|iJ;qnKZidiA_r#1CW=)2&-aP`sWu|I^6nW_QavC@p}M|P!u|E; z@1L8Sn+Tq2tMmQ&6xYC{q@>nY2YzR}2DN8({(laGZuTs}_8{9lC=m#*a`)(3l>{ao zrw|Hy`j{FO%@+~n45BV`lVw`p?CS4*&V^TT3JAQ7Z4YkRoh(bZTo~_(Ai;CTt9_xC(cuk^@Q=L!$@bIu+ndV5Q2#>hGRD&=Ai4NsS3T1=545m`|-!Qo(BsJZf&CTK5KUc>K6!pvH zLhd4j?4XDi-|LH`M5Ll-uGFJfZm4($$Ip)=?BZrvP6a{?-W%#z$jsH+lAyESh%Ni{ zCON_P=j*nH_&V<@k_He=sXcwV`sFpHN*vwGKZoXn+BnlVoylows8>jc+tESO3W|}{ z!)>v#Dmgh>yM)zg=EHoUGRayl8x=bPdyab`jPW0)m)xdYUZW6+23sUAFE2@d9&?B9 z`uZAXl;|qI`lZeLw?(6ialvk}xTNIy?(};(x2k(P2q8hi@n_3^d%W9>40@Gs-aq;H zOt@Ezl!&OHIFwCT_!L0h#-Yad#BQ5PX&!t=Y4H-vRobiPc=C!Bx+QPMIUp#_LH^YJ zeHR^u9|ej8gF_?W%j0mse6~*77_Wm&;Vc(9rO`VO1i}$RH;S zU8IsAYG%FNioQDi_U#+eRKw3t(uR$SbRLg5P+`44E<#e6_{-EO-0l|`7Vw-+ksKh+ zvek;N>pYL&HJbm;@3O1}Xn zUTO}&9Hz=AYOKF{xbn;CB=yO!8rD2ht_bGSDGc|JC3D06s!&MfAc;F=la9s5_wi(F zjGRGSn}6*~liLq&hAap^B$`lApM_mQA_Gc&(Q$iw>*?t!9?3>Yk;=->jwceyAL?Q* z7eBwa`0jyuri%y}8CkT2`%<&~tB}w<$eBu{3wT_eA3ToCkXODr$@_O#k=*-m>8&3_ zFcVgvT;%2J*x2wM7DbWQ)YTF)GJz9?%9I@H>EfQOX1EM^;rhLiq!o#&2AzR7fUFcF zFLnBbdXSM(QHu5Shd7Ws`0P<+jKpGUkJ9j}vFI$)S*@|f|A2+tq(^~am#WWZ1)pKfR# zA0PkSRDw1G`M{*!LBMsP9!Ssc#U?FP6|25GaR|2t?G-juEUipH^R``iWD@&hnxq)K zCZKZ91*haDR_P8_I++#kv~K@d3F6bm$NU`!`-KQlMDJz7kjSLoroJa5!^6e;yinXn zZ-i_IsU&M_uT1a|e(A!F6eblOu^|j@!U6(tCLu{lKX5D~`q?sQlY9AhE7K)AS6|G0 zwA6}(!gvF(cFJsw(jLEiFp@1X*+nX%nhr=d35m750cP7Koq1c&%x6sv;XelNoG5=8 zN9eJwzA2Z28zhf%gCXJ=B)(%Nw*;*F0gfVKv9Sw(11h7Xn!p(scUhPHn_Bms2I#MOVstbxA#|pdQqx3 zi4O=)LtGad-@d&=Xc7JmXE5~Q0XsYU!-rWeBHA&4<0Ac1tIa1N-Dj9JMVzK8-rl8_ z7w|T#RZde4ZEYB%<3zoq-hrt#gqJiIPJ9EHI>m;`%-nn|=b=g@6D+ESD5(Gs|0z8^ zz2Gp>mj(`(JSpE=k3`PK#>R1;9?xVB4OlGB#C>xIEpZjW6gjN1XeVC1(pa4s6x>U0 zI%@|%#0n-Tf1}%v ztImHneDi|oV(z()V-}=(1qygxEr3artL%U+asPbDu}gVmZf3SrpcqyBGG1`{{S!V+ z-vHs#_}u~RFnn@ORg_zJ*)=N=@1T=k8iK=NWo4Wx6n~L7{Ha1IyuxZ064 z&BST*<_bj>0)bQII*Q_HIILypzvtcW3oDe$yZA91-;!m}SK36=v2r^QJ3(R}l)b&Z zFykqz);4(0-re1jWw8UI3c(=0eVibZ6!#IEsm`u zW;1}Jm}dNh;1^Nh<9Zh}!R9RX$7$M5ZY-qG-#<&x9~lomXk>}1#4{8mkMslGcLP)! zDJANxmbmW=O_E~LQo0aL``-ttSHqyXWO$M-YYsz zx7z(e@pK}@HM9u9F7i2G>JfNYKgoiEf^u9{IUOAx0|NtrF0i%*cg>>G@7D)|iO{R0 z!FVZDYceqW=L$bL&sGl%4DgyZ-eqT>aJ0jBgE#Q5h+N;Vq2DW=TJ!xy8@bCJerG-R!uJX?LOGv(OJYyFs8}=;XTGj<}lW>%+q_ zX>gimU}Ri_6|jRm26tO;k~4YZc0(iX@gNMJG?U*7`_%f?D^b+#%e@($+;HHF*IJ`R zkGWvu%&<{K?ffQTFz`;(mF2Fd8GExInI*jl51IkzMi*&V6xbMYXysmyh^-_d$*&WE zt`Kp5>&cI}Z&FW4N~=L=REiElo9R|hbHExm}L4kQ8 z4h|01#KGZVs$3DB$~Om#O+^Wb$h?0fD#{=aN}&RkW&p)}`Ay{})}@S(hgVWutc^q= zCA|;to2lf?&CfGR`6Rv(yo4y0dbxgNIOWCiGoM(_Sq>*n(ugmutF2v40Sd)=pJFx* zn~=bLx&6_mO;Nl3R50Hg7?BCIhJu~ink6NrqYQ`I+Q+RiIazP5-OAn&rnS?S;7Fxy z1n8^^Q~*G818>frAmNq8YN_0LLASnMUiF=wonHS^0E_V%eR>K4QI$zUD93-XE`rkX zG0gE1=cGff9#U9%jqCllT%Eym0qbp>X){%|)HsARTM=nw6ga-*x9;P=0s;cIYxjC4 zCg5HP9rL)5XX+}v*}b)DNRamyBNC^J?48x;0tszipmEIa&c_o+r%37pu( z#f?s3W-s)p*9q7WVWGM3cXIxX!8LV^R2C7(K$%RN+`xSM0(>Ho$dHf_%+h43hAA-Q zh3I`1zlQ9(~k^3v}5mdZEF&C{EPz`$or~Wg*Pm0;Kcb zt-rcDl#Zrl>TGKkz<1p;b+cxe>+sOfW7)SrP>0 zVXlE7fk|4hJqH~@OdZZH?GaNbVK!a~EOO7*fDPcGt7R%f{b0=~U6{phYskSS<#C8= zcxGwB0KtWy2agSvF~4dotpGMR#ZjWREa0=T7eAt?(4WbRa%%n{urw$35f1w?Zt5*# z(a1u;0EvS_cEim+M?V4Hou@06eUG~cgSF(snxAhH%h+6C)_Mrl=kedV5gBYa%zQxH z73wjlwS_dzf#jdesg=Zw#S1Z^_@}^gwmq?qS?f(Hz%FE}{8C;Srm3VZhnm3ceFdaY zBr9#Nx1JG=PtNoqI;B6V9betSp4qdfc-jZ%~CuqL57sA2s z$=TUiIG>1;qu%X@iP0Ko6tK?TyHh*=g`3Ca`V|z#1gvl$Q`HMlW9gvWWNuFNaH#}M z=Ya8lZ}5Hw^ge|~(}}bf-XQY=xl(l1i)6~b&(c(KNL2Y1h-o)tia5I?91fq*+Cy`2 zB!j-s`YV~zsd9BL7B_;MfS{nD04NUZd^;>=yd9hThVHY1IL%Qnxh#tZ)vt#*0V#?1 zer(ZpO+)EL)tmQti{-H7G&M4XAMux%wY?fyT%;$X`zk6bDk(byLHVEpQbGJI3b3)U z0YuDYAo1#OiO5*kV^t0(tL|{V&i?lL5^#s|d&F8LTRQr8$DeU50Pn?G+o5>Ihq@LP zt8WSe6cn)MDYy+kM1OkHob_vO&)Me>%Eu^!kL`;=zj(MqK0v|l<-b35mY<;{B&H2c z)K`(&Q4r85{a1=2oUpO6KVSSL;pF60iZ0h3U>h9{Nzev7;7tU@D249Z7diDqlLG<@yo4=BuR#sM)kd)M&E)S_KrEqdvZs+N%1bk^rbF;oKau|gkCg5s=qgiyyWOjwtZ5waG|R)OjOzj1IgnG7X4U- zI>GVp@98_+n>{+IKyLSpjA#UI=AUe}Jgi7aAiv96W{=*(!+(xWs060lH6)5*;gkLS`*NwY z%eVPpyA>=&Xub^jYBDHh>$-5}Kh+<(A{H!_hzMDf zegtZj9RCJ+UIp0pq8PdT1iXlWu)Kss`qx;V`vvdrFS%;_aLQ?QCovwHzlst6wf@8> zXUIc99GoW73(cPEz<58lJbJ(!+e<`56q#ymWRzaRQ*J?y>D?KirQx$sSBWjWxV+>w z`V zHuhWzVr%zTI)i{21lGuPy3zm?b6nFdU;6r#RaD;HH?B3Vvpe=y=Hb}b*f>4>@fWy6 z&}9%7o-B1o`;I&Xcbl#9v#?y;-9?8?-?;z3>qKSDQu9N5+ciJg+t5bBdvo7f(W0RK ss7NbXfqeub((23q;DzVbwr8?&nU6a>riE|8^)Td-vZhkC!qd?I17*^|E&u=k literal 0 HcmV?d00001 diff --git a/windows/deployment/update/media/wufbds-product-large.png b/windows/deployment/update/media/wufbds-product-large.png new file mode 100644 index 0000000000000000000000000000000000000000..f74c499411eb4c5d9adfc3d3c6a8df5e46e27821 GIT binary patch literal 18536 zcmd42byQSu9PXWz{fP=@jvg*Kp*2Ll6SYQIjPd+FcxIcJ6&Vv5?@Qu!k z;|C9vZr{9?efP=qU=gGWC@C=8ml@chKIwH`~4ZoL)lmPUjy@%`5r_vv62mP zMwV_q*M7*NqV=wJ^M%+O4b_F4(dzTrB}rRvwj<=oZO$~jz3LG7)8TnkX*4^Fp@-T8 zCF+2GZRR}334UHmkf^@!S+`LPJeA&4{bqxeVDyPB@ncynig0|&43_|J=Dz)fH|2zF zj4_%$)EU9R@8r_sYgkQXSqUp+(Cq#9TBGh%OyHXawrB(NuloJ}9>%8$+Uul?ezd$h zz$ax@Q!Y@7)7a>bb1g(VL(;D41i)&{MeyT_H6M7E|6S91VB7R~726J{4_)y|XB+{FKU z#z3@WfBN@L7zXpDT~4dzxM&;|UM|!OL?qhp6s2eYXXZyOXr~pCZ6Xj|cXONEE99+k zSJe*5GV|ya!oE%XVlU?#*quMgzsJRAEps&)H>DwQ07)WdCs1^XlR8&kzrVYfp2(9g zVJ8~$-yBHTfy>N z-A|=-K+f0vjyQl*7dsshD9O3mWZUUsxcd-sM1eo$yH}ZVl*Y^_1sN>WE^rg`EcRa+ zH}yM6@>=zr_vamx>8Ev9^XbTv^{Hq(Y~3j>h#eZ9RAR^qyxCwV(e(dEYQMiwlO-Kt z+tVVtS5Y@bqC}f;3L$@-#TaeC@Ws;lmGs#UO<3}KZ9+p+$V6FrRXVxxhb|6WNVj3o z?b&pG)XQ{J|C3(mI&kKRcc(e`9%a41w9FN$YaeaY_E9?)>gpN5q{0;!@o9v)c{*

qhwP z7j05TdG`Amf+TZXFIK%Z&90Z`YZE67Ha0GSi{e@hy1$*|#A^-Z0|z{=tWxD|7v#cH z`6^edwGc)ivcg9Liu^6Ck{xls29~Y`YukViAdo+qV&*~W`ix};mZZq(H2}pJUAn{Yp=R9d){Q4#uW;J zrKf+)EJ~{l0$Eqdn+_=jvbZXC>@WNC7D<*h3->SUom*Jb?itTH>mN39;q@=Ptn|%1 zb35dO8Nx1R-fF@e&3}tBR+(iZem3jP8zZ#G8dKa2A~AG|Aj99-vQuLv4x4FJZkN~Z zl8v0|#-;r_z&@YOXOq)!h8wzE8=w$2s-!U-2KNz=!J2W-!C{f%om>}e>9%#w0o9ta zdz$3ha=&{*?n7a4w#;2F+y2CAPAQkzrFEzHCg|K_=Y|So1)jQn z!;06kvq6{L>@9FN)qpvnq4%IWR^Rxe!q^^iT2oWs)W^m&=>B?LMqyBg(9kQzED!}b zz_)%j|sgz8WbiT+G9O#LmVZWr=0p1HLG6BMZ+)KxEbKI z$p+xGBHfVizdaEpY2b8@dxx$bsqbIL0}kC$i+gMyM+omx1ad@5BA^tusJaf!z!J(- z$Ep^v3f^q%!KP9(biZ2Y{kb=xYJ)#|u;ACHH-l|j<@Ihi!170NTxeuRR$Q^DT1;FK zT8v!bTs^-#s}6$Q7cmUf4zgwx`W>~4(3GLzIWm5;5Pr-D&obQV$=IX$&HrJ`T*{sg zaBN1<`?3dY(5w%ryjvq9m$&>AasZio*|z^ZuE3w2B0&BMmU$|%j?yswG=i{s1)QF0 z4k@fVH~4S;p>eO>O2EbH4lt{{4&m2xO&v)DaeI^?%in&GK);XU6FRw>tK+>CW|`N- zK>53_(8?68GMEWmifXrywk6BunIpqy%q|BVl=Q!K5TOpKd7IcqO#3QIL$IF)ihWzlgX)VhG+ZL{%r^XeZFf8QXTBCzTWg` z4xCrkn=^JFHJ)qKkE{E2wyZHGiig$Yzb(%&ep)4CmM>Sx!+e!c*)V5_dXJ?M^#DKfE(x9! zBz@tI0tWCt{qF9fvn0!VO^i!VrKygRWIK@F|F{b|Y<9+zxf-a`9!)8-4iGY5rS$~}oAr~n)$?QHvr-3Y^*-BnR5Dn{qR2^q!_6@27^rW8-z)Qa>d`yf;0{^JI_bwn z%3bn~MWHwBjShIF^?~#O$jOx;J|5=d1*^ECMQ{cW7YQy_G(#BoJ7uaTVJ9~n92m;D z=LT+rET>{OwyFF5?&P(WWIlHg(fY<$CpgaHadU-x)87m6O@;^Aax&+6TQRPCr9#jLRLTQM6nFo)T*LCDhWY^ITWw|2WTQKxJ4<+SEpM-9n>b6T>7`e*4sh_hR zwZg{+EQJTx?_z@Q6$alWS=3p2WCoPMkJp7RlRC+9LPJA$UU6vqR;4@)CuR;A9HywU z`h?#$Zy3LpF6%A@6EA-!Z>_s;Hg%J{vEm9+*0nKiH?yfQ4!USthv~7wyIx_a4d?1K zYq843LaMA9I*>t0bM{6bvUjCG;>lar*6d5&iJH=B6g+x=HSK)#hU*Mo;^KGInm&0@F{{U690ZmmOlwwg zQpKThAy=e*6-0TD%A2D@#+(Blb#p@a!Y)%fZ&;4l3NintT2?IKvAFztSj3LsCo1Z# z+j6aWVrQZ~bDlSo>HY<{FCFv@mS;2gYg>S0eozadmprG~fPd4(VB`FkxY=u{o{}|uT6jm7w!hhO zT3uvR1saMf8(KW$|5~NcaY!L&b%hbuIh6lwh+PfOhf6=w#Br=4saE*8+@9)Qi!Xt5 zZv&@0;lqtQ{Q5^l6d{{b;yKsV$u^5s4d~joMV>(35cq0-jy`i->a*;OzTwc^6=5?jJUfl%VQu zo>ZiP9YFZy3pG{Q0Xoq+cfTE|D0K&)a}Xqf!@mNwzMXa5^Jb-CjII`zk>0+M zX4&}V{QRPpdzDRN_J|9oTw0akS{_I(5}yY@EKp>gWyLY;=5tS%sJmihf%WPw&GQZV zFfpmOd|z4a8~;&93T$PI%EM4WK>s@4Ne(-Jj+M}M8EC~?M={G0syH^a&yyfcyHn3V z@2>Ja7+>f^5|W8~2Y*tDc8QWj*7B@5=lReuWKe`p~kTE))M zp^Vd5bbK06#}JiG8|)cZh&j}_3Ep!fP&Mn$UBMfWF77T(lFtMbV^4aCOB9!w8ePi4O}-t8h{-wJje2&x@GYQ; z9pe!i562gxdA6fV$#78$6~#5Qq!qH+HfXgC`2dlDhdQ+!xk)2_JUjA*s{BD^1>K>< z3M-4=XRB%jVO7+Q)+FlDdC61fEFCsrwo@n$GOfIp-PY1ixSe16)1dP@I^9zxpOQaM zq~Ng+iY#X?&XWh@8pR_Ju0@L=Q-mmjo=_~Uf5x(qMJ+_|Q#g3I!2hMC$TBzfbew-Q zRqPQ`Ef~ql$mfmJXmxbgn75#@(IfMG2DfrzSICA2tSAkR=hIS#krNhi2#g;*{0afLhfWiL2p@eQ;*gNw- z#u0uWq5i`lL~-G2%7#gaq;aQNCD-`6uX{&)+$}_ZvEP-dd85^&`ZjZ20I?F9wHl(w z(c&Hx3sY{Ep8vbpD%_8Io4gm{KM>}|jcQXG&oflqROC|29+SzB1+1jDvY&--pHAss23xU*e_w-|=K7b}!;Axq z3@TFY!`w{gEo&-$O+HA!t8Qti-xVv;ZBi$IH`aSaL)qUm6UD>}I<-?SZ9(bG5S+_& zW_Ja?FYN=h8+!uY=o7N6`kr-gS0=rcrJp^`7mM41YgLVc-VRfoCuk;p*FS6CMGZAN z+`;@|zAC3L&I+yFU=G%=Tz8} zI?X#Bd{2Gz#40mYeYI)lGUB-44VC-zYL4?OhK6UEqsztNduekZ2wgpWaYN48Zac&= zL9aA>IB2_{47)7OcE|>4X zn%!* zjCjGmPk|$VYDig(pi#vV>Hl?zp|`k|`lg(yO*$qj4~2#nqmCbOq&XfPa6AsXW z7yn-$_y79z|1%FUSQ{oT8G!3W>ac2Lrn)r$4HvYV$W>HX|3XF0XZ{MU=4m(%{wLHS zpp*&pUjooV-9HA=pRSm*lnxhXfKvaFFctV8?wR@ggp{=~%WH|F$^0rGRCfcEdDp`F zoNWO-;7&MbQr4l-(RnBcI4l*Di@%!L{noh?y0InY z9hN?)kyOymn8cA9FZ5V0hsI)>I@0kQOS1AXZ>K*q3vd?KY3U$8fT>IY((ttY@?Vq) z@HXD7p8DdO@$$YYpz8zIpo}r8iy{u%vpJOc z;(XcFwj~u{O6~);**;r?Dr`8dk%#tOKm2oR+Opa^dX-0d0D#z!y8e%N^ zD|hehJ*_(cscP`GekS;?3lQ-cfL=}axISnqVaxI7kD-?mmvG}pu~BT{ILLi_T-we6bDY|^)P?c6@nA>CKTHZ^zJSXf290Ic&H&(D z+o!Vq4$~T!UE1o$#P>G!()2PWm_yiTeUOt%C4l_qSp~*1W+lYD@55G_ZSl0Gj8s$X z_Q%%fX!@X=lNhO8rHJlmp!smWTD#~-k(#)3nqY76UJnp4@t9P&UHf^V5O@-0R;c>2 zcqQEQJK4<7y)I%f#tNVKAHBnI5uwkHT_$64bM~Q4}`#2tO-`v?!VE@ z4sLORpC-+}fLdg1$A|#_1(_fxw}3(`U#rm zH1>fd(QpWXz_?p@W|wkHmQg&^903t?^mdeW9bvXD7i)gDV&{?#L!Zj8`dXhB&@~`{ z)s$9Y$6maCvnA3ZjoCG07YFh~gE*e*aowo%q`zquyUKNK$ zE>UPt$gcNQJT|oEY$H$nX|7MhKahbSX`Mk76n0$p@(MR%$-+;DX3)BiuJ$Pl^L%f7 z!s#pkyIRBX^KpP-QH)5*u6<&%#xGD-UM|Pq{v`W1z?LX^>ZEZu+<-HH&+|yCCO$+y z4!_1T6R^VyqkNCpE{FqTc7I8?Nj9jJ71Gs)jxTiDyXF{lf$-DG4eb-C@Z}QV(30YRd-KPg1Ef?1 zznv1Rf_j_?@XaPVw@X1*F9uR?2PVVP~8rKb{F^LR382g0SIiYczUbI-XpZarvRMl=Gq5I^VJ*9L@bJ>#ARP{VJjkJNDY zWJO)eD;tOI{l1^go5^VUGyr9)q&o1dd4_~5-$p92yP?UQ%A3o{i9pkHiwL@8 zLeW2;kwAAT?1mdWM`AhS>*#1#6AM)PE1@k)o~%v9e`D;FAo%)+9)eQ}s;!)$JLvZE zg2%M_X`6I$JU}!zrsVK=AU%18j+&Auua|66Ob|#zSw0>QJkP@Q@|Wm$;u)8@_xHUy z>33&%++*RP?`oT7ll%rvvt4R-?+zNH9dcDk0FRo$s4lWKl;s4{ zXqJTZx!*|xvS>$1fRh`i7+W4JOnp?i6Jj$l^tnJB=r^{TAmh#3s(k4+Ri92~@fH;2 zcdxJeL^>uHo<6SJaDRRKV-B?A$c!E<}C@)PgOJVko>f{s%^8E++Z=+_?g} zjiMdlr@ZR(q;pKS53V zggGa<=~utaMQ`r4Wm)=#Mj6ici0Dt zEvkG9(wC%fnpV}iTjl|HCtKcqYUWS?xmt%=ybtjHdA{Um8#4IyDt`N*X?<zl^D!G3?n5o`;_3>`ycTU1 z+s%S*@exJ*%{;wknbY1+g*L1?K&!H zrzSopL)TT1R?mQ9cr@ZE0{@CFnrx9drMDDiwh3XR0Uq$l>y|6U;l3}d7ZVg_^3|s2 zR$u2B(0r4wTZxwI73 zG@Rmqw9O$YX4wtAV48fBF&ZSpK&l=kbE)Zwviw{YaDNtd z-RD3{esEuEhYC2UkE6P~@E_IsGpGMx5RQo|1SR<-W`B zs|FWBDddErO8XUg=HYlD(j$Lr0N+HY z(Srf}?s9|SK6RaD4__`ox^yu2lIWtVxrHr!bpMHwQ;ovf-0bB7ys6`?@}?>wzL28R z6>!n|=5jk<%^{c5NkX*+EIhNGSdq^>eWq=ec*kI7d+4I}_6%r$Hg|mdAD>>Y-v?T$ z_Fp1PWU|cICgOD0Vkg}mS%LMi0%%vm?!@U^zHl2hDSpPf#U6_qd>nmuc9*KxO44A{ zy^Aiqr7YlZeUf&F{an3&lqw|4U)K^qJx&+h7P~*jNy30Z9|RiOte8me`c}v0 znv|HM=8aem3(B{e_EPqPI3IDxQHIspNm;UZqitraGG5u)ukk(r9>GvJWZ1`c;kr|MU7`;ipQxm(AvAHB=Wde0nzZ(U$MHCu&NO z*VooXah6WLZq(^t2ikyEbkOonHt|}NyrmW^rzQ(mM?`Lk0_sQ^03k?Bt+Yw2$kN z>(@1dPkog-qOm^N^4xQ1I0WB5%K%IUs{={eA7x>-6Jh;euG{i^vaUZrOX5ShpEowb z?r`#ilFu$+F#Z{iTpgUY&#BMi@=90VBndXU+09j1uVbZp(Nj=#OfYwRGrHs|UfC#@ zcNy9~=Hph7WPjWr{o6R!ROa)s{lqoU0){+%ixo;)Y4>|SI$CgcinTl?DKDmQh zx{}MWqDGNkQg#h`I-8jK#2SE_!Y)_~KhU}+*N)R;0Gs@!~FKVR_AHs{;Ylj z#aL6jmir?=ElhG!DRf4E{%NHmDPvaV-BJ<#p&jaRa-ud@h*BGBSp1#b3 zzK?D{4{1{lH%$cJDQLFOtgNCZ-f+M4dCf{0F&4R88VL@SgC|vfbuSCjp0ZPm5F-z> zZvr*j31_jHHn-0^OP*-BlliN28w4$G*=B??wPH50uKs>)P(mFUm-;oJ^eLB!`dAL3&tFosY}l0J_UUdsR|=5 zpt8m1ENt1RAFGdK-^k8>S~iCBg&&&9Z-%u1_}DZ?!E1{8)B-&Gi3H_bOixBW`_BPu z$>~pPqN&YDaIT1j3diK55ZUNHiId-?1w|`ZRqf|X9-9eD;PI7mwvudL2P@SHnw_s8 ztLM=jX9OJxMD6y&klu&f?t*UMifb~h*#Qr1pyHWRr{)5-;Ojw7Y#2n8%{L5x^`XF1VqMh+i7>r5)r2le43O++#`AH2wy z@fOhunzd7Ua1*tFh&y7C4KBCq{Fh&(l(@ZXE!mOuk&v5OgqLdwpM#hdRCZoYqY;q# z99U|XDI%=^@PVKG>7@Kz%Kw3c=#d~6bfn}ntCl&LjJzO85lR9|@UkiOm zKX2k~(z;(e?1m~;GTjnh=-FqHl>!tnM*rHW%|yBx#w62p1Z${hJ9)~_LT?fY%aMUJ zDi=Ky&sjwkB4irsLk6pbtItJIq$>9<<8%m#J5f8(KR>8!TJ!b!zLM*AGC6|oS)0Ne z_6K7T^On<^)|29C$?k$YwEgV$&-fSVl_onNYD!gc`{lf}5}xVa`19rX>_x!b;&N_W z1dBa3|JKL&?TvW%Tem7#e``7bCU+>?-U$OQ(t`AYO5a1;Ow|I&z zrI+oK#4~ig`&smK2hu-?k@zXbZf^*+x%^b1qT<;~^2oO6#x2{<^SPRHQ%BvuVtRWJ ziwo*+jF+;v+h0K;RBoY5J6`;J?b5Y}#mg~Naic44xY5`YSe1Ln@u6-3X6$m&0^v#w z0fI#9oq%ec#^Z&?b9pL7t0e7ErEc8}${M&z>-oAbArU#`2&?9X*8vggTq6`kAy-q{ zR#-fO^2oCUsvQaD9WN`aFw4zvloBu+4?=}6C{gl}gQ z-xRsJxR>E~*s@Hfh`TFm8%-688&jM;DIjw86$B)|SjOl*2!}!+c)nPp1#)qz$shry zkCO@%&V@)9H7DaWPcDxPG!Mn`rFbgY4i-RZM)t_~jr;!8+x`8FX&?QyEK@(!qTtqQ)Aa8rq|`>i=lq`r;syPS z4W@xM_IpQj&ysx|5%=Q4Q;%eZteYkzymK|hGzcZLvq~eaWwM_PwP{@gkTj}@VJRz8y8HK z2%E43*!MTk7_kcUrb?k!_U!j=$JBPtu&1BaN#=wTrY~4NVGE;}d;-}IeSdj^(_J95x5#8v%vKH!oxeCwMyv}d2&QQzM_`+Xzq)Q zK}~&LOjf6$YjZcWo^kT=69$iWT!IZ<=M$$?1Xh#44Ci|3@!^{>iQlG|JUDVeEd9NxCoZ_#=eC-4ke$WgB>1jkRuo|@U3Yf+$}QWUW*nYq80q65^@>+w*?ni0 z&E-wRE#hi0BgCubRJK#oaU@VbDn+8hVn9x#E&M*Yz)iPf$iN5tK|2J>?sXl{ zS>XGsd&UwISzV2YdO_&g8?NYP3FrG+cf{P6`PHk}zB_5yQ^q~(Dx^mHCS;$yLAkvt zl1)IQnU2qNQ$*pd0=4%cT(exjZYw&3g8T+&!xJVUZMfRUfX4+=J5j z-3xxep4{^ru=keLz%CMth|}Pe3J9|7$1?peD`o#}(bRrXOL8?=f@($QH*=pQkfcbmu5U3au}XTICj1lTz;gEapbqzA~-zZ z%?Vn~z1F(Ks1^CR9560472J5dO*&qfh8_1r?0^wchX_P|vjvu$QS-qad@8d?5$;Q` zp?@K-u~>agA1F-Vk7{U|`uSypCL{RJ_7%1CCu83`*ksIEE)VqT%EjsVQ+W}D=(~w=XbJk%l&R#Y6lv*WtKN>Jb zVi?x5G`2q*PcarB6pWoMJ*IN)K!MY>%Dto5_AtDh{(L6vxXfj0Ing%@5aPY_c7>&j z({}?MpES%6h)Bf?9~cfI)z{fNJb?-dp!}v?q+45y%Vm(xvT=Cm+*4( z1w5kK=r^wFYjn0U{B|B171%A>rV0eY zN470IxL>;d{J8;wgqkIpZYt^a#c7DENUo|>4Vhcyf7}fTw))o$JpQ?OfUMIFpl;RC zPv2G`_c;9!n>K!YRu{M12XIg>iqdSeQBo@0+h*}4i?%sZ!<)IXA+_AfG-7Vn;`cYF zr;Uw6v}u;a$)>(Lf*#uwP-!92J8Itc7%v)uB=0dXxLPM_)D2wDO#@l(?2Cf0 z;Y1ACr|wWeJPdvMcZ*w>K+7f!AQO25b|<*W^19Cfym`xN*c0ol$DNtsbX3I5%U>Fi z5U2JrQ1aSy-b4gQ?^)U(w!p{STu_JJof%b7#85pD<}3t4nXD2XvvAEdx(fhshz@_( zyB7h@y8hQAyuxaK7?)2Ql*d{r;Di4UHgd#!L_LuYZ>`ztR;P23hR}Re?vXtC_RFj0 zNI}9>v+H;Ugica{+@zHa0~r;U_=Ju}&et9wSdEZJxZNCc*$Z4Q9Z@xr!t01GUmT>&@P?Ggw;O7?Q;@&N%{U1>02osC4k zVrg_nE0suvFvwld{YB7QPIy(@VS3UiMaOX%vWPc;!;eN`hfJmG#{%xM*w5|!sIBg^ zz4!1uC&^|93%_l&0Vg~FN%lv_SSvoG^W)GXK-Og*^|w6vyjNd|qoyS@#vf3E;{c6lC5wHX9)OJu?9QHvjt<5`9ylof#jgAmG=m!f791y86BqH`*!-_Tr_(3 zv-@Jzy3_BkB#Qzve?v(TC$o;Yj}XwaIU`#-l~~!>Z3ppp7bAe>nuU&`R-C@#o%-0C zFtCWu=f%)Tjs7i}cBTmU1YogR{OOuFnY&M|fNe0HphTZWgMswXoH|Ti1U&Zi`?e?9 zxsjFCJLrh6IAGn>y74LoBj(w<{%8|Rj&M~qGd0!jmlPHM)aJAR>97#ddQ8af0HdXD zc7HX0Djt?ACvsZAaLb+rw9bpy$H$a)ynsjhUr<}`DOpH>^vO5PO>85nh#PjAi^8xs z3Ag_!ItQ-XI)TxZI%>MwEr$mPuX;>-^ikPbV|M?-JPX5js~rINRcEHr3feF|e~E{W zKc49Sgn|D(ZJUn8;L{Ksl-N07E%*x?TWe>NeZHksm<&OOR%vPgJM3i>0$KefUz=ed zX`;QAC3Fmfobh?km`#TGMMHG}4?{^c5K$y~te`i*yhz6Qd>SbxU-Yqi5W8i=A7qOB zgRaR)z~o46~89&jr5|bdm4)| zJpB9ykn5^>{qh**p$k4am2Ocm^IG z!o-Q^QYvfP^HV?LBLv4<$vYKsvIf2}d2c2|6D6*vB8s?_H@bweDi=bs^MQI8v(4KK zOwf`~AuudeOs-}|%$@L+RL^I|dE#I+=iE_vxRBC7v1SjxL&3-4FzrvzA+l%2nBj9F z`R43Q@R?v^mlhbJT9Tdm)B91ZQSpMJL1&ryjb_g|1Ge>u$?sg%P`9g@66quYnvetI z!@*nZv)^?v?MQOFFn8Yox0j23C)iY`fHzV1aM?VB!0m-xYSv2rwx3VJ$4UWD#r2Hsu)8fFsKF+J z@B7`0N}%)?u;b+u;a?K~Vfws_dS6bHOT1E=q4(;iOX2e#8=N1~3>^F-q zjH|ZBP9)26hmPzwEt=VoKjp-X(rNK2o>FCjhc!!&+WghXQ>055-++xbCqMFTzdIHF zv=d7L_81laXM$~W1`yhk7~v)Mh)|sGd;co^e&(s|DkRW!a~I!dS4`FyQlpYgU{D88Glf$`_EsHf+&V1xi$80q-+eu0Q-1 zRY#`HE0{kgHBk}C0dAwgkwe%QdRT?52;S-snY7FV&~j+KrZj4ErP}c)=>}W(uLK|k zaF;9(A6rkve{Yjv#a1c4AAa*AxH13VsfN!3ZfUYe@{AAJ3Xa>w87}FTz0XQ-qe|?J zc3gGd_&mThg^?d>KgW%=0F`N7_WQU3IjBri&RQtU0>VVpB>C%6SniX3i-nYkF6KO~ z=+?YwN<&ke@lBwX>37hpI49}q4e~SqITqm~c&FYXp~QZ?S@Zb>hxGjKT*8T?Cz3!iL8kHyl}2xdSm>(%HN|OmUl~6^R1jia`%T6vL7C z-{oTo6sGnAzSCKJ40vku6U$b;G~GYm3c-P758`JrV`Q*D|H~f9$M+S2k3H4!gLI6* za}&MC0PYqW=fBB}O0R#Zy1LCBGQHq2D!^4}Ta~kKjx}xD+Hrp)xcu`ZMzhm{ zcQX~A@>k!l53Oe=pm)}9qM}GyU%Z42kT5B+@Wb@!;sXI13;UYZ_XwW32JEX4a+l#} z%f@$@Opqnv6rU>f`s*s5qqfxFfn=xKqg@^SBgncc1`dg(5@3Iwq-^mDlc#TRbV+Z{ zB8Z1-xo}Z0I<|hwSg(uD2%o&V>x1UdFVO4;E~41Ua2X3_@Z1cqP;BnwVUNxg-4Lj% zq0r|S)V5M+)Gks}^{s6Q_WV*y2C!WT)Vh?KHxL6i+DxWxY>Z{}_P8JRX~2n!aBd%XFIL>@ z;-^ntn=Ae4PS?aZsfkG`np&*3eSjdc;tg+WlT-EXD^!YqIlqy06)o4O@HJAfT@Qmx z3+wmxYa&ZU{de$r>v_#?yc2VwqcF|#Zqmml4{hHBVMcIla&5CK#Ns>b?YYf3#!yiT zeq5t+9>A^YIU^hIbwx2eHX%?T3+LYEzEy~oBgOt-`#a-L)+$IEJqzcl1ON*>A0NAc za#mMynSJwn6+>lo_K91r#T3ix2mc+}3B7@+$ujG&#=49lx+wnVgLmY6icdB05apc> zoH@rvh=v6v2B!oQ)DpwgKxaU32LauC>q)szpz@X zE;S<&saG{!>38LW>$@)7(YyH5rlbX(etl`k# zTT}!gbKV@`BYqYNFV(nUbPI>Vc4H>Rx2GNXDL)Bzs-tB0g!-c8{{EnD-*$FOB+Cff zK<5iw69tTmRY5VyRH7p{#%p{f{!rrs1zl!uwNAONV>c-rqHx5M4f6VM6{lps@ZVaO z{C*F8YT|k8m@o0e4f=el3lw99!pr!C7MX%#&zR1`Xz?jTSoaza`%z+Z);Bctb*`gsbBg8Y$qZ$PH&>{ zsV$tdxFOExEJ||?t&!175&o)N%QFuL`h$A*#q?R93(u_il))>h=jO)n;Ew7VMbrH@ zL9xp-yPAI6LVaovQxkeJU>&R0RlM|-JAP`jmRrO)!|cYq4}4EEb+m}r(Sd&yG4B?L+ie;d^v_70^*SmZ%uWw$Q9NiSJGv> zq6P5NoUI`%OW>vFb$pk1WMMk7Ler0!OX*XC-igCw;Uil7-z_F~iEgdQ2}plj4?XGu z_ffq~OB0W*_|U4B==JX#+t#ARz{8$jU6bh>@o9}i^*U=@q@(;#pf`~u8uzblCT3w`Ep!_-u?h}Q6b0u z)l>3V^1b@mzb}s;zI$F?O7QiGG}C4 zhY@2djYVlQ*WW&!QQ%uhi#!zr!#5V1{3nK9#eb~SL^Y}LCvcI^aLhET6)^^~cWV3* zDy?>D?2oJz?)+8b9=Z_}Pfgh!r@g%R)%6sYqTRe=WYLk8?KG~HD8Q{MjN~1B&%McDg_U+;6J`gTTM!QNi3IDo;KG z*F2EOmr(SDiT<-kjY%axQSZ$+DAA~CfIWC{e)2HSW9|w&01vS-y!D5rEPhVcKk2)i zIs2!k?l^1B(u5Hqt97sv{^r=`+?5}dKvIhV;h;F?D~lg9SlMJ@th6s60~t2I3-L1W zwP*ysu-@#PHQUvn9CeRdsom;}JJf6!E3CNy}bAc@kpn zCmo~HXvnEU!R#2ta*lyI&v6aA{BSr0Hf$v%X)(KSI4cmxp_Ei&k#B}IB-70wKOBJI zvi@eG?KbDLmW$?__zKm9Mdd$_7$rm1LsVXl)>y}_7_c?j&=d-&kcArz`BYmc^Sg0} zI)!@UMv&V#h)G)$^Yn2jH&8tf=@pT;JeMk^=q z*1k;!55y7YpMr#?H}ZL#gskK=sOV!M(&E|=LehqOaAA_LlvrUg$<^|)iPZtPmAcXdS(a#XUIJj0Yk~WKp$Wab#&7Il7(n^ zs=Sd=I`Inm%=q`uE6UfU32qY)HDy1P4P>iS=RaHIeAf7?xIP*=YRJw==Bm5*<~}Tp z|L051{*$u7hU4fDaX7(*LAbf^ToBG%{_79Poa3v4{-NVGYy1l4$0`F}?RlNs90@PX zjzrS6a+0Ol5in9&xz%p3slk|WO)Axiee;Bbe={N3+?7mjZ#s}xlW~A_wscultMV?pZEkKFCVM*Z^vr> ziYKXL#fTojrsCSMj;9!Do1uO>MuNqS=(S>rP;{iSuxlIoArlkK5gF?CPd4glynIrI zzPj+4*aFbzHT;VHmqd7NSJ@&AZx{zCR#vAc>pkKy!Li=eai~b(H=FsArmf6F`Ks+# zzGLRZ<0cnT$ z$y$ot>6m%>xzwfNtKGk=y78LGq)SWAYjn1{@b4_RWkO@Dj>|Pl-H|O;o0>rs5jE{< zsO-g|97*t$Ll3aGKbq>DVb}vq%P)c=L}5(r>`A+UVGhzZ_f+a2uzMqA-E?J)*1UN^>%OdZ2Fh%OK!Ha>@h2mVm|JoU);DA zg(-3zJ2veqLOFAd<9vpZzFOD}#z8iJekJ2(+jLjze!J_@f6wuXfgHHc`Y^mV=&r`pK;YysGSo} z!E2~hQY9P9$QX!5ws_8G1}#>jIuBsbsWKmtoO$283Zom|fr7$ovshP|L>PpQMijm; zP*OvB*Tj##+FOV`3}v)mYxy4mQUk60M>f`jwlK%6Bh$Evy~rV{pdzY}`W!l5DSIEv zdyZLWZmb1uLA_SLyV~jMDi{v~?ex8suzKBLzu2*XD=oc1dUM=}RQ%qcI}v!8lwN*! zmbBIi3pCP#wy@;l3#7Nk59_sZ%82zPL#CXS_mYcEeu+0|8*8n&K(61D<6XVip!F3) zMo!tUm6jfr25z^>is_Np=V~c@L)OEfbvNTDru6QRh0&-QD(O;$<+*I#3iG~dF@r5P+%a*I8A#*I7ULP|o3|hA`*^nt`<*nR< zwxeF}wAH#T^?d$Z-$PEji%HpDz4Xq=7W=haV#jhP#D&N1lpY?lYD@EYrj{K{DZ;Jr z5aK~}j>%CnA5n7lb?7w7);)9KDPS4(e>9o8bJA_*aruX0x2LHjv$@AX^i`8v72tM}@E$Z1zlmD6$AUOhZ^wHEuebKW{&k};MoJoCbv zX}kT;O7FaMe_CSJ=hLu36Vjl86mif|l3~()f|frSp#ZbXsQ7xf@%9j7oJP+yz_R*X-8?P{R0OLOe03jl;)myRN8XG71RE^tkc*Sbe8LGeLVf* z+*{J4k3F8=8vVwU>Cu9A(vZ`cW|}$8Gv9(~hs{?>du_8uW8-B0$Cwq~cx!BWXN<`% zTiqPAfx&|Zrja9tq!Gj7)raol_0eO~yJJI6JA-%0h7TQ_W*Zs(xZMR^I{F Date: Mon, 26 Apr 2021 09:31:21 -0700 Subject: [PATCH 105/156] Update servicing-stack-updates.md Editing to replace "via" (we don't use "via") and fixing grammar. --- windows/deployment/update/servicing-stack-updates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index defeb5d1ea..6b9563437a 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -53,7 +53,7 @@ Typically, the improvements are reliability and performance improvements that do * Servicing stack updates contain the full servicing stack; as a result, typically administrators only need to install the latest servicing stack update for the operating system. * Installing servicing stack update does not require restarting the device, so installation should not be disruptive. * Servicing stack update releases are specific to the operating system version (build number), much like quality updates. -* Servicing stack updates can be delivered via Windows Update, or you can perform a search to install the latest available [Servicing stack update for Windows 10](https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001). +* Servicing stack updates can be delivered with Windows Update, or you can perform a search to install the latest available at [Servicing stack update for Windows 10](https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001). * Once a servicing stack update is installed, it cannot be removed or uninstalled from the machine. ## Simplifying on-premises deployment of servicing stack updates From 78aafe54c6442640d78426b0b6e4bdab761e6ce5 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Mon, 26 Apr 2021 09:49:05 -0700 Subject: [PATCH 106/156] trying a different TOC arrangement --- windows/deployment/TOC.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 7d4cdda4eb..46e6f81ae0 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -253,6 +253,8 @@ href: update/windows-update-errors.md - name: Windows Update error code reference href: update/windows-update-error-reference.md + - name: Troubleshooting the Windows Update for Business deployment service + href: update/deployment-service-troubleshooting.md - name: Reference items: From 6018226c1077a7149d89942d1bd1c607940d489f Mon Sep 17 00:00:00 2001 From: jaimeo Date: Mon, 26 Apr 2021 10:33:11 -0700 Subject: [PATCH 107/156] trying to adjust TOC --- windows/deployment/TOC.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 46e6f81ae0..d652da0a0a 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -166,8 +166,8 @@ href: update/waas-configure-wufb.md - name: Windows Update for Business deployment service href: update/deployment-service-overview.md - - name: Troubleshooting the Windows Update for Business deployment service - href: update/deployment-service-troubleshooting.md + - name: Troubleshooting the Windows Update for Business deployment service + href: update/deployment-service-troubleshooting.md - name: Enforcing compliance deadlines for updates href: update/wufb-compliancedeadlines.md - name: Integrate Windows Update for Business with management solutions From 79b50f7fb3b48f346ac0cb221b4f38f390069ca0 Mon Sep 17 00:00:00 2001 From: Kateyanne <67609554+Kateyanne@users.noreply.github.com> Date: Mon, 26 Apr 2021 11:15:18 -0700 Subject: [PATCH 108/156] Update windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-how-it-works-authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 7439db90b9..73e3d5e47f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -65,7 +65,7 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| > [!NOTE] -> You may have an on-premises domain federated with Azure AD. Once you have successfully provisioned Windows Hello for Business PIN/Bio on, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Azure AD to get PRT, as well as authenticate against your DC (if LOS to DC is available) to get Kerberos as mentioned ppreviously. AD FS federation is used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation. +> You may have an on-premises domain federated with Azure AD. Once you have successfully provisioned Windows Hello for Business PIN/Bio on, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Azure AD to get PRT, as well as authenticate against your DC (if LOS to DC is available) to get Kerberos as mentioned previously. AD FS federation is used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation. ## Hybrid Azure AD join authentication using a Key From 9deaa3f1d7c99570b618dbeb20ee19cac3801b66 Mon Sep 17 00:00:00 2001 From: Charles Inglis <32555877+cinglis-msft@users.noreply.github.com> Date: Mon, 26 Apr 2021 14:22:18 -0400 Subject: [PATCH 109/156] Adding compatible regions Update Compliance is only compatible with certain regions. Customers have run into issues configuring for newer Log Analytics regions that do not support Update Compliance. Adding the list of regions in onboarding for reference. --- .../update/update-compliance-get-started.md | 34 +++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index e686447597..9298206139 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -41,11 +41,41 @@ Update Compliance is offered as an Azure Marketplace application which is linked 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You may need to login to your Azure subscription to access this. 2. Select **Get it now**. -3. Choose an existing or configure a new Log Analytics Workspace. While an Azure subscription is required, you will not be charged for ingestion of Update Compliance data. +3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the table below. While an Azure subscription is required, you will not be charged for ingestion of Update Compliance data. - [Desktop Analytics](/sccm/desktop-analytics/overview) customers are advised to use the same workspace for Update Compliance. - [Azure Update Management](/azure/automation/automation-update-management) customers are advised to use the same workspace for Update Compliance. 4. After your workspace is configured and selected, select **Create**. You will receive a notification when the solution has been successfully created. +|Compatible Log Analytics regions | +| ------------------------------- | +|Australia Central | +|Australia East | +|Australia Southeast | +|Brazil South | +|Canada Central | +|Central India | +|Central US | +|East Asia | +|East US | +|East US 2 | +|Eastus2euap(canary) | +|France Central | +|Japan East | +|Korea Central | +|North Central US | +|North Europe | +|South Africa North | +|South Central US | +|Southeast Asia | +|Switzerland North | +|Switzerland West | +|UK West | +|UK south | +|West Central US | +|West Europe | +|West US | +|West US 2 | + > [!NOTE] > It is not currently supported to programmatically enroll to Update Compliance via the [Azure CLI](/cli/azure) or otherwise. You must manually add Update Compliance to your Azure subscription. @@ -80,4 +110,4 @@ To download the script and learn what you need to configure and how to troublesh ### Configure devices manually -It is possible to manually configure devices to send data to Update Compliance, but the recommended method of configuration is to use the [Update Compliance Configuration Script](update-compliance-configuration-script.md). To learn more about configuring devices manually, see [Manually Configuring Devices for Update Compliance](update-compliance-configuration-manual.md). \ No newline at end of file +It is possible to manually configure devices to send data to Update Compliance, but the recommended method of configuration is to use the [Update Compliance Configuration Script](update-compliance-configuration-script.md). To learn more about configuring devices manually, see [Manually Configuring Devices for Update Compliance](update-compliance-configuration-manual.md). From b704f4e6228e31b3d56663679d6593e66d84c868 Mon Sep 17 00:00:00 2001 From: Jaime Ondrusek Date: Mon, 26 Apr 2021 11:28:31 -0700 Subject: [PATCH 110/156] Update update-compliance-get-started.md --- .../deployment/update/update-compliance-get-started.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 9298206139..f7bc296b2f 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -41,10 +41,10 @@ Update Compliance is offered as an Azure Marketplace application which is linked 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You may need to login to your Azure subscription to access this. 2. Select **Get it now**. -3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the table below. While an Azure subscription is required, you will not be charged for ingestion of Update Compliance data. - - [Desktop Analytics](/sccm/desktop-analytics/overview) customers are advised to use the same workspace for Update Compliance. - - [Azure Update Management](/azure/automation/automation-update-management) customers are advised to use the same workspace for Update Compliance. -4. After your workspace is configured and selected, select **Create**. You will receive a notification when the solution has been successfully created. +3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the following table. Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data. + - [Desktop Analytics](/sccm/desktop-analytics/overview) users should use the same workspace for Update Compliance. + - [Azure Update Management](/azure/automation/automation-update-management) users should use the same workspace for Update Compliance. +4. After your workspace is configured and selected, select **Create**. You'll receive a notification when the solution has been successfully created. |Compatible Log Analytics regions | | ------------------------------- | From 7ccda6244a7ddd31d6f9a4cb7d9f556c34b6374c Mon Sep 17 00:00:00 2001 From: jaimeo Date: Mon, 26 Apr 2021 11:48:32 -0700 Subject: [PATCH 111/156] small edit I missed from Alice --- windows/deployment/update/deployment-service-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index cc924134a2..4e9b399cb1 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -25,7 +25,7 @@ The deployment service is designed for IT Pros who are looking for more control - You can schedule deployment of updates to start on a specific date (for example, deploy 20H2 to specified devices on March 14, 2021). - You can stage deployments over a period of days or weeks by using rich expressions (for example, deploy 20H2 to 500 devices per day, beginning on March 14, 2021). - You can bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization when emergencies arise. -- You can set up automatic pilot deployments tailored to your unique device population to ensure coverage of hardware and software in your organization. +- You can benefit from automatic pilot deployments tailored to your unique device population to ensure coverage of hardware and software in your organization. The service is privacy focused and backed by leading industry compliance certifications. From 91892b35bacbae864fb2c2ed6a8b4350a07c96c7 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 26 Apr 2021 14:05:16 -0700 Subject: [PATCH 112/156] Update faq-md-app-guard.md --- .../faq-md-app-guard.md | 43 +++++++++++-------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 9a7f8f0ed3..61f3f7421b 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 01/21/2021 +ms.date: 04/26/2021 ms.reviewer: manager: dansimp ms.custom: asr @@ -19,11 +19,12 @@ ms.technology: mde **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Answering frequently asked questions about Microsoft Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration. +This article lists frequently asked questions with answers for Microsoft Defender Application Guard (Application Guard). Questions span features, integration with the Windows operating system, and general configuration. ## Frequently Asked Questions ### Can I enable Application Guard on machines equipped with 4-GB RAM? + We recommend 8-GB RAM for optimal performance but you can use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. `HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is four cores.) @@ -34,25 +35,25 @@ We recommend 8-GB RAM for optimal performance but you can use the following regi ### Can employees download documents from the Application Guard Edge session onto host devices? -In Windows 10 Enterprise edition 1803, users are able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy. +In Windows 10 Enterprise edition, version 1803, users are able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy. -In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. +In Windows 10 Enterprise edition, version 1709, or Windows 10 Professional edition, version 1803, it is not possible to download files from the isolated Application Guard container to the host computer. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. ### Can employees copy and paste between the host device and the Application Guard Edge session? Depending on your organization's settings, employees can copy and paste images (.bmp) and text to and from the isolated container. -### Why don't employees see their Favorites in the Application Guard Edge session? +### Why don't employees see their favorites in the Application Guard Edge session? -To help keep the Application Guard Edge session secure and isolated from the host device, we don't copy the Favorites stored in the Application Guard Edge session back to the host device. +To help keep the Application Guard Edge session secure and isolated from the host device, favorites that are stored in the Application Guard Edge session are not copied back to the host device. -### Why aren’t employees able to see their Extensions in the Application Guard Edge session? +### Why aren’t employees able to see their extensions in the Application Guard Edge session? -Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this. +Currently, the Application Guard Edge session doesn't support extensions. However, we're closely monitoring your feedback about this. ### How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)? -Microsoft Defender Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as `192.168.1.4:81` can be annotated as `itproxy:81` or using a record such as `P19216810010` for a proxy with an IP address of `192.168.100.10`. This applies to Windows 10 Enterprise edition 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. +Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as `192.168.1.4:81` can be annotated as `itproxy:81` or using a record such as `P19216810010` for a proxy with an IP address of `192.168.100.10`. This applies to Windows 10 Enterprise edition, version 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. ### Which Input Method Editors (IME) in 19H1 are not supported? @@ -102,7 +103,7 @@ Mandatory network isolation GP policy to deploy Application Guard: "DomainSubnet Mandatory network isolation CSP policy to deploy Application Guard: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)" For EnterpriseNetworkDomainNames, there is no mapped CSP policy. -Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). +Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). ### Why did Application Guard stop working after I turned off hyperthreading? @@ -128,21 +129,24 @@ First rule (DHCP Server): Second rule (DHCP Client) This is the same as the first rule, but scoped to local port 68. In the Microsoft Defender Firewall user interface go through the following steps: -1. Right click on inbound rules, create a new rule. +1. Right-click on inbound rules, and then create a new rule. 2. Choose **custom rule**. -3. Program path: `%SystemRoot%\System32\svchost.exe`. -4. Protocol Type: UDP, Specific ports: 67, Remote port: any. -5. Any IP addresses. -6. Allow the connection. -7. All profiles. -8. The new rule should show up in the user interface. Right click on the **rule** > **properties**. -9. In the **Programs and services** tab, Under the **Services** section click on **settings**. Choose **Apply to this Service** and select **Internet Connection Sharing (ICS) Shared Access**. +3. Specify the following program path: `%SystemRoot%\System32\svchost.exe`. +4. Specify the following settings: + - Protocol Type: UDP + - Specific ports: 67 + - Remote port: any +6. Specify any IP addresses. +7. Allow the connection. +8. Specify to use all profiles. +9. The new rule should show up in the user interface. Right click on the **rule** > **properties**. +10. In the **Programs and services** tab, under the **Services** section, select **settings**. +11. Choose **Apply to this Service** and select **Internet Connection Sharing (ICS) Shared Access**. ### Why can I not launch Application Guard when Exploit Guard is enabled? There is a known issue such that if you change the Exploit Protection settings for CFG and possibly others, hvsimgr cannot launch. To mitigate this issue, go to **Windows Security** > **App and Browser control** > **Exploit Protection Setting**, and then switch CFG to **use default**. - ### How can I disable portions of ICS without breaking Application Guard? ICS is enabled by default in Windows, and ICS must be enabled in order for Application Guard to function correctly. We do not recommend disabling ICS; however, you can disable ICS in part by using a Group Policy and editing registry keys. @@ -161,6 +165,7 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli 5. Reboot the device. ### Why doesn't the container fully load when device control policies are enabled? + Allow-listed items must be configured as "allowed" in the Group Policy Object ensure AppGuard works properly. Policy: Allow installation of devices that match any of these device IDs From fa874495301c426e5ce5fae4999e08e61a62296f Mon Sep 17 00:00:00 2001 From: jaimeo Date: Mon, 26 Apr 2021 14:20:30 -0700 Subject: [PATCH 113/156] fixing YAML --- windows/deployment/TOC.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index d652da0a0a..cff68ffb1d 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -166,6 +166,7 @@ href: update/waas-configure-wufb.md - name: Windows Update for Business deployment service href: update/deployment-service-overview.md + items: - name: Troubleshooting the Windows Update for Business deployment service href: update/deployment-service-troubleshooting.md - name: Enforcing compliance deadlines for updates From afd5531a0d2f9ed2ef54379810499489383aea3b Mon Sep 17 00:00:00 2001 From: Jaime Ondrusek Date: Mon, 26 Apr 2021 14:24:25 -0700 Subject: [PATCH 114/156] Update update-compliance-get-started.md Fixing (I think) link to Azure automation update management. It would have been broken in the original version of the article as well. --- windows/deployment/update/update-compliance-get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index f7bc296b2f..9bd21c5fd2 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -43,7 +43,7 @@ Update Compliance is offered as an Azure Marketplace application which is linked 2. Select **Get it now**. 3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the following table. Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data. - [Desktop Analytics](/sccm/desktop-analytics/overview) users should use the same workspace for Update Compliance. - - [Azure Update Management](/azure/automation/automation-update-management) users should use the same workspace for Update Compliance. + - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance. 4. After your workspace is configured and selected, select **Create**. You'll receive a notification when the solution has been successfully created. |Compatible Log Analytics regions | From 9164d2d0b399e3f8f7d443d92f44f0132f8ee9d3 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Mon, 26 Apr 2021 14:32:24 -0700 Subject: [PATCH 115/156] Acrolinx fixes re-adding fixes made by a PR reviewer that were overwritten by a force-push --- .../hello-how-it-works-authentication.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 73e3d5e47f..a90f1587c2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -35,7 +35,7 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c | Phase | Description | | :----: | :----------- | -|A | Authentication begins when the users dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to winlogon. Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider.| +|A | Authentication begins when the user dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to winlogon. Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider.| |B | The Cloud AP provider requests a nonce from Azure Active Directory. Azure AD returns a nonce. The Cloud AP provider signs the nonce using the user's private key and returns the signed nonce to the Azure Active Directory.| |C | Azure Active Directory validates the signed nonce using the user's securely registered public key against the nonce signature. After validating the signature, Azure AD then validates the returned signed nonce. After validating the nonce, Azure AD creates a PRT with session key that is encrypted to the device's transport key and returns it to the Cloud AP provider.| |D | The Cloud AP provider receives the encrypted PRT with session key. Using the device's private transport key, the Cloud AP provider decrypt the session key and protects the session key using the device's TPM.| @@ -47,9 +47,9 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c | Phase | Description | | :----: | :----------- | -|A | Authentication to Active Directory from a Azure AD joined device begins with the user first attempts to use a resource that needs Kerberos authentication. The Kerberos security support provider, hosted in lsass, uses metadata from the Windows Hello for Business key to get a hint of the user's domain. Using the hint, the provider uses the DClocator service to locate a 2016 domain controller. After the provider locates an active 2016 domain controller, the provider uses the private key to sign the Kerberos pre-authentication data.| +|A | Authentication to Active Directory from an Azure AD joined device begins with the user first attempts to use a resource that needs Kerberos authentication. The Kerberos security support provider, hosted in lsass, uses metadata from the Windows Hello for Business key to get a hint of the user's domain. Using the hint, the provider uses the DClocator service to locate a 2016 domain controller. After the provider locates an active 2016 domain controller, the provider uses the private key to sign the Kerberos pre-authentication data.| |B | The Kerberos provider sends the signed pre-authentication data and its public key (in the form of a self-signed certificate) to the Key Distribution Center (KDC) service running on the 2016 domain controller in the form of a KERB_AS_REQ.
The 2016 domain controller determines the certificate is a self-signed certificate. It retrieves the public key from the certificate included in the KERB_AS_REQ and searches for the public key in Active Directory. It validates the UPN for authentication request matches the UPN registered in Active Directory and validates the signed pre-authentication data using the public key from Active Directory. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| -|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| +|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not been revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| > [!NOTE] > You might have an on-premises domain federated with Azure AD. Once you have successfully provisioned Windows Hello for Business PIN/Bio on the Azure AD joined device, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Azure AD to get PRT and trigger authenticate against your DC (if LOS to DC is available) to get Kerberos. It no longer uses AD FS to authenticate for Windows Hello for Business sign-ins. @@ -60,9 +60,9 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c | Phase | Description | | :----: | :----------- | -|A | Authentication to Active Directory from a Azure AD joined device begins with the user first attempts to use a resource that needs Kerberos authentication. The Kerberos security support provider, hosted in lsass, uses information from the certificate to get a hint of the user's domain. Kerberos can use the distinguished name of the user found in the subject of the certificate, or it can use the user principal name of the user found in the subject alternate name of the certificate. Using the hint, the provider uses the DClocator service to locate a domain controller. After the provider locates an active domain controller, the provider use the private key to sign the Kerberos pre-authentication data.| +|A | Authentication to Active Directory from a Azure AD joined device begins with the user first attempts to use a resource that needs Kerberos authentication. The Kerberos security support provider, hosted in lsass, uses information from the certificate to get a hint of the user's domain. Kerberos can use the distinguished name of the user found in the subject of the certificate, or it can use the user principal name of the user found in the subject alternate name of the certificate. Using the hint, the provider uses the DClocator service to locate a domain controller. After the provider locates an active domain controller, the provider uses the private key to sign the Kerberos pre-authentication data.| |B | The Kerberos provider sends the signed pre-authentication data and user's certificate, which includes the public key, to the Key Distribution Center (KDC) service running on the domain controller in the form of a KERB_AS_REQ.
The domain controller determines the certificate is not self-signed certificate. The domain controller ensures the certificate chains to trusted root certificate, is within its validity period, can be used for authentication, and has not been revoked. It retrieves the public key and UPN from the certificate included in the KERB_AS_REQ and searches for the UPN in Active Directory. It validates the signed pre-authentication data using the public key from the certificate. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| -|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| +|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not been revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| > [!NOTE] > You may have an on-premises domain federated with Azure AD. Once you have successfully provisioned Windows Hello for Business PIN/Bio on, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Azure AD to get PRT, as well as authenticate against your DC (if LOS to DC is available) to get Kerberos as mentioned previously. AD FS federation is used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation. @@ -73,9 +73,9 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c | Phase | Description | | :----: | :----------- | -|A | Authentication begins when the users dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to winlogon. Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Kerberos security support provider. The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.| +|A | Authentication begins when the user dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to winlogon. Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Kerberos security support provider. The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.| |B | The Kerberos provider sends the signed pre-authentication data and the user's public key (in the form of a self-signed certificate) to the Key Distribution Center (KDC) service running on the 2016 domain controller in the form of a KERB_AS_REQ.
The 2016 domain controller determines the certificate is a self-signed certificate. It retrieves the public key from the certificate included in the KERB_AS_REQ and searches for the public key in Active Directory. It validates the UPN for authentication request matches the UPN registered in Active Directory and validates the signed pre-authentication data using the public key from Active Directory. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| -|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. +|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not been revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. |D | After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| |E | Lsass informs winlogon of the success authentication. Winlogon creates a logon session, loads the user's profile, and starts explorer.exe.| |F | While Windows loads the user's desktop, lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider. The Cloud AP provider requests a nonce from Azure Active Directory. Azure AD returns a nonce.| @@ -89,9 +89,9 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c | Phase | Description | | :----: | :----------- | -|A | Authentication begins when the users dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to winlogon. Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Kerberos security support provider. The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.| +|A | Authentication begins when the user dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to winlogon. Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Kerberos security support provider. The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.| |B | The Kerberos provider sends the signed pre-authentication data and user's certificate, which includes the public key, to the Key Distribution Center (KDC) service running on the domain controller in the form of a KERB_AS_REQ.
The domain controller determines the certificate is not self-signed certificate. The domain controller ensures the certificate chains to trusted root certificate, is within its validity period, can be used for authentication, and has not been revoked. It retrieves the public key and UPN from the certificate included in the KERB_AS_REQ and searches for the UPN in Active Directory. It validates the signed pre-authentication data using the public key from the certificate. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| -|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. +|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not been revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. |D | After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| |E | Lsass informs winlogon of the success authentication. Winlogon creates a logon session, loads the user's profile, and starts explorer.exe.| |F | While Windows loads the user's desktop, lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider. The Cloud AP provider requests a nonce from Azure Active Directory. Azure AD returns a nonce.| From 7bb368fc8a03ce67283d66c0ac57ea6c0a966115 Mon Sep 17 00:00:00 2001 From: David Strome Date: Mon, 26 Apr 2021 14:57:28 -0700 Subject: [PATCH 116/156] moving include text to topic, removing include file for archive process to complete --- .../edge/emie-to-improve-compatibility.md | 26 +++++++++++- ...eroperability-goals-enterprise-guidance.md | 40 ------------------ .../deployment/images/configmgr-assets.PNG | Bin 139547 -> 0 bytes 3 files changed, 25 insertions(+), 41 deletions(-) delete mode 100644 browsers/includes/interoperability-goals-enterprise-guidance.md delete mode 100644 windows/deployment/images/configmgr-assets.PNG diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md index 09a98b4378..b7dbb29a92 100644 --- a/browsers/edge/emie-to-improve-compatibility.md +++ b/browsers/edge/emie-to-improve-compatibility.md @@ -27,8 +27,32 @@ If you have specific websites and apps that have compatibility problems with Mic Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. +## Interoperability goals and enterprise guidance -[!INCLUDE [interoperability-goals-enterprise-guidance](../includes/interoperability-goals-enterprise-guidance.md)] +Our primary goal is that your websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser. + +You must continue using IE11 if web apps use any of the following: + +* ActiveX controls + +* x-ua-compatible headers + +* <meta> tags with an http-equivalent value of X-UA-Compatible header + +* Enterprise mode or compatibility view to addressing compatibility issues + +* legacy document modes + +If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. + +> [!TIP] +> If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714). + +|Technology |Why it existed |Why we don't need it anymore | +|---------|---------|---------| +|ActiveX |ActiveX is a binary extension model introduced in 1996 which allowed developers to embed native Windows technologies (COM/OLE) in web pages. These controls can be downloaded and installed from a site and were subsequently loaded in-process and rendered in Internet Explorer. | | +|Browser Helper Objects (BHO) |BHOs are a binary extension model introduced in 1997 which enabled developers to write COM objects that were loaded in-process with the browser and could perform actions on available windows and modules. A common use was to build toolbars that installed into Internet Explorer. | | +|Document modes | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions. |Similar to other modern browsers, Microsoft Edge has a single “living” document mode. To minimize the compatibility burden, we test features behind switches in about:flags until stable and ready to be turned on by default. | ## Enterprise guidance Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that rely on ActiveX controls, continue using Internet Explorer 11 for the web apps to work correctly. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Also, if you use an earlier version of Internet Explorer, upgrade to IE11. diff --git a/browsers/includes/interoperability-goals-enterprise-guidance.md b/browsers/includes/interoperability-goals-enterprise-guidance.md deleted file mode 100644 index 407e07bf91..0000000000 --- a/browsers/includes/interoperability-goals-enterprise-guidance.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -author: eavena -ms.author: eravena -ms.date: 10/15/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -## Interoperability goals and enterprise guidance - -Our primary goal is that your websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser. - -You must continue using IE11 if web apps use any of the following: - -* ActiveX controls - -* x-ua-compatible headers - -* <meta> tags with an http-equivalent value of X-UA-Compatible header - -* Enterprise mode or compatibility view to addressing compatibility issues - -* legacy document modes - -If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. - -> [!TIP] -> If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714). - - -|Technology |Why it existed |Why we don't need it anymore | -|---------|---------|---------| -|ActiveX |ActiveX is a binary extension model introduced in 1996 which allowed developers to embed native Windows technologies (COM/OLE) in web pages. These controls can be downloaded and installed from a site and were subsequently loaded in-process and rendered in Internet Explorer. | | -|Browser Helper Objects (BHO) |BHOs are a binary extension model introduced in 1997 which enabled developers to write COM objects that were loaded in-process with the browser and could perform actions on available windows and modules. A common use was to build toolbars that installed into Internet Explorer. | | -|Document modes | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions. |Similar to other modern browsers, Microsoft Edge has a single “living” document mode. To minimize the compatibility burden, we test features behind switches in about:flags until stable and ready to be turned on by default. | - - ---- diff --git a/windows/deployment/images/configmgr-assets.PNG b/windows/deployment/images/configmgr-assets.PNG deleted file mode 100644 index ac315148c5f7fa276cb84521b26d1332adcb144c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 139547 zcmZs?byQnH*Ed=(6f5pfG^Mx{hqOS82MV;fmqH3jfDjzgqQ%`MMGB?3I}|Avthl=- zI0Pr$KF@pKb=UpY_s3at=B%^U?3ww^o-Mx}q770edBX7I&Ye3Xswzr4ckbNJzjNnq z0KubwU-}w9wEb)D!gZ7t?vxBNZU5^$uzjuh`p%v5D57i2hyVJ7jw*)mJ9j8t{`1^j z_{8dd=g#d9Ri)Q@?q)lt55F*vkK;32aRX3UMmP2cB%Ey-><>e$3<7J$5=QVrr`nAdW-DNp6zjM(fJkIsKP4>C`;O2nv?c;O!2;sLts7Kyr?vJb^DdkRqLGDPr zTf2KqlKEh7NAGJIVx|OjNSe51S#jSI9YrQ~!$;3qcb0tAL9 zc2F8B?|pu-+!0L1`k$Bb`%j;?=M?#`ad74h%YD_Meke!cwA^a;{rXP;=ijV|?$<2I z4>Y|GdqSSyt=SfKECAo|ZM|hTws?1awx^vzEO*?_=yg56_6fhX z?=zM4MKj}?23lYC3>!9|k_MAM3FInSdxn%^%k&5p(of}nPac=0sx_Bl_KcHQZKaN= zUZcG*(r13iH_?B%%`NlH4Rlp!+g^Wj z8(pPphW>sT91tMFzd-y{^r_=a(7^itF8_b`L54sLWIK==IH(;F-2-Lg*j@Qm)x{$x$LK4N3Y*u%$9|Fl*hC8i7Uyn^ZS4>{m-W+-vs6CY9lfB_pr!_=WNVC zyun0zyda+qQLtf2QM^RHO@1VIB=y(M^-?>qPP=1ag>c4YqMxKNXL5OpiRQfHeG$SR zY$+6G8vHVGx{m=h$*Hj{qD@_5+%T%>E%gO4juFza44dIg>hexKtoF%wdaW+ang0WH zOR=NIC?h^4tsbJlTxD5RZ##WwPR_veo@hNMv~f1I-iT@lffKQEyGp(;JD4q2K|^&Z zpeiu%lvM+m*8=*z3-xb_QFmJ#2N}keE`SGv!Wn1 zSds>V676~-S%Q0leNWH=c3>|U_=;K4w1yvzKmSAD2q$>F5!BS(EO}028HcNuD^Hkq zDDX`;goujAbWZ$eVRm`(Mm1LESullzO|M&%Rod5xgsGl&pRCQiF-LD#zsw(o4QnSg z`AJgVLk@>)A7;NlRSylE&O<|roKv{ZEDg+R)5DSullbBd2veR=o9}pgOSVzl{F9T$ z+Y0kf$l`~ait^q~=1)VEn2mW{@8mpJb?$~I7Ngq$`NlyDAF^_X7U z=t1s3iEp1Jlb;o74-{R-eK``K+|RRdHgQr9GdI&$t#9bI74EPS!tPjl_5S#i&7YZNvR9`HSYiw$N zrKjGv!p1q-9n6UTRS=ayf?OZ_r`(K*{-;e-;Ola$aA=yVi$Qn2c75Wh-*Gri=$ZIw zyCnT6qPQW-tjEqvnIa=Y%B5<3cqU$P^zy+(3ACf3nx9?MpxLwe956hepztDvoPzQ7 zoBF3C-UQ6d^9ly47C!%7ql~DJ?AufSQK|nnmQwdWO4WUTxg>qz`rLW#qRCF^+r=>r zJ4=DmXoFY~N$FpS`VV>^wkOQhxN9FxD?M1JPI%GgNR_2RRqhVR^g4REBjQ1KEmod~umB!x`R z>z#@x`cS~_yEyg@G3aSfwN0fE%5tQg`qjRfOUsU2BGgkYwnh+fn(pJu~c+ z{E0P#gMXdN-BgVz@Klq*=C(IM%$J*;_}8UKphe`IXCu(OrN4m9@Vr4e7q>#KN2&!=`Y;w*)rfBP0l z`3c*bS9&Sw^JP8XbXEHBdB8;Z*xkjR!AqfidiOKJ#_{nD>thS%)7+sv3q;H?w<+Gk zg|nzJP!o0G(I)2UH}0lxfqg*}i|29WZu5p*IMAIMH!rAMKvK4cT86MOEwis@`n&R{ zTJo16^>StFwy7Ha3l5AMkmD`tw0C+N`bPRL*1k0wPY72aLps{ZB&^PuSCQ4%P0+)j zx~Wki+^c3Wb0_tUCy45o7ScbKXdnD{Q@uLOrRH7Z{{t82_;PNuUucYbUqEZR6J?LfQz%JEp**W}Q6BDU^+2>4^l^C|?#%Q?qMRQQ1w5hgF zxx;^kEpIMfNw#>O=y~t;fX~-r8khY_GeYgEG#+gVNsetZ+W0HDWQ173+S?+tUFoM3 zE$Qd1-i_&X9b9*~sm$oUr)jG)r&#s*I_dhe z&@mq{E6-mV^MW`wX|5_n_@dURSA}$Cmo+>p>O4BR~S|0mBaI~sGoiAOPlc6oGR5ols!z&f@!$WkDKTzqf zbb@o7WTn>idT7{7SmC16Riv@z+Eb24h|*G{z#g3yVf4%{*FEP?{lWG*KBIbQ$fh`m^U0&qol zJf6l+5d>A<17oh5;PRikh(nZp3>M#%;j~QG(?3p6LpPCoRK=8es>n3p8}!B&HuP+> zE};fBW2k?0yfGmAsr4j169CN=_aY!8W*P<{ zfh}~3`8(`}eLYGqC13S@?^Gpz>`7|0pvtuCO7UuRW*fB3c~-2C>OlD(D#~8>S;?NS z$V|aehIOmkwdGf4qH}F=mI#X~@Ij?Gh(Y>pzNAMY>6CbjJ{jXABI#uAB+z9v7fS21 zF2?7%3$BKj$zwXTmTCYCoxg*~Q-d`XSJh`~97^P^8ayQN;$)x&#IssBf$hDv2F{IU zd_{CsK1qtxk!5Q5ZI7vh9i5j+d=!7!nk6<*?=dxDM-_zGqvM?zupuNOn;GC{^vvW4NvOt@-w6{sS z3><2)R;g5~^$;xrWin-#AS@8pa?*GQEyk{K^P>q@OS*hghl{FfkhBrmf)I$MCbP-Y zkpdLkbDcU-+^%dJq4;L(>H7iWcF`6IAk4F7kY80NV?7!1C*)bjv~+HU<$^cP(B$Bc zmYs}&j?HnoXW{l*4sMA1dz*{E3K^Wyu4?gM9c}?`+ z-n>ofw9HVGLA~Ubv1M~4f{>-|n7dYRzk1*I7nWtzmd11+!t^9c9Xpx!80M!9yqxyL z5PmT4@;RuncRJrANxqs-jHDXovR23~I7!3G8->~^=@VD0xhGbC;l zhrIF%JVO8L3`UXBigV|C1gCQ!+1W#srN;xcp9O?gFc7oo0QO#wefVHG_w#PDB=lL3 zc)U6tl$p|bCNtrjzB9*ZOm8ylR~|#XH_PJnO1{%HYe|PNAS0-2P)vH%@Zc;1W*+V! z5J;f&lQb{d-ZX-3oGs>AU(Rdh-#eXQr=iJPY&tv~0L>ttsAR{)XPRj>X)-?>*zYqx zHUTAzf%{;y4A^Sqq;=|$SgGYR2RamF%VX2trl zxtY^gG)Wgu4Y03N2>)Cf`($kUg90Rf&Ju1Hpw2nXypLWFjDl2B1kuO8o87<})5Qs{ ze#;nkoT4ty;)40c!B~6D9Pk)FC1**)MTGUz#8i#=O~cx=%BiR~APsmHnJ%jtjQHJg1U6%v-rn z^5PIo-L&H%iE$SU1*d2^Yz}kU^PmL-m(EhA1tTT#V#M^aN<&0mz7_p5FtD`EM1zfw zirkjR9(hefCe|50f_k1*R-|r>3NKtvuURkWay3KFesZb2$@w`j&B88wHWh5x6_xJ& zXs_vl)u7S2KwV)AiiQmlvh0`d^NkNp6hQOifsLkdkUq)NON${JE_qIN5c4|+4~OXj z!PTc49jC}3-05qt9qPn)qwo)6dINk_{@*yvxnmnwejwYk?}AboJM3HTl!-g_4tIKUiM20;8f2sck&nuU zGLCtDVQh>F`3*W$5n|>`YkFvh}cGTnk{v4r@M5FQIW-|7whnL`i*! zLOe^j8|`K>bk$CuEO+&usSYc2y}bz>3!&BL6)!The56KR^2oe3+d z%=|hbYW1-3_Q(A^(o>yGEYgjT<#wo5kF4?YkL_eb%@2??#PV zKh;BRy?3jpCHKQ@w`c?~f5zD{7LOfEp<`hie7DMm(pnulHRgE8$;Wt0& zPcA$lHOn7fJ&BSi zGR^X|n~8mlZHH#uEYN~PDPge&=~sRqdk5FW#dQ zFZgLCgB!k3XES@Vy0yNCzcH~b z_Z0M7qM!%ZnBBJGoYdO*D8z8xrypQm@{-|Et=eo5t4&Ro8l4PVPVZ5f$(%r+kVY`1 zTe^yJr3;Zq3Sl6dL&SAW5@shC>24?jgO(?LKZZ6x%4hcag7F-Nb|4tPFPucn8Y0E{ zG$*1??UjF$-P9HD6{4gKv7x)L*?B)`f7m9azCY=-Pc92DPju6iTS^PGE#U-zR2ViM zrSxXBT(zJ&S^%)E}A5@F4td`J7An)+8?Od7{f z#@Sp^SNlSf+!2EK6Kmhp{D3SO!q8&$s@4ssna461KKff%zb4X*+!=BHx0||}D9iE! zkQbV+yMs0<9;=~Ye!fGrb5+D)rd!t>zg}i+Fr73ln4F}U6tLMgTZ*X7ej!D%{Ne9@ zrq{2AcMkJ*7o2h>Rl;%`$f+tePtC^b5uz&SqWdyobBi$3sxYxl2ZkEz9hxbq13Ss- z6*0X*vo2-LmWmpuoG}FfZ;zBQT5{Dao_DV{pdcWJvtLlxTKy&$wDKF=QFa^uD6Zr>zF$>x11%y-yl#w= ze;2}szRDQN2)|wM&6)LeU_8~`b#soeK+0ITg#g+wtqfqycIJ)&77H5wALDp?!rjiH zBn`3s}$)wCE9{}-hO^NIKz}9mwqoAZrFP+g@$fCcg z^WMN&^Ox8Se(HP_q+ly~G3-A!KzA^+fYf`*RV$-jaFV}MEU?JQ_;g$1D$$e|?j5o^4w4V!kJCOx!d4z1$+t4059!?2fOC1rq zwBmf9E3!`V#{=zmm6?KV&5Q#W_dSV$H}fyg=XioK7GMBpXDRaJrR-53h3xf_)s6^) zEJF-FjPL0l{JpNf@V)TMoIEb@SdeDKeot0ZU|$H%jzgN?P?faY2+yBh4Wq+cxFVKJ zt%Fv-^n8t3FN@>O(3W(|DQ3C7MpHN3M8$pT^4Q~v+u$e_Xp6Y@Aa2D^2VU|`9$0oD zcvq`T-8uwsueIi#H6&yXKDUUJ0i8EVe$6%u3OKE2)NWutM#nwj;?v1AzdcddaT~Tw z9UQuKXU3l&vu=IVK>a0`o4;#1GXfG>0<2;B&6c?%F4`+E3Ii>0;o(h0lR4U(a3Z8(>KHl)kmoSaSCnK~9SjC!9Bwtviw z8wsHVtYjt8fEgWEG-6-P^L<^#nvAk6R?)UwCYe?!C`XSz%-m8y29onv+ z-(H+mZwcCLDn*MR@!mVlx69JxRf0^*VP^3MD%6h7%FHTFk&>70;}J*4K$GC1beCvQ zO%-YG5JhXlK_Qe`V+Ns>F*btoiMY7M0DxmP*}yCA*+|GA)n~nX`C5`sCFYL2~6UBKWtZyTkLaepqi6j>7xt$p{Q;n;moWuBPo17m8Zwt>K zx4IQ{)H z7v3mqL2d9S@ol;zTAxqUjmVYsZBr?Xc6 zmhgHp3R!rAn_X zgQA9|SZL^mR92((;iHw-n`gVrUGjfSIEQozeYt>q~F#h<+SCs&w< zz_!Zc$(1Tm`M_i3xh{Wq$tc-an*QAT*F}acO2<_z|4paJ%RXnzpVI;O+sl7Bod9t* z#)*iobru^xTBNC}d6`{QLGSbH^TA>o2PMzI~m2`DzR#g1Q7b8pudG= zn72TLex}#G9PZt`HL8LK>`btPbhVjS*2ks5>uoK%+HPOTy)n`98s2Z1yB)$FFe&+U zho-|7%1;$58a0EhYx>e2YXL`bo4(9Mi|MPRX0AE~FcWGohM>;QkB%F!yjRVA151%- z>|FLHJl1p|JOZb}&BoM8m?~W#EejU$0gdsy5G2ql0HnA z$G#dRWk+3%)Vds5hY+=S8_c~(yR;ubZF^&g7KdAY#=ZO-;}eRj>6Wk5lSt*`m<^>| zZM?GZk(N4|)L4%S)=tv>X$XK3exJT=DX(CXOn~dp@Et1Z%Om1SA@s*!s*J zY?`l}A)DLAqkN(-;BP_@o`0f{-<5(cD>QC`h(}MV=QE_s{>2AQPg(so?_3S9BO6`= zVt4Y3uJ%o?d3W>s(>6%~r3FZ{Ig>w}AzV0l>jO@iIBaW- z7%r~a$!VbAg(%!qMXaX_j#pF7oW{~#NnJ4x@q4Yl)pJ5vNygT^%Xyn3rv9e=h+e&< z>rnP0(!}lO{Zd9T!=$rCczywld_@L$PWVWiF57LcU?XpGhFX1$@0WVH$ZhNGwthoI zc~(|iF8^+O+8vW(Gr(rr?&irPo~PZOeSW|0aNh{2o6q|FCf<3i7d0Z^m8Lz0vbe3C zRB0X*X1*|#$&zqX6H@OPyQ@pYYxiIX?AIBAQ@5PoX&CyNy0K)LQ#E(m1U!i5K)gwJ zO{2x>Ff;jVZHB_lrdO@Ci@gcGd0YEOdQyxlA<2hz)6_fAn49R-Jm~f+p|#y(@mBZ|F|#G~=eKK& z;O)qJgK^!Dr9Nj8A2XbC_egxi7D+0p>b5Wd zRRC@N3O>4QryeFk9s*Q{=Dw^{r{OMFDz)s8n|qJ_WImjDa_3Dj!iYVfPYxT}<(r`6 zIwbr5qhY*-D(^mKB0{Y2-d8eK&v)#lvegxFk4~@YTT1BYR2@IxQuVU3Sj2yOGh04+ zA}@JC*+?KYKp?d{Y+G~G)AJkk##UK|{qVUN>bNG?l%uy#Lzph6EsWQJoPH{xzh|k- z)>t``DNul|W8p4}_e~fL|BKXT{~QbjfK$4I5FcT%g3D$(s3=4KKv{{*?@;QSvpqjR zJ2g0<9BfC2Pj5^4p5b2<8VBq!IAIjic>IBaIZeJ+%L!-O%A@GQ)zdy6=3lB29sg8P z)#=CrP?pXq63&%>pP@fD8sG1KSobh?J>SvlZIRP;^CeGsZQKL_^NG37A$>*}{GNJt zp^YQvOBp3sOS~dlWZD76QN_YU%pz9zJ(v(&;d!mU4s zm^95#5r5jOfgIg}$~m(mj)A3r2`l>6+RisN<;{NT0=zq-AH@ZI!)QN$G*Kjm_;pYR zAIW+7=kkc4Fp`^)NFQNXJ42eyItmEMG85-(ldiT*1_FGbp7&~~S1TgzDENTr9#t8D zi>MoYKuTPAS?1Q@`7M63T8)oR3jhD3>K2oiI^u%DO2vnf@(We!>Wk$As)Vv>lZcn_#PP|J$ zqz{HzUeVupWR{rJ>vTjv&u~8RJ)e(SXNt8a?*-cQrd0}ip4g3QF~=%gO@-)|d0#k> z_hQB=9Wrztw_|Lv@w_OLVjHir;-8FHq&Sbg^4k{|t1q|_>!7Ef-Za-~CU0WHL+&5` z8S*w6t-yh^Jf(sYIgiu7_gd$5*b@va-mcx-MY}RSx4gbkxVbEq05?#ba!f4m-ZmNa z3d5A%xi?>**5_lo43q!H|k5O9HtGX=kEvp6a~;(TV}^6+LCx1JLW>V{fB zwz{nIowD^t&UZCBZ_DKIfn>I;!#9JsAf^1C{IN%Nh8af`&Epr5_Xv+^!b}=#-nutq zHUE?9TkVKscmCxcO-#_VfR5cVo5j_WRK_CzX zC1u(eT|pP=P2%6u!%{2EJx!L9^vl1Kjx-GTBwy>>8Aeo7F;NxJ27Vl9@OZ2~ppKVh zd&aYRY!>Xj#yQ{B2T@DEGwnEL3%95h!#(n?95(hP#r&93QGPwb#%Th^cPF$?I6HAg z@J6}VO6CpJrO!lG`&#I=1^*Vt)2p7RUtWNOEzq53$qbrH(_ z`5whHqRO^~_>PSsYkUELB;kguYz^b6b+gamwffvaN08d0Tl?t)2~!wLc^lk;XPKI=hSjbhZc*DEBR zdtZvkO}_HgV!QWbC6UwMBy#C;dx&RoIL3P5b1gh`mQl0@xK+=I9kB~w(sPAq$BKmbS{fWzw%3SmfMYd;7FQ^377ZjKy^bxC1C23olXmz zmfOdZBqxZIGUe$IJ)W@hG?C&e+N&vX-^Gypz+p-3N3#kbZ`(KPKOB3$lH>b2fgipv z#%!Fc@Ym$#5gAJn!uFU^-m@uB_1++3;N0c)fn4oM+cdAK)yycaJv%=EI`7H5`2=?} zV))OGyq(K7wylpiy(U8b@~A}W)DZyrP!1>9n7M5Zq~+g4$OzIw zb=Pa_RPoWwSDXWtB6PVsrZgDCdkA9Uv-ulX0>epq@cMjRC2KJyxakl(j1yGL2mePez znq=Rqk5dmDU}Zaaud6RXtM^N~5)=Cz3nO7xc9TYTw$JI@{isDGSKqRFBIj~l1k~(W4xP6jlFRdmR&sKFWmRB#9_Q#y8acfC z0YnF~AcUndtrce!#(4jYgvKPGVgZNQt@?uP%uCD?LF-SL4v*kk+e*J%jxbn!HKv5KfD=v=8H4ag`AGmTLqE(A`#d;W%tpK zjNe#3(1yL_rLkv0Hi1-VkQ57DmIl7k!N$_l2hvh;?Bz|a4}-xmOf7QzhynjKT|#1% zS6**arMfi3hwEa{HF=3|B&aY^P)8z2?&{cl6jG3Webf~Ky$b)vvfN$+E{Tpch)b{g z_~vq@;t$Mv>t}i19EjzO&)>LKTU;|GI zjU3+v&JQdiTMH6}%Ro)%q;q1lP2C4s*#NqlT zLE?b}($*dCAfqh^T^z4n4%HTHAU9*T%aR~y`Yxa`sT(Etbx$J+*Tdg&YNJ16D+?Ct z{|m@0xdGM6!x_s@9#TUO954M%*-Xpl95VD*ICpz9(1WjEALHq+iupWhuuK8Dw3md zEN&h;By#LTXm-CYA+d00EYK%`*W0}D)i-J+h+)Bn&mB~@z~>;@wJDlzr0gKGd7XtX zGG`o|csM)4!poKbe*-i626f=T{J>Qas)Ta$7w|r*HETWSr^MKIIIE>J2cGLX8LF#teb^NWI$yO_ML;&tH3$;(gxwohd9gmWAghY3Zi`a61zE% z`C513`U{TvP}+@&tpyi0x+vr65F2!2{rbkso|2szWjlk?nv!NuaI>1nbI$3V+XY7W ze;HJ(9S@Vzoy&$p3W+=K(nn)4S6085j8as(gxvLr{kt9rS?JNh7tMk;%}fLJH@OZ+ z=03;*Yst^#o9<*8JoFOVA5 zdvg>Btmb6eYyC&alJkDw-S@cK*L_x<@@U!Ln-ptdOX(6MIC?*z{44waWJ1Mi2CqJiHm`q%(sJ2cL58jK}=c;qq5!o36@a$aayrJj>~>3bJ;&a z!6^5d8VU1f3P&0%ef+}?iya_YG*?tWEvno*U?RBA-X|0)HZK&Jf%EO}1{UHj+eM=a zWdh?spgh$VLzi><)iCEmKAg4O%^7JW#hJ|smzpS6wu3;QVcTdHUGSbtR{vU0sxd~ zDi3iSuEH0*oyg6%vSH|W`PbQfweijg8OB&cH{ey61EQ5V|rOrk(zan-opL0Ztw ziq57m;Y8X~&wu_UXW8vxilN^mgr(G^Lc12HBWMh(g4_0SZ6Z}Qv7fHe9!60wl&r=_ zakm}%BL?P$&2LV6G2I7an`FS77O8#N<#}uJ2}ah0vYT)TvN=Xmkw`nU$p1H+PZs*= zG${Q@z?;qobH!#v%4bmbs9^X7r=mJ}A@=v&L$uRk&avY$a-mDptu-iZ&*QGd^_2%( z{`$YGnSfw>_1R2@3VRBOJw{`RqdPqSyI;qcgghRVT>o8gKIKd4I1*k?H{KeH{$#hS zw%ogE-X@6jyc;>=b`K=yE$Ds5Yr9%vOVhy1KQ9vVO!BGoaK1sdl0?RNUv9wtlrzJp z*rE6Fia^i2*k;8uxxcLsaIHAm%d zm8WgaQq%%S7kmPI7yKzH^V(F)nVW{r`;!n>okP6QLP9Km69&N-q*8d|n*-o+6)HjU zpeJf&X;n*NC|iXNV|C1zN(HxCf69LIH@*#pd!_x@IBE>B5Ldx5e!+5dAB>>uipiwn08;+-ACqP~`Pici2%*0i{}q^3Pr% z57GSD{Qff^N-k_bcTv=k&#{6JrPyLTx_HW4R1l>(2cNLy4v+sj3#xDLlW%WnPkZDB zY*o22P=Tww* zlR1o6Y<_NX*m@1CO}%t}(oahhQ}lwz!bhqM@jF4=7ds`HDzAPpP|=?Rd$5sKx!=6| zD53)|>rr|WZ*X+IQl6-<(egXuqy0o~+hr3+X)))sQ@Cb8F;QZK;M$6~#RhJbs3p|g z>_Tgx1B*QRTPfC@&syKj)geB#s&$oHGU0qB2n#C5za%@fW++-Tzuxvt_vqIkfiHD-*V?a8+HG*7uW_I2H=2NXa%WldEYQ$2Sy&)(uX(*xMhNrVv zIYp!*;)0&$^mPl>;DGMQyL)`nM;r9mK=3<(%LNI?KPcE(lVL4YOA!{knf?pnxb4;& z4l{R5QU5+oX1Dn=sW7iQ1MjgaprCL*%bKRusEzX4Z_s2FweU!8q4pxByi^b+_uUAI zLLOXLwAd~Un?7!o(WEnjVbr7y022|g!*vpx8Z>rDu7oo|VsmQn$IbXZx8M=^%|}x$ zidj4bf8rKt()kBfz8d(S?o;KZy~h2)q12Z|x4u?VF4qJbhnKuze;1OKZIwAL&k7Yp zP*lz_uNM2{3G)4)0USQtzcJ#r;GuV@NFk`$Cisl;d!d`J@fP%`_gnPbcVbDK^}F$5 zF8S!El(ic2U&1*lC`2?~$HIj)){yzVDma{ZpiI=`D?O=@>3YesgT zzGI8oZoxMZSaRa{KEUnoE@sVC!qh*IXaEjAwRzxDdofLYe`9;VKaR|+|DfR|zd;j8 z@OM-_BZ`TPoyYcP-Rk8u3Z`S5hvz*jbz; z4>EezU^rE5CC+4taKe>&$~^F2x03&yBsmraHrP_~msa;~fKx{s10amri#Pe=OPE;} z#hc%3Ml{Xu+9B?dB~a6zsO1Y~37P4`#6U1cT(j3-u&W-kNVfe^AD7^sT9OMJ&1=+L zY!2HeIL>JW4R?Mtoz>#4gK&VI{|wa#VwFh_D+|4dwf>&Q_Ok63i5mL`*|5x*bN-__ z`r&KRQ)zH+EAM{#2PIXI7r~9W{Vu^~;w(rFT}(3|i)scQs>sY(q!KYo2|Ki2P z`xX)%6cEMYdq_*UNA zJNh;IjHvkD@oac3r`s!1uBis5bo3yot4qyc?WkoKuKQV1Ugq`C2%p@V3w6cUDz(uD zXu{s$2bT~fbl>}rZ&f~UujvJG(05XTOCq_oX-X9gix_OEJ=n56h*<}z?~uL{IcEm| zbm{*7Wcxwx)c?^&<+Q(XZCXLATfM3^lG?n{7rRuiU~>HBp8a%Sy?I>DLYoAION#lEE^Rd>fXpf&0IA zG)FPYio3G8sTztS*%?sji{mwPg;0~+L>Z|V5TpSyy7oA(0!u>QY)e~?t)Y_5siYk*V|2NX+$yViRkJ?2tMyGhFjYiB*94yYD3~gf$9C-$;jvt{NZ}j;&eYBZ!VC zJGp-``fHnY)Z2fmrrsW{qWmm>Qu5y;LA%J}f5j!`_ONycX_i76(!o;MmQ2%32Fy)m zV6b6^IKTl9or%ok{N$Mv3@mN^T^PqADhJRCss(!;KXWe%(E5j3)mVd<=2)$dN6y7n zn{{7&#aX-FOCFwgt+4v+@?GN+l~20Dx#((;<^5Dp<4s%5I%l81u+ok_uc7BJXh$n0 zhUe-)SEEB-d%|+fs@CY|z*tZ%%lN&S!5R;WUztoK-% z0JCoJ#D+87`4>nJy$W6CCqi7E+Jf4XL*ktFY6V9wYof3YBqq(W2fYPRw-3+PT&yLN zax%jIZ{r?P!1qJbow+rdSvW79*&-gw* z3pXHUzk5aOWBVV-0AbZ_@td_X|CP38TP+9DTt6w%-#XpJ0Kld$LbXnUM5*oStVZ6fn%tk>~* zR2*sYRvn#V7{<2sP?0Nd?sIQ~|H9HlW1Ke_`OJVc)a@Tt%aALeov7j17ANpo_bU$I zK|QsHn`zE3C_HxjzmpDI5L=97e+Xm)?Wl-Y)4NXZ1b=dPiDp* zKHB|*l7__RjTdr8y6Kd7K)Kb>yVX)toN zYwl;8{Y!-H625)NO6$bi@fs=g<>D{E`7>kvCm9AZs!d6o#C_xVqM5d6U1 zl$5o}dDhwFFZbr_X)$UnhnPRW=C)}z|1>=r^Msc$Lw(|3p;y;dNpf&Sgi@pd5`^9J z6Uy&=M1g>^+M-k|)tdy&drYa4_RPigP)7Dp4BTF*cE$P4e93U?m#(s57hGv{ORa2) zS%5TcWHD%=u4J6B5XZ5?wH==ClPHm|)>mEsd<6Yf3*>Vx_#2SVn6u_w8&_6N!C2oU zcrq8y5IF=It`t)zlQNAm`N>#sAyJXi6g?u#zWno>(4dLlBf?lT)xBk^*xo9FR+|@V zI-IuI z`Bow?AM!L&+_5GK%-F*jK*_n#X3Mxmaxblzd)%L8U&m#3ZzkwoL@Bb1FVsA?iij~! z;&z~|al7{pabcQbXjqj|$P zHfi>ZnJmx#4-o|oV`3Q|Dml5uznZzcF{>zx-FySa|M-5Jh|zws(J1u~S9*XO_{w1^ z?Tv|pNfrA^o+3EI0on`^aA1tPbChadOLuHk2pg-G5J>lin8|Iw3x)hew`1}V0@|js zmkuN~!DeZJ#r>buajUyO`QI!||7xBuBYBUhRVJHKqA*UnbR90B;!@rF!lYJ~z_oZ7 z3V9^{!HOg4EHE=o=YQ+Om7L{c zY0}>&^y_dw(}HwfZ^Ph{Wa->*mi$epWE?dG*Wnm)m`oXo!G1AKzsMH?k!pMQy-?Q) zeNa))DNz{=P$DH>}zuu-rD+~ zMN{}LPfA}KCq32emB|s-Xz`wS$r6Qm23euj_FntVlV81s1V~lSs7&N=z5=t1wGnw4 zENu*aqLe<+l6$TLx`3%M_v3@ z-cD*aD0cie>heDY_5X;Jkzdq7j53Pu2Z#FQ7T~a_swLqJ6e^#sGRcUyMSm_kDydS0 z6jetLr(1xKrmqoOcc?=YYsJ5VrbuSKm-EOQeoG*!zU{ls1g{_ zabpVX4c~440 zV+{CCQhBF#)03vi;Vwj&rvlv{kC@zczw*KoU#2klf(;~`U~dn_v3Txg0y%E}{8Lm` z4zge=+Y1`swxBGLOJs*8E!|?^4RS}JAIm3~&|z;g&h6c)sGFLib8&IoJ1x%cO{v{y zuy6nal{Ns8<;kno4!fl}788-&U-zG^oBUmuo@O{8Y?O(n!~e^d{eRaOg9o0Rq4(5o zetR$uTboBo49-k1GPSxj`YFWGNuA%8brg$NA8^)kj;;@lVWa_QU=e=*z^-?Kiovwg z`5=L<(mJ|iX81*#gYP&(xtW>*C_*qq12C#OouvQ(xrU?d+_TZ&!Ok64_=s;-l@SGa z@P&BLRgBuY6I%Vcy~5}nS@i2gR}^P^v?@Y+;FZsg#GH0+kH3#=g2USrC5k-;xT?Si z9}UWf@~;P3cg66$aTHzG)3>$7!}SV8p8}oNV%_>0pkt*-8!uZn*BbI;m7BW?L-2wU$h#F_nP8h2Ls2t#7>l%Dhni)&nJe8pv14|@c-Sr` z3I{p^dGmLLBd^gW)(~ftWeJox4cC=w$7!4hvwJ;W@(!atxQn|xab{AR0{XIrx-<>+f5H1-KQ1(42NQY} zknJ)jp%_`p(>EpB=7LQ6B!r+0Kzq2wN^^F&qMUl|d5$qhuqVqB3f z&AHlpF2(T@4F9SSB#9|?RG`e5fI}*?4)ka{;deUn?zMN0r zmu(3dgx@?j_b_nxF2ng^rn{*{ix7Mj-Y%GwX(Bi<1 zyFodGP31f?Hh_WDn+4ZX4KM;2loMX+IH1cuCdCrY7c+`xDk+?ONP{dJ@2C=q&mtQg zX*^Q;#%x+@UnKc!Pm|G3Oy&)Ip8~Vzy_JFQZX0?Ir^6BE6jS}EvWWOUQV?p1cfUle zAFG9C3<64GL?R#|rvWsfdljRew6;~%Y$Fl95kg7BFO_?Mm73gSSrH%>L6ekGc0EzK z4QtOT%#vs}m!46oc#U*Y&ZJIP!UT2XpzTnDBwa{v#F8y@R#mA=Pl1o{(GtxqCxGk^>c)e_|ydWfW2rGN&XXqcfBRo>5CN2^}dY<2g;V#sg)M zu;SYJYKub^b=^+tA|biwPFzBYvcdwxat*6y6OEky(l4zjVK!C`}%Wj=tRl}LmC zzf*Mn4=h*wZz?jhh>TZ5)xjT>9W9V$(TtlJ4#q-3EQp58^eedpo4{}71lxtwDoRiW zqMld~57!~1#>2)Y-GZ3vn~3cRi$*%K1d(UzA)9VkQEOIqt&=$&6FjI^TNDE>vTqaO zG(;>>nbsXo&Wvj2L1&b~?{FGT9Vi=C?oTHzp>Hj^(xkb#`hTk3!5z;ZRaII?%x8@pW{nJ|v{7LyVdStso*z)uFu`Urv zO>(S?kY&xU&i^jQ${-$7nnJf$V7L;bkiA?U{?BUv+vR-;lboUTCb*|2BJQ=vAaz4A zWS5I8@v(}=N9zyLRfs7;F=#m!#k`MFtN*u*=4c))vus0|v>}r6U6N9N&P2a#Ael8T zr;hGIsuJxD^@^&zuVCEIrEn8Pd8u;^@A*e~%&)zJU$44@|9=hewT-%w=s1OcYwk}f zA2pX8m7t-#{e4s?AQiQ#fh!+^gw-d`B=$p#u&}Cq<#Z}hNQwkSj0Su0SZ#e>%kflH zeYfJtuM9t94A`N1132CKr0F3+%vx4PTMh8y32_ zd$6hkfwA&RWslBjq!|2bVHFRVW8|O_MK#5;f^KH!hzZl#^1=epgC^XJv2`|WZKW=ah6c5k#MUyYs67e#Zhm8F3Uc@m^&3uet)v(ao>`fTjHqtG zf=zDDrA`$U>4P9e2qTBi@Z`4FQ^$Cmr&j~QK?svr?v0x(TOPs`B!mEC8e-4l17`JQ z0VX6ZI+G-&2TfWii)Cd}vy1^HD$ydy0js2*#REzGIf7sgAFs#8J3ZgA-JUnyg zzdDXA@0;fCfAD`Vo3lad<%1t{5%hT-9Wsv|ccbL9vs=+=Y1obN6>2If21^y1a|njI zsiY~zRpDimjz~5l1etdf1vFO0mX}2dK?0y68qlfakF z?Q4O{(B79@d%K^-;3XT|DEd(f0@K8wY{@{zghY`mg|eUy0U)V&G6~CE~=)9F{KVz z7H0-~Uw5jH4IV4JPHKW~GNh|sl?U-GN;PQ8Dy(oe(Xc-@XOu(TWBxP8Y8^}vG$l|2 z=kGHRJ5Mtji^M~>;;5+z1*6W{j}ko)C&EN0!esY#E>A>}(t#@#%3Khg(HYVLXj7tj zsmw%3a79Vs|2J+jyi`a2Bf$Z#+R2!De1Zs zlN3scNy;qJ5nU;^p&=`WRCvv!)>rUE-;Hr-t#RE>INRq`5{IqvHI`6R3&=n*g)ucF zhV%=iNLrC*NzNA-x~lh4gR>FswhXFEX2!BBn;{OYR*9Y6mpvR)6}C8f)5}(AffSTH zCb;G*yFqlD5+ag%l4Oz+n)*Cum?&ZaW|m$or)(x8NIFiVq-SEFadS1#iJCVbJBkvr z7~R}GImw6acjs{PI~NZMc%i&sfx9~T0dbiUIAQ-;d~$$~8s2>s#fCX~75qZT0KM57 z5Fbhh6KNDltlpk^XbzgN9_&*L+HAXzD4h|3tLiMt-dE2>)FH$fXP_$R9+ZOc;B$?_Y=d&+U>=*zk~L1cNXL zDH@pQA!@8h8tn)O4;H{iu>fjYW!g5XB@m*^)Xz!vjk1h=0WkNVuB;9QEitj}Ut-?C zlHEU5#@m;sH3=1{93;~;#;PNb4VPz$#a5oUNMCq&m0203U0KKh?WuE6;($ymPBRs^ ziR>~yytlI_PJa!43LUhmv^4D5*%^y1ib&ghQ~{_Bsr&Qawd*?lxbWV~`t}EUvaVa| zTbxPV#^mHAouY27Q4rD%6C4g3+?N(P?MV<4519S&P@Kkh9{mx+|Iu*-q7&_rK5c*wjDtT`zS(UzV$w%ZQ%N=dI*yK4bg$-RpYC zWxwQn+6MgEn%DseEFmG6zKx@^Si)LN<&BGC!-vX_HxR!0xaH}R@~~`nqKnMG0$6n- zOOR?9g{z8Ng1B7Wh*XOYRXzwdEVF|y9xcuoy4q-dWOk}yLL0~ma5UE=*%ZfPfIH4| z%>l|r_+caR-sorChAB_hG4@Mw^yRvg)&IP&8Fnk2Pm0*7MbphpWLiU01IYyp>%fz8 zHX71kMi0xxxOKgR4#SxnmWkdyE@YpHx^o^S9iH2D{Dj2wNdbn1W@{!cHls3Vk;-}TmFFxT-8U2ipZ*`mW*n0Y0`Pj{LSp{;ZA_Jagja=IezF6DK$ zK+o(jK}a`{#67Pa)Sw`uF32qOA<<1kGg=@`?~M4^TtphhLYv#*29s-|Z4d(;%^UU zGM?AObind;;A@cviX`HNstpLGzWQaqqiz;M5!S-T%@-Zgej5=6v)A%!CDWgg^#N zaSj5}ul|WjzBvWCEdmR~ked@LfOhMCNtBC8L^R7F3rIBtWX8b&lF@|7sF55eG%8ST zEl9`m(5eQA4nw7I&yWzL-UV=xN13r{l$mLU0Y`|V1V1y00H}0CyDI!|)|w^S8ZMx^ zxL@Hjkq)qRk-e=Ip?DFz#&rlY=^R(kgT`L|IyP1n&8Xj*DHW_^PCWZ|4h*5o1)wV^ zs9bcgRiQjX*L@{H0J7|SR~c*f_kJgt+)W@mS+k2Y(z0&9HE!jY-r!_^awSr6RUwgO z9j#ZqkjA;$I^lI~M7J$FS`iKk<0%fK=ijf_U6t=7_iGdBVMX=iI#KEKIlm))3jcq5 z9%J+V)TFTkHYD`DqgZ8thku5QQQ`^bfC^MTG9ZSe1b^2N2viybB<{ALOmT!2BPsrF zXE~G5fwD>sM^YgzLkkTFYJr)hK~g5C4e_zsnvf5pyl;5Z@I!Wl4flgWU`!1208+;h zeb9s*I;NaJ|J{IOO{E8Goec!TJXlt0{wFpGci7%sYG zz`nL%QF2r>$O*|6swQS|eKm)PKYD3mK{cqsk4B-Y%E2zFR1MtTFL z=We=ex;)N1Rl@rvd8OAe!jwPBI_9%}LF*6}!x_*0SGUtzWhb(CQM-KUOZV3GGv?t} zuoCvr|H6M2>iv1k`<~hCDiG(Y1O6~EKNi6S3Jc|JXi+6~0JKu5Ou30}-7B~TXJ+=d z6l(zn4F57gg^Sd2KGggV6Y@R+N#1vo$DeIv9UxZZ`w0t`QNkE_#{3ivD9$AX3Xz2~z6f1BW1$-S z>=?MtBJ+c{&`?oA>MKw$_w*>=@4HEm#(kmq`x5o2n6x!FzTdlKLZZ6CWgC2?22rQL z9IPac)hje(YQ7oyOri!S!xqn7PgKLt8fb5UVtnPb@PlTo&XeX!kL5c_G8=Vv_FHGK z92~=qZl3 z|9&Rbs#MR3%e#>{J#Dr8Zvi2=^Wl9xPSEms)$;l@>@b8?Oqf2&AzTYLPEtIzQ>d&- zDtdI;NGIqDVIO@cX2EVhz349wv`pg|nH#}sALKw-w z!W$BPdTI&)fl9YyCrp$Q5}pd z8Ce`1j>gm6oPdX;ICzC0j`PgRk|Tba)rbUx4%O=j9m`$>>jc!sg-btnI#q#H^ zhF~);zz;bN{QGW4^$35|>2r)7s`mIIPIH-TFMgRM-xm-59zED?ymXwaPM+=(w5so(LiI<^Qk8yw`x`C6*Mk2XC0+Um*W>>1yM zXCisg2Njejln_J|PYGKRj8_mP$Kc=l!6l_E5FfBO6) zcri4(9a`F`oX7r5JJ?=q>|)5E{(>5T)~0cio40fHKk&Jb0l#X! z?tbljTEju)eIbO1WX%5b_t_O43#ude zd6fi+xqWW zua{Hgdm+kPT7+Eo(v`5tw-Tg|pxg&B6gmZb_|7;4;4LW(TM)k2ri~9ho72j7irI*h zUd#4A+N4H_;5CJ(_c~X5HyR2|5#I>K6wLIOU$(G)oX?TvVUvmTI)AtkW%%5*TWqZf z`1mGH9)kqD=+LH+dDAnTs|DU*j^mPRt}HNhGr;_xb?Er2D|L-H-crkd_;&1W;rz0T z|L?p;M1r3u%*F8V@EQ+O+$k)cC`_pp`=r7la0a}-W_@@=;ShYBE&*lMyZQhhN-yjl zQe-?1Q&5kGo79eM7+96(E=qjt4T_p%!_fYjy<9W7@-r0wo~4ncN7cjZS6k(Z*8FR! z6mqc%npE>K_I^myP70DTgdM(+Bsx$m-Y;DlD8qIsXYk{d=7(neWLkp6DS5MYd=I!# zk?cTLB15Xn*n%%b#g{GiwKm#&B3Uz3+_BZuWKi5O0;R}49SyrlQ1AtX;e4oR%*mT) zv;sxmc?x_0AI@Zvzki`Mh?_zj>sGq{^2dnOdf4P8*q6L+rT4bqn{Q_7ejFDwaK|&> zuLJ#@btW`g7@^~d=mgrTA|0%n553UxIY}K*m7@2ra~IFu`Ow4O;28FQ+dvF|@2gJw z?q|Ngd%b_J|BG=6xU&1rGz4&xdV?Vj#Tq{#fc#R#{M5x7!8^U^HsT1(lbl-V?1fup zIba+%7v(iz_?^!}ZW5XeWXx_yjx)gof#ix}rN|V~BLLX@I9{BsNOuEaUEm3nokW?t zCPGFnp5Csm4{L@eUtZ`$b9=pt?kqC8=vO<5f_5bI0IWTn7-uXXaKStf+2jW@FgCFb z6s9F{rf{a^90#o5gf>CJ3mq6o4oj5ANtJ(2pLWYm*-fElUaN=WA(01OHW76HB1gf^H< zOkv$3xS;qCy>y39c4oP`x#blW{tHgS5(yuI!m)!SX#=< z%M<#y1;4J!ln51Q?L*AE5l*RCe>L5?#Vwzg0kJc2~h=Q zV7sT|OO~h7tjL#Age46qF@;H(&Xt4@KFYC=_qKYu6Zv~|z(KcKBqgRs2yh7pP?tLH zuyJC}oKZB@25ZMuVm(OTH<#JoMc13vza~GyDWxHvO448t%U8XzZ|Swc9Qr~SNMt*y zfX}ZupMl4Poy7W+lYq(DYW~W+tb`IZQu-wMoWq}!Gqi+!!YIpWq(Z-Tnbrmix?Es^ zT|*!1XeC_{Q$VaX(t9}ST08*=qAO?e{@xoR=F_&dE5!WL2K>nsxQSZU+%nlMD?ys^ zsKFg+lG-eem3t25<<7>>upKkG{fmYUdTL>RtOmpP&LdeXVzf8fAf zaA?@S+X^hOIh`xis5SaoR$h)Ark-0wR1|OV+dbVFZhY#mC|LlY(8e9K)DX$ua1TK+ zj4LgN_2mPHTiv_ODc+Hrn}}yOcqFTgr|+$st%d?cQ^u?ss=&}2Zq71z+cqJDyqo@* z;@>Ie@YxW@OMb?fpjhEfOG~RUo5XHtY&0B+1)R(m$DnXNv9Ckebjy(C1FKtGv8dIn z7WlXvb_5m{7cEn^YG_@hZK6M{m#b9&K_cRJXuefzHA+1aFc|b8EPn<9F@iF-J~n&y^GEMP%l*R9F_2(4R zxwr?c{POVMx6|2;dE=E|7M9U!RT>TxAVFDz28Yxlo6nSjLB14oHT{{!ZqpOMejL#e zRyeLE!P$q&X!Hw#=fnUG6k*9k8Sezp(rY}>I_o<*`k)SG-|_a}dRT$du2SctNu0p> zM$~JAJ&w^86=CNCGoELx$m+p@t!y|DkE4*J6I1%{j^lUr?uz-drG$&Sbf+^271W{` zB@aSHpJm${2tAFkY#eJ(l)bxXJM&`>L#3p$wpVVygt7~ytz^4)EZttpSr$q#AqlV1 zbK3Y#?HIsWx}6dGjr}*EV=4Q6HiDo&xwJHcLzC08KD218#%-~Fgl)_J;;wNdm?{oh zjR-r|S!@gkhO{6PWrWoSKh97Y8TRYW){aNeX5*j% z3!UGuNeVjxLx{JNL~3Y5byVIK?iK|K;83x%hpg4{&kL*^1}cSTo9pPOQe9T%h)X*7 zI=^^%%ryoT`63^xqWIG*7v{A#B?%G~3HRpw`f}kh?Vz(VY~9hFvREmavf*0~ol$(~ z@=HiEFyoe*W2e%;Y=6N2^x-se;Y;}yX!t^1CngwsNswetS#T`*2P~s*9s0)9(3TsA zyt@)vS-%St`dH0LKHIs&*m%}x9jHf=^8#HV4 zztBprWh+Eq-N_ zLazf&C>-Q~3Phr*qX}>Wa-7<6S$KM{tr#P}bGynyUX+m|LnuUsPx#RA!BRI=9*^Z` zh+KB))DxYEX#hU7^wOLdXBTTK8pUH7xatF7wyq77lZHPCOUtWE@88&h@T1xn@=rlU zG1vL1EzVBDR&CfRCAxLMLag>8rRpvdVWP15Z`L2Ck9+jHg>~jwfGaG{2?mcD^XXiKbO>_FyYc^r=mtYQmo5$uGggT_-cKDyF zJUZ`oJm>*N0|B`6^ulea<4Zfaov&#PnV0k=)vZ5KzV-V2{PL0#uG>=#(fvkp{_UO< zU-o_Ubd}(h?#lDMnmZ~-%W18+36afagir}@);9DI?J)HIueo6=gPA1HAx}IbF#b+O zJw0|&juc3OYPN1K=YFV=7f12-cujs>_C8@SN4#bGxDd&E9Suh?h$O`9ex~wwYa^ngLEZnu~s-J10jtQ zDXjSbJ2`Y;9P(4G$}%2zJ2NIr4Id|{g*MJ}bR>>gk-i{Gq_VN`r)(>kOHkSjx=sAN z*l&MelQe^Nv;>erF7$hy+LZ7n!#x~wXU=do$M!L&fB+il!YN=y| zu@dg%9;qgTD!_s%V_$|2GYYaNyzWtFPwg8}?0oq(LEzDlUGWkpF@tBSHIP#&{r&tz zX1DnGkkL|T`rx5l{}tuKX;IaR{~%V_v3cT>y+S`GUY-xyeZvvM%4%Dm-RUWv6^y>~ zC2y_!wbFjSj^I<|l8HK7Jt5=nAQtx5^#&(cbQa6hx1+pf=SG%| zq8v+(;yl!-Kw9!2vl=2~-b|KiMq@wu_~yT&2nny>osk+xYU6Nn{p%J=AI!tXi$X!`aWj{UH{vDMusv4W`I<0OAB(9lC$1uh)RkcbyuY8-!5+0Vs%RLCmlj^V_UR| zhWp69>*t1tW^Z@O*3TFRf!U1 z#{|*^KI=Hzma7E+?)aZ@?^;V~&~|x?69TM825@9PAxz5=gtRk{(YT5jE3 zd_Dr@rZNisC40TR^^xh zGhu#2Ngh~RG1&FvcHD*#FHG)*t_K@^5=Re@+=!5tn9H^ziNkr>H(M%wHgEk#b@e@S z?6)nSr89*-q>6110-8LCm7=i6-m8_Q@Y!)?0gO< zjMV^{!XnWb>=DTG@mT%-92v!Kdgu!Z$5?wjmr>}QMZpk?SZgf(k zn{BS=HC~TaGASH_=f3~EIH#(`lr7M-@~v6nris_hSSW2UtgFXVa=9oE6Su!Uz{bk0 zjL)K{#*cr0t$89YW#u~GBA6_Et|$+ZE1i7cE3VL=Qp|*=Fd_^-dog*O$%LFHHx%EV zgMpE8_i5Wg%5_+ciM|TjdJ$fLT(n*)O6PBeT`!8Uai05aBE(6ol|5%mk4(ujdHSZj z2)M1?Z}##X4}Hupk6%annh61z<5`?)j@mL2R8Bc_*tVWVu;l(QmmLHSTg5Qn{PPeZ z{X6m$*SU?Wc8$UJr7<0YJ|Hy5tMN6xlhkIB-0Dw6z6U6?$u;>+e4m@|ty^*;VD5Df z0so%T{c-F&EaMG*d~S9@^WHoM3rG;=+SLeZPBtHrzS29q)okD8kUVGigCfCfjrSoc zG+KqOA%^o3L&eL17Gx@LG92MLhbls?ByVcNwa4EKX1QUJ6QGqC=A)XI!zwO^jGfi< z+C6E-qEkb+->;}tp2GkGrQGy+O+F3Igv&e}Ipw0e=>3fyF*~#K5qcTAu@YvNO$@0r zmfj&GNhyw-+M7UoeNTEba)=z#dB}gn$OBXmIn-#vWw)wuWj1|5*&GP_CSjJArd{bn+$hm>(T0y3W)Dgvu1S7vZ8UwBMAYnFY)Ib3(Tjbv`FCHT}6T)#k50C6j|ouWurw$5XK5hk9#es4~ZI;*rbG)eTWOc z6p`Tev`s-({jP;iOeN(g*u@%{i4p^#x$esi_wcm~@q^(yj+BC}MJ&?e{-ft9vXa*3 z+TH$D_MsEjkGQo>TAWZOAkyr%1fHLw$_|U6?}xX>zr8!~vSajVon*W*^BYr1-``Z1 zQYBe@wy_Gj*MhSMu2Mke$cc54GgYJT=FxkJSbGW4zlrTYSvQ60gl<9ob49Y$T!zaA zz3qN81t~2UBdZIw`1;NlchMnlzkR>=e5)@AR#9I)#u^xUFKzXz179~6&57J(n_b3q z(Ww117*6iA%+j4GT8FBv{GbC1IlO3KD~zo)kk9qIE;0_QQ^KjTTyvc|Z^T}`&G@eD zG|v)B&me|=WV{@YvWfl_&*X=MmaL-QjVMHzO9c9c?32z#tJB9wAHfy|z2q4;c;p7Gay zaFlR1pR31y6uU{@mO{gi)~^OA;jG(fP)a6?2@7xXeAaV25a;pdb#0?|{6GT>kNx`t z_q)Tw^JN65{X}nUFkoHvGixU6s>j({PsCG`bm$o?*niePdb-_Ma$bt3`@)pPt+H1z zA7NnS_uzno_Dx;vd_?tW%##_nUQJbovqHJ-$El}{PCIw|ZF2U4(bxQ`)6>0a^$%#% z!$Ug8$AE#yUx4D~?wAoubq{&YN0#IiJGv(fr#JcRjE`yI;6{`Y(E&a23(sETeUtZ# z+oFPByg|D;qXdG=>T3skwoft#K?>>P9`eRarUA z>6gW%kPZtbj*rS~Vg>NplhDa4idX}I~*m;Xw;@kjZ*nRE+^j<>NeQ=ADay`B~= z>7kzfzp66g1{_91_h_n5dI8?#3EL159GFw6-2aP0&hNJW=jhU zP4q)`tK9>6tLg@`*6M_{FEAOLH(D7pH{fMKBQTkwvPHO=VNT#4sDe}6u5rkHMf8GWq>DO4Kx#Gy z;2NJmP)hF`A(eIi2%?Rk7?)xRTa*G#w1FsZfRpd!u$4(Lo^XE;tmDE*_E3u?q`_QP zJ;U#%DoocNx)s|`-`Z(Gal?1Pzay;qSiN_IS=U~;f#$M(@b>!A+*@tJ2`5KBa8Nj) z5!$kasDem-dM}y~Fcexl&%^qBnq=4cruf@GVNQF~`!d|sK}VdjY3SDKAcx?YW_ePp zGf0D;9V<9IWUA{qAA{ zi+IM3Nwgj3$#w6WrX(JvXs&iT41XG&jHs!xiI$e3{az?($ZxKzH7}*w0^{n>wE%fu zSpBnxr|Vlay|-@jGn4I6??bcr=Gk;UfAd{*HUs{p?D>r2HCPZ2kI}9xG3Dja5X*2j z*|_O=)5Y%J*%rgVqDh{n@(*z3WxlrGFU-IAPTFUd5N~U&9a2h6zRsUAxc9 zs97r>?}u7<0G>D&V4kK-F0b<2X!CtL`t>w~TxZ0ecL_FpIX;AR zSoDLmW~*>iL);me>h@SE60T|EetUK`I6B(Qx8K6o^rsj+W~d=NJSLM72L!xrPfu^) z%|N{T2_Czh=wdTDDJYg%Q|^IA>0F(7buIj=pyiO6BIbahq5|&pNejF_@huh0#57>g zrxJmLoa>e`o}kT^hM+)S{>`2y<0k}%X1o{N*K|a1$#|kW*qi|Ht~v|J|z^4%BQ4M#$?!7O-dDs zamOIwV>UmZk$aBvUtT}0ydocYaEHB9qmKq<%+#KDqQqh7d!y_>@nibmII*zulj*); zr5bcc+FYp~+||d8(};DoBY%&}ktp-U=Sss*lyo8{yJp1-6uSyg-#+bobe|sV#@F$; z#<%ZRod$P!q&{qMv*We%qKx9s(ujty%(Q@3Ia~Kt-bn0e)V3v;{w5+qtL`~$rNHqa z5bc+gVzszC-B>o@DgNpp=f9`{Xivm%oQ7> zG9w8W;jxbbggImSSgm06ay0^Mm?>`)(Q=vy1F668CKvSOm@6O`f`? z+L7?l=BK3O)Z`9^O4+facd5Qw8msy%BM|Q0q1dU5R7|OIg8h|SkMYwY>n60$Un}A* zi&et-`;@MUv84E04SX=Q3di~x`6|v=G#NxG1a?@m(n=7Gebr#A6}GUZrp|>TOO^Ft zXen`!q{+=|d(7bdIQ}`~l{XPWi_w_5OzWWcVDO;^y0d*V#k;o?SFWoW24hj~5hkcn@?*SxBWGTW1Z9)tI^fpqVWzbSu?YIPr4as&UcM$uz3Z=^wtZS-x+U4Ng6%&*J!AP}_Xh?|P3PDDgJAM4n7@wP%UF0MzN`v)`IQ3)wX%5ihQFy*TO*f<+l?Rw^3 z?Q=cKv@a>btCyT)NBLIqRnO-%TAx4|fU7$JPN5G4D zGKLonHCf=KbGqnaoUk&$Rzqhayf|vy_OBMA@-x+)m9w6cZQ!`-hb% zgaH6Rv44#WCRhoa$t)e}7uIwf`tXJ1)Bz}{PFiaI;bT+_%S#55()gFzZzM!sPqz&9REhVJ3G-{4i9zJt~jJq-%XDO?)mSV z_HlrD)BTZbk3v_5ir48G7Ya1lQwmhk22X9mWWqZfaUC1r0t71OK_fX~Pl79AVgIoa zhbfH~i`=r+zi8X0gnHbBtqm4t^gW_{`5I`mhf4k%dziqL%Wd za5hOuYs50T8C_ywMUH6gZ)qL1lbC|)8d`J+<-n38;%%pEbAHgzHEgG`3n` z_INj`2=;-Q77O{GO$v}Ys3C`OH9Fez68&P(rGA~LGSk$`%5ILfMMkW-SE}7{ZsM}$ z0`$R@D0R;Md%T>XoUUzyK>>yJaSaX=g|EGW-e_rRD74K7*CB0ZT zoHS6z#4FI?WRs3Kv|<(4L>ZBMz7J>0D1|jP{wmZ>1A%}QS^GC?$aLBd&(H5rop*S< zSI9v%ewx6!{Vc7~+J%}vtTee`^;kwa=n_*dq_H}>Dhnv+3t^3OL)IT04KJnTId86O zLA&LpeI(@Snuc*t;x%U}4cs}_e<3qG>;6b3Ux;e+G>oZ~R2o~HlPS2FV3yT3^Om_e zLc6r*drUd%?MNZ-MOv5MveYL#HiJ@ri*(GUq#ev~b&j1#yB@cLS#ZDWxlLKIXUfuf zFo}7!Ew!<*iED~qvauC4m!{^TFhX2p&%dsKKk+lDWx-txI#(NVIFYw=oiDjwm;WoG z?Jcgjre}%C1-Jb%<-X8$Zr6T#e@k0Q>-FAP{TmC-RPpPM5n4K#PSJgDM;Kuc%RIBv z(8BL)3X)YeyFK01C!P8)*){!-vE_sA+WG5^X+O0uJI*iA$XZRpm*`vc^_hhCRK&e6 zcz68bx9i}co!<8Q(DKcab{|@rHpA~ek%^4P>|h*bH=3!}i(^dHe{!6U`&9&ofB8F* zK0B}Z8d0-9`!E)#yfS%A!|gJUZ@>6Ad`NtsP@L&xJo2lGNP7Og2uGK^BRCN+c;s9` zj^$tb2AB9Fri};YdmL==#+7Gsju{tal%$w&dCu8{CIAZ zd7gLXOAwOtb>%F6=O@&@g6m1q9c?--e9e%ZDnes&v=U|xE0dwn;%=W=TMDmh8Z0@{ z3Ot=BBUGU~U?D-p_%OLqbNp3Pq%n~B!NOV|pu5Y_B|lJpZWi%=5fM?xDYx;bV(Dl0 z;Ne)1j2_Sg!el369Qc@U+MZMAOv-eam@z3BjGLJf;=E~5jqQ(`*8$AVbq zQakwEt;p3NhFn|~csp{`hBjX=Bx>1=$ul-|y-%lyR&-`R@8rk#Q<^4NI0Z?tX3RT0 z@eerKhT{_VJ=g*%_|r)qF;JkTbkEfF3v};@ykMj`ETMpXjw1Ps9;dCZEyum;ip&Ny zPrNS{7j4H~C+mLSAP_EM0D*4?%a-lCImFSuA0a+JqVQNfY_HCtq_KVGDVp8tug?=y zFS6#929vr=s!PY!!rz&n`lk2W`$!6f+ok;TMWXFY0pdb(1tknnv6m+-r`FrP(PX*K~U{~+tTtd=-JFI}TDnS-XR|2^lu9>hj)4zMf%G3S*&pLnT z;ksc|9i8uEy&Mu3rKc_$3l>N?!kXD}TjoY2ujl3YD^cM#K`FMRtIVUbv5&F{_3OyIys~4b)ec z=B*XhQg2t(_K#8dyBV+#cNa!CR+yUJE$KMFLr2bKm&b;QiaZ#>LM+g$u&=A%h1(0u zM&p%M#`6xA#VM7Zr58PL`}<+OWTgF*YU|~S!5YKz43v~g{GiyXe6$2Wz_YC93+^y-`s1LzqpXHYtSCsA)sV&n$* zF*4Oi5W~~^;-^@!mI-`cc8Qva0A3s)Z|Yrh{Sr+F@NnBU1ed_|v~1RZs1S zy&v*7K70DpvJ#o6dDlgRmF2wcPk#)nby0ayq}JB|2lLXE#w~pkw(;>SIxuh zN(E8yl6l?yy-V&c8gSiRhppNEfXp$J5RU7n=N8LAjtcaYfOOP*aM3XS_Iixzgq&Ll z?y_FMfo}b)0wN2naSS{}p9sJi1sro&#(N%Dt$_3Eyq*pvNC1bZ6y-tfC4T0i2$Y9E zYiXbxyZfs`nQCxHt(d749bJ_8HO@}bO1c2oX{{(ecB3S)X5ElLxP>O%Af;d-KPG7- zRJGE)wma+Ht?J=otsM&S(63Us3qDl@WFI~0C@KJf1XAu&p^CLZal-By6_TSiVVFoz zB_aqTBC%D&f`#^!BII!4$}<-+``TA~sPdfPoUi%w-|WV^`Zjk)OVrq?bRKRq|y zA~n{B-2OiR*gz-0bKEm*$juS^pKxtr(Y`05cf`4^+LBWa=GizBJQrmG8Oml6mi95^ zG%Ms(G-Dfy@J51?Q{l6G9%c3FW~^GoAV=TxrH}Wi9V4sm2x3#aru=8%2Adv_2!N9LHViP(q3HoqnXSGFg6{=$OKT4 zl<}clx~7oTu4otuxkQkl((K}OA{CTtYz&{67{f(Vvlu3XvpzZmQ~T_VgF;8)(C9HZ zI&>lq%^iya5=USc%s^$gq*InaS)>(5O+EC!JM=TN(iRzo@Yr=Kd_u!dmtX+vO{P!5Vxt^;&@6C@Svc0WczXRIR(xT6pa;1wZk5 zt-Ve4Z=F3`^S1qxBG>h)JNFXp*D^tZo-ZHuKoGZ<0T z;BnpfM^d`7eI>4Y{W^4Ix;#D`|9BnZ**2yBWUOvkWv)xx@H_kL({b9VC!nEWfXoAc z*VnY5VZvm5?Wn1!t%_nrYXD1HfCDc4mup6yvDur>m%j2B;wk63O8y>v=mGb* zG`u~2b@rKLb}@`3L7HkKg_7H?H5rNt5uipZ(Z5>iu`Y z4==KT3U;r0o`@lG~9gCjc(ct7QBtW{`D%g z*Yv4TKW{xaVNqvBGJ9y8vG&W3i4BMXV~0 z>${5lvv!4ZVBDRb*aI@j4#*^g!iAx|Nc zTuitXk$0zMA|i1^G9e5jhR*gZG8KKXwrMe1n^&W|xdmyNwCBFB2Vm4YrCyS|@bHQZd0E31@MY$A5B;1(}^#wZ}B-Y^IwAOr_| z1ELK22TmT2GQKp4OhxK6C6l|3SOi@%K(!9&kB8>2LX8YS5e`C zKmWc6Uz+hZjIEuj6If3A>?)*vhSKV%{lkH^dreO8?J@0qn`ys({nSqKX@vxU&x)qo z(@HkEQW}b<(V6Si?@f}R2E~oxxavw$s>HNQ2y=&wQxY$e2&1hjjkweo{YWO5x6R)R z>%KKo1Rjdeoy5TkL1IkdThk98S&2pSUd9EBnsLmydYrRIA1r9kU_o;PzrN&Oxaj*= z;o=|sMdgwo{uMv@@s;@LPbh!J&whFpe*QDcU+{~c|5ekr5RDw0z*-%h-V-4?Ew505 zsw=25A*M18@f)*|P*k^XvOc1jIHpe74Fh%?fD4}dH12-upFO9yorQ#S@Q}esB~xh1 zHKJL5`dn!b&zE|IE2flSGKhFSj)}FqXnJ`Wr`ZSRHP16`oixI<__piD&JFrPA?C@v zOZC}OQT+!GMz^FHT)Ecmf3`1DSL@c>^QB&t`di&?U8L5o)x3rb8M0mUx3aFQ5q;vd zC=ZqQ=wB+U+E(HE*RDr*x_cu(sd4wm_88xHG=kF4?wNPbMq#%^9)0X7{QVy{;_Zb? z@xn{9v9@kJ&N*Z%Ix=~D9 zJf`yaqmN?d%>7Il!V_L0=J$VaA&xx!P!0dj>#r+brR+sM_qlWNPBe~7$i#K?`JZrxr zDPq=736HWx=*|6u16u-Ka7|;1P1?bhpTfmCvLUG=t>WeFP592Es}Zd1FVYVwnK-6G zGFb6Jys|L*Ja#{B{p3fGl*5j2mu^GlYG0Tu;!?lb${eJWlsa%GR>l-p*Tc2!Am~uz z*jZju_aoWy0!4y4R|{y$j#|ec1mvkzfnGVG&(jsgvy{?lyhmRE3S~37SUB1 zZsX%QLrDv{r9`{%(1R_=R2+sOdrd)Gdpqjt>xF<;p}nOMsayc5ED0^2UE+H#Wzx@= zMXZpC`22@3W54||Xy`CK@A(1`o{yU>skbP-26Ni8CzMu&Cm8$4dw~u4P7Dl2Q1zGo z*nh^}TDO#3RN6#Ll7GJZh@_LB4Iv4wMg%KU@3_QNKPeI@H#Z6d?AsNboXI7L1gJHa z)CnX%u+J5%mP|t3T7~!wiH^n-ue^Xohp*PSI~}ZcX%|j_`ON6SzkUQ?KjTpBIt+T( zex4Ar7hYSBHLYb>wQLc_jT(ko`_v-40rnQaeP|}~_p^nkVYewqBOcxj&(6OL)1zO&-c@@miKJM<#rkwjRZcZ60{tu)R>u!7;94%IOCs>;x~uvjl=e7z{yW9MQuEfzfT{n*I+MLCtf{l8I4{4yT|+n z`Q?{ij$@BG76S(jL?vIwvIWTUS%j^`VKh7sFEe}aAc-bD{% z+JId!s&><#9l7Z7iyWK5;HtqmW9k_)ohiKBj{37aR(Sl#q9?JkV;Md_;|orxEyF{P zJc*ZHcnP~tpN_x$>CYHDZVXo5I5nJ&4C2dlVO6y6I1c?MxhWz${#M!@u-K<(A^AKVOOR z@-m#k?a4mg6PPQ51ux_@^q;yI!*N%uW4Fid!6w8Q_P{teM=HvGD7*yc<$@)S+``B$ zjg)9KfU>@Elvl=)?C3;}+m9uTGi1v|nomed*nnIF#Uq0{l*=S19jwRt&K9g_YQ#IM z*P^34g}2{afceWepuCJ*DS5$>gd{KC{pZx*ExU*@T+KaVZT|yc`K8cyz|j>tUAtx} z%`YdDos85l2a=c&&Z_b%3`#fg1BXI5&BTCaAQwV58A8jzk$7tE5^#58nWQiCAVj5o z!(uAE(mufYv-#09c^Ms4Gl6T_fncuozcJP3=;#<5i4%OYVA3={6R}uW2V6PTuBbJX z7WXchy~V^kEyrfUXjV?8zPJi4=LIqnP9`yWLnbKhnG}-UozgDl5+)~;FKLr(0-bG5 zNF_QEm2~?^zwcKa$AG$ORLaFR#~TK*3Y{=CHMi;ofeYfgda6IG<;G$x@=p(3qu{JU zy&b#pc1>?UxBZ>pdxf&B)RmJRCrERWFX{J7-|U?2%EIIvEbD$7%SF~E-c(}BXH0t{ zrd;V`I_=VK>l5u*+trGut|qMMXu-jb zuD*E?R&?~2em4NIngK%iM`6MIAK}OW-^1xMzNF89ZrC79*U6t^?P~Jp zxR?5QK{q>*=5>q2lLI2%`Og>2@hyGXASyF;n7Z$tn2#6m{bxUkHSNot)V4o5Iy!VaImu~v$h-u} zwh>J$JmyL%i7AgsdUyk?Bin(oeaD)1$(X)0d+lu9?#noq=-M<|gRQ#a$ZhG&ds|`k z=kuTh^PmK(tv@8$E-{^U8wtF}ijXy12@^ zm3Z;lr|_}UK8A@C$Kvu|{{mn7$`^6YK~r$ulM7|64&kS#AB2jC%!xTD3qsC}UFWUu zBV2k3x5Xai9KHWQ^2}}HTSH8_rTACB{5cLh=n%)n$9nfgwHQYoFFIPscv+2%LK1|1JZJ#NXY~t%NI8>j$9}xysH$+b5bZ5 zx)8UK3OTKwj&z_N8-$#8%H%y4D@Xl+!7@ot;ohfS!p%2bi}vI~m z?8PuHZkP|aXdzvKT9~xSuqU1((lDlWLI}zPJQm5Ls-g-5Q%%U%)X1bz{%eIIcTf^gsVp7ap3tor4}l ze+;)7BLAFtCZ5d3t5~2{1$@k!aebK+R0(HD8lS?2Wgf)|v$t&9~UZJ1)AUWmK zj(X{;w(7&9f*6=1^DD7AI`#;rr+zjDe>^IM6UGU@Bc&|oZ1)mywUpNr5>Ap$k_^6q zm)m#wTy>7w>-tmmSc zl2f@31X>WT45PhyJmqzjOGhsaXMmf5LRJ4WavATUR9-ns;#sz+h3F#B@ z_}%N!mCRx7hE`XX9`*B})U7l;C%zgave_Ms;H~Rtm19wf>_OYfF5>vW$<-5?HX?LY>tN}wShq=$1u4!E(*O8^#4=pkE zg1a)<51D7t_d>T)to|9#jUv^3+B8(`w;#%8&P4gFS*Y1>UsTW92eo_8K+RtJqHdpA zs5@{L1|4w-8je03!;U!;!;d`*Bai~`wusM~dt)(^|aawXTS z*>3t%QW<_m5Qqdhj;eKwWTg<)>x7_o$-L9+&Xdd9YvR>1U)}VI_@-pc=+XH14cFuH z%PzweKlw3!e(5E6@`fw%>;revxF<9R=;n5^Xs_gx*K{7w<)>m&ws+G;SKo9)z|2j z^Pa-^vSY-#592xU#L*ZGVBL%}?XH{a`0gVAT`5?K-PA5&VQjvqQz1-3R2wC1 zF588qOd1l>K3&qX32{ryfRU8RLsuwM!t$6C)^^>|K@kAyi{ahw4Dd~?Kh{TD0++kpNs_3IS@tlz3Q~(J%H_B_v zkZx{7v@D3I%*VOn6O{7;I#5eH%5gZ57sAR(92Z`Nkaes@Yik?gWo244P8PVGUsoR- zy}Z3oY-@N}6YO=5 z{hf8eEroC9>M*xnCStXDj3hx9-QydY(KnI7P$BD$Z+7Cj=hh+Ayg}-w3F+>3L{pr! z3CUym#7st7fy!>IS(A{y7C_(H3=SLkRUA3^8yM5DC!+nMx+=rxKe=M#C0||?UyC;u z3wzA^Wm+r?S2jsLS@#sKP}L8p5Yi@Ps~Dg+93pc43blohZILmin=5e{1QPsqvxLtE z^ivlkr%Z<{yd<^V-K)^rxK=0C%u8}E(#L*QhUiJhQn7wsh!6j{@cPs4?MK#&I^Xxw z65Km`4I10J@Wa2~fhp-qeD$C)+P=I~7~@NXM4}NsugPcK3pyCk?i{Nj|Kv}v4LcF6 z=SV0b*Eb=jfv}89{3^E)HyMZ8Gi_*0uf>McIy4J0ZA|E5L^6l^ zUHan6ITzun756!*Za?r@Q|ice;j_!EQ?KxP!SkQjhE~y!H>%9d0n?Uy)a{|^(2dua z`K#yY+k2TNUp!O_ex8Zx(Vuy5E7-qP|5ig332xu@!dnj8{}@NNRy)G;&I)hdSh3em z8;6o@?KJv3H|(|*A?Xhp>8xBm-CEcc)ULF7=994XK{GDrOy1cYu{HSEsVC#R|My+| z`nSI-lIt)18m0{Gg9~qc5@-JD9-Q%~yNl#gSKaHRuyb(8p@*ThL$2kHoN?w^j?eoC zk39CItKTcH%`x95-9mi!bLVROnL@mMyti=4sU3J|@T60d|MgEj-IG$?teC@1iub@{ zHLz}8Q~vQ{7b7|4+(rgc6(y)Lxt0qZKRV78Bo31N97Hf2L|JVGYKHVjMcp7oYh>an zv+q99T9gkOfV#bpMq=9OC?`4XTZ2TO2=aaFao5AoV$mv@Q0c~C^K6lKrOKAQ7{*=o z{eX)XN|waryhX+wsSD{Ixv*}n4yD_X7LwX315{Y5X0L|P;#NXVIY=c^$jPA8$mf=` z?MTW5A|ZoAm(*u6CzC=UNeLM?x}|N>`uPJ7$>EXd0DA0NHziKgZ595rX;LRO1T^i+ zraLI7~C{ z)4T-fFYZf_D3|}@Zz__D$^ZBZ$->oR zTcj#hjYLvNrP#Mt`1a@ZUF-46s#j#Jm3rmmh<}cq!rQz(<-e`+(LKiCmaiUz`_4O| zSLrF9FTVUQNP(OZ*26i}V{3IR*5A6j2b&VF)$1;zh9s&#Yl<5Qf?Tcig2jQB7eaoL zgck$eA>{;;x>S^x3yH0e3wMQ(od7ygb;yPi=#mRc{fLp+_nW`Rq|>fO^N}ws;H;~>$;bp3n%Ed ziAj+{7@dqJYRa+R9C6%THe(}gi4cr0cGsD973;`5l})Zhq`h~U3g4WbQXp9 z{3%~q#y2O|$NON{(fu*^)qf(@+KfIGaea|bJRFd|E`6G6bAlujpln(uK3O5HiB2qA z^ftzg9-%K8%Vf<9EI4^EechD5psWZ{a%{p`G43?g>OJ;^Q_xTA)Ug*yZ|>VqbbD0J zy!66LOi4<)WtS_a`VG@uwGvZv-O1}VJQB~0)FqFTfuz4KQYprO}HzjmK2ec z(v)CY&wOj;`w1+IZcXMEeYxIpBAsl_p=~L!n{cnMjt9OpA&zg&sKLp*4#r^zHQ5KlX2GB4LI?nT1?w3hJNuX{ZtSMYA)432$L=c~WoiaP^nZ-Q|L2n=jL}d0HK}20g{2n-y+BrpXr?BGZkEcnIgs=!2to z8HDGTrE$WDJZ6n9$1ROH{B3an7hd=^{NM*)QThJ&zpUnW&i^dV`_4Hk-#+g%u6*m; zpEmhBDyV%YL(V9)=i1PkYe9RqO|D(Mrb%6712PuLoFOG-Pb969QF~3_YSay`#hSNQ zBC#Zm?@aq0ru3Qaq`3W{H`b+&*zY2l!rPnqY$>lBeIkQ!)`ZXFlnH06%o=d0_7&c& znp{8GnfI72>F+cyL`$GW&ked;)7rDqtP)qQMluiPy{#abRQ;>VT-_CSKrABjd(m<}bH6*oEGS&ndRrRKrBw+BoeX3;L! z>aBr&PJL3}Ntiiwrn*r-d+nffrxG$I6i=gl`0%mqaL+0ZHDj>M`qYpR9* z8fG(oPIwisyZpRRUrpB>bJEH;4{{QoNpmI6TokxXgLmQR&ezE+ISp1SIc;~z={l69 zS7PkgAsARS7U^{%)FeAlSrbAb@7X1|U^lHas56Pi%Skkeuf z3)r|MAIu-?*p$VZGFK-#jfRkvI(Yi^S8#n|2!2+!7k*bc4S%bigzMsC@Ic)pplS$G zNtp);LCq;S70CzDkxJv`fy43rRSo#YJ5%w+x&82&m(w`+)pA_&VivD1Sb}o2iE!fT z5D>!l5i9D}vzUHTD91MaiqaL6R>#!(5j)ALadRfh)Z3cxD*9(cj+u_J7awal$wylv zAmlXBtlt$1V#=>PJ`V6AyZu#JE98@+<80N)~^wA8bn-(DaomD zR1-%g=zLa{FI8In=3Kn~@{5L?*4D`6UC1d{y)|t|F`K77w5ACE@z}z;yCVNe-7GYo zh>36NX=Cx$olgABWXEjNvqXc)2>GD! zB}gQq`gUIV@#Q++71M5hd|xJ@`EI$MNqFI}N|p$>Kfh0e<>N$|&t%5SR-t7V7@v2q;1A4OZWxKBETDBXcd+RZm{a zB^>Kp!!wMSH8nLl3FXT&x;neCaKS>%e|rhup1T|i7A?o}Wy^KDZf#{8`%JFE$4{xj zX&>*8GtV4?Lk}1%<4ZpbO|%2^UqMTAi>~^ToCeCI?nqM8-P+dPeBJU1=;jscR#YD2 z>|&$v{5f`lFJ%fQ+mKGC^u<(X&lro-_a2F}_N>6X^}wGOcVKm5HPV@sjCtKi$^@H2 zyT+Ga5!|GCWh%~#@apqk3DKUHekJ`>SMRvfhvyR?{SgwHmH7ha3~3pQ(p({xYh?dn z^@x^*vE-F^Ff1_+KichT467Wi?@}O9>M5VC6_PbRFUtNGNmi+zT!rVggV%tS$#=9a zN%AP;`j3}u_dxv|)r8uK+GlwkX5ZoGWAZTxEB%I&jmY)cc|M*(a>s8h^Eq$k$-H~g zX-kA#>s9}{I^9N0Aqj4u_coTj{5+Pw{<_Mt*IvVtS6{{AS6;!QmtV#^FTI3?FTRKc zFT8-apMM^2KKpEsGXI%p(6V^3URO!pS&p*)l9%MkynE7VOC`k52}ytGO7i>NTlOP? zrcR@4N8{LW$7=s!d+6Bc*lDilSS91CxwiP?i!a+xLZ_c`=8uLB9i|_d9X)!CT&PL< z3M7!jlnw>Xc;p?HN`|mrQ9P76prcJ(@==JL`DW57G;Uar?(Qy(A2-h2edgBEa2W0F z9ayz`rA{b1yE-v`{5W)UB;_I}bSIcVvyf9x8F!RVJ&{AYs}<{)%)_9815jUEE$T?+P#wAWP@kT#xn+OS#jBq!O0OqaNe zbOf_#jRnzf$#Xb3-;B?max6OYVWe^))5n;vr$V*vUGaDjp2HHK?F8oP(MNQ%6Ch4B z0wNa0dTv@2wtf|~n|$t8~=PaKKXc0|OD@eLI+@wHDfjvg=puF9m4 zku=izAgTvU!GljM#(=(k(XXx^v3R+VupFWla&Cp1H7tqgyxDVc!#^*_M~*rf{Rh{h zZ@<2hg$(E-+%IS9-sEXa@3BCvwtT9RI(opimGW@qijxq+hEuUgxo({NTKjt=HMNzP zvu+;#`sS6`bI&oDSTzwN%En@J`Dip$jlh8DaP%n~gxc6ZR8{svU34(|XNDmjj-x%> ztlM}~QlEU&Yo{G0)s2YVN`4!#+FaSn6e3&P%!}$E5%+j8Ivk^#V%F5 zfR7_CXl$+UbPPY`Td_TsGm%a6N3sM{BYU4?en32yRkWi;*P3OlhB}D37ClU`U_c zZ0<}W*-?hoLYnHLt!U`qjOxmA)Yh8kgZQR!HAOFK$5mZ(MtI=ql7x<0bdz8_S6Cih z>6G)Mv9VDn{OptE<>hD?+TaoaqQ1Ufu3YezuB z@>%5CnlOeAk7NELS7XY4`(fT2uVYYsrJQH{j7(ggxef8A5w9DpQ%ANGS{?!4{Ht{! zHQ=_FobQ3WA-*pPDVQ~DmYi2|4u>PUa!ZWrAIHprS;R(-#iwpxiTLvQxZ<$skV~>u zQK2rqx_QSvhVdR-eYlI@86g>C$BxyPE(N3I1-&*ywgorM|070B86kZqtvAsq_MH@# zn3|Q-G-72@3>@AMiMB2*o4pvv4f-@bG4|_-$vGU7>r&XcHf>LIwzs09qC)GfG1Z9n zV6zaVfSe0m>ek-fjsfu@s4F*bl4T#^4UCF#1;+K2IggMuZh>9dv=T3Lydd)(nTzlf zG9tDg*<)Tq>bm=5T%U3Jwp-pz>C?Brrn|N1Xm4@#Ppn+7`SHBzTD%mgrAv`mz6PDE zm!NCKGITpqWM972Jx(oJiNw<7NG@A}?6M_DFB3OOBht}$@Zp&-W8j=_oJPt-clIe-Y;h(bHvUt05uo)1%o zOm$-W@Zn>7AasV1(}tnLv2eixj2b-}eETX-I$gn$F-Qk24)P2w?%NB+DRHnfcb}L? zHk+17#0LE+^SH5N^rD!S$utK;e!FqiDj}z_sFK%-6DOiWCOMI41)61|*x21ii7B`B zjI6CdIyM+@E?R|1WsQ`U7nHOT)0Bis2uW>Ehfsk|tX;7Lqel)!!$9XE#yX&=X1!qh zRmV;Q8`)bFX$Pr)q!aong7SC_6Uq~qKX*BDRm1qE2c)HMBxKS^V&Bmz6FniOygO|s z1{omHg+QWHh-n&KohigKLDXcTI5_+|zVW%k(432)g_Ad#M3w1a>trpU9#$8xed9Lh zwNELa8%8onpyzWxSox%nm~rWu*kXR;MoyFP%~FTae(9=;u~ zy?h@=$mF_z-(4|yy!8See)D;iN9MkW zhvq+z2i|!Gr;Irci!<}}+Qb!8u9Dhsmkt&}dd*8WV9v@pn74W!=C7HLx7NLdx7WXo zg&P)Pank}UYJD3^+7>D?eQ3WHT`hY*6f9rIFqcN$E4y@}c$2||eE;GF_a%q{|btfft z>06;J!l61LpE5yjPs=1eiSBeQmaSy^jTqLyQ;8|bj(vvGf-kHiyaZ<>qADPXqdUvO z^OiS8T3cK722*2Gqpr+w#gy)A*RIu<8qtmAwx1f{_aYgFx(pgL5JQI!72?_#Rh3nG zW0W`OI7TKrl8AN4M7yjCgX_w%Zs9Aas_lmiKcgYwjz3!luB2MM`Tt$v6piI!96i?^ zvaS$+9ieh&Yxzqry@Z)FXXqG?pb##}m%4`XDVd;$aQXf7aQC_{{NodQVNgJ>@j{%b zo7K--*Mwe^cs{CW;I)^M({MEI`0RL)oDQ2f9EtXnAq&#BB&AABm6V$2OY8dgLH*!5 ztXsSW9g92gm0f;{=>rcH-G!8j{*)botc;Ua`5FvFQh9dWMhxwT;Uc5QRO6ku*P>yM z&tvqc;i#$WhrBbX)$~mfHxr(a&N*WyP64#EwCW^Z2l%4%$<{-0F4lERa^G6ya$%I0 zM}?$r{iI*4P#jas^ZD|_sZm@B6J z`}fy!_U+qO2`b$Z-TY2#+;v~|{4IzIvB)NcTy)5FF=n=F+UJLBL){oKVINe~)NB4P z&7O-1)Am8U-$-;x*_bc4aPzr3UQ>zEafLdQ07M|BQ0r3DUWyLl@1I|DH ze7$Bf{gtg*{OyVP*wC59UJZS5(bYHO)YFg0S7r`IWjKwWUv{0oftp}=N(Q}uWAdBd z`jo3TO>P;!{PN3j)KN!a;J|^1S8n;+Ft-*TyK`6Ub?kI>H6@hD@v#fDVk*~azT8NT zhmLNLYia=Ry!ti-WbCFT8*; z6DI4ffNcTwU-;%6OrJg-^X|SIsa4C6YE9`2m`p!0eaylVX7*#(o-uFa4NDKUZasnS z$-#p$?ZgxD{PWLm7yT`$<3C>hI}RRmD8~2ioj_jn_(j?$cz%wo8i|u9o~&_8NvWL+ z(Ej-Hr?9kTF}||@*PT>+`0%m4;H;bu!-9niF>3S}@OxoADJdKf^@1YTAont)mcm78 z^U?E#DX-4*Px8@=f##b>TWc%UtzCmDQzq+{US1IRY)ETc8&<94w%!Pm$pj`%+C{fD zWz*g0+fRt-+Y7|bxA?{|wr@3-HU-eemAvwh5GNr}&Wb6?X_9Z7OLn6w9>eODt1)6& z5Mvs4p;n>~3vH%DtcM=4HP!HbgOCS>w=Bxax#$r=oG(TwkD+#842|<&Mtiyexta>( zThc;2We`hqI~8BB!@Jc&QWGhZrP@%LYT*)xBooB=STjC*z%UG{t3tVu{&+Zqiija) z>9kC&oO))J)j+j=Y>g6{_~`fNw@h1N>GM=z8nO&@5yB{Q`sA}bwhCL&Hu(R2am#D z6Z4p{`$&;d*mKelOrJailScJLL%%W%tf@n?r4zNg9D=@;GO-q78qk+funkJu!GY1C zXEFZ@&chScWo%^UnDltcFUpqAT}VI; zb?O*LM-ED$^Um)@9a~3IbZjYwg@jXi36oSN^Vys8X-i%iZOtm9f|3f#-<(aodWBNQ zRy8teDLa4Ss$eF88?MV#-!;Q1BW@>*^2oEp=LNYr^68h%%uFGnXisoYwr|&7rn6(@ z5Akl;utEIdWe`S=K)7<3|4!-cd&zFRQJlZ9geDXnpF{~wk}08S3yNvdj62{}R9ad} z#iiwx8W~Mn7ydy}$xVr3nh7z@ui#EPCkrEBZor=zMa2=Fen9fzI{HFtLmd>_Kh#fi zr~gF*ju;^AWF_Z4E{tf*?{nz2iEC;8+EPkOZAnib*Njr*SAJ~-+AJmry9^Qur4D3wf-!K@ohX>*>6(mwMG@PRviEo@qVh zytJg0QktddRO~*G{^9~`5*aS*PO}%xBfdGQhUNyqntku_Irm zf)X=JNpUf)U%!?zw{NE&J-Q25lC^#Tfs~V*OWT;VVk0Dw*6!VV$oj}yCZ36jO(>&z zI&ECDk_xl8QV`ZJL^qX@rQn(}t~fCg7=hN6D^JcJcPtBQB>vbWAcg- zDn!T$@lG_uT^+}ZKXhnpOrQ&+`O9e^$5xsj=Xv^828%}mCs^SKCLjvV+$G_(xgXqI| zpQ5%IL_IpCP)aOzvySAn2T>G1Gx70p6dN1E63rctP};IRmjavhp`_RZ3gFJBjNY2O zK{%sw+90UANO|WDmM+6mbn=Cq!p(%H^KXg))@;T*Asxbg0XC!xRFO6qudIEB`nTvy zt4kJBL2ZTX$ZLoxMnKwzccf+8meCCv2Oc?uC5PP3XkFZKb}& zOF<9_6NWh&vjM_&pp7a`_zrG}BBxC7!=mGMd6!t<%eE`{Zq3`2)GCEa3o4j2fSlsx zXcfgL#8O7bmb7*K7TWaJM!Kl&opey|>z=0HjZP_@>Gw51Q+{a?wTx@-5KiR599QP8 zq;_%b=!CW>IPRw1_Z8@mUpbNcNHug`-wSjsdya(*7SQ%>+Z!w?e61}k{;BY^h61h< zOs&8Vpoo|~Mh7_8_6-rEuTaMVHJk`YDBf7-2PZob)X%nLdtw9s2=op7cCr&!0%^moBDttJl)HjoWB5 zccQkf-^3lFH59sZ0(FQgrGMXiHI)~kyN_urGUTV=PAZGPywxjpz5hMJKM=R2NgoWT zY}FA5CZ*gofs~e32T~yuAGV;FnrbR2$*1FvX-C~FvMDK-J5^P+YDyJ%&Zr9CG|VO9 z#yv5l;B)D#FTSMgtfkbmdl0oukD}lL)*fv&&5X0wOP)! z5nwkdi~R_cy6F(^3h>Do5Yy}mwIeS&otP4esh;S-9LT`4Us4?=9Z`@eTtnO=urCV_ z7kiwS^7D@)?wiVjD!%WssiYuB$Pb9orcIk@)uPojZ{A#*`Nz++WWgL-w`wW1ORb>G z&u&VO-JMRKeAtX$emS0Ada@Ore0-8xBgt_}T>v<@iJ$vIyBVmvN0gOt5V+^jp2&U3 zKqndJrt=9ijv$;M1PKWVGSX!_sQg4wC|+1rm2$4DBz?@ug=peDq@4YhRmrsvD9a-% z&84kdxg%dh)W2;@S~ufc=B`B)&7>C7dK(IpU&#@k3qN9j>*4`6uEF|$P80S42#%!= z)eGpqgG1Z3hcJl_N)P;f);xq}2Th90>ANQ4>gQh8-<+2jW7U z`vLE}08Vx7k^`Wj?onom6yI)GX57*VxM?j?nLDkKqOU2xi9%4iZ!v0)K%9o6P7s$s9Nd6{ubnU0T`m*e^?hYkF5&P`r=|YAU27V+7w#?HJjSR%WlH>s#NheH>Uoy>B3O zvlcuDp?pWdjOQ1Ek-zn8R|~;kvt|vIF4+j6eY zF~W*zwET2YTAOn202a!q2}Vvq5J7^?i-R52$DVsi!An;g#SZ_RH!s1TPky7Zn{bmR zGTIM9Q?zCQC8oAwJ$4UJ*BH}xG37WUNPYGK<$!g1K}_n?l2Rx#C6Sh_+CZs2j-b%w zw(>&Ggby)hFYMrcuaifeb_0w;VJ`-ZoT^N7y&V=R-!5*Nl1{B!Wl(HFqD(1OQ2AD2 zu<$?PFljPc?lgLeN!gi^({}CJ$w)DX`>tRI+1)8Htv9h{G8JVPbDhO)QrEWJMiH(4 zeI>P_o^)g9N4ZXGBI`>rUGwikXhbBf0L4H$zge|Hri{l%#!_i6UTPJ{4&NwST!ZYI zY$`7;N(yL2-f~)0v5?9`^5y=+TGL>R*vmUybrFKgqA5Nzl@4v$pJHNSxPP>a znrF0g^13Hw>ju)lcJ)e0e|Sa)8Oq)sC~+wPvXj2<(Q)-Z2C zIBxjn#grfL?DKDM9T!Z^nyC?McUl%MTuQIK`MzI&21bAUgei{RHts`rx)l{c8aauBO__3BsfdxRE zFTVH!z52?l+<{pp8z6z0&iZpU{qpN?G-c|~w1_Ln1q&BR3t$Pigv$ znM_`b>6Ft?rCV;lm9D=28Y-O8~YL?KPQc}~YY3r8Ms(EW_ozjMqxIwK6EThV* zGAb%6;0g#IvqtA!C9<9zFhJs5s8`XgRexyv1Dw1`RF? z`uY4+^AGND9EsL#$)$)^hf#Dew$BHFz=vosNWs~S4nxKp-# z4MwKS^KG7C1Cvio@5Roe z*o73+dN;0FI6F1ev1?PMTft)d56L{#8Cel;_M=(|Q5(U1of*Tg>bpgm;0^We12m z{|LwA-=xbqM?@MPI~O_Se#7pN(>=krtKX*h=1qjmwCmi4^0V`3^|V!VVzW!>)Ql@B zG&oGshkNYrfGIJoe+}m}u3fX1T4l7NxUe{?&ISppqT+yJxd!Ed<+Pz}11&9HN~=m1 z(faDuR1r`@fuZVN4PkPMqml5UcuLvWQiv%wqFTIYF{P)cQ*_MU+mOngemo0Ef19># zD6Ca0+P-+XJey{%v`JT372jiACxE0HJNE`j!ByC#EQrGR9xCUXG4#Y!si{eS+TKmS zKeUK%$s{n2=5Lxy%d=K-UnYVQ!sDdwlC`MSo}*d+YupxXT}o5e{z65S1vI?lanw1r zvkrC75W>%AEVeObV5)9RhUH48Ixq*$c1`irQv3o#Ff#oY!QxJDf+qG@2Z4`X-vOP14X3v=~c}Yo0rXR*k z5Hrf~i?2pg$M$WhcdzcWapPvG|8BYID)Hw_OaWZOrAt@Rjn`dH#~*jJ=*{_S0sY3r z^3X%->NgaK8)d#P%6o6%*%#iRmMxm^@-++i@yBts{RbS*1n);WdiXIE6cVZ*OeQ6m z?xWv+DX4}?emy@81gbmedm1`pl*W=P0j|NM5}Pt*GIw~^aK|NIq^PKf3R&=QVohvG zNwIt|JvTRpAH3Bno!s~i959du4jf1~-h2~f=4Ml3QX&-;7jiVHNV%)ddBT)ke1HId zsB{8DYN?{4iYmBs8Nwa(U>1OzYJJ=hl&hx{>M0MeK-9^O!rhfpZ4e|tbT_n_BRBB} zVlvNCx@Y7>TAD+&ttOrVBI7AFsEFE?FQrG$ z>rd_4w4tKHVku{^F1b#KN5~eZ2S)=$=sFefxun`<52H#u?iF~Nr)Y8JqPg73O zG77BX&Iyx!l$BZst&V}!QQS$6qD9Lq>Fo3WNBI@C^!&RIQ$Xe->XQ~sVKLlMh~a?I zF$=~TAr%)s`Gar#vXP-P#S5k(MwPxO;L2&ti~lm^AxBa%i&2N>DRv zPV@5fW%OJcd#?b@HLMTyM7B4SV zESj?MM_M>!llF1o08c;QzOT)5VD5YAu<7fF^JkuTl)7~3LQ9q`k)3W41g6L0^D7YO zf}DcXg@=d9^x3kqa=tZ#rEXundKJrRI`q)~)TiG-83{sJn$BT;aHrA0q~9D29D5hw z-{ivpdT8??h#Mm(Tc>?OVWlNZGWprBE*H1Z8Ya(7oM9K8TS$?82T@>2IR#Y~(&E*d zsn6gOsHRC%Dx_#3NHsyKUBM2*CfQEO1WY~ zDRaG$N9+TDBc>wb2!Wdc!o%|qJG8T?vt<+sFSVQm)dkj@w(ihbM%H$9hgH?e>>e(g zIDk4G*^Lqs6KMV7HB_>$oUZEd0A<8>;`FOs)xG;Je=o8!GbwBPR_feYZGN<9 zE6k*A1zV}IrjlADwxE-HoT@|EJJ^y_Lfdjns8`!0TC`vRlbSv><}dGE-cRV=jB@kx zi;mW<@BB$x;4mov`*M`9-E$q$s4B(yzns0oY zx0=hTsx*hHOR?s%EMwF;K0ZOFM#)PkQ8VSC;xlLa8!Bi1@09w`?dNnlz4PhxP4=fkMnONT3ImeG)5$4ZC6{Y)WzWl)Em!MT!deGbm+9`-Wg z-c!mZE+0VBz~KCQQ&^fdsN{WO639XEj1&ss}Os?+I`cK@T;uy`S+=)^ZhTo)5i6( zWCzxKD%^^J@s3StcZ^PZ;fMApM&+ZIDkrC2{(<@^ig$)-0;xK3NDq8)!Nla_SO& z$5REji$f&`WzpSP+2e(n=w3|0M-4O{8V)Q8!ql*e6Z8e={N@ootpWPH#+1tTakRm|n^q0c;8p z5`y(6nrw1KVIpX?gT0^(%Ilh)v)0^%2VtTf2nkr*hh?{l-V6BVV0o<@z5{`KL4+)Hjp~CVSnzUd8O`5-fiZ?B#r!O5u z8BG&uTXhUyCsm%(iDQq>uDk-aKw$V$38@SA2NzMpQS0OWfFJP%zdCr;Z{>sDw|AIRMb*MrBcS4R5^02*sV8! zDydm|OZxnauV~iX1vF^LQPi#tIt_8M%Wq9Z8J9PAJk7K=zIN*Qk&H>YA=m&ZBs_{G zl5p!|-IhVUIddGe0b$}GzX)Dk54>aoIo-N#8#PN!)z33F#ZYLebqpgJnh0eW+d&k7JL$HcG zLw?{+Kf-jwomZIMaXDr_sPBkkc|(wF3S*`!!VToEXy*GA)ucJiTeOUN96FeSliO2O zNDKvWM;G-Z+M_aV#^mLk`vKckxRdWms-zwHKs>nrP}VT}=E;G!0zs{+#n7A%gUiPu z&kY2w5vG2^AI!S~({tDzT>jHQiVBUPBb%O1$G5mpUILgA)5Z)uE8DhgqN>UY?htYZ znMr+7aUpHZ+Cq5+x!h?hrz+emTslGFffODUM)7g+)GRTLVxr>s`6!@u>(+6N>2GYdfRCAqJ6F|{TVrkawxlB&GX$_E# z98G-A@ghD3ZucciR`5Nvp3c!^28098@QC5w1pLE~zMw8$Ita;lo=HZt)D*{$8>@w6 zeyY!iju>>96V~+Uv;D@^r*{u}lSvB5A;LFdoO;S}Oio*P<;9(LEEzH8Y$2k`j|pSk zgvoUMwUj&iinyW5$%G6v#w||)3 z_ldbbaJ^8TZ8KVl9>Si(MA(#}J6_)~c7&h{FTBw6ozpgLr2&@C0h2z}u%X$Kg9B+J z`NzAd*WgaDFMR!bLE9rP2pTx_A85%;JlR~Lm zWF8%Rcy9_x%Ait;pb*wY`KxenZP|>tI7~!?I8C(50H~Oq_{F5ooV4SJ@L-RBglX(? z!1dH__+e*P_zLb*aR*$5BX&Am>9BFf2h+;sQ#joDGxw^>giqjpVIpzE+fH`i#pq}d zrgsHXP#BkCR0KuDaECtzpTgiHBr1|ZBEl#zG@J=hHMQ^5iTd^HONm_B#c@X=GCZ2X zBBIz&JcUKYP-tWng|URoF;d*ZqLf5LMN@b*6Vot!VgYH89Bc6$8Vr<+HlkcG1s`RH znGYZyC`&xEfRtY&0PaVm#Fg@$;-By>Q@o2gAF0U5%n~#HvsZkR8l5uHlt$VD7i_3OzlmG zPo(tb>D<<|k@a#Qrub$k{FgIn1^2GX^i3p+Q$!aYgKAo7J z-i*4mO7N1(Qm#uk=TK=@AypNXQ})Jf6vlnos3!4T7peL&lAm3Sji_`VOJv}S755BUn?^P6tGijEpONXpU| z?tCC$2JnlvR7OE(&6ewkxM$3qEq;3R=qe+b$Vcy9>V-ri_ox2gYl01~Kw|Ux`9hpC z*zVL*j(5U$>lK%j2>C>wr%e5wI(BL&>7PG;G4(&R54CRHN(K*BtzJtf9zR^d$jQ!g zg*}JC7`u5%88F+;HFjxpYG7Z%7N+R%M3zC#7^5QQDLc#92{3I@Pkf4 z5H~;}(&?3{kbE8}i!(rIl|R{iO^)ikj_B|q2wSEaA_6q7{Le08@8t)&>R%ul{Nt4$ zh;f6G9JOCL@~?650^Bg|RjnIx^c>;x({_?}5q%DKs2Fz<6{p({;m8s2I^x>Hz@05F zL)F3H_)MPx{%~N=Ql_kn5d_$xa|U~mHSFk@(XIm}CML<$9+~p0!;vE!aEBocUTK%` zm97-N{F=z&=E;i(2oLv(Dl1by>b`OLSCOmua4KTrQc&UZk$*foun=cBNU~sud_!;d zphETp47lx7I>f9Jq~emYVl$2`QvRZdmosX!4|H;3qGM!pglHz4nCXD)sLIVdJSA$j z0SBg!+8+0TxEn8QMv{C0I}t}uoeSW{Ibp~-ER>}(E7TYMeg`MQNn!(KeCuCm%<3^T zcFkCtw0;at-87CSXO5N8(kVqh($6{LS?6aC7x!qx#a~?eTjUxUv;Gt41D-Frb}VWn zTs;@2KB%fvYejKx1i&XFuz?cpO&l@Oj8Qv`M8eKj+=Ry*8v>*ckaX)j$iGgrW9I_S z-FBiU1|=$uoIn0UK9E1;Gq0#jK7kPw-kl;^52UJyWU2`a6+((pbm&yns(fR#6_EBu zr$yq_aTu8N8+*}m>8tk56$T5g0bbggYhfVzoYn>jW=r7>uSw5-5F~YX<*lK=QAP~b zmvTMGE5=;EY*mP!AQKZ?K%J170D3qSDdFU*5cO3JHg%{I&y@jMr6)-ma4 zsVpg{b@Nuzwk7K+gzJ#Fm{^Joi=g<(Sc(mfq^!kjyuwOsl1K{|E%mZ!nD!+f`SYHCxjw7T8D|6!aE zxs#X>PiL}b>;W9yx^+aUiNS3@ea4^EqzOM0?1XR8oANgzBo4aps{Oz$&<5isfV&ZG z1;e5J`qG9Cn<$gXEN0jA>D|*y$5-Ekhl6p$D78Cn!;cmqoIcZZ^N-ckNb}mMOTdY zQJVTF&gk2#qdu3sYC9;&L5?t~b6>2Q zQSMq-$1m1!mp`qibrG*2qvD5;k}h+u{j2byXLLP~bGWNhWe^YA&gH@69Y+JC$`kg^ zL^wGSOKsIrm6fwodC&AnauA$PB5;c_%*HHzh!*csq&xRAW z+g$`!_;LG}gUd~eM@i1bO5h34xGSSlz(E_upfvtIF+fTh`q!*QYnnfJ!w#ici#8mp zx)&QN?l}IoKU@( zXiMDW6mXjjB)tes!}vE4SGmWKV6jkUw8OQbIl8Y=w(f9?m0ghxhF(`ISZwnHcC(fbhUKkx_| zG~{Rzm|+Ju=s?$B7=Nd@)8E~s|Hxq?FvG4fr~mJk@X#P?l@jBe&zLobwr|@?mD}@Z z)8e%hhx#QsNxsu-bPCH#D6gcD$>b`>4l;1yq4e8t(`oi!OboRhMy<>_fMa4}BF&w* zP)7fZ9t4CjDk_R%;$r0-JK6$no%#eYW~Ae%$-heY^~KeuU29ssb{%cn!sLX{SFKq` zD^{rdU_CbKr4_50eDnFrm20T195Ybr#swI2Qc4n&o@Gv$Mld1>GG@vlGdo8{bOE=X z5x}24$}%-Ig?cloLzr0iIpL?NjyvGi_a}h+{P`E(aKbeCp3e7xTL%K59L)L5nX{=W z=hs{-07rZk;m7fl{OTcm%yPhb<>oEY9UZ`!cXZw)FO%MW>( z;>R5lbioA|JdoDB1+84QTBcgz4WuDJXt(`!3IJ&sab%G<Lt1?}R7*<;eE@gQ&z^h>bEU9dqUlW8-nDm1)5;Jq_uX0Pv3={PG_x zb^OQ-{$%Z?Qc>;#xZ|JQA{2O#qZlL}BMJ!9=qWf( z0*`~Yy@C#&J0uwO;7(+4Fei%@{pdWQXmr?za|cXFCa)9fTCa zoqv!9gpZ>K$btGrILNCiBc+62=tIZz8zAWbIh9=iIX-N*1aj{XZ0PFvBoOUSj&Ra; zI4D~{Tk;V)@}vGG9!zb(rXR?wxVwDr8tVG<*r+t9UsYyuZ^M9pEr2-jiLyfptI;O; z><{e3gDA;S&H*{VLZ54Ub!zMYbxj%$rR?^CYl*VU%U2sBDMG_>XeCcMy5s#jVD1hJ zfpdLu52#rc^74`4ex}^_lw)Q{d!Y5*Fn-M^U3?4OkSC`e@B!{~zZZ(F)k{VN#4ThQ z(dql#oj$qRIvnHfz?_PTQPN`Ic4J6-)f+kD+DMMRfKH7pCBgi8?MDUV1=!VBu7L8T zJ-Pg%+}v>Tt;-DY!EEf!xdUxYURD2wzX0*`0i4yp{d-pE%#aG|a#EDaB>eSyTG&F>c9(JTm4_$~Ur9HaJ zw9W!1i(h>Cz34#VVq>V^A-!nYA2aF4AAb_NRxOxgesiIoFg4;Rx^Yv|SkFqInX zl}|bG7$=Pz=~-F=_H-5qxOc5P_cvK92z*FQMvN8WLty8ZZuk(--K-+lL^d}?m} z`i=C_$6q*UJLjzWcfSr8GiGdUzy1Sg{Dg@#?C9aLhDMPkYyeSDCqr5l-E8uS+LaX} zIM|2?Z_?2k>W0oVf-Ev>$$z-<@X!JJpaDJk*Dxjy35qQEGq!Ssz6l?Hd^ABiL5n}v zkzvB9s4C+JIE+F#KDyyiH z%MPPq5Yb0U^%3QU&XP0Qq5QA`maIF%O9uQ&Tq;_$inHnqhY=>uH{rdH? z6R9CrNQdOfr&Cx55{`KBfy+k6t89>Z4qMFnh-AnSZd#9jBxoG*$0y33f1xJ=BYcQ& zFaIik`ouV^gFrd+kIQ{WQ0nrl;^DGIrG(n=HAEAO=?Y^0i$EA)N=%bIymkO#EH5KY4A-m!t~0& zhQ#FwqRzROzH{(CH!y93$-AT#|0sX{GcOm+CugLb*be6~J3zSZH0)!5tXo)E)J67R z%lTPkVj9lv3pOq4-Mfdju`u{? z+)r{3U>fb7VCIb3d=G7)vvxoV8w*tHpc`J#ugky6CW&_S4dh|9q!1#A8 z;D+eLe+?5j7V(F?OTlnB5{8;~2Ov)9mzH6dW7UyU@pDH8iDX@LU_knmfJh=KDj%w| z6Cmk9xSnZ#oN)GEjqAi|U?=e>e#Ia3OveGVvq9U`+)Dc z+FH}eQk`e$s*w!Obwt?-5IbzbtdEIxS5@E#=9JpM}eeOOA zk#p(!1FkXjaR1_-GtZ*|m%0<4)G-KG3+_V@Q{2x6(5)k`1Q=bhWjCzvMBLa_6fdp( z!T5KFDd+A#9go|cPt}3XkzU82>)eQenDr^j#{3CjuLW_{IS2FsaQu0SNAx5_E(cYg zX)>x`00D<#R@9nes)q?GwL#+ zpY9L%@q3_(fj>7Z3jXYOL8i}~E#GMM=hoOnS}&N*FW_oV88D#q0T~M5j*2?hO(PmlZZt7cr{1nBqJYsigl8I9a}EeOLZ@0f)2z>g4jm8pV{Oqh zqy<};BOz>A*YTc{(3x$SarxAr5KKIZujk)lx7>0EY)_ zn>qoRLZ=_z;l56!91UAawS|P zNu^DRvhx+=$CC$!HXpVL>jlrf z;1YKs;ueznL(Qge{J3;*Zo+hji+coho2jb+Ck`X-xZKdz(7{VmyllhBsT+=e`Bxrb zXO3QiKi9cdckW|JH`}Xc$WvB;u`_#yV#SJ&By?*-k?AQE7#=F;HQXNnl3O;X4*mO}VXfoG%0E{O z{JAwmu#4{l4?RJhJ9nU7y?Xf7X>8)@1!(B@mB9vmBENFV&7lZCEcysR#~F)*@wtej zhaXK-r%vGx0!A7Y!2+=Y@eu-vb3V#B6Ci|*uoUUwHWZC1I@R1sk;aq%K~zi2%B0f) zzv%E{S}8{I(7f^~lhOdn&e|^D_(@MzbI+lp!cd)sv(7q;R<2wjA1RlSN4ER#fA6B- zfBQ|sk!hVQ=&(!LaLx{x@*5QyDGffz4~U!)QsjnpQHUU^a?XuD!r&jt4+4-g1kHcQ zD}1UQhuH_8C&h=;%{SjnW5uwh0ONW?DWaHA#@U{~&NuKEWs-T%!^RFE|8K3~^7XbRt~5 zY(UsBt7{_{N5!R#8f=nFg#4M#r&3TR{MG{r2;q6eTV37rl15H@ITN^z8#hu)QXF;Y z(2+7)wv0@jR)p)I9?Gm8(|L zi6HOnGbx!pkBG}{`+X$xN(%3m8q^H+v7RHeT#btN4dFB zgzS#z3ii?57U2F$O^R1K3_QEg!F^`#HPkC_zWF9i{Ar@pw|D>VZrSCtu&_}4se8u< zY$f+NUSM$?h;QP=iS*=?Ptq%|yh0B=@BqE{(PtD99wD1?APfly$w&QxQAK`sup|IL zJ`J&xdKvC`;e(99oA&EY3(QEvyYIeBbLY;b?c2AjaP%{YG@(9*4(yZ`Bj zIx?8XjUOlN4bq1;Rno=&}JV~-ssYlr>0HAD{W--qtM@6J66V}FZkO&!2e9l5=7 z)bQgpCulgequ8-ok<%E;&(9Omm(eOilTQ#J?u;;5K&M!pbLWCPB3NUI&Wwb@VSwBq zSd0Xz#+J#OH1+|~*n?0CIpr|mj>XK1z`~Cjp^1))q7fs8)9*9pP()<75HxhA6l%G$ z*(_n;J3O+>A4gbGR<87n8bhT=Phn$(vU^k%lT#)Uh`+3~R7R!Hlp}xeD};fMAPA;> zM0B`PR_+mkKt)cWx-Gky%P&^SQFZ((se;K!Wo5aT;TyyY1Qi1ERa(mAi_1}wQ+(sK zLJ>W7LwZ6&F+zsO5vL+SNCVPi@`qzqR<0}-zvb3jxMMh$<7WcIafOA4N%^Df(XndT zvISjo@x`3X46S0ok&}@Y}Vzb;y~~y161zC#UQ7Zd_O31ijR(a$f+7BM*5&D zYe-pCnz-Z1X+@ms9O*?Ip6gt}#2p(HB_<}&?RVTkKTVp**AU;i!|tG18;6$}rF`VL zV2Arj@(tpq;(@3RqY4`bWpw{4pxmUh3|q;sSc;$wy+k|tgSa9>5&q}u~{P zuZ7KcX0o%g7A;yxeVoPjAMWF{^fZ}{+oVYor>^t|_1q|83WbnHm7GPCHYBL@0)+n4g+ zf8RzIUUV64+Fl@1&UK=3JBd4Qn>TLs(r<{o|IS-9>XVQBy6uYK`-f?%sj@q!KlcM! zumQ~Nx7|SZ-+L#8hlbIVDNMYKJK)mYB?0`|H&hJ#+56i0ih(~j2;k4Yp#u1`-wg@o zzEX6{rqsGe7r*XSto##&d$?#IbtCD(_uLyGe9|Ct0}oPw&Tvstk!s}GD>~00bRbx8 zOG-+hN+uK-Sq+Z}<4!{%nM_MsjX9x;NAM%0D7&_+Y zFku8Pg42iiuzOWeQ6YDfVufg-(-adEA)|H8nx#^1PLAXqY0AyXmN=xNAV(Au(k{vL zK%b*CU^;tvV~tJ>@_}?Aj212Mk?LmB0mO%Su>c zADyZfUU;59{^(;GI8b#+WQ3fFRO{BQB_H@U6UZ_IaU(DIuzSmNRff1Wv9U3d52PtR zK9UN!9EI=R>~ju9?Bt` zuLB4iKIjZm+`L(mTzBkl7Z)EbqY5BwcnN@uBiBr>g3m9Pq0_0BbN+XqvjNvov`si# z#7=(w1HP0MX!Bj2~^NS=TG`7&}B9~;NTw zQBF}@E_hBrZgaA;Bn`M`D7XClT=r8&$$SsvIm*q=kr@sc)kZnvnL}D+rh+r_v!m4S zB2Y$%07iB2#$JqSx3QBnOqwu;uDbRnDVufc)@j>+F7Tob_a^EE)JwR}lai9;{%Xqi z5wLCBHpdQtA3X1PVH6n|NiEY-#4q$fauEi|T5>`RVL1kLQNLh@1?pXla;mmNJwtf0 zWS%cy81e=^(*^-}K0&~$D45!J?k*dcVFyKAU!)Vy8OSQks5|kD0Hu}uToiJCT#NL;XS;Xl}?rWY9>X;RAsKaey}*F>-g_dFRrk zpC(c`cV61HPN(_v=hAi8UP~R?wPOO2B2z1}GBfFi@4u%nJ|9KrvVLps*fej^T*5F@ zXYai8-_$fdirTkIqZ3Xzo|03NIT5w=6NmkuyZ%F$UUrH2MdyCSiWPKt|337e|NMvA zwr#5#drmJ#r_d=v<1FNqi5Q5a>@>?Ae~`GRo_dlJqQa?T#}0Jozwh7;QabnSGwDgr?|=aV>FTSlrVro$fNr?qdLf-4 zir8`*X#o+MH+LSjYu{cvYv@3s(`QBs5YL-$y-97Fr%>CLDN=Umh#`G*=P#i%&p3ld zjrxpe>ZM`{uiMcq5LqnmHONk&Gu zY}rERo_nrLoy*D1qYX^lF1q+aA;6bkb_I>(xUahM3huNVA)~UZR;?29+>Y>61@Kajdn}s$~nlw{D`2?fLm*qCa86 z1Y|_wcTY=na6 z>f5u6lt((>kHDjkK1vBO;dE%99x}rG%rno>RhM2wUyb^hI=5?01-aX4()claPlr<5 zR_WBTS&9%O%=R#((wR=n*QBfzvjh}*GtZwF*b4UIN8hv1$5I5Och1adQupI!CG^IR zA5RZI^f0~p>Z@Yjnwdvs%uSzu{$;wG>+hFddP$yz?4oKRsULp$A=iaB$W&pBz+!~= z{rBIe#~*)OrVao4>#st{G5QEnT3%L8OP4O?I{IyXejlQDxZWMb?b-bK^QCRP=l(|| zoR?pInI3%TL7FmkisakWDGu}lO34E_|`Ocm_n{K)B8hYl*N97*w-le^~6wS)c zVskrMvUIW78~yzuXP$j7oq5^`@?z6%f70>8XwK|e)US6JdicS69J}u-Lj4 z57Q}Mdg(=4ylfeb`tmy=jpv?w4%Jqb&o#p?68$-MM3%^i-<&_ENqR6X5~IHu9Y$wJ`cn|~QwQi&sC1$82{Y*FB zaHHh&v(G-2&eNt%8>ytKmfn5uT{`vD(}WD=F|nTg=L{Nrj~iWdB(a{!bRtcM5u?-JeEki*_`(ace9cBGuBfHAM~mx$q&kj^AA#d`4yMb8*jW$Q>ILod+++|uah-?=tvKhFX!5Br(nHWRz*lga2Mbn3=IpV zAAa~=-b&*I#HW1yl9H08yz!C(B&o2tkluOk1A5{4=cr}+-soEZ0RQw!L_t)G=5*o- z$Idh3L}{-=%r;<~eS7VRE3reV;=x5*ZX0CHA*6 zSpo4XEUl84MWaWLk^A+BAAX><8@JKcty}5ZYp<0TAgFIHz2s8Kdur2EI_e5qqW7BM?Q@+XfS7lLzB`hhsBKR4hXWs1)=_3YJ?f@{_68#ejcC!f}>TTidN@Qhqr;BzL}-Fh7&_wc2cUP|A7 z`I(HEFIcjYI(P0O_QxD^jOgwUTyptU^w^WnQRj9o=-e|;(Y8cC{5XmF9MX?w&0S3Q zKJbWRw<)tgWaf-NXfwBiz?LoC4mEEf_K!UFH2vQb&(O0kzDm<(&7)Xu<8}wLX8lEJ zX{loF+N~q4Sg~5n25=ubWU#FHI;3xJ8aHl|b|G4|daX=nhuf*AoFLygG=LlY-E#9a zT%RnW@e?M|4cA{Gy4PNNsgOMM3wrhJt_U%su&{`>Zp)-r&QJ zMp2I*-RP<-F4i`C4|q-&FquTW=bd|o5LE-bRNA_2o4Eb^j+^NB-)GRK%}gR)SiXD} z*Zbeml~-Qu=>72hIMKuR9Nlhr-Fb`lr7&&UOxnWr&E0q3#(f`ke^^*pGz>c+r~X<= z)loo$h!Hb9_-JI&2!=;s4IvW=KF6pMI;D`8UVKqD6Kax}KtqNdO9Ku&j5ch^l8znh zF`B8!>3^wd)21@z@QyofX9D&CZQ7bCjmgco+(g(_7NfCOU3H~QGexHcYg{j3@|cm) zN;cuh;|{pfD02gynwqLe1Op9rWjWp?vm5&bImL8dthGT02V|^gpWbxJ$tQ6~Ws?vh zqC3A=I{2OZh1ApR;Cg2WN|HyfkR=Fd4nd%F2`}svvWS$8;gs=)hf?C_gi; z3y@K0tc~QfqXU65d4UN9J~)igi9;lv17lom*M*bDwrw@GZ8vFy#J;;^EOw zg7|B<#IAl8{kz@BYVNO?5M#Imch zM@VrSiAFrU_>2Zkd8$#<^1`^%UyP+OiFUe~SJ>Nk1d@E2RazJs8~fp8XgV9y*xP&n zyaDkFaIc=j6?i8jDQH5vDhwR+<#(_?tP)!@oX*?Lr-~Yzt20pv{%eX!NTeO{ngz!fiZk!GAfqWcVy$qz(kYe}0 z55rPHcR{#;Nrw8usA2J}6DC+K=r;BXsyx3q=G8Z&XinMJTO6M)W)Yt=00LiSl9eVb*SS<|?nciN zOB=_ofDUubf9bbKh%Hn3qs{hN$QM{7ln1%OZ9dQ8S=VVfIeqr0Vi{kd$Vr=PjP!Xa z23Hn=#W{xbLKxi?q%hnotvKMIMPaMr*d-2+Z^7Sj{{Xi#0QEV8f4_M5o?s>j^1Zyc zJPc@I7Xp(5jgJ7vL}0TVyDaAyMFRlLvpl|dRvL+-4q@r)EW@!B`RNIPFV-gp-Q@C9 z2J2QZDeAmVIjExTU6L&8KCXu>`IGu9uQa)_xU40BCi?=b*WTEfjeOeCQ?t>Z^hhPd zvB)|OUmS*=$@C^fg~y|qnSr^8@^{_#C`B02{#BIROv=4|t*J|7F1i55QEh&bEFBaH zni2!d$bg($fI;wY4MY@#qPux)2eUdsC;U^>dIY~-YRz#k)2NCz^fOIHswBHX3>3~Y zSSQPXky-OU7woBm+<%@iJ)P!N%DK5L?(lt1D$2_Bf8pMBzoR)x=faUH0xa5ml&q%d zRum#@6fB@X1mXqPeysJBm)f8bW$}iGZEKLdXt3SHHi1p1_XoQ^pjB>g-x5uE-jP>pF zBOMFe1zrp9v^-XN8@^HfX>j*_-@RC7tq7`Ydn)^)d)bzYQzYsZ@jg?IEeo6;9&~!& zA|neAEXL?ql4Y*9uE5lh9&i@ime9TS@Y@c7!9=}T`=|x~zKv}MFtB}z<=-DkT@tCw zxb_qFFh@-#YK_+|SYl0Va({{&`rmWI87fyb-;U!+8ce49YLtve!8LaZrug(cCntD9 z1sQo@&v%AM9n(dpql(zCT)Hh$2v_L1w8KvZet2W{g@5 z#vd7g2k_q_ZGWv{-)|U&4sf9@9dxWR`%aJh(&>T(6!Osg%-=Hl4RP~Bt;-o@y^tSsLsn1i-q^z zqRNqd`r#D%O5g;~@fM{|hL-4GOkc>pl(u-cV3U!sIMC`xkrm_10^%}lR1VVvWbbW+ zKQS|E=x>9lafOBUY*d8~LFt_jqev1a6nKVzFBeK3c75${5A5%*=?wX((GM-CT?4z7 zqbw(1<|szHqcCI#UeOs|ezSN)vOyh5wvHTt zVSf_P&{Ch&w+>ltk;hNTrNhxMQQ<%bjTcOjlX5(%li>hR6b(19=*tz9z{ApR zanE3s!6J*k_1FWk&t=CWy$FlJ23YiMno6QFY}z?Hi^rUUziMX^XW^F%BVQu9;V|Bf zSw9K`iyN(&SVj=NOC>zxnfgq~=b|$Z8Tzmh?UySca#z4xVpLp(pM<$mNM#0lz|O zC|tFKxG%%aBr0cOUQ6$l>Y7*jypzZD^-p>f8iXNAb&Tf;i)9^p>*)!rQb zlt@5g>b4aU%KndV5h`!S=sRu`TK6L{n}>k|F~bd6adbsHn^D`@*=L`JWy>YKv7C4_ z@4BGIV)8O=(>PxYDmMHMNb8{vtii>DKVvodKo2*%x_L)o`I?}JyFhQybSQ3@V_U^a zjQ$6Xmikv|h;_eR=DQ0)N6wbf123DSoFu9weEGcMq`>~OzqatHbmlx;Lh{dqUO8Um z&fI*39cWVLWtiBQFF=b+K*N=S(_$*kdZ!tjE)Zkg1v@4B-prHqd&uuKUh9rvM$oad zQaPS%m`JLcjLi81%F96QF~4&FiKbntcSQ}fFdQYPGnZhF2i(y!(Rt=c(idV*W0UyO zO-)S0##KICSr(xbWDS&l;Ap7DzYKER)u|`8Liu-pGnumP8^;oYB5$shY`yw|Qi6a zkc>*gm(J35B(w|#(S2lVWrT8nx~M8MX5OEkXFVTl+rq-ca>&D|jbT5pO0Oz(8P#V8 zOXJ-OWt0#=?j4bWAttJN73w0@;c-oaH^;rGCrQL>m)dSW#XxSC42|h9%rJ@^;JhxT zn*^)G2^-BiNZ2F%3A2&uk8Sf|m#0-qC2N!YK$*yi$$942`9>lU`GPxIWn#Jm|6pmP zv=OWFEC`d)^WJd9>>2e(F2gvp9hzbS$n|#fUqz7>Z8S9IlU5Z(UhJ=@HFL!JAQPq6 zfjj-J>43=Tyg)F`ROxl%gMq zlHd7xyWL$>AKg#gxBQ;75Ru)^XQTgP~^3Sn804 za>{YYEo(l%>*2^CCwZxIN-}*k5u{z|^-Lt0b1qa1=Le~$1FgEQuIoimV}VMJfChG1 zED1wGG+_d{PfRvruNK@F2R$2lK`pGank_4&8@X8V%(G;(GXJJk z14oOof}C8cAC(&VbpnaNhzuXVzbQ#k6$uC0_IjfSn3Jc*k@scAVO}T8MR59V+tLzd z;(uymoi)uG;(|=VxI+ZfhDdxVb6g*y-9{NKrx&VhCX!l58{N*Fhi0af9O`aOIj{`f z2B(+f5~2&nYMMjFZrNh?Wj*%@xaQPUf&j(=ldZVrC7m#NvC0l2M-usj1=b z!&pm|VdiKqw?~a}aWe!*pzK!`VT zh?dma?twK7zqS4GHDY31fp8nm7&3`Y(be1cF0&bv0NO8Mpv{0+`#g+^fPC_3=%}Hx4mUB#JSgYph-R`oam}bA^&h|S$fxcuG?rw zLuHH4(02dOb`*|h;3V@^wa>@l-4iUG_G^agJVHQu;NR1SjZKUE)+-}DwGz)YJW^uu zQy3p3Q%&JjIX>VCE@(XERo9lnmLBL=cL;ziaeDuejIX-xdsnR5`4(}5gm{#0npl){ z*)D0%clm4acS+l2OXSPrIR$Ig0*Cjna@5oum)Oxt`p*Ihqqd){p%#NNlGGc7nIajV zm&+?r@@*UnQ`w^T8>0Eiqimd5Fy%02>aa(Tmvd8OxgmSFoUYVX+L>czKKPPO8|s&s zGr_)7?`~86Xfyt3LK4PF?DMZ6uo8Wmi=eZp^1%z@7_v*c-eewcVs+;Qt%a(q-2A#b$#T@tsK(N5a8Q+mLrZN|=WLnV5m8mLQDD|JAMOwic!QROvtGqv zS2dJ0e~Q}8sc01zXe_`pB$2m1X6`>9ub(Um=xCkpLt9g%%XJZWzgp)lj8q-JJ6c}F zLES>QjiO2{Ty^Nog?%`!@bL5ibU(n2u}GFt*u$!(t{6tc0kYkWtEf`@!)rVI&`KZF z3jMOxrw%klO7OA+f9@Wj)>}?F{4u!yp|y#-4zwXuON&iV*w$7XM$ija|LPMBO{vSG z9CWH@V)05T6Fh{iqC3~{=ZNg83S6#nHWKB#sqh7awGZ=LH{biMcY=Ky9^jyzHuv;s z%S+ZQI%K2=PF9amaDG#*H#^5-JpfnF|9W7~$N2NYvVt)cEmx28bF4G+bYx@qVw}#L zN7Ds4O8lh!H=zPPoenWkK5wYRONQ`_YuE@p)>o`ZADQB!sxL`@?R8mMzv6z@mP-`9 z37S^~-&JWp(Ksc=9s+yka)8G^+bS2P<1 zZ4T`^?9thCXhtRN{&0@xURAqjQAD zK^!&T7U7&Tg?dRB;h(#?Y{HCZ!>#?E9!Ncg`pe;Ng09HfitLhT_ei|E-9yq}#V;UH zWvh`^+s5#&Gi&2WgIvo;tWZAA;hkrUxjf#?1isu} zQvK@#U*;fAkZ5-{74nk!S}R-Vc#u&)Z6}ZDd%Cg^EUhr@#9$W% zLllySoamY|F(2HFbP;M!?KImAoQ{+w6iSzT=nSth(Gg1;uM%Alq`zCC5*S3AqO#Q2 zMX-%kI1a%dMtTSNECdlrmBaO5dxIvJo#jTUM6AqjQiKUXLfG9O?`3odj%t^$cZ1<4 zE=DMxE>;%Ms*WpY7n3OQ(*rNJrP8@!t&uNblUMHDfBKc_^ASM`}Ig+E9q$nYt$#gNaDp6GT<8ByXpMu}JRH^_cNf-$uk zf;{e_@3ZEL`&er3J>DRAj09At}OBucRiF^%mF8+P8uk zE(>i%I>WZm^iSjhR^v0#kV=x4&|;C|+^v<)KPTakdZD%!*To3`d=flrk;k3fc7Ts` zY}USo?%oKqyi+3F-VBRJg`7=vb?aob`IPe}CI){!Nbo#pMcW%32>({35zf1f`In_y zKrE>xHse0bE%-NuADN5I&F*ATwksT><0{HXDhdl9aWTpvdbhsAAgb){RB9+lJR$|} zA+o(lB6Y^~FP8JW_##NMd&U@24cypc+)DLp6y<}S&O5pr^u)J$6*{AW5L<6GOG6^f ze9*cL@4q(^m!A1Y0w|=j?WtnfNq7EFrJs{%fpXGn3_nagrH;E8sXl!h4|+>Y{h>iK zY^@fh#9fu#s+go96lg`a$KUTd+Oy>i<&5bP)0(;-7Pd1yMV2d$MK>AWRtHmn8O4%t zf{l)+f|uY`s{CGPH;)0nhU+q!o$9)Qnw_{;B0p5$G4q}0{-Ro*q`!ysQklE!1B(Dr zu@8aH(|=^Yl+KXX==0EGxyNbwBy$hUj40cN74@mCwcML4e9`md6CoDV%snYCdpVOF zKy&2JgC6u+Nj*wx?7=)iHSse8a#k?I6{#IQ2+{kLHp*=ZHD_O@9Ga_}JFOnYRjzj+ z)U#gx0eK`JQ14=AEq|QP6;}TG6Pe?DRWB>nJ;~LSXI^!i))gF5=3Q6%&Uq^>^4fdr zUH{@VKV3vD3>qcD_o%e&;b-P*?e}nSVVYZ8Jfk?0&0HH=sfTkK@7I&N|!K@C`i>MvxR!z z-yMdr-bRNRKMH1sbeDDtO%!4hzgh1Y6;M^R&#hiTuEpWkvW(6n4XzWPA|R8|Na^jQNp#I?1F+l_Wg zz-!$)%s2=8YV@LW1N`3^8vcMJY{%$RNA$m>;8)PaDk_GBMTCW4yT+%fC|t!MAkY0U4xHc3jn>t0an-iJAVBJP3i zPfEO|7&1zKl--dKd=IxZuJ67@R0X;_3tMTX=2rt1bLnSn%`xbP_OR7Fcohwr?bV%| z8w~TY0OcjQqPSGboHdsGTIDZJ&~+$Va-aCnyuL-C6pH}mZW{M*13LiWZ z5_I3{xAWfFl_V32;*8`?%Lu3U!te=s&gi{4iLr>3tG;s;6(tf=Z+=gSNE(5K2cct% z@ESv2CD!_lFo}$V*XnKPl$MA-_&j4p@p;kl;05q+52wnG*!)-qc45hxmz-epP`Y_H zYLV0m(s&}>*xKUOXyd4<1H7}y7 zf>y=Rc#W<5$UreJH4$A^e(xKrvmdY@6v8((XA|zrf6S3cxV`e*_hktoiT^)kEFlrp3U1UOna~O zAK1-hSn(vMfs3-d`H3XmK>xgJ&ri46szBs+>sL)z;i7?$N*=e1moUd$(AM*gWv#p) zay&jqRI4W-)6b-v`86dxY1Wt-@V;-^`W7>mu@*M_gs}Uc9l_$ysFbF`*)yVrj?qs9 z(I$!ZC;p$>=nSG&zp2`qi9X6h`$?=p9|GukH@|)9NIYi$USa5nsquOC{@!+D`A)C z+$GKB@VXr~G(UEUW^M}At6qO-Kb0H6R{q85Un!m=!J{PN@Ir42w%t!Lytt{WtzGI8 z>*C-lz_H(K&jla^D&gVbsTyh$Wx2i??Vq!Ft%<*yo2$>i>^Gd$CpOeX>^5Ua=J2@9 z=}tB2O<)_wWs(MHlVu9H#~eMWM6Y8g;YUGH)m&g`??zbvgx!ZWXjBW$Tfrsc!(5DWV zv-WS{mYi>kraF^VrHT2^@Cn~{RW-j=4ATa^Q7J!3!4WzYBak@^sdTXwNxCiuUM7#i zK##lex@qr2p|?C&&Hvi|W@C9oVIM_gY<%*0Ho_4hMwmeYwchR1^OT+} zI@mJrO*E6s8dFO`+ibtZ+3;_(O0-N2#YG?8N`#i3Kz zYi`^A99)o2J=3DPXDT@?Ceh764kH#X7+7N;y;qz3(hrh}z=9@-_SgT#3e7w*R)Hjkt?j=6n=^!ApnT}C)Rxz-6g8)HnB{oMoG8%>i`Eq2FUnAD`lOtS{Wa>ap>-!0>k)5--4-C&T-uM! zexLs%EV}EJt5Z{181mO)S)wn2kg-kk=S~W(*EbsJN>VW)HYP!uPgQXEzJ}^oLQh{* zzb#B_8T!jY!J!s2RX2xRbiO)7!?|0xJ)9ri08Qxy0(-tEi2sIz`!M9C-J@5mk%$ub z_(2%P_XMBEi+kwusQEGD1@&p)KM#^$9l^)k-QYqUE%<0Kl zVAO53W3JM#5B_Vn!Dx<18l&n2Q*=hK1c8ue)pjz<)Qt5vWG?LG@6YPi69wH)KZeDE z?A$G<%(qjnlZD3EC-)OsB&66bmHl-hBL;I zBnL|C((P26@57gxCe6ll&S9}ALYJMV9_&<|X?cMw6cM5-={v<3KIFl$r@ZCI{g(kx z49a;T>({rd^La;u-!GT;8TuVNz?lB;?}?bD86n6fgqQ@o#gMG<$nvtfU$QKtgkig` zD%grV!QO|l2?HC_Brb?M5W`uP5g_6`8Ki!!FqAx~ZVaj8QKp(=x;(EK5wAn#Ybfzm zCKS$(5&AsbY@$M=we_H^F0XfSLSN``41VxX3_Ym-+0|n9eodr$t9A zmQL&>PN`cA6Kx$Gi}uI51Pi-utFHOaZO3eO&jeLtydT2k$Ux0ZwNgu<|R@ahS#w$lV8Is>&C=gPD?j>rathmDskPw+jAA z*m=qJEv!iNF=xck^>B7OG?MS|(9k13txdFN|Iu<2eOVs}_3Gk)tCaJ{g#JTky_yzM z26;S$;Vyb||Mo`dbJ1dHy%tt6-==CfI(~pEu0|iv_W&L9)A1xCcB=R7lMY_=eH{Mt zUSwwFavYV%t#q|`p;S73uw-z*i4Q|*j*PTP(;eH&FbTR}GNY13P&tN-r$1DA5yv80 zQBnUYTody@FL7N(ejOOVg`)x_+nHI6g9;?gV{9?7l;?lULYh#f$vTGZ`<^F;POIXTIo3FKz2$PrpcP4R{8he9^PgB`DUXe)J@Ttes;M5Xvzl(oK)hk;-Thi>6-q-;3xjG$3#b zmV$G9*KJiUJ1>pv`kFEw+Xrsrw*o&FId7VoAjD6Xs!Pxfk-_O#ko~dT6<`QnNe|zL zGkM-kkFxaLo!z~xH&}dg?tVg6>BTC;GW{r)jvZZoT5kEmYW=p^!hw_5nmj0*B@%{P8a_soBuqRcl$ zTr!~)Sm*Tel90o*km8dBl#0TaQI5Jv`ySAt47(r_22n5WA$=_K-2cYKeS#+wd-~|S zMa6g;lI@U9@Qa-kKE-D5%X^+~VwY6PhLyql)CCW9A+y0n= zf1Zpql{6s`K|Eu)K@6!X@&GFGoKMPaGOxFoC=9#~MHHW&-C%vY`T#DZO_ zn{`18H6NEaxoT4Ncjs}mgq)gpS5;A!P`JB-U#xA@b(}tfsKaZW>j*>vz&ZW)2VS1* z+1d-N*Q?DM1t25L^;mA=y9|jvj!Q}Wq0-0-C~A@Dgn11EfBd~4T;s1N$uUhJ+{2lq z5EkTjh{ao8$kvh49xtwvzgo_*K0`#mNzXf&m65!g-FNCWqE~rPgXWFh5T6kN-M4AocHH* zS%`m{V)Cr#0v6}g`M)WrBiG&Li%{-Q8AMWaHDcq3bwJrv=)dCLjnL(dzOal#+hmUK zrQFtA+!N|pe9C>k@V%U={QB#7f>(AH(Bd+11^_NQiKb1Dw)Qyx?Pt6vUCl4>X_4Lq zv0iItXk88xjE4uBOBIFfK>{WVNHT)gE%=2O!mVm^cNT6v1BdKdgM*qSn%@kh5D=XI zC;~rggLMW3Dn~@J3==bu6GeQks~=oBCOfzsrS`D zp)AJ>c~S9}FITt1x9je{psA?pds9pY(Z#VN`gj-+ z6fL;ZP`iX>^mlWw#I}6I7*Acyin^qP`pZ-&Nx5v|&+%d(^?#X{6}u0j73)Fb0JFBn z|C~5Ixi#nYlP}Z-N)q9p<=JY8{<{e+L$|1VU?VHlKiR3Ybu47S3QVnN!N+)zjS&a@ zzju*})y*qlF)YZ}V_-}FNf~e-X%mk}EH;rnNHF(8927dd>hm@iH z!JiGh_rFSTK}Zs!L~}v(K(%lML?RPV1_Tg_uGEFLWsSF9kEbLes>9|-76fh;j#U?y z<@)LFMb=@Nx027^F5_)RFXNHt$db7h_QMHpK7m-C!in6_Vc+n{4f-3qj0D8IrfCyi z#b>!*hUD*_iqN9oU&-PNO%wQkmVyN&Nw3OCeYHz}WpH#nmu8V9M<@I%dz*fL%!RYQ znVO?M1BANj1`FS2gfEtM_X@x_Su;1x)ywskbF(Fi1D81;9a9KcKIHk9Io`N{be`zX zUt4hD{!M{Pih*1EHOaW|MPUDRq%}!I^Cz_R57D~3E-RRhyIDows^0a*qm@R%_eLXr zeYXn&3Dlc(WXi?W3~B@aXKAk6nt=xXdQd>7Ks?y>bz;Zk4S_D2Wbgb@q~LMGTjPvE zRrH$PU-W>^=X5>M3IVIKEYBKzxT;PsDY2W83{??PQ-uPABiV8vAXLT*Cr>IdT(qgaH!aBtW;Tr z-`uRB^x9N5mMDk{eov6f(9;cla@Db&)`8r5IK{coJyY0`0hr#E?c4sHM&Vu8t@&Wi z;+bu+%%$FkdmXE3|2cTv>`C3Zefb&9FaTV!)b%nbC}E|J%jdXJ2%~Jw0pB4@+OE|b z`mR{hxsO9uT(CG12QMKuTFZ~#`LR~BNx?CJTy%~8%tDwlmyg~Ujao0DAg}T>X||YF zncmeGcirjz-mTAlQQbmCgxNIYwI3^ShKDwv{EG(v`g)st5%cPwqXQzx{F=_UibJIVK$B`Lbf|v-8&WxLfB^QvEbI{II9fcsVfHL@isEwk5SX@_ePd5aOHO4s8m-i`c?4xgD>nplRK+EifS)|PoLo6JMh}vA(9`?8@A@>B##&TGG_Tp1MA&kxXw3!e+# zK-JiwuAkL@SN11s%#u;ogERit=TCK9+mSjABD)ra`S9mO#%xsaOR57~09R|KG@@_5 z=u6-^MRu*8v4eI;NUP^1%i;3!^6cX;Ruv_20DZyTlvi|AzCC37-Lb)H&Y%=|cYq3l z@-?sR;y34LOhtbv9NIzWxd}xBtH^7y$8~Luae0#Qsr zTnw^!)zGigDaEnhR_+E2eJ~ZO`6)-hy|BETzRL{t_9>p!>8_4$cJv1m$@=Z2py3;l z+wtsIIp*n3f8W;Q(yTqITkXq}fF6jC0|DXNv$+O``-HKo;^MHEhjS(p>Ch~Pciwlt z7b1U|S#daY!^@2hv~u?>WsR(vUUS>^pH zq~%F)adkcVNmRYidHTr~ebeVvlF;i33fW*^aKufUgv z3}l(>qr?;KY`VVk@9rO79>2h%p(}q%taL-hi1{}QS`v4+_j=Z#mp8}Nzwr*wi#hY* z2+TnYHAAF``DjEdlc4|P5BZ-^9(6ix4&Pml^_iaNlm9RXjmWo*7+0q$B$Mf1VU$l=*!3#Y=!S&ik(Tg~RDe9f&j)VrMn1%f4v+-mwNfekYJG`HJfHOmjF>C~XsyBRc&4 zI2q|T0e9ZyvwIme*K49$OZzKM;ikTVjWy+GoWCZ#w#)~Y?(3Z0i^ZKABJo`y_K$^l zkynrGhi$S8?lOEKG5`C^wu=(r-x{wIO*}OU6w98DoFof;E3kh=QxUpX0=$7W)DFmY z1&K{m$RZ|e6WJrgrri+syC~>Gw$+^x0uA;Q#wPV;j-6zOaerDZwfg(}<@oTGCx(Ze z&L}Pb@z%veD*6TIR9B%sFmZcejIeMdQ!)Cr9 z!GL1hF8!kd-oJLV^KJKQgt-x9yp17Kq>`6*6U9RBZXKbPB^(c(>nVYJPWl*?kV|a;5L!UvUjk_>Ino`!87zIKI3WEtkfuB&kfp z=1jD$1#8=z1aHr9*6ZJ`FP2XTvZ)z8F9N4?2)xS;Ns#ApQQj7f<*B9rQp8T%W>K1WkCqUCq{NgoEO#6F=mI_ zPK8WjwZ9iA@EFx$Q^iR8ev5$@g@EDj+k)+n)YRF2hAzd9Hg2Z8)ttuvxSBD-o&Jmz z@chymH8KMj(RP3PE%XG>^3=%0gq(%nAxRYGuhSpCZ#Ec^^YHxaeDR1o19f#>dG=cy z*R>5#eEuQ8TO4=Ve6sxvx!@^ij=WVz^3~=G~Qysi?##lyg?@RqK-;Ff^Tm>Zna!U zBm6M@{t|ao=3G<(FuFMeTH3U`0)%O3X!wndNaiLXT*9n-F09*Gg+H)KJa?>L&bnb1 zTr%BrAmC}Hi{&xj+0UBKnX({?hYF4?k!k%I$zcDZa!fs$SLK+k$MFsh+06~PmLFkD#ZPf z9xW&F;DD}EzmrcQJ!_6%cSuRmI0D?qm^X<@EycxV&b&-a7$P!FY=v-?-^L#ahppY* z;?De#IGBl0>)H-dSjc5?ei03R3kyu8|6+CaPcluF z^HUG`?>hX|aId?Qlya0jxC)B4v{O<5h{3$l#lWCikJk+!Bh7bjF}VLQxL7``Bfn!< z{Kl>nrXJ;^NX7rTB#nR4kM^pu!TXelpo+PseDAKIBvAycJ&Nu?p=46u0v1~?nhWD= zsulTUv+$eX19tdu?&|$pKTKhQ`sIt$N=4bsX-)b4Ot-INSG6)}K9%?Le%f3%|3~(e zmX7wBDm5I=%mec&!yhw}dmCNJB3af#8Xa$Jo;Mnb((*{kqN{iF`yUaZ1nCd2y@0b3 z87)>gRHu3l-#l@+;<7=%U7sz8z-+d;jhC%gQ!6fafp`DkB5Uc0Nf-|G+!BE=uV2|6 zVfxbp%(xuetm)2>fELJXQ+<07_G~5MxUN*l(C=8<=VD;7;q+n~B#D}Yfrmvq4qL7? z9wB#OJ(!Lg*Z2$1(COzc8q)guoFAHIw)aEJB(^?0{K!aIHp`s7=*J73KtMnG5Q-Gc z!{WMAtkOsL`T_HOpum1JmP#S#q|jnUsqYV4N$S9IRu%Le2NKS`cF#xDyXhj;VWiN( zpn&%mL2Kb+Ez6gK$ZMA_qsmM6AyQR>WBCL@9&Q&XYV5fl!3KweBYe!~zNI|iEKyUv z`}l^$g6nUmt(g}H>Y>XG=&2iOosUpCb&uQx37sMP`+B&%nfNn|T0CwYU*X?qt7%Kg zq7o=*1ia?>c%DmCWt>qE6W_v*->YzX5H|9)K?zovYlhQZiZo#HRKb}?E#qrHZB|u z9WwttYoD9z!zX^P-~{0VFIr!FKEv(bwxzsU8k>Nh>OWKgz$C+XoXioNyPXnMRTa7} z_WNlESlec;`-dYH>gm>12=%W1%z398njREUy+y8v)rC4;ZumEg*vlVgyR!JdoE&Q1`fS)T&MA5M1 ziT(%LL32!WiBInHzhP4k57b7hXd@&>;KSmH!}SA@l%Z=MLUihfK-(J z{!KYLGFiHmj?c)-S~MI59}|<1%+S8X24`%y))1YXoU->?4ii3*nwBO@Kych(J?DXl zfKm_^20c2(YUFb8(vCo<79Z>*nfyBr3@J+zhEI$(%E3n;H=>7wwZOQn-u$~gb!XR< zPdR)(72#vS{#jz9)&h$fWzIHSZ;Vg{c9xEcK#qiLV2w=aV z8$PfhVS170lQOscGy4Lin08=>tp0%1?Ns@rA}ZD;Y0gAZ#S=#2426GP+QhN$W2;p2 z>48m-!3%349r6Ct<*ck<8FoK{ExU0rAh&}GK~&$X)J@@=dUxFErl*3|h@7}Hz(L!Q z25H~MJpDT=c)ES_%3mTuI(vqnLV*~j?G0}N2p|-tAc#r)8(d6G%1>V+x$BZqJs@;= zY#rS91bhlg*p9gHNxIEFzS}<4B`2x+DZuSVHuUOE>_;o7No2HVx%6m?!VAX{@cS zc-dp|oAdmz%vNu2qJtC|!s#Sq?tss&k zIaG@y4kDS9ESP2I>!O%){UDc>S8uA>Ss`+7bQ;98EdP!Mj~Z?-BP(330dDIsooyY_ z_h?aQ?BRV?iE(EGQMNBJJQMIg?X^v8jDb%btMSOO0W<)(8R{SGT$u0e?JZ>C5;ma> z&9M_tF#0xUi-K_vqUE=tBplvD2vZ<7n)3KPUU1EiWPudB6?e`a0~a`*rX8Lt@dPcf zgEnoA390F&Amp^_gAmYfmcOIkkG+Sw_ZwE;oVz)A{_BVpr7b%HG`m!1l2%wGhCEI} z7)%JF31aiCmq|FwZ#w8<;3B5gy`pdf>L3U}q5^#O{W>M%JjveP9mfcoGT?haqa2azYID)1ul`H(JJtZ<^Im?LMwC&-VyAF2D12|t zKwpi9AIJX{_~fYpc~qyB_%v9x9Y(P?hqk0E!?ZsI0d8!LlM(V^tMmHY5c8OqW+}@R zH&f?wj88=_Ylwu)pI(F;p^|~=iK(-gqXDRzfcf1ZL}a#!@oyZaZ*TCW{myhMBt(qj zlt2+fb0s-%fdnR8h&`n#aZ*cWufQ6pSC&GI%)!t`lll*YP7gRRO$Pd+x%qM8u^=`W z%e{GRIl}F{k1g8X2XrlT%(zok9mXg_enL+0R*%+v4_<=d8@|}oQ7oCM+KxJotp8T( zaZ#NoT=W%9$w}VV2E+e-BN=Exm;bN2o+}VxH^IAE`HZ}>&0hI^Tmsp)A+Gtu(`^_< zP&JZ`LRDatA^7?i>wAQnh<;79B<_UaQe@p)8Cs-PXz)#n(A1`a&it64T zWg~c)9fFjyerj~cB6xzHPoyL%EI1SR z`Fo3Cm1HytnuVe>q|@TRFJ2dI^DrIVY&A=1F_niVNJgF#qxelR13Td7&tMDf|NUkP zh>mMY(F?3?_P3(vIF}tm{Dxfiml!D4F29}qBc!VFr2@jOFG1=EA1%WL-H~zf4*$AB zn(BuPvaY`8RfjQqkir#RKCxf@ae~>?(&-tKN8X^;AD2+0(Lxoncy|#`3wE6Ouhao= zKCD-gM#EPCn{tiI`_}Tk!f@^C(4oY6IAJTp;)EaHD}2|z*Cc;pQq#!Oi?CBeN4V8} zeNDijBd70t6D3EC*1mVuPc!@MX)Iq+iv$@mH6_PnarP2z1MFVum+$Vx)~^}+*R1}% zKJZ}*yxbLfIyHyO#ZyNG6gp5{{M~JDF&yA^l~y$O@-$gaYC^h9-yvU0nMR zA_GrwX6_&kN0qs!NuLfTc2BO0q*lAP_NDC_RXPgqAxs}I!OI0!!eZlt8(OJ|eL1XJ zCjWbugan^t5=r$1t)|IeE`~<9OrD(V?dzHV9c0bjE$bZMtfkm(~8SJ+EXkiDl*GasoC-7%LW+rhz|l z269a-%?2c02@{~AA-K5$tA(B|96e*Kx(Yh`E0mU+=5gZ*{+mey^r~-p7z6$N)9zaO zgXdbQf0w!6IP7Ve^;=V`JKs#~O^uzeAPozwe%IR1iu40$DpevLhf=u9k3=eszjn5lGORnqtDN*rt}%ZmgqsvNr}nwp_=q9)IV!l@t7rY<;qljFog10dtNgz$D;^)% z#i@d{!@?uyXz+51?6DIBEz)^(w7oz-enS2;62XQNQsLGUPGHS|ava_5aM;g- zxO{t3c@@6e&Jjh5g+e1w>x)1sV(0=F*#B44^6&xx8;1-)>(elQZ;AMiFjmFvd>wnUCbn(n^ecmS>t9yTE%rBCf^z@1m-%k5H8fbH&Qq() zD36UX0nwP8<>lq+BT9l95^o!DdC?m$C|TuNQw{<=vBKioR%}&UheiHvJemgTRrZf8 z$yrY_Wx1!j`4MUQMYiD#%a{p zwrw@GZQFL6#&*)!YHVALZ8Wy6lXv(3JooJp2eabhY5e~aQ#RVkU2}K*Hbk76ivV?+^1jbj1JV)WQN;3Y6Jl> zrl~v*3Crai%ubY$UG5Lcx7J%yXpqx~*ZOag~5T%F-l0H4BUKn-C=# z)%TPtU733G4>3I+H^;LL|25Nwy$2`m&Zmv{Q0`9O$zFjgL9@DtEMUgZrHivAAL*%$vL5nH$ zSy*SVgzL*S``ju$URY*&28KK!0Ve9IadSUDG4?wZPlpZf^`~KQP|$R4|LYu<92&w5 z1T!FG_IUiIi&0+SSd-^$y6di2qG0c3ca!B2N?-d;z^*NB?CeZ8ox_d-fAGN~+o?|W z-QQ*})O9}@QyS|E{(B~f+lN5UvG_F|nwO4mx%XzhW zsj8__KiKc>?ZG;+gD~lI>D)1(5vPSV0Wp_4D~u|3@rmCwzn=s~4}AW9Zmo(HyeCm} zk!iKM#kjr&g%%7DJj$!9$1H;#AD2xw7_yE0Q^j_rsOjQ*yAl~BaB8+nB!0{b4jx4O zK2`gD>|F6lBA{syVCrst!X-6QA*O1)qySa()2^z= zO_z3LY2-PKiMav9M|r;<8MyUW42=7}xH7#I{%aqiu$;GZINx^;^;!TuGua*B5tl## z)%3=CqpyWJ&Gz$oBG5EcRLD0xE(fwF3zdnB>OGb;#U~-5p*FZkK;`5DJ$pmw4?s}v zO_=k8@Xa;>{HJbO5kF^|Amj=fMjR+42FzFx7?ROaQ%j9&a%!ra2UwGh4Ce$)-t(4Q z&piE@8fo!3WG~q4CGJH7WWDE_HhNqQqVhAWcCqj)k??sM3bq1rj-#5iHJ`xmOdlZv zKxZG+HwsfZUxD=vHZ39&WokDBDfyN{E`7e8`>Xo{{^OkL=*S2%KPQtM7R2LlxJpCx zH)~}+dd(WcW{=NJ0ELkCse*gZKF_)Ug4TyYbM5hVs(bEHH{O^O&^ub3^E%9y|M5e( z?tqQ7fIJaiH3e)Q(0qP5IlVkCk?Ia(2pc7~)zH(EDHtx5OJKUM>&Op$!JpOXTW+FP z;h5zc8e;`HUOWV$9lqX!}2B>AZJ*cJ^aTGCjy-lv%Q4ukH zXK1^^gM))hh{h5C-N_ubRcW@SBc3m%UPfE5jKjDS_YxEjX(HJ#8$#k+%ka72`#%Xr1ta}>e^9#3)`jXx9UIq94 zeI!Es%l)~WFtO3y%HjIO3D<-d=!u(%= z3SMp1`5$70CVW#k*}$eNdoJmz;{GovY?)3gx#!t)1%17zr~3E)$e-|PYHF*dPD~_Z zEg*%Yf6||tZ?}r=8P!FP(0I;m)>-f4K>)FIur~}Rrz{K1f0d5+^)@GxC;)T)zvzH4 za%jDfchA+v{YO(B5O~&brG1|Y_v|Ossy(|SgnvEg{TD;z_JIk@!^@mEF#PwWC=2bi zMzl@R*2pI+CZOM4HLW=rk{+(^J&MS9mhk`1+n4XuLtG+;?!K%4Kc5i(!CU>&No9&J z(8>#;vTXIa^Fsa!13^rv@_n-GzY7dH`Mk|r(wjL>^m_9z2;9m2`J69lXZIb$P5*P5 z5{W?^^Ue|O^~0fptmcXC=?lVG&KcjEUScQq;t$6E#n_MxtK-p)0Jiw|2>3oZxuQ1V za4gMVaf`08%buLTQwM9IDiOD@+AT?u+<7d->Tns5(8Pk=5Cs4}E^t`VIgU`TQm#q< zI|E+OCn=}*V+`T3$?b>J>tnxzu<_|1D}Hx91+4|$A^oV?aC5KYpzW#ux#8L#R%e{t zO%kAK2KcNg%oT;5N{EaAXcBhxXV;U$sn_VlTloy(=6v*Vl&?Cb*0I`j%o+KWXUj5qr5 z@26s}|G7fG(qbYzYu~H5xf>k&T&}zyU~D!+w$@9QBrf`q!4R_k4h#(3Yhi@MPf9D5q@kuy=DVN`VwwR~zZ$MMWGpnHAF_(z zLdrp7KPt;Pz#f1sh^_*39rv`C5v*P<>W_f^s-TT07+6E$v>FLLq{~L#50mxzqcBG< z3PjS;2})bklC>%U*q-=z8^K;W3V{}0C&E4Be~AgB8O^_`nd%xEG8XwE=MRmBm5C9U zUz`I*y2KuBxbcqEQ`l27P9`*U& zRi7wEp#3Pkw@IyDy_|-kgs7^GAo-v#PRtJt{OGI7 zFezV@Iyg~xBT?`-G_7GdE@3QUXGH#~)&Surw{x|1={R>vUkuQ-bTvBp|5-e$;#Dr} zbBB8s9mYKbDmgj3TWYDj^T z8GS!_8SNUH6qkp0X`ZQAxyAp*Z$Ug^(2}HHp{?+H$u|EUw`ul(UMuO>ud&s}2Ddq$ z{Tbk=YfK2HVkb;;o$}SRsJuL)u8xJ8hvr-How~ZZvaK!E{{EqouWL=5OsR=AJ&ii? z57`&fMTCz(v&f6R^9Hb~N{Wg^_a?Ho5W&GA(!8WWsaZdN-n;6~gleei?BZ>Yg#E@? zroPej;GvmUvrk$<-kqLC4kaSx3u07B%Ci6<9&qH(^w{jFvM+>WI)@4Ygg45fqW!zR zF~YgUO06B}9-h281^(6QE`xYPm`H)#xoKppH5RQM7OLSA2aL+Rn;Yrw7lIjr2V$JI zgS!M7yn#=81X)M(2znh}A_K&2hxCz#*;FN#&KzcK@(%mXvUhZU6*DU!0Y#fia)?>3sZ zl=Y3sm*iySpONe!Y1HGyRW-lKKU0wwzUaarf3Qi(<^qMf^e)he4;;Kn9gOp6A;yJy zR#}|V1`$=j+t@Y?vzZ>U#d2^^X=6gZ34|cvRk(~1KvYCbY<)`}1PK3Lp`20Hjg7uYOKv%CHs0WNy^i}K2uXA z8tS2#)pf$3=IjR4$7c4VQ17*N`vzclkM>j)N~#4uWY^B{4P6h?3ZOZ0X4~CPF^I)d z_59KI(bU6qegB~IlGVM!6?DDD#PEYe{T`;E!>GkiWLrf*m+{a?KOZ+2abBV9R+|c1 z;Zs#e65BpQe%oyk2sYG`U=qg_`Bth@5~HfFE~?XPn>U{6`*JeI2#|H`P3ttt3*xPD zYH*$hwADl;H|9Krsf=>65=9dI(tZM zHWuZv2iwZkSo}}NfkX)C`|J&VuN)B(U-B~7@uYG{mLoFo&;IYS9H-*(nVhub2+MKz zoHkh&wCQ~)18AUkE~<0gMwwV1#ew|a=V`;tICX}KrJUwFP2i7Vu+dVJX4VH!A1oW3 z6i~kEdhEHL7T>dZEIN=JY3BW0XoGZ_`wpI82cBNv@*M+Eot0Y)SGOnAo~Se8t@^}c zbg=u>9%ED0?o=I>wBa$Ox7y(G3B1*E2E6Tj%VWkO$G_0-$Vtw08k*;k-jB#yxE&C0Ie>e|9!W|*)uz%bhS0^Gg(i{4(+=?4+TJvsRx z8Uca0SmC7n2|4VXcXkgTJduIoZ zII0x>Ivl41b}(I?6&1g+6tTtPtG}x?Uy9pXWQFn_{20cwETMjkC1P zVp3H%2*Y}z?pM?-i9ewMbnX9cK8Rd%<&55 z=5G!EcRTm2nnH&>1AkHhgFoZc`77}1OSH>a)DT&?m^W|{R-oB?8s9CZMtQ$9HYYrO z(9yfw-deTb5)N-@_hqL2Mo0FaHyrQnK@Dz%^8Tbnx-^o0nJ{SElkl_`23``3HNXPYLy{hObbi>Hc zhszrzPPgHNNZ=XPq_%Ccx6<g&&ran6~Vu zk^A9bGv4}f1tWi#itqdJCDoKU8rDvB!ue(TIpV{CUz7Pg4bN%j?cFbExpcBWx6S_V zJSQ_n_?0^C;_apJ>a6FFz`Epmu0*{5{(vSM4+@ght~KV4#`14C`{X+whQj7{f>v%=*Wx@V9T6E* zg!ZsT#-P5~qOO`WM~Wo)4Hi#5v4slf{+Mb$t-?SUkZRfSRBplRZxPTFYi(`)mKGdT zj^}ye^$a$TvuaIIpTS{Q+}vtA#eE1qIyHvsb3PUUp!(ooG14Ca&NzjOnSofX`;pZ{ zbC+`mVKKP->rR@r#v6!cXDtRNL6p4g(l8g|v!u8j7NaG`?qul6L{6I{qx6N4W1KaA z3|j6@j%rZm+vIp@sHvUExLc{SJa4SDO%7om>JQMix&HEnhJ+|%dra;a*IbkZjl$nr z9Y^r3wzMX3*wUEH>WR}Xp=l{{}ue`)DVw{j-CHsAW8ae+!boz z3&JKgl{~ENk1e!fJ&eFDK9SH8^hja!YVkYMX_5dDKvvh5czrt5nibDl`A#$ouI8+BxF5(Gj|KV8rC$ z;oKEapB@{lPT28%xjC)=Cn#M6xL^ft23+bbl2iO32k5=BI0C+0cAFhq;zBwun?nB3 z_yS?(Q@`XgezDn4j29mqPaFq)yfflEOB#$C=j&@KOXc`IU{7Rl#%}uV%C$YD+myDn z#N9;Dl!@J9pkZQCGAawpo886!_OR-o?_QRQu;EgWl}}8_V7jgnTU$@$HZ5h~){i};S^WzC3Kh1`1iTiHlRCGBQ&1O&c@)F^SYLdrju zR`&86ljh>$Hf?}T|3zFys{}-j*9kNB9~RHsbELg6rOoWlS4q6nrK%zc(4`b5Qd%+Z zTiWix8Pp9b3bxke%TlAw()2B3=RustfYS_l>YPFSN7AkRh7U|H)T+mkBz z&80ZXb0-@Rw<2uZd7X%U0hY`6+oV6P8~2=%{4hYfkCj{BirSeqc6qviS^^fan4YGV z)}UK*`4rPWhUnCp_-3aLCt%^h@Xr0t3G9R9!Awq_e*F*lnOT8*2W}U%ss9PIS68-{twXA%I{RUra*m51V1fh*p;^c9svI(vp-W$s8~I z&%B~6Fx)ou0spA?6(oW>^dZWuM1uf?m6;6eFIKAze}0smnoYngPD7mlO(BNA%aX$H z&VB_*S+^*DLHLyQ*as`E0M5B6X_1r;P3)Zo|Ubn%JF8A*UrH_|X>PpWcvw!3dED8#lAh4=En; zFf=4dBstan)+VsV{{}cwM8Tv_dZ#{A?%`#5##J5HAC5_qt&gKAMcw#;?vacw!fbTE zb+GPO4y1B{5yd!WydTnCU-Fhi8}sa4iDcF22b}VsD+>zI;DU=(AgtKZePZt1ZOX`W zZhznUSYWvS>~%3)lp$~%f-T2hSCYYS9{pP3meGU=bRI^<4Gj#84v8hJC9^a>UVr$E z*v#Lq&FpsGxLy}&SYjeEiM41{3$W}w57{uzF%M_u>UC^0(xE;AMhc3}1pG%~q@mME ze*|Hr2)vUlq^~ZFm&W2?vnkvxp#gfr%v>%})l}Nv57m6P9+n7R`}Sbt`~vD9IlYms zfbhg>W(SFOt#2!zg(dGK*SYJ<&h3=h%jMr*2}K}9V`jHCxveVA1&_&4DEt%Z507$3 zizsg3K5^P&yW_R-C@ocPeuDKsX)=a4-B>Ks?AkMIkJMdN+WDI%F5NioX2A zMAZ&EW<&;NX>7b1Jq@P$bUIw$cN@~~ztqHk$%%=xFWmd;>rt!EqrWWhB<$9j(D*+i zSD`BKM1UT~s2w97+Qn+47Y50#sjcO*=AP5h9y}KNTG)}Ie=Rn z5gsqbNj=1)oN1zpSzt|phrExp6<`r+qk8(2*C36L~9O-E7VbVpm{KGYY=@x2qkUk&(%`w+gFyet7>^gk;AV6dc>W|F(v z*5rike!7{Z?|BUgB*Dy`(-ndTpOezi#=^_;T;*0ERqE-CoshozRd)Y4KhROSNE?8HhB?&(f=YO?Yz zruc&K>2;ENl%0<+6VSCUZ7EE+fv?eTimR);X;sOPz~wZXD__X?5E6Nla{CHpKLWD&l8sWo31=%n1L+R%CY1vVSWo=stQ&N`c>*}2aS2gthZ`s3}g zpLngHYpA4FZQunUKMqOR8$!5_rA*w%xL;7w#ZANR1|+#v^*B*x4!B`${q$if@|YS` zWN!aXL{S3db}q&&XZl*vFbHHPW>ty^aPJ3GT_?Q`m6%FcgD>Z%#Ql07LCk1`1z|fG z4$*~diNnge3GcW#SV2hRmSFrBN;jQFpy`0@VmdKYTJzoP%?sD+%0&&Y9KDh zXEhg7Gz#@JG2S^|Hc=?#+{BYQ&J_1$8U9~<7M z14d~p0)~gj$ML-Hlab2i8)?aS2$%GHeqcInp!D?znrZwgEp?2Dj!BxC5BZcqG@;cZ z-eqU~>DxwRxRtJLVN+S8Aw^~Pc$x(MTJs!-4`Gh~GlJfB{i4mzvP0TkL%u=4yIOIb z(a+d=M#a;t^4~N^OVlPnQL-^9DM?lWkvC=s^#SyV!d!{To2Kuy(6~ATl&|Z#le(=Y zFfiJomd3t0stJtnib4qte~P`Dvi)v=+a#>(c5um` z7pb2KJ6~Te+F||g-(mBA4;G^z5uOEBXtqy8rh((Hu@$snQ55^%bq+uujd+4oEyh3Z z!}<}19n<}xL?@D#x-tIiAVQW~QxoTXe?p!?ijB5suJq6pJa~^K``f6~=hEve0=-+fmK!e!0BLrriJi^i!PTi5$c+D=gG=+T z>}h31Y5wRcQ8_G3zSk|L@<$gxHSgBF-z2`_PLRRzqg6eS@p6|{4^=T$4RT*$Cg~R` zt*cAOFX*F6d2f**@_;}dF#F9p_mKHbS~@I`!Jk9?CiL%Lp%=G9fB7Y)ebGLqBPnM2`D5q9LNHmf_%749h#mw@1kn*OF4d4&h!46O@NI^i6 zCvvmRke9eS70vpU_A+-(`TDv2Mo#troaw*+kO0+geqL5#u$jkfls@N0zJDVlAEtn$ z?*q+{75V>tYoy*!)=JC_&3T9rWi`7`m0LCO3F%~twytbY)Q{8=($dsPuzJ$QUvkdZ zMn-9AEI|qENi*faO)IZY_p!fR$CZBG|N1Ys|KC4iB7eo?e}Dc~T1TPSMIY`kv(3u5 zd|_~&UFuQlR;y+qU4^%-pYu)Z_%|t(__ivkMALjbM_nQuYSoqg*aQ2**H7*ys!GRY zLpNjJ!G2gpT0i`pLWh8as55x7P?85<`Jy?Di;643%v_6xfl=&{y@yvykBd#yS(Qc> zecwA{{JEHtG^d9!U^2eo|GBI|K?L?>>(F<6;^`@hT7(}W@-m~fasi(bJBcWqiR=iR zdfwpCzFfQ*OwRY_*?=SS$I0Ub$Bq7Sj$`UoZG`tnV}@|`936DK6MCKP2^k?uu`Q9R z?tvJA*6fXi<%ZeX>W5y|d$FIbkTfwHTKj zDAP9B0L3;q#fneBJj(;v(J3@=2ng{G^MAr9To~OTjDj`tN+T*@gQ~1zLI}?%yCa?; z;mT0snU>XJWEq4X@RYi;E*E+$wmC=zGJy*8ADFZ2pPr7>66a)uMo6XrY*jw0r=JBw z2ZL!k!o_uQJxqo?Hbo5#1uN)apM>4=@EfIuKM4+6@!E4cS7TG<$Gr{PpfpU>Egc!K z&~36v5$nLrW$~qw>}uI({_gf~PzeVIs?M{9gaQ-AAeFcx*Zw?i{^65y z>97O7M-QdpeV7g8xxx3JYdM*oe9*_oZ_u>mHogX<3)D5;k{FK?uRpa?bv)XAsqkb?@(&pyTv2xJtu>+SWb(3{k&dF9o=ch!aqz!G`q%b_Y-pD0O3 zEcnBzaZ3i?(A(6VQ%&&wno0Xz;1VennV)YfK%IZD_kWy`?%Sglk6<$oKF!*DS>xgruZx-=;Go07f*gK9}WO5?8WANkAM zanBy3{P;)EAMxST=D*NO33CB`a8*?>@LNHH)zaU%xtbcs+EQ4=T|`d8Uzy&kkN7~F z>E1#MEv?8meidx=6LP9ErB)({sXRpAjxmPL)h}4}!;>YSX>C-U?ph?{^rhk4RJ50d z2t^|UWGRPHn__hO<)%Bw{+Osg_f(71 zL9)Rma!{tX)^&JfA?(w-#^C2ASlrL|t&|XEH?T8|Z;32DOPhjfw{lH4B|Plk@f`Ef zJLgv>GkLv@7qjtOCOb159AI^LpS;~f=38~&k3Gr1luWNF8McRv!m+boAUvMs6iQ2dxn4R<%gwaq%ATpE2}sxqx22D0wcLQCAvz5 zq}-8NqNp#3I_Tg8ZRP8TCt17 zvL206Xr}r?`DL&%Q1WQezm5#%ti0txEhw2Q{cNI#C3bJ~zYfClR>XJSCKCJv|^}D#x z-3YkI;>|jjZASTnZ(alTR?$+5aU8zWa307+Z!4c{N6+(E*<8%JzoppL`-D3th_CLU z{qaIY;7Spy3*$SUTVDQk7ii={D)W)QMP6s$A+HIyINf=fS@vdsg@w|tQ*XFz+pXj7 zuCA1`=q9Ca--^3o#aHnE{J@VJVuU5G!^0Yeo=MzB-GEXe7v>q>n3|g;qBl783{{k( zAv?5y-+TT<8Fz6N|2^Xr>q+N69!W4Lbf_pG^7kQ$y*?WuV^qkEp!VPuiIWam0OWY0)6NL z`zNOhVLs0HBv;bo8nD&KMg5jfbTX%`Cu!LoM6*LDWvF0HU|Fx(s}?5vTbip;IVcpY z5$4+lpGDo*Q3Sm{f8R;!OPWegsi5tvQlThlEtA^H8?^a0;~BH~tA+HX*rua6&u!(-k z@EVEZ)@63!)%N-UJ|FVyt~mcQamr>1X6zsveaQVToa-WDIc5WWm&U1uiH@X){rjkl zhabD3`M#SdpZ3i@YZ?8q*9E=VwX#u1gOFQzgQzuTst6I~iicCbw){J#PHG{oi4177 z>+*Qeq4+O+VL9kxnHQ6P_DX21dF@*p9vF{{L}9(-zD1o$_#C}PfKE))mdmhf(;I#f zHZT&!om4pM?Oh%GA1a_*90%(iaJy_SdOZ!g9oGa#AVg;GwUHo&ykfD=(#sIC`>Te^ zHv9FroAqRXL{UlD+?`enl*Zq~7|=ToFa|?S#nIY|c_aa`&yT-eePc~nAv5sm6Gtr0 z(i5as91=ctF{z^L%Q?)eu|ZN+JW1r}#9~0ByMY?`+#R`S@&hH;+2sf?pkvYHM1DpX z5Q(mCWI##ENNZ&*hbQ|{l8Maz*;k!&R1c|{8(FVIJxi643~zBR;MBH#mK-+5LRi9f z$wA!83YSVBXQa(6auaUZ_j&LvygxOoI=FdMwk(5Wzjht^tN*gozuO}iI+WVcq3Sz( z-Sqw5QhUL-r;X%1xt{ct?tHKa@(-Uq^m|srn`Q_9^PYoVzyP0f;LL4_9hVvGZ;ypQ zj5pVAuPHN;hP@S@5Bw}cJy#1AR|$XkE|Jv@rZ4?WQFh{Md2}C)ERc9ed^5+eB?ku- zC_W_e83`}CG`ulYI>U%$?C2$qvlHRHuEVoi-Y6}M6jtqbYMDF^_8W?o5j5AggUL8X zY|NOO=T^v079g}Dsag!9KYZkjD84lEI-NpW#qp5Hcaz0h1Y{qVyaZjS2z-pVB&`@_I? zjH1Q_>%V7S_#Uq!3>kmd%jLY9l;0y$?n9PP6iCfqSNhHtPRcKJ!PA?Hq10B58(iQO zaf>-qdcD_=J`{Y-lK=+3Q%>$Dm_!)rNfNt1u8cBj7e?B~M|oYMSTu65*dICW@(6k! zL45obZK0o?&d48TK8a-EkH@~4cX`odOpkB6#a2^DyOV0XfjVnkCwEyAZS)!A`{B8A zNltSzzF-9b^wml1#m=tJNf)7iq!tpz?^df&j?2dd?8H%LjNAza7Q0Qs=fTrUo<0r< z@Y`Qj_MM)a6C|BhWGS+vZdrytU&YKZDsn?)#c=(mqNlx$BK_-ymVh`J@MS!+`}sS z6yY|=h*L;uX#*|E%JCWGx8-sYGiCbZe?>d|vaFFk{jP3?vYfo3{PD#^CQoqp?lPxa zhq+12xzgfVJJ$TSWmLGLopnkIHJ-4`h(SU6_4+Q1tIoum@AFuEI8x z(~di8;4;|Hvggyn!7neFFKycB4PWN4Zf6a-oyEd1??y4fvha~p_1m`z;HO z$^AT4u{fO44E*WzwJp&gyR#qk9eN_qTHaeFHi~)RpDb33{Tw~ z%{U?a*7U@BZu)JM*vl#Bx|6zEKYNp^a%pAmZa?RA9&#*|+#bc9!>n72r=;^0L+GXI zXrsNEQgKDt#J4)`XszUv+#ibLPaM|J(WI!sey`StvH0Jhc443+ds*sPM{mOF-3i#~ z={0guOG%lWH)nr5h`V%_AGZ3CvbL@gS5!L)RqJ;uYH5}2M-F$QM2F3ztC)Fa71QCX z9u&>RLWUS=1r|_7p+<{iBS@7YVaoFk(be}{erIBk7*Ru$Nvi}?Iky@T%XT+iJE)oU z^VGW*5hGi}(Po3EZl&146Wf zNgy@iCYE>9h~7a!Ex&@HDA}a@sE?a?C;p9`u&w@mn}}fz;UKr!))Rk}Jrix0^}XXu z>pr`rASIfL^M<;r>TVUU{jg5G{*tTag}4mJ^O(r{3yJp zx{i5Gw@#k-yy3S*EJ1Y8$D?{1&8(5hAq{a>B21lF*rwak2EZV&a2!wVjv5+DlYh=f zHnSLV3*l4hpHxkZnAJtmK6{(qIBj^&k9I1g#6XE33Ose?3-6yq;}tlwG?(#}A2Y$; zAwj18)>u$#CFze7tMXTLT{>Gf(P;&?U`An#(#mRBZHJ{I=2PVB`ZN4>39fx#P4CYc zg&?ZAFTW*kziR5J1_kgvA-%mm2kcI0IT-Ippr>&;<)?(!yrKD>EthAA&LLJNB|b}m zHAd0j@8U~vCD0n@T)audODUz%=W{YLVm3CqJpsORPD@!H#qxkXil)G2FV+k?5yyI1%z{B3)Dl&9_!D^g66ZmbO z_YSq`xg#%&`N4R&Lztbv!k_m%E@2t;5#?^KyO%(Ko|**n=|uAtz*#eTj!4F$THUjN1P7hM=T$3hFs;=&Fnc`>kIkc5Tzl^` zyGDdK(u>>G60fC_$I~Sy+y1obr)zDqsAltkAYA)r+M#IdXt2*OKF8MS6TlA#(|ya1 zGYU^Yw`vJS;LVf)^gN(~#cc}%IQ~=~lBCv0SO)Re{;|n8|8g3()b629m#V>m-t9fP z8QL_b>^@}jWSU^_?^6>TU;p^nhWOULgsr>6i@W)6!*^HZ(2!|(#au*n&HRenYmws@ zvc8VDcX(*BSfRDrYZNLo80%iqfg&3tdm@?DQqL+8KRSuaD{;nM=9s*zs`4#J5sw)q z>vXAlc3^)hajx~f0b5RQ zx=wXLbi<;gVB^NZLeZ%N+Glf#IyJ?*Dk>W8!C3#y2uaSE9%n(~dkNvuc-3>yIsq~T zcY&;0KJNly-eP@;Urnuo6#dIz>Cyy|_V>*|N>H2o7rXEBUi{ZXvSMoNF>kY}P8ZLI zyL~bYVtyuH9zo~+<5|20RRJiWUt^a9C6HDGm^rFHgEqYoEbGz>DHpL00O`^GHn-Eb zEc_Xc(A3h=HgkuF>NSl#npYlW8as@B@4#iupSGU|auBMPI2z0s&mQ0T31O!UZFRmn z6J)ln(F!W8u`~%s*Fr!c;)TWStqs`dt*SIt=EXfpd>i?5z?Zz;y91Wl;#xorbEkKS>g5s^j2m{6bQfI^FRRH z*1-lV6}6t}tFn;$f zy^%`kbY4C1x$V-RC6t25(_il7-xCaa%og8K<>8V76y+d1e;guPNDvGs+ zd8SBwSaGK%EK%P>a6_`iYRR}JDqNf3*IADLQt`mW!BNe{#6&l`-WgoBYu;dTyX<6g zJ7J58zYLx8u+kpZ9T$6WJ7KvseR-2#CdT+N%17%nPc7gEAX%JH35WUR|6?sc5U` zeZA4co@@{cltt}hbYFwt;T%VdBn;2euAS+fUTih1RKf=Ly~9TvF~lURK2%*KXRXEc zvOGr{2UaM;O%V%sFw%f?Qj?@FRZt@EXL~(#AI-I6E@C7bp6ItrWy~q~ zbt+D1wt6Gjx4t9Zoh~6cO!>n<@?XW3F4~TNoSBfBxMA_Ra;aA^3{_XRf-wqwfPro= zF&%q;yh>-cdhSMRdA?l_*Bb9j^W9zbd)_ZB)c|Jq+r7|)eLs=-qm~8(EUdP?WpJl> z-hPKYuQ{~qiFwgs3>QizHe@+U&IodHI9vaNeH(c0FdVbgxn0Y6049;=ye)1Et}&m$ z8Bf25df2pKM2|z0L$lu@+eN({Q(X7(QH12AzY~oI=Oaf=_UB`M0z|Pjpo#b=X2f#|MEDwB#&KL*zg7L+-7l4=fmC|j$Mi&hP0Ho zM+AibBFoEZIsmmmPpLk>>w!c~@~olNHlFikwWax;fRD$3c-pL03Bq?u(Ce(sNX&uZ z=G*fstS{i0#%w;$b*|8Tm4kUbQV<*7BEOUEb2*eR7U`<(lG7DjT2Xp4czgl)GO}NE z+%j;#B8$gjM_Oe6`Y}x41CAtk6Be=}(}f8)X#l#>pkl10}=ai)wS z;MXnTnDlijPI)dX$?p9wEHcx)^{GN%Cu;4Y1^%*wQ{vGjUki)HG)x}M-Pl>iXlH&I zt79?8^Nbk9z@Z%Lr4L2IXkcWf%K`q4zNqBh847%`Ot*a^kFJC3mi$X1mx_COP+$jL zn1HAVU3l}BH|j9qBl$ch#r1jsC^A3*1Oa+p?yj-dgB6d#`B{?fuf3YpEZQKqfHDhB z=#Tc{ePe~vw(GPj$0?Fd5QWE#AtsjWc}4g!z{;B44>0c{h($sTm&1BVA`JRBJhmcJ z2ko|Z$Vr@Eb8{LT6y8py);&J9iY7cUi;5DKMwEEyHQ3qL@QjXcl0EMmSDrxFC4aja zr=%lQVDq}^Bl5t0LK`ifale!fEX4>S0;G_kIyD<7(29l8Vfe1nbjhbBy#V;G_YKtR zpY`&h_Wl?I-bYHZYZii8>2EU(y#zjI;V7iy`9M(=V#QijjZ<3U41IoKVYfuE9nRwY$TkyD z3D#_JL=gbIBi?Q_G1+uNZzJ+tJ$uUNy! zW>z|jOzt-36ovyK;qT->ru-jVbOB>$uA{#{Q6?rAS;$0#lsjtYJO<(o20lOs+IU3A z-ESwqv6u{z>s(xFZCBv@C?4`<7<%P-6?zLk(7>qt!WV27cOX$hw?2B2oHknz%Z>_Q zc44Z19-h%3psB}K%sCawlcG4xrxe7Er7$kZA1~MLI^MG{8NLOofF8*K0TYecgfA+-P#8~xj8$K|<2@fY z9&5UM`DGHC07X%m_q|aMVtj2_Ui&wQOs@m2meUI#MXLN)LBJ?vun zj1Y%_S2p0-NsK*|wrIoqK+BU=3K-?=3U}FGf6j7Fzxs^CM`Y9;EyLKU8vN+O*b%h4 zs?9(3S2Enl7M{TOZ}pSm^S{V_}3O;YI&2fe@6)%ch3U$ndul5lkwvSJ28Xq-n6?x&AOoLDlHFmX!q z?wfPhYZ2pa0s}g z9*J+V$JA@>km^IgW5Y6YmamX#A|?%aSgKMCR0X+?C{LS{cP-AYhU2(23FeoGW-MozY@q)SOf2fBN&yB_A2~+3d?DTr> zVF(Hg#$s~J4f!}KKoXm0NR(d{^Sn8hK$)~oh*3eO`Au{8tUwvYb#M1KSGeW8Y0Y)7 zKA;=)az>^Q2M?>1$-y?HhGp;=y0smx@;htH(&bk9js1J36pr1y3OArUTs9pnVUQoobPG8)Pj0`Y02a+jd|H*ivRx2 zBfBn=L3=>nE+)(*;tw;4E_~7Y?oe#%E-W0@3R&soRC(rqLPf%CEUb9+1bl} z&Tg-WLZvE_gsGPs8!0J=_?I;BCWkHmw#v$~{{C3L2%GBnXt@2+6YJwIp=v!y*gW8g z6!Iy)!+E*6%}MMG-x|clo&X8?qR#@~PE6T`B%dQABkz33biQU1yA|WUBF;jf^To??Qm#?M?*SksZ5ver{o1~bi4k5Mtw(>)6 z=HP?W)h@-a7nw-4UBzG;20r-y?-{3xI$L22Hjy=BRqdy@<&mij{eWR)jq3_rr~OLt zz@642&3O7dhw}|7*THhZbcq2N0FI5Yn61fD=nR6{2a8%jAsK3!RoW_a=Mv0A3ae6m zkA3_Btw@A^H@_y?$|`Twg&wu>{yGGFP{zF8pe$S6cy1Lz`laah-SF&>cI0wRpgYmn zcSs$M`i5TD5A)oO6xz z3rmW&=0-uX-Nz!I3JQXX*BBWYXYV#l_R5+M!=;%Ul^6Z12Hb`-^2-PG46wV?0{<6?i_!+W`8&g`q9(EKlP}9>#b&Xn zZ1qur)L?44PUZ@%;ZDLyUM zeIlIIdQ?K$oy8SwJwpm5=6Ffsbs_+~?ACX5OiUU*#UYcff+@`(g{2N66U^E|*K zTGG9Jw5cNE?Wi2bKlg0iR`8$KmDE?nwhQgi79n$8?x%(2gx|e9YPcM|>-!VNxm0k7 zxR~X_SGaY4viR1V3J4icx=aE_Cq+%j!SgTHVSK-I-aM`>;CG^Ur`PzkqdcxjHamIvHimsdxeSXxSYDuRfu4H9!qWGK!^XItHg zUJ}JeYcapRL9aZQloz>4m*jy<|5k9GmH^Nwkeb2X0LY6I&haB|j~qnm4NPZbN z=C(%HNn5s1IElT1J%-D8h7`;`ZTn`P^A;T$dMNi<#* ztuVYChiiT6)${^#IsDZR@9>^lpOZ?Z$U5M);G6+Rg}POyk}wZNhj_N->vpmzR2 zXrfm8v)2=MiI&oD$`IU*jR=A6lPsSKeYk!L_rBv4D7V6*U!U)?9KxDu{n`IL-5>a> z06I``{SFP@x(miz`9cQtPwndeB zVNrGdClA+2JlNHg-b@e5+Nz9)-?jG0ktq$Q?T9A?3h-pf0!Evqc%hbb{c&SmYejHw zI^`sKsz2AJtBiu-hP$*E|>72 z{C4f{hDcPHbs6nHZB3yxRb7gK4@wr?hTio;HHCmUN2K0Ja-t_+Ba+JxeBNFk8m3c$?G zip+~dWIVHxfzfUPQjh{-+wS$I%n9I>D}kgoyWHVTaS>gm%PARL8Qf9UeDvF_e}}x^ zr&vDxBd-ds`+|AI@_2bgM4%8|Uqv|66?_plM?4G)$r!>$Z$PqNxmOdHyk2p)J^%#8 z>7z-snKQ$cy~F{uiYiX}swHZ_Jg?KJE;S+$kar9cv?05}9fb3) z_lNT|bUGowCdTvLWpL^J4&1rDOOs6np}M+qlko^nhHu^=##CHSwVnWO3|3md(oI%~ zHnWrU_9#Tcsf_9AV#3^79}e@wqj#)2@2M1_v9n4XQ?5ju!Z^+w}O z&1x0|u%qSLPNeI?}6M&;JuQ zBZK^KjG8QcNALO7mAIj(--^h6=lbNO7>@P3s#5;13o0uN#ehOe0EtH+TsJX%C&QDd ze&r;x2K#tzBVx5H!|S;{(Ec0kudhj*xQp)ZNAmTN$^J&ZBp9 zHRa_qkBM{pHqX=EUtTt?7H1}ag|{x$gJ&+cu<7Kvn|RFBNaIV?AVecik9Tkhnn{}r z^l^0sg*@l`^D}!&LR@$sMm-XC?jsU%g~zR#=d-T1CF2_uyr18SRV91va>HHhL=v~Q zt1HcCa18p^giK1x<21ep(3g})uMa+O?+xroSLe)=1?Jr0Cjn_hmiH=+N||;!c>|#K z)U@_ab(N6Mr2zE*A6l?eLqpL!8!wl)*&HU&{5uiQOt=A0sfp#$F`Bc_a zSr{9ys-Ivh{FqZJt+w!+%Jlcm0#%*#L))ciFZw5R^RIjz&>)e9AQvTF#I7CDd857k zl8Z+9#-48N3~gNW(qq;56D??}C72FdT*;m=s)UfklbPN4r-WV03#hROx4SRr7#Dq4 z2Z8@kKm_}Vkut@=&ZwwBp2$Of3p85GB%EWP?x5|@4>pVa8p|COwl!Ww(s-#;NA(t! z*7Gcu%ax=7yNXZI$xn?ZPevAW=%%Jk_>$U8W*ZGv&YxTUhNCHB1hxYNTUxIr1#)vJ z(kd9*bgB*L|O*)UkLGoMiqoIbzqLjI+Ow599<#A7B zI+WJL&8n{|$?@ZB>T#*SVZ(l^kxy+<7k0CWf>L_0W_LgWq)w@YX>ztbkpFbUac@D0 z`bmqhiJcE>0mAso*8lMnq9q!w39Zbn*OYu8`|+Le{l>7e-hG$(5@xf<>tBbNHO&kG zH|~~58+Wty50m36I>r;>ftb>rUr=b@u0+i;*^G14#ehYmJ%R>rJRs)P-PdAL{DR4| zs7-Z4(>{Msp(j2kOe3-^9Er)3(#JujMc^GThmN>kc5E8UsJ6hSATOA3-u|T|6swE1 z?TtY|&+(i@Z*UsDQ!uFhr;C2_g@G3jMn^dC4jp;Dl@-U|{p8~O_>Fb1(&^}i_S69+ zJVao6B14&xo8=;e;KbtTATE&0KxYQ04oGfyBAc&_LCsDj$RNu3Zp3ymYj;bIM|U(W zE)$dU^KvB0MkKa8jz&i{_lfT<61Y?_K4JWat}HkrZPJA-OY<_;p`|9bi{7eiMVoKC z7bsOOlQ&r7iS4W%e9%!^$${(G13Tyu`|D6XzUEa+eK&Lr!|hz6Ora6ywuQUi0=L0X zxhJ7m309ewleu*%s~~-v%qZZ|iUrNu=`Bv9f5Xm)>vEoqT`p^P_-S%uxN}JhX|`bV zm@&VHt$wqMaq*)m1RB$02NcJtf{Nau`nhyPalV+3WTB5=to8A7rx0HW_`AbmZzV|d z?M>P3l0UHGMWIUK@KPS3wyvV2 z`s7L*I?85VsjX$DZWKhFzjd}Tk;-L+!DPvdI@op7y}yRg70{)n4$|bwunmfl*Bj;0 z(>{sgE+Jt0XKP}t=J7$@$v^MI_U&iR%8j9@Z?`%R6)V@DF3DXhF$cLo0)Y07F7x=| z&#+Ydln|{KD;!L9jN;&C7}ivoudFo(5cz}>eF#RKC?Y=~dVM*#J*L7Kcw(UFcC8~y zes0W^zI*;Ueh2*aGK!1th6aD~nGj1QUE<6)H346gc)ZZCjm9uKIpTl?jsJ`{H~mvy zZKyvFx|lcB0LTF(G`MrPUztyFW9sUqNW40qMG9qZJ(a~Y=9@QYq)Fx%g71BOWxAjN zju#(|?g6PKtZ=*aVw5L!PGQzzO_d135UrfLlfsQlREZGc87GxFOReP`&gKXV^<<8h zmimG>x2M~4&HpCKz`30^o=|}Q*;#{=L0mrvIQdt#nEsHZ%jB!fDZ|ooz!lnNoA!Wy zjSl4uo53`~S3yX2Gw0!1*m<3N!^)5qI5Do?#9r}dxuyVXJr2i|POQ~)=9m3OmN2wB zep#B@vTTCFI)7h;@|wSe-z)$6CPQh7g6Wx+DE~O@!7V3&$8R=d%}-zb(OW}8Hm8WSf%8&~7y5bZ)x+ zuk8U@f6q?WEG^u-$gS=jkogZ}#J{hGm9f)G4tlvQp23%}Y4hkUD*l*q-pZ5idrT6$ zZEh%HpJQ61SEci!X_6zpo-~VF@i#@Jb6@d}xWN5VA1~jbjaJUmAt%n_2l9&i4EZt@ zMWX-IV~>0=(0>p9SkvGCZ>jg+pAGv;R?jHn$VC*O6;ig1kCAhsSJfmgv=E;6JD-)$ zJcyCYkAkXWYQidf$N+a%j`dM)ATKA3AtSlL5GBgZ)g~3x&;!;mL2W~hny@amx&1N5g9*{TA@D>UqebkF~( z(gEk{A+SIb52EuEcnfp}t;~5`-=y)6kE)Ye&P~Ao_aO(R7I7Nr4OgD^in;i5=Grz| zu;UBc1!4k0QnMaZ$BlT5SfbpGvlYd8JpW2PhfQ53t~A>J?zIKyM7DA_&Fo+n%hsZ% z15V+eTKmrljLcx}v{-^CX*uR^#;bgsWmSW}>#g}{kGm&KZNBNyme$9yw7FU(>(M_u zw2T@sm7>_Yy5H7+{?8r)7b;!K$w`^9Xwkwtqr5v*1U*RP&o#uF$#TVh;llN@D3GUq ztHNsVCVNp)^vwH9A4hYJ(UB8M%*i81?VsH3p9!$771%0{|4QU@k4bx`w&#!D75gT` z`LWUIIUZ$|Z*^{?@Pqm4$5ux1nCGVv2KQ0;8{5kt|6YV1RNpp3Uqu-QIs1W0tu`k6 zqVQLqDP1b)5L4G4*IrU$ZUfuAObwOxwL4n*I5Rc=lX@#=q5&8N@R>{a!HU_#RKY75r-C7Hw1 zb4ga%VRhXh1zAZEPsTbjvwjZi>NwsBHK%A8D7z-isb6-keselozA%D03{G^Ecg+Pm zP=E&q2R#!;<&^A2>eaJyt-`MUZ}H*6Gza@ZHGO9nnp~-Q@iHgdPurLG^$lEG^hN;w zXl!h(0AXfFzj1mqk6uops4L2=US~;@=SJsavQH5QQMj$6I2s~-$NjOTrhi0IfJG|F zdXFn|I-V6NkrjFFM&s_sakBA|yy{jK+a^QPM|!q81Og05mpIC~_J3N~p@%{Y>0iND zfB&n-yC9@6&d+4hZinjYAIQ)vP4Ezd-Y+* z(9;NLHf;2wDu?vPy{Y>)OagBw{_ue>M|bSE7eSQ+p=$USe9-^T%IxW;7jBjc)!62J zUHE7hEY2y7MhOPk{(G5$jylrO{KUng>_bxJdWHS3H}PF3&*J4i-s03=mb`AoL5?H zLDZTL3`(>>Z>4uyLzMy3Vx@pGWe)>kTDB z(2e&3J2q{t+Bdy0GcRJbUV+@~`k*POG@-^&g?0!>p!D9K`+xFNm^-e>y6H%2#1r6q z-9`*46YvuVLSwbH@W#5R91mpt)hcB)*!l6Qr_NAGhq5bb()E0MJ=whMR9oX6_>>=> z8^hvx=dg^{1Ylw0Hrjv@R5!pVnkh@5dC!A1ShMPJF6)>AK!bX6c%dgi_r*6jIJlD#ue$y94gzg*V<#=x5wbC(K}br} zeDD#2CS9N>3#V-&M9-tiJ8|fY&7RF$pD<4BCGjRSPPO&#fqeh`*9vw`<e&~UF*O1+f|t!w@cvY^ZFFYqZdEq~5LuZLWJAfJ-*^qd zj3h*$cbd zEkhNhgzPGQvBQe}%5Fau^U`6iBHpwEEAuFkJQGk=$vDCU&kti|0$+2|g@`Ym%`o`C zcVL{|#ML#lI+9xcwr%ocTMkZ{LILJfO^jBi39V8@PY>BKfbP|r1W)TJKNEtcHghT! zz>r4NLN&^GX8JB_``L}^+iy26ULWa-2qFjYxMlMc8y>d>H_kG&{KgG>Zp$WK@IOdk zhkY(G#e3ri@yQ0!(9rTN`gF$GV8yL3OPIRrPld(uu;B{B0xjeZ{)LMB>s=_*$loqZ zj@~9uj)Y8(lFLX^)c?~j&oqM_7ldrbP({-3>>S#oNHU%#i^l;h&{j+Sa~ z*1E9O8oo1{iKH5V_hs{v<+W;X?ul$Fjwd?D^tvhm4JN*`wa13T{C!VV>)dJCds!+> zc;O$2$01&cR;A1`xAt|VIEnK0ATv+%G)S+6;CulQ-h3+zUKr zQ#AkeCOOpOPDaH9l8<~2X0|E>Ff%;Q&_`NN*xozuUUacK zW;`y)(kF64cjcIx{{gT{$yO|Bhrdc^nhkGTa5F3676WFje~$;RC!UH%CXaKdi*btf zC{`nrCJp3jOnAAqp)sG2K}#6EJuaRt@KID-lvS}+{JYTOhgeD^)*qW9SXU%J)%g6q zUIpmYx1x0l>2kf9jNoaDW1-yWk^2M8C4R`M3nk>hkCMQeyaKdyxM)E;E!W}TTkSdr zM0^5*$(%GmoWZNOrp+n(n!%Kdu&3>w#20PFTQ%b2Gcb*5%2Qn26yZGm@~)U`HBJ z9f`E=26I`fU2DQ4-GR%f&@&go78Y~VU_g^O%qYiX*p4Cfnsv|2>|w4HF`(Mvt}I1^ zz?aOfTf&--NOaBpc&KN;yv>)@Kr>x-S$(9JFGugQ8?E9wYRTA&wMIW@ZbSE_M{vi$HcGt9T z(vB;xcK*xj5l!nqKxMOTF;+)^(ygB1bE)%Ub(U$XW^n#?pjGu($z}Y*jsHbWCUvtA zIcDU|<8Dku3K-(%)>a7WB41q7a5r4o+AC1mghgzVg2it4ONm9GRPUQUtMIJs{1=pl zaed{Q;pA7V@4Euft_>{lkOaVajy72A=iJIjGZ6wV?Q!l#E#wgb`P0?8LRpgNG729F zwcq>i(=c}0U{cG@z`L;qw0^*+tTV>N`mCh?jqre9cODFgW^}F=Ed?24_Bd-<`rk)n z&ekS^J|DMqT9%zGDiHs^7g2C1zY6$_s3=~#B;}UQ$cT_}8&dl|hUi*+kD9u%F#sBlsp3iyQ^AkZs zi3=%IQ?lvY9Cgf8U`=3|_d>S#;3@qCZKqT1CTjbgk!ee3L9`rmcJC(-6hbcfVU{{7 zUX2tZ%bU86J=ewRdB=2|!l#k=^ciXNYHpR)55h4Q*W}}bKSZn0QO~tGqr=+WFgZQq zP;gyg?qH>1($&sio}(WIzN)BTWwB&DBlQ=$9fc;u-X!&Sq$ploclEd3ahz)N4(l_O z?DX2m4yg`^=deHs9w$xB5`UT!6KSf7kJ{4X`OWr}&`+#1T7=g+wj7hPVU(lhqpS@{a$4@ibqUDR7uI3}fd12)Rx?&n6WSmc6r^v7uwqj}0Ey zR7^y8AD@yG@b%)HL5A~0=_PoiP+8L4@% zN=sj{Pgv}4H#YNFo6ng38yD3HKHrXdpL8NKe~Oa$gcGuU?ETCu@OYuLI{UBpYoeNR z)r<{%2B*j?$sm~7ONrzQ>hF2iyi>l#jrV@o6!7FON=`|kCu5<|SDe7?z_qsc0dlm) zxsId(M4Y5wo2qq6SRe`K9}-+A2_TrqyBPJOGBP0Yj7xe`(*OVV3h-nQ5LZ;~fA zYY-Bm1dB)A{+wj-a@B96^;*o=P{OyMVSh$7=t43`u&W2d7Ql9rV+<>f&!$R|p<92c zBfK6MjbBTD2Z%{e^s@-+-UZO=R8yqY1UkAlSF8xWPtjwDq5g(Yzd`7;O%9BI{r6(d z>Db&I0Yj#NkodwW%o~7ogglP@YnkJJk&n9g}d@GFcpGoPKE0}=70zPw-g({&wID>zUwaUug&uRbwT z0WW#1fk%9ZkbcP#_qB{cE?IRx}MCnvEHD@xdEB`(E-UZ%|c#d$3$z)|NH7 z``HI=8$flm;*t!x>UNuBR^=#oqH@Hgvn?$slbdA=B$Ezbk6|a7kbUv&C|XZzC;s4g z;WXJ$vC`JX%Zr)+zdH=1)wmFFdr+=nwXe;;Ttj5h{4Z*aWZ6oj>ZR{ z<<`7YomDnZ1oT_clVy{|LIUHzz%t3|g?Fj9-;SRu1)Cp_{ogy?H78Qn#Pv;KPdW7q zBE+X)%6>&mDhk6K!!}XgRzp)a%%O%+c60vif3H>$9B=-0MDm0&R>>F`iC0R$E(Ipo$(^ed7?@DPW&%0@V^ z)vRfULU@5xgA19z^GbS{II$O=G!FC3OPeAavX0pm5INcJn873V5^6VE@a>ASZemeT z{THEBqG1*9?P9P0omdZ5H56KiBnnvx#I$JpkQZs*n&*x;ob}Ew2Z3gYfy1uK9Nw$ICDVvev{fg-1RSQ1-0wSSV}MiPi4^l%VB zDu+T_;8Vlvu39!72u}*g4x9jGCcMJZ3NG$<0t;a-0`ig7GO@X%#>XR+QAU@ta7IV3 zB)Ij+YU}q_XXB=U`}A%o`&3U~i#T5e7SP1SslA>xOhW$Om(^(7(O!0OTMn-iV=twZ}R&<#?#2w9fp z$7>&(4j$7t^?j}c{*@bF^;k?Navcan&CAKX&WAZSQtd}hBR&(=B^@r$Eyka;gbUp5 zUbr%8)X*>{{@$r?G&D>FylK-n?WPN7P}9V5u-=H^v&RwuDsLO~*K_MQ4l~REa(r(9 z5E{;dRBbdo;hDZs_o3)vv7O(dIB4?InfgZTssHVd8FJ(?az3q@X`IS2fch^OZ(pkC(qStRBLQ($9+ zFFChVDo~S8a>G4|*FdqS!8lA&AfD2bU3Q?uW4Gr_>C;(5rn9w{)BIKgcp(?&xL<=} zvG2mffZ4UjerCtCFC{hAUQ;3yQCk9&qoXT!kOmQPD~zy=Kfr8dh0SSG^Vk*C&=Btm zgKXl?4T&6|w1z+bkh~ok9&*bzjD~w3HSU-#esthH7dPIYX-1skdDzBZbh%wETaB-g z`Rx?~utOSm(lP{ydA(kuKEt9)JI6jlO3rbaI`8eb*QRGzO}38q?365|XYOaJWY`{? zCyw`y(fEEoH=j~1*$pxt-Wex9%sMQd?}t`8E!aP|;N-Tp8!UF#wQ*hg)4rl2(RT~z zdhRVF)%}PWAvUHK8Riw^Ec(>I{{gcSznDRcMkSQQ%FzU*9)mLCJO)1t1t-1UY zjkO+g;H&cFVU>x@B`NZnsu95GaGA8v@0Icoev1>kDvKJW)o}Q388+7~9yJ5;M^A-b z*Qwy@y#Nvtl6+g+%U+KydKcSm@4Pg+FV9|nH@h2hCq5+UL3+Xgd)(}DOc>&}O{-6D zGp$#@qUWo-90Ym87t=PPomvAg@ccmM6Hc+Pq@5w2?c1A~qg$)rx0h8y=FB>rwQp{p z{#pyhh5J?G&S_5dsO1(8=-5at<|uv1dHa5$r>;kSw(FFAI+*4372`2C~L5y;t#C~i6plTi(AB>nli{WQ!veW8cnqyvXwf~o;D*bt9}h6F$()y1Z#b)u`a z*a$pbCAdctA^L2fPF%9HFX~yi3%}?mki|-CxyIgpm#K9f7RE~Gb%XA*8|7W(J>H~9 zSh3nh#&`Tjb|P{%aI83P|CtosD}b0s8^OTv8@2%EFCLq*PbE67Z#b7+Fs&Na#gu2K z3f@iajM37#dWTu!EwcBQd&cB*m`q$%9Bv4R({_<1CJ_(HIEV%179P7@J>oLz{9b*y zs&BYUHdm$qBHkFA74GWCyK4Zz3MjV|!5`PU&?-HkQa>c`MYG%=FTHyPfb#W5qqjjh z|Mef%Ucww#`P>!H*=09kU7kG}zMD0lo6Q(Gg}OEjNXC<3w2ogqJ3YoU&_dm6PiKx0 zR%A*i8SLALKOe67(^y=KD<-pVNIs*(R}0=A_X}P9m835BuZxn-dt5NxNz(+#;RIi; zTn_4kmyTmHd;p|tEtFdd|r%(xXi8xwXzWzbw06>Ps6aGOHcmB_$6G}q;?`<7gDd%msraD!;Ml*S4e z>|Ln?J}lV%s0q+a-yyJ)y01i4C%n`4f7k6{l_2=5H3#}W&KL`9Q=2e&J_6KY(@WD=GQ z1?=Og_3NvuUUCCz@i>O==>`^0IL^NmL4fhUJ6(+1cHK&{Hm#})O?N-^<2`B+<^?8U zKJFe=pSCzWrF%cE0(lkjpCD>)Z35qlP1V)0PigabZr4X)090CV4#-7Mq0C2PR!V6t1C*mj-P=Y;j`stUsUq(>XQ=*@cQW}tISp*#Ib0J^8KE#UKP_@ z73dor?&(z=iK7=ym1?9NDt|uD$Xj}3`OzmYBlr+N{vF-QGENUv&n%_p|8q&&E3KG8-DMh$)& zJd~h&SAM*}$|sl(;WdtS)!{wnGtAk!^I;!7yZ&iE!cP*x_YmnlwGiRBdn57WUy;gW z9d8JLK-;WmbLk(;j+!>EYJP6U_o5!X-S;$LX}ce}0W=-uh)&}SB9w$=@B$2vM=Yw_ z!K>1q>i#Kk?ftSguJIeqaGErGX!zljk8&Or2yTO;0Pq7>n3gdIg921hk#vG)v zF<)%^fyqrB?lcUN;W%g>h*m+#D?!QUguGa#6q z_A)m&2SAeUYfY=#5VY1~6B{EJ=ekj8cT*?ojm@B|C0_GI0-cQ(|Jzh5D6uFVR6R^9 zVWTHZ^%+n;-Up#K85{5HvL|C1y9LO@e(Y@S_R(AO1o_la1GM&U7Zcy0e(ylUG)wah zw&8(dXXI|qRE`PUaKYt-3tBhYMA~=Uo{8B>Tgi2!0&1TQXF`oLrm@V;%ubiiM>n3W z8eUw6*-lMyticAE#2p>ObgiseIlS3A7`StDyVDj6p!7= zqIks3*p^&aXg}P>VF)oGEXuVFOvCL$h?SC-$4(ZKW82Y^Hn&#Rb50em*e5HkOzCDSDwfoiH=~=BXpdjR)_}MbqX^E+ElP&c!r`q z0su1CqQ;x9U9g2!LL|S=R;@N47sd zyD*v_^}4giwzlxmalQPOhBLUI-Wg{q;q%)jP>DrT><707-1i5)8lq0lOr_}uxuIL} zmH7UkwQ24Cm?x~@p-Fz;(K?GiKVLMQk2Kp1me!l8Aq~0O@8})ORnn2smRYym;#iI< ziy&KQ()KteTN~ueNQ0e3_Jb^QC?X2)4?+S+Twfb*ZP73s6U8SH9{T`3xZ;;zp3@It8`Q z;`FQssu+tAHsdqcS1hFwdFBK*ULQ3-s-P-}OYCpsw61D$LtyU(@+%~rA zGeZ1h?np%SR{InfZ2RRklqrIiLA%xZz%A z8VU1y<6B4#o|oRJmf@avrRk#=u{UT8oW$EJf(3G1i-DMZD*`7q&`Yo&p7*FwR50~ZMUBRLmdVP^XJXL2)_AB-}>QNusJcbfZM!lbu zHh_fAyB9z>4`KqzF#*h%@K{ALl~Jok0%0kD#51(q`_R1U``Dk(6<|sw>C;Z=@%lgT ze^6)`x_^2-+Ai7Ze*48!;Y}(fB|VRoC09;pDXvnYMQbVay48+cg6f8@=ns1x_`yUX zfcI*sS&u4zy+My)w^o68;^-C@OTRmj_O-dqjqusw$koEG3ecln0?N0O83c;PPJ86|ReOVk zscIGeHb>S(2+yO^U#n%w-Kf5Evm5P z3dQF34tcpMagq7H{5REz7Lix@(!mwaUhdx^{RR};?Ohb6AWrvVxB(5)u*Wgl1h z!@XXEo3&OqJ>(E*KJJ5I zCqj$ZI^GlMC)*eqraNZKZq<^ni^FNy5|iHvHR^P!r+eg*s6NgxE|NEn+_r51Vnr{* z?vulFCC{tQpH98a`2xPTj)|VfF}@`}x2uYxf8X2b7ZMf7seirfB!gNcpZ84%_(UewYinS4wi2zP2* zL@wSL5hnGxQWun2ZJE>h?I>Vpu_I<#57KNk9&U#|_>}Z`uY@0OTyiK*ypWxpp7<*ISznoqraod@xo>tX0D_=Zg^0>7;I%Oo7 zDKIhY4f`EyTG2Ha&Vc(}Pat&XItC?Yv9eHbx$I172QwbM@hV#j7y_KlN&5bGa2p_4 z^5|;1mux}`7MBfvXTbX*icy!He3nU(>;h&Ie{z=f7cZj3ZR-5qj)o^^*wEJc9(dRp*&ow*{>{XA#V@|5U;je!dS?E}t{)*< zoC+q;eR=h)5$TC;?>4*QY#smp*kj*BNG04MSA>SD>H{`9o?JJJ-jKY<3p3#B%o z(f&lDb>cH=a|E#9GfkVbRIPCAvL|S>zWnHgO6w?rA)|0FGOBsB%?qx(laEZ{5;kst zq%jwzysjWASuFV*tUN-$wOz!FNm%@oM_I^M6=-dD4$0tA{ykiMe3Ye$wgsG8EAIXz zR4>zR`Ae%bu+K1oF_=m!i!3`Y2?oMZih@=uV25Wr;MH+M(Z3>Q5PehVa`sV3<&bpG z;cTGk+a=jLPibk}*puT7=E#?=EXs~Bz5iMm7MU$c*drZ+DOiFeuAAtuoT|9%1_KTF zQat9y_F_WhIk6#je_GVR!A3|jl3$?aWdL}lPA21JBHU~N#vq##?|1pfuGwBzLI6e1 zcJ$m5Q}C&Z@c z#jQHxMbPIgT`TsxJ};dj;@c>SGy5(waF>p;*ig_^{3fkHEAF-u!g&(C(|Z~fM^>zP z)l)h#+tjpS)e#X8vF9yH3bi~fn6f-o3;x;;vp^aRRuLF~`|71lbLau;FfKeaoA7;

60h?V9 zmmC}u+Z9U;1}%~UgJ;qjD=zu$QW`1r+DM*=#aN{Mlb2}U8IaAwu-+&u^$Do~FQXpoml&&*!hpkVx*WC2 zw~9O1IObRIch}zZ6QtxFIl*`zvg8nqQ_pNHEiKX6tx?udobf&`vOW)mc$|!f$J?#I z5O-m|D4cXt?|H?aXAj>JrMR#wU?Uf;=idc%@V1Yqlbna_>IHC}(?^yUtw&p$;yeq{ zO1%X==wqsC2-(v!h`ZQz7DmsFZduVQogWH zr`!P_=!YzLq!&AwhiEbdf*P20iC$?J&JYNpz}eS5pfNaYaksps3&iLqQbvzA_WCL4i{5U{@NMl3)Ikt@Sec%miKNDIL~Xn>)p-BfkwJ60x_Rg2~#V z(<7qK&G&7+GczDWG)4X>FMNN>N8w!lN#9H35QBjdF;M9_=7~vJdQU*-OiKDA&zH{p z4TLK`3MU>bX)*_M#&rIvez{TPL&T|?kRx~F=f1Bi=7G(iM zVHq7AbkmmnvegY(j!;9<)daREo&5b3e5=_F=J4mw3zxG;48qoD7c8S!e%!R(FvQ9R z>TkJ8h?1H)a>#vINMyRW@-Ul(jI8aST+@MP9lifFNP91z#lXfE&AxhR{32RD?|iF` zu(NLM=$laf`!vIJ6zRS^+*FD*Zu1^YnF+L!!Le@hg8{K|l6hTRf|RWr>#pwWh^<>c z3FPXGd?64L@p^*Jh&{`fZy7RrF6&L1y&?Ql(o#8#nJkXBY)BgjCy}3YXuPS(P3|4& z#&D=pXYa&9{yjOo()l}pEgo1wzJ9GZM@lxBJIU=dWTVY7$%2x@-#|0p;zwUG=^ND+ zLJbyV3R&A-ew%GwgLu0ALBFtq$t3^y7K_U;;id0$=L2=`!fVOuc#PAer-U<2ic^R3 zD1APBXz5XizTIfLJDEwB2?%<4lO5z zeEs{DIdEOiIcEQhavT>R@o4$bEcbDT z#1(b{rIh8`w?QwNC<6smhOL_!VTJ`8f^Ktu&x_2sko*jP9WZO-cUWn2 za()7ffxLsQp^c|@+`)cxifj7bN^XQO7bk9baj?CHgHlX=5m%Qj!FJI$tnAoi`>TS7 zV9gZ423yN4c#xYdJT}6LaN6-@{F4Ui@mK&X(bR3DLgRWRzzdgwI^v_M)8$;6cu_w+ zu6WcfK684AstPj+k)9F0zD$PI$_B~GDrQ3XOiHnM-n0;YQ`N!Yy%oVtk@jC_#6z`T zGYM{X1BSFn*aS%kJ#FsKJjXmYuA3#VXgid}4}Npt50<85aX9&lea`U=mL6dJAuss+ zuE5%)+nAE}K(GxBHoP)~!W2ZoOIMOi>qet5vN?7pS~6W)-cyx#uAo?ju^*g}(_lht zCT%YNO(AsP3`4n$SxDOvLI08?kSwUE%5hhfOSxN4c_LCKDK?+r`Ycl-t|l$f-0-lG z)q;T2I9@x7g&iYt6XxMhIHtbW&GWi3Q`&Q zkk)%`2<1MnB7c;mP`@4gwy;?_+t;!DIa~Ap@%C0xajahy=S>2^A-F>V!9BPKhu{vu zA-HSfB)B%g9fE6cOXJdbAh^@GL*p(}x%WRaYu1{19Ul6T>Z<;#zEk_`^V@1eoeaNK zu}c&<2Q}v#TAks)Oa|xV>E0i&)2(TCe&VlZy;<8&-m;u;&aw9QTD)8g?VH~I*D0`@ z`cu>;9slw;T;4JePO>$OF+g{oZ11+oMO-db(WoFmGr^%gNBrek`sq(y6Ft)1n5$$h zKdFTD(P0=jdOjTx0~@s%ohc$L8d2B5M^gH|o}n~2{o(;CITN9SP5wjtE#8p0p$96B zZOU5yt^CQ9*(LH84fc?tX{^C(v!UP@R-c?TFvB-D^BP4$BOXa>+H)~|j{UyBkEiSV zBDE_=Dt)>^eh}8A*?Ki;&l4VMl2IrV*=Pxw-h8ZgmmzE80ee~d3na>&OTLql+++Qn z7qF7;e4&2%BfL|Ck>Mp571bCe3jQQWsJtF9*!X((s>+QKfvpDvxbM{QY+A~Rz1M`l zlt15gDfeAVvdGBrlk9KxHye7p6^CyLmS)6{$n5JXEJIrhS|8fR4YZZmu!@Q(KRcyE zzWf2}`E)gYAT$5h;+=2ScsF2;3nv&(2JLtuEnOmi8e-(|R0&vyBco2Cs7f2Wq z??K4o^Ag`-j_hT)kL>gsp#b&};PYgLmj(Bx@W?N)qPF2BWo_od5el6>RULP4x0j|{ zt8Kd2e|Fm((DT>Zr6Gk7!NSTWO{7%znJnJ7wxemfc?xYS_Qy!xvRWm}i>yWo@n7pu zv0BTfGyakKQYHnZVtly~j|`*EB99p0KNFsyGN!?x#U;3wO@td<23vnf6Bm!(s8onm z4_rq6F$E!%Mjfs_xA^BV^>qi%7#ofGnKXu1P<#L`pE#=I`=2HL+H&L=N#_Z0rD1t& zCi5+yO5*JGJFbzCC%6Y5{SbjE=`4jsxL|o|_8iPYCFRAFjhcu}3s*GvY^m0fl+(MOT z%48s1|BDpqcdN4gb@NLq$XCO*9{OFqFcH6R;`3LdvDB*C--;yj!!wzcA4-tVKEL1Y zVUd9gIVW0EZB9LGjIe(`{z#O(a-Hy;XY!cSD^^>P^A7K1s5K&K0NXXCsQ4tk+iSM~? z^xR$TuNqB6+Wozo-JyNU;^IK2D-ACRF7-_)zVvBrB26a#G%0TD3+J)6 z>(yY~_M(?rR^-Ej-tP3YJIiXthHYo}wj5)Q8KlED78apZ{(I~XhmlbW?qhD8Ky$Ok zt~_#5hdI;-{)_a|9q2%onm?UX#LnjK&dm{1#17F*3B<3wrHeoHuH6FF7mIx{~S}A0Wfz$*zz&51(KPpRXur9z+L@% zNb6GU*5-$)yCc`MIklm(Gf6^Xn<_8cV=@l|z3-A1CGU?KeKEA)^96dN#Md#_ch7t- zsraV^ET|Dbm_F-8KeyjFlGR^3=xC~b(>zeuF<6Q2Sh^36Y_7eGp{lrF{nl^TTgEM? zp+)C>$rca_AR=h&js3j%0SuF<@m}|bL@nM8ZS7}b202lhTi=ZgI^*7wE}dWP=(bEu z)s;mgNlBV&4#rD!HEPKgi4{x)oUgn3LxNpt8k{mTX%Z6lB%fj@zSsuV6D-hI124$yzVZN6r^ zHvTJ0>H2YQ2dKrGACLg-ici>0olC#Yr4X>*aI_-es}Zj34?T!vvM0gilopO!Ada>d zi&uRah!z$WtybTZMIQdCdH`9FUa!`qrOksa_5N14E3P{%IuK9n*BE49H9nN0B_UW> zO;)#m!O&uP!js==54+n(%>whd{cy87+s9VYFx!i?@oi=Qwq^U(-1b}HM6SN-QpMPa zix~K7;$if9v^!sUOrvER^c*%k`uuLi>mbIX$6ygb=@n{x>{Cds?6yxQI4|pk-YmEWRU`e6K6-2*3P0C=RSCtZj3xyLRG&L@Y7&8^} zHW{^6Nyv4Fc-?Vi*rAyV`-+rX0}SVD3iAYOJ<=Lig*2L7a;lQJv5hlS`is}aUe>O! zWvRxaC2QsE59e}kj(I!4+*@iq*x?iLd8*wrpa4s*Ni9)=1S7)Y|tU(wSbz zu_t$=RZ%Ux1|d;6^2b(*k)I-+r|0hB5DcTc2^2nftNi8{D%nqded+1WM~(sToE%@- zvhl-`CKc>O?Q7*>Ca*{x;q76gzTODjlbnEOy@PM-0wgi}$@VTnaUUfl#9?~F=Lx$j zc-jo=^qJkA-N4M{K5xyJJ*raB>OK=|SLAfL3eyhu;Ar=sF8-V2Jxk-QGSkDRXN?hq zS_FXqi^cA?t1>utpCP`+L|k+LW1?(Y@p8jA!$?m{8@zlwdj!>fdKvKaShd)U6#IK* z#6xJ2ah;1rA%!(=H0c7Tkg(e_bx9DJ{HzHQqnV6vvNeS7c@x)PSXZkrNcMPdDHrwu zT(Rk`kxXE68h@!%S41Ht#Zh6f7)(_oz2{zImY9~EqB?vUEGM|Z8__8H=n>k^~ghTAjGiK+m_{nHMn$ zy#_dV!|OJX^&EoY+UE;VO29(;S&K!iwpTd1`9`YNwSdKZxlTxN0Bj-8PcNz4(krha z<)w~uF!QqqE8s*T^ES(|RA&=IDpDPsSF5=FsYjpi>$-+ad?6-3w{~F7Tb;H_tp)h& zi(~b#vqk}k#lG?_dZ2aPbp@eweKUL2kxu%LQXkS6CoKFQ5b37+~_`835U-)BH zW_v9y>^8PB*D+gI2o}Y~<@cL5319WW;B9qDEsI8tUpV?M#*`Lq*~S#^)6&u|^%vLI zx#$(-;<4O;obU9kpHU_Vr_!XK_5A$WI&KiHla(Uf(l_~d^#tVNh;T5bbsB1MhP9_n zrqiV>3>U-AfhtLl^7?qhvS3F5QLL$EgU*Iun^`Zf|Jip}#P>XydiuEe*4ytHhEJGP zm|xC{*(3DWOAX9avHCl2N&Q?3a^CB!&sqd2iO^<^m9urEdSDfqSXj)|xFb~A`t>th zOYJ$m_(7{`i6^3~t2%{QD%q8N!0s{f&jqnYRHp0;#>fp>EpBSI?3lv^qGVR)t|hE; zj-BPgo0Fq09gz;419>STo~=(U8$aKc=jSu}(vv~I4Ev!{jx9MyaR5o|F{jW}aB9)c z)gIf)KGGh0%)WN#LP0ZLmS3llL zyy?1mF;DVb-3AhuSR(x;HRMB%Zlu`r^Ziy*%HGfn=?jc}*w=5($3=^OJuOrn+L-AX zH$#LdfKumc5L5s7h_smpDI)mwOO=bp%q5TG0-nWWZrxcG;DXrhy`)_O&|(f7?~kpb zr^`#W2Fghz3U@E}X-m=gPJb;GB*r<|cZ4Nxtb*2vJEDwrfX&q2K6uf{0Q9Qz?i5jn zQJiacbc5}%1BQJHlOL-5OOr3!eA$InowW}xreXH9I(jy4N# zqlB+cU~yRqQAjzSVlki-SOACzEWAdVdcLwqk~}#N3}Lby)?ACQIGf+!F+D^3DM#h{ zh0mAd3nY>{b&GQ{J?^0mvm4oh4ijA2K6lO!PoaX-kNdDEBM7kaEy(p`>T!z6))K3; zlefyM=Vdi8q18!9W&>qx5v$Cdt1t4aXEj#;NVuFNQQxo1hlQ|PsBwozhv&mr8+HY) zSo)N#B;n$3<8YkQhb9h^t<`S4(WvEo-byzaOF;OyvvSzfUImuQ;o(UUA`*nmJNO(% z+(sqmRkTV|6`bS`SM_DO%jvuJ7;W(d2L`_EUB_rXdI~VP+J9ek7{Hh9bH$&StZ_dX z{>@0=4}$=IcI~I8+{5a6PCkEJXMO2pwNsbN)U4c52$haja_3?>Nt~c(X82@k^1JtY z2R`a`)U{h9gxHgnn7zt$u;5xZjq?IWUtHTL`IBQoO3zqlCz87G$%Cg8I)zkrY`?m@ z^*!RTAI&91zX$m$pP&BLf(WIeRIyZCo4X1IYH)iuC)mDc1l5#QwISj zMvf3c%T1L`wU4fa#>xE+&*aPO$RvpSSJhWTrWTFV=?~f)Pq3$3vM29Z7Hg1$HeiXf zeRATIj?G8~_n2L^ECJ<#?pQqwqf!d1LF8Zp-Nvwy2(7V^bd@2Zq09)@&Yw~F&^YX2 ztj?#gN4!@v3S#tR;@IMq$Jb%Zg)?!nNO`}`yU>zx1g!#Pc~Cip6ZJW zMg7r>kh*+smnotO-8LMo6%enI;HgzZ(~2h|)K=T<`4!fe*o`?n^Te({wJ32(&>^Cy z)or0Xo2K9>?JGe3MaG|YkEb)jmpDaroKhK0n)Lg%s=|dspt}+sAo76h06DeL(A2W_ zDeM*|OZwULR+W>GH{N^RJxAiC3#m?JR)xVdQ{6IS(^u+yC{31?MhKHTvSqT+0@HWUwVuZ=8;{-Y$0eWZr<;{B4=`$treUK!rqd#CRLWjpOOdsbT1 z28$Bw#?fD;H&U+n+$#!QkKoSP?)&fED14`8gxby;pL}1l23aP6778`JuZ2$7+(n<` zbJoEfB9V?c7v}osb@Gb<(VElNmK@u0bVBOuTv@Yqn?7aOdi}R`4X|tXylkH-GB;g~ zi!<@-i=(LSrEm1eSQ7g6dgJ}(I_(7nHA|``V-(7}fz*9#+cM@Sv zh^}K>WbhPL4&jz-LF+rB(NS^nh31mTg*WSpc*URDf8s`}Q*gFb$nuz;zTYP`omioa z0bt7i{PkSUq*TqG7kh4TEyYi~-n`xqS$KWxAW0^3c2AX@6n1%uB6)r<+errOLWX=> zf-tCazaQc)Vp~mR1-2jB{rU){VfYge3^08%rX@RywDy`IgHEaKL&JlGP9=fK{ z=@sWp7*L#mvR=mqfF|3TPqCgeJScf=nEl>>gjSpE&_Gbw)*8wgC^7Igc*On$j-;qUp zH>Ak!LfC$^<}G9dGIu9cg%NYP0nmdxET?(?9n-x?eAyo)9qsF6hupsiuZSqRXFEK< zM@l7IJ`FWA--N-ShCyfVj|}HPl8*W=+aS*ztY2PjCo6|d9IcKB_vm9?1zr3)fP70e zP8LDh*C}=zE|*nVRUyu|9-+fZ=Kds=vO1me6cpJ0c=^DGI)ZrW#zDuQ(;x*s3wsAZ zD?;~onV(skT`jz|jm}9kUG_m7{vTN}$r55wB+#7io_(=^ydtaSP@Q~a-GOU?PougB z4G#$7`rFzQj_R}aBe(9G9qx)x8EI(|ajU1hHMljy$3Df&UcPYZu{C+5!@#VtFXgAH z$6cPlqeys6oYP{&N@Vl9#Dykv!QgE9#P9K=okBSQ+Px9CvhExMeehxh@8!%{%%0<%D@&A*p=kj%~-c%;l8?@~Y4PyB;nOJfVC9 zV%?Nxg)FMWM4$Jtj1gyJGx5O*QYqrdU>+`A_h$0^`&EK@+)F8bf+0|Mc!;>KNFv&( zGl_%#I-O)SFrshg=aEq58nL+CckE3@qb`Q>A^nzvY4%NNyP^7+&S*nrG6EX2-Et zsAuECLP%_*_l8TBF`loy-2bN(&#Htw;krrr#iRD(lw+^?P2?m;e&~V!cV(E5F5%7U zE&~HAYhS9I&yRo(@x6=QKPpD0`R}Hur%OtI$~=qZv%78beUa}U2GB?Sk(#!P_{DUT z?Bcy8;gr_3-Hb|Yi1D7x3wXB4Y|;jr3?(~!>&aOuv4eu}z}g8aE-2}rIhCkTh=4U> ze*8zCGqgL?n}Hgt;}Qc&-_SZq1ZV8G6y{W{M|ROVZMOIUW;Jo|vSr&p)p_v5EmS*jT0BQEIN1{qn8UFuJ9}$B%c~v*wzR zR==nLk`mQ?c^imiXl{vumG1Genf>?Kc0R?8xalZo>s;7QicNx98 z6R}uP-~2@%a;l-@_l`fuDb;=SCf?!0yPfZUobVv50l$?e^L+pydbW;7H7m`JqJy}V zd4E~IzkS5eaSlCTAM-xEaGFXaCqAl2#w*U3!I*q}n^b5EFmYdMXjjf|i1kRDEcF_E zFJY6Y5RwJ72T?xb;$fG|rw)!fDu56XeLq1q$-=MA-{lM>^H# z(utz9#!m@v()OPz-rO9DXHD3FBW_|FSg%~iU!BL~Tqq(PA;;{jwZq(6SzkUI{!8f^ z=U7w$f_=nltuVtUSoCFx9m9h|-wf>_w6*kYVAm{1{(-Zx5k0A-6l zQA&y388-M{L^+*6`TdVCt;_Yw!-i4ndR(!Jy~<-r-GYcIn4*to`_GMOEv_E-3o|y= z$#@JhdxK`7o98(f*Xws(5sRnGlLfE%TK{>_sB$y+;rmv)l`ByV#(#cj{eo~8c^di^ zjDX7)GsCXm8KW8~_JFRpU(WKg+tF6-DCs|(Q9m%_D+lD}XvXA)6k?-d(3zTi~*Ae6w($;+Gl=aP# z=`jdpsU^NPK+#CUYX++ktabP4HqDttYH=^FdF<3L2V8eVdTz}x*F9e>?UvH1{vv!+ ze3bQhf%7qUZEE_KU*F#}TUq|sK>#WzYff`3<@N&PU-o8m)y=L-!1lz7DAl{lK=s6QP6xgz<0`@IyIh`MTOp;>g` zD+3{C$ZR6Vjgu7jimp!d-5os%2^Ddm1lZSLLOd!6HT8l%%N0xd4MjSw_$u)%^iQquvaM<;9rf|443*8W{*$fR2?I0 z(f=U)Z%1~)3^4gVnJJ6aI*|vK?F%F(YMb=_5nC)w0EWQ{WzwVL<1g<%rM`H)zX7wX zC+Yf2t(y0EYEkbHGZxO0gL+}_!%fT1Rax(R#ERB{H_>ZFX#9>Mx|`4yPcpb7DvYlRK>t9tpaBFjvbf!xXfzK481}{0(KXCtx#>f|LjNo(6dhNFzQHB0@=wBglJ+Vq# zwP1|$@amu){>Lz?haf`w-9Dn7+*kO%0&V=AK)KbFtHxS^4@K7_OH9#`WoJw>7m@D3=e$0f%Hgj%^MJw@evRHmWYEoPRk?&-LbIE6(!r2#5uq2^{_0T zAH85#^O7Um!&P7v-@oiKprx6`XRkCE3h&*BS_if$p4cCJ)3cxN@(K;adMp%|4s2{y zjEurE4@>wWBsgJhgNWZ+5x6RSoqFTOx+Z@)c8EJ#I1282*xHaQE{=7wwfpb#d}P-T ztH&M7HD%BGCSx(D)!!8~;=4Hb#Z1aJCHl+`m9^t{bi3m2kojL2cywhaaNn~6KV~$G zm`bKcauSoa>3psEQyfxAiO-HT*Hi%zR+?wDGZJ2wm=3u1O;gu*#s?NNTa+aXb;=bssO&7v2`uw>}@86Y;Znij14YihV z=dk&dQleR@7hOB;TH`$!rt>gw=gYIh-Fi9X>MsjK=np9zT0`=ypU!DdP(N;eFkBn(2?|nG12TiH!IY!bp8|y)J9_98~ojj9J zfnC#cVe%2wRJ`z~?_u|5Y-nfzsB3D}nT;8u>@OrqzCCy|8>xm=Y$M!ly?8vAAks|@ z!G5()(g;jI69Ue(YM7LPQB z*Uvf-ht`;ln?bGLi!zY^5hyq-SAnz>FU5k7mb z13lP6WKv%Afe4L%V(@jUn@Mt5WOEDNe@n8()zM6pJhfqspK1WOUtGYfvlR=W{dk_# z&)!WSU@iG7gVPdxrwBks3^1H__iBVO1L`h0!1b*@qC2?n5eR-W55vkkf_aX zQ2TjS{o5^ni+*^ro`YO}+wFFS<{yA5V~17QerLlCT(7s*&O@5+K}-jbjWOHBNDRe| zp9k0OT&8bUygKm4+N&|kwPtT>7S0BOt~V@2+XqC?WNC5vjy5+I4lQe~)_gNPm*Q;x zLv)RMyQ=^bY~;XToE3>t)Snkn#_qgvdPZB)xEx9eM*T2PKkjX|%I;dt7<$8*l5V%- zAykYE+4m0`jiPu7cuASvEgTe{tKaHx{tjZHYLe0bwu^Eg@r+L)OQ4~rF@|?xi5l(d z=9|eO-$kl*8)8hFXM$k3v(oYZz(V>Ws2iOsY6qMgvmOKi;4Ag*a%^1i;Y6$l<0_B)O=F3@QRQq1;`y+uWI27{Im+0K=|tGC6CF=_Ne}HwlOZLf7d&uUA*#@aRAwmmVn1Dgerh-pFS8lLgOFG9mmxdc!j{Mi@HBfGX7Qp1dw9Hu0yA4}v__oa3Lb0%mW3p`vu zV_tIIc)#Y|@060Un*w;8m8g_*$gJSr9aYZa`?I+Pj-K6Hx5X7}b#+t;q*s2fHgA*? zP3=`VwtdxNensIxsH!rCT092@nDwg(xVhcu+{gT!rnK9^fXr}PTK{p}bHF6*US_VM zv~9DNsY(rd5L-P`IdaDDT9p3rfnoB?!kQBS5YW`#wIhGKw3t54=&peqUgO*RfJJ4|S)2xy_BBXY9AcGk2w z%cJ||bc4fXQ}&CcWpNJ6RwB#*w2Y5L?)JUi(y==jWq$?V*fKhc=USgZMx6iC0>w_I zD_9AJ5vi+mMANnB3{YcWP@F1qd04>#g#`JH4SFKUAs54&PAe_`<5*fnek0I zOJ95;jZSMl$*?w0QSliCWT%+#@?@61BB$w(oQw+BsPEeC#l?ifjZBj;L^u3JO9@GJq7V7OYLU#sUVunH)6}#IG zM^41Y@%4Ikp(}FnY1c8hmx4wFAX85B=-O)^klC%rz}9bSJ?5>MthKHB0;c8 zU_ROfR^MQ-_^dQFP+cWgD-PkM+eHQ1<1f<89-BAX0wse!0ua@5yZ;EYb|ynlUSl^#pr@v zc0|Hi%N~muk9U{yi}lu%Q(0M=t*t_Sm5IPSY{}vK@#X(GLv#LiDw&N<5KHYEPn?pU zRbpnE+_edXyGdmq&2I&KKLlW`JbUsJFzW>E-!b~$t@+Ti8O%D6jPey;SN9Y(IqzI7 zjz;oFjzFUbiewDot(UJKu3}lr#}t<>MTKsG3`^_gE@)Kq#|a>XPGfnw`;*%aXI09> zjb;3CpxYdHrDg#e?>8%}k-O{FE#bXL=(w=8^Z;y;T_Ow<3e4nY^N93FdaQU^HUMcX zgkcokB_zdX6F?>Rx0pMUvFeK^{vAf+)7z)0Gz!Vxv?mc&~bo)_wRcd zk#K^;{YYs(Bu_HL8t6!~`qnxaaIAQ5m>c|4$kd6g4p65pMHEy2L(ctukyCD>PjCY1Ot^|mSHdit9RL%WeJYnIX8 zjl}35zq?Jzz?Bjr?i0B`tTOqJ`4nv*RLTYvkV4bbNjie z@}|6?_<-LQdKl6w=0lZSN1C2-`?N{!GxJ|OTHjS?Z>b59a6I4=!o$ZejZ;D1&=(1&cCXLbe@Qh!tIZ>*16u(Z8IkT)oYCbNW24$wYgLDOsCb8 z15?Cv18#O~2iz#bJNq=}LOw5r*!;0b19y)0zrsMYS z$xHEr(dtUU^DH-Ro#U%YdC0Y-r(qXN|KtwYu$X)rC7=!fC;!J*9;`JVJ{bjqZX)Qi z6RAbaNV<2iO*W-%zJ{WX80mw@2>MhtCW5zY)pUNn)&bb^?--P%8a!TkDn${nh`ZJ$ zrc1OF11Xr(Pb=V8f_@c**)8QMKvCN+A6_^b*%H$Q-UkZb&=y+86MAZ}jlQJG;sTf`xM1&g>%E6NO?IG&d8` z(3k^I7kMh)Zxt2H7st!dfe%FDr>GiO=`q%nM9eaUV=Fg{S=Ku-u%9hj4S6Hk6LYx-F-;IKwL%Z2y&c{Syq6-|W z++E2=yXgNuyOfWFdTc-6}AN=qylo}q*`^ocs1p9%-MO3|-q!0Y@ znw0-1L-+Bc4ZFQ0a-CsT1PJB_kS{RWivf*9#=wAFe1j2N#ERQdo|+^EFd<-j{bC4~ zzzCn!HtWhm1p=+YG|Lan7sI87nd&*e%f5g7TO{XpVdJmJfwD+I3d3aX{CB&+RW8oh ztCfJCSve*Kndedt%LOC{ZLcGsKw9>EqA4?n`q>@0zVV4V1ev3Rq5$Nfrg~x;^lnd9 zjP#zQp4%2*po)65NT%8C-*|hRYNEpfOgP(XgGR|JF?W-_vZFVgPRUs*EHO^{Bz>%L zL+@MjzFNC!Ac=Wa9{X}0uy{I%fzkz)Q?LewjQWZxW7e!#{e1vn(B#kHk3P*e^~Sd! zhDU4bQ-FY2B9TcpPu5=Y$(xo{cu%2Xpmnq7(g%u1t6-Qr`|@#jv-8G&)n5T{ z+?UkHt;l0^e1$Q$oUG@9*GsN`vjjRaWO2L5$uv5aLUglTbd_WmX6=V>TB?PrjFBdi zLI^7E!K+r}2SHw=>D=;@0>B{ug!P~0X>8}Mk=Cw{YkT{_?)~Gg*(t+0YiT?O{fg9I zh*BESn%=#D>CTmUY>ib=b_?AKpZk&@`Gqm7v;SPJmjRRfaw7)Assxc{un{r$c0q)} zumm(1#Y6k8aI*`$UkahKxg}9@RsMsgVWxw8hw(B9p#!aG(2Xbz#uSjkia~PF-{o4E zQ?4Bf;w^`ewzBFNrFD=~v^3J_Af>HAsE>J}@EBOzecSo9C6P2QPO*ak{O7gsH&Kxf zXmB>2puv{IZ&{%1z@;U9Q4PJPi+kJCnZu?B>R1_yRxD-V)9`?Lb2$JyeGypawC*fZ zw*0r)SMF#2%t!eb=WTx_$`&i+8Bl!28=XD$M^n9KvZdInzsM2xlB_Y{1?F9U{b-s!#|EFr(#QZ zvPFb=alu&(9u;$gF4aLtXBIol?&%EZfs+gjd2@rb(LI=?fM~pW%Z`C`@Qq!RmxUF1 znRA#Z*xcFrjkZz>=A@hHcXwHnwE?`gF1H(Dm0m|wyfkK}gYSJ{-h%<`2M1mRz^VAEw|g1|#|2J5}D6?ln`&p(Q78T$*-A%*ZBu&e7gU6W4)T91!C(&~6*Q?4a%Vfn+4 z$pr6~5pzqhk~xqk(Tl`BbZBdPpz0?thy2d;AkK84e8_S{eX!^2T9=Fxgs*}YaaTcO zdpBY?!iWcPCw!iDKU&t>l?}_gNO^>0o_?DMH^Ud$J-$H3zUPZ(fpV}-MvPj?;Qp;d z_%SXob1Pj@@sfcoI4-5fD`HR6K81$m>m^bq?fU0_C;0>hyAH2~J-+Mi;RouTxtdi< zAK*<2uznBXq26D1X^Q3q=NNDhh~Dpc>N}f@X5KGbWL{0b_PsCX=DVCj^}PntAvC7) zlygM<84ZH21oFDDp>N4Tejo}qEWH-I2qr)LLA0PT=VgJ^mOuJb^pQghyYoYB54?y$ zEgAtTZfTqbkw;3V3hGd|?7}=K`hKgoE8DE{4+0{G6t3XVQOpMi*#Y-t7LN3t(U1;| z2)dAI^ zAO#^{Cv83T)*T^0rpv_v`Finq^yC`nq3slu&A&X`;4B<5atP?*QEuHZ1r zQ%@Y*89cMIO$H)ChnIgNr!x=f)7ABpnuz`G@jmT1Xp?!aicK&G5#iD*2$n~F`sbgw z&vKGt8Yeh=FRRbHNBIQD2o2m+KYP|B^eMHFBIXawX~ao&4PWS!j1&v!*1n^6N$u;C zL=M3gG-PG-SPhz#Pis0bZaJSLGwJk35$TblR!G?C^UV|-Zu^y=gg3!T4tPx`M=%@9 zCr4BTvaudL>%MKRfe4r_EqjqSPK#dVem4!v+JQdkcCf}6lYduyG+Zoa0tFS+HN$6< za;bGZl;+*MYL>cMcPa78k3lu19iVRD0q?`gwo>8bp5P^n&@rp{PRFqe#(%!%#V1Pl zIYLkda(=fB|G@W(>c-BEcErqeXg+BbH0bSG5Aw590%$@e8ONisjlVkhdv@jiZ)OGU z%vG!mK_fixEqA%7G(25Or)^VR=x%}z!U(UHrAhCn0ISM8Ag{Gk7fce%=vot}%kQiY zJc6JA)AwPH!gu>(bi-G8*U-p5eXMipjwmk430gm?0>QwrrqAmKdLC!(< zc%jT;!%RBhNhJ}A0LW>hR(@@oIdY%nQfq7L1((rXQcBW3$2DcZ#XCjE%@U60hrBv> zn-Aywk5g5}!*)al-zLsJ9SWP*2TXBrT8>J(H(aALtevmY<@kOe7;;ww+5nN4TP2mH z;~pXF?(4mS0-sHYNPAec>e>W`l)gHYt#UPrEZ()`elP4?S;}Dkt0=^<3cGyP)(g89 zxzot;S+m+3@N17$ftw7F3Q@?*lUCd9eMr=t$;+!i_EOy~r{Y1ZJQMW2ankpi4*|3> zAnxQOrDG|Bf+O?tj*0$ri}YilDaSzbDK0S4f%9C#0+q6LKHU<%jQ#poQmXgE`hz_R z)@ie$Ildn@upi<$xYRxkp#~pbxS4ni$}SXq?NWE91mrO=}YSi93NFXz0fUO8{l1VEef$9f!m zj)M9YK2`WV>niLme$B_6Ck%Rxac0)Y4&*Q-Rv7G2Hf)_SRdv6@5?!(Q%$7s$9z`;~ zfLkDz`F-*G+!EOW6H>@=cwGL&8$B%4X;GLjVLND>pAl^TxoSL%NWhIAQ}p4a{*;)u z7MP|iJE|M==iB_=GleOz`zCADmS`DKN%_cHoh(K%jJk*i0}#HlC4sG?VGy~tkD@HU zFh~X-?3Lu@X$u584-c!hwIlc;p?3jT$?5|oT(>X5=a-zsTy}UAz9*DV*ww~sFNJ_Y ze9m>@sU7W2jO1xm@$*l0U~*WeGVrRjpZ7?U6VC+?8~{09&>D*ux%&gVOzpl56@459 z9($_}hs4uy`O+JM{d(EN?oN;+(c@>^V(k|e^RKap7e48`kig%Cksnjq6M@e}?l#YV zN`D4kfju=DHC*z4+OGRBSy$U;zi7|86xxKf-$mCwso!sa_wKTm26Fmb`|so$uw43*3x-+4 zHPp!a7l&=wOWp>m7zRvn(N08BvfQuI;1O(^R%P`W#~RS)S65drt4@x|s}mZH%&~h& z3bee9|L?zyx9!&Mm$Pf5YB#);PiF2qn}(KDM&&nhl;#(z_hCSr!1phUC|d)H)Y6$k5Usa z&(B$Q2*uyezZyusrRhH4L7`A)o(Ug{Jmb+)Ro$MyQ){?9kgslUMbOkt@>lpz9Wm20 zp)Mxv1VohlgBpJ7Vp}bio(XdnCWo*;(SIWd2o~GkbT18TQN#!Q;#ciWFgdJK9zH1g zdl2B8{*3+qP4DQ;Z2PeQh3GpP`p7G3{Fgmw{2fid z7Q-h2iQ}VDp_I=ll+aH*cG0mz_^AI;fhhYl2=ECKAyN8P15eg0j3!}|+ofB}Y)j>@ zJ5YEo_06M)+f($;gTNidUUr(uaZm&xz?XK5)~DvDqY&{ePeT1T&!egOi! z$0+~KjfgNMT`SNu+rPM_40t#-5NCGRTCzv??`T@~Af;8x+-<23=|Fm7^?Z8BYWCH| zN}yHzH2b?kw+_fX`9}V@+8}m-N*>@ZdW4b?;|%k=-g9gd#Cb3{Ms7Zc(=!a}eY{$7 zbOyo|#?8bs`=T@k4vF(mRt0%L%r%IeU5Yq1O)Z$9lK zJq4OMt0np1GlL)Zq&P0iF@Rs%IEa_*MsOA0mBkrAcignLZz&Tj9!~x^Vw*1rYjuXz z-21oS;!Q7W>I6^(9&tM+o@}R4-{@`n7a4O$lYeudQL-)nq^en~|Fhnc=93l+FiYgh z0iWc*IeBb4Sr~pkl>l_Ne06Q@us_Y8g0VjTUYrP*&M&F7mNaxgT~m3r4m2#POI|X~ zPMJ*ad(ZQj0;3K`=HcDW#I#2am!+^zUmZHuq$_U#9eM=Nw0*VDxfK%IA>L0IU479$R) z=z1gAtDhdD{iE zuKs_BAx@hYtxQqXi|?lA&QD%u-ewq_&fmRKg*`j#|=5LaswCJ4!0m>O-n* zkyw!!9-ro|H}E)kg%c*z<_Fy;KNCMibB?NX{QgGnoucHEPd1VBj8a6{#N z3z%+LX;;Z?es4QCF=%IBl2qd(iEa-= z+)ca;yD$rw(0+1G;_`p)zcbE$s7xj3AWV6^Y(S2!JvyQ)?B7wTqyx%a89sNpZ8>q+ ze>?Wg++3&I6(KQ+rHMakmvO*U4?&g#_KRl7v8aH^Km0)S1_hoJYvXS0|N z!e55DU9_Ne!v{kgv1af)khC$2C?5@|Pi9A$lIi0&AigV^p$o#sQt(HWgYaDLV8iyCh3=1`Ti%tK89T|Od#4DB zn0p^On)I)_F>2h#?<}J#`9E=k{xkhLFJh!Za+15OS$~H6rg3`Kx2?i(Q(x_livAxb z=JSE;dwEf;XV_H(Qao+ju0_>?TACCE#g^)Xn zM|R4*4ucIqy?!~ZT0y*ap5Rs`U9964o@nwkpq~8ena~D26KqGZX;@!2ezioMhRGYr zI81KnRDS{1^h-t?l800vy>9m;Ryc=qYh60x3n~E2T`kK|?jEZoipqI(6RK>kr5t^9 z;8eP|dDZ?nO_J$thuH38N6yG-GhVDrDVkI%=0mRP;Tc38FzdYdXF%mmC|YE$Vn~*y z#~)tpIfUHQAIQc#8RY)FigBjz=?Mg04Nn;eRO1mVeVhm+pHY0r2T{;T5p$O3*herd z8aNKeK>0OVOCx>0Z$&*K$n1(G^U z+z3691aKn$&7@H_Ia*M=I9{Y|^SPEWG^7M9{s72fT8H{L*NNin{Qlh-u+uFrD;L^! zGWZ|Py_t2+9Y6*HU6j$$@`Fx@6M7G(GA%mLygWp9t}m}6_up3LfU15Sbt|H04xA(n z+H(1ywt=UemRHWnZn%9Rx(zjpOjyOU{C|@+9N7_u=ZQZ!GM+4X8j`s?Uk-2l;4|mf zH#oa@&(|2qFgNzIoG>II53$GM9cr#&_!)dT1|NyjW!1LO?iV6V{#j@4-28u3cHYr& zZG9gXHzAd1i7w&MB03qO%oA-S7~F{{Jw^rQ_mY~JUeB&3p2^jVa_00 z?KM=YXk-EcVq-qZ)o@r|Eqn0gbilKN6eM(KZXNAUf~Wi=X~bW}oIob~MQ6PsNuP)h zLKwkjktH4FGw*$m_rYIbvgQW+D||=cZ@ZK(Jj46rcE;s|^d>lfH_}G%p0C+4pogZB zQtMe{ZF5u(no2#%DHVQ``8w#L2#pNS&32Nsw=PKw4nQvIE*&K3{th|HQ~8bjlQ3zo z4c2fT(5Xfss08Z4iWe>D7!9xWJD=rNA;zG*c5RWBH~bunkmnosQ$t>s$mA4cnt}Pqj<^9+L`r*y`yeW(Z%ncRW&lW<{CKt z=$mFd6J1{5l&qOtgPfOBXKPjISd!AiyVqBG&kd+34HZCTA&Z`>o3nVjxYw^_OuD*4 znOfXn@uHuoTvJ}s0Rxi6Hf4eZyqX-p+BrJD+4kuRc1gq$QmM=lpkDNydl%*PIPUGy zo#G|`tE;FI(Y2k9J!h|V+u+=o&gJV=KxX2~@kxD6xiBH;O48ohE+9{p_9RF};YE?g zuOun9?2-YB&C(rtQ zcKjQHZZgX+u{^_rboM50Z4_MY-(_WOaNpdey{dApS4`Tq@5AO1I;_Lu zwvcwjD)5XEBvQFdNVBM2DMipvUl1d?mh2<&{l7Dm5Q8 zBxdPcnVq3@^|{K{StLiIxvD8BQpzG}#G3r(0WPeRXkp=4TsYt zs|K@6SzOkNb*6W-hVJ2_6k%g{roHm^=7mIK zgPX`1Eh~5}_%?Z_%;cyJd~^jM5oA_SQ}wTB^g$CZ*I9&SLLQL^T`A!pbafZ%^lJ=Wob{w;)BmM1 z9OZxipDF_jhV@k=eXzlYN2lc2GPASKJ|pDUj|Jng{N#h?>+k!8iX9E5uMiLsfWiD7 zOH!rw8biN!Uspf8e~ZC*omky6oTU^IAMgoSHT@6_X<+giwQSI?5a+j}>c1WBX_g zPlOI?rZ`cFWXFevzl4S)jd&JJyA3m&;3X`T=~_c+@q?g6Z(pfGW|@jz_1x`ORq3LY-?|qeAB&5xt8B$NzmI9vwVuB~zz{!Po|nZW&?>gAF$n-8 zB0C!X5GasuN?Gib&1E=`Jg-ZSx#+ejU&=5NxV1q_B0I?U{*_U8f^QT{-x7gVJzOa- zpTB>xIFasOVh+(#Z*&az^s};xzKNOoACn$A z11Ofm9I%IQ@oni3o-NJsJ(87;h=~F}Oyd}Tr|_+Blp=xEy{h24X!uSh4SX<}UrClk zWsQq+rc`=d;6Gz&o?O1%aD2jDj&H5hh4G(7M9j_rX_L?Ib^cA5yt`C;&(^1CA!ayK zm?c!c<%@A^6X%yhPcsCXVB}Gya*%BekVk`FSJN%oM?<=5@3s7;x->4ByDPdZY0C>n zhxS{;d(Pi9lj3WH=zYzWX6erTNHgt>qX5Z=-%UO!01!OTWFf)53JK-uXA=}*vK%o$ zyl!al7ZEcJ9DY_4RMN`~4*K2P%CiBLAfAzJ>&IJ9J^WOXE7c-Z8#eT|ZqXjL78mT)}D3*Y`=?O9lTy8W3uYDw=oQAtv0K&CMdBqIVuYXG@H^#4hK0GbD;5Dmj@OY%|Codv6-3`rD{qfTh## z{P3nV)&EqkasIu1xPQ;ENtIOs@3YYDCU+z|*ph$32U#A_*DxEU`pG{MS5R|aIN38S zU~@N}ssfl(2Lcv*(~y~p004pgJNA5m8?K+MRmvpJ9<;RN{hpOAv!vuao6++j>tg|F z+c9WcM;P^b^_9=}S;F29Sk?W;Ffi+^5YAHPlC%2kf{CO~{7nbJ7ouT6oG!!m`0+J> zfcg1QWIpK?G}c%I`QNZIJtHD6);#j(vH{#YBvxlW9gXc}oLvG0TKL0EiEk%rp^4KEmY`m)rp(JYzKFfV^Fc{0CTX3` zZe)p8dbjwGwdsb9kAq94N~wm*we#C}=4{qTg7PlAQ{|RZO4u?w^LK-}`S~2K{Pgte z;tL{83p)S_YrXlwWodru{jkbTD%uKnPA>A}(PE2|yMs7I5pc8bw_(c?7$^ea0c+`q z?$7l%F9a_F8$1=BZ3qcIc8~hl6`(NhVKfySyvNQ7??Liii0=s0Bh$p~L&oD=BQqJ& zctw8{@r5FMFm|@)twduuCbgSlu?vSkhF-Px=JQ+gzs-x|VqdJIh+8=KfSQA2~#^ zUvm1RC}gUXn)lc3H- zIF+_RsDq+@*szYILN091x#$3y7El~;nkfTvjW;Tbu+^3sbyq)d0tja=vfY}GdhzpP zlaQV-i>@=9rEG47hTyY$TM-HyT*#Skld4hDh(kfE;B(wkN7r;GDGIuy6e-;aYsT=A z=llaU`2cvPG#!XFHu`8Q z*dB<)M&p8Gw4yj>_sfE5B}^hC#BaGD4C=Q4D^N}*`i@INdr6j#l*icVW4p%6&+Qoh z{fpv_08RatZ2fb34Jm#MOb+gky;Sari5bF;LJrKo6k*e^=5R5el?PpaAFK8>o0$!t z6)G>!&+$YpPx|F9TiSGyp|FJ!#S9#KLMBf*U~fQJt6r^45VyDBHHPY88lW7=9i5jI zqHDXjDQ(ea1jM<|rK!yjTL)~u+TDUzkuttb+BF-!ogNS)C98&}b~{JMZqX8_`z0!7 zl~WW<0@0g?`|(^yW1f!M^eBhPk&;tYJ$NJaCBCa`(OK??tpF(gJn<63Ks7*?8w%|W zbFn5h8K)zP=@cEVyiAN}pSB+Y`Th$XQupF>kNUeLk+0Eybs?IuWNR}ZgIe-zTI{!M zOcJNhTo&mh>OG5ARKaNL+icW;J;t51IdJMX`m9+S3I9G`K$cMe*Ud1Sp$_p&t&5Fj zd2QmMO+9*`r&OR8jJ>>T$6~(Iolk(NI6zY3AY@e+lVlRE5?azt{$argumD9=<+x{%*M>J5B|MB>+knS&gXh`DZQrF(bi?_C>`G@?` z>)Hnrx~wmEU5T^4et$Js#UtreUHlQJ;kW6b>yxsUSdPk_9A+rtkQh-hO!=r4-}( Date: Mon, 26 Apr 2021 16:08:53 -0700 Subject: [PATCH 117/156] add period --- .../deploy-a-windows-10-image-using-mdt.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index ebe98a9061..ba163c16c9 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -194,7 +194,7 @@ On **MDT01**: 2. WinPE x64 3. Windows 10 x64 3. In the new Windows 10 x64 folder, create the following folder structure: - - Dell Inc + - Dell Inc. - Latitude E7450 - Hewlett-Packard - HP EliteBook 8560w @@ -215,7 +215,7 @@ When you import drivers to the MDT driver repository, MDT creates a single insta 2. WinPE x64 3. Windows 10 x64 3. In the **Windows 10 x64** folder, create the following folder structure: - - Dell Inc + - Dell Inc. - Latitude E7450 - Hewlett-Packard - HP EliteBook 8560w @@ -304,15 +304,15 @@ On **MDT01**: For the Dell Latitude E7450 model, you use the Dell Driver CAB file, which is accessible via the [Dell TechCenter website](https://go.microsoft.com/fwlink/p/?LinkId=619544). -In these steps, we assume you have downloaded and extracted the CAB file for the Latitude E7450 model to the **D:\\Drivers\\Dell Inc\\Latitude E7450** folder. +In these steps, we assume you have downloaded and extracted the CAB file for the Latitude E7450 model to the **D:\\Drivers\\Dell Inc.\\Latitude E7450** folder. On **MDT01**: -1. In the **Deployment Workbench**, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 10 x64** node, expand the **Dell Inc** node. +1. In the **Deployment Workbench**, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 10 x64** node, expand the **Dell Inc.** node. 2. Right-click the **Latitude E7450** folder and select **Import Drivers** and use the following Driver source directory to import drivers: - **D:\\Drivers\\Windows 10 x64\\Dell Inc\\Latitude E7450** + **D:\\Drivers\\Windows 10 x64\\Dell Inc.\\Latitude E7450** ### For the HP EliteBook 8560w From 8d4d0d4b086735d3af667f0e5ded8c8f45b907d2 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Apr 2021 19:07:42 -0700 Subject: [PATCH 118/156] Revert commit to change application-management\TOC --- windows/application-management/TOC.md | 112 ++++++++++++ windows/application-management/TOC.yml | 244 ------------------------- 2 files changed, 112 insertions(+), 244 deletions(-) create mode 100644 windows/application-management/TOC.md delete mode 100644 windows/application-management/TOC.yml diff --git a/windows/application-management/TOC.md b/windows/application-management/TOC.md new file mode 100644 index 0000000000..45491337c3 --- /dev/null +++ b/windows/application-management/TOC.md @@ -0,0 +1,112 @@ +# [Manage applications in Windows 10](index.md) +## [Sideload apps](sideload-apps-in-windows-10.md) +## [Remove background task resource restrictions](enterprise-background-activity-controls.md) +## [Enable or block Windows Mixed Reality apps in the enterprise](manage-windows-mixed-reality.md) +## [Understand apps in Windows 10](apps-in-windows-10.md) +## [Add apps and features in Windows 10](add-apps-and-features.md) +## [Repackage win32 apps in the MSIX format](msix-app-packaging-tool.md) +## [Application Virtualization (App-V) for Windows](app-v/appv-for-windows.md) +### [Getting Started with App-V](app-v/appv-getting-started.md) +#### [What's new in App-V for Windows 10, version 1703 and earlier](app-v/appv-about-appv.md) +##### [Release Notes for App-V for Windows 10, version 1607](app-v/appv-release-notes-for-appv-for-windows.md) +##### [Release Notes for App-V for Windows 10, version 1703](app-v/appv-release-notes-for-appv-for-windows-1703.md) +#### [Evaluating App-V](app-v/appv-evaluating-appv.md) +#### [High Level Architecture for App-V](app-v/appv-high-level-architecture.md) +### [Planning for App-V](app-v/appv-planning-for-appv.md) +#### [Preparing Your Environment for App-V](app-v/appv-preparing-your-environment.md) +##### [App-V Prerequisites](app-v/appv-prerequisites.md) +##### [App-V Security Considerations](app-v/appv-security-considerations.md) +#### [Planning to Deploy App-V](app-v/appv-planning-to-deploy-appv.md) +##### [App-V Supported Configurations](app-v/appv-supported-configurations.md) +##### [App-V Capacity Planning](app-v/appv-capacity-planning.md) +##### [Planning for High Availability with App-V](app-v/appv-planning-for-high-availability-with-appv.md) +##### [Planning to Deploy App-V with an Electronic Software Distribution System](app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md) +##### [Planning for the App-V Server Deployment](app-v/appv-planning-for-appv-server-deployment.md) +##### [Planning for the App-V Sequencer and Client Deployment](app-v/appv-planning-for-sequencer-and-client-deployment.md) +##### [Planning for Using App-V with Office](app-v/appv-planning-for-using-appv-with-office.md) +##### [Planning to Use Folder Redirection with App-V](app-v/appv-planning-folder-redirection-with-appv.md) +#### [App-V Planning Checklist](app-v/appv-planning-checklist.md) +### [Deploying App-V](app-v/appv-deploying-appv.md) +#### [Deploying the App-V Sequencer and Configuring the Client](app-v/appv-deploying-the-appv-sequencer-and-client.md) +##### [About Client Configuration Settings](app-v/appv-client-configuration-settings.md) +##### [Enable the App-V desktop client](app-v/appv-enable-the-app-v-desktop-client.md) +##### [How to Install the Sequencer](app-v/appv-install-the-sequencer.md) +#### [Deploying the App-V Server](app-v/appv-deploying-the-appv-server.md) +##### [How to Deploy the App-V Server](app-v/appv-deploy-the-appv-server.md) +##### [How to Deploy the App-V Server Using a Script](app-v/appv-deploy-the-appv-server-with-a-script.md) +##### [How to Deploy the App-V Databases by Using SQL Scripts](app-v/appv-deploy-appv-databases-with-sql-scripts.md) +##### [How to Install the Publishing Server on a Remote Computer](app-v/appv-install-the-publishing-server-on-a-remote-computer.md) +##### [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md) +##### [How to install the Management Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-management-server-on-a-standalone-computer.md) +##### [About App-V Reporting](app-v/appv-reporting.md) +##### [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-reporting-server-on-a-standalone-computer.md) +#### [App-V Deployment Checklist](app-v/appv-deployment-checklist.md) +#### [Deploying Microsoft Office 2016 by Using App-V](app-v/appv-deploying-microsoft-office-2016-with-appv.md) +#### [Deploying Microsoft Office 2013 by Using App-V](app-v/appv-deploying-microsoft-office-2013-with-appv.md) +#### [Deploying Microsoft Office 2010 by Using App-V](app-v/appv-deploying-microsoft-office-2010-wth-appv.md) +### [Operations for App-V](app-v/appv-operations.md) +#### [Creating and Managing App-V Virtualized Applications](app-v/appv-creating-and-managing-virtualized-applications.md) +##### [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-provision-a-vm.md) +##### [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-sequencing.md) +##### [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-updating.md) +##### [Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-sequence-a-new-application.md) +##### [How to Modify an Existing Virtual Application Package](app-v/appv-modify-an-existing-virtual-application-package.md) +##### [How to Create and Use a Project Template](app-v/appv-create-and-use-a-project-template.md) +##### [How to Create a Package Accelerator](app-v/appv-create-a-package-accelerator.md) +##### [How to Create a Virtual Application Package Using an App-V Package Accelerator](app-v/appv-create-a-virtual-application-package-package-accelerator.md) +#### [Administering App-V Virtual Applications by Using the Management Console](app-v/appv-administering-virtual-applications-with-the-management-console.md) +##### [About App-V Dynamic Configuration](app-v/appv-dynamic-configuration.md) +##### [How to Connect to the Management Console](app-v/appv-connect-to-the-management-console.md) +##### [How to Add or Upgrade Packages by Using the Management Console](app-v/appv-add-or-upgrade-packages-with-the-management-console.md) +##### [How to Configure Access to Packages by Using the Management Console](app-v/appv-configure-access-to-packages-with-the-management-console.md) +##### [How to Publish a Package by Using the Management Console](app-v/appv-publish-a-packages-with-the-management-console.md) +##### [How to Delete a Package in the Management Console](app-v/appv-delete-a-package-with-the-management-console.md) +##### [How to Add or Remove an Administrator by Using the Management Console](app-v/appv-add-or-remove-an-administrator-with-the-management-console.md) +##### [How to Register and Unregister a Publishing Server by Using the Management Console](app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md) +##### [How to Create a Custom Configuration File by Using the App-V Management Console](app-v/appv-create-a-custom-configuration-file-with-the-management-console.md) +##### [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md) +##### [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](app-v/appv-customize-virtual-application-extensions-with-the-management-console.md) +##### [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md) +#### [Managing Connection Groups](app-v/appv-managing-connection-groups.md) +##### [About the Connection Group Virtual Environment](app-v/appv-connection-group-virtual-environment.md) +##### [About the Connection Group File](app-v/appv-connection-group-file.md) +##### [How to Create a Connection Group](app-v/appv-create-a-connection-group.md) +##### [How to Create a Connection Group with User-Published and Globally Published Packages](app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md) +##### [How to Delete a Connection Group](app-v/appv-delete-a-connection-group.md) +##### [How to Publish a Connection Group](app-v/appv-publish-a-connection-group.md) +##### [How to Make a Connection Group Ignore the Package Version](app-v/appv-configure-connection-groups-to-ignore-the-package-version.md) +##### [How to Allow Only Administrators to Enable Connection Groups](app-v/appv-allow-administrators-to-enable-connection-groups.md) +#### [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md) +##### [How to deploy App-V Packages Using Electronic Software Distribution](app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md) +##### [How to Enable Only Administrators to Publish Packages by Using an ESD](app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md) +#### [Using the App-V Client Management Console](app-v/appv-using-the-client-management-console.md) +##### [Automatically clean-up unpublished packages on the App-V client](app-v/appv-auto-clean-unpublished-packages.md) +#### [Migrating to App-V from a Previous Version](app-v/appv-migrating-to-appv-from-a-previous-version.md) +##### [How to Convert a Package Created in a Previous Version of App-V](app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md) +#### [Maintaining App-V](app-v/appv-maintaining-appv.md) +##### [How to Move the App-V Server to Another Computer](app-v/appv-move-the-appv-server-to-another-computer.md) +#### [Administering App-V by Using Windows PowerShell](app-v/appv-administering-appv-with-powershell.md) +##### [How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help](app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md) +##### [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md) +##### [How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md) +##### [How to Modify Client Configuration by Using Windows PowerShell](app-v/appv-modify-client-configuration-with-powershell.md) +##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) +##### [How to Apply the User Configuration File by Using Windows PowerShell](app-v/appv-apply-the-user-configuration-file-with-powershell.md) +##### [How to Apply the Deployment Configuration File by Using Windows PowerShell](app-v/appv-apply-the-deployment-configuration-file-with-powershell.md) +##### [How to Sequence a Package by Using Windows PowerShell](app-v/appv-sequence-a-package-with-powershell.md) +##### [How to Create a Package Accelerator by Using Windows PowerShell](app-v/appv-create-a-package-accelerator-with-powershell.md) +##### [How to Enable Reporting on the App-V Client by Using Windows PowerShell](app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md) +##### [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md) +### [Troubleshooting App-V](app-v/appv-troubleshooting.md) +### [Technical Reference for App-V](app-v/appv-technical-reference.md) +#### [Available Mobile Device Management (MDM) settings for App-V](app-v/appv-available-mdm-settings.md) +#### [Performance Guidance for Application Virtualization](app-v/appv-performance-guidance.md) +#### [Application Publishing and Client Interaction](app-v/appv-application-publishing-and-client-interaction.md) +#### [Viewing App-V Server Publishing Metadata](app-v/appv-viewing-appv-server-publishing-metadata.md) +#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md) +## [Service Host process refactoring](svchost-service-refactoring.md) +## [Per-user services in Windows](per-user-services-in-windows.md) +## [Disabling System Services in Windows Server](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server) +## [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) +## [Change history for Application management](change-history-for-application-management.md) +## [How to keep apps removed from Windows 10 from returning during an update](remove-provisioned-apps-during-update.md) \ No newline at end of file diff --git a/windows/application-management/TOC.yml b/windows/application-management/TOC.yml deleted file mode 100644 index 0235d54cc0..0000000000 --- a/windows/application-management/TOC.yml +++ /dev/null @@ -1,244 +0,0 @@ -- name: Manage applications in Windows 10 - href: index.md - items: - - name: Sideload apps - href: sideload-apps-in-windows-10.md - - name: Remove background task resource restrictions - href: enterprise-background-activity-controls.md - - name: Enable or block Windows Mixed Reality apps in the enterprise - href: manage-windows-mixed-reality.md - - name: Understand apps in Windows 10 - href: apps-in-windows-10.md - - name: Add apps and features in Windows 10 - href: add-apps-and-features.md - - name: Repackage win32 apps in the MSIX format - href: msix-app-packaging-tool.md - - name: Application Virtualization (App-V) for Windows - href: app-v/appv-for-windows.md - items: - - name: Getting Started with App-V - href: app-v/appv-getting-started.md - items: - - name: What's new in App-V for Windows 10, version 1703 and earlier - href: app-v/appv-about-appv.md - items: - - name: Release Notes for App-V for Windows 10, version 1607 - href: app-v/appv-release-notes-for-appv-for-windows.md - - name: Release Notes for App-V for Windows 10, version 1703 - href: app-v/appv-release-notes-for-appv-for-windows-1703.md - - name: Evaluating App-V - href: app-v/appv-evaluating-appv.md - - name: High Level Architecture for App-V - href: app-v/appv-high-level-architecture.md - - name: Planning for App-V - href: app-v/appv-planning-for-appv.md - items: - - name: Preparing Your Environment for App-V - href: app-v/appv-preparing-your-environment.md - items: - - name: App-V Prerequisites - href: app-v/appv-prerequisites.md - - name: App-V Security Considerations - href: app-v/appv-security-considerations.md - - name: Planning to Deploy App-V - href: app-v/appv-planning-to-deploy-appv.md - items: - - name: App-V Supported Configurations - href: app-v/appv-supported-configurations.md - - name: App-V Capacity Planning - href: app-v/appv-capacity-planning.md - - name: Planning for High Availability with App-V - href: app-v/appv-planning-for-high-availability-with-appv.md - - name: Planning to Deploy App-V with an Electronic Software Distribution System - href: app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md - - name: Planning for the App-V Server Deployment - href: app-v/appv-planning-for-appv-server-deployment.md - - name: Planning for the App-V Sequencer and Client Deployment - href: app-v/appv-planning-for-sequencer-and-client-deployment.md - - name: Planning for Using App-V with Office - href: app-v/appv-planning-for-using-appv-with-office.md - - name: Planning to Use Folder Redirection with App-V - href: app-v/appv-planning-folder-redirection-with-appv.md - - name: App-V Planning Checklist - href: app-v/appv-planning-checklist.md - - name: Deploying App-V - href: app-v/appv-deploying-appv.md - items: - - name: Deploying the App-V Sequencer and Configuring the Client - href: app-v/appv-deploying-the-appv-sequencer-and-client.md - items: - - name: About Client Configuration Settings - href: app-v/appv-client-configuration-settings.md - - name: Enable the App-V desktop client - href: app-v/appv-enable-the-app-v-desktop-client.md - - name: How to Install the Sequencer - href: app-v/appv-install-the-sequencer.md - - name: Deploying the App-V Server - href: app-v/appv-deploying-the-appv-server.md - items: - - name: How to Deploy the App-V Server - href: app-v/appv-deploy-the-appv-server.md - - name: How to Deploy the App-V Server Using a Script - href: app-v/appv-deploy-the-appv-server-with-a-script.md - - name: How to Deploy the App-V Databases by Using SQL Scripts - href: app-v/appv-deploy-appv-databases-with-sql-scripts.md - - name: How to Install the Publishing Server on a Remote Computer - href: app-v/appv-install-the-publishing-server-on-a-remote-computer.md - - name: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services - href: app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md - - name: How to install the Management Server on a Standalone Computer and Connect it to the Database - href: app-v/appv-install-the-management-server-on-a-standalone-computer.md - - name: About App-V Reporting - href: app-v/appv-reporting.md - - name: How to install the Reporting Server on a Standalone Computer and Connect it to the Database - href: app-v/appv-install-the-reporting-server-on-a-standalone-computer.md - - name: App-V Deployment Checklist - href: app-v/appv-deployment-checklist.md - - name: Deploying Microsoft Office 2016 by Using App-V - href: app-v/appv-deploying-microsoft-office-2016-with-appv.md - - name: Deploying Microsoft Office 2013 by Using App-V - href: app-v/appv-deploying-microsoft-office-2013-with-appv.md - - name: Deploying Microsoft Office 2010 by Using App-V - href: app-v/appv-deploying-microsoft-office-2010-wth-appv.md - - name: Operations for App-V - href: app-v/appv-operations.md - items: - - name: Creating and Managing App-V Virtualized Applications - href: app-v/appv-creating-and-managing-virtualized-applications.md - items: - - name: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) - href: app-v/appv-auto-provision-a-vm.md - - name: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) - href: app-v/appv-auto-batch-sequencing.md - - name: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) - href: app-v/appv-auto-batch-updating.md - - name: Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer) - href: app-v/appv-sequence-a-new-application.md - - name: How to Modify an Existing Virtual Application Package - href: app-v/appv-modify-an-existing-virtual-application-package.md - - name: How to Create and Use a Project Template - href: app-v/appv-create-and-use-a-project-template.md - - name: How to Create a Package Accelerator - href: app-v/appv-create-a-package-accelerator.md - - name: How to Create a Virtual Application Package Using an App-V Package Accelerator - href: app-v/appv-create-a-virtual-application-package-package-accelerator.md - - name: Administering App-V Virtual Applications by Using the Management Console - href: app-v/appv-administering-virtual-applications-with-the-management-console.md - items: - - name: About App-V Dynamic Configuration - href: app-v/appv-dynamic-configuration.md - - name: How to Connect to the Management Console - href: app-v/appv-connect-to-the-management-console.md - - name: How to Add or Upgrade Packages by Using the Management Console - href: app-v/appv-add-or-upgrade-packages-with-the-management-console.md - - name: How to Configure Access to Packages by Using the Management Console - href: app-v/appv-configure-access-to-packages-with-the-management-console.md - - name: How to Publish a Package by Using the Management Console - href: app-v/appv-publish-a-packages-with-the-management-console.md - - name: How to Delete a Package in the Management Console - href: app-v/appv-delete-a-package-with-the-management-console.md - - name: How to Add or Remove an Administrator by Using the Management Console - href: app-v/appv-add-or-remove-an-administrator-with-the-management-console.md - - name: How to Register and Unregister a Publishing Server by Using the Management Console - href: app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md - - name: How to Create a Custom Configuration File by Using the App-V Management Console - href: app-v/appv-create-a-custom-configuration-file-with-the-management-console.md - - name: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console - href: app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md - - name: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console - href: app-v/appv-customize-virtual-application-extensions-with-the-management-console.md - - name: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console - href: app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md - - name: Managing Connection Groups - href: app-v/appv-managing-connection-groups.md - items: - - name: About the Connection Group Virtual Environment - href: app-v/appv-connection-group-virtual-environment.md - - name: About the Connection Group File - href: app-v/appv-connection-group-file.md - - name: How to Create a Connection Group - href: app-v/appv-create-a-connection-group.md - - name: How to Create a Connection Group with User-Published and Globally Published Packages - href: app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md - - name: How to Delete a Connection Group - href: app-v/appv-delete-a-connection-group.md - - name: How to Publish a Connection Group - href: app-v/appv-publish-a-connection-group.md - - name: How to Make a Connection Group Ignore the Package Version - href: app-v/appv-configure-connection-groups-to-ignore-the-package-version.md - - name: How to Allow Only Administrators to Enable Connection Groups - href: app-v/appv-allow-administrators-to-enable-connection-groups.md - - name: Deploying App-V Packages by Using Electronic Software Distribution (ESD) - href: app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md - items: - - name: How to deploy App-V Packages Using Electronic Software Distribution - href: app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md - - name: How to Enable Only Administrators to Publish Packages by Using an ESD - href: app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md - - name: Using the App-V Client Management Console - href: app-v/appv-using-the-client-management-console.md - items: - - name: Automatically clean-up unpublished packages on the App-V client - href: app-v/appv-auto-clean-unpublished-packages.md - - name: Migrating to App-V from a Previous Version - href: app-v/appv-migrating-to-appv-from-a-previous-version.md - items: - - name: How to Convert a Package Created in a Previous Version of App-V - href: app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md - - name: Maintaining App-V - href: app-v/appv-maintaining-appv.md - items: - - name: How to Move the App-V Server to Another Computer - href: app-v/appv-move-the-appv-server-to-another-computer.md - - name: Administering App-V by Using Windows PowerShell - href: app-v/appv-administering-appv-with-powershell.md - items: - - name: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help - href: app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md - - name: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell - href: app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md - - name: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell - href: app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md - - name: How to Modify Client Configuration by Using Windows PowerShell - href: app-v/appv-modify-client-configuration-with-powershell.md - - name: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server - href: app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md - - name: How to Apply the User Configuration File by Using Windows PowerShell - href: app-v/appv-apply-the-user-configuration-file-with-powershell.md - - name: How to Apply the Deployment Configuration File by Using Windows PowerShell - href: app-v/appv-apply-the-deployment-configuration-file-with-powershell.md - - name: How to Sequence a Package by Using Windows PowerShell - href: app-v/appv-sequence-a-package-with-powershell.md - - name: How to Create a Package Accelerator by Using Windows PowerShell - href: app-v/appv-create-a-package-accelerator-with-powershell.md - - name: How to Enable Reporting on the App-V Client by Using Windows PowerShell - href: app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md - - name: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell - href: app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md - - name: Troubleshooting App-V - href: app-v/appv-troubleshooting.md - - name: Technical Reference for App-V - href: app-v/appv-technical-reference.md - items: - - name: Available Mobile Device Management (MDM) settings for App-V - href: app-v/appv-available-mdm-settings.md - - name: Performance Guidance for Application Virtualization - href: app-v/appv-performance-guidance.md - - name: Application Publishing and Client Interaction - href: app-v/appv-application-publishing-and-client-interaction.md - - name: Viewing App-V Server Publishing Metadata - href: app-v/appv-viewing-appv-server-publishing-metadata.md - - name: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications - href: app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md - - name: Service Host process refactoring - href: svchost-service-refactoring.md - - name: Per-user services in Windows - href: per-user-services-in-windows.md - - name: Disabling System Services in Windows Server - href: /windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server - - name: Deploy app upgrades on Windows 10 Mobile - href: deploy-app-upgrades-windows-10-mobile.md - - name: Change history for Application management - href: change-history-for-application-management.md - - name: How to keep apps removed from Windows 10 from returning during an update - href: remove-provisioned-apps-during-update.md From ad2ba1af57c4c3627199b03652946b792e94edc2 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Apr 2021 20:12:47 -0700 Subject: [PATCH 119/156] Revert "Revert commit to change application-management\TOC" This reverts commit 8d4d0d4b086735d3af667f0e5ded8c8f45b907d2. --- windows/application-management/TOC.md | 112 ------------ windows/application-management/TOC.yml | 244 +++++++++++++++++++++++++ 2 files changed, 244 insertions(+), 112 deletions(-) delete mode 100644 windows/application-management/TOC.md create mode 100644 windows/application-management/TOC.yml diff --git a/windows/application-management/TOC.md b/windows/application-management/TOC.md deleted file mode 100644 index 45491337c3..0000000000 --- a/windows/application-management/TOC.md +++ /dev/null @@ -1,112 +0,0 @@ -# [Manage applications in Windows 10](index.md) -## [Sideload apps](sideload-apps-in-windows-10.md) -## [Remove background task resource restrictions](enterprise-background-activity-controls.md) -## [Enable or block Windows Mixed Reality apps in the enterprise](manage-windows-mixed-reality.md) -## [Understand apps in Windows 10](apps-in-windows-10.md) -## [Add apps and features in Windows 10](add-apps-and-features.md) -## [Repackage win32 apps in the MSIX format](msix-app-packaging-tool.md) -## [Application Virtualization (App-V) for Windows](app-v/appv-for-windows.md) -### [Getting Started with App-V](app-v/appv-getting-started.md) -#### [What's new in App-V for Windows 10, version 1703 and earlier](app-v/appv-about-appv.md) -##### [Release Notes for App-V for Windows 10, version 1607](app-v/appv-release-notes-for-appv-for-windows.md) -##### [Release Notes for App-V for Windows 10, version 1703](app-v/appv-release-notes-for-appv-for-windows-1703.md) -#### [Evaluating App-V](app-v/appv-evaluating-appv.md) -#### [High Level Architecture for App-V](app-v/appv-high-level-architecture.md) -### [Planning for App-V](app-v/appv-planning-for-appv.md) -#### [Preparing Your Environment for App-V](app-v/appv-preparing-your-environment.md) -##### [App-V Prerequisites](app-v/appv-prerequisites.md) -##### [App-V Security Considerations](app-v/appv-security-considerations.md) -#### [Planning to Deploy App-V](app-v/appv-planning-to-deploy-appv.md) -##### [App-V Supported Configurations](app-v/appv-supported-configurations.md) -##### [App-V Capacity Planning](app-v/appv-capacity-planning.md) -##### [Planning for High Availability with App-V](app-v/appv-planning-for-high-availability-with-appv.md) -##### [Planning to Deploy App-V with an Electronic Software Distribution System](app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md) -##### [Planning for the App-V Server Deployment](app-v/appv-planning-for-appv-server-deployment.md) -##### [Planning for the App-V Sequencer and Client Deployment](app-v/appv-planning-for-sequencer-and-client-deployment.md) -##### [Planning for Using App-V with Office](app-v/appv-planning-for-using-appv-with-office.md) -##### [Planning to Use Folder Redirection with App-V](app-v/appv-planning-folder-redirection-with-appv.md) -#### [App-V Planning Checklist](app-v/appv-planning-checklist.md) -### [Deploying App-V](app-v/appv-deploying-appv.md) -#### [Deploying the App-V Sequencer and Configuring the Client](app-v/appv-deploying-the-appv-sequencer-and-client.md) -##### [About Client Configuration Settings](app-v/appv-client-configuration-settings.md) -##### [Enable the App-V desktop client](app-v/appv-enable-the-app-v-desktop-client.md) -##### [How to Install the Sequencer](app-v/appv-install-the-sequencer.md) -#### [Deploying the App-V Server](app-v/appv-deploying-the-appv-server.md) -##### [How to Deploy the App-V Server](app-v/appv-deploy-the-appv-server.md) -##### [How to Deploy the App-V Server Using a Script](app-v/appv-deploy-the-appv-server-with-a-script.md) -##### [How to Deploy the App-V Databases by Using SQL Scripts](app-v/appv-deploy-appv-databases-with-sql-scripts.md) -##### [How to Install the Publishing Server on a Remote Computer](app-v/appv-install-the-publishing-server-on-a-remote-computer.md) -##### [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md) -##### [How to install the Management Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-management-server-on-a-standalone-computer.md) -##### [About App-V Reporting](app-v/appv-reporting.md) -##### [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-reporting-server-on-a-standalone-computer.md) -#### [App-V Deployment Checklist](app-v/appv-deployment-checklist.md) -#### [Deploying Microsoft Office 2016 by Using App-V](app-v/appv-deploying-microsoft-office-2016-with-appv.md) -#### [Deploying Microsoft Office 2013 by Using App-V](app-v/appv-deploying-microsoft-office-2013-with-appv.md) -#### [Deploying Microsoft Office 2010 by Using App-V](app-v/appv-deploying-microsoft-office-2010-wth-appv.md) -### [Operations for App-V](app-v/appv-operations.md) -#### [Creating and Managing App-V Virtualized Applications](app-v/appv-creating-and-managing-virtualized-applications.md) -##### [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-provision-a-vm.md) -##### [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-sequencing.md) -##### [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-updating.md) -##### [Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-sequence-a-new-application.md) -##### [How to Modify an Existing Virtual Application Package](app-v/appv-modify-an-existing-virtual-application-package.md) -##### [How to Create and Use a Project Template](app-v/appv-create-and-use-a-project-template.md) -##### [How to Create a Package Accelerator](app-v/appv-create-a-package-accelerator.md) -##### [How to Create a Virtual Application Package Using an App-V Package Accelerator](app-v/appv-create-a-virtual-application-package-package-accelerator.md) -#### [Administering App-V Virtual Applications by Using the Management Console](app-v/appv-administering-virtual-applications-with-the-management-console.md) -##### [About App-V Dynamic Configuration](app-v/appv-dynamic-configuration.md) -##### [How to Connect to the Management Console](app-v/appv-connect-to-the-management-console.md) -##### [How to Add or Upgrade Packages by Using the Management Console](app-v/appv-add-or-upgrade-packages-with-the-management-console.md) -##### [How to Configure Access to Packages by Using the Management Console](app-v/appv-configure-access-to-packages-with-the-management-console.md) -##### [How to Publish a Package by Using the Management Console](app-v/appv-publish-a-packages-with-the-management-console.md) -##### [How to Delete a Package in the Management Console](app-v/appv-delete-a-package-with-the-management-console.md) -##### [How to Add or Remove an Administrator by Using the Management Console](app-v/appv-add-or-remove-an-administrator-with-the-management-console.md) -##### [How to Register and Unregister a Publishing Server by Using the Management Console](app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md) -##### [How to Create a Custom Configuration File by Using the App-V Management Console](app-v/appv-create-a-custom-configuration-file-with-the-management-console.md) -##### [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md) -##### [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](app-v/appv-customize-virtual-application-extensions-with-the-management-console.md) -##### [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md) -#### [Managing Connection Groups](app-v/appv-managing-connection-groups.md) -##### [About the Connection Group Virtual Environment](app-v/appv-connection-group-virtual-environment.md) -##### [About the Connection Group File](app-v/appv-connection-group-file.md) -##### [How to Create a Connection Group](app-v/appv-create-a-connection-group.md) -##### [How to Create a Connection Group with User-Published and Globally Published Packages](app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md) -##### [How to Delete a Connection Group](app-v/appv-delete-a-connection-group.md) -##### [How to Publish a Connection Group](app-v/appv-publish-a-connection-group.md) -##### [How to Make a Connection Group Ignore the Package Version](app-v/appv-configure-connection-groups-to-ignore-the-package-version.md) -##### [How to Allow Only Administrators to Enable Connection Groups](app-v/appv-allow-administrators-to-enable-connection-groups.md) -#### [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md) -##### [How to deploy App-V Packages Using Electronic Software Distribution](app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md) -##### [How to Enable Only Administrators to Publish Packages by Using an ESD](app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md) -#### [Using the App-V Client Management Console](app-v/appv-using-the-client-management-console.md) -##### [Automatically clean-up unpublished packages on the App-V client](app-v/appv-auto-clean-unpublished-packages.md) -#### [Migrating to App-V from a Previous Version](app-v/appv-migrating-to-appv-from-a-previous-version.md) -##### [How to Convert a Package Created in a Previous Version of App-V](app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md) -#### [Maintaining App-V](app-v/appv-maintaining-appv.md) -##### [How to Move the App-V Server to Another Computer](app-v/appv-move-the-appv-server-to-another-computer.md) -#### [Administering App-V by Using Windows PowerShell](app-v/appv-administering-appv-with-powershell.md) -##### [How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help](app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md) -##### [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md) -##### [How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md) -##### [How to Modify Client Configuration by Using Windows PowerShell](app-v/appv-modify-client-configuration-with-powershell.md) -##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) -##### [How to Apply the User Configuration File by Using Windows PowerShell](app-v/appv-apply-the-user-configuration-file-with-powershell.md) -##### [How to Apply the Deployment Configuration File by Using Windows PowerShell](app-v/appv-apply-the-deployment-configuration-file-with-powershell.md) -##### [How to Sequence a Package by Using Windows PowerShell](app-v/appv-sequence-a-package-with-powershell.md) -##### [How to Create a Package Accelerator by Using Windows PowerShell](app-v/appv-create-a-package-accelerator-with-powershell.md) -##### [How to Enable Reporting on the App-V Client by Using Windows PowerShell](app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md) -##### [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md) -### [Troubleshooting App-V](app-v/appv-troubleshooting.md) -### [Technical Reference for App-V](app-v/appv-technical-reference.md) -#### [Available Mobile Device Management (MDM) settings for App-V](app-v/appv-available-mdm-settings.md) -#### [Performance Guidance for Application Virtualization](app-v/appv-performance-guidance.md) -#### [Application Publishing and Client Interaction](app-v/appv-application-publishing-and-client-interaction.md) -#### [Viewing App-V Server Publishing Metadata](app-v/appv-viewing-appv-server-publishing-metadata.md) -#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md) -## [Service Host process refactoring](svchost-service-refactoring.md) -## [Per-user services in Windows](per-user-services-in-windows.md) -## [Disabling System Services in Windows Server](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server) -## [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) -## [Change history for Application management](change-history-for-application-management.md) -## [How to keep apps removed from Windows 10 from returning during an update](remove-provisioned-apps-during-update.md) \ No newline at end of file diff --git a/windows/application-management/TOC.yml b/windows/application-management/TOC.yml new file mode 100644 index 0000000000..0235d54cc0 --- /dev/null +++ b/windows/application-management/TOC.yml @@ -0,0 +1,244 @@ +- name: Manage applications in Windows 10 + href: index.md + items: + - name: Sideload apps + href: sideload-apps-in-windows-10.md + - name: Remove background task resource restrictions + href: enterprise-background-activity-controls.md + - name: Enable or block Windows Mixed Reality apps in the enterprise + href: manage-windows-mixed-reality.md + - name: Understand apps in Windows 10 + href: apps-in-windows-10.md + - name: Add apps and features in Windows 10 + href: add-apps-and-features.md + - name: Repackage win32 apps in the MSIX format + href: msix-app-packaging-tool.md + - name: Application Virtualization (App-V) for Windows + href: app-v/appv-for-windows.md + items: + - name: Getting Started with App-V + href: app-v/appv-getting-started.md + items: + - name: What's new in App-V for Windows 10, version 1703 and earlier + href: app-v/appv-about-appv.md + items: + - name: Release Notes for App-V for Windows 10, version 1607 + href: app-v/appv-release-notes-for-appv-for-windows.md + - name: Release Notes for App-V for Windows 10, version 1703 + href: app-v/appv-release-notes-for-appv-for-windows-1703.md + - name: Evaluating App-V + href: app-v/appv-evaluating-appv.md + - name: High Level Architecture for App-V + href: app-v/appv-high-level-architecture.md + - name: Planning for App-V + href: app-v/appv-planning-for-appv.md + items: + - name: Preparing Your Environment for App-V + href: app-v/appv-preparing-your-environment.md + items: + - name: App-V Prerequisites + href: app-v/appv-prerequisites.md + - name: App-V Security Considerations + href: app-v/appv-security-considerations.md + - name: Planning to Deploy App-V + href: app-v/appv-planning-to-deploy-appv.md + items: + - name: App-V Supported Configurations + href: app-v/appv-supported-configurations.md + - name: App-V Capacity Planning + href: app-v/appv-capacity-planning.md + - name: Planning for High Availability with App-V + href: app-v/appv-planning-for-high-availability-with-appv.md + - name: Planning to Deploy App-V with an Electronic Software Distribution System + href: app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md + - name: Planning for the App-V Server Deployment + href: app-v/appv-planning-for-appv-server-deployment.md + - name: Planning for the App-V Sequencer and Client Deployment + href: app-v/appv-planning-for-sequencer-and-client-deployment.md + - name: Planning for Using App-V with Office + href: app-v/appv-planning-for-using-appv-with-office.md + - name: Planning to Use Folder Redirection with App-V + href: app-v/appv-planning-folder-redirection-with-appv.md + - name: App-V Planning Checklist + href: app-v/appv-planning-checklist.md + - name: Deploying App-V + href: app-v/appv-deploying-appv.md + items: + - name: Deploying the App-V Sequencer and Configuring the Client + href: app-v/appv-deploying-the-appv-sequencer-and-client.md + items: + - name: About Client Configuration Settings + href: app-v/appv-client-configuration-settings.md + - name: Enable the App-V desktop client + href: app-v/appv-enable-the-app-v-desktop-client.md + - name: How to Install the Sequencer + href: app-v/appv-install-the-sequencer.md + - name: Deploying the App-V Server + href: app-v/appv-deploying-the-appv-server.md + items: + - name: How to Deploy the App-V Server + href: app-v/appv-deploy-the-appv-server.md + - name: How to Deploy the App-V Server Using a Script + href: app-v/appv-deploy-the-appv-server-with-a-script.md + - name: How to Deploy the App-V Databases by Using SQL Scripts + href: app-v/appv-deploy-appv-databases-with-sql-scripts.md + - name: How to Install the Publishing Server on a Remote Computer + href: app-v/appv-install-the-publishing-server-on-a-remote-computer.md + - name: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services + href: app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md + - name: How to install the Management Server on a Standalone Computer and Connect it to the Database + href: app-v/appv-install-the-management-server-on-a-standalone-computer.md + - name: About App-V Reporting + href: app-v/appv-reporting.md + - name: How to install the Reporting Server on a Standalone Computer and Connect it to the Database + href: app-v/appv-install-the-reporting-server-on-a-standalone-computer.md + - name: App-V Deployment Checklist + href: app-v/appv-deployment-checklist.md + - name: Deploying Microsoft Office 2016 by Using App-V + href: app-v/appv-deploying-microsoft-office-2016-with-appv.md + - name: Deploying Microsoft Office 2013 by Using App-V + href: app-v/appv-deploying-microsoft-office-2013-with-appv.md + - name: Deploying Microsoft Office 2010 by Using App-V + href: app-v/appv-deploying-microsoft-office-2010-wth-appv.md + - name: Operations for App-V + href: app-v/appv-operations.md + items: + - name: Creating and Managing App-V Virtualized Applications + href: app-v/appv-creating-and-managing-virtualized-applications.md + items: + - name: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-auto-provision-a-vm.md + - name: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-auto-batch-sequencing.md + - name: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-auto-batch-updating.md + - name: Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-sequence-a-new-application.md + - name: How to Modify an Existing Virtual Application Package + href: app-v/appv-modify-an-existing-virtual-application-package.md + - name: How to Create and Use a Project Template + href: app-v/appv-create-and-use-a-project-template.md + - name: How to Create a Package Accelerator + href: app-v/appv-create-a-package-accelerator.md + - name: How to Create a Virtual Application Package Using an App-V Package Accelerator + href: app-v/appv-create-a-virtual-application-package-package-accelerator.md + - name: Administering App-V Virtual Applications by Using the Management Console + href: app-v/appv-administering-virtual-applications-with-the-management-console.md + items: + - name: About App-V Dynamic Configuration + href: app-v/appv-dynamic-configuration.md + - name: How to Connect to the Management Console + href: app-v/appv-connect-to-the-management-console.md + - name: How to Add or Upgrade Packages by Using the Management Console + href: app-v/appv-add-or-upgrade-packages-with-the-management-console.md + - name: How to Configure Access to Packages by Using the Management Console + href: app-v/appv-configure-access-to-packages-with-the-management-console.md + - name: How to Publish a Package by Using the Management Console + href: app-v/appv-publish-a-packages-with-the-management-console.md + - name: How to Delete a Package in the Management Console + href: app-v/appv-delete-a-package-with-the-management-console.md + - name: How to Add or Remove an Administrator by Using the Management Console + href: app-v/appv-add-or-remove-an-administrator-with-the-management-console.md + - name: How to Register and Unregister a Publishing Server by Using the Management Console + href: app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md + - name: How to Create a Custom Configuration File by Using the App-V Management Console + href: app-v/appv-create-a-custom-configuration-file-with-the-management-console.md + - name: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console + href: app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md + - name: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console + href: app-v/appv-customize-virtual-application-extensions-with-the-management-console.md + - name: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console + href: app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md + - name: Managing Connection Groups + href: app-v/appv-managing-connection-groups.md + items: + - name: About the Connection Group Virtual Environment + href: app-v/appv-connection-group-virtual-environment.md + - name: About the Connection Group File + href: app-v/appv-connection-group-file.md + - name: How to Create a Connection Group + href: app-v/appv-create-a-connection-group.md + - name: How to Create a Connection Group with User-Published and Globally Published Packages + href: app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md + - name: How to Delete a Connection Group + href: app-v/appv-delete-a-connection-group.md + - name: How to Publish a Connection Group + href: app-v/appv-publish-a-connection-group.md + - name: How to Make a Connection Group Ignore the Package Version + href: app-v/appv-configure-connection-groups-to-ignore-the-package-version.md + - name: How to Allow Only Administrators to Enable Connection Groups + href: app-v/appv-allow-administrators-to-enable-connection-groups.md + - name: Deploying App-V Packages by Using Electronic Software Distribution (ESD) + href: app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md + items: + - name: How to deploy App-V Packages Using Electronic Software Distribution + href: app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md + - name: How to Enable Only Administrators to Publish Packages by Using an ESD + href: app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md + - name: Using the App-V Client Management Console + href: app-v/appv-using-the-client-management-console.md + items: + - name: Automatically clean-up unpublished packages on the App-V client + href: app-v/appv-auto-clean-unpublished-packages.md + - name: Migrating to App-V from a Previous Version + href: app-v/appv-migrating-to-appv-from-a-previous-version.md + items: + - name: How to Convert a Package Created in a Previous Version of App-V + href: app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md + - name: Maintaining App-V + href: app-v/appv-maintaining-appv.md + items: + - name: How to Move the App-V Server to Another Computer + href: app-v/appv-move-the-appv-server-to-another-computer.md + - name: Administering App-V by Using Windows PowerShell + href: app-v/appv-administering-appv-with-powershell.md + items: + - name: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help + href: app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md + - name: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell + href: app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md + - name: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell + href: app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md + - name: How to Modify Client Configuration by Using Windows PowerShell + href: app-v/appv-modify-client-configuration-with-powershell.md + - name: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server + href: app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md + - name: How to Apply the User Configuration File by Using Windows PowerShell + href: app-v/appv-apply-the-user-configuration-file-with-powershell.md + - name: How to Apply the Deployment Configuration File by Using Windows PowerShell + href: app-v/appv-apply-the-deployment-configuration-file-with-powershell.md + - name: How to Sequence a Package by Using Windows PowerShell + href: app-v/appv-sequence-a-package-with-powershell.md + - name: How to Create a Package Accelerator by Using Windows PowerShell + href: app-v/appv-create-a-package-accelerator-with-powershell.md + - name: How to Enable Reporting on the App-V Client by Using Windows PowerShell + href: app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md + - name: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell + href: app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md + - name: Troubleshooting App-V + href: app-v/appv-troubleshooting.md + - name: Technical Reference for App-V + href: app-v/appv-technical-reference.md + items: + - name: Available Mobile Device Management (MDM) settings for App-V + href: app-v/appv-available-mdm-settings.md + - name: Performance Guidance for Application Virtualization + href: app-v/appv-performance-guidance.md + - name: Application Publishing and Client Interaction + href: app-v/appv-application-publishing-and-client-interaction.md + - name: Viewing App-V Server Publishing Metadata + href: app-v/appv-viewing-appv-server-publishing-metadata.md + - name: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications + href: app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md + - name: Service Host process refactoring + href: svchost-service-refactoring.md + - name: Per-user services in Windows + href: per-user-services-in-windows.md + - name: Disabling System Services in Windows Server + href: /windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server + - name: Deploy app upgrades on Windows 10 Mobile + href: deploy-app-upgrades-windows-10-mobile.md + - name: Change history for Application management + href: change-history-for-application-management.md + - name: How to keep apps removed from Windows 10 from returning during an update + href: remove-provisioned-apps-during-update.md From 5b3ef6aa6710c208c6a68717b54d8594a289e6cf Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Apr 2021 20:14:10 -0700 Subject: [PATCH 120/156] Revert "Revert "Revert commit to change application-management\TOC"" This reverts commit ad2ba1af57c4c3627199b03652946b792e94edc2. --- windows/application-management/TOC.md | 112 ++++++++++++ windows/application-management/TOC.yml | 244 ------------------------- 2 files changed, 112 insertions(+), 244 deletions(-) create mode 100644 windows/application-management/TOC.md delete mode 100644 windows/application-management/TOC.yml diff --git a/windows/application-management/TOC.md b/windows/application-management/TOC.md new file mode 100644 index 0000000000..45491337c3 --- /dev/null +++ b/windows/application-management/TOC.md @@ -0,0 +1,112 @@ +# [Manage applications in Windows 10](index.md) +## [Sideload apps](sideload-apps-in-windows-10.md) +## [Remove background task resource restrictions](enterprise-background-activity-controls.md) +## [Enable or block Windows Mixed Reality apps in the enterprise](manage-windows-mixed-reality.md) +## [Understand apps in Windows 10](apps-in-windows-10.md) +## [Add apps and features in Windows 10](add-apps-and-features.md) +## [Repackage win32 apps in the MSIX format](msix-app-packaging-tool.md) +## [Application Virtualization (App-V) for Windows](app-v/appv-for-windows.md) +### [Getting Started with App-V](app-v/appv-getting-started.md) +#### [What's new in App-V for Windows 10, version 1703 and earlier](app-v/appv-about-appv.md) +##### [Release Notes for App-V for Windows 10, version 1607](app-v/appv-release-notes-for-appv-for-windows.md) +##### [Release Notes for App-V for Windows 10, version 1703](app-v/appv-release-notes-for-appv-for-windows-1703.md) +#### [Evaluating App-V](app-v/appv-evaluating-appv.md) +#### [High Level Architecture for App-V](app-v/appv-high-level-architecture.md) +### [Planning for App-V](app-v/appv-planning-for-appv.md) +#### [Preparing Your Environment for App-V](app-v/appv-preparing-your-environment.md) +##### [App-V Prerequisites](app-v/appv-prerequisites.md) +##### [App-V Security Considerations](app-v/appv-security-considerations.md) +#### [Planning to Deploy App-V](app-v/appv-planning-to-deploy-appv.md) +##### [App-V Supported Configurations](app-v/appv-supported-configurations.md) +##### [App-V Capacity Planning](app-v/appv-capacity-planning.md) +##### [Planning for High Availability with App-V](app-v/appv-planning-for-high-availability-with-appv.md) +##### [Planning to Deploy App-V with an Electronic Software Distribution System](app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md) +##### [Planning for the App-V Server Deployment](app-v/appv-planning-for-appv-server-deployment.md) +##### [Planning for the App-V Sequencer and Client Deployment](app-v/appv-planning-for-sequencer-and-client-deployment.md) +##### [Planning for Using App-V with Office](app-v/appv-planning-for-using-appv-with-office.md) +##### [Planning to Use Folder Redirection with App-V](app-v/appv-planning-folder-redirection-with-appv.md) +#### [App-V Planning Checklist](app-v/appv-planning-checklist.md) +### [Deploying App-V](app-v/appv-deploying-appv.md) +#### [Deploying the App-V Sequencer and Configuring the Client](app-v/appv-deploying-the-appv-sequencer-and-client.md) +##### [About Client Configuration Settings](app-v/appv-client-configuration-settings.md) +##### [Enable the App-V desktop client](app-v/appv-enable-the-app-v-desktop-client.md) +##### [How to Install the Sequencer](app-v/appv-install-the-sequencer.md) +#### [Deploying the App-V Server](app-v/appv-deploying-the-appv-server.md) +##### [How to Deploy the App-V Server](app-v/appv-deploy-the-appv-server.md) +##### [How to Deploy the App-V Server Using a Script](app-v/appv-deploy-the-appv-server-with-a-script.md) +##### [How to Deploy the App-V Databases by Using SQL Scripts](app-v/appv-deploy-appv-databases-with-sql-scripts.md) +##### [How to Install the Publishing Server on a Remote Computer](app-v/appv-install-the-publishing-server-on-a-remote-computer.md) +##### [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md) +##### [How to install the Management Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-management-server-on-a-standalone-computer.md) +##### [About App-V Reporting](app-v/appv-reporting.md) +##### [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-reporting-server-on-a-standalone-computer.md) +#### [App-V Deployment Checklist](app-v/appv-deployment-checklist.md) +#### [Deploying Microsoft Office 2016 by Using App-V](app-v/appv-deploying-microsoft-office-2016-with-appv.md) +#### [Deploying Microsoft Office 2013 by Using App-V](app-v/appv-deploying-microsoft-office-2013-with-appv.md) +#### [Deploying Microsoft Office 2010 by Using App-V](app-v/appv-deploying-microsoft-office-2010-wth-appv.md) +### [Operations for App-V](app-v/appv-operations.md) +#### [Creating and Managing App-V Virtualized Applications](app-v/appv-creating-and-managing-virtualized-applications.md) +##### [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-provision-a-vm.md) +##### [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-sequencing.md) +##### [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-updating.md) +##### [Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-sequence-a-new-application.md) +##### [How to Modify an Existing Virtual Application Package](app-v/appv-modify-an-existing-virtual-application-package.md) +##### [How to Create and Use a Project Template](app-v/appv-create-and-use-a-project-template.md) +##### [How to Create a Package Accelerator](app-v/appv-create-a-package-accelerator.md) +##### [How to Create a Virtual Application Package Using an App-V Package Accelerator](app-v/appv-create-a-virtual-application-package-package-accelerator.md) +#### [Administering App-V Virtual Applications by Using the Management Console](app-v/appv-administering-virtual-applications-with-the-management-console.md) +##### [About App-V Dynamic Configuration](app-v/appv-dynamic-configuration.md) +##### [How to Connect to the Management Console](app-v/appv-connect-to-the-management-console.md) +##### [How to Add or Upgrade Packages by Using the Management Console](app-v/appv-add-or-upgrade-packages-with-the-management-console.md) +##### [How to Configure Access to Packages by Using the Management Console](app-v/appv-configure-access-to-packages-with-the-management-console.md) +##### [How to Publish a Package by Using the Management Console](app-v/appv-publish-a-packages-with-the-management-console.md) +##### [How to Delete a Package in the Management Console](app-v/appv-delete-a-package-with-the-management-console.md) +##### [How to Add or Remove an Administrator by Using the Management Console](app-v/appv-add-or-remove-an-administrator-with-the-management-console.md) +##### [How to Register and Unregister a Publishing Server by Using the Management Console](app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md) +##### [How to Create a Custom Configuration File by Using the App-V Management Console](app-v/appv-create-a-custom-configuration-file-with-the-management-console.md) +##### [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md) +##### [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](app-v/appv-customize-virtual-application-extensions-with-the-management-console.md) +##### [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md) +#### [Managing Connection Groups](app-v/appv-managing-connection-groups.md) +##### [About the Connection Group Virtual Environment](app-v/appv-connection-group-virtual-environment.md) +##### [About the Connection Group File](app-v/appv-connection-group-file.md) +##### [How to Create a Connection Group](app-v/appv-create-a-connection-group.md) +##### [How to Create a Connection Group with User-Published and Globally Published Packages](app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md) +##### [How to Delete a Connection Group](app-v/appv-delete-a-connection-group.md) +##### [How to Publish a Connection Group](app-v/appv-publish-a-connection-group.md) +##### [How to Make a Connection Group Ignore the Package Version](app-v/appv-configure-connection-groups-to-ignore-the-package-version.md) +##### [How to Allow Only Administrators to Enable Connection Groups](app-v/appv-allow-administrators-to-enable-connection-groups.md) +#### [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md) +##### [How to deploy App-V Packages Using Electronic Software Distribution](app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md) +##### [How to Enable Only Administrators to Publish Packages by Using an ESD](app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md) +#### [Using the App-V Client Management Console](app-v/appv-using-the-client-management-console.md) +##### [Automatically clean-up unpublished packages on the App-V client](app-v/appv-auto-clean-unpublished-packages.md) +#### [Migrating to App-V from a Previous Version](app-v/appv-migrating-to-appv-from-a-previous-version.md) +##### [How to Convert a Package Created in a Previous Version of App-V](app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md) +#### [Maintaining App-V](app-v/appv-maintaining-appv.md) +##### [How to Move the App-V Server to Another Computer](app-v/appv-move-the-appv-server-to-another-computer.md) +#### [Administering App-V by Using Windows PowerShell](app-v/appv-administering-appv-with-powershell.md) +##### [How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help](app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md) +##### [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md) +##### [How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md) +##### [How to Modify Client Configuration by Using Windows PowerShell](app-v/appv-modify-client-configuration-with-powershell.md) +##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) +##### [How to Apply the User Configuration File by Using Windows PowerShell](app-v/appv-apply-the-user-configuration-file-with-powershell.md) +##### [How to Apply the Deployment Configuration File by Using Windows PowerShell](app-v/appv-apply-the-deployment-configuration-file-with-powershell.md) +##### [How to Sequence a Package by Using Windows PowerShell](app-v/appv-sequence-a-package-with-powershell.md) +##### [How to Create a Package Accelerator by Using Windows PowerShell](app-v/appv-create-a-package-accelerator-with-powershell.md) +##### [How to Enable Reporting on the App-V Client by Using Windows PowerShell](app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md) +##### [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md) +### [Troubleshooting App-V](app-v/appv-troubleshooting.md) +### [Technical Reference for App-V](app-v/appv-technical-reference.md) +#### [Available Mobile Device Management (MDM) settings for App-V](app-v/appv-available-mdm-settings.md) +#### [Performance Guidance for Application Virtualization](app-v/appv-performance-guidance.md) +#### [Application Publishing and Client Interaction](app-v/appv-application-publishing-and-client-interaction.md) +#### [Viewing App-V Server Publishing Metadata](app-v/appv-viewing-appv-server-publishing-metadata.md) +#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md) +## [Service Host process refactoring](svchost-service-refactoring.md) +## [Per-user services in Windows](per-user-services-in-windows.md) +## [Disabling System Services in Windows Server](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server) +## [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) +## [Change history for Application management](change-history-for-application-management.md) +## [How to keep apps removed from Windows 10 from returning during an update](remove-provisioned-apps-during-update.md) \ No newline at end of file diff --git a/windows/application-management/TOC.yml b/windows/application-management/TOC.yml deleted file mode 100644 index 0235d54cc0..0000000000 --- a/windows/application-management/TOC.yml +++ /dev/null @@ -1,244 +0,0 @@ -- name: Manage applications in Windows 10 - href: index.md - items: - - name: Sideload apps - href: sideload-apps-in-windows-10.md - - name: Remove background task resource restrictions - href: enterprise-background-activity-controls.md - - name: Enable or block Windows Mixed Reality apps in the enterprise - href: manage-windows-mixed-reality.md - - name: Understand apps in Windows 10 - href: apps-in-windows-10.md - - name: Add apps and features in Windows 10 - href: add-apps-and-features.md - - name: Repackage win32 apps in the MSIX format - href: msix-app-packaging-tool.md - - name: Application Virtualization (App-V) for Windows - href: app-v/appv-for-windows.md - items: - - name: Getting Started with App-V - href: app-v/appv-getting-started.md - items: - - name: What's new in App-V for Windows 10, version 1703 and earlier - href: app-v/appv-about-appv.md - items: - - name: Release Notes for App-V for Windows 10, version 1607 - href: app-v/appv-release-notes-for-appv-for-windows.md - - name: Release Notes for App-V for Windows 10, version 1703 - href: app-v/appv-release-notes-for-appv-for-windows-1703.md - - name: Evaluating App-V - href: app-v/appv-evaluating-appv.md - - name: High Level Architecture for App-V - href: app-v/appv-high-level-architecture.md - - name: Planning for App-V - href: app-v/appv-planning-for-appv.md - items: - - name: Preparing Your Environment for App-V - href: app-v/appv-preparing-your-environment.md - items: - - name: App-V Prerequisites - href: app-v/appv-prerequisites.md - - name: App-V Security Considerations - href: app-v/appv-security-considerations.md - - name: Planning to Deploy App-V - href: app-v/appv-planning-to-deploy-appv.md - items: - - name: App-V Supported Configurations - href: app-v/appv-supported-configurations.md - - name: App-V Capacity Planning - href: app-v/appv-capacity-planning.md - - name: Planning for High Availability with App-V - href: app-v/appv-planning-for-high-availability-with-appv.md - - name: Planning to Deploy App-V with an Electronic Software Distribution System - href: app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md - - name: Planning for the App-V Server Deployment - href: app-v/appv-planning-for-appv-server-deployment.md - - name: Planning for the App-V Sequencer and Client Deployment - href: app-v/appv-planning-for-sequencer-and-client-deployment.md - - name: Planning for Using App-V with Office - href: app-v/appv-planning-for-using-appv-with-office.md - - name: Planning to Use Folder Redirection with App-V - href: app-v/appv-planning-folder-redirection-with-appv.md - - name: App-V Planning Checklist - href: app-v/appv-planning-checklist.md - - name: Deploying App-V - href: app-v/appv-deploying-appv.md - items: - - name: Deploying the App-V Sequencer and Configuring the Client - href: app-v/appv-deploying-the-appv-sequencer-and-client.md - items: - - name: About Client Configuration Settings - href: app-v/appv-client-configuration-settings.md - - name: Enable the App-V desktop client - href: app-v/appv-enable-the-app-v-desktop-client.md - - name: How to Install the Sequencer - href: app-v/appv-install-the-sequencer.md - - name: Deploying the App-V Server - href: app-v/appv-deploying-the-appv-server.md - items: - - name: How to Deploy the App-V Server - href: app-v/appv-deploy-the-appv-server.md - - name: How to Deploy the App-V Server Using a Script - href: app-v/appv-deploy-the-appv-server-with-a-script.md - - name: How to Deploy the App-V Databases by Using SQL Scripts - href: app-v/appv-deploy-appv-databases-with-sql-scripts.md - - name: How to Install the Publishing Server on a Remote Computer - href: app-v/appv-install-the-publishing-server-on-a-remote-computer.md - - name: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services - href: app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md - - name: How to install the Management Server on a Standalone Computer and Connect it to the Database - href: app-v/appv-install-the-management-server-on-a-standalone-computer.md - - name: About App-V Reporting - href: app-v/appv-reporting.md - - name: How to install the Reporting Server on a Standalone Computer and Connect it to the Database - href: app-v/appv-install-the-reporting-server-on-a-standalone-computer.md - - name: App-V Deployment Checklist - href: app-v/appv-deployment-checklist.md - - name: Deploying Microsoft Office 2016 by Using App-V - href: app-v/appv-deploying-microsoft-office-2016-with-appv.md - - name: Deploying Microsoft Office 2013 by Using App-V - href: app-v/appv-deploying-microsoft-office-2013-with-appv.md - - name: Deploying Microsoft Office 2010 by Using App-V - href: app-v/appv-deploying-microsoft-office-2010-wth-appv.md - - name: Operations for App-V - href: app-v/appv-operations.md - items: - - name: Creating and Managing App-V Virtualized Applications - href: app-v/appv-creating-and-managing-virtualized-applications.md - items: - - name: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) - href: app-v/appv-auto-provision-a-vm.md - - name: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) - href: app-v/appv-auto-batch-sequencing.md - - name: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) - href: app-v/appv-auto-batch-updating.md - - name: Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer) - href: app-v/appv-sequence-a-new-application.md - - name: How to Modify an Existing Virtual Application Package - href: app-v/appv-modify-an-existing-virtual-application-package.md - - name: How to Create and Use a Project Template - href: app-v/appv-create-and-use-a-project-template.md - - name: How to Create a Package Accelerator - href: app-v/appv-create-a-package-accelerator.md - - name: How to Create a Virtual Application Package Using an App-V Package Accelerator - href: app-v/appv-create-a-virtual-application-package-package-accelerator.md - - name: Administering App-V Virtual Applications by Using the Management Console - href: app-v/appv-administering-virtual-applications-with-the-management-console.md - items: - - name: About App-V Dynamic Configuration - href: app-v/appv-dynamic-configuration.md - - name: How to Connect to the Management Console - href: app-v/appv-connect-to-the-management-console.md - - name: How to Add or Upgrade Packages by Using the Management Console - href: app-v/appv-add-or-upgrade-packages-with-the-management-console.md - - name: How to Configure Access to Packages by Using the Management Console - href: app-v/appv-configure-access-to-packages-with-the-management-console.md - - name: How to Publish a Package by Using the Management Console - href: app-v/appv-publish-a-packages-with-the-management-console.md - - name: How to Delete a Package in the Management Console - href: app-v/appv-delete-a-package-with-the-management-console.md - - name: How to Add or Remove an Administrator by Using the Management Console - href: app-v/appv-add-or-remove-an-administrator-with-the-management-console.md - - name: How to Register and Unregister a Publishing Server by Using the Management Console - href: app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md - - name: How to Create a Custom Configuration File by Using the App-V Management Console - href: app-v/appv-create-a-custom-configuration-file-with-the-management-console.md - - name: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console - href: app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md - - name: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console - href: app-v/appv-customize-virtual-application-extensions-with-the-management-console.md - - name: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console - href: app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md - - name: Managing Connection Groups - href: app-v/appv-managing-connection-groups.md - items: - - name: About the Connection Group Virtual Environment - href: app-v/appv-connection-group-virtual-environment.md - - name: About the Connection Group File - href: app-v/appv-connection-group-file.md - - name: How to Create a Connection Group - href: app-v/appv-create-a-connection-group.md - - name: How to Create a Connection Group with User-Published and Globally Published Packages - href: app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md - - name: How to Delete a Connection Group - href: app-v/appv-delete-a-connection-group.md - - name: How to Publish a Connection Group - href: app-v/appv-publish-a-connection-group.md - - name: How to Make a Connection Group Ignore the Package Version - href: app-v/appv-configure-connection-groups-to-ignore-the-package-version.md - - name: How to Allow Only Administrators to Enable Connection Groups - href: app-v/appv-allow-administrators-to-enable-connection-groups.md - - name: Deploying App-V Packages by Using Electronic Software Distribution (ESD) - href: app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md - items: - - name: How to deploy App-V Packages Using Electronic Software Distribution - href: app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md - - name: How to Enable Only Administrators to Publish Packages by Using an ESD - href: app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md - - name: Using the App-V Client Management Console - href: app-v/appv-using-the-client-management-console.md - items: - - name: Automatically clean-up unpublished packages on the App-V client - href: app-v/appv-auto-clean-unpublished-packages.md - - name: Migrating to App-V from a Previous Version - href: app-v/appv-migrating-to-appv-from-a-previous-version.md - items: - - name: How to Convert a Package Created in a Previous Version of App-V - href: app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md - - name: Maintaining App-V - href: app-v/appv-maintaining-appv.md - items: - - name: How to Move the App-V Server to Another Computer - href: app-v/appv-move-the-appv-server-to-another-computer.md - - name: Administering App-V by Using Windows PowerShell - href: app-v/appv-administering-appv-with-powershell.md - items: - - name: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help - href: app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md - - name: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell - href: app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md - - name: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell - href: app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md - - name: How to Modify Client Configuration by Using Windows PowerShell - href: app-v/appv-modify-client-configuration-with-powershell.md - - name: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server - href: app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md - - name: How to Apply the User Configuration File by Using Windows PowerShell - href: app-v/appv-apply-the-user-configuration-file-with-powershell.md - - name: How to Apply the Deployment Configuration File by Using Windows PowerShell - href: app-v/appv-apply-the-deployment-configuration-file-with-powershell.md - - name: How to Sequence a Package by Using Windows PowerShell - href: app-v/appv-sequence-a-package-with-powershell.md - - name: How to Create a Package Accelerator by Using Windows PowerShell - href: app-v/appv-create-a-package-accelerator-with-powershell.md - - name: How to Enable Reporting on the App-V Client by Using Windows PowerShell - href: app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md - - name: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell - href: app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md - - name: Troubleshooting App-V - href: app-v/appv-troubleshooting.md - - name: Technical Reference for App-V - href: app-v/appv-technical-reference.md - items: - - name: Available Mobile Device Management (MDM) settings for App-V - href: app-v/appv-available-mdm-settings.md - - name: Performance Guidance for Application Virtualization - href: app-v/appv-performance-guidance.md - - name: Application Publishing and Client Interaction - href: app-v/appv-application-publishing-and-client-interaction.md - - name: Viewing App-V Server Publishing Metadata - href: app-v/appv-viewing-appv-server-publishing-metadata.md - - name: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications - href: app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md - - name: Service Host process refactoring - href: svchost-service-refactoring.md - - name: Per-user services in Windows - href: per-user-services-in-windows.md - - name: Disabling System Services in Windows Server - href: /windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server - - name: Deploy app upgrades on Windows 10 Mobile - href: deploy-app-upgrades-windows-10-mobile.md - - name: Change history for Application management - href: change-history-for-application-management.md - - name: How to keep apps removed from Windows 10 from returning during an update - href: remove-provisioned-apps-during-update.md From 0af062252521084123e81efd309d22f4db7ebed9 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Apr 2021 20:22:54 -0700 Subject: [PATCH 121/156] Revert conversion of /mdm/TOC from MD to YAML --- windows/client-management/mdm/TOC.md | 435 ++++++++++++ windows/client-management/mdm/TOC.yml | 954 -------------------------- 2 files changed, 435 insertions(+), 954 deletions(-) create mode 100644 windows/client-management/mdm/TOC.md delete mode 100644 windows/client-management/mdm/TOC.yml diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md new file mode 100644 index 0000000000..2f21a06d6f --- /dev/null +++ b/windows/client-management/mdm/TOC.md @@ -0,0 +1,435 @@ +# [Mobile device management](index.md) +## [What's new in MDM enrollment and management](new-in-windows-mdm-enrollment-management.md) +### [Change history for MDM documentation](change-history-for-mdm-documentation.md) +## [Mobile device enrollment](mobile-device-enrollment.md) +### [MDM enrollment of Windows devices](mdm-enrollment-of-windows-devices.md) +#### [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md) +### [Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md) +### [Federated authentication device enrollment](federated-authentication-device-enrollment.md) +### [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md) +### [On-premises authentication device enrollment](on-premise-authentication-device-enrollment.md) +## [Understanding ADMX-backed policies](understanding-admx-backed-policies.md) +## [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md) +## [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) +## [Implement server-side support for mobile application management on Windows](implement-server-side-mobile-application-management.md) +## [Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md) +## [Deploy and configure App-V apps using MDM](appv-deploy-and-config.md) +## [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md) +### [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md) +### [Register your free Azure Active Directory subscription](register-your-free-azure-active-directory-subscription.md) +## [Enterprise app management](enterprise-app-management.md) +## [Mobile device management (MDM) for device updates](device-update-management.md) +## [Bulk enrollment](bulk-enrollment-using-windows-provisioning-tool.md) +## [Management tool for the Microsoft Store for Business](management-tool-for-windows-store-for-business.md) +### [REST API reference for Microsoft Store for Business](rest-api-reference-windows-store-for-business.md) +#### [Data structures for Microsoft Store for Business](data-structures-windows-store-for-business.md) +#### [Get Inventory](get-inventory.md) +#### [Get product details](get-product-details.md) +#### [Get localized product details](get-localized-product-details.md) +#### [Get offline license](get-offline-license.md) +#### [Get product packages](get-product-packages.md) +#### [Get product package](get-product-package.md) +#### [Get seats](get-seats.md) +#### [Get seat](get-seat.md) +#### [Assign seats](assign-seats.md) +#### [Reclaim seat from user](reclaim-seat-from-user.md) +#### [Bulk assign and reclaim seats from users](bulk-assign-and-reclaim-seats-from-user.md) +#### [Get seats assigned to a user](get-seats-assigned-to-a-user.md) +## [Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices](enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md) +## [Certificate renewal](certificate-renewal-windows-mdm.md) +## [Disconnecting from the management infrastructure (unenrollment)](disconnecting-from-mdm-unenrollment.md) +## [Enterprise settings, policies, and app management](windows-mdm-enterprise-settings.md) +## [Push notification support for device management](push-notification-windows-mdm.md) +## [OMA DM protocol support](oma-dm-protocol-support.md) +## [Structure of OMA DM provisioning files](structure-of-oma-dm-provisioning-files.md) +## [Server requirements for OMA DM](server-requirements-windows-mdm.md) +## [DMProcessConfigXMLFiltered](dmprocessconfigxmlfiltered.md) +## [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md) +## [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md) +## [Configuration service provider reference](configuration-service-provider-reference.md) +### [AccountManagement CSP](accountmanagement-csp.md) +#### [AccountManagement DDF file](accountmanagement-ddf.md) +### [Accounts CSP](accounts-csp.md) +#### [Accounts DDF file](accounts-ddf-file.md) +### [ActiveSync CSP](activesync-csp.md) +#### [ActiveSync DDF file](activesync-ddf-file.md) +### [AllJoynManagement CSP](alljoynmanagement-csp.md) +#### [AllJoynManagement DDF](alljoynmanagement-ddf.md) +### [APPLICATION CSP](application-csp.md) +### [ApplicationControl CSP](applicationcontrol-csp.md) +#### [ApplicationControl DDF file](applicationcontrol-csp-ddf.md) +### [AppLocker CSP](applocker-csp.md) +#### [AppLocker DDF file](applocker-ddf-file.md) +#### [AppLocker XSD](applocker-xsd.md) +### [AssignedAccess CSP](assignedaccess-csp.md) +#### [AssignedAccess DDF file](assignedaccess-ddf.md) +### [BitLocker CSP](bitlocker-csp.md) +#### [BitLocker DDF file](bitlocker-ddf-file.md) +### [BOOTSTRAP CSP](bootstrap-csp.md) +### [BrowserFavorite CSP](browserfavorite-csp.md) +### [CellularSettings CSP](cellularsettings-csp.md) +### [CertificateStore CSP](certificatestore-csp.md) +#### [CertificateStore DDF file](certificatestore-ddf-file.md) +### [CleanPC CSP](cleanpc-csp.md) +#### [CleanPC DDF](cleanpc-ddf.md) +### [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) +#### [ClientCertificateInstall DDF file](clientcertificateinstall-ddf-file.md) +### [CM_CellularEntries CSP](cm-cellularentries-csp.md) +### [CM_ProxyEntries CSP](cm-proxyentries-csp.md) +### [CMPolicy CSP](cmpolicy-csp.md) +### [CMPolicyEnterprise CSP](cmpolicyenterprise-csp.md) +#### [CMPolicyEnterprise DDF file](cmpolicyenterprise-ddf-file.md) +### [CustomDeviceUI CSP](customdeviceui-csp.md) +#### [CustomDeviceUI DDF file](customdeviceui-ddf.md) +### [Defender CSP](defender-csp.md) +#### [Defender DDF file](defender-ddf.md) +### [DevDetail CSP](devdetail-csp.md) +#### [DevDetail DDF file](devdetail-ddf-file.md) +### [DeveloperSetup CSP](developersetup-csp.md) +#### [DeveloperSetup DDF](developersetup-ddf.md) +### [DeviceInstanceService CSP](deviceinstanceservice-csp.md) +### [DeviceLock CSP](devicelock-csp.md) +#### [DeviceLock DDF file](devicelock-ddf-file.md) +### [DeviceManageability CSP](devicemanageability-csp.md) +#### [DeviceManageability DDF](devicemanageability-ddf.md) +### [DeviceStatus CSP](devicestatus-csp.md) +#### [DeviceStatus DDF](devicestatus-ddf.md) +### [DevInfo CSP](devinfo-csp.md) +#### [DevInfo DDF file](devinfo-ddf-file.md) +### [DiagnosticLog CSP](diagnosticlog-csp.md) +#### [DiagnosticLog DDF file](diagnosticlog-ddf.md) +### [DMAcc CSP](dmacc-csp.md) +#### [DMAcc DDF file](dmacc-ddf-file.md) +### [DMClient CSP](dmclient-csp.md) +#### [DMClient DDF file](dmclient-ddf-file.md) +### [DMSessionActions CSP](dmsessionactions-csp.md) +#### [DMSessionActions DDF file](dmsessionactions-ddf.md) +### [DynamicManagement CSP](dynamicmanagement-csp.md) +#### [DynamicManagement DDF file](dynamicmanagement-ddf.md) +### [EMAIL2 CSP](email2-csp.md) +#### [EMAIL2 DDF file](email2-ddf-file.md) +### [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) +#### [EnrollmentStatusTracking DDF file](enrollmentstatustracking-csp-ddf.md) +### [EnterpriseAPN CSP](enterpriseapn-csp.md) +#### [EnterpriseAPN DDF](enterpriseapn-ddf.md) +### [EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md) +### [EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md) +#### [EnterpriseAppVManagement DDF file](enterpriseappvmanagement-ddf.md) +### [EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md) +#### [EnterpriseAssignedAccess DDF file](enterpriseassignedaccess-ddf.md) +#### [EnterpriseAssignedAccess XSD](enterpriseassignedaccess-xsd.md) +### [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) +#### [EnterpriseDataProtection DDF file](enterprisedataprotection-ddf-file.md) +### [EnterpriseDesktopAppManagement CSP](enterprisedesktopappmanagement-csp.md) +#### [EnterpriseDesktopAppManagement DDF](enterprisedesktopappmanagement-ddf-file.md) +#### [EnterpriseDesktopAppManagement XSD](enterprisedesktopappmanagement2-xsd.md) +### [EnterpriseExt CSP](enterpriseext-csp.md) +#### [EnterpriseExt DDF file](enterpriseext-ddf.md) +### [EnterpriseExtFileSystem CSP](enterpriseextfilessystem-csp.md) +#### [EnterpriseExtFileSystem DDF file](enterpriseextfilesystem-ddf.md) +### [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) +#### [EnterpriseModernAppManagement DDF](enterprisemodernappmanagement-ddf.md) +#### [EnterpriseModernAppManagement XSD](enterprisemodernappmanagement-xsd.md) +### [eUICCs CSP](euiccs-csp.md) +#### [eUICCs DDF file](euiccs-ddf-file.md) +### [FileSystem CSP](filesystem-csp.md) +### [Firewall CSP](firewall-csp.md) +#### [Firewall DDF file](firewall-ddf-file.md) +### [HealthAttestation CSP](healthattestation-csp.md) +#### [HealthAttestation DDF](healthattestation-ddf.md) +### [HotSpot CSP](hotspot-csp.md) +### [Maps CSP](maps-csp.md) +#### [Maps DDF](maps-ddf-file.md) +### [Messaging CSP](messaging-csp.md) +#### [Messaging DDF file](messaging-ddf.md) +### [MultiSIM CSP](multisim-csp.md) +#### [MultiSIM DDF file](multisim-ddf.md) +### [NAP CSP](nap-csp.md) +### [NAPDEF CSP](napdef-csp.md) +### [NetworkProxy CSP](networkproxy-csp.md) +#### [NetworkProxy DDF file](networkproxy-ddf.md) +### [NetworkQoSPolicy CSP](networkqospolicy-csp.md) +#### [NetworkQoSPolicy DDF file](networkqospolicy-ddf.md) +### [NodeCache CSP](nodecache-csp.md) +#### [NodeCache DDF file](nodecache-ddf-file.md) +### [Office CSP](office-csp.md) +#### [Office DDF](office-ddf.md) +### [PassportForWork CSP](passportforwork-csp.md) +#### [PassportForWork DDF file](passportforwork-ddf.md) +### [Personalization CSP](personalization-csp.md) +#### [Personalization DDF file](personalization-ddf.md) +### [Policy CSP](policy-configuration-service-provider.md) +#### [Policy CSP DDF file](policy-ddf-file.md) +#### [Policies in Policy CSP supported by Group Policy](policies-in-policy-csp-supported-by-group-policy.md) +#### [ADMX-backed policies in Policy CSP](policies-in-policy-csp-admx-backed.md) +#### [Policies in Policy CSP supported by HoloLens 2](policies-in-policy-csp-supported-by-hololens2.md) +#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md) +#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md) +#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](./configuration-service-provider-reference.md) +#### [Policies in Policy CSP supported by Windows 10 IoT Core](policies-in-policy-csp-supported-by-iot-core.md) +#### [Policies in Policy CSP supported by Microsoft Surface Hub](policies-in-policy-csp-supported-by-surface-hub.md) +#### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policies-in-policy-csp-that-can-be-set-using-eas.md) +#### [AboveLock](policy-csp-abovelock.md) +#### [Accounts](policy-csp-accounts.md) +#### [ActiveXControls](policy-csp-activexcontrols.md) +#### [ADMX_ActiveXInstallService](policy-csp-admx-activexinstallservice.md) +#### [ADMX_AddRemovePrograms](policy-csp-admx-addremoveprograms.md) +#### [ADMX_AppCompat](policy-csp-admx-appcompat.md) +#### [ADMX_AppxPackageManager](policy-csp-admx-appxpackagemanager.md) +#### [ADMX_AppXRuntime](policy-csp-admx-appxruntime.md) +#### [ADMX_AttachmentManager](policy-csp-admx-attachmentmanager.md) +#### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md) +#### [ADMX_Bits](policy-csp-admx-bits.md) +#### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md) +#### [ADMX_COM](policy-csp-admx-com.md) +#### [ADMX_ControlPanel](policy-csp-admx-controlpanel.md) +#### [ADMX_ControlPanelDisplay](policy-csp-admx-controlpaneldisplay.md) +#### [ADMX_Cpls](policy-csp-admx-cpls.md) +#### [ADMX_CredentialProviders](policy-csp-admx-credentialproviders.md) +#### [ADMX_CredSsp](policy-csp-admx-credssp.md) +#### [ADMX_CredUI](policy-csp-admx-credui.md) +#### [ADMX_CtrlAltDel](policy-csp-admx-ctrlaltdel.md) +#### [ADMX_DataCollection](policy-csp-admx-datacollection.md) +#### [ADMX_Desktop](policy-csp-admx-desktop.md) +#### [ADMX_DeviceInstallation](policy-csp-admx-deviceinstallation.md) +#### [ADMX_DeviceSetup](policy-csp-admx-devicesetup.md) +#### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) +#### [ADMX_DistributedLinkTracking](policy-csp-admx-distributedlinktracking.md) +#### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) +#### [ADMX_DWM](policy-csp-admx-dwm.md) +#### [ADMX_EAIME](policy-csp-admx-eaime.md) +#### [ADMX_EncryptFilesonMove](policy-csp-admx-encryptfilesonmove.md) +#### [ADMX_EnhancedStorage](policy-csp-admx-enhancedstorage.md) +#### [ADMX_ErrorReporting](policy-csp-admx-errorreporting.md) +#### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) +#### [ADMX_EventLog](policy-csp-admx-eventlog.md) +#### [ADMX_Explorer](policy-csp-admx-explorer.md) +#### [ADMX_FileRecovery](policy-csp-admx-filerecovery.md) +#### [ADMX_FileServerVSSProvider](policy-csp-admx-fileservervssprovider.md) +#### [ADMX_FileSys](policy-csp-admx-filesys.md) +#### [ADMX_FolderRedirection](policy-csp-admx-folderredirection.md) +#### [ADMX_Globalization](policy-csp-admx-globalization.md) +#### [ADMX_GroupPolicy](policy-csp-admx-grouppolicy.md) +#### [ADMX_Help](policy-csp-admx-help.md) +#### [ADMX_HelpAndSupport](policy-csp-admx-helpandsupport.md) +#### [ADMX_ICM](policy-csp-admx-icm.md) +#### [ADMX_kdc](policy-csp-admx-kdc.md) +#### [ADMX_Kerberos](policy-csp-admx-kerberos.md) +#### [ADMX_LanmanServer](policy-csp-admx-lanmanserver.md) +#### [ADMX_LanmanWorkstation](policy-csp-admx-lanmanworkstation.md) +#### [ADMX_LinkLayerTopologyDiscovery](policy-csp-admx-linklayertopologydiscovery.md) +#### [ADMX_Logon](policy-csp-admx-logon.md) +#### [ADMX_MicrosoftDefenderAntivirus](policy-csp-admx-microsoftdefenderantivirus.md) +#### [ADMX_MMC](policy-csp-admx-mmc.md) +#### [ADMX_MMCSnapins](policy-csp-admx-mmcsnapins.md) +#### [ADMX_MSAPolicy](policy-csp-admx-msapolicy.md) +#### [ADMX_msched](policy-csp-admx-msched.md) +#### [ADMX_MSDT](policy-csp-admx-msdt.md) +#### [ADMX_MSI](policy-csp-admx-msi.md) +#### [ADMX_nca](policy-csp-admx-nca.md) +#### [ADMX_NCSI](policy-csp-admx-ncsi.md) +#### [ADMX_Netlogon](policy-csp-admx-netlogon.md) +#### [ADMX_NetworkConnections](policy-csp-admx-networkconnections.md) +#### [ADMX_OfflineFiles](policy-csp-admx-offlinefiles.md) +#### [ADMX_PeerToPeerCaching](policy-csp-admx-peertopeercaching.md) +#### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md) +#### [ADMX_Power](policy-csp-admx-power.md) +#### [ADMX_PowerShellExecutionPolicy](policy-csp-admx-powershellexecutionpolicy.md) +#### [ADMX_Printing](policy-csp-admx-printing.md) +#### [ADMX_Printing2](policy-csp-admx-printing2.md) +#### [ADMX_Programs](policy-csp-admx-programs.md) +#### [ADMX_Reliability](policy-csp-admx-reliability.md) +#### [ADMX_RemoteAssistance](policy-csp-admx-remoteassistance.md) +#### [ADMX_RemovableStorage](policy-csp-admx-removablestorage.md) +#### [ADMX_RPC](policy-csp-admx-rpc.md) +#### [ADMX_Scripts](policy-csp-admx-scripts.md) +#### [ADMX_sdiageng](policy-csp-admx-sdiageng.md) +#### [ADMX_Securitycenter](policy-csp-admx-securitycenter.md) +#### [ADMX_Sensors](policy-csp-admx-sensors.md) +#### [ADMX_Servicing](policy-csp-admx-servicing.md) +#### [ADMX_SettingSync](policy-csp-admx-settingsync.md) +#### [ADMX_SharedFolders](policy-csp-admx-sharedfolders.md) +#### [ADMX_Sharing](policy-csp-admx-sharing.md) +#### [ADMX_ShellCommandPromptRegEditTools](policy-csp-admx-shellcommandpromptregedittools.md) +#### [ADMX_SkyDrive](policy-csp-admx-skydrive.md) +#### [ADMX_Smartcard](policy-csp-admx-smartcard.md) +#### [ADMX_Snmp](policy-csp-admx-snmp.md) +#### [ADMX_StartMenu](policy-csp-admx-startmenu.md) +#### [ADMX_SystemRestore](policy-csp-admx-systemrestore.md) +#### [ADMX_Taskbar](policy-csp-admx-taskbar.md) +#### [ADMX_tcpip](policy-csp-admx-tcpip.md) +#### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md) +#### [ADMX_TPM](policy-csp-admx-tpm.md) +#### [ADMX_UserExperienceVirtualization](policy-csp-admx-userexperiencevirtualization.md) +#### [ADMX_UserProfiles](policy-csp-admx-userprofiles.md) +#### [ADMX_W32Time](policy-csp-admx-w32time.md) +#### [ADMX_WCM](policy-csp-admx-wcm.md) +#### [ADMX_WinCal](policy-csp-admx-wincal.md) +#### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md) +#### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md) +#### [ADMX_WindowsExplorer](policy-csp-admx-windowsexplorer.md) +#### [ADMX_WindowsFileProtection](policy-csp-admx-windowsfileprotection.md) +#### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md) +#### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md) +#### [ADMX_WindowsRemoteManagement](policy-csp-admx-windowsremotemanagement.md) +#### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md) +#### [ADMX_WinInit](policy-csp-admx-wininit.md) +#### [ADMX_WinLogon](policy-csp-admx-winlogon.md) +#### [ADMX-Winsrv](policy-csp-admx-winsrv.md) +#### [ADMX_wlansvc](policy-csp-admx-wlansvc.md) +#### [ADMX_WPN](policy-csp-admx-wpn.md) +#### [ApplicationDefaults](policy-csp-applicationdefaults.md) +#### [ApplicationManagement](policy-csp-applicationmanagement.md) +#### [AppRuntime](policy-csp-appruntime.md) +#### [AppVirtualization](policy-csp-appvirtualization.md) +#### [AttachmentManager](policy-csp-attachmentmanager.md) +#### [Audit](policy-csp-audit.md) +#### [Authentication](policy-csp-authentication.md) +#### [Autoplay](policy-csp-autoplay.md) +#### [BitLocker](policy-csp-bitlocker.md) +#### [BITS](policy-csp-bits.md) +#### [Bluetooth](policy-csp-bluetooth.md) +#### [Browser](policy-csp-browser.md) +#### [Camera](policy-csp-camera.md) +#### [Cellular](policy-csp-cellular.md) +#### [Connectivity](policy-csp-connectivity.md) +#### [ControlPolicyConflict](policy-csp-controlpolicyconflict.md) +#### [CredentialsDelegation](policy-csp-credentialsdelegation.md) +#### [CredentialProviders](policy-csp-credentialproviders.md) +#### [CredentialsUI](policy-csp-credentialsui.md) +#### [Cryptography](policy-csp-cryptography.md) +#### [DataProtection](policy-csp-dataprotection.md) +#### [DataUsage](policy-csp-datausage.md) +#### [Defender](policy-csp-defender.md) +#### [DeliveryOptimization](policy-csp-deliveryoptimization.md) +#### [Desktop](policy-csp-desktop.md) +#### [DeviceGuard](policy-csp-deviceguard.md) +#### [DeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md) +#### [DeviceInstallation](policy-csp-deviceinstallation.md) +#### [DeviceLock](policy-csp-devicelock.md) +#### [Display](policy-csp-display.md) +#### [DmaGuard](policy-csp-dmaguard.md) +#### [Education](policy-csp-education.md) +#### [EnterpriseCloudPrint](policy-csp-enterprisecloudprint.md) +#### [ErrorReporting](policy-csp-errorreporting.md) +#### [EventLogService](policy-csp-eventlogservice.md) +#### [Experience](policy-csp-experience.md) +#### [ExploitGuard](policy-csp-exploitguard.md) +#### [FileExplorer](policy-csp-fileexplorer.md) +#### [Games](policy-csp-games.md) +#### [Handwriting](policy-csp-handwriting.md) +#### [InternetExplorer](policy-csp-internetexplorer.md) +#### [Kerberos](policy-csp-kerberos.md) +#### [KioskBrowser](policy-csp-kioskbrowser.md) +#### [LanmanWorkstation](policy-csp-lanmanworkstation.md) +#### [Licensing](policy-csp-licensing.md) +#### [LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md) +#### [LocalUsersAndGroups](policy-csp-localusersandgroups.md) +#### [LockDown](policy-csp-lockdown.md) +#### [Maps](policy-csp-maps.md) +#### [Messaging](policy-csp-messaging.md) +#### [MixedReality](policy-csp-mixedreality.md) +#### [MSSecurityGuide](policy-csp-mssecurityguide.md) +#### [MSSLegacy](policy-csp-msslegacy.md) +#### [Multitasking](policy-csp-multitasking.md) +#### [NetworkIsolation](policy-csp-networkisolation.md) +#### [Notifications](policy-csp-notifications.md) +#### [Power](policy-csp-power.md) +#### [Printers](policy-csp-printers.md) +#### [Privacy](policy-csp-privacy.md) +#### [RemoteAssistance](policy-csp-remoteassistance.md) +#### [RemoteDesktopServices](policy-csp-remotedesktopservices.md) +#### [RemoteManagement](policy-csp-remotemanagement.md) +#### [RemoteProcedureCall](policy-csp-remoteprocedurecall.md) +#### [RemoteShell](policy-csp-remoteshell.md) +#### [RestrictedGroups](policy-csp-restrictedgroups.md) +#### [Search](policy-csp-search.md) +#### [Security](policy-csp-security.md) +#### [ServiceControlManager](policy-csp-servicecontrolmanager.md) +#### [Settings](policy-csp-settings.md) +#### [Speech](policy-csp-speech.md) +#### [Start](policy-csp-start.md) +#### [Storage](policy-csp-storage.md) +#### [System](policy-csp-system.md) +#### [SystemServices](policy-csp-systemservices.md) +#### [TaskManager](policy-csp-taskmanager.md) +#### [TaskScheduler](policy-csp-taskscheduler.md) +#### [TextInput](policy-csp-textinput.md) +#### [TimeLanguageSettings](policy-csp-timelanguagesettings.md) +#### [Troubleshooting](policy-csp-troubleshooting.md) +#### [Update](policy-csp-update.md) +#### [UserRights](policy-csp-userrights.md) +#### [Wifi](policy-csp-wifi.md) +#### [WindowsConnectionManager](policy-csp-windowsconnectionmanager.md) +#### [WindowsDefenderSecurityCenter](policy-csp-windowsdefendersecuritycenter.md) +#### [WindowsDefenderSmartScreen](policy-csp-smartscreen.md) +#### [WindowsInkWorkspace](policy-csp-windowsinkworkspace.md) +#### [WindowsLogon](policy-csp-windowslogon.md) +#### [WindowsPowerShell](policy-csp-windowspowershell.md) +#### [WindowsSandbox](policy-csp-windowssandbox.md) +#### [WirelessDisplay](policy-csp-wirelessdisplay.md) +### [PolicyManager CSP](policymanager-csp.md) +### [Provisioning CSP](provisioning-csp.md) +### [PROXY CSP](proxy-csp.md) +### [PXLOGICAL CSP](pxlogical-csp.md) +### [Reboot CSP](reboot-csp.md) +#### [Reboot DDF file](reboot-ddf-file.md) +### [Registry CSP](registry-csp.md) +#### [Registry DDF file](registry-ddf-file.md) +### [RemoteFind CSP](remotefind-csp.md) +#### [RemoteFind DDF file](remotefind-ddf-file.md) +### [RemoteLock CSP](remotelock-csp.md) +#### [RemoteLock DDF file](remotelock-ddf-file.md) +### [RemoteRing CSP](remotering-csp.md) +#### [RemoteRing DDF file](remotering-ddf-file.md) +### [RemoteWipe CSP](remotewipe-csp.md) +#### [RemoteWipe DDF file](remotewipe-ddf-file.md) +### [Reporting CSP](reporting-csp.md) +#### [Reporting DDF file](reporting-ddf-file.md) +### [RootCATrustedCertificates CSP](rootcacertificates-csp.md) +#### [RootCATrustedCertificates DDF file](rootcacertificates-ddf-file.md) +### [SecureAssessment CSP](secureassessment-csp.md) +#### [SecureAssessment DDF file](secureassessment-ddf-file.md) +### [SecurityPolicy CSP](securitypolicy-csp.md) +### [SharedPC CSP](sharedpc-csp.md) +#### [SharedPC DDF file](sharedpc-ddf-file.md) +### [Storage CSP](storage-csp.md) +#### [Storage DDF file](storage-ddf-file.md) +### [SUPL CSP](supl-csp.md) +#### [SUPL DDF file](supl-ddf-file.md) +### [SurfaceHub CSP](surfacehub-csp.md) +#### [SurfaceHub DDF file](surfacehub-ddf-file.md) +### [TenantLockdown CSP](tenantlockdown-csp.md) +#### [TenantLockdown DDF file](tenantlockdown-ddf.md) +### [TPMPolicy CSP](tpmpolicy-csp.md) +#### [TPMPolicy DDF file](tpmpolicy-ddf-file.md) +### [UEFI CSP](uefi-csp.md) +#### [UEFI DDF file](uefi-ddf.md) +### [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md) +#### [UnifiedWriteFilter DDF file](unifiedwritefilter-ddf.md) +### [Update CSP](update-csp.md) +#### [Update DDF file](update-ddf-file.md) +### [VPN CSP](vpn-csp.md) +#### [VPN DDF file](vpn-ddf-file.md) +### [VPNv2 CSP](vpnv2-csp.md) +#### [VPNv2 DDF file](vpnv2-ddf-file.md) +#### [ProfileXML XSD](vpnv2-profile-xsd.md) +#### [EAP configuration](eap-configuration.md) +### [w4 APPLICATION CSP](w4-application-csp.md) +### [w7 APPLICATION CSP](w7-application-csp.md) +### [WiFi CSP](wifi-csp.md) +#### [WiFi DDF file](wifi-ddf-file.md) +### [Win32AppInventory CSP](win32appinventory-csp.md) +#### [Win32AppInventory DDF file](win32appinventory-ddf-file.md) +### [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md) +#### [Win32CompatibilityAppraiser DDF file](win32compatibilityappraiser-ddf.md) +### [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) +#### [WindowsAdvancedThreatProtection DDF file](windowsadvancedthreatprotection-ddf.md) +### [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) +#### [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md) +### [WindowsLicensing CSP](windowslicensing-csp.md) +#### [WindowsLicensing DDF file](windowslicensing-ddf-file.md) +### [WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md) +#### [WindowsSecurityAuditing DDF file](windowssecurityauditing-ddf-file.md) +### [WiredNetwork CSP](wirednetwork-csp.md) +#### [WiredNetwork DDF file](wirednetwork-ddf-file.md) \ No newline at end of file diff --git a/windows/client-management/mdm/TOC.yml b/windows/client-management/mdm/TOC.yml deleted file mode 100644 index 8a50f6ccd9..0000000000 --- a/windows/client-management/mdm/TOC.yml +++ /dev/null @@ -1,954 +0,0 @@ -- name: Mobile device management - href: index.md - items: - - name: What's new in MDM enrollment and management - href: new-in-windows-mdm-enrollment-management.md - items: - - name: Change history for MDM documentation - href: change-history-for-mdm-documentation.md - - name: Mobile device enrollment - href: mobile-device-enrollment.md - items: - - name: MDM enrollment of Windows devices - href: mdm-enrollment-of-windows-devices.md - items: - - name: "Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal" - href: azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md - - name: Enroll a Windows 10 device automatically using Group Policy - href: enroll-a-windows-10-device-automatically-using-group-policy.md - - name: Federated authentication device enrollment - href: federated-authentication-device-enrollment.md - - name: Certificate authentication device enrollment - href: certificate-authentication-device-enrollment.md - - name: On-premises authentication device enrollment - href: on-premise-authentication-device-enrollment.md - - name: Understanding ADMX-backed policies - href: understanding-admx-backed-policies.md - - name: Enable ADMX-backed policies in MDM - href: enable-admx-backed-policies-in-mdm.md - - name: Win32 and Desktop Bridge app policy configuration - href: win32-and-centennial-app-policy-configuration.md - - name: Implement server-side support for mobile application management on Windows - href: implement-server-side-mobile-application-management.md - - name: Diagnose MDM failures in Windows 10 - href: diagnose-mdm-failures-in-windows-10.md - - name: Deploy and configure App-V apps using MDM - href: appv-deploy-and-config.md - - name: Azure Active Directory integration with MDM - href: azure-active-directory-integration-with-mdm.md - items: - - name: Add an Azure AD tenant and Azure AD subscription - href: add-an-azure-ad-tenant-and-azure-ad-subscription.md - - name: Register your free Azure Active Directory subscription - href: register-your-free-azure-active-directory-subscription.md - - name: Enterprise app management - href: enterprise-app-management.md - - name: Mobile device management (MDM) for device updates - href: device-update-management.md - - name: Bulk enrollment - href: bulk-enrollment-using-windows-provisioning-tool.md - - name: Management tool for the Microsoft Store for Business - href: management-tool-for-windows-store-for-business.md - items: - - name: REST API reference for Microsoft Store for Business - href: rest-api-reference-windows-store-for-business.md - items: - - name: Data structures for Microsoft Store for Business - href: data-structures-windows-store-for-business.md - - name: Get Inventory - href: get-inventory.md - - name: Get product details - href: get-product-details.md - - name: Get localized product details - href: get-localized-product-details.md - - name: Get offline license - href: get-offline-license.md - - name: Get product packages - href: get-product-packages.md - - name: Get product package - href: get-product-package.md - - name: Get seats - href: get-seats.md - - name: Get seat - href: get-seat.md - - name: Assign seats - href: assign-seats.md - - name: Reclaim seat from user - href: reclaim-seat-from-user.md - - name: Bulk assign and reclaim seats from users - href: bulk-assign-and-reclaim-seats-from-user.md - - name: Get seats assigned to a user - href: get-seats-assigned-to-a-user.md - - name: Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices - href: enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md - - name: Certificate renewal - href: certificate-renewal-windows-mdm.md - - name: Disconnecting from the management infrastructure (unenrollment) - href: disconnecting-from-mdm-unenrollment.md - - name: Enterprise settings, policies, and app management - href: windows-mdm-enterprise-settings.md - - name: Push notification support for device management - href: push-notification-windows-mdm.md - - name: OMA DM protocol support - href: oma-dm-protocol-support.md - - name: Structure of OMA DM provisioning files - href: structure-of-oma-dm-provisioning-files.md - - name: Server requirements for OMA DM - href: server-requirements-windows-mdm.md - - name: DMProcessConfigXMLFiltered - href: dmprocessconfigxmlfiltered.md - - name: Using PowerShell scripting with the WMI Bridge Provider - href: using-powershell-scripting-with-the-wmi-bridge-provider.md - - name: WMI providers supported in Windows 10 - href: wmi-providers-supported-in-windows.md - - name: Configuration service provider reference - href: configuration-service-provider-reference.md - items: - - name: AccountManagement CSP - href: accountmanagement-csp.md - items: - - name: AccountManagement DDF file - href: accountmanagement-ddf.md - - name: Accounts CSP - href: accounts-csp.md - items: - - name: Accounts DDF file - href: accounts-ddf-file.md - - name: ActiveSync CSP - href: activesync-csp.md - items: - - name: ActiveSync DDF file - href: activesync-ddf-file.md - - name: AllJoynManagement CSP - href: alljoynmanagement-csp.md - items: - - name: AllJoynManagement DDF - href: alljoynmanagement-ddf.md - - name: APPLICATION CSP - href: application-csp.md - - name: ApplicationControl CSP - href: applicationcontrol-csp.md - items: - - name: ApplicationControl DDF file - href: applicationcontrol-csp-ddf.md - - name: AppLocker CSP - href: applocker-csp.md - items: - - name: AppLocker DDF file - href: applocker-ddf-file.md - - name: AppLocker XSD - href: applocker-xsd.md - - name: AssignedAccess CSP - href: assignedaccess-csp.md - items: - - name: AssignedAccess DDF file - href: assignedaccess-ddf.md - - name: BitLocker CSP - href: bitlocker-csp.md - items: - - name: BitLocker DDF file - href: bitlocker-ddf-file.md - - name: BOOTSTRAP CSP - href: bootstrap-csp.md - - name: BrowserFavorite CSP - href: browserfavorite-csp.md - - name: CellularSettings CSP - href: cellularsettings-csp.md - - name: CertificateStore CSP - href: certificatestore-csp.md - items: - - name: CertificateStore DDF file - href: certificatestore-ddf-file.md - - name: CleanPC CSP - href: cleanpc-csp.md - items: - - name: CleanPC DDF - href: cleanpc-ddf.md - - name: ClientCertificateInstall CSP - href: clientcertificateinstall-csp.md - items: - - name: ClientCertificateInstall DDF file - href: clientcertificateinstall-ddf-file.md - - name: CM_CellularEntries CSP - href: cm-cellularentries-csp.md - - name: CM_ProxyEntries CSP - href: cm-proxyentries-csp.md - - name: CMPolicy CSP - href: cmpolicy-csp.md - - name: CMPolicyEnterprise CSP - href: cmpolicyenterprise-csp.md - items: - - name: CMPolicyEnterprise DDF file - href: cmpolicyenterprise-ddf-file.md - - name: CustomDeviceUI CSP - href: customdeviceui-csp.md - items: - - name: CustomDeviceUI DDF file - href: customdeviceui-ddf.md - - name: Defender CSP - href: defender-csp.md - items: - - name: Defender DDF file - href: defender-ddf.md - - name: DevDetail CSP - href: devdetail-csp.md - items: - - name: DevDetail DDF file - href: devdetail-ddf-file.md - - name: DeveloperSetup CSP - href: developersetup-csp.md - items: - - name: DeveloperSetup DDF - href: developersetup-ddf.md - - name: DeviceInstanceService CSP - href: deviceinstanceservice-csp.md - - name: DeviceLock CSP - href: devicelock-csp.md - items: - - name: DeviceLock DDF file - href: devicelock-ddf-file.md - - name: DeviceManageability CSP - href: devicemanageability-csp.md - items: - - name: DeviceManageability DDF - href: devicemanageability-ddf.md - - name: DeviceStatus CSP - href: devicestatus-csp.md - items: - - name: DeviceStatus DDF - href: devicestatus-ddf.md - - name: DevInfo CSP - href: devinfo-csp.md - items: - - name: DevInfo DDF file - href: devinfo-ddf-file.md - - name: DiagnosticLog CSP - href: diagnosticlog-csp.md - items: - - name: DiagnosticLog DDF file - href: diagnosticlog-ddf.md - - name: DMAcc CSP - href: dmacc-csp.md - items: - - name: DMAcc DDF file - href: dmacc-ddf-file.md - - name: DMClient CSP - href: dmclient-csp.md - items: - - name: DMClient DDF file - href: dmclient-ddf-file.md - - name: DMSessionActions CSP - href: dmsessionactions-csp.md - items: - - name: DMSessionActions DDF file - href: dmsessionactions-ddf.md - - name: DynamicManagement CSP - href: dynamicmanagement-csp.md - items: - - name: DynamicManagement DDF file - href: dynamicmanagement-ddf.md - - name: EMAIL2 CSP - href: email2-csp.md - items: - - name: EMAIL2 DDF file - href: email2-ddf-file.md - - name: EnrollmentStatusTracking CSP - href: enrollmentstatustracking-csp.md - items: - - name: EnrollmentStatusTracking DDF file - href: enrollmentstatustracking-csp-ddf.md - - name: EnterpriseAPN CSP - href: enterpriseapn-csp.md - items: - - name: EnterpriseAPN DDF - href: enterpriseapn-ddf.md - - name: EnterpriseAppManagement CSP - href: enterpriseappmanagement-csp.md - - name: EnterpriseAppVManagement CSP - href: enterpriseappvmanagement-csp.md - items: - - name: EnterpriseAppVManagement DDF file - href: enterpriseappvmanagement-ddf.md - - name: EnterpriseAssignedAccess CSP - href: enterpriseassignedaccess-csp.md - items: - - name: EnterpriseAssignedAccess DDF file - href: enterpriseassignedaccess-ddf.md - - name: EnterpriseAssignedAccess XSD - href: enterpriseassignedaccess-xsd.md - - name: EnterpriseDataProtection CSP - href: enterprisedataprotection-csp.md - items: - - name: EnterpriseDataProtection DDF file - href: enterprisedataprotection-ddf-file.md - - name: EnterpriseDesktopAppManagement CSP - href: enterprisedesktopappmanagement-csp.md - items: - - name: EnterpriseDesktopAppManagement DDF - href: enterprisedesktopappmanagement-ddf-file.md - - name: EnterpriseDesktopAppManagement XSD - href: enterprisedesktopappmanagement2-xsd.md - - name: EnterpriseExt CSP - href: enterpriseext-csp.md - items: - - name: EnterpriseExt DDF file - href: enterpriseext-ddf.md - - name: EnterpriseExtFileSystem CSP - href: enterpriseextfilessystem-csp.md - items: - - name: EnterpriseExtFileSystem DDF file - href: enterpriseextfilesystem-ddf.md - - name: EnterpriseModernAppManagement CSP - href: enterprisemodernappmanagement-csp.md - items: - - name: EnterpriseModernAppManagement DDF - href: enterprisemodernappmanagement-ddf.md - - name: EnterpriseModernAppManagement XSD - href: enterprisemodernappmanagement-xsd.md - - name: eUICCs CSP - href: euiccs-csp.md - items: - - name: eUICCs DDF file - href: euiccs-ddf-file.md - - name: FileSystem CSP - href: filesystem-csp.md - - name: Firewall CSP - href: firewall-csp.md - items: - - name: Firewall DDF file - href: firewall-ddf-file.md - - name: HealthAttestation CSP - href: healthattestation-csp.md - items: - - name: HealthAttestation DDF - href: healthattestation-ddf.md - - name: HotSpot CSP - href: hotspot-csp.md - - name: Maps CSP - href: maps-csp.md - items: - - name: Maps DDF - href: maps-ddf-file.md - - name: Messaging CSP - href: messaging-csp.md - items: - - name: Messaging DDF file - href: messaging-ddf.md - - name: MultiSIM CSP - href: multisim-csp.md - items: - - name: MultiSIM DDF file - href: multisim-ddf.md - - name: NAP CSP - href: nap-csp.md - - name: NAPDEF CSP - href: napdef-csp.md - - name: NetworkProxy CSP - href: networkproxy-csp.md - items: - - name: NetworkProxy DDF file - href: networkproxy-ddf.md - - name: NetworkQoSPolicy CSP - href: networkqospolicy-csp.md - items: - - name: NetworkQoSPolicy DDF file - href: networkqospolicy-ddf.md - - name: NodeCache CSP - href: nodecache-csp.md - items: - - name: NodeCache DDF file - href: nodecache-ddf-file.md - - name: Office CSP - href: office-csp.md - items: - - name: Office DDF - href: office-ddf.md - - name: PassportForWork CSP - href: passportforwork-csp.md - items: - - name: PassportForWork DDF file - href: passportforwork-ddf.md - - name: Personalization CSP - href: personalization-csp.md - items: - - name: Personalization DDF file - href: personalization-ddf.md - - name: Policy CSP - href: policy-configuration-service-provider.md - items: - - name: Policy CSP DDF file - href: policy-ddf-file.md - - name: Policies in Policy CSP supported by Group Policy - href: policies-in-policy-csp-supported-by-group-policy.md - - name: ADMX-backed policies in Policy CSP - href: policies-in-policy-csp-admx-backed.md - - name: Policies in Policy CSP supported by HoloLens 2 - href: policies-in-policy-csp-supported-by-hololens2.md - - name: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite - href: policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md - - name: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition - href: policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md - - name: Policies in Policy CSP supported by Windows 10 IoT Enterprise - href: ./configuration-service-provider-reference.md - - name: Policies in Policy CSP supported by Windows 10 IoT Core - href: policies-in-policy-csp-supported-by-iot-core.md - - name: Policies in Policy CSP supported by Microsoft Surface Hub - href: policies-in-policy-csp-supported-by-surface-hub.md - - name: Policy CSPs that can be set using Exchange Active Sync (EAS) - href: policies-in-policy-csp-that-can-be-set-using-eas.md - - name: AboveLock - href: policy-csp-abovelock.md - - name: Accounts - href: policy-csp-accounts.md - - name: ActiveXControls - href: policy-csp-activexcontrols.md - - name: ADMX_ActiveXInstallService - href: policy-csp-admx-activexinstallservice.md - - name: ADMX_AddRemovePrograms - href: policy-csp-admx-addremoveprograms.md - - name: ADMX_AppCompat - href: policy-csp-admx-appcompat.md - - name: ADMX_AppxPackageManager - href: policy-csp-admx-appxpackagemanager.md - - name: ADMX_AppXRuntime - href: policy-csp-admx-appxruntime.md - - name: ADMX_AttachmentManager - href: policy-csp-admx-attachmentmanager.md - - name: ADMX_AuditSettings - href: policy-csp-admx-auditsettings.md - - name: ADMX_Bits - href: policy-csp-admx-bits.md - - name: ADMX_CipherSuiteOrder - href: policy-csp-admx-ciphersuiteorder.md - - name: ADMX_COM - href: policy-csp-admx-com.md - - name: ADMX_ControlPanel - href: policy-csp-admx-controlpanel.md - - name: ADMX_ControlPanelDisplay - href: policy-csp-admx-controlpaneldisplay.md - - name: ADMX_Cpls - href: policy-csp-admx-cpls.md - - name: ADMX_CredentialProviders - href: policy-csp-admx-credentialproviders.md - - name: ADMX_CredSsp - href: policy-csp-admx-credssp.md - - name: ADMX_CredUI - href: policy-csp-admx-credui.md - - name: ADMX_CtrlAltDel - href: policy-csp-admx-ctrlaltdel.md - - name: ADMX_DataCollection - href: policy-csp-admx-datacollection.md - - name: ADMX_Desktop - href: policy-csp-admx-desktop.md - - name: ADMX_DeviceInstallation - href: policy-csp-admx-deviceinstallation.md - - name: ADMX_DeviceSetup - href: policy-csp-admx-devicesetup.md - - name: ADMX_DigitalLocker - href: policy-csp-admx-digitallocker.md - - name: ADMX_DistributedLinkTracking - href: policy-csp-admx-distributedlinktracking.md - - name: ADMX_DnsClient - href: policy-csp-admx-dnsclient.md - - name: ADMX_DWM - href: policy-csp-admx-dwm.md - - name: ADMX_EAIME - href: policy-csp-admx-eaime.md - - name: ADMX_EncryptFilesonMove - href: policy-csp-admx-encryptfilesonmove.md - - name: ADMX_EnhancedStorage - href: policy-csp-admx-enhancedstorage.md - - name: ADMX_ErrorReporting - href: policy-csp-admx-errorreporting.md - - name: ADMX_EventForwarding - href: policy-csp-admx-eventforwarding.md - - name: ADMX_EventLog - href: policy-csp-admx-eventlog.md - - name: ADMX_Explorer - href: policy-csp-admx-explorer.md - - name: ADMX_FileRecovery - href: policy-csp-admx-filerecovery.md - - name: ADMX_FileServerVSSProvider - href: policy-csp-admx-fileservervssprovider.md - - name: ADMX_FileSys - href: policy-csp-admx-filesys.md - - name: ADMX_FolderRedirection - href: policy-csp-admx-folderredirection.md - - name: ADMX_Globalization - href: policy-csp-admx-globalization.md - - name: ADMX_GroupPolicy - href: policy-csp-admx-grouppolicy.md - - name: ADMX_Help - href: policy-csp-admx-help.md - - name: ADMX_HelpAndSupport - href: policy-csp-admx-helpandsupport.md - - name: ADMX_ICM - href: policy-csp-admx-icm.md - - name: ADMX_kdc - href: policy-csp-admx-kdc.md - - name: ADMX_Kerberos - href: policy-csp-admx-kerberos.md - - name: ADMX_LanmanServer - href: policy-csp-admx-lanmanserver.md - - name: ADMX_LanmanWorkstation - href: policy-csp-admx-lanmanworkstation.md - - name: ADMX_LinkLayerTopologyDiscovery - href: policy-csp-admx-linklayertopologydiscovery.md - - name: ADMX_Logon - href: policy-csp-admx-logon.md - - name: ADMX_MicrosoftDefenderAntivirus - href: policy-csp-admx-microsoftdefenderantivirus.md - - name: ADMX_MMC - href: policy-csp-admx-mmc.md - - name: ADMX_MMCSnapins - href: policy-csp-admx-mmcsnapins.md - - name: ADMX_MSAPolicy - href: policy-csp-admx-msapolicy.md - - name: ADMX_msched - href: policy-csp-admx-msched.md - - name: ADMX_MSDT - href: policy-csp-admx-msdt.md - - name: ADMX_MSI - href: policy-csp-admx-msi.md - - name: ADMX_nca - href: policy-csp-admx-nca.md - - name: ADMX_NCSI - href: policy-csp-admx-ncsi.md - - name: ADMX_Netlogon - href: policy-csp-admx-netlogon.md - - name: ADMX_NetworkConnections - href: policy-csp-admx-networkconnections.md - - name: ADMX_OfflineFiles - href: policy-csp-admx-offlinefiles.md - - name: ADMX_PeerToPeerCaching - href: policy-csp-admx-peertopeercaching.md - - name: ADMX_PerformanceDiagnostics - href: policy-csp-admx-performancediagnostics.md - - name: ADMX_Power - href: policy-csp-admx-power.md - - name: ADMX_PowerShellExecutionPolicy - href: policy-csp-admx-powershellexecutionpolicy.md - - name: ADMX_Printing - href: policy-csp-admx-printing.md - - name: ADMX_Printing2 - href: policy-csp-admx-printing2.md - - name: ADMX_Programs - href: policy-csp-admx-programs.md - - name: ADMX_Reliability - href: policy-csp-admx-reliability.md - - name: ADMX_RemoteAssistance - href: policy-csp-admx-remoteassistance.md - - name: ADMX_RemovableStorage - href: policy-csp-admx-removablestorage.md - - name: ADMX_RPC - href: policy-csp-admx-rpc.md - - name: ADMX_Scripts - href: policy-csp-admx-scripts.md - - name: ADMX_sdiageng - href: policy-csp-admx-sdiageng.md - - name: ADMX_Securitycenter - href: policy-csp-admx-securitycenter.md - - name: ADMX_Sensors - href: policy-csp-admx-sensors.md - - name: ADMX_Servicing - href: policy-csp-admx-servicing.md - - name: ADMX_SettingSync - href: policy-csp-admx-settingsync.md - - name: ADMX_SharedFolders - href: policy-csp-admx-sharedfolders.md - - name: ADMX_Sharing - href: policy-csp-admx-sharing.md - - name: ADMX_ShellCommandPromptRegEditTools - href: policy-csp-admx-shellcommandpromptregedittools.md - - name: ADMX_SkyDrive - href: policy-csp-admx-skydrive.md - - name: ADMX_Smartcard - href: policy-csp-admx-smartcard.md - - name: ADMX_Snmp - href: policy-csp-admx-snmp.md - - name: ADMX_StartMenu - href: policy-csp-admx-startmenu.md - - name: ADMX_SystemRestore - href: policy-csp-admx-systemrestore.md - - name: ADMX_Taskbar - href: policy-csp-admx-taskbar.md - - name: ADMX_tcpip - href: policy-csp-admx-tcpip.md - - name: ADMX_Thumbnails - href: policy-csp-admx-thumbnails.md - - name: ADMX_TPM - href: policy-csp-admx-tpm.md - - name: ADMX_UserExperienceVirtualization - href: policy-csp-admx-userexperiencevirtualization.md - - name: ADMX_UserProfiles - href: policy-csp-admx-userprofiles.md - - name: ADMX_W32Time - href: policy-csp-admx-w32time.md - - name: ADMX_WCM - href: policy-csp-admx-wcm.md - - name: ADMX_WinCal - href: policy-csp-admx-wincal.md - - name: ADMX_WindowsAnytimeUpgrade - href: policy-csp-admx-windowsanytimeupgrade.md - - name: ADMX_WindowsConnectNow - href: policy-csp-admx-windowsconnectnow.md - - name: ADMX_WindowsExplorer - href: policy-csp-admx-windowsexplorer.md - - name: ADMX_WindowsFileProtection - href: policy-csp-admx-windowsfileprotection.md - - name: ADMX_WindowsMediaDRM - href: policy-csp-admx-windowsmediadrm.md - - name: ADMX_WindowsMediaPlayer - href: policy-csp-admx-windowsmediaplayer.md - - name: ADMX_WindowsRemoteManagement - href: policy-csp-admx-windowsremotemanagement.md - - name: ADMX_WindowsStore - href: policy-csp-admx-windowsstore.md - - name: ADMX_WinInit - href: policy-csp-admx-wininit.md - - name: ADMX_WinLogon - href: policy-csp-admx-winlogon.md - - name: ADMX-Winsrv - href: policy-csp-admx-winsrv.md - - name: ADMX_wlansvc - href: policy-csp-admx-wlansvc.md - - name: ADMX_WPN - href: policy-csp-admx-wpn.md - - name: ApplicationDefaults - href: policy-csp-applicationdefaults.md - - name: ApplicationManagement - href: policy-csp-applicationmanagement.md - - name: AppRuntime - href: policy-csp-appruntime.md - - name: AppVirtualization - href: policy-csp-appvirtualization.md - - name: AttachmentManager - href: policy-csp-attachmentmanager.md - - name: Audit - href: policy-csp-audit.md - - name: Authentication - href: policy-csp-authentication.md - - name: Autoplay - href: policy-csp-autoplay.md - - name: BitLocker - href: policy-csp-bitlocker.md - - name: BITS - href: policy-csp-bits.md - - name: Bluetooth - href: policy-csp-bluetooth.md - - name: Browser - href: policy-csp-browser.md - - name: Camera - href: policy-csp-camera.md - - name: Cellular - href: policy-csp-cellular.md - - name: Connectivity - href: policy-csp-connectivity.md - - name: ControlPolicyConflict - href: policy-csp-controlpolicyconflict.md - - name: CredentialsDelegation - href: policy-csp-credentialsdelegation.md - - name: CredentialProviders - href: policy-csp-credentialproviders.md - - name: CredentialsUI - href: policy-csp-credentialsui.md - - name: Cryptography - href: policy-csp-cryptography.md - - name: DataProtection - href: policy-csp-dataprotection.md - - name: DataUsage - href: policy-csp-datausage.md - - name: Defender - href: policy-csp-defender.md - - name: DeliveryOptimization - href: policy-csp-deliveryoptimization.md - - name: Desktop - href: policy-csp-desktop.md - - name: DeviceGuard - href: policy-csp-deviceguard.md - - name: DeviceHealthMonitoring - href: policy-csp-devicehealthmonitoring.md - - name: DeviceInstallation - href: policy-csp-deviceinstallation.md - - name: DeviceLock - href: policy-csp-devicelock.md - - name: Display - href: policy-csp-display.md - - name: DmaGuard - href: policy-csp-dmaguard.md - - name: Education - href: policy-csp-education.md - - name: EnterpriseCloudPrint - href: policy-csp-enterprisecloudprint.md - - name: ErrorReporting - href: policy-csp-errorreporting.md - - name: EventLogService - href: policy-csp-eventlogservice.md - - name: Experience - href: policy-csp-experience.md - - name: ExploitGuard - href: policy-csp-exploitguard.md - - name: FileExplorer - href: policy-csp-fileexplorer.md - - name: Games - href: policy-csp-games.md - - name: Handwriting - href: policy-csp-handwriting.md - - name: InternetExplorer - href: policy-csp-internetexplorer.md - - name: Kerberos - href: policy-csp-kerberos.md - - name: KioskBrowser - href: policy-csp-kioskbrowser.md - - name: LanmanWorkstation - href: policy-csp-lanmanworkstation.md - - name: Licensing - href: policy-csp-licensing.md - - name: LocalPoliciesSecurityOptions - href: policy-csp-localpoliciessecurityoptions.md - - name: LocalUsersAndGroups - href: policy-csp-localusersandgroups.md - - name: LockDown - href: policy-csp-lockdown.md - - name: Maps - href: policy-csp-maps.md - - name: Messaging - href: policy-csp-messaging.md - - name: MixedReality - href: policy-csp-mixedreality.md - - name: MSSecurityGuide - href: policy-csp-mssecurityguide.md - - name: MSSLegacy - href: policy-csp-msslegacy.md - - name: Multitasking - href: policy-csp-multitasking.md - - name: NetworkIsolation - href: policy-csp-networkisolation.md - - name: Notifications - href: policy-csp-notifications.md - - name: Power - href: policy-csp-power.md - - name: Printers - href: policy-csp-printers.md - - name: Privacy - href: policy-csp-privacy.md - - name: RemoteAssistance - href: policy-csp-remoteassistance.md - - name: RemoteDesktopServices - href: policy-csp-remotedesktopservices.md - - name: RemoteManagement - href: policy-csp-remotemanagement.md - - name: RemoteProcedureCall - href: policy-csp-remoteprocedurecall.md - - name: RemoteShell - href: policy-csp-remoteshell.md - - name: RestrictedGroups - href: policy-csp-restrictedgroups.md - - name: Search - href: policy-csp-search.md - - name: Security - href: policy-csp-security.md - - name: ServiceControlManager - href: policy-csp-servicecontrolmanager.md - - name: Settings - href: policy-csp-settings.md - - name: Speech - href: policy-csp-speech.md - - name: Start - href: policy-csp-start.md - - name: Storage - href: policy-csp-storage.md - - name: System - href: policy-csp-system.md - - name: SystemServices - href: policy-csp-systemservices.md - - name: TaskManager - href: policy-csp-taskmanager.md - - name: TaskScheduler - href: policy-csp-taskscheduler.md - - name: TextInput - href: policy-csp-textinput.md - - name: TimeLanguageSettings - href: policy-csp-timelanguagesettings.md - - name: Troubleshooting - href: policy-csp-troubleshooting.md - - name: Update - href: policy-csp-update.md - - name: UserRights - href: policy-csp-userrights.md - - name: Wifi - href: policy-csp-wifi.md - - name: WindowsConnectionManager - href: policy-csp-windowsconnectionmanager.md - - name: WindowsDefenderSecurityCenter - href: policy-csp-windowsdefendersecuritycenter.md - - name: WindowsDefenderSmartScreen - href: policy-csp-smartscreen.md - - name: WindowsInkWorkspace - href: policy-csp-windowsinkworkspace.md - - name: WindowsLogon - href: policy-csp-windowslogon.md - - name: WindowsPowerShell - href: policy-csp-windowspowershell.md - - name: WindowsSandbox - href: policy-csp-windowssandbox.md - - name: WirelessDisplay - href: policy-csp-wirelessdisplay.md - - name: PolicyManager CSP - href: policymanager-csp.md - - name: Provisioning CSP - href: provisioning-csp.md - - name: PROXY CSP - href: proxy-csp.md - - name: PXLOGICAL CSP - href: pxlogical-csp.md - - name: Reboot CSP - href: reboot-csp.md - items: - - name: Reboot DDF file - href: reboot-ddf-file.md - - name: Registry CSP - href: registry-csp.md - items: - - name: Registry DDF file - href: registry-ddf-file.md - - name: RemoteFind CSP - href: remotefind-csp.md - items: - - name: RemoteFind DDF file - href: remotefind-ddf-file.md - - name: RemoteLock CSP - href: remotelock-csp.md - items: - - name: RemoteLock DDF file - href: remotelock-ddf-file.md - - name: RemoteRing CSP - href: remotering-csp.md - items: - - name: RemoteRing DDF file - href: remotering-ddf-file.md - - name: RemoteWipe CSP - href: remotewipe-csp.md - items: - - name: RemoteWipe DDF file - href: remotewipe-ddf-file.md - - name: Reporting CSP - href: reporting-csp.md - items: - - name: Reporting DDF file - href: reporting-ddf-file.md - - name: RootCATrustedCertificates CSP - href: rootcacertificates-csp.md - items: - - name: RootCATrustedCertificates DDF file - href: rootcacertificates-ddf-file.md - - name: SecureAssessment CSP - href: secureassessment-csp.md - items: - - name: SecureAssessment DDF file - href: secureassessment-ddf-file.md - - name: SecurityPolicy CSP - href: securitypolicy-csp.md - - name: SharedPC CSP - href: sharedpc-csp.md - items: - - name: SharedPC DDF file - href: sharedpc-ddf-file.md - - name: Storage CSP - href: storage-csp.md - items: - - name: Storage DDF file - href: storage-ddf-file.md - - name: SUPL CSP - href: supl-csp.md - items: - - name: SUPL DDF file - href: supl-ddf-file.md - - name: SurfaceHub CSP - href: surfacehub-csp.md - items: - - name: SurfaceHub DDF file - href: surfacehub-ddf-file.md - - name: TenantLockdown CSP - href: tenantlockdown-csp.md - items: - - name: TenantLockdown DDF file - href: tenantlockdown-ddf.md - - name: TPMPolicy CSP - href: tpmpolicy-csp.md - items: - - name: TPMPolicy DDF file - href: tpmpolicy-ddf-file.md - - name: UEFI CSP - href: uefi-csp.md - items: - - name: UEFI DDF file - href: uefi-ddf.md - - name: UnifiedWriteFilter CSP - href: unifiedwritefilter-csp.md - items: - - name: UnifiedWriteFilter DDF file - href: unifiedwritefilter-ddf.md - - name: Update CSP - href: update-csp.md - items: - - name: Update DDF file - href: update-ddf-file.md - - name: VPN CSP - href: vpn-csp.md - items: - - name: VPN DDF file - href: vpn-ddf-file.md - - name: VPNv2 CSP - href: vpnv2-csp.md - items: - - name: VPNv2 DDF file - href: vpnv2-ddf-file.md - - name: ProfileXML XSD - href: vpnv2-profile-xsd.md - - name: EAP configuration - href: eap-configuration.md - - name: w4 APPLICATION CSP - href: w4-application-csp.md - - name: w7 APPLICATION CSP - href: w7-application-csp.md - - name: WiFi CSP - href: wifi-csp.md - items: - - name: WiFi DDF file - href: wifi-ddf-file.md - - name: Win32AppInventory CSP - href: win32appinventory-csp.md - items: - - name: Win32AppInventory DDF file - href: win32appinventory-ddf-file.md - - name: Win32CompatibilityAppraiser CSP - href: win32compatibilityappraiser-csp.md - items: - - name: Win32CompatibilityAppraiser DDF file - href: win32compatibilityappraiser-ddf.md - - name: WindowsAdvancedThreatProtection CSP - href: windowsadvancedthreatprotection-csp.md - items: - - name: WindowsAdvancedThreatProtection DDF file - href: windowsadvancedthreatprotection-ddf.md - - name: WindowsDefenderApplicationGuard CSP - href: windowsdefenderapplicationguard-csp.md - items: - - name: WindowsDefenderApplicationGuard DDF file - href: windowsdefenderapplicationguard-ddf-file.md - - name: WindowsLicensing CSP - href: windowslicensing-csp.md - items: - - name: WindowsLicensing DDF file - href: windowslicensing-ddf-file.md - - name: WindowsSecurityAuditing CSP - href: windowssecurityauditing-csp.md - items: - - name: WindowsSecurityAuditing DDF file - href: windowssecurityauditing-ddf-file.md - - name: WiredNetwork CSP - href: wirednetwork-csp.md - items: - - name: WiredNetwork DDF file - href: wirednetwork-ddf-file.md From 4866801679b9f7c5d56e6655cf052f3e63fab6e7 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Apr 2021 21:15:21 -0700 Subject: [PATCH 122/156] Restoring the YAML version of application-management/TOC.md --- windows/application-management/TOC.md | 112 ------------ windows/application-management/TOC.yml | 244 +++++++++++++++++++++++++ 2 files changed, 244 insertions(+), 112 deletions(-) delete mode 100644 windows/application-management/TOC.md create mode 100644 windows/application-management/TOC.yml diff --git a/windows/application-management/TOC.md b/windows/application-management/TOC.md deleted file mode 100644 index 45491337c3..0000000000 --- a/windows/application-management/TOC.md +++ /dev/null @@ -1,112 +0,0 @@ -# [Manage applications in Windows 10](index.md) -## [Sideload apps](sideload-apps-in-windows-10.md) -## [Remove background task resource restrictions](enterprise-background-activity-controls.md) -## [Enable or block Windows Mixed Reality apps in the enterprise](manage-windows-mixed-reality.md) -## [Understand apps in Windows 10](apps-in-windows-10.md) -## [Add apps and features in Windows 10](add-apps-and-features.md) -## [Repackage win32 apps in the MSIX format](msix-app-packaging-tool.md) -## [Application Virtualization (App-V) for Windows](app-v/appv-for-windows.md) -### [Getting Started with App-V](app-v/appv-getting-started.md) -#### [What's new in App-V for Windows 10, version 1703 and earlier](app-v/appv-about-appv.md) -##### [Release Notes for App-V for Windows 10, version 1607](app-v/appv-release-notes-for-appv-for-windows.md) -##### [Release Notes for App-V for Windows 10, version 1703](app-v/appv-release-notes-for-appv-for-windows-1703.md) -#### [Evaluating App-V](app-v/appv-evaluating-appv.md) -#### [High Level Architecture for App-V](app-v/appv-high-level-architecture.md) -### [Planning for App-V](app-v/appv-planning-for-appv.md) -#### [Preparing Your Environment for App-V](app-v/appv-preparing-your-environment.md) -##### [App-V Prerequisites](app-v/appv-prerequisites.md) -##### [App-V Security Considerations](app-v/appv-security-considerations.md) -#### [Planning to Deploy App-V](app-v/appv-planning-to-deploy-appv.md) -##### [App-V Supported Configurations](app-v/appv-supported-configurations.md) -##### [App-V Capacity Planning](app-v/appv-capacity-planning.md) -##### [Planning for High Availability with App-V](app-v/appv-planning-for-high-availability-with-appv.md) -##### [Planning to Deploy App-V with an Electronic Software Distribution System](app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md) -##### [Planning for the App-V Server Deployment](app-v/appv-planning-for-appv-server-deployment.md) -##### [Planning for the App-V Sequencer and Client Deployment](app-v/appv-planning-for-sequencer-and-client-deployment.md) -##### [Planning for Using App-V with Office](app-v/appv-planning-for-using-appv-with-office.md) -##### [Planning to Use Folder Redirection with App-V](app-v/appv-planning-folder-redirection-with-appv.md) -#### [App-V Planning Checklist](app-v/appv-planning-checklist.md) -### [Deploying App-V](app-v/appv-deploying-appv.md) -#### [Deploying the App-V Sequencer and Configuring the Client](app-v/appv-deploying-the-appv-sequencer-and-client.md) -##### [About Client Configuration Settings](app-v/appv-client-configuration-settings.md) -##### [Enable the App-V desktop client](app-v/appv-enable-the-app-v-desktop-client.md) -##### [How to Install the Sequencer](app-v/appv-install-the-sequencer.md) -#### [Deploying the App-V Server](app-v/appv-deploying-the-appv-server.md) -##### [How to Deploy the App-V Server](app-v/appv-deploy-the-appv-server.md) -##### [How to Deploy the App-V Server Using a Script](app-v/appv-deploy-the-appv-server-with-a-script.md) -##### [How to Deploy the App-V Databases by Using SQL Scripts](app-v/appv-deploy-appv-databases-with-sql-scripts.md) -##### [How to Install the Publishing Server on a Remote Computer](app-v/appv-install-the-publishing-server-on-a-remote-computer.md) -##### [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md) -##### [How to install the Management Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-management-server-on-a-standalone-computer.md) -##### [About App-V Reporting](app-v/appv-reporting.md) -##### [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-reporting-server-on-a-standalone-computer.md) -#### [App-V Deployment Checklist](app-v/appv-deployment-checklist.md) -#### [Deploying Microsoft Office 2016 by Using App-V](app-v/appv-deploying-microsoft-office-2016-with-appv.md) -#### [Deploying Microsoft Office 2013 by Using App-V](app-v/appv-deploying-microsoft-office-2013-with-appv.md) -#### [Deploying Microsoft Office 2010 by Using App-V](app-v/appv-deploying-microsoft-office-2010-wth-appv.md) -### [Operations for App-V](app-v/appv-operations.md) -#### [Creating and Managing App-V Virtualized Applications](app-v/appv-creating-and-managing-virtualized-applications.md) -##### [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-provision-a-vm.md) -##### [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-sequencing.md) -##### [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-updating.md) -##### [Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-sequence-a-new-application.md) -##### [How to Modify an Existing Virtual Application Package](app-v/appv-modify-an-existing-virtual-application-package.md) -##### [How to Create and Use a Project Template](app-v/appv-create-and-use-a-project-template.md) -##### [How to Create a Package Accelerator](app-v/appv-create-a-package-accelerator.md) -##### [How to Create a Virtual Application Package Using an App-V Package Accelerator](app-v/appv-create-a-virtual-application-package-package-accelerator.md) -#### [Administering App-V Virtual Applications by Using the Management Console](app-v/appv-administering-virtual-applications-with-the-management-console.md) -##### [About App-V Dynamic Configuration](app-v/appv-dynamic-configuration.md) -##### [How to Connect to the Management Console](app-v/appv-connect-to-the-management-console.md) -##### [How to Add or Upgrade Packages by Using the Management Console](app-v/appv-add-or-upgrade-packages-with-the-management-console.md) -##### [How to Configure Access to Packages by Using the Management Console](app-v/appv-configure-access-to-packages-with-the-management-console.md) -##### [How to Publish a Package by Using the Management Console](app-v/appv-publish-a-packages-with-the-management-console.md) -##### [How to Delete a Package in the Management Console](app-v/appv-delete-a-package-with-the-management-console.md) -##### [How to Add or Remove an Administrator by Using the Management Console](app-v/appv-add-or-remove-an-administrator-with-the-management-console.md) -##### [How to Register and Unregister a Publishing Server by Using the Management Console](app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md) -##### [How to Create a Custom Configuration File by Using the App-V Management Console](app-v/appv-create-a-custom-configuration-file-with-the-management-console.md) -##### [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md) -##### [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](app-v/appv-customize-virtual-application-extensions-with-the-management-console.md) -##### [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md) -#### [Managing Connection Groups](app-v/appv-managing-connection-groups.md) -##### [About the Connection Group Virtual Environment](app-v/appv-connection-group-virtual-environment.md) -##### [About the Connection Group File](app-v/appv-connection-group-file.md) -##### [How to Create a Connection Group](app-v/appv-create-a-connection-group.md) -##### [How to Create a Connection Group with User-Published and Globally Published Packages](app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md) -##### [How to Delete a Connection Group](app-v/appv-delete-a-connection-group.md) -##### [How to Publish a Connection Group](app-v/appv-publish-a-connection-group.md) -##### [How to Make a Connection Group Ignore the Package Version](app-v/appv-configure-connection-groups-to-ignore-the-package-version.md) -##### [How to Allow Only Administrators to Enable Connection Groups](app-v/appv-allow-administrators-to-enable-connection-groups.md) -#### [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md) -##### [How to deploy App-V Packages Using Electronic Software Distribution](app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md) -##### [How to Enable Only Administrators to Publish Packages by Using an ESD](app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md) -#### [Using the App-V Client Management Console](app-v/appv-using-the-client-management-console.md) -##### [Automatically clean-up unpublished packages on the App-V client](app-v/appv-auto-clean-unpublished-packages.md) -#### [Migrating to App-V from a Previous Version](app-v/appv-migrating-to-appv-from-a-previous-version.md) -##### [How to Convert a Package Created in a Previous Version of App-V](app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md) -#### [Maintaining App-V](app-v/appv-maintaining-appv.md) -##### [How to Move the App-V Server to Another Computer](app-v/appv-move-the-appv-server-to-another-computer.md) -#### [Administering App-V by Using Windows PowerShell](app-v/appv-administering-appv-with-powershell.md) -##### [How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help](app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md) -##### [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md) -##### [How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md) -##### [How to Modify Client Configuration by Using Windows PowerShell](app-v/appv-modify-client-configuration-with-powershell.md) -##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) -##### [How to Apply the User Configuration File by Using Windows PowerShell](app-v/appv-apply-the-user-configuration-file-with-powershell.md) -##### [How to Apply the Deployment Configuration File by Using Windows PowerShell](app-v/appv-apply-the-deployment-configuration-file-with-powershell.md) -##### [How to Sequence a Package by Using Windows PowerShell](app-v/appv-sequence-a-package-with-powershell.md) -##### [How to Create a Package Accelerator by Using Windows PowerShell](app-v/appv-create-a-package-accelerator-with-powershell.md) -##### [How to Enable Reporting on the App-V Client by Using Windows PowerShell](app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md) -##### [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md) -### [Troubleshooting App-V](app-v/appv-troubleshooting.md) -### [Technical Reference for App-V](app-v/appv-technical-reference.md) -#### [Available Mobile Device Management (MDM) settings for App-V](app-v/appv-available-mdm-settings.md) -#### [Performance Guidance for Application Virtualization](app-v/appv-performance-guidance.md) -#### [Application Publishing and Client Interaction](app-v/appv-application-publishing-and-client-interaction.md) -#### [Viewing App-V Server Publishing Metadata](app-v/appv-viewing-appv-server-publishing-metadata.md) -#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md) -## [Service Host process refactoring](svchost-service-refactoring.md) -## [Per-user services in Windows](per-user-services-in-windows.md) -## [Disabling System Services in Windows Server](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server) -## [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) -## [Change history for Application management](change-history-for-application-management.md) -## [How to keep apps removed from Windows 10 from returning during an update](remove-provisioned-apps-during-update.md) \ No newline at end of file diff --git a/windows/application-management/TOC.yml b/windows/application-management/TOC.yml new file mode 100644 index 0000000000..0235d54cc0 --- /dev/null +++ b/windows/application-management/TOC.yml @@ -0,0 +1,244 @@ +- name: Manage applications in Windows 10 + href: index.md + items: + - name: Sideload apps + href: sideload-apps-in-windows-10.md + - name: Remove background task resource restrictions + href: enterprise-background-activity-controls.md + - name: Enable or block Windows Mixed Reality apps in the enterprise + href: manage-windows-mixed-reality.md + - name: Understand apps in Windows 10 + href: apps-in-windows-10.md + - name: Add apps and features in Windows 10 + href: add-apps-and-features.md + - name: Repackage win32 apps in the MSIX format + href: msix-app-packaging-tool.md + - name: Application Virtualization (App-V) for Windows + href: app-v/appv-for-windows.md + items: + - name: Getting Started with App-V + href: app-v/appv-getting-started.md + items: + - name: What's new in App-V for Windows 10, version 1703 and earlier + href: app-v/appv-about-appv.md + items: + - name: Release Notes for App-V for Windows 10, version 1607 + href: app-v/appv-release-notes-for-appv-for-windows.md + - name: Release Notes for App-V for Windows 10, version 1703 + href: app-v/appv-release-notes-for-appv-for-windows-1703.md + - name: Evaluating App-V + href: app-v/appv-evaluating-appv.md + - name: High Level Architecture for App-V + href: app-v/appv-high-level-architecture.md + - name: Planning for App-V + href: app-v/appv-planning-for-appv.md + items: + - name: Preparing Your Environment for App-V + href: app-v/appv-preparing-your-environment.md + items: + - name: App-V Prerequisites + href: app-v/appv-prerequisites.md + - name: App-V Security Considerations + href: app-v/appv-security-considerations.md + - name: Planning to Deploy App-V + href: app-v/appv-planning-to-deploy-appv.md + items: + - name: App-V Supported Configurations + href: app-v/appv-supported-configurations.md + - name: App-V Capacity Planning + href: app-v/appv-capacity-planning.md + - name: Planning for High Availability with App-V + href: app-v/appv-planning-for-high-availability-with-appv.md + - name: Planning to Deploy App-V with an Electronic Software Distribution System + href: app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md + - name: Planning for the App-V Server Deployment + href: app-v/appv-planning-for-appv-server-deployment.md + - name: Planning for the App-V Sequencer and Client Deployment + href: app-v/appv-planning-for-sequencer-and-client-deployment.md + - name: Planning for Using App-V with Office + href: app-v/appv-planning-for-using-appv-with-office.md + - name: Planning to Use Folder Redirection with App-V + href: app-v/appv-planning-folder-redirection-with-appv.md + - name: App-V Planning Checklist + href: app-v/appv-planning-checklist.md + - name: Deploying App-V + href: app-v/appv-deploying-appv.md + items: + - name: Deploying the App-V Sequencer and Configuring the Client + href: app-v/appv-deploying-the-appv-sequencer-and-client.md + items: + - name: About Client Configuration Settings + href: app-v/appv-client-configuration-settings.md + - name: Enable the App-V desktop client + href: app-v/appv-enable-the-app-v-desktop-client.md + - name: How to Install the Sequencer + href: app-v/appv-install-the-sequencer.md + - name: Deploying the App-V Server + href: app-v/appv-deploying-the-appv-server.md + items: + - name: How to Deploy the App-V Server + href: app-v/appv-deploy-the-appv-server.md + - name: How to Deploy the App-V Server Using a Script + href: app-v/appv-deploy-the-appv-server-with-a-script.md + - name: How to Deploy the App-V Databases by Using SQL Scripts + href: app-v/appv-deploy-appv-databases-with-sql-scripts.md + - name: How to Install the Publishing Server on a Remote Computer + href: app-v/appv-install-the-publishing-server-on-a-remote-computer.md + - name: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services + href: app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md + - name: How to install the Management Server on a Standalone Computer and Connect it to the Database + href: app-v/appv-install-the-management-server-on-a-standalone-computer.md + - name: About App-V Reporting + href: app-v/appv-reporting.md + - name: How to install the Reporting Server on a Standalone Computer and Connect it to the Database + href: app-v/appv-install-the-reporting-server-on-a-standalone-computer.md + - name: App-V Deployment Checklist + href: app-v/appv-deployment-checklist.md + - name: Deploying Microsoft Office 2016 by Using App-V + href: app-v/appv-deploying-microsoft-office-2016-with-appv.md + - name: Deploying Microsoft Office 2013 by Using App-V + href: app-v/appv-deploying-microsoft-office-2013-with-appv.md + - name: Deploying Microsoft Office 2010 by Using App-V + href: app-v/appv-deploying-microsoft-office-2010-wth-appv.md + - name: Operations for App-V + href: app-v/appv-operations.md + items: + - name: Creating and Managing App-V Virtualized Applications + href: app-v/appv-creating-and-managing-virtualized-applications.md + items: + - name: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-auto-provision-a-vm.md + - name: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-auto-batch-sequencing.md + - name: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-auto-batch-updating.md + - name: Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-sequence-a-new-application.md + - name: How to Modify an Existing Virtual Application Package + href: app-v/appv-modify-an-existing-virtual-application-package.md + - name: How to Create and Use a Project Template + href: app-v/appv-create-and-use-a-project-template.md + - name: How to Create a Package Accelerator + href: app-v/appv-create-a-package-accelerator.md + - name: How to Create a Virtual Application Package Using an App-V Package Accelerator + href: app-v/appv-create-a-virtual-application-package-package-accelerator.md + - name: Administering App-V Virtual Applications by Using the Management Console + href: app-v/appv-administering-virtual-applications-with-the-management-console.md + items: + - name: About App-V Dynamic Configuration + href: app-v/appv-dynamic-configuration.md + - name: How to Connect to the Management Console + href: app-v/appv-connect-to-the-management-console.md + - name: How to Add or Upgrade Packages by Using the Management Console + href: app-v/appv-add-or-upgrade-packages-with-the-management-console.md + - name: How to Configure Access to Packages by Using the Management Console + href: app-v/appv-configure-access-to-packages-with-the-management-console.md + - name: How to Publish a Package by Using the Management Console + href: app-v/appv-publish-a-packages-with-the-management-console.md + - name: How to Delete a Package in the Management Console + href: app-v/appv-delete-a-package-with-the-management-console.md + - name: How to Add or Remove an Administrator by Using the Management Console + href: app-v/appv-add-or-remove-an-administrator-with-the-management-console.md + - name: How to Register and Unregister a Publishing Server by Using the Management Console + href: app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md + - name: How to Create a Custom Configuration File by Using the App-V Management Console + href: app-v/appv-create-a-custom-configuration-file-with-the-management-console.md + - name: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console + href: app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md + - name: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console + href: app-v/appv-customize-virtual-application-extensions-with-the-management-console.md + - name: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console + href: app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md + - name: Managing Connection Groups + href: app-v/appv-managing-connection-groups.md + items: + - name: About the Connection Group Virtual Environment + href: app-v/appv-connection-group-virtual-environment.md + - name: About the Connection Group File + href: app-v/appv-connection-group-file.md + - name: How to Create a Connection Group + href: app-v/appv-create-a-connection-group.md + - name: How to Create a Connection Group with User-Published and Globally Published Packages + href: app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md + - name: How to Delete a Connection Group + href: app-v/appv-delete-a-connection-group.md + - name: How to Publish a Connection Group + href: app-v/appv-publish-a-connection-group.md + - name: How to Make a Connection Group Ignore the Package Version + href: app-v/appv-configure-connection-groups-to-ignore-the-package-version.md + - name: How to Allow Only Administrators to Enable Connection Groups + href: app-v/appv-allow-administrators-to-enable-connection-groups.md + - name: Deploying App-V Packages by Using Electronic Software Distribution (ESD) + href: app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md + items: + - name: How to deploy App-V Packages Using Electronic Software Distribution + href: app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md + - name: How to Enable Only Administrators to Publish Packages by Using an ESD + href: app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md + - name: Using the App-V Client Management Console + href: app-v/appv-using-the-client-management-console.md + items: + - name: Automatically clean-up unpublished packages on the App-V client + href: app-v/appv-auto-clean-unpublished-packages.md + - name: Migrating to App-V from a Previous Version + href: app-v/appv-migrating-to-appv-from-a-previous-version.md + items: + - name: How to Convert a Package Created in a Previous Version of App-V + href: app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md + - name: Maintaining App-V + href: app-v/appv-maintaining-appv.md + items: + - name: How to Move the App-V Server to Another Computer + href: app-v/appv-move-the-appv-server-to-another-computer.md + - name: Administering App-V by Using Windows PowerShell + href: app-v/appv-administering-appv-with-powershell.md + items: + - name: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help + href: app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md + - name: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell + href: app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md + - name: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell + href: app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md + - name: How to Modify Client Configuration by Using Windows PowerShell + href: app-v/appv-modify-client-configuration-with-powershell.md + - name: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server + href: app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md + - name: How to Apply the User Configuration File by Using Windows PowerShell + href: app-v/appv-apply-the-user-configuration-file-with-powershell.md + - name: How to Apply the Deployment Configuration File by Using Windows PowerShell + href: app-v/appv-apply-the-deployment-configuration-file-with-powershell.md + - name: How to Sequence a Package by Using Windows PowerShell + href: app-v/appv-sequence-a-package-with-powershell.md + - name: How to Create a Package Accelerator by Using Windows PowerShell + href: app-v/appv-create-a-package-accelerator-with-powershell.md + - name: How to Enable Reporting on the App-V Client by Using Windows PowerShell + href: app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md + - name: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell + href: app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md + - name: Troubleshooting App-V + href: app-v/appv-troubleshooting.md + - name: Technical Reference for App-V + href: app-v/appv-technical-reference.md + items: + - name: Available Mobile Device Management (MDM) settings for App-V + href: app-v/appv-available-mdm-settings.md + - name: Performance Guidance for Application Virtualization + href: app-v/appv-performance-guidance.md + - name: Application Publishing and Client Interaction + href: app-v/appv-application-publishing-and-client-interaction.md + - name: Viewing App-V Server Publishing Metadata + href: app-v/appv-viewing-appv-server-publishing-metadata.md + - name: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications + href: app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md + - name: Service Host process refactoring + href: svchost-service-refactoring.md + - name: Per-user services in Windows + href: per-user-services-in-windows.md + - name: Disabling System Services in Windows Server + href: /windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server + - name: Deploy app upgrades on Windows 10 Mobile + href: deploy-app-upgrades-windows-10-mobile.md + - name: Change history for Application management + href: change-history-for-application-management.md + - name: How to keep apps removed from Windows 10 from returning during an update + href: remove-provisioned-apps-during-update.md From db50cbda3294fd74903fbd765fbf70e9a0fd4f3d Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Apr 2021 22:24:54 -0700 Subject: [PATCH 123/156] Revert conversion of client-management/TOC.md to YAML --- windows/client-management/TOC.md | 38 ++++++++++++++ windows/client-management/TOC.yml | 83 ------------------------------- 2 files changed, 38 insertions(+), 83 deletions(-) create mode 100644 windows/client-management/TOC.md delete mode 100644 windows/client-management/TOC.yml diff --git a/windows/client-management/TOC.md b/windows/client-management/TOC.md new file mode 100644 index 0000000000..aac950751a --- /dev/null +++ b/windows/client-management/TOC.md @@ -0,0 +1,38 @@ +# [Manage clients in Windows 10](index.md) +## [Administrative Tools in Windows 10](administrative-tools-in-windows-10.md) +### [Use Quick Assist to help users](quick-assist.md) +## [Create mandatory user profiles](mandatory-user-profile.md) +## [Connect to remote Azure Active Directory-joined PC](connect-to-remote-aadj-pc.md) +## [Join Windows 10 Mobile to Azure Active Directory](join-windows-10-mobile-to-azure-active-directory.md) +## [New policies for Windows 10](new-policies-for-windows-10.md) +## [Windows 10 default media removal policy](change-default-removal-policy-external-storage-media.md) +## [Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education](group-policies-for-enterprise-and-education-editions.md) +## [Manage the Settings app with Group Policy](manage-settings-app-with-group-policy.md) +## [What version of Windows am I running](windows-version-search.md) +## [Reset a Windows 10 Mobile device](reset-a-windows-10-mobile-device.md) +## [Transitioning to modern management](manage-windows-10-in-your-organization-modern-management.md) +## [Windows 10 Mobile deployment and management guide](windows-10-mobile-and-mdm.md) +## [Windows libraries](windows-libraries.md) +## [Troubleshoot Windows 10 clients](windows-10-support-solutions.md) +### [Advanced troubleshooting for Windows networking](troubleshoot-networking.md) +#### [Advanced troubleshooting Wireless network connectivity](advanced-troubleshooting-wireless-network-connectivity.md) +#### [Advanced troubleshooting 802.1X authentication](advanced-troubleshooting-802-authentication.md) +##### [Data collection for troubleshooting 802.1X authentication](data-collection-for-802-authentication.md) +#### [Advanced troubleshooting for TCP/IP](troubleshoot-tcpip.md) +##### [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md) +##### [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md) +##### [Troubleshoot port exhaustion](troubleshoot-tcpip-port-exhaust.md) +##### [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md) +### [Advanced troubleshooting for Windows startup](troubleshoot-windows-startup.md) +#### [How to determine the appropriate page file size for 64-bit versions of Windows](determine-appropriate-page-file-size.md) +#### [Generate a kernel or complete crash dump](generate-kernel-or-complete-crash-dump.md) +#### [Introduction to the page file](introduction-page-file.md) +#### [Configure system failure and recovery options in Windows](system-failure-recovery-options.md) +#### [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md) +#### [Advanced troubleshooting for Windows-based computer freeze](troubleshoot-windows-freeze.md) +#### [Advanced troubleshooting for stop error or blue screen error](troubleshoot-stop-errors.md) +#### [Advanced troubleshooting for stop error 7B or Inaccessible_Boot_Device](troubleshoot-inaccessible-boot-device.md) +#### [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md) +#### [Stop error occurs when you update the in-box Broadcom network adapter driver](troubleshoot-stop-error-on-broadcom-driver-update.md) +## [Mobile device management for solution providers](mdm/index.md) +## [Change history for Client management](change-history-for-client-management.md) diff --git a/windows/client-management/TOC.yml b/windows/client-management/TOC.yml deleted file mode 100644 index 78c6932e8f..0000000000 --- a/windows/client-management/TOC.yml +++ /dev/null @@ -1,83 +0,0 @@ -- name: Manage clients in Windows 10 - href: index.md - items: - - name: Administrative Tools in Windows 10 - href: administrative-tools-in-windows-10.md - items: - - name: Use Quick Assist to help users - href: quick-assist.md - - name: Create mandatory user profiles - href: mandatory-user-profile.md - - name: Connect to remote Azure Active Directory-joined PC - href: connect-to-remote-aadj-pc.md - - name: Join Windows 10 Mobile to Azure Active Directory - href: join-windows-10-mobile-to-azure-active-directory.md - - name: New policies for Windows 10 - href: new-policies-for-windows-10.md - - name: Windows 10 default media removal policy - href: change-default-removal-policy-external-storage-media.md - - name: Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education - href: group-policies-for-enterprise-and-education-editions.md - - name: Manage the Settings app with Group Policy - href: manage-settings-app-with-group-policy.md - - name: What version of Windows am I running - href: windows-version-search.md - - name: Reset a Windows 10 Mobile device - href: reset-a-windows-10-mobile-device.md - - name: Transitioning to modern management - href: manage-windows-10-in-your-organization-modern-management.md - - name: Windows 10 Mobile deployment and management guide - href: windows-10-mobile-and-mdm.md - - name: Windows libraries - href: windows-libraries.md - - name: Troubleshoot Windows 10 clients - href: windows-10-support-solutions.md - items: - - name: Advanced troubleshooting for Windows networking - href: troubleshoot-networking.md - items: - - name: Advanced troubleshooting Wireless network connectivity - href: advanced-troubleshooting-wireless-network-connectivity.md - - name: Advanced troubleshooting 802.1X authentication - href: advanced-troubleshooting-802-authentication.md - items: - - name: Data collection for troubleshooting 802.1X authentication - href: data-collection-for-802-authentication.md - - name: Advanced troubleshooting for TCP/IP - href: troubleshoot-tcpip.md - items: - - name: Collect data using Network Monitor - href: troubleshoot-tcpip-netmon.md - - name: Troubleshoot TCP/IP connectivity - href: troubleshoot-tcpip-connectivity.md - - name: Troubleshoot port exhaustion - href: troubleshoot-tcpip-port-exhaust.md - - name: Troubleshoot Remote Procedure Call (RPC) errors - href: troubleshoot-tcpip-rpc-errors.md - - name: Advanced troubleshooting for Windows startup - href: troubleshoot-windows-startup.md - items: - - name: How to determine the appropriate page file size for 64-bit versions of Windows - href: determine-appropriate-page-file-size.md - - name: Generate a kernel or complete crash dump - href: generate-kernel-or-complete-crash-dump.md - - name: Introduction to the page file - href: introduction-page-file.md - - name: Configure system failure and recovery options in Windows - href: system-failure-recovery-options.md - - name: Advanced troubleshooting for Windows boot problems - href: advanced-troubleshooting-boot-problems.md - - name: Advanced troubleshooting for Windows-based computer freeze - href: troubleshoot-windows-freeze.md - - name: Advanced troubleshooting for stop error or blue screen error - href: troubleshoot-stop-errors.md - - name: Advanced troubleshooting for stop error 7B or Inaccessible_Boot_Device - href: troubleshoot-inaccessible-boot-device.md - - name: Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first" - href: troubleshoot-event-id-41-restart.md - - name: Stop error occurs when you update the in-box Broadcom network adapter driver - href: troubleshoot-stop-error-on-broadcom-driver-update.md - - name: Mobile device management for solution providers - href: mdm/index.md - - name: Change history for Client management - href: change-history-for-client-management.md From 57734d3fd1d041e6fe921caef832fa6bfae75265 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Apr 2021 22:34:49 -0700 Subject: [PATCH 124/156] Create TOC.md --- windows/application-management/TOC.md | 112 ++++++++++++++++++++++++++ 1 file changed, 112 insertions(+) create mode 100644 windows/application-management/TOC.md diff --git a/windows/application-management/TOC.md b/windows/application-management/TOC.md new file mode 100644 index 0000000000..45491337c3 --- /dev/null +++ b/windows/application-management/TOC.md @@ -0,0 +1,112 @@ +# [Manage applications in Windows 10](index.md) +## [Sideload apps](sideload-apps-in-windows-10.md) +## [Remove background task resource restrictions](enterprise-background-activity-controls.md) +## [Enable or block Windows Mixed Reality apps in the enterprise](manage-windows-mixed-reality.md) +## [Understand apps in Windows 10](apps-in-windows-10.md) +## [Add apps and features in Windows 10](add-apps-and-features.md) +## [Repackage win32 apps in the MSIX format](msix-app-packaging-tool.md) +## [Application Virtualization (App-V) for Windows](app-v/appv-for-windows.md) +### [Getting Started with App-V](app-v/appv-getting-started.md) +#### [What's new in App-V for Windows 10, version 1703 and earlier](app-v/appv-about-appv.md) +##### [Release Notes for App-V for Windows 10, version 1607](app-v/appv-release-notes-for-appv-for-windows.md) +##### [Release Notes for App-V for Windows 10, version 1703](app-v/appv-release-notes-for-appv-for-windows-1703.md) +#### [Evaluating App-V](app-v/appv-evaluating-appv.md) +#### [High Level Architecture for App-V](app-v/appv-high-level-architecture.md) +### [Planning for App-V](app-v/appv-planning-for-appv.md) +#### [Preparing Your Environment for App-V](app-v/appv-preparing-your-environment.md) +##### [App-V Prerequisites](app-v/appv-prerequisites.md) +##### [App-V Security Considerations](app-v/appv-security-considerations.md) +#### [Planning to Deploy App-V](app-v/appv-planning-to-deploy-appv.md) +##### [App-V Supported Configurations](app-v/appv-supported-configurations.md) +##### [App-V Capacity Planning](app-v/appv-capacity-planning.md) +##### [Planning for High Availability with App-V](app-v/appv-planning-for-high-availability-with-appv.md) +##### [Planning to Deploy App-V with an Electronic Software Distribution System](app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md) +##### [Planning for the App-V Server Deployment](app-v/appv-planning-for-appv-server-deployment.md) +##### [Planning for the App-V Sequencer and Client Deployment](app-v/appv-planning-for-sequencer-and-client-deployment.md) +##### [Planning for Using App-V with Office](app-v/appv-planning-for-using-appv-with-office.md) +##### [Planning to Use Folder Redirection with App-V](app-v/appv-planning-folder-redirection-with-appv.md) +#### [App-V Planning Checklist](app-v/appv-planning-checklist.md) +### [Deploying App-V](app-v/appv-deploying-appv.md) +#### [Deploying the App-V Sequencer and Configuring the Client](app-v/appv-deploying-the-appv-sequencer-and-client.md) +##### [About Client Configuration Settings](app-v/appv-client-configuration-settings.md) +##### [Enable the App-V desktop client](app-v/appv-enable-the-app-v-desktop-client.md) +##### [How to Install the Sequencer](app-v/appv-install-the-sequencer.md) +#### [Deploying the App-V Server](app-v/appv-deploying-the-appv-server.md) +##### [How to Deploy the App-V Server](app-v/appv-deploy-the-appv-server.md) +##### [How to Deploy the App-V Server Using a Script](app-v/appv-deploy-the-appv-server-with-a-script.md) +##### [How to Deploy the App-V Databases by Using SQL Scripts](app-v/appv-deploy-appv-databases-with-sql-scripts.md) +##### [How to Install the Publishing Server on a Remote Computer](app-v/appv-install-the-publishing-server-on-a-remote-computer.md) +##### [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md) +##### [How to install the Management Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-management-server-on-a-standalone-computer.md) +##### [About App-V Reporting](app-v/appv-reporting.md) +##### [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-reporting-server-on-a-standalone-computer.md) +#### [App-V Deployment Checklist](app-v/appv-deployment-checklist.md) +#### [Deploying Microsoft Office 2016 by Using App-V](app-v/appv-deploying-microsoft-office-2016-with-appv.md) +#### [Deploying Microsoft Office 2013 by Using App-V](app-v/appv-deploying-microsoft-office-2013-with-appv.md) +#### [Deploying Microsoft Office 2010 by Using App-V](app-v/appv-deploying-microsoft-office-2010-wth-appv.md) +### [Operations for App-V](app-v/appv-operations.md) +#### [Creating and Managing App-V Virtualized Applications](app-v/appv-creating-and-managing-virtualized-applications.md) +##### [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-provision-a-vm.md) +##### [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-sequencing.md) +##### [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-updating.md) +##### [Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-sequence-a-new-application.md) +##### [How to Modify an Existing Virtual Application Package](app-v/appv-modify-an-existing-virtual-application-package.md) +##### [How to Create and Use a Project Template](app-v/appv-create-and-use-a-project-template.md) +##### [How to Create a Package Accelerator](app-v/appv-create-a-package-accelerator.md) +##### [How to Create a Virtual Application Package Using an App-V Package Accelerator](app-v/appv-create-a-virtual-application-package-package-accelerator.md) +#### [Administering App-V Virtual Applications by Using the Management Console](app-v/appv-administering-virtual-applications-with-the-management-console.md) +##### [About App-V Dynamic Configuration](app-v/appv-dynamic-configuration.md) +##### [How to Connect to the Management Console](app-v/appv-connect-to-the-management-console.md) +##### [How to Add or Upgrade Packages by Using the Management Console](app-v/appv-add-or-upgrade-packages-with-the-management-console.md) +##### [How to Configure Access to Packages by Using the Management Console](app-v/appv-configure-access-to-packages-with-the-management-console.md) +##### [How to Publish a Package by Using the Management Console](app-v/appv-publish-a-packages-with-the-management-console.md) +##### [How to Delete a Package in the Management Console](app-v/appv-delete-a-package-with-the-management-console.md) +##### [How to Add or Remove an Administrator by Using the Management Console](app-v/appv-add-or-remove-an-administrator-with-the-management-console.md) +##### [How to Register and Unregister a Publishing Server by Using the Management Console](app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md) +##### [How to Create a Custom Configuration File by Using the App-V Management Console](app-v/appv-create-a-custom-configuration-file-with-the-management-console.md) +##### [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md) +##### [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](app-v/appv-customize-virtual-application-extensions-with-the-management-console.md) +##### [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md) +#### [Managing Connection Groups](app-v/appv-managing-connection-groups.md) +##### [About the Connection Group Virtual Environment](app-v/appv-connection-group-virtual-environment.md) +##### [About the Connection Group File](app-v/appv-connection-group-file.md) +##### [How to Create a Connection Group](app-v/appv-create-a-connection-group.md) +##### [How to Create a Connection Group with User-Published and Globally Published Packages](app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md) +##### [How to Delete a Connection Group](app-v/appv-delete-a-connection-group.md) +##### [How to Publish a Connection Group](app-v/appv-publish-a-connection-group.md) +##### [How to Make a Connection Group Ignore the Package Version](app-v/appv-configure-connection-groups-to-ignore-the-package-version.md) +##### [How to Allow Only Administrators to Enable Connection Groups](app-v/appv-allow-administrators-to-enable-connection-groups.md) +#### [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md) +##### [How to deploy App-V Packages Using Electronic Software Distribution](app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md) +##### [How to Enable Only Administrators to Publish Packages by Using an ESD](app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md) +#### [Using the App-V Client Management Console](app-v/appv-using-the-client-management-console.md) +##### [Automatically clean-up unpublished packages on the App-V client](app-v/appv-auto-clean-unpublished-packages.md) +#### [Migrating to App-V from a Previous Version](app-v/appv-migrating-to-appv-from-a-previous-version.md) +##### [How to Convert a Package Created in a Previous Version of App-V](app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md) +#### [Maintaining App-V](app-v/appv-maintaining-appv.md) +##### [How to Move the App-V Server to Another Computer](app-v/appv-move-the-appv-server-to-another-computer.md) +#### [Administering App-V by Using Windows PowerShell](app-v/appv-administering-appv-with-powershell.md) +##### [How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help](app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md) +##### [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md) +##### [How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md) +##### [How to Modify Client Configuration by Using Windows PowerShell](app-v/appv-modify-client-configuration-with-powershell.md) +##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) +##### [How to Apply the User Configuration File by Using Windows PowerShell](app-v/appv-apply-the-user-configuration-file-with-powershell.md) +##### [How to Apply the Deployment Configuration File by Using Windows PowerShell](app-v/appv-apply-the-deployment-configuration-file-with-powershell.md) +##### [How to Sequence a Package by Using Windows PowerShell](app-v/appv-sequence-a-package-with-powershell.md) +##### [How to Create a Package Accelerator by Using Windows PowerShell](app-v/appv-create-a-package-accelerator-with-powershell.md) +##### [How to Enable Reporting on the App-V Client by Using Windows PowerShell](app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md) +##### [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md) +### [Troubleshooting App-V](app-v/appv-troubleshooting.md) +### [Technical Reference for App-V](app-v/appv-technical-reference.md) +#### [Available Mobile Device Management (MDM) settings for App-V](app-v/appv-available-mdm-settings.md) +#### [Performance Guidance for Application Virtualization](app-v/appv-performance-guidance.md) +#### [Application Publishing and Client Interaction](app-v/appv-application-publishing-and-client-interaction.md) +#### [Viewing App-V Server Publishing Metadata](app-v/appv-viewing-appv-server-publishing-metadata.md) +#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md) +## [Service Host process refactoring](svchost-service-refactoring.md) +## [Per-user services in Windows](per-user-services-in-windows.md) +## [Disabling System Services in Windows Server](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server) +## [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) +## [Change history for Application management](change-history-for-application-management.md) +## [How to keep apps removed from Windows 10 from returning during an update](remove-provisioned-apps-during-update.md) \ No newline at end of file From 11ccc13f11114310edbf3325eace4ccb04ebc908 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Apr 2021 22:37:30 -0700 Subject: [PATCH 125/156] Not ready to add this again yet --- windows/application-management/TOC.yml | 244 ------------------------- 1 file changed, 244 deletions(-) delete mode 100644 windows/application-management/TOC.yml diff --git a/windows/application-management/TOC.yml b/windows/application-management/TOC.yml deleted file mode 100644 index 0235d54cc0..0000000000 --- a/windows/application-management/TOC.yml +++ /dev/null @@ -1,244 +0,0 @@ -- name: Manage applications in Windows 10 - href: index.md - items: - - name: Sideload apps - href: sideload-apps-in-windows-10.md - - name: Remove background task resource restrictions - href: enterprise-background-activity-controls.md - - name: Enable or block Windows Mixed Reality apps in the enterprise - href: manage-windows-mixed-reality.md - - name: Understand apps in Windows 10 - href: apps-in-windows-10.md - - name: Add apps and features in Windows 10 - href: add-apps-and-features.md - - name: Repackage win32 apps in the MSIX format - href: msix-app-packaging-tool.md - - name: Application Virtualization (App-V) for Windows - href: app-v/appv-for-windows.md - items: - - name: Getting Started with App-V - href: app-v/appv-getting-started.md - items: - - name: What's new in App-V for Windows 10, version 1703 and earlier - href: app-v/appv-about-appv.md - items: - - name: Release Notes for App-V for Windows 10, version 1607 - href: app-v/appv-release-notes-for-appv-for-windows.md - - name: Release Notes for App-V for Windows 10, version 1703 - href: app-v/appv-release-notes-for-appv-for-windows-1703.md - - name: Evaluating App-V - href: app-v/appv-evaluating-appv.md - - name: High Level Architecture for App-V - href: app-v/appv-high-level-architecture.md - - name: Planning for App-V - href: app-v/appv-planning-for-appv.md - items: - - name: Preparing Your Environment for App-V - href: app-v/appv-preparing-your-environment.md - items: - - name: App-V Prerequisites - href: app-v/appv-prerequisites.md - - name: App-V Security Considerations - href: app-v/appv-security-considerations.md - - name: Planning to Deploy App-V - href: app-v/appv-planning-to-deploy-appv.md - items: - - name: App-V Supported Configurations - href: app-v/appv-supported-configurations.md - - name: App-V Capacity Planning - href: app-v/appv-capacity-planning.md - - name: Planning for High Availability with App-V - href: app-v/appv-planning-for-high-availability-with-appv.md - - name: Planning to Deploy App-V with an Electronic Software Distribution System - href: app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md - - name: Planning for the App-V Server Deployment - href: app-v/appv-planning-for-appv-server-deployment.md - - name: Planning for the App-V Sequencer and Client Deployment - href: app-v/appv-planning-for-sequencer-and-client-deployment.md - - name: Planning for Using App-V with Office - href: app-v/appv-planning-for-using-appv-with-office.md - - name: Planning to Use Folder Redirection with App-V - href: app-v/appv-planning-folder-redirection-with-appv.md - - name: App-V Planning Checklist - href: app-v/appv-planning-checklist.md - - name: Deploying App-V - href: app-v/appv-deploying-appv.md - items: - - name: Deploying the App-V Sequencer and Configuring the Client - href: app-v/appv-deploying-the-appv-sequencer-and-client.md - items: - - name: About Client Configuration Settings - href: app-v/appv-client-configuration-settings.md - - name: Enable the App-V desktop client - href: app-v/appv-enable-the-app-v-desktop-client.md - - name: How to Install the Sequencer - href: app-v/appv-install-the-sequencer.md - - name: Deploying the App-V Server - href: app-v/appv-deploying-the-appv-server.md - items: - - name: How to Deploy the App-V Server - href: app-v/appv-deploy-the-appv-server.md - - name: How to Deploy the App-V Server Using a Script - href: app-v/appv-deploy-the-appv-server-with-a-script.md - - name: How to Deploy the App-V Databases by Using SQL Scripts - href: app-v/appv-deploy-appv-databases-with-sql-scripts.md - - name: How to Install the Publishing Server on a Remote Computer - href: app-v/appv-install-the-publishing-server-on-a-remote-computer.md - - name: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services - href: app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md - - name: How to install the Management Server on a Standalone Computer and Connect it to the Database - href: app-v/appv-install-the-management-server-on-a-standalone-computer.md - - name: About App-V Reporting - href: app-v/appv-reporting.md - - name: How to install the Reporting Server on a Standalone Computer and Connect it to the Database - href: app-v/appv-install-the-reporting-server-on-a-standalone-computer.md - - name: App-V Deployment Checklist - href: app-v/appv-deployment-checklist.md - - name: Deploying Microsoft Office 2016 by Using App-V - href: app-v/appv-deploying-microsoft-office-2016-with-appv.md - - name: Deploying Microsoft Office 2013 by Using App-V - href: app-v/appv-deploying-microsoft-office-2013-with-appv.md - - name: Deploying Microsoft Office 2010 by Using App-V - href: app-v/appv-deploying-microsoft-office-2010-wth-appv.md - - name: Operations for App-V - href: app-v/appv-operations.md - items: - - name: Creating and Managing App-V Virtualized Applications - href: app-v/appv-creating-and-managing-virtualized-applications.md - items: - - name: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) - href: app-v/appv-auto-provision-a-vm.md - - name: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) - href: app-v/appv-auto-batch-sequencing.md - - name: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) - href: app-v/appv-auto-batch-updating.md - - name: Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer) - href: app-v/appv-sequence-a-new-application.md - - name: How to Modify an Existing Virtual Application Package - href: app-v/appv-modify-an-existing-virtual-application-package.md - - name: How to Create and Use a Project Template - href: app-v/appv-create-and-use-a-project-template.md - - name: How to Create a Package Accelerator - href: app-v/appv-create-a-package-accelerator.md - - name: How to Create a Virtual Application Package Using an App-V Package Accelerator - href: app-v/appv-create-a-virtual-application-package-package-accelerator.md - - name: Administering App-V Virtual Applications by Using the Management Console - href: app-v/appv-administering-virtual-applications-with-the-management-console.md - items: - - name: About App-V Dynamic Configuration - href: app-v/appv-dynamic-configuration.md - - name: How to Connect to the Management Console - href: app-v/appv-connect-to-the-management-console.md - - name: How to Add or Upgrade Packages by Using the Management Console - href: app-v/appv-add-or-upgrade-packages-with-the-management-console.md - - name: How to Configure Access to Packages by Using the Management Console - href: app-v/appv-configure-access-to-packages-with-the-management-console.md - - name: How to Publish a Package by Using the Management Console - href: app-v/appv-publish-a-packages-with-the-management-console.md - - name: How to Delete a Package in the Management Console - href: app-v/appv-delete-a-package-with-the-management-console.md - - name: How to Add or Remove an Administrator by Using the Management Console - href: app-v/appv-add-or-remove-an-administrator-with-the-management-console.md - - name: How to Register and Unregister a Publishing Server by Using the Management Console - href: app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md - - name: How to Create a Custom Configuration File by Using the App-V Management Console - href: app-v/appv-create-a-custom-configuration-file-with-the-management-console.md - - name: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console - href: app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md - - name: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console - href: app-v/appv-customize-virtual-application-extensions-with-the-management-console.md - - name: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console - href: app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md - - name: Managing Connection Groups - href: app-v/appv-managing-connection-groups.md - items: - - name: About the Connection Group Virtual Environment - href: app-v/appv-connection-group-virtual-environment.md - - name: About the Connection Group File - href: app-v/appv-connection-group-file.md - - name: How to Create a Connection Group - href: app-v/appv-create-a-connection-group.md - - name: How to Create a Connection Group with User-Published and Globally Published Packages - href: app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md - - name: How to Delete a Connection Group - href: app-v/appv-delete-a-connection-group.md - - name: How to Publish a Connection Group - href: app-v/appv-publish-a-connection-group.md - - name: How to Make a Connection Group Ignore the Package Version - href: app-v/appv-configure-connection-groups-to-ignore-the-package-version.md - - name: How to Allow Only Administrators to Enable Connection Groups - href: app-v/appv-allow-administrators-to-enable-connection-groups.md - - name: Deploying App-V Packages by Using Electronic Software Distribution (ESD) - href: app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md - items: - - name: How to deploy App-V Packages Using Electronic Software Distribution - href: app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md - - name: How to Enable Only Administrators to Publish Packages by Using an ESD - href: app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md - - name: Using the App-V Client Management Console - href: app-v/appv-using-the-client-management-console.md - items: - - name: Automatically clean-up unpublished packages on the App-V client - href: app-v/appv-auto-clean-unpublished-packages.md - - name: Migrating to App-V from a Previous Version - href: app-v/appv-migrating-to-appv-from-a-previous-version.md - items: - - name: How to Convert a Package Created in a Previous Version of App-V - href: app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md - - name: Maintaining App-V - href: app-v/appv-maintaining-appv.md - items: - - name: How to Move the App-V Server to Another Computer - href: app-v/appv-move-the-appv-server-to-another-computer.md - - name: Administering App-V by Using Windows PowerShell - href: app-v/appv-administering-appv-with-powershell.md - items: - - name: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help - href: app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md - - name: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell - href: app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md - - name: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell - href: app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md - - name: How to Modify Client Configuration by Using Windows PowerShell - href: app-v/appv-modify-client-configuration-with-powershell.md - - name: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server - href: app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md - - name: How to Apply the User Configuration File by Using Windows PowerShell - href: app-v/appv-apply-the-user-configuration-file-with-powershell.md - - name: How to Apply the Deployment Configuration File by Using Windows PowerShell - href: app-v/appv-apply-the-deployment-configuration-file-with-powershell.md - - name: How to Sequence a Package by Using Windows PowerShell - href: app-v/appv-sequence-a-package-with-powershell.md - - name: How to Create a Package Accelerator by Using Windows PowerShell - href: app-v/appv-create-a-package-accelerator-with-powershell.md - - name: How to Enable Reporting on the App-V Client by Using Windows PowerShell - href: app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md - - name: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell - href: app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md - - name: Troubleshooting App-V - href: app-v/appv-troubleshooting.md - - name: Technical Reference for App-V - href: app-v/appv-technical-reference.md - items: - - name: Available Mobile Device Management (MDM) settings for App-V - href: app-v/appv-available-mdm-settings.md - - name: Performance Guidance for Application Virtualization - href: app-v/appv-performance-guidance.md - - name: Application Publishing and Client Interaction - href: app-v/appv-application-publishing-and-client-interaction.md - - name: Viewing App-V Server Publishing Metadata - href: app-v/appv-viewing-appv-server-publishing-metadata.md - - name: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications - href: app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md - - name: Service Host process refactoring - href: svchost-service-refactoring.md - - name: Per-user services in Windows - href: per-user-services-in-windows.md - - name: Disabling System Services in Windows Server - href: /windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server - - name: Deploy app upgrades on Windows 10 Mobile - href: deploy-app-upgrades-windows-10-mobile.md - - name: Change history for Application management - href: change-history-for-application-management.md - - name: How to keep apps removed from Windows 10 from returning during an update - href: remove-provisioned-apps-during-update.md From 8d7c77ec62da191b00fba18dc26044b388a41d82 Mon Sep 17 00:00:00 2001 From: Anders Ahl <58516456+GenerAhl@users.noreply.github.com> Date: Tue, 27 Apr 2021 14:45:34 +0200 Subject: [PATCH 126/156] Update deploy-enterprise-licenses.md Clarifying Windows 10 version requirements. --- windows/deployment/deploy-enterprise-licenses.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index d8339ad571..149916f945 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -251,7 +251,7 @@ Use the following figures to help you troubleshoot when users experience these c ### Review requirements on devices -Devices must be running Windows 10 Pro, version 1703, and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements. +Devices must be running Windows 10 Pro, version 1703 (or later), and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements. **To determine if a device is Azure Active Directory joined:** @@ -264,4 +264,4 @@ At a command prompt, type: **winver** A popup window will display the Windows 10 version number and detailed OS build information. -If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be upgraded to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal. \ No newline at end of file +If a device is running a version of Windows 10 Pro prior to 1703 (for example, version 1511), it will not be upgraded to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal. From fd288c9812130d41f82ad271a13a0fdf6d0cb9fa Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 27 Apr 2021 07:41:19 -0700 Subject: [PATCH 127/156] tweaks --- .../update/deployment-service-overview.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index 4e9b399cb1..8ad25c023e 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -25,7 +25,7 @@ The deployment service is designed for IT Pros who are looking for more control - You can schedule deployment of updates to start on a specific date (for example, deploy 20H2 to specified devices on March 14, 2021). - You can stage deployments over a period of days or weeks by using rich expressions (for example, deploy 20H2 to 500 devices per day, beginning on March 14, 2021). - You can bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization when emergencies arise. -- You can benefit from automatic pilot deployments tailored to your unique device population to ensure coverage of hardware and software in your organization. +- You can benefit from deployments with automatic piloting tailored to your unique device population to ensure coverage of hardware and software in your organization. The service is privacy focused and backed by leading industry compliance certifications. @@ -35,7 +35,7 @@ The deployment service complements existing Windows Update for Business capabili :::image type="content" source="media/wufbds-product-large.png" alt-text="Described in following text"::: -Windows Update for Business is comprises three elements: +Windows Update for Business comprises three elements: - Client policy to govern update experiences and timing – available through Group Policy and CSPs - Deployment service APIs to approve and schedule specific updates – available through the Microsoft Graph and associated SDKs (including PowerShell) - Update Compliance to monitor update deployment – available through the Azure Marketplace @@ -47,7 +47,7 @@ Unlike existing client policy, the deployment service does not interact with dev Using the deployment service typically follows a common pattern: 1. IT Pro uses a management tool to select devices and approve content to be deployed. This tool could be PowerShell, a Microsoft Graph app or a more complete management solution such as Microsoft Endpoint Manager. 2. The chosen tool conveys your approval, scheduling, and device selection information to the deployment service. -3. The deployment service processes the content approval and compares this with previously approved content. Final update applicability is determined and conveyed to Windows Update, which then offers approved content to devices on their next check for updates. +3. The deployment service processes the content approval and compares it with previously approved content. Final update applicability is determined and conveyed to Windows Update, which then offers approved content to devices on their next check for updates. The deployment service exposes these capabilities through Microsoft [Graph REST APIs](/graph/overview). You can call the APIs directly, through a Graph SDK, or integrate them with a management tool such as Microsoft Endpoint Manager. @@ -91,7 +91,7 @@ Microsoft Graph makes deployment service APIs available through. Get started wit - Learning Path: [Microsoft Graph Fundamentals](https://docs.microsoft.com/learn/paths/m365-msgraph-fundamentals/) - Learning Path: [Build apps with Microsoft Graph](https://docs.microsoft.com/learn/paths/m365-msgraph-associate/) -Once you are familiar with Microsoft Graph development, see {development resources--NEED LINK} for more. +Once you are familiar with Microsoft Graph development, see [Windows updates API overview in Microsoft Graph](/graph/windowsupdates-concept-overview) for more. ## Deployment protections @@ -121,6 +121,9 @@ Deployment scheduling controls are always available, but to take advantage of th #### Device prerequisites +> [!NOTE] +> Deployment protections are currently in preview and available if you're using Update Compliance. If you set these policies on a a device that isn't enrolled in Update Compliance, there is no effect. + - Diagnostic data is set to *Required* or *Optional*. - The **AllowWUfBCloudProcessing** policy is set to **1**. @@ -168,7 +171,5 @@ Avoid using different channels to manage the same resources. If you use Microsof To learn more about the deployment service, try the following: -- Release blogs - [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates) -- Windows 10 quality updates policy in Intune {LINK?} - [Windows updates API overview in Microsoft Graph](/graph/windowsupdates-concept-overview) From 1f7d158ceee0353e143abfc5a796ea21c18132e9 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 27 Apr 2021 12:49:15 -0700 Subject: [PATCH 128/156] adjusting relative links --- windows/deployment/update/deployment-service-overview.md | 4 ++-- ...-troubleshooting.md => deployment-service-troubleshoot.md} | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename windows/deployment/update/{deployment-service-troubleshooting.md => deployment-service-troubleshoot.md} (100%) diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index 8ad25c023e..0eae91fd92 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -88,8 +88,8 @@ The Microsoft Graph SDK includes a PowerShell extension that you can use to scri ### Building your own application Microsoft Graph makes deployment service APIs available through. Get started with these learning paths: -- Learning Path: [Microsoft Graph Fundamentals](https://docs.microsoft.com/learn/paths/m365-msgraph-fundamentals/) -- Learning Path: [Build apps with Microsoft Graph](https://docs.microsoft.com/learn/paths/m365-msgraph-associate/) +- Learning Path: [Microsoft Graph Fundamentals](/learn/paths/m365-msgraph-fundamentals/) +- Learning Path: [Build apps with Microsoft Graph](/learn/paths/m365-msgraph-associate/) Once you are familiar with Microsoft Graph development, see [Windows updates API overview in Microsoft Graph](/graph/windowsupdates-concept-overview) for more. diff --git a/windows/deployment/update/deployment-service-troubleshooting.md b/windows/deployment/update/deployment-service-troubleshoot.md similarity index 100% rename from windows/deployment/update/deployment-service-troubleshooting.md rename to windows/deployment/update/deployment-service-troubleshoot.md From 79b3c48630abc74f5875ca97fa7475820b8a8854 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 27 Apr 2021 12:53:25 -0700 Subject: [PATCH 129/156] tweaks --- windows/deployment/TOC.yml | 6 ++-- .../update/deployment-service-overview.md | 4 +-- .../deployment-service-troubleshooting.md | 35 +++++++++++++++++++ 3 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 windows/deployment/update/deployment-service-troubleshooting.md diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index cff68ffb1d..1485e9c78d 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -167,8 +167,8 @@ - name: Windows Update for Business deployment service href: update/deployment-service-overview.md items: - - name: Troubleshooting the Windows Update for Business deployment service - href: update/deployment-service-troubleshooting.md + - name: Troubleshoot the Windows Update for Business deployment service + href: update/deployment-service-troubleshoot.md - name: Enforcing compliance deadlines for updates href: update/wufb-compliancedeadlines.md - name: Integrate Windows Update for Business with management solutions @@ -254,7 +254,7 @@ href: update/windows-update-errors.md - name: Windows Update error code reference href: update/windows-update-error-reference.md - - name: Troubleshooting the Windows Update for Business deployment service + - name: Troubleshoot the Windows Update for Business deployment service href: update/deployment-service-troubleshooting.md - name: Reference diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index 0eae91fd92..4c034921b7 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -33,7 +33,7 @@ The service is privacy focused and backed by leading industry compliance certifi The deployment service complements existing Windows Update for Business capabilities, including existing device policies and [Update Compliance](update-compliance-monitor.md). -:::image type="content" source="media/wufbds-product-large.png" alt-text="Described in following text"::: +:::image type="content" source="media/wufbds-product-large.png" alt-text="Elements in following text"::: Windows Update for Business comprises three elements: - Client policy to govern update experiences and timing – available through Group Policy and CSPs @@ -42,7 +42,7 @@ Windows Update for Business comprises three elements: Unlike existing client policy, the deployment service does not interact with devices directly. The service is native to the cloud and all operations take place between various Microsoft services. It creates a direct communication channel between a management tool (including scripting tools such as Windows PowerShell) and the Windows Update service so that the approval and offering of content can be directly controlled by an IT Pro. -:::image type="content" source="media/wufbds-interaction-small.png" alt-text="Described in following text"::: +:::image type="content" source="media/wufbds-interaction-small.png" alt-text="Process described in following text"::: Using the deployment service typically follows a common pattern: 1. IT Pro uses a management tool to select devices and approve content to be deployed. This tool could be PowerShell, a Microsoft Graph app or a more complete management solution such as Microsoft Endpoint Manager. diff --git a/windows/deployment/update/deployment-service-troubleshooting.md b/windows/deployment/update/deployment-service-troubleshooting.md new file mode 100644 index 0000000000..08d91c19bd --- /dev/null +++ b/windows/deployment/update/deployment-service-troubleshooting.md @@ -0,0 +1,35 @@ +--- +title: Troubleshoot the Windows Update for Business deployment service +description: Solutions to common problems +ms.custom: seo-marvel-apr2020 +ms.prod: w10 +ms.mktglfcycl: manage +author: jaimeo +ms.localizationpriority: medium +ms.author: jaimeo +ms.reviewer: +manager: laurawi +ms.topic: article +--- + + + +# Troubleshoot the Windows Update for Business deployment service + +> Applies to: Windows 10 + +This troubleshooting guide addresses the most common issues that IT administrators face when using the Windows Update for Business [deployment service](deployment-service-overview.md). For a general troubleshooting guide for Windows Update, see [Windows Update troubleshooting](windows-update-troubleshooting.md). + +## The device isn't receiving an update that I deployed + +- Check that the device doesn't have updates of the relevant category paused. See [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates). +- **Feature updates only**: The device might have a safeguard hold applied for the given feature update version. For more about safeguard holds, see [Safeguard holds](safeguard-holds.md) and [Opt out of safeguard holds](safeguard-opt-out.md). +- Check that the deployment to which the device is assigned has the state *offering*. Deployments that have the states *paused* or *scheduled* won't deploy content to devices. +- Check that the device has scanned for updates and is scanning the Windows Update service. To learn more about scanning for updates, see [Scanning updates](how-windows-update-works.md#scanning-updates). +- **Feature updates only**: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is successfully enrolled will be represented by an Azure AD device resource with an update management enrollment for feature updates and have no Azure AD device registration errors. +- **Expedited quality updates only**: Check that the device has the Update Health Tools installed (available for Windows 10 version 1809 or later in the update described in [KB 4023057 - Update for Windows 10 Update Service components](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a), or a more recent quality update). The Update Health Tools are required for a device to receive an expedited quality update. On a device, the program can be located at **C:\\Program Files\\Microsoft Update Health Tools**. You can verify its presence by reviewing **Add or Remove Programs** or using the following PowerShell script: `Get-WmiObject -Class Win32\_Product \| Where-Object {$\_.Name -amatch "Microsoft Update Health Tools"}`. + +## The device is receiving an update that I didn't deploy + +- Check that the device is scanning the Windows Update service and not a different endpoint. If the device is scanning for updates from a WSUS endpoint, for example, it might receive different updates. To learn more about scanning for updates, see [Scanning updates](how-windows-update-works.md#scanning-updates). +- **Feature updates only**: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is not successfully enrolled might receive different updates according to its feature update deferral period, for example. A device that is successfully enrolled will be represented by an Azure AD device resource with an update management enrollment for feature updates and have no Azure AD device registration errors. From 36f5652d4a58c4a33bcaad391f878c6b54bdd3cf Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Tue, 27 Apr 2021 13:30:37 -0700 Subject: [PATCH 130/156] Update faq-md-app-guard.md Added more information regarding WDAGUtility Account. --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 61f3f7421b..8e30b4d777 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -77,7 +77,7 @@ This feature is currently experimental only and is not functional without an add ### What is the WDAGUtilityAccount local account? -This account is part of Application Guard beginning with Windows 10, version 1709 (Fall Creators Update). This account remains disabled until Application Guard is enabled on your device. This item is integrated to the OS and is not considered as a threat/virus/malware. +This account is a part of Application Guard beginning with Windows 10, version 1709 (Fall Creators Update). It remains disabled by default unless Application Guard is enabled on your device. WDAGUtilityAccount is leveraged to login to the Application Guard container as a standard user with a random password. It is NOT a malicious account. If "Run as a service" permissions are revoked for this account you might encounter this error, "Error: 0x80070569, Ext error: 0x00000001; RDP: Error: 0x00000000, Ext error: 0x00000000 Location: 0x00000000". It is recommended not to modify this account. ### How do I trust a subdomain in my site list? From e5aca00de340eb8d1350d585e9579d92913f916f Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 27 Apr 2021 13:38:50 -0700 Subject: [PATCH 131/156] Remove now duplicated deployment-service-troubleshooting.md --- .../deployment-service-troubleshooting.md | 35 ------------------- 1 file changed, 35 deletions(-) delete mode 100644 windows/deployment/update/deployment-service-troubleshooting.md diff --git a/windows/deployment/update/deployment-service-troubleshooting.md b/windows/deployment/update/deployment-service-troubleshooting.md deleted file mode 100644 index 08d91c19bd..0000000000 --- a/windows/deployment/update/deployment-service-troubleshooting.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Troubleshoot the Windows Update for Business deployment service -description: Solutions to common problems -ms.custom: seo-marvel-apr2020 -ms.prod: w10 -ms.mktglfcycl: manage -author: jaimeo -ms.localizationpriority: medium -ms.author: jaimeo -ms.reviewer: -manager: laurawi -ms.topic: article ---- - - - -# Troubleshoot the Windows Update for Business deployment service - -> Applies to: Windows 10 - -This troubleshooting guide addresses the most common issues that IT administrators face when using the Windows Update for Business [deployment service](deployment-service-overview.md). For a general troubleshooting guide for Windows Update, see [Windows Update troubleshooting](windows-update-troubleshooting.md). - -## The device isn't receiving an update that I deployed - -- Check that the device doesn't have updates of the relevant category paused. See [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates). -- **Feature updates only**: The device might have a safeguard hold applied for the given feature update version. For more about safeguard holds, see [Safeguard holds](safeguard-holds.md) and [Opt out of safeguard holds](safeguard-opt-out.md). -- Check that the deployment to which the device is assigned has the state *offering*. Deployments that have the states *paused* or *scheduled* won't deploy content to devices. -- Check that the device has scanned for updates and is scanning the Windows Update service. To learn more about scanning for updates, see [Scanning updates](how-windows-update-works.md#scanning-updates). -- **Feature updates only**: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is successfully enrolled will be represented by an Azure AD device resource with an update management enrollment for feature updates and have no Azure AD device registration errors. -- **Expedited quality updates only**: Check that the device has the Update Health Tools installed (available for Windows 10 version 1809 or later in the update described in [KB 4023057 - Update for Windows 10 Update Service components](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a), or a more recent quality update). The Update Health Tools are required for a device to receive an expedited quality update. On a device, the program can be located at **C:\\Program Files\\Microsoft Update Health Tools**. You can verify its presence by reviewing **Add or Remove Programs** or using the following PowerShell script: `Get-WmiObject -Class Win32\_Product \| Where-Object {$\_.Name -amatch "Microsoft Update Health Tools"}`. - -## The device is receiving an update that I didn't deploy - -- Check that the device is scanning the Windows Update service and not a different endpoint. If the device is scanning for updates from a WSUS endpoint, for example, it might receive different updates. To learn more about scanning for updates, see [Scanning updates](how-windows-update-works.md#scanning-updates). -- **Feature updates only**: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is not successfully enrolled might receive different updates according to its feature update deferral period, for example. A device that is successfully enrolled will be represented by an Azure AD device resource with an update management enrollment for feature updates and have no Azure AD device registration errors. From 8b7706a930c55ba415c79c9c7233ab2b35e6bb2c Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 27 Apr 2021 13:43:48 -0700 Subject: [PATCH 132/156] somehow the TOC item update didn't take --- windows/deployment/TOC.yml | 2 +- .../update/deployment-service-troubleshoot.md | 6 ++-- .../deployment-service-troubleshooting.md | 35 ------------------- 3 files changed, 4 insertions(+), 39 deletions(-) delete mode 100644 windows/deployment/update/deployment-service-troubleshooting.md diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 1485e9c78d..97f7d9d55a 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -255,7 +255,7 @@ - name: Windows Update error code reference href: update/windows-update-error-reference.md - name: Troubleshoot the Windows Update for Business deployment service - href: update/deployment-service-troubleshooting.md + href: update/deployment-service-troubleshoot.md - name: Reference items: diff --git a/windows/deployment/update/deployment-service-troubleshoot.md b/windows/deployment/update/deployment-service-troubleshoot.md index ac3498ecbd..1f9675d1d9 100644 --- a/windows/deployment/update/deployment-service-troubleshoot.md +++ b/windows/deployment/update/deployment-service-troubleshoot.md @@ -1,6 +1,6 @@ --- -title: Troubleshooting the Windows Update for Business deployment service -description: Solutions to common problems +title: Troubleshoot the Windows Update for Business deployment service +description: Solutions to common problems with the service ms.custom: seo-marvel-apr2020 ms.prod: w10 ms.mktglfcycl: manage @@ -14,7 +14,7 @@ ms.topic: article -# Troubleshooting the Windows Update for Business deployment service +# Troubleshoot the Windows Update for Business deployment service > Applies to: Windows 10 diff --git a/windows/deployment/update/deployment-service-troubleshooting.md b/windows/deployment/update/deployment-service-troubleshooting.md deleted file mode 100644 index 08d91c19bd..0000000000 --- a/windows/deployment/update/deployment-service-troubleshooting.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Troubleshoot the Windows Update for Business deployment service -description: Solutions to common problems -ms.custom: seo-marvel-apr2020 -ms.prod: w10 -ms.mktglfcycl: manage -author: jaimeo -ms.localizationpriority: medium -ms.author: jaimeo -ms.reviewer: -manager: laurawi -ms.topic: article ---- - - - -# Troubleshoot the Windows Update for Business deployment service - -> Applies to: Windows 10 - -This troubleshooting guide addresses the most common issues that IT administrators face when using the Windows Update for Business [deployment service](deployment-service-overview.md). For a general troubleshooting guide for Windows Update, see [Windows Update troubleshooting](windows-update-troubleshooting.md). - -## The device isn't receiving an update that I deployed - -- Check that the device doesn't have updates of the relevant category paused. See [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates). -- **Feature updates only**: The device might have a safeguard hold applied for the given feature update version. For more about safeguard holds, see [Safeguard holds](safeguard-holds.md) and [Opt out of safeguard holds](safeguard-opt-out.md). -- Check that the deployment to which the device is assigned has the state *offering*. Deployments that have the states *paused* or *scheduled* won't deploy content to devices. -- Check that the device has scanned for updates and is scanning the Windows Update service. To learn more about scanning for updates, see [Scanning updates](how-windows-update-works.md#scanning-updates). -- **Feature updates only**: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is successfully enrolled will be represented by an Azure AD device resource with an update management enrollment for feature updates and have no Azure AD device registration errors. -- **Expedited quality updates only**: Check that the device has the Update Health Tools installed (available for Windows 10 version 1809 or later in the update described in [KB 4023057 - Update for Windows 10 Update Service components](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a), or a more recent quality update). The Update Health Tools are required for a device to receive an expedited quality update. On a device, the program can be located at **C:\\Program Files\\Microsoft Update Health Tools**. You can verify its presence by reviewing **Add or Remove Programs** or using the following PowerShell script: `Get-WmiObject -Class Win32\_Product \| Where-Object {$\_.Name -amatch "Microsoft Update Health Tools"}`. - -## The device is receiving an update that I didn't deploy - -- Check that the device is scanning the Windows Update service and not a different endpoint. If the device is scanning for updates from a WSUS endpoint, for example, it might receive different updates. To learn more about scanning for updates, see [Scanning updates](how-windows-update-works.md#scanning-updates). -- **Feature updates only**: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is not successfully enrolled might receive different updates according to its feature update deferral period, for example. A device that is successfully enrolled will be represented by an Azure AD device resource with an update management enrollment for feature updates and have no Azure AD device registration errors. From 73bbe948c47fe6b9599e6779dde1cecd92309e76 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 27 Apr 2021 13:44:48 -0700 Subject: [PATCH 133/156] Replace deployment-service-troubleshooting.md with deployment-service-troubleshoot.md --- windows/deployment/TOC.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 1485e9c78d..97f7d9d55a 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -255,7 +255,7 @@ - name: Windows Update error code reference href: update/windows-update-error-reference.md - name: Troubleshoot the Windows Update for Business deployment service - href: update/deployment-service-troubleshooting.md + href: update/deployment-service-troubleshoot.md - name: Reference items: From 293b9e8136cccdc5cb19d9625f6641e9dcf752c0 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Tue, 27 Apr 2021 14:53:20 -0700 Subject: [PATCH 134/156] Update windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 8e30b4d777..b7e4a7d96e 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -77,7 +77,7 @@ This feature is currently experimental only and is not functional without an add ### What is the WDAGUtilityAccount local account? -This account is a part of Application Guard beginning with Windows 10, version 1709 (Fall Creators Update). It remains disabled by default unless Application Guard is enabled on your device. WDAGUtilityAccount is leveraged to login to the Application Guard container as a standard user with a random password. It is NOT a malicious account. If "Run as a service" permissions are revoked for this account you might encounter this error, "Error: 0x80070569, Ext error: 0x00000001; RDP: Error: 0x00000000, Ext error: 0x00000000 Location: 0x00000000". It is recommended not to modify this account. +This account is part of Application Guard, beginning with Windows 10, version 1709 (Fall Creators Update). It remains disabled by default, unless Application Guard is enabled on your device. The WDAGUtilityAccount is leveraged to login to the Application Guard container as a standard user with a random password. It is NOT a malicious account. If "Run as a service" permissions are revoked for this account, you may encounter the following error: "Error: 0x80070569, Ext error: 0x00000001; RDP: Error: 0x00000000, Ext error: 0x00000000 Location: 0x00000000". It is recommended not to modify this account. ### How do I trust a subdomain in my site list? From 71793a6ee4051d6488d8eff93846c547c13feaee Mon Sep 17 00:00:00 2001 From: Anders Ahl <58516456+GenerAhl@users.noreply.github.com> Date: Wed, 28 Apr 2021 08:46:20 +0200 Subject: [PATCH 135/156] Update windows/deployment/deploy-enterprise-licenses.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index 149916f945..612b3619c6 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -264,4 +264,4 @@ At a command prompt, type: **winver** A popup window will display the Windows 10 version number and detailed OS build information. -If a device is running a version of Windows 10 Pro prior to 1703 (for example, version 1511), it will not be upgraded to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal. +If a device is running a version of Windows 10 Pro prior to version 1703 (for example, version 1511), it will not be upgraded to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal. From abd9b2e7ca6d28dfe86dea4fcfcb01b52a63675c Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Wed, 28 Apr 2021 09:18:31 -0700 Subject: [PATCH 136/156] Update windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index b7e4a7d96e..ecfe3964e2 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -77,7 +77,7 @@ This feature is currently experimental only and is not functional without an add ### What is the WDAGUtilityAccount local account? -This account is part of Application Guard, beginning with Windows 10, version 1709 (Fall Creators Update). It remains disabled by default, unless Application Guard is enabled on your device. The WDAGUtilityAccount is leveraged to login to the Application Guard container as a standard user with a random password. It is NOT a malicious account. If "Run as a service" permissions are revoked for this account, you may encounter the following error: "Error: 0x80070569, Ext error: 0x00000001; RDP: Error: 0x00000000, Ext error: 0x00000000 Location: 0x00000000". It is recommended not to modify this account. +This account is part of Application Guard, beginning with Windows 10, version 1709 (Fall Creators Update). It remains disabled by default, unless Application Guard is enabled on your device. The WDAGUtilityAccount is leveraged to sign in to the Application Guard container as a standard user with a random password. It is NOT a malicious account. If "Run as a service" permissions are revoked for this account, you may encounter the following error: "Error: 0x80070569, Ext error: 0x00000001; RDP: Error: 0x00000000, Ext error: 0x00000000 Location: 0x00000000". We recommend that you do not modify this account. ### How do I trust a subdomain in my site list? From 135e833d311281cb128b1570a0db319de0d2513b Mon Sep 17 00:00:00 2001 From: David Strome Date: Wed, 28 Apr 2021 11:17:09 -0700 Subject: [PATCH 137/156] TOC YAML conversion test --- windows/client-management/mdm/TOC.md | 435 ------------ windows/client-management/mdm/toc.yml | 955 ++++++++++++++++++++++++++ 2 files changed, 955 insertions(+), 435 deletions(-) delete mode 100644 windows/client-management/mdm/TOC.md create mode 100644 windows/client-management/mdm/toc.yml diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md deleted file mode 100644 index 2f21a06d6f..0000000000 --- a/windows/client-management/mdm/TOC.md +++ /dev/null @@ -1,435 +0,0 @@ -# [Mobile device management](index.md) -## [What's new in MDM enrollment and management](new-in-windows-mdm-enrollment-management.md) -### [Change history for MDM documentation](change-history-for-mdm-documentation.md) -## [Mobile device enrollment](mobile-device-enrollment.md) -### [MDM enrollment of Windows devices](mdm-enrollment-of-windows-devices.md) -#### [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md) -### [Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md) -### [Federated authentication device enrollment](federated-authentication-device-enrollment.md) -### [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md) -### [On-premises authentication device enrollment](on-premise-authentication-device-enrollment.md) -## [Understanding ADMX-backed policies](understanding-admx-backed-policies.md) -## [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md) -## [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) -## [Implement server-side support for mobile application management on Windows](implement-server-side-mobile-application-management.md) -## [Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md) -## [Deploy and configure App-V apps using MDM](appv-deploy-and-config.md) -## [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md) -### [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md) -### [Register your free Azure Active Directory subscription](register-your-free-azure-active-directory-subscription.md) -## [Enterprise app management](enterprise-app-management.md) -## [Mobile device management (MDM) for device updates](device-update-management.md) -## [Bulk enrollment](bulk-enrollment-using-windows-provisioning-tool.md) -## [Management tool for the Microsoft Store for Business](management-tool-for-windows-store-for-business.md) -### [REST API reference for Microsoft Store for Business](rest-api-reference-windows-store-for-business.md) -#### [Data structures for Microsoft Store for Business](data-structures-windows-store-for-business.md) -#### [Get Inventory](get-inventory.md) -#### [Get product details](get-product-details.md) -#### [Get localized product details](get-localized-product-details.md) -#### [Get offline license](get-offline-license.md) -#### [Get product packages](get-product-packages.md) -#### [Get product package](get-product-package.md) -#### [Get seats](get-seats.md) -#### [Get seat](get-seat.md) -#### [Assign seats](assign-seats.md) -#### [Reclaim seat from user](reclaim-seat-from-user.md) -#### [Bulk assign and reclaim seats from users](bulk-assign-and-reclaim-seats-from-user.md) -#### [Get seats assigned to a user](get-seats-assigned-to-a-user.md) -## [Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices](enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md) -## [Certificate renewal](certificate-renewal-windows-mdm.md) -## [Disconnecting from the management infrastructure (unenrollment)](disconnecting-from-mdm-unenrollment.md) -## [Enterprise settings, policies, and app management](windows-mdm-enterprise-settings.md) -## [Push notification support for device management](push-notification-windows-mdm.md) -## [OMA DM protocol support](oma-dm-protocol-support.md) -## [Structure of OMA DM provisioning files](structure-of-oma-dm-provisioning-files.md) -## [Server requirements for OMA DM](server-requirements-windows-mdm.md) -## [DMProcessConfigXMLFiltered](dmprocessconfigxmlfiltered.md) -## [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md) -## [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md) -## [Configuration service provider reference](configuration-service-provider-reference.md) -### [AccountManagement CSP](accountmanagement-csp.md) -#### [AccountManagement DDF file](accountmanagement-ddf.md) -### [Accounts CSP](accounts-csp.md) -#### [Accounts DDF file](accounts-ddf-file.md) -### [ActiveSync CSP](activesync-csp.md) -#### [ActiveSync DDF file](activesync-ddf-file.md) -### [AllJoynManagement CSP](alljoynmanagement-csp.md) -#### [AllJoynManagement DDF](alljoynmanagement-ddf.md) -### [APPLICATION CSP](application-csp.md) -### [ApplicationControl CSP](applicationcontrol-csp.md) -#### [ApplicationControl DDF file](applicationcontrol-csp-ddf.md) -### [AppLocker CSP](applocker-csp.md) -#### [AppLocker DDF file](applocker-ddf-file.md) -#### [AppLocker XSD](applocker-xsd.md) -### [AssignedAccess CSP](assignedaccess-csp.md) -#### [AssignedAccess DDF file](assignedaccess-ddf.md) -### [BitLocker CSP](bitlocker-csp.md) -#### [BitLocker DDF file](bitlocker-ddf-file.md) -### [BOOTSTRAP CSP](bootstrap-csp.md) -### [BrowserFavorite CSP](browserfavorite-csp.md) -### [CellularSettings CSP](cellularsettings-csp.md) -### [CertificateStore CSP](certificatestore-csp.md) -#### [CertificateStore DDF file](certificatestore-ddf-file.md) -### [CleanPC CSP](cleanpc-csp.md) -#### [CleanPC DDF](cleanpc-ddf.md) -### [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) -#### [ClientCertificateInstall DDF file](clientcertificateinstall-ddf-file.md) -### [CM_CellularEntries CSP](cm-cellularentries-csp.md) -### [CM_ProxyEntries CSP](cm-proxyentries-csp.md) -### [CMPolicy CSP](cmpolicy-csp.md) -### [CMPolicyEnterprise CSP](cmpolicyenterprise-csp.md) -#### [CMPolicyEnterprise DDF file](cmpolicyenterprise-ddf-file.md) -### [CustomDeviceUI CSP](customdeviceui-csp.md) -#### [CustomDeviceUI DDF file](customdeviceui-ddf.md) -### [Defender CSP](defender-csp.md) -#### [Defender DDF file](defender-ddf.md) -### [DevDetail CSP](devdetail-csp.md) -#### [DevDetail DDF file](devdetail-ddf-file.md) -### [DeveloperSetup CSP](developersetup-csp.md) -#### [DeveloperSetup DDF](developersetup-ddf.md) -### [DeviceInstanceService CSP](deviceinstanceservice-csp.md) -### [DeviceLock CSP](devicelock-csp.md) -#### [DeviceLock DDF file](devicelock-ddf-file.md) -### [DeviceManageability CSP](devicemanageability-csp.md) -#### [DeviceManageability DDF](devicemanageability-ddf.md) -### [DeviceStatus CSP](devicestatus-csp.md) -#### [DeviceStatus DDF](devicestatus-ddf.md) -### [DevInfo CSP](devinfo-csp.md) -#### [DevInfo DDF file](devinfo-ddf-file.md) -### [DiagnosticLog CSP](diagnosticlog-csp.md) -#### [DiagnosticLog DDF file](diagnosticlog-ddf.md) -### [DMAcc CSP](dmacc-csp.md) -#### [DMAcc DDF file](dmacc-ddf-file.md) -### [DMClient CSP](dmclient-csp.md) -#### [DMClient DDF file](dmclient-ddf-file.md) -### [DMSessionActions CSP](dmsessionactions-csp.md) -#### [DMSessionActions DDF file](dmsessionactions-ddf.md) -### [DynamicManagement CSP](dynamicmanagement-csp.md) -#### [DynamicManagement DDF file](dynamicmanagement-ddf.md) -### [EMAIL2 CSP](email2-csp.md) -#### [EMAIL2 DDF file](email2-ddf-file.md) -### [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) -#### [EnrollmentStatusTracking DDF file](enrollmentstatustracking-csp-ddf.md) -### [EnterpriseAPN CSP](enterpriseapn-csp.md) -#### [EnterpriseAPN DDF](enterpriseapn-ddf.md) -### [EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md) -### [EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md) -#### [EnterpriseAppVManagement DDF file](enterpriseappvmanagement-ddf.md) -### [EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md) -#### [EnterpriseAssignedAccess DDF file](enterpriseassignedaccess-ddf.md) -#### [EnterpriseAssignedAccess XSD](enterpriseassignedaccess-xsd.md) -### [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) -#### [EnterpriseDataProtection DDF file](enterprisedataprotection-ddf-file.md) -### [EnterpriseDesktopAppManagement CSP](enterprisedesktopappmanagement-csp.md) -#### [EnterpriseDesktopAppManagement DDF](enterprisedesktopappmanagement-ddf-file.md) -#### [EnterpriseDesktopAppManagement XSD](enterprisedesktopappmanagement2-xsd.md) -### [EnterpriseExt CSP](enterpriseext-csp.md) -#### [EnterpriseExt DDF file](enterpriseext-ddf.md) -### [EnterpriseExtFileSystem CSP](enterpriseextfilessystem-csp.md) -#### [EnterpriseExtFileSystem DDF file](enterpriseextfilesystem-ddf.md) -### [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) -#### [EnterpriseModernAppManagement DDF](enterprisemodernappmanagement-ddf.md) -#### [EnterpriseModernAppManagement XSD](enterprisemodernappmanagement-xsd.md) -### [eUICCs CSP](euiccs-csp.md) -#### [eUICCs DDF file](euiccs-ddf-file.md) -### [FileSystem CSP](filesystem-csp.md) -### [Firewall CSP](firewall-csp.md) -#### [Firewall DDF file](firewall-ddf-file.md) -### [HealthAttestation CSP](healthattestation-csp.md) -#### [HealthAttestation DDF](healthattestation-ddf.md) -### [HotSpot CSP](hotspot-csp.md) -### [Maps CSP](maps-csp.md) -#### [Maps DDF](maps-ddf-file.md) -### [Messaging CSP](messaging-csp.md) -#### [Messaging DDF file](messaging-ddf.md) -### [MultiSIM CSP](multisim-csp.md) -#### [MultiSIM DDF file](multisim-ddf.md) -### [NAP CSP](nap-csp.md) -### [NAPDEF CSP](napdef-csp.md) -### [NetworkProxy CSP](networkproxy-csp.md) -#### [NetworkProxy DDF file](networkproxy-ddf.md) -### [NetworkQoSPolicy CSP](networkqospolicy-csp.md) -#### [NetworkQoSPolicy DDF file](networkqospolicy-ddf.md) -### [NodeCache CSP](nodecache-csp.md) -#### [NodeCache DDF file](nodecache-ddf-file.md) -### [Office CSP](office-csp.md) -#### [Office DDF](office-ddf.md) -### [PassportForWork CSP](passportforwork-csp.md) -#### [PassportForWork DDF file](passportforwork-ddf.md) -### [Personalization CSP](personalization-csp.md) -#### [Personalization DDF file](personalization-ddf.md) -### [Policy CSP](policy-configuration-service-provider.md) -#### [Policy CSP DDF file](policy-ddf-file.md) -#### [Policies in Policy CSP supported by Group Policy](policies-in-policy-csp-supported-by-group-policy.md) -#### [ADMX-backed policies in Policy CSP](policies-in-policy-csp-admx-backed.md) -#### [Policies in Policy CSP supported by HoloLens 2](policies-in-policy-csp-supported-by-hololens2.md) -#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md) -#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md) -#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](./configuration-service-provider-reference.md) -#### [Policies in Policy CSP supported by Windows 10 IoT Core](policies-in-policy-csp-supported-by-iot-core.md) -#### [Policies in Policy CSP supported by Microsoft Surface Hub](policies-in-policy-csp-supported-by-surface-hub.md) -#### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policies-in-policy-csp-that-can-be-set-using-eas.md) -#### [AboveLock](policy-csp-abovelock.md) -#### [Accounts](policy-csp-accounts.md) -#### [ActiveXControls](policy-csp-activexcontrols.md) -#### [ADMX_ActiveXInstallService](policy-csp-admx-activexinstallservice.md) -#### [ADMX_AddRemovePrograms](policy-csp-admx-addremoveprograms.md) -#### [ADMX_AppCompat](policy-csp-admx-appcompat.md) -#### [ADMX_AppxPackageManager](policy-csp-admx-appxpackagemanager.md) -#### [ADMX_AppXRuntime](policy-csp-admx-appxruntime.md) -#### [ADMX_AttachmentManager](policy-csp-admx-attachmentmanager.md) -#### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md) -#### [ADMX_Bits](policy-csp-admx-bits.md) -#### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md) -#### [ADMX_COM](policy-csp-admx-com.md) -#### [ADMX_ControlPanel](policy-csp-admx-controlpanel.md) -#### [ADMX_ControlPanelDisplay](policy-csp-admx-controlpaneldisplay.md) -#### [ADMX_Cpls](policy-csp-admx-cpls.md) -#### [ADMX_CredentialProviders](policy-csp-admx-credentialproviders.md) -#### [ADMX_CredSsp](policy-csp-admx-credssp.md) -#### [ADMX_CredUI](policy-csp-admx-credui.md) -#### [ADMX_CtrlAltDel](policy-csp-admx-ctrlaltdel.md) -#### [ADMX_DataCollection](policy-csp-admx-datacollection.md) -#### [ADMX_Desktop](policy-csp-admx-desktop.md) -#### [ADMX_DeviceInstallation](policy-csp-admx-deviceinstallation.md) -#### [ADMX_DeviceSetup](policy-csp-admx-devicesetup.md) -#### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) -#### [ADMX_DistributedLinkTracking](policy-csp-admx-distributedlinktracking.md) -#### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) -#### [ADMX_DWM](policy-csp-admx-dwm.md) -#### [ADMX_EAIME](policy-csp-admx-eaime.md) -#### [ADMX_EncryptFilesonMove](policy-csp-admx-encryptfilesonmove.md) -#### [ADMX_EnhancedStorage](policy-csp-admx-enhancedstorage.md) -#### [ADMX_ErrorReporting](policy-csp-admx-errorreporting.md) -#### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) -#### [ADMX_EventLog](policy-csp-admx-eventlog.md) -#### [ADMX_Explorer](policy-csp-admx-explorer.md) -#### [ADMX_FileRecovery](policy-csp-admx-filerecovery.md) -#### [ADMX_FileServerVSSProvider](policy-csp-admx-fileservervssprovider.md) -#### [ADMX_FileSys](policy-csp-admx-filesys.md) -#### [ADMX_FolderRedirection](policy-csp-admx-folderredirection.md) -#### [ADMX_Globalization](policy-csp-admx-globalization.md) -#### [ADMX_GroupPolicy](policy-csp-admx-grouppolicy.md) -#### [ADMX_Help](policy-csp-admx-help.md) -#### [ADMX_HelpAndSupport](policy-csp-admx-helpandsupport.md) -#### [ADMX_ICM](policy-csp-admx-icm.md) -#### [ADMX_kdc](policy-csp-admx-kdc.md) -#### [ADMX_Kerberos](policy-csp-admx-kerberos.md) -#### [ADMX_LanmanServer](policy-csp-admx-lanmanserver.md) -#### [ADMX_LanmanWorkstation](policy-csp-admx-lanmanworkstation.md) -#### [ADMX_LinkLayerTopologyDiscovery](policy-csp-admx-linklayertopologydiscovery.md) -#### [ADMX_Logon](policy-csp-admx-logon.md) -#### [ADMX_MicrosoftDefenderAntivirus](policy-csp-admx-microsoftdefenderantivirus.md) -#### [ADMX_MMC](policy-csp-admx-mmc.md) -#### [ADMX_MMCSnapins](policy-csp-admx-mmcsnapins.md) -#### [ADMX_MSAPolicy](policy-csp-admx-msapolicy.md) -#### [ADMX_msched](policy-csp-admx-msched.md) -#### [ADMX_MSDT](policy-csp-admx-msdt.md) -#### [ADMX_MSI](policy-csp-admx-msi.md) -#### [ADMX_nca](policy-csp-admx-nca.md) -#### [ADMX_NCSI](policy-csp-admx-ncsi.md) -#### [ADMX_Netlogon](policy-csp-admx-netlogon.md) -#### [ADMX_NetworkConnections](policy-csp-admx-networkconnections.md) -#### [ADMX_OfflineFiles](policy-csp-admx-offlinefiles.md) -#### [ADMX_PeerToPeerCaching](policy-csp-admx-peertopeercaching.md) -#### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md) -#### [ADMX_Power](policy-csp-admx-power.md) -#### [ADMX_PowerShellExecutionPolicy](policy-csp-admx-powershellexecutionpolicy.md) -#### [ADMX_Printing](policy-csp-admx-printing.md) -#### [ADMX_Printing2](policy-csp-admx-printing2.md) -#### [ADMX_Programs](policy-csp-admx-programs.md) -#### [ADMX_Reliability](policy-csp-admx-reliability.md) -#### [ADMX_RemoteAssistance](policy-csp-admx-remoteassistance.md) -#### [ADMX_RemovableStorage](policy-csp-admx-removablestorage.md) -#### [ADMX_RPC](policy-csp-admx-rpc.md) -#### [ADMX_Scripts](policy-csp-admx-scripts.md) -#### [ADMX_sdiageng](policy-csp-admx-sdiageng.md) -#### [ADMX_Securitycenter](policy-csp-admx-securitycenter.md) -#### [ADMX_Sensors](policy-csp-admx-sensors.md) -#### [ADMX_Servicing](policy-csp-admx-servicing.md) -#### [ADMX_SettingSync](policy-csp-admx-settingsync.md) -#### [ADMX_SharedFolders](policy-csp-admx-sharedfolders.md) -#### [ADMX_Sharing](policy-csp-admx-sharing.md) -#### [ADMX_ShellCommandPromptRegEditTools](policy-csp-admx-shellcommandpromptregedittools.md) -#### [ADMX_SkyDrive](policy-csp-admx-skydrive.md) -#### [ADMX_Smartcard](policy-csp-admx-smartcard.md) -#### [ADMX_Snmp](policy-csp-admx-snmp.md) -#### [ADMX_StartMenu](policy-csp-admx-startmenu.md) -#### [ADMX_SystemRestore](policy-csp-admx-systemrestore.md) -#### [ADMX_Taskbar](policy-csp-admx-taskbar.md) -#### [ADMX_tcpip](policy-csp-admx-tcpip.md) -#### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md) -#### [ADMX_TPM](policy-csp-admx-tpm.md) -#### [ADMX_UserExperienceVirtualization](policy-csp-admx-userexperiencevirtualization.md) -#### [ADMX_UserProfiles](policy-csp-admx-userprofiles.md) -#### [ADMX_W32Time](policy-csp-admx-w32time.md) -#### [ADMX_WCM](policy-csp-admx-wcm.md) -#### [ADMX_WinCal](policy-csp-admx-wincal.md) -#### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md) -#### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md) -#### [ADMX_WindowsExplorer](policy-csp-admx-windowsexplorer.md) -#### [ADMX_WindowsFileProtection](policy-csp-admx-windowsfileprotection.md) -#### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md) -#### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md) -#### [ADMX_WindowsRemoteManagement](policy-csp-admx-windowsremotemanagement.md) -#### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md) -#### [ADMX_WinInit](policy-csp-admx-wininit.md) -#### [ADMX_WinLogon](policy-csp-admx-winlogon.md) -#### [ADMX-Winsrv](policy-csp-admx-winsrv.md) -#### [ADMX_wlansvc](policy-csp-admx-wlansvc.md) -#### [ADMX_WPN](policy-csp-admx-wpn.md) -#### [ApplicationDefaults](policy-csp-applicationdefaults.md) -#### [ApplicationManagement](policy-csp-applicationmanagement.md) -#### [AppRuntime](policy-csp-appruntime.md) -#### [AppVirtualization](policy-csp-appvirtualization.md) -#### [AttachmentManager](policy-csp-attachmentmanager.md) -#### [Audit](policy-csp-audit.md) -#### [Authentication](policy-csp-authentication.md) -#### [Autoplay](policy-csp-autoplay.md) -#### [BitLocker](policy-csp-bitlocker.md) -#### [BITS](policy-csp-bits.md) -#### [Bluetooth](policy-csp-bluetooth.md) -#### [Browser](policy-csp-browser.md) -#### [Camera](policy-csp-camera.md) -#### [Cellular](policy-csp-cellular.md) -#### [Connectivity](policy-csp-connectivity.md) -#### [ControlPolicyConflict](policy-csp-controlpolicyconflict.md) -#### [CredentialsDelegation](policy-csp-credentialsdelegation.md) -#### [CredentialProviders](policy-csp-credentialproviders.md) -#### [CredentialsUI](policy-csp-credentialsui.md) -#### [Cryptography](policy-csp-cryptography.md) -#### [DataProtection](policy-csp-dataprotection.md) -#### [DataUsage](policy-csp-datausage.md) -#### [Defender](policy-csp-defender.md) -#### [DeliveryOptimization](policy-csp-deliveryoptimization.md) -#### [Desktop](policy-csp-desktop.md) -#### [DeviceGuard](policy-csp-deviceguard.md) -#### [DeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md) -#### [DeviceInstallation](policy-csp-deviceinstallation.md) -#### [DeviceLock](policy-csp-devicelock.md) -#### [Display](policy-csp-display.md) -#### [DmaGuard](policy-csp-dmaguard.md) -#### [Education](policy-csp-education.md) -#### [EnterpriseCloudPrint](policy-csp-enterprisecloudprint.md) -#### [ErrorReporting](policy-csp-errorreporting.md) -#### [EventLogService](policy-csp-eventlogservice.md) -#### [Experience](policy-csp-experience.md) -#### [ExploitGuard](policy-csp-exploitguard.md) -#### [FileExplorer](policy-csp-fileexplorer.md) -#### [Games](policy-csp-games.md) -#### [Handwriting](policy-csp-handwriting.md) -#### [InternetExplorer](policy-csp-internetexplorer.md) -#### [Kerberos](policy-csp-kerberos.md) -#### [KioskBrowser](policy-csp-kioskbrowser.md) -#### [LanmanWorkstation](policy-csp-lanmanworkstation.md) -#### [Licensing](policy-csp-licensing.md) -#### [LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md) -#### [LocalUsersAndGroups](policy-csp-localusersandgroups.md) -#### [LockDown](policy-csp-lockdown.md) -#### [Maps](policy-csp-maps.md) -#### [Messaging](policy-csp-messaging.md) -#### [MixedReality](policy-csp-mixedreality.md) -#### [MSSecurityGuide](policy-csp-mssecurityguide.md) -#### [MSSLegacy](policy-csp-msslegacy.md) -#### [Multitasking](policy-csp-multitasking.md) -#### [NetworkIsolation](policy-csp-networkisolation.md) -#### [Notifications](policy-csp-notifications.md) -#### [Power](policy-csp-power.md) -#### [Printers](policy-csp-printers.md) -#### [Privacy](policy-csp-privacy.md) -#### [RemoteAssistance](policy-csp-remoteassistance.md) -#### [RemoteDesktopServices](policy-csp-remotedesktopservices.md) -#### [RemoteManagement](policy-csp-remotemanagement.md) -#### [RemoteProcedureCall](policy-csp-remoteprocedurecall.md) -#### [RemoteShell](policy-csp-remoteshell.md) -#### [RestrictedGroups](policy-csp-restrictedgroups.md) -#### [Search](policy-csp-search.md) -#### [Security](policy-csp-security.md) -#### [ServiceControlManager](policy-csp-servicecontrolmanager.md) -#### [Settings](policy-csp-settings.md) -#### [Speech](policy-csp-speech.md) -#### [Start](policy-csp-start.md) -#### [Storage](policy-csp-storage.md) -#### [System](policy-csp-system.md) -#### [SystemServices](policy-csp-systemservices.md) -#### [TaskManager](policy-csp-taskmanager.md) -#### [TaskScheduler](policy-csp-taskscheduler.md) -#### [TextInput](policy-csp-textinput.md) -#### [TimeLanguageSettings](policy-csp-timelanguagesettings.md) -#### [Troubleshooting](policy-csp-troubleshooting.md) -#### [Update](policy-csp-update.md) -#### [UserRights](policy-csp-userrights.md) -#### [Wifi](policy-csp-wifi.md) -#### [WindowsConnectionManager](policy-csp-windowsconnectionmanager.md) -#### [WindowsDefenderSecurityCenter](policy-csp-windowsdefendersecuritycenter.md) -#### [WindowsDefenderSmartScreen](policy-csp-smartscreen.md) -#### [WindowsInkWorkspace](policy-csp-windowsinkworkspace.md) -#### [WindowsLogon](policy-csp-windowslogon.md) -#### [WindowsPowerShell](policy-csp-windowspowershell.md) -#### [WindowsSandbox](policy-csp-windowssandbox.md) -#### [WirelessDisplay](policy-csp-wirelessdisplay.md) -### [PolicyManager CSP](policymanager-csp.md) -### [Provisioning CSP](provisioning-csp.md) -### [PROXY CSP](proxy-csp.md) -### [PXLOGICAL CSP](pxlogical-csp.md) -### [Reboot CSP](reboot-csp.md) -#### [Reboot DDF file](reboot-ddf-file.md) -### [Registry CSP](registry-csp.md) -#### [Registry DDF file](registry-ddf-file.md) -### [RemoteFind CSP](remotefind-csp.md) -#### [RemoteFind DDF file](remotefind-ddf-file.md) -### [RemoteLock CSP](remotelock-csp.md) -#### [RemoteLock DDF file](remotelock-ddf-file.md) -### [RemoteRing CSP](remotering-csp.md) -#### [RemoteRing DDF file](remotering-ddf-file.md) -### [RemoteWipe CSP](remotewipe-csp.md) -#### [RemoteWipe DDF file](remotewipe-ddf-file.md) -### [Reporting CSP](reporting-csp.md) -#### [Reporting DDF file](reporting-ddf-file.md) -### [RootCATrustedCertificates CSP](rootcacertificates-csp.md) -#### [RootCATrustedCertificates DDF file](rootcacertificates-ddf-file.md) -### [SecureAssessment CSP](secureassessment-csp.md) -#### [SecureAssessment DDF file](secureassessment-ddf-file.md) -### [SecurityPolicy CSP](securitypolicy-csp.md) -### [SharedPC CSP](sharedpc-csp.md) -#### [SharedPC DDF file](sharedpc-ddf-file.md) -### [Storage CSP](storage-csp.md) -#### [Storage DDF file](storage-ddf-file.md) -### [SUPL CSP](supl-csp.md) -#### [SUPL DDF file](supl-ddf-file.md) -### [SurfaceHub CSP](surfacehub-csp.md) -#### [SurfaceHub DDF file](surfacehub-ddf-file.md) -### [TenantLockdown CSP](tenantlockdown-csp.md) -#### [TenantLockdown DDF file](tenantlockdown-ddf.md) -### [TPMPolicy CSP](tpmpolicy-csp.md) -#### [TPMPolicy DDF file](tpmpolicy-ddf-file.md) -### [UEFI CSP](uefi-csp.md) -#### [UEFI DDF file](uefi-ddf.md) -### [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md) -#### [UnifiedWriteFilter DDF file](unifiedwritefilter-ddf.md) -### [Update CSP](update-csp.md) -#### [Update DDF file](update-ddf-file.md) -### [VPN CSP](vpn-csp.md) -#### [VPN DDF file](vpn-ddf-file.md) -### [VPNv2 CSP](vpnv2-csp.md) -#### [VPNv2 DDF file](vpnv2-ddf-file.md) -#### [ProfileXML XSD](vpnv2-profile-xsd.md) -#### [EAP configuration](eap-configuration.md) -### [w4 APPLICATION CSP](w4-application-csp.md) -### [w7 APPLICATION CSP](w7-application-csp.md) -### [WiFi CSP](wifi-csp.md) -#### [WiFi DDF file](wifi-ddf-file.md) -### [Win32AppInventory CSP](win32appinventory-csp.md) -#### [Win32AppInventory DDF file](win32appinventory-ddf-file.md) -### [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md) -#### [Win32CompatibilityAppraiser DDF file](win32compatibilityappraiser-ddf.md) -### [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) -#### [WindowsAdvancedThreatProtection DDF file](windowsadvancedthreatprotection-ddf.md) -### [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) -#### [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md) -### [WindowsLicensing CSP](windowslicensing-csp.md) -#### [WindowsLicensing DDF file](windowslicensing-ddf-file.md) -### [WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md) -#### [WindowsSecurityAuditing DDF file](windowssecurityauditing-ddf-file.md) -### [WiredNetwork CSP](wirednetwork-csp.md) -#### [WiredNetwork DDF file](wirednetwork-ddf-file.md) \ No newline at end of file diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml new file mode 100644 index 0000000000..8680bff0db --- /dev/null +++ b/windows/client-management/mdm/toc.yml @@ -0,0 +1,955 @@ +items: +- name: Mobile device management + href: index.md + items: + - name: What's new in MDM enrollment and management + href: new-in-windows-mdm-enrollment-management.md + items: + - name: Change history for MDM documentation + href: change-history-for-mdm-documentation.md + - name: Mobile device enrollment + href: mobile-device-enrollment.md + items: + - name: MDM enrollment of Windows devices + href: mdm-enrollment-of-windows-devices.md + items: + - name: "Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal" + href: azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md + - name: Enroll a Windows 10 device automatically using Group Policy + href: enroll-a-windows-10-device-automatically-using-group-policy.md + - name: Federated authentication device enrollment + href: federated-authentication-device-enrollment.md + - name: Certificate authentication device enrollment + href: certificate-authentication-device-enrollment.md + - name: On-premises authentication device enrollment + href: on-premise-authentication-device-enrollment.md + - name: Understanding ADMX-backed policies + href: understanding-admx-backed-policies.md + - name: Enable ADMX-backed policies in MDM + href: enable-admx-backed-policies-in-mdm.md + - name: Win32 and Desktop Bridge app policy configuration + href: win32-and-centennial-app-policy-configuration.md + - name: Implement server-side support for mobile application management on Windows + href: implement-server-side-mobile-application-management.md + - name: Diagnose MDM failures in Windows 10 + href: diagnose-mdm-failures-in-windows-10.md + - name: Deploy and configure App-V apps using MDM + href: appv-deploy-and-config.md + - name: Azure Active Directory integration with MDM + href: azure-active-directory-integration-with-mdm.md + items: + - name: Add an Azure AD tenant and Azure AD subscription + href: add-an-azure-ad-tenant-and-azure-ad-subscription.md + - name: Register your free Azure Active Directory subscription + href: register-your-free-azure-active-directory-subscription.md + - name: Enterprise app management + href: enterprise-app-management.md + - name: Mobile device management (MDM) for device updates + href: device-update-management.md + - name: Bulk enrollment + href: bulk-enrollment-using-windows-provisioning-tool.md + - name: Management tool for the Microsoft Store for Business + href: management-tool-for-windows-store-for-business.md + items: + - name: REST API reference for Microsoft Store for Business + href: rest-api-reference-windows-store-for-business.md + items: + - name: Data structures for Microsoft Store for Business + href: data-structures-windows-store-for-business.md + - name: Get Inventory + href: get-inventory.md + - name: Get product details + href: get-product-details.md + - name: Get localized product details + href: get-localized-product-details.md + - name: Get offline license + href: get-offline-license.md + - name: Get product packages + href: get-product-packages.md + - name: Get product package + href: get-product-package.md + - name: Get seats + href: get-seats.md + - name: Get seat + href: get-seat.md + - name: Assign seats + href: assign-seats.md + - name: Reclaim seat from user + href: reclaim-seat-from-user.md + - name: Bulk assign and reclaim seats from users + href: bulk-assign-and-reclaim-seats-from-user.md + - name: Get seats assigned to a user + href: get-seats-assigned-to-a-user.md + - name: Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices + href: enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md + - name: Certificate renewal + href: certificate-renewal-windows-mdm.md + - name: Disconnecting from the management infrastructure (unenrollment) + href: disconnecting-from-mdm-unenrollment.md + - name: Enterprise settings, policies, and app management + href: windows-mdm-enterprise-settings.md + - name: Push notification support for device management + href: push-notification-windows-mdm.md + - name: OMA DM protocol support + href: oma-dm-protocol-support.md + - name: Structure of OMA DM provisioning files + href: structure-of-oma-dm-provisioning-files.md + - name: Server requirements for OMA DM + href: server-requirements-windows-mdm.md + - name: DMProcessConfigXMLFiltered + href: dmprocessconfigxmlfiltered.md + - name: Using PowerShell scripting with the WMI Bridge Provider + href: using-powershell-scripting-with-the-wmi-bridge-provider.md + - name: WMI providers supported in Windows 10 + href: wmi-providers-supported-in-windows.md + - name: Configuration service provider reference + href: configuration-service-provider-reference.md + items: + - name: AccountManagement CSP + href: accountmanagement-csp.md + items: + - name: AccountManagement DDF file + href: accountmanagement-ddf.md + - name: Accounts CSP + href: accounts-csp.md + items: + - name: Accounts DDF file + href: accounts-ddf-file.md + - name: ActiveSync CSP + href: activesync-csp.md + items: + - name: ActiveSync DDF file + href: activesync-ddf-file.md + - name: AllJoynManagement CSP + href: alljoynmanagement-csp.md + items: + - name: AllJoynManagement DDF + href: alljoynmanagement-ddf.md + - name: APPLICATION CSP + href: application-csp.md + - name: ApplicationControl CSP + href: applicationcontrol-csp.md + items: + - name: ApplicationControl DDF file + href: applicationcontrol-csp-ddf.md + - name: AppLocker CSP + href: applocker-csp.md + items: + - name: AppLocker DDF file + href: applocker-ddf-file.md + - name: AppLocker XSD + href: applocker-xsd.md + - name: AssignedAccess CSP + href: assignedaccess-csp.md + items: + - name: AssignedAccess DDF file + href: assignedaccess-ddf.md + - name: BitLocker CSP + href: bitlocker-csp.md + items: + - name: BitLocker DDF file + href: bitlocker-ddf-file.md + - name: BOOTSTRAP CSP + href: bootstrap-csp.md + - name: BrowserFavorite CSP + href: browserfavorite-csp.md + - name: CellularSettings CSP + href: cellularsettings-csp.md + - name: CertificateStore CSP + href: certificatestore-csp.md + items: + - name: CertificateStore DDF file + href: certificatestore-ddf-file.md + - name: CleanPC CSP + href: cleanpc-csp.md + items: + - name: CleanPC DDF + href: cleanpc-ddf.md + - name: ClientCertificateInstall CSP + href: clientcertificateinstall-csp.md + items: + - name: ClientCertificateInstall DDF file + href: clientcertificateinstall-ddf-file.md + - name: CM_CellularEntries CSP + href: cm-cellularentries-csp.md + - name: CM_ProxyEntries CSP + href: cm-proxyentries-csp.md + - name: CMPolicy CSP + href: cmpolicy-csp.md + - name: CMPolicyEnterprise CSP + href: cmpolicyenterprise-csp.md + items: + - name: CMPolicyEnterprise DDF file + href: cmpolicyenterprise-ddf-file.md + - name: CustomDeviceUI CSP + href: customdeviceui-csp.md + items: + - name: CustomDeviceUI DDF file + href: customdeviceui-ddf.md + - name: Defender CSP + href: defender-csp.md + items: + - name: Defender DDF file + href: defender-ddf.md + - name: DevDetail CSP + href: devdetail-csp.md + items: + - name: DevDetail DDF file + href: devdetail-ddf-file.md + - name: DeveloperSetup CSP + href: developersetup-csp.md + items: + - name: DeveloperSetup DDF + href: developersetup-ddf.md + - name: DeviceInstanceService CSP + href: deviceinstanceservice-csp.md + - name: DeviceLock CSP + href: devicelock-csp.md + items: + - name: DeviceLock DDF file + href: devicelock-ddf-file.md + - name: DeviceManageability CSP + href: devicemanageability-csp.md + items: + - name: DeviceManageability DDF + href: devicemanageability-ddf.md + - name: DeviceStatus CSP + href: devicestatus-csp.md + items: + - name: DeviceStatus DDF + href: devicestatus-ddf.md + - name: DevInfo CSP + href: devinfo-csp.md + items: + - name: DevInfo DDF file + href: devinfo-ddf-file.md + - name: DiagnosticLog CSP + href: diagnosticlog-csp.md + items: + - name: DiagnosticLog DDF file + href: diagnosticlog-ddf.md + - name: DMAcc CSP + href: dmacc-csp.md + items: + - name: DMAcc DDF file + href: dmacc-ddf-file.md + - name: DMClient CSP + href: dmclient-csp.md + items: + - name: DMClient DDF file + href: dmclient-ddf-file.md + - name: DMSessionActions CSP + href: dmsessionactions-csp.md + items: + - name: DMSessionActions DDF file + href: dmsessionactions-ddf.md + - name: DynamicManagement CSP + href: dynamicmanagement-csp.md + items: + - name: DynamicManagement DDF file + href: dynamicmanagement-ddf.md + - name: EMAIL2 CSP + href: email2-csp.md + items: + - name: EMAIL2 DDF file + href: email2-ddf-file.md + - name: EnrollmentStatusTracking CSP + href: enrollmentstatustracking-csp.md + items: + - name: EnrollmentStatusTracking DDF file + href: enrollmentstatustracking-csp-ddf.md + - name: EnterpriseAPN CSP + href: enterpriseapn-csp.md + items: + - name: EnterpriseAPN DDF + href: enterpriseapn-ddf.md + - name: EnterpriseAppManagement CSP + href: enterpriseappmanagement-csp.md + - name: EnterpriseAppVManagement CSP + href: enterpriseappvmanagement-csp.md + items: + - name: EnterpriseAppVManagement DDF file + href: enterpriseappvmanagement-ddf.md + - name: EnterpriseAssignedAccess CSP + href: enterpriseassignedaccess-csp.md + items: + - name: EnterpriseAssignedAccess DDF file + href: enterpriseassignedaccess-ddf.md + - name: EnterpriseAssignedAccess XSD + href: enterpriseassignedaccess-xsd.md + - name: EnterpriseDataProtection CSP + href: enterprisedataprotection-csp.md + items: + - name: EnterpriseDataProtection DDF file + href: enterprisedataprotection-ddf-file.md + - name: EnterpriseDesktopAppManagement CSP + href: enterprisedesktopappmanagement-csp.md + items: + - name: EnterpriseDesktopAppManagement DDF + href: enterprisedesktopappmanagement-ddf-file.md + - name: EnterpriseDesktopAppManagement XSD + href: enterprisedesktopappmanagement2-xsd.md + - name: EnterpriseExt CSP + href: enterpriseext-csp.md + items: + - name: EnterpriseExt DDF file + href: enterpriseext-ddf.md + - name: EnterpriseExtFileSystem CSP + href: enterpriseextfilessystem-csp.md + items: + - name: EnterpriseExtFileSystem DDF file + href: enterpriseextfilesystem-ddf.md + - name: EnterpriseModernAppManagement CSP + href: enterprisemodernappmanagement-csp.md + items: + - name: EnterpriseModernAppManagement DDF + href: enterprisemodernappmanagement-ddf.md + - name: EnterpriseModernAppManagement XSD + href: enterprisemodernappmanagement-xsd.md + - name: eUICCs CSP + href: euiccs-csp.md + items: + - name: eUICCs DDF file + href: euiccs-ddf-file.md + - name: FileSystem CSP + href: filesystem-csp.md + - name: Firewall CSP + href: firewall-csp.md + items: + - name: Firewall DDF file + href: firewall-ddf-file.md + - name: HealthAttestation CSP + href: healthattestation-csp.md + items: + - name: HealthAttestation DDF + href: healthattestation-ddf.md + - name: HotSpot CSP + href: hotspot-csp.md + - name: Maps CSP + href: maps-csp.md + items: + - name: Maps DDF + href: maps-ddf-file.md + - name: Messaging CSP + href: messaging-csp.md + items: + - name: Messaging DDF file + href: messaging-ddf.md + - name: MultiSIM CSP + href: multisim-csp.md + items: + - name: MultiSIM DDF file + href: multisim-ddf.md + - name: NAP CSP + href: nap-csp.md + - name: NAPDEF CSP + href: napdef-csp.md + - name: NetworkProxy CSP + href: networkproxy-csp.md + items: + - name: NetworkProxy DDF file + href: networkproxy-ddf.md + - name: NetworkQoSPolicy CSP + href: networkqospolicy-csp.md + items: + - name: NetworkQoSPolicy DDF file + href: networkqospolicy-ddf.md + - name: NodeCache CSP + href: nodecache-csp.md + items: + - name: NodeCache DDF file + href: nodecache-ddf-file.md + - name: Office CSP + href: office-csp.md + items: + - name: Office DDF + href: office-ddf.md + - name: PassportForWork CSP + href: passportforwork-csp.md + items: + - name: PassportForWork DDF file + href: passportforwork-ddf.md + - name: Personalization CSP + href: personalization-csp.md + items: + - name: Personalization DDF file + href: personalization-ddf.md + - name: Policy CSP + href: policy-configuration-service-provider.md + items: + - name: Policy CSP DDF file + href: policy-ddf-file.md + - name: Policies in Policy CSP supported by Group Policy + href: policies-in-policy-csp-supported-by-group-policy.md + - name: ADMX-backed policies in Policy CSP + href: policies-in-policy-csp-admx-backed.md + - name: Policies in Policy CSP supported by HoloLens 2 + href: policies-in-policy-csp-supported-by-hololens2.md + - name: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite + href: policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md + - name: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition + href: policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md + - name: Policies in Policy CSP supported by Windows 10 IoT Enterprise + href: ./configuration-service-provider-reference.md + - name: Policies in Policy CSP supported by Windows 10 IoT Core + href: policies-in-policy-csp-supported-by-iot-core.md + - name: Policies in Policy CSP supported by Microsoft Surface Hub + href: policies-in-policy-csp-supported-by-surface-hub.md + - name: Policy CSPs that can be set using Exchange Active Sync (EAS) + href: policies-in-policy-csp-that-can-be-set-using-eas.md + - name: AboveLock + href: policy-csp-abovelock.md + - name: Accounts + href: policy-csp-accounts.md + - name: ActiveXControls + href: policy-csp-activexcontrols.md + - name: ADMX_ActiveXInstallService + href: policy-csp-admx-activexinstallservice.md + - name: ADMX_AddRemovePrograms + href: policy-csp-admx-addremoveprograms.md + - name: ADMX_AppCompat + href: policy-csp-admx-appcompat.md + - name: ADMX_AppxPackageManager + href: policy-csp-admx-appxpackagemanager.md + - name: ADMX_AppXRuntime + href: policy-csp-admx-appxruntime.md + - name: ADMX_AttachmentManager + href: policy-csp-admx-attachmentmanager.md + - name: ADMX_AuditSettings + href: policy-csp-admx-auditsettings.md + - name: ADMX_Bits + href: policy-csp-admx-bits.md + - name: ADMX_CipherSuiteOrder + href: policy-csp-admx-ciphersuiteorder.md + - name: ADMX_COM + href: policy-csp-admx-com.md + - name: ADMX_ControlPanel + href: policy-csp-admx-controlpanel.md + - name: ADMX_ControlPanelDisplay + href: policy-csp-admx-controlpaneldisplay.md + - name: ADMX_Cpls + href: policy-csp-admx-cpls.md + - name: ADMX_CredentialProviders + href: policy-csp-admx-credentialproviders.md + - name: ADMX_CredSsp + href: policy-csp-admx-credssp.md + - name: ADMX_CredUI + href: policy-csp-admx-credui.md + - name: ADMX_CtrlAltDel + href: policy-csp-admx-ctrlaltdel.md + - name: ADMX_DataCollection + href: policy-csp-admx-datacollection.md + - name: ADMX_Desktop + href: policy-csp-admx-desktop.md + - name: ADMX_DeviceInstallation + href: policy-csp-admx-deviceinstallation.md + - name: ADMX_DeviceSetup + href: policy-csp-admx-devicesetup.md + - name: ADMX_DigitalLocker + href: policy-csp-admx-digitallocker.md + - name: ADMX_DistributedLinkTracking + href: policy-csp-admx-distributedlinktracking.md + - name: ADMX_DnsClient + href: policy-csp-admx-dnsclient.md + - name: ADMX_DWM + href: policy-csp-admx-dwm.md + - name: ADMX_EAIME + href: policy-csp-admx-eaime.md + - name: ADMX_EncryptFilesonMove + href: policy-csp-admx-encryptfilesonmove.md + - name: ADMX_EnhancedStorage + href: policy-csp-admx-enhancedstorage.md + - name: ADMX_ErrorReporting + href: policy-csp-admx-errorreporting.md + - name: ADMX_EventForwarding + href: policy-csp-admx-eventforwarding.md + - name: ADMX_EventLog + href: policy-csp-admx-eventlog.md + - name: ADMX_Explorer + href: policy-csp-admx-explorer.md + - name: ADMX_FileRecovery + href: policy-csp-admx-filerecovery.md + - name: ADMX_FileServerVSSProvider + href: policy-csp-admx-fileservervssprovider.md + - name: ADMX_FileSys + href: policy-csp-admx-filesys.md + - name: ADMX_FolderRedirection + href: policy-csp-admx-folderredirection.md + - name: ADMX_Globalization + href: policy-csp-admx-globalization.md + - name: ADMX_GroupPolicy + href: policy-csp-admx-grouppolicy.md + - name: ADMX_Help + href: policy-csp-admx-help.md + - name: ADMX_HelpAndSupport + href: policy-csp-admx-helpandsupport.md + - name: ADMX_ICM + href: policy-csp-admx-icm.md + - name: ADMX_kdc + href: policy-csp-admx-kdc.md + - name: ADMX_Kerberos + href: policy-csp-admx-kerberos.md + - name: ADMX_LanmanServer + href: policy-csp-admx-lanmanserver.md + - name: ADMX_LanmanWorkstation + href: policy-csp-admx-lanmanworkstation.md + - name: ADMX_LinkLayerTopologyDiscovery + href: policy-csp-admx-linklayertopologydiscovery.md + - name: ADMX_Logon + href: policy-csp-admx-logon.md + - name: ADMX_MicrosoftDefenderAntivirus + href: policy-csp-admx-microsoftdefenderantivirus.md + - name: ADMX_MMC + href: policy-csp-admx-mmc.md + - name: ADMX_MMCSnapins + href: policy-csp-admx-mmcsnapins.md + - name: ADMX_MSAPolicy + href: policy-csp-admx-msapolicy.md + - name: ADMX_msched + href: policy-csp-admx-msched.md + - name: ADMX_MSDT + href: policy-csp-admx-msdt.md + - name: ADMX_MSI + href: policy-csp-admx-msi.md + - name: ADMX_nca + href: policy-csp-admx-nca.md + - name: ADMX_NCSI + href: policy-csp-admx-ncsi.md + - name: ADMX_Netlogon + href: policy-csp-admx-netlogon.md + - name: ADMX_NetworkConnections + href: policy-csp-admx-networkconnections.md + - name: ADMX_OfflineFiles + href: policy-csp-admx-offlinefiles.md + - name: ADMX_PeerToPeerCaching + href: policy-csp-admx-peertopeercaching.md + - name: ADMX_PerformanceDiagnostics + href: policy-csp-admx-performancediagnostics.md + - name: ADMX_Power + href: policy-csp-admx-power.md + - name: ADMX_PowerShellExecutionPolicy + href: policy-csp-admx-powershellexecutionpolicy.md + - name: ADMX_Printing + href: policy-csp-admx-printing.md + - name: ADMX_Printing2 + href: policy-csp-admx-printing2.md + - name: ADMX_Programs + href: policy-csp-admx-programs.md + - name: ADMX_Reliability + href: policy-csp-admx-reliability.md + - name: ADMX_RemoteAssistance + href: policy-csp-admx-remoteassistance.md + - name: ADMX_RemovableStorage + href: policy-csp-admx-removablestorage.md + - name: ADMX_RPC + href: policy-csp-admx-rpc.md + - name: ADMX_Scripts + href: policy-csp-admx-scripts.md + - name: ADMX_sdiageng + href: policy-csp-admx-sdiageng.md + - name: ADMX_Securitycenter + href: policy-csp-admx-securitycenter.md + - name: ADMX_Sensors + href: policy-csp-admx-sensors.md + - name: ADMX_Servicing + href: policy-csp-admx-servicing.md + - name: ADMX_SettingSync + href: policy-csp-admx-settingsync.md + - name: ADMX_SharedFolders + href: policy-csp-admx-sharedfolders.md + - name: ADMX_Sharing + href: policy-csp-admx-sharing.md + - name: ADMX_ShellCommandPromptRegEditTools + href: policy-csp-admx-shellcommandpromptregedittools.md + - name: ADMX_SkyDrive + href: policy-csp-admx-skydrive.md + - name: ADMX_Smartcard + href: policy-csp-admx-smartcard.md + - name: ADMX_Snmp + href: policy-csp-admx-snmp.md + - name: ADMX_StartMenu + href: policy-csp-admx-startmenu.md + - name: ADMX_SystemRestore + href: policy-csp-admx-systemrestore.md + - name: ADMX_Taskbar + href: policy-csp-admx-taskbar.md + - name: ADMX_tcpip + href: policy-csp-admx-tcpip.md + - name: ADMX_Thumbnails + href: policy-csp-admx-thumbnails.md + - name: ADMX_TPM + href: policy-csp-admx-tpm.md + - name: ADMX_UserExperienceVirtualization + href: policy-csp-admx-userexperiencevirtualization.md + - name: ADMX_UserProfiles + href: policy-csp-admx-userprofiles.md + - name: ADMX_W32Time + href: policy-csp-admx-w32time.md + - name: ADMX_WCM + href: policy-csp-admx-wcm.md + - name: ADMX_WinCal + href: policy-csp-admx-wincal.md + - name: ADMX_WindowsAnytimeUpgrade + href: policy-csp-admx-windowsanytimeupgrade.md + - name: ADMX_WindowsConnectNow + href: policy-csp-admx-windowsconnectnow.md + - name: ADMX_WindowsExplorer + href: policy-csp-admx-windowsexplorer.md + - name: ADMX_WindowsFileProtection + href: policy-csp-admx-windowsfileprotection.md + - name: ADMX_WindowsMediaDRM + href: policy-csp-admx-windowsmediadrm.md + - name: ADMX_WindowsMediaPlayer + href: policy-csp-admx-windowsmediaplayer.md + - name: ADMX_WindowsRemoteManagement + href: policy-csp-admx-windowsremotemanagement.md + - name: ADMX_WindowsStore + href: policy-csp-admx-windowsstore.md + - name: ADMX_WinInit + href: policy-csp-admx-wininit.md + - name: ADMX_WinLogon + href: policy-csp-admx-winlogon.md + - name: ADMX-Winsrv + href: policy-csp-admx-winsrv.md + - name: ADMX_wlansvc + href: policy-csp-admx-wlansvc.md + - name: ADMX_WPN + href: policy-csp-admx-wpn.md + - name: ApplicationDefaults + href: policy-csp-applicationdefaults.md + - name: ApplicationManagement + href: policy-csp-applicationmanagement.md + - name: AppRuntime + href: policy-csp-appruntime.md + - name: AppVirtualization + href: policy-csp-appvirtualization.md + - name: AttachmentManager + href: policy-csp-attachmentmanager.md + - name: Audit + href: policy-csp-audit.md + - name: Authentication + href: policy-csp-authentication.md + - name: Autoplay + href: policy-csp-autoplay.md + - name: BitLocker + href: policy-csp-bitlocker.md + - name: BITS + href: policy-csp-bits.md + - name: Bluetooth + href: policy-csp-bluetooth.md + - name: Browser + href: policy-csp-browser.md + - name: Camera + href: policy-csp-camera.md + - name: Cellular + href: policy-csp-cellular.md + - name: Connectivity + href: policy-csp-connectivity.md + - name: ControlPolicyConflict + href: policy-csp-controlpolicyconflict.md + - name: CredentialsDelegation + href: policy-csp-credentialsdelegation.md + - name: CredentialProviders + href: policy-csp-credentialproviders.md + - name: CredentialsUI + href: policy-csp-credentialsui.md + - name: Cryptography + href: policy-csp-cryptography.md + - name: DataProtection + href: policy-csp-dataprotection.md + - name: DataUsage + href: policy-csp-datausage.md + - name: Defender + href: policy-csp-defender.md + - name: DeliveryOptimization + href: policy-csp-deliveryoptimization.md + - name: Desktop + href: policy-csp-desktop.md + - name: DeviceGuard + href: policy-csp-deviceguard.md + - name: DeviceHealthMonitoring + href: policy-csp-devicehealthmonitoring.md + - name: DeviceInstallation + href: policy-csp-deviceinstallation.md + - name: DeviceLock + href: policy-csp-devicelock.md + - name: Display + href: policy-csp-display.md + - name: DmaGuard + href: policy-csp-dmaguard.md + - name: Education + href: policy-csp-education.md + - name: EnterpriseCloudPrint + href: policy-csp-enterprisecloudprint.md + - name: ErrorReporting + href: policy-csp-errorreporting.md + - name: EventLogService + href: policy-csp-eventlogservice.md + - name: Experience + href: policy-csp-experience.md + - name: ExploitGuard + href: policy-csp-exploitguard.md + - name: FileExplorer + href: policy-csp-fileexplorer.md + - name: Games + href: policy-csp-games.md + - name: Handwriting + href: policy-csp-handwriting.md + - name: InternetExplorer + href: policy-csp-internetexplorer.md + - name: Kerberos + href: policy-csp-kerberos.md + - name: KioskBrowser + href: policy-csp-kioskbrowser.md + - name: LanmanWorkstation + href: policy-csp-lanmanworkstation.md + - name: Licensing + href: policy-csp-licensing.md + - name: LocalPoliciesSecurityOptions + href: policy-csp-localpoliciessecurityoptions.md + - name: LocalUsersAndGroups + href: policy-csp-localusersandgroups.md + - name: LockDown + href: policy-csp-lockdown.md + - name: Maps + href: policy-csp-maps.md + - name: Messaging + href: policy-csp-messaging.md + - name: MixedReality + href: policy-csp-mixedreality.md + - name: MSSecurityGuide + href: policy-csp-mssecurityguide.md + - name: MSSLegacy + href: policy-csp-msslegacy.md + - name: Multitasking + href: policy-csp-multitasking.md + - name: NetworkIsolation + href: policy-csp-networkisolation.md + - name: Notifications + href: policy-csp-notifications.md + - name: Power + href: policy-csp-power.md + - name: Printers + href: policy-csp-printers.md + - name: Privacy + href: policy-csp-privacy.md + - name: RemoteAssistance + href: policy-csp-remoteassistance.md + - name: RemoteDesktopServices + href: policy-csp-remotedesktopservices.md + - name: RemoteManagement + href: policy-csp-remotemanagement.md + - name: RemoteProcedureCall + href: policy-csp-remoteprocedurecall.md + - name: RemoteShell + href: policy-csp-remoteshell.md + - name: RestrictedGroups + href: policy-csp-restrictedgroups.md + - name: Search + href: policy-csp-search.md + - name: Security + href: policy-csp-security.md + - name: ServiceControlManager + href: policy-csp-servicecontrolmanager.md + - name: Settings + href: policy-csp-settings.md + - name: Speech + href: policy-csp-speech.md + - name: Start + href: policy-csp-start.md + - name: Storage + href: policy-csp-storage.md + - name: System + href: policy-csp-system.md + - name: SystemServices + href: policy-csp-systemservices.md + - name: TaskManager + href: policy-csp-taskmanager.md + - name: TaskScheduler + href: policy-csp-taskscheduler.md + - name: TextInput + href: policy-csp-textinput.md + - name: TimeLanguageSettings + href: policy-csp-timelanguagesettings.md + - name: Troubleshooting + href: policy-csp-troubleshooting.md + - name: Update + href: policy-csp-update.md + - name: UserRights + href: policy-csp-userrights.md + - name: Wifi + href: policy-csp-wifi.md + - name: WindowsConnectionManager + href: policy-csp-windowsconnectionmanager.md + - name: WindowsDefenderSecurityCenter + href: policy-csp-windowsdefendersecuritycenter.md + - name: WindowsDefenderSmartScreen + href: policy-csp-smartscreen.md + - name: WindowsInkWorkspace + href: policy-csp-windowsinkworkspace.md + - name: WindowsLogon + href: policy-csp-windowslogon.md + - name: WindowsPowerShell + href: policy-csp-windowspowershell.md + - name: WindowsSandbox + href: policy-csp-windowssandbox.md + - name: WirelessDisplay + href: policy-csp-wirelessdisplay.md + - name: PolicyManager CSP + href: policymanager-csp.md + - name: Provisioning CSP + href: provisioning-csp.md + - name: PROXY CSP + href: proxy-csp.md + - name: PXLOGICAL CSP + href: pxlogical-csp.md + - name: Reboot CSP + href: reboot-csp.md + items: + - name: Reboot DDF file + href: reboot-ddf-file.md + - name: Registry CSP + href: registry-csp.md + items: + - name: Registry DDF file + href: registry-ddf-file.md + - name: RemoteFind CSP + href: remotefind-csp.md + items: + - name: RemoteFind DDF file + href: remotefind-ddf-file.md + - name: RemoteLock CSP + href: remotelock-csp.md + items: + - name: RemoteLock DDF file + href: remotelock-ddf-file.md + - name: RemoteRing CSP + href: remotering-csp.md + items: + - name: RemoteRing DDF file + href: remotering-ddf-file.md + - name: RemoteWipe CSP + href: remotewipe-csp.md + items: + - name: RemoteWipe DDF file + href: remotewipe-ddf-file.md + - name: Reporting CSP + href: reporting-csp.md + items: + - name: Reporting DDF file + href: reporting-ddf-file.md + - name: RootCATrustedCertificates CSP + href: rootcacertificates-csp.md + items: + - name: RootCATrustedCertificates DDF file + href: rootcacertificates-ddf-file.md + - name: SecureAssessment CSP + href: secureassessment-csp.md + items: + - name: SecureAssessment DDF file + href: secureassessment-ddf-file.md + - name: SecurityPolicy CSP + href: securitypolicy-csp.md + - name: SharedPC CSP + href: sharedpc-csp.md + items: + - name: SharedPC DDF file + href: sharedpc-ddf-file.md + - name: Storage CSP + href: storage-csp.md + items: + - name: Storage DDF file + href: storage-ddf-file.md + - name: SUPL CSP + href: supl-csp.md + items: + - name: SUPL DDF file + href: supl-ddf-file.md + - name: SurfaceHub CSP + href: surfacehub-csp.md + items: + - name: SurfaceHub DDF file + href: surfacehub-ddf-file.md + - name: TenantLockdown CSP + href: tenantlockdown-csp.md + items: + - name: TenantLockdown DDF file + href: tenantlockdown-ddf.md + - name: TPMPolicy CSP + href: tpmpolicy-csp.md + items: + - name: TPMPolicy DDF file + href: tpmpolicy-ddf-file.md + - name: UEFI CSP + href: uefi-csp.md + items: + - name: UEFI DDF file + href: uefi-ddf.md + - name: UnifiedWriteFilter CSP + href: unifiedwritefilter-csp.md + items: + - name: UnifiedWriteFilter DDF file + href: unifiedwritefilter-ddf.md + - name: Update CSP + href: update-csp.md + items: + - name: Update DDF file + href: update-ddf-file.md + - name: VPN CSP + href: vpn-csp.md + items: + - name: VPN DDF file + href: vpn-ddf-file.md + - name: VPNv2 CSP + href: vpnv2-csp.md + items: + - name: VPNv2 DDF file + href: vpnv2-ddf-file.md + - name: ProfileXML XSD + href: vpnv2-profile-xsd.md + - name: EAP configuration + href: eap-configuration.md + - name: w4 APPLICATION CSP + href: w4-application-csp.md + - name: w7 APPLICATION CSP + href: w7-application-csp.md + - name: WiFi CSP + href: wifi-csp.md + items: + - name: WiFi DDF file + href: wifi-ddf-file.md + - name: Win32AppInventory CSP + href: win32appinventory-csp.md + items: + - name: Win32AppInventory DDF file + href: win32appinventory-ddf-file.md + - name: Win32CompatibilityAppraiser CSP + href: win32compatibilityappraiser-csp.md + items: + - name: Win32CompatibilityAppraiser DDF file + href: win32compatibilityappraiser-ddf.md + - name: WindowsAdvancedThreatProtection CSP + href: windowsadvancedthreatprotection-csp.md + items: + - name: WindowsAdvancedThreatProtection DDF file + href: windowsadvancedthreatprotection-ddf.md + - name: WindowsDefenderApplicationGuard CSP + href: windowsdefenderapplicationguard-csp.md + items: + - name: WindowsDefenderApplicationGuard DDF file + href: windowsdefenderapplicationguard-ddf-file.md + - name: WindowsLicensing CSP + href: windowslicensing-csp.md + items: + - name: WindowsLicensing DDF file + href: windowslicensing-ddf-file.md + - name: WindowsSecurityAuditing CSP + href: windowssecurityauditing-csp.md + items: + - name: WindowsSecurityAuditing DDF file + href: windowssecurityauditing-ddf-file.md + - name: WiredNetwork CSP + href: wirednetwork-csp.md + items: + - name: WiredNetwork DDF file + href: wirednetwork-ddf-file.md From 916c84484954e76342f2c52b2264bd0d90b544d7 Mon Sep 17 00:00:00 2001 From: David Strome Date: Wed, 28 Apr 2021 11:25:25 -0700 Subject: [PATCH 138/156] convert toc md to yml --- windows/client-management/TOC.md | 38 -------------- windows/client-management/toc.yml | 84 +++++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+), 38 deletions(-) delete mode 100644 windows/client-management/TOC.md create mode 100644 windows/client-management/toc.yml diff --git a/windows/client-management/TOC.md b/windows/client-management/TOC.md deleted file mode 100644 index aac950751a..0000000000 --- a/windows/client-management/TOC.md +++ /dev/null @@ -1,38 +0,0 @@ -# [Manage clients in Windows 10](index.md) -## [Administrative Tools in Windows 10](administrative-tools-in-windows-10.md) -### [Use Quick Assist to help users](quick-assist.md) -## [Create mandatory user profiles](mandatory-user-profile.md) -## [Connect to remote Azure Active Directory-joined PC](connect-to-remote-aadj-pc.md) -## [Join Windows 10 Mobile to Azure Active Directory](join-windows-10-mobile-to-azure-active-directory.md) -## [New policies for Windows 10](new-policies-for-windows-10.md) -## [Windows 10 default media removal policy](change-default-removal-policy-external-storage-media.md) -## [Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education](group-policies-for-enterprise-and-education-editions.md) -## [Manage the Settings app with Group Policy](manage-settings-app-with-group-policy.md) -## [What version of Windows am I running](windows-version-search.md) -## [Reset a Windows 10 Mobile device](reset-a-windows-10-mobile-device.md) -## [Transitioning to modern management](manage-windows-10-in-your-organization-modern-management.md) -## [Windows 10 Mobile deployment and management guide](windows-10-mobile-and-mdm.md) -## [Windows libraries](windows-libraries.md) -## [Troubleshoot Windows 10 clients](windows-10-support-solutions.md) -### [Advanced troubleshooting for Windows networking](troubleshoot-networking.md) -#### [Advanced troubleshooting Wireless network connectivity](advanced-troubleshooting-wireless-network-connectivity.md) -#### [Advanced troubleshooting 802.1X authentication](advanced-troubleshooting-802-authentication.md) -##### [Data collection for troubleshooting 802.1X authentication](data-collection-for-802-authentication.md) -#### [Advanced troubleshooting for TCP/IP](troubleshoot-tcpip.md) -##### [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md) -##### [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md) -##### [Troubleshoot port exhaustion](troubleshoot-tcpip-port-exhaust.md) -##### [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md) -### [Advanced troubleshooting for Windows startup](troubleshoot-windows-startup.md) -#### [How to determine the appropriate page file size for 64-bit versions of Windows](determine-appropriate-page-file-size.md) -#### [Generate a kernel or complete crash dump](generate-kernel-or-complete-crash-dump.md) -#### [Introduction to the page file](introduction-page-file.md) -#### [Configure system failure and recovery options in Windows](system-failure-recovery-options.md) -#### [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md) -#### [Advanced troubleshooting for Windows-based computer freeze](troubleshoot-windows-freeze.md) -#### [Advanced troubleshooting for stop error or blue screen error](troubleshoot-stop-errors.md) -#### [Advanced troubleshooting for stop error 7B or Inaccessible_Boot_Device](troubleshoot-inaccessible-boot-device.md) -#### [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md) -#### [Stop error occurs when you update the in-box Broadcom network adapter driver](troubleshoot-stop-error-on-broadcom-driver-update.md) -## [Mobile device management for solution providers](mdm/index.md) -## [Change history for Client management](change-history-for-client-management.md) diff --git a/windows/client-management/toc.yml b/windows/client-management/toc.yml new file mode 100644 index 0000000000..dcc2ba1ca9 --- /dev/null +++ b/windows/client-management/toc.yml @@ -0,0 +1,84 @@ +items: +- name: Manage clients in Windows 10 + href: index.md + items: + - name: Administrative Tools in Windows 10 + href: administrative-tools-in-windows-10.md + items: + - name: Use Quick Assist to help users + href: quick-assist.md + - name: Create mandatory user profiles + href: mandatory-user-profile.md + - name: Connect to remote Azure Active Directory-joined PC + href: connect-to-remote-aadj-pc.md + - name: Join Windows 10 Mobile to Azure Active Directory + href: join-windows-10-mobile-to-azure-active-directory.md + - name: New policies for Windows 10 + href: new-policies-for-windows-10.md + - name: Windows 10 default media removal policy + href: change-default-removal-policy-external-storage-media.md + - name: Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education + href: group-policies-for-enterprise-and-education-editions.md + - name: Manage the Settings app with Group Policy + href: manage-settings-app-with-group-policy.md + - name: What version of Windows am I running + href: windows-version-search.md + - name: Reset a Windows 10 Mobile device + href: reset-a-windows-10-mobile-device.md + - name: Transitioning to modern management + href: manage-windows-10-in-your-organization-modern-management.md + - name: Windows 10 Mobile deployment and management guide + href: windows-10-mobile-and-mdm.md + - name: Windows libraries + href: windows-libraries.md + - name: Troubleshoot Windows 10 clients + href: windows-10-support-solutions.md + items: + - name: Advanced troubleshooting for Windows networking + href: troubleshoot-networking.md + items: + - name: Advanced troubleshooting Wireless network connectivity + href: advanced-troubleshooting-wireless-network-connectivity.md + - name: Advanced troubleshooting 802.1X authentication + href: advanced-troubleshooting-802-authentication.md + items: + - name: Data collection for troubleshooting 802.1X authentication + href: data-collection-for-802-authentication.md + - name: Advanced troubleshooting for TCP/IP + href: troubleshoot-tcpip.md + items: + - name: Collect data using Network Monitor + href: troubleshoot-tcpip-netmon.md + - name: Troubleshoot TCP/IP connectivity + href: troubleshoot-tcpip-connectivity.md + - name: Troubleshoot port exhaustion + href: troubleshoot-tcpip-port-exhaust.md + - name: Troubleshoot Remote Procedure Call (RPC) errors + href: troubleshoot-tcpip-rpc-errors.md + - name: Advanced troubleshooting for Windows startup + href: troubleshoot-windows-startup.md + items: + - name: How to determine the appropriate page file size for 64-bit versions of Windows + href: determine-appropriate-page-file-size.md + - name: Generate a kernel or complete crash dump + href: generate-kernel-or-complete-crash-dump.md + - name: Introduction to the page file + href: introduction-page-file.md + - name: Configure system failure and recovery options in Windows + href: system-failure-recovery-options.md + - name: Advanced troubleshooting for Windows boot problems + href: advanced-troubleshooting-boot-problems.md + - name: Advanced troubleshooting for Windows-based computer freeze + href: troubleshoot-windows-freeze.md + - name: Advanced troubleshooting for stop error or blue screen error + href: troubleshoot-stop-errors.md + - name: Advanced troubleshooting for stop error 7B or Inaccessible_Boot_Device + href: troubleshoot-inaccessible-boot-device.md + - name: Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first" + href: troubleshoot-event-id-41-restart.md + - name: Stop error occurs when you update the in-box Broadcom network adapter driver + href: troubleshoot-stop-error-on-broadcom-driver-update.md + - name: Mobile device management for solution providers + href: mdm/index.md + - name: Change history for Client management + href: change-history-for-client-management.md From d95eafa09fe40e04aa21b1e791d3635dd534bce0 Mon Sep 17 00:00:00 2001 From: David Strome Date: Wed, 28 Apr 2021 11:31:39 -0700 Subject: [PATCH 139/156] add yml support --- windows/client-management/docfx.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json index 694a7e8b07..eb3917a794 100644 --- a/windows/client-management/docfx.json +++ b/windows/client-management/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", From 483a908062d8ff91d1bd4c0a8ecf054d80dff897 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 28 Apr 2021 23:42:51 +0500 Subject: [PATCH 140/156] Applied to Win Srv 2019 As this approach is also applicable on Windows Server 2019 so updating this accordingly. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9375 --- .../threat-protection/windows-firewall/isolated-domain.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md index 1b9d83e173..cbb84a8b0b 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md @@ -23,6 +23,7 @@ ms.technology: mde **Applies to** - Windows 10 - Windows Server 2016 +- Windows Server 2019 The isolated domain is the primary zone for trusted devices. The devices in this zone use connection security and firewall rules to control the communications that can be sent between devices in the zone. From a921a106c78a6043f9f49e6442f7ee9a7193e8b2 Mon Sep 17 00:00:00 2001 From: David Strome Date: Wed, 28 Apr 2021 11:44:19 -0700 Subject: [PATCH 141/156] MD to YML TOC --- windows/application-management/TOC.md | 112 ---------------------- windows/application-management/docfx.json | 3 +- windows/application-management/toc.yml | 0 3 files changed, 2 insertions(+), 113 deletions(-) delete mode 100644 windows/application-management/TOC.md create mode 100644 windows/application-management/toc.yml diff --git a/windows/application-management/TOC.md b/windows/application-management/TOC.md deleted file mode 100644 index 45491337c3..0000000000 --- a/windows/application-management/TOC.md +++ /dev/null @@ -1,112 +0,0 @@ -# [Manage applications in Windows 10](index.md) -## [Sideload apps](sideload-apps-in-windows-10.md) -## [Remove background task resource restrictions](enterprise-background-activity-controls.md) -## [Enable or block Windows Mixed Reality apps in the enterprise](manage-windows-mixed-reality.md) -## [Understand apps in Windows 10](apps-in-windows-10.md) -## [Add apps and features in Windows 10](add-apps-and-features.md) -## [Repackage win32 apps in the MSIX format](msix-app-packaging-tool.md) -## [Application Virtualization (App-V) for Windows](app-v/appv-for-windows.md) -### [Getting Started with App-V](app-v/appv-getting-started.md) -#### [What's new in App-V for Windows 10, version 1703 and earlier](app-v/appv-about-appv.md) -##### [Release Notes for App-V for Windows 10, version 1607](app-v/appv-release-notes-for-appv-for-windows.md) -##### [Release Notes for App-V for Windows 10, version 1703](app-v/appv-release-notes-for-appv-for-windows-1703.md) -#### [Evaluating App-V](app-v/appv-evaluating-appv.md) -#### [High Level Architecture for App-V](app-v/appv-high-level-architecture.md) -### [Planning for App-V](app-v/appv-planning-for-appv.md) -#### [Preparing Your Environment for App-V](app-v/appv-preparing-your-environment.md) -##### [App-V Prerequisites](app-v/appv-prerequisites.md) -##### [App-V Security Considerations](app-v/appv-security-considerations.md) -#### [Planning to Deploy App-V](app-v/appv-planning-to-deploy-appv.md) -##### [App-V Supported Configurations](app-v/appv-supported-configurations.md) -##### [App-V Capacity Planning](app-v/appv-capacity-planning.md) -##### [Planning for High Availability with App-V](app-v/appv-planning-for-high-availability-with-appv.md) -##### [Planning to Deploy App-V with an Electronic Software Distribution System](app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md) -##### [Planning for the App-V Server Deployment](app-v/appv-planning-for-appv-server-deployment.md) -##### [Planning for the App-V Sequencer and Client Deployment](app-v/appv-planning-for-sequencer-and-client-deployment.md) -##### [Planning for Using App-V with Office](app-v/appv-planning-for-using-appv-with-office.md) -##### [Planning to Use Folder Redirection with App-V](app-v/appv-planning-folder-redirection-with-appv.md) -#### [App-V Planning Checklist](app-v/appv-planning-checklist.md) -### [Deploying App-V](app-v/appv-deploying-appv.md) -#### [Deploying the App-V Sequencer and Configuring the Client](app-v/appv-deploying-the-appv-sequencer-and-client.md) -##### [About Client Configuration Settings](app-v/appv-client-configuration-settings.md) -##### [Enable the App-V desktop client](app-v/appv-enable-the-app-v-desktop-client.md) -##### [How to Install the Sequencer](app-v/appv-install-the-sequencer.md) -#### [Deploying the App-V Server](app-v/appv-deploying-the-appv-server.md) -##### [How to Deploy the App-V Server](app-v/appv-deploy-the-appv-server.md) -##### [How to Deploy the App-V Server Using a Script](app-v/appv-deploy-the-appv-server-with-a-script.md) -##### [How to Deploy the App-V Databases by Using SQL Scripts](app-v/appv-deploy-appv-databases-with-sql-scripts.md) -##### [How to Install the Publishing Server on a Remote Computer](app-v/appv-install-the-publishing-server-on-a-remote-computer.md) -##### [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md) -##### [How to install the Management Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-management-server-on-a-standalone-computer.md) -##### [About App-V Reporting](app-v/appv-reporting.md) -##### [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-reporting-server-on-a-standalone-computer.md) -#### [App-V Deployment Checklist](app-v/appv-deployment-checklist.md) -#### [Deploying Microsoft Office 2016 by Using App-V](app-v/appv-deploying-microsoft-office-2016-with-appv.md) -#### [Deploying Microsoft Office 2013 by Using App-V](app-v/appv-deploying-microsoft-office-2013-with-appv.md) -#### [Deploying Microsoft Office 2010 by Using App-V](app-v/appv-deploying-microsoft-office-2010-wth-appv.md) -### [Operations for App-V](app-v/appv-operations.md) -#### [Creating and Managing App-V Virtualized Applications](app-v/appv-creating-and-managing-virtualized-applications.md) -##### [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-provision-a-vm.md) -##### [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-sequencing.md) -##### [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-updating.md) -##### [Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-sequence-a-new-application.md) -##### [How to Modify an Existing Virtual Application Package](app-v/appv-modify-an-existing-virtual-application-package.md) -##### [How to Create and Use a Project Template](app-v/appv-create-and-use-a-project-template.md) -##### [How to Create a Package Accelerator](app-v/appv-create-a-package-accelerator.md) -##### [How to Create a Virtual Application Package Using an App-V Package Accelerator](app-v/appv-create-a-virtual-application-package-package-accelerator.md) -#### [Administering App-V Virtual Applications by Using the Management Console](app-v/appv-administering-virtual-applications-with-the-management-console.md) -##### [About App-V Dynamic Configuration](app-v/appv-dynamic-configuration.md) -##### [How to Connect to the Management Console](app-v/appv-connect-to-the-management-console.md) -##### [How to Add or Upgrade Packages by Using the Management Console](app-v/appv-add-or-upgrade-packages-with-the-management-console.md) -##### [How to Configure Access to Packages by Using the Management Console](app-v/appv-configure-access-to-packages-with-the-management-console.md) -##### [How to Publish a Package by Using the Management Console](app-v/appv-publish-a-packages-with-the-management-console.md) -##### [How to Delete a Package in the Management Console](app-v/appv-delete-a-package-with-the-management-console.md) -##### [How to Add or Remove an Administrator by Using the Management Console](app-v/appv-add-or-remove-an-administrator-with-the-management-console.md) -##### [How to Register and Unregister a Publishing Server by Using the Management Console](app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md) -##### [How to Create a Custom Configuration File by Using the App-V Management Console](app-v/appv-create-a-custom-configuration-file-with-the-management-console.md) -##### [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md) -##### [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](app-v/appv-customize-virtual-application-extensions-with-the-management-console.md) -##### [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md) -#### [Managing Connection Groups](app-v/appv-managing-connection-groups.md) -##### [About the Connection Group Virtual Environment](app-v/appv-connection-group-virtual-environment.md) -##### [About the Connection Group File](app-v/appv-connection-group-file.md) -##### [How to Create a Connection Group](app-v/appv-create-a-connection-group.md) -##### [How to Create a Connection Group with User-Published and Globally Published Packages](app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md) -##### [How to Delete a Connection Group](app-v/appv-delete-a-connection-group.md) -##### [How to Publish a Connection Group](app-v/appv-publish-a-connection-group.md) -##### [How to Make a Connection Group Ignore the Package Version](app-v/appv-configure-connection-groups-to-ignore-the-package-version.md) -##### [How to Allow Only Administrators to Enable Connection Groups](app-v/appv-allow-administrators-to-enable-connection-groups.md) -#### [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md) -##### [How to deploy App-V Packages Using Electronic Software Distribution](app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md) -##### [How to Enable Only Administrators to Publish Packages by Using an ESD](app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md) -#### [Using the App-V Client Management Console](app-v/appv-using-the-client-management-console.md) -##### [Automatically clean-up unpublished packages on the App-V client](app-v/appv-auto-clean-unpublished-packages.md) -#### [Migrating to App-V from a Previous Version](app-v/appv-migrating-to-appv-from-a-previous-version.md) -##### [How to Convert a Package Created in a Previous Version of App-V](app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md) -#### [Maintaining App-V](app-v/appv-maintaining-appv.md) -##### [How to Move the App-V Server to Another Computer](app-v/appv-move-the-appv-server-to-another-computer.md) -#### [Administering App-V by Using Windows PowerShell](app-v/appv-administering-appv-with-powershell.md) -##### [How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help](app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md) -##### [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md) -##### [How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md) -##### [How to Modify Client Configuration by Using Windows PowerShell](app-v/appv-modify-client-configuration-with-powershell.md) -##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) -##### [How to Apply the User Configuration File by Using Windows PowerShell](app-v/appv-apply-the-user-configuration-file-with-powershell.md) -##### [How to Apply the Deployment Configuration File by Using Windows PowerShell](app-v/appv-apply-the-deployment-configuration-file-with-powershell.md) -##### [How to Sequence a Package by Using Windows PowerShell](app-v/appv-sequence-a-package-with-powershell.md) -##### [How to Create a Package Accelerator by Using Windows PowerShell](app-v/appv-create-a-package-accelerator-with-powershell.md) -##### [How to Enable Reporting on the App-V Client by Using Windows PowerShell](app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md) -##### [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md) -### [Troubleshooting App-V](app-v/appv-troubleshooting.md) -### [Technical Reference for App-V](app-v/appv-technical-reference.md) -#### [Available Mobile Device Management (MDM) settings for App-V](app-v/appv-available-mdm-settings.md) -#### [Performance Guidance for Application Virtualization](app-v/appv-performance-guidance.md) -#### [Application Publishing and Client Interaction](app-v/appv-application-publishing-and-client-interaction.md) -#### [Viewing App-V Server Publishing Metadata](app-v/appv-viewing-appv-server-publishing-metadata.md) -#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md) -## [Service Host process refactoring](svchost-service-refactoring.md) -## [Per-user services in Windows](per-user-services-in-windows.md) -## [Disabling System Services in Windows Server](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server) -## [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) -## [Change history for Application management](change-history-for-application-management.md) -## [How to keep apps removed from Windows 10 from returning during an update](remove-provisioned-apps-during-update.md) \ No newline at end of file diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json index 460b8ecfdd..4d3e15e0a7 100644 --- a/windows/application-management/docfx.json +++ b/windows/application-management/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/application-management/toc.yml b/windows/application-management/toc.yml new file mode 100644 index 0000000000..e69de29bb2 From c5254b60c3d3d959d91a6656aed4bf981186511f Mon Sep 17 00:00:00 2001 From: David Strome Date: Wed, 28 Apr 2021 11:50:00 -0700 Subject: [PATCH 142/156] MD to YML TOC --- gdpr/docfx.json | 3 +- windows/application-management/toc.yml | 245 +++++++++++++++++++++++++ 2 files changed, 247 insertions(+), 1 deletion(-) diff --git a/gdpr/docfx.json b/gdpr/docfx.json index 145ed2f444..1d092a902e 100644 --- a/gdpr/docfx.json +++ b/gdpr/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/application-management/toc.yml b/windows/application-management/toc.yml index e69de29bb2..4b58a06cd0 100644 --- a/windows/application-management/toc.yml +++ b/windows/application-management/toc.yml @@ -0,0 +1,245 @@ +items: +- name: Manage applications in Windows 10 + href: index.md + items: + - name: Sideload apps + href: sideload-apps-in-windows-10.md + - name: Remove background task resource restrictions + href: enterprise-background-activity-controls.md + - name: Enable or block Windows Mixed Reality apps in the enterprise + href: manage-windows-mixed-reality.md + - name: Understand apps in Windows 10 + href: apps-in-windows-10.md + - name: Add apps and features in Windows 10 + href: add-apps-and-features.md + - name: Repackage win32 apps in the MSIX format + href: msix-app-packaging-tool.md + - name: Application Virtualization (App-V) for Windows + href: app-v/appv-for-windows.md + items: + - name: Getting Started with App-V + href: app-v/appv-getting-started.md + items: + - name: What's new in App-V for Windows 10, version 1703 and earlier + href: app-v/appv-about-appv.md + items: + - name: Release Notes for App-V for Windows 10, version 1607 + href: app-v/appv-release-notes-for-appv-for-windows.md + - name: Release Notes for App-V for Windows 10, version 1703 + href: app-v/appv-release-notes-for-appv-for-windows-1703.md + - name: Evaluating App-V + href: app-v/appv-evaluating-appv.md + - name: High Level Architecture for App-V + href: app-v/appv-high-level-architecture.md + - name: Planning for App-V + href: app-v/appv-planning-for-appv.md + items: + - name: Preparing Your Environment for App-V + href: app-v/appv-preparing-your-environment.md + items: + - name: App-V Prerequisites + href: app-v/appv-prerequisites.md + - name: App-V Security Considerations + href: app-v/appv-security-considerations.md + - name: Planning to Deploy App-V + href: app-v/appv-planning-to-deploy-appv.md + items: + - name: App-V Supported Configurations + href: app-v/appv-supported-configurations.md + - name: App-V Capacity Planning + href: app-v/appv-capacity-planning.md + - name: Planning for High Availability with App-V + href: app-v/appv-planning-for-high-availability-with-appv.md + - name: Planning to Deploy App-V with an Electronic Software Distribution System + href: app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md + - name: Planning for the App-V Server Deployment + href: app-v/appv-planning-for-appv-server-deployment.md + - name: Planning for the App-V Sequencer and Client Deployment + href: app-v/appv-planning-for-sequencer-and-client-deployment.md + - name: Planning for Using App-V with Office + href: app-v/appv-planning-for-using-appv-with-office.md + - name: Planning to Use Folder Redirection with App-V + href: app-v/appv-planning-folder-redirection-with-appv.md + - name: App-V Planning Checklist + href: app-v/appv-planning-checklist.md + - name: Deploying App-V + href: app-v/appv-deploying-appv.md + items: + - name: Deploying the App-V Sequencer and Configuring the Client + href: app-v/appv-deploying-the-appv-sequencer-and-client.md + items: + - name: About Client Configuration Settings + href: app-v/appv-client-configuration-settings.md + - name: Enable the App-V desktop client + href: app-v/appv-enable-the-app-v-desktop-client.md + - name: How to Install the Sequencer + href: app-v/appv-install-the-sequencer.md + - name: Deploying the App-V Server + href: app-v/appv-deploying-the-appv-server.md + items: + - name: How to Deploy the App-V Server + href: app-v/appv-deploy-the-appv-server.md + - name: How to Deploy the App-V Server Using a Script + href: app-v/appv-deploy-the-appv-server-with-a-script.md + - name: How to Deploy the App-V Databases by Using SQL Scripts + href: app-v/appv-deploy-appv-databases-with-sql-scripts.md + - name: How to Install the Publishing Server on a Remote Computer + href: app-v/appv-install-the-publishing-server-on-a-remote-computer.md + - name: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services + href: app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md + - name: How to install the Management Server on a Standalone Computer and Connect it to the Database + href: app-v/appv-install-the-management-server-on-a-standalone-computer.md + - name: About App-V Reporting + href: app-v/appv-reporting.md + - name: How to install the Reporting Server on a Standalone Computer and Connect it to the Database + href: app-v/appv-install-the-reporting-server-on-a-standalone-computer.md + - name: App-V Deployment Checklist + href: app-v/appv-deployment-checklist.md + - name: Deploying Microsoft Office 2016 by Using App-V + href: app-v/appv-deploying-microsoft-office-2016-with-appv.md + - name: Deploying Microsoft Office 2013 by Using App-V + href: app-v/appv-deploying-microsoft-office-2013-with-appv.md + - name: Deploying Microsoft Office 2010 by Using App-V + href: app-v/appv-deploying-microsoft-office-2010-wth-appv.md + - name: Operations for App-V + href: app-v/appv-operations.md + items: + - name: Creating and Managing App-V Virtualized Applications + href: app-v/appv-creating-and-managing-virtualized-applications.md + items: + - name: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-auto-provision-a-vm.md + - name: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-auto-batch-sequencing.md + - name: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-auto-batch-updating.md + - name: Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer) + href: app-v/appv-sequence-a-new-application.md + - name: How to Modify an Existing Virtual Application Package + href: app-v/appv-modify-an-existing-virtual-application-package.md + - name: How to Create and Use a Project Template + href: app-v/appv-create-and-use-a-project-template.md + - name: How to Create a Package Accelerator + href: app-v/appv-create-a-package-accelerator.md + - name: How to Create a Virtual Application Package Using an App-V Package Accelerator + href: app-v/appv-create-a-virtual-application-package-package-accelerator.md + - name: Administering App-V Virtual Applications by Using the Management Console + href: app-v/appv-administering-virtual-applications-with-the-management-console.md + items: + - name: About App-V Dynamic Configuration + href: app-v/appv-dynamic-configuration.md + - name: How to Connect to the Management Console + href: app-v/appv-connect-to-the-management-console.md + - name: How to Add or Upgrade Packages by Using the Management Console + href: app-v/appv-add-or-upgrade-packages-with-the-management-console.md + - name: How to Configure Access to Packages by Using the Management Console + href: app-v/appv-configure-access-to-packages-with-the-management-console.md + - name: How to Publish a Package by Using the Management Console + href: app-v/appv-publish-a-packages-with-the-management-console.md + - name: How to Delete a Package in the Management Console + href: app-v/appv-delete-a-package-with-the-management-console.md + - name: How to Add or Remove an Administrator by Using the Management Console + href: app-v/appv-add-or-remove-an-administrator-with-the-management-console.md + - name: How to Register and Unregister a Publishing Server by Using the Management Console + href: app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md + - name: How to Create a Custom Configuration File by Using the App-V Management Console + href: app-v/appv-create-a-custom-configuration-file-with-the-management-console.md + - name: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console + href: app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md + - name: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console + href: app-v/appv-customize-virtual-application-extensions-with-the-management-console.md + - name: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console + href: app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md + - name: Managing Connection Groups + href: app-v/appv-managing-connection-groups.md + items: + - name: About the Connection Group Virtual Environment + href: app-v/appv-connection-group-virtual-environment.md + - name: About the Connection Group File + href: app-v/appv-connection-group-file.md + - name: How to Create a Connection Group + href: app-v/appv-create-a-connection-group.md + - name: How to Create a Connection Group with User-Published and Globally Published Packages + href: app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md + - name: How to Delete a Connection Group + href: app-v/appv-delete-a-connection-group.md + - name: How to Publish a Connection Group + href: app-v/appv-publish-a-connection-group.md + - name: How to Make a Connection Group Ignore the Package Version + href: app-v/appv-configure-connection-groups-to-ignore-the-package-version.md + - name: How to Allow Only Administrators to Enable Connection Groups + href: app-v/appv-allow-administrators-to-enable-connection-groups.md + - name: Deploying App-V Packages by Using Electronic Software Distribution (ESD) + href: app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md + items: + - name: How to deploy App-V Packages Using Electronic Software Distribution + href: app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md + - name: How to Enable Only Administrators to Publish Packages by Using an ESD + href: app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md + - name: Using the App-V Client Management Console + href: app-v/appv-using-the-client-management-console.md + items: + - name: Automatically clean-up unpublished packages on the App-V client + href: app-v/appv-auto-clean-unpublished-packages.md + - name: Migrating to App-V from a Previous Version + href: app-v/appv-migrating-to-appv-from-a-previous-version.md + items: + - name: How to Convert a Package Created in a Previous Version of App-V + href: app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md + - name: Maintaining App-V + href: app-v/appv-maintaining-appv.md + items: + - name: How to Move the App-V Server to Another Computer + href: app-v/appv-move-the-appv-server-to-another-computer.md + - name: Administering App-V by Using Windows PowerShell + href: app-v/appv-administering-appv-with-powershell.md + items: + - name: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help + href: app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md + - name: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell + href: app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md + - name: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell + href: app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md + - name: How to Modify Client Configuration by Using Windows PowerShell + href: app-v/appv-modify-client-configuration-with-powershell.md + - name: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server + href: app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md + - name: How to Apply the User Configuration File by Using Windows PowerShell + href: app-v/appv-apply-the-user-configuration-file-with-powershell.md + - name: How to Apply the Deployment Configuration File by Using Windows PowerShell + href: app-v/appv-apply-the-deployment-configuration-file-with-powershell.md + - name: How to Sequence a Package by Using Windows PowerShell + href: app-v/appv-sequence-a-package-with-powershell.md + - name: How to Create a Package Accelerator by Using Windows PowerShell + href: app-v/appv-create-a-package-accelerator-with-powershell.md + - name: How to Enable Reporting on the App-V Client by Using Windows PowerShell + href: app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md + - name: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell + href: app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md + - name: Troubleshooting App-V + href: app-v/appv-troubleshooting.md + - name: Technical Reference for App-V + href: app-v/appv-technical-reference.md + items: + - name: Available Mobile Device Management (MDM) settings for App-V + href: app-v/appv-available-mdm-settings.md + - name: Performance Guidance for Application Virtualization + href: app-v/appv-performance-guidance.md + - name: Application Publishing and Client Interaction + href: app-v/appv-application-publishing-and-client-interaction.md + - name: Viewing App-V Server Publishing Metadata + href: app-v/appv-viewing-appv-server-publishing-metadata.md + - name: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications + href: app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md + - name: Service Host process refactoring + href: svchost-service-refactoring.md + - name: Per-user services in Windows + href: per-user-services-in-windows.md + - name: Disabling System Services in Windows Server + href: /windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server + - name: Deploy app upgrades on Windows 10 Mobile + href: deploy-app-upgrades-windows-10-mobile.md + - name: Change history for Application management + href: change-history-for-application-management.md + - name: How to keep apps removed from Windows 10 from returning during an update + href: remove-provisioned-apps-during-update.md From 048903f6ba724550218039d73df643970e08fd47 Mon Sep 17 00:00:00 2001 From: David Strome Date: Wed, 28 Apr 2021 11:59:21 -0700 Subject: [PATCH 143/156] add YML support --- windows/access-protection/docfx.json | 3 ++- windows/configure/docfx.json | 3 ++- windows/deploy/docfx.json | 3 ++- windows/device-security/docfx.json | 3 ++- windows/keep-secure/docfx.json | 3 ++- windows/manage/docfx.json | 3 ++- windows/plan/docfx.json | 3 ++- windows/threat-protection/docfx.json | 3 ++- windows/update/docfx.json | 3 ++- 9 files changed, 18 insertions(+), 9 deletions(-) diff --git a/windows/access-protection/docfx.json b/windows/access-protection/docfx.json index 2f90a93cf1..fff71782f2 100644 --- a/windows/access-protection/docfx.json +++ b/windows/access-protection/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/configure/docfx.json b/windows/configure/docfx.json index 26b7898d55..032a6cf7e4 100644 --- a/windows/configure/docfx.json +++ b/windows/configure/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/deploy/docfx.json b/windows/deploy/docfx.json index c532dc05a9..f8c535fddb 100644 --- a/windows/deploy/docfx.json +++ b/windows/deploy/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/device-security/docfx.json b/windows/device-security/docfx.json index 40cbd2b6ea..fb05d45e14 100644 --- a/windows/device-security/docfx.json +++ b/windows/device-security/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/keep-secure/docfx.json b/windows/keep-secure/docfx.json index c7756c160f..d153310b25 100644 --- a/windows/keep-secure/docfx.json +++ b/windows/keep-secure/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/manage/docfx.json b/windows/manage/docfx.json index 2e17041b0d..904388daf4 100644 --- a/windows/manage/docfx.json +++ b/windows/manage/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/plan/docfx.json b/windows/plan/docfx.json index 78f81bc195..f226ea1fe0 100644 --- a/windows/plan/docfx.json +++ b/windows/plan/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/threat-protection/docfx.json b/windows/threat-protection/docfx.json index ed96201d45..7576fcf3df 100644 --- a/windows/threat-protection/docfx.json +++ b/windows/threat-protection/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/update/docfx.json b/windows/update/docfx.json index 10a5192bee..723941b24a 100644 --- a/windows/update/docfx.json +++ b/windows/update/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", From e59387195e6b048440ed4492e436c3a43f6d151f Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Thu, 29 Apr 2021 00:25:32 +0500 Subject: [PATCH 144/156] Change in assumption content In assumption MFA server requirement was mention but now it's not required anymore. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9434 --- .../hello-for-business/hello-deployment-guide.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index 59b76ac590..1a07013ef3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -37,7 +37,7 @@ This guide assumes that baseline infrastructure exists which meets the requireme - A well-connected, working network - Internet access -- Multi-factor Authentication Server to support MFA during Windows Hello for Business provisioning +- Multi-factor Authentication is required during Windows Hello for Business provisioning - Proper name resolution, both internal and external names - Active Directory and an adequate number of domain controllers per site to support authentication - Active Directory Certificate Services 2012 or later @@ -78,4 +78,4 @@ Following are the various deployment guides and models included in this topic: Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**. > [!NOTE] -> You need to allow access to the URL account.microsoft.com to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data. \ No newline at end of file +> You need to allow access to the URL account.microsoft.com to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data. From 751786f7be6211b1e2f331393bdf4bbc702b6da5 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 28 Apr 2021 12:56:06 -0700 Subject: [PATCH 145/156] Update faq-md-app-guard.md --- .../faq-md-app-guard.md | 24 ++++++++++++------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index ecfe3964e2..ca6667c273 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 04/26/2021 +ms.date: 04/28/2021 ms.reviewer: manager: dansimp ms.custom: asr @@ -77,11 +77,15 @@ This feature is currently experimental only and is not functional without an add ### What is the WDAGUtilityAccount local account? -This account is part of Application Guard, beginning with Windows 10, version 1709 (Fall Creators Update). It remains disabled by default, unless Application Guard is enabled on your device. The WDAGUtilityAccount is leveraged to sign in to the Application Guard container as a standard user with a random password. It is NOT a malicious account. If "Run as a service" permissions are revoked for this account, you may encounter the following error: "Error: 0x80070569, Ext error: 0x00000001; RDP: Error: 0x00000000, Ext error: 0x00000000 Location: 0x00000000". We recommend that you do not modify this account. +WDAGUtilityAccount is part of Application Guard, beginning with Windows 10, version 1709 (Fall Creators Update). It remains disabled by default, unless Application Guard is enabled on your device. WDAGUtilityAccount is used to sign in to the Application Guard container as a standard user with a random password. It is NOT a malicious account. If *Run as a service* permissions are revoked for this account, you might see the following error: + +**Error: 0x80070569, Ext error: 0x00000001; RDP: Error: 0x00000000, Ext error: 0x00000000 Location: 0x00000000** + +We recommend that you do not modify this account. ### How do I trust a subdomain in my site list? -To trust a subdomain, you must precede your domain with two dots, for example: `..contoso.com` ensures that `mail.contoso.com` or `news.contoso.com` are trusted. The first dot represents the strings for the subdomain name (mail or news), the second dot recognizes the start of the domain name (`contoso.com`). This prevents sites such as `fakesitecontoso.com` from being trusted. +To trust a subdomain, you must precede your domain with two dots (..). For example: `..contoso.com` ensures that `mail.contoso.com` or `news.contoso.com` are trusted. The first dot represents the strings for the subdomain name (mail or news), and the second dot recognizes the start of the domain name (`contoso.com`). This prevents sites such as `fakesitecontoso.com` from being trusted. ### Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? @@ -89,21 +93,23 @@ When using Windows Pro or Windows Enterprise, you have access to using Applicati ### Is there a size limit to the domain lists that I need to configure? -Yes, both the Enterprise Resource domains hosted in the cloud and the Domains categorized as both work and personal have a 16383-B limit. +Yes, both the Enterprise Resource domains that are hosted in the cloud and the domains that are categorized as both work and personal have a 16383-B limit. ### Why does my encryption driver break Microsoft Defender Application Guard? -Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). +Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (**0x80070013 ERROR_WRITE_PROTECT**). ### Why do the Network Isolation policies in Group Policy and CSP look different? There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy Application Guard are different between CSP and GP. -Mandatory network isolation GP policy to deploy Application Guard: "DomainSubnets or CloudResources" -Mandatory network isolation CSP policy to deploy Application Guard: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)" -For EnterpriseNetworkDomainNames, there is no mapped CSP policy. +- Mandatory network isolation GP policy to deploy Application Guard: **DomainSubnets or CloudResources** -Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). +- Mandatory network isolation CSP policy to deploy Application Guard: **EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)** + +- For EnterpriseNetworkDomainNames, there is no mapped CSP policy. + +Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (**0x80070013 ERROR_WRITE_PROTECT**). ### Why did Application Guard stop working after I turned off hyperthreading? From f63b054400ac1895246dbfa296c64b61b05b2ca6 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 28 Apr 2021 13:58:57 -0700 Subject: [PATCH 146/156] Added link to ARSO page @Dansimp please approve --- .../bitlocker/bitlocker-countermeasures.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 9a9e14b5bc..0ad0174199 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -196,4 +196,5 @@ For secure administrative workstations, Microsoft recommends TPM with PIN protec - [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d) - [BitLocker Group Policy settings](./bitlocker-group-policy-settings.md) -- [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) \ No newline at end of file +- [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) +- [Winlogon automatic restart sign-on (ARSO)](https://docs.microsoft.com/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-) From 7895a2c23bfdf74d14858dd4a32d63a4a265850a Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 28 Apr 2021 13:59:56 -0700 Subject: [PATCH 147/156] Create bitlocker-countermeasures.md @Dansimp please approve --- .../bitlocker/bitlocker-countermeasures.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 9a9e14b5bc..0ad0174199 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -196,4 +196,5 @@ For secure administrative workstations, Microsoft recommends TPM with PIN protec - [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d) - [BitLocker Group Policy settings](./bitlocker-group-policy-settings.md) -- [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) \ No newline at end of file +- [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) +- [Winlogon automatic restart sign-on (ARSO)](https://docs.microsoft.com/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-) From 02c44654e34285193810ea11429b9b21136a8310 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Thu, 29 Apr 2021 17:51:24 +0500 Subject: [PATCH 148/156] Update windows/security/threat-protection/windows-firewall/isolated-domain.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../threat-protection/windows-firewall/isolated-domain.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md index cbb84a8b0b..b9656fd06d 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md @@ -20,10 +20,10 @@ ms.technology: mde # Isolated Domain -**Applies to** -- Windows 10 -- Windows Server 2016 -- Windows Server 2019 +**Applies to:** +- Windows 10 +- Windows Server 2016 +- Windows Server 2019 The isolated domain is the primary zone for trusted devices. The devices in this zone use connection security and firewall rules to control the communications that can be sent between devices in the zone. From 935d6d9154299277b52b0a7fbca2c84c8d91c53b Mon Sep 17 00:00:00 2001 From: "Linda Taylor (SNAKE FIGHTER)" Date: Thu, 29 Apr 2021 14:23:55 +0100 Subject: [PATCH 149/156] Update policy-csp-userrights.md --- windows/client-management/mdm/policy-csp-userrights.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 44ac3534f2..4a44915184 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -1004,7 +1004,7 @@ This security setting determines which service accounts are prevented from regis GP Info: -- GP English name: *Deny log on as a service* +- GP English name: *Deny log on Locally* - GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment* @@ -1901,4 +1901,4 @@ Footnotes: - 6 - Available in Windows 10, version 1903. - 7 - Available in Windows 10, version 1909. - 8 - Available in Windows 10, version 2004. - \ No newline at end of file + From af48be5bc54c6edda155b8caa8d9c6673d99976d Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Thu, 29 Apr 2021 15:34:42 +0200 Subject: [PATCH 150/156] Update vpn-auto-trigger-profile.md Add documentation for the limitation that rasphone.pbk cannot reside in a redirected folder. --- .../identity-protection/vpn/vpn-auto-trigger-profile.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md index e929ec1a15..96c9f3bd65 100644 --- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md @@ -25,6 +25,10 @@ In Windows 10, a number of features were added to auto-trigger VPN so users won - Name-based trigger - Always On +>[!NOTE] +>Auto-triggered VPN connections will not work if Folder Redirection for %appdata% (C:\Users\username\AppData\Roaming) is enabled. Either Folder Redirection must be disabled for %appdata% or the auto-triggered VPN profile must be deployed in system context, that changes the path the rasphone.pbk file is stored. + + ## App trigger VPN profiles in Windows 10 can be configured to connect automatically on the launch of a specified set of applications. You can configure desktop or Universal Windows Platform (UWP) apps to trigger a VPN connection. You can also configure per-app VPN and specify traffic rules for each app. See [Traffic filters](vpn-security-features.md#traffic-filters) for more details. @@ -100,4 +104,4 @@ After you add an associated app, if you select the **Only these apps can use thi - [VPN and conditional access](vpn-conditional-access.md) - [VPN name resolution](vpn-name-resolution.md) - [VPN security features](vpn-security-features.md) -- [VPN profile options](vpn-profile-options.md) \ No newline at end of file +- [VPN profile options](vpn-profile-options.md) From bef746a40c65c680c40082ff085ec20ef8c0bb93 Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Thu, 29 Apr 2021 16:21:30 +0200 Subject: [PATCH 151/156] Update windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../identity-protection/vpn/vpn-auto-trigger-profile.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md index 96c9f3bd65..a19b63fdfa 100644 --- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md @@ -25,7 +25,7 @@ In Windows 10, a number of features were added to auto-trigger VPN so users won - Name-based trigger - Always On ->[!NOTE] +> [!NOTE] >Auto-triggered VPN connections will not work if Folder Redirection for %appdata% (C:\Users\username\AppData\Roaming) is enabled. Either Folder Redirection must be disabled for %appdata% or the auto-triggered VPN profile must be deployed in system context, that changes the path the rasphone.pbk file is stored. From 4cdd8294fd2e83a4556ac96cbf6ef976fabcd6b0 Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Thu, 29 Apr 2021 16:21:36 +0200 Subject: [PATCH 152/156] Update windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../identity-protection/vpn/vpn-auto-trigger-profile.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md index a19b63fdfa..6233c459f7 100644 --- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md @@ -26,7 +26,7 @@ In Windows 10, a number of features were added to auto-trigger VPN so users won - Always On > [!NOTE] ->Auto-triggered VPN connections will not work if Folder Redirection for %appdata% (C:\Users\username\AppData\Roaming) is enabled. Either Folder Redirection must be disabled for %appdata% or the auto-triggered VPN profile must be deployed in system context, that changes the path the rasphone.pbk file is stored. +> Auto-triggered VPN connections will not work if Folder Redirection for AppData is enabled. Either Folder Redirection for AppData must be disabled or the auto-triggered VPN profile must be deployed in system context, which changes the path that the rasphone.pbk file is stored. ## App trigger From 8c5f95974460281d90a413315eb44eb095b20ca4 Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Thu, 29 Apr 2021 16:43:56 +0200 Subject: [PATCH 153/156] Update windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../identity-protection/vpn/vpn-auto-trigger-profile.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md index 6233c459f7..2c1405d9e0 100644 --- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md @@ -26,7 +26,7 @@ In Windows 10, a number of features were added to auto-trigger VPN so users won - Always On > [!NOTE] -> Auto-triggered VPN connections will not work if Folder Redirection for AppData is enabled. Either Folder Redirection for AppData must be disabled or the auto-triggered VPN profile must be deployed in system context, which changes the path that the rasphone.pbk file is stored. +> Auto-triggered VPN connections will not work if Folder Redirection for AppData is enabled. Either Folder Redirection for AppData must be disabled or the auto-triggered VPN profile must be deployed in system context, which changes the path to where the rasphone.pbk file is stored. ## App trigger From 28b8cfefc4c81a33b89a19db1ddfa81506875b9b Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 29 Apr 2021 09:34:46 -0700 Subject: [PATCH 154/156] update author --- windows/application-management/add-apps-and-features.md | 2 +- windows/application-management/apps-in-windows-10.md | 2 +- .../deploy-app-upgrades-windows-10-mobile.md | 2 +- windows/application-management/msix-app-packaging-tool.md | 2 +- .../application-management/per-user-services-in-windows.md | 2 +- .../remove-provisioned-apps-during-update.md | 2 +- windows/application-management/sideload-apps-in-windows-10.md | 2 +- windows/application-management/svchost-service-refactoring.md | 2 +- .../privacy/changes-to-windows-diagnostic-data-collection.md | 2 +- ...sor-service-for-windows-enterprise-public-preview-terms.md | 2 +- windows/privacy/deploy-data-processor-service-windows.md | 2 +- windows/privacy/index.yml | 4 ++-- windows/security/identity-protection/index.md | 2 +- windows/security/index.yml | 4 ++-- 14 files changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/application-management/add-apps-and-features.md b/windows/application-management/add-apps-and-features.md index 89fdaaf04c..9cccc2d19c 100644 --- a/windows/application-management/add-apps-and-features.md +++ b/windows/application-management/add-apps-and-features.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: article ms.author: dansimp -author: msfttracyp +author: dansimp ms.localizationpriority: medium ms.date: 04/26/2018 ms.reviewer: diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 31da1afc51..9e81170cc7 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -8,7 +8,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile ms.author: dansimp -author: msfttracyp +author: dansimp ms.localizationpriority: medium ms.topic: article --- diff --git a/windows/application-management/deploy-app-upgrades-windows-10-mobile.md b/windows/application-management/deploy-app-upgrades-windows-10-mobile.md index 96be5ecfc1..4e7caf9110 100644 --- a/windows/application-management/deploy-app-upgrades-windows-10-mobile.md +++ b/windows/application-management/deploy-app-upgrades-windows-10-mobile.md @@ -6,7 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile ms.author: dansimp -author: msfttracyp +author: dansimp ms.date: 07/21/2017 ms.reviewer: manager: dansimp diff --git a/windows/application-management/msix-app-packaging-tool.md b/windows/application-management/msix-app-packaging-tool.md index 030d1c6a31..8464d6261e 100644 --- a/windows/application-management/msix-app-packaging-tool.md +++ b/windows/application-management/msix-app-packaging-tool.md @@ -11,7 +11,7 @@ ms.topic: article ms.date: 12/03/2018 ms.reviewer: manager: dansimp -author: msfttracyp +author: dansimp --- # Repackage existing win32 applications to the MSIX format diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md index cd68824109..a703d5ccae 100644 --- a/windows/application-management/per-user-services-in-windows.md +++ b/windows/application-management/per-user-services-in-windows.md @@ -6,7 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile ms.author: dansimp -author: msfttracyp +author: dansimp ms.date: 09/14/2017 ms.reviewer: manager: dansimp diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md index e85e9efb07..591d3ebfe3 100644 --- a/windows/application-management/remove-provisioned-apps-during-update.md +++ b/windows/application-management/remove-provisioned-apps-during-update.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.author: dansimp -author: msfttracyp +author: dansimp ms.date: 05/25/2018 ms.reviewer: manager: dansimp diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md index 58033a8f99..153f2d49e5 100644 --- a/windows/application-management/sideload-apps-in-windows-10.md +++ b/windows/application-management/sideload-apps-in-windows-10.md @@ -9,7 +9,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile -author: msfttracyp +author: dansimp ms.date: 05/20/2019 --- diff --git a/windows/application-management/svchost-service-refactoring.md b/windows/application-management/svchost-service-refactoring.md index 3bd1bf1897..7960d238c7 100644 --- a/windows/application-management/svchost-service-refactoring.md +++ b/windows/application-management/svchost-service-refactoring.md @@ -6,7 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile ms.author: dansimp -author: msfttracyp +author: dansimp ms.date: 07/20/2017 ms.reviewer: manager: dansimp diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md index 718909cd4c..1b603f9a53 100644 --- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md +++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md @@ -9,7 +9,7 @@ ms.pagetype: security ms.localizationpriority: high audience: ITPro ms.author: siosulli -author: DaniHalfin +author: dansimplfin manager: dansimp ms.collection: M365-security-compliance ms.topic: article diff --git a/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md b/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md index 20b56e6e79..e46a00da1b 100644 --- a/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md +++ b/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md @@ -9,7 +9,7 @@ ms.topic: article f1.keywords: - NOCSH ms.author: siosulli -author: DaniHalfin +author: dansimplfin manager: dansimp audience: itpro ms.collection: diff --git a/windows/privacy/deploy-data-processor-service-windows.md b/windows/privacy/deploy-data-processor-service-windows.md index dbc0883936..b7633028fd 100644 --- a/windows/privacy/deploy-data-processor-service-windows.md +++ b/windows/privacy/deploy-data-processor-service-windows.md @@ -9,7 +9,7 @@ ms.topic: article f1.keywords: - NOCSH ms.author: siosulli -author: DaniHalfin +author: dansimplfin manager: dansimp audience: itpro ms.collection: diff --git a/windows/privacy/index.yml b/windows/privacy/index.yml index da814f7791..85f43428fe 100644 --- a/windows/privacy/index.yml +++ b/windows/privacy/index.yml @@ -11,8 +11,8 @@ metadata: ms.product: windows ms.topic: hub-page # Required ms.collection: M365-security-compliance - author: danihalfin - ms.author: daniha + author: dansimplfin + ms.author: dansimp manager: dansimp ms.date: 07/21/2020 #Required; mm/dd/yyyy format. ms.localizationpriority: high diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md index dd87cded73..3a9682cff1 100644 --- a/windows/security/identity-protection/index.md +++ b/windows/security/identity-protection/index.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: dansimp -ms.author: daniha +ms.author: dansimp manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/index.yml b/windows/security/index.yml index d7b6fbe5a3..1fb33314ce 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -12,8 +12,8 @@ metadata: ms.product: windows ms.topic: hub-page # Required ms.collection: M365-security-compliance # Optional; Remove if no collection is used. - author: danihalfin #Required; your GitHub user alias, with correct capitalization. - ms.author: daniha #Required; microsoft alias of author; optional team alias. + author: dansimplfin #Required; your GitHub user alias, with correct capitalization. + ms.author: dansimp #Required; microsoft alias of author; optional team alias. ms.date: 01/08/2018 #Required; mm/dd/yyyy format. ms.localizationpriority: high From 53a9220a7db0bcdb193d240c52103d5e1800daaa Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 29 Apr 2021 09:36:06 -0700 Subject: [PATCH 155/156] oops all typos --- .../privacy/changes-to-windows-diagnostic-data-collection.md | 2 +- ...essor-service-for-windows-enterprise-public-preview-terms.md | 2 +- windows/privacy/deploy-data-processor-service-windows.md | 2 +- windows/privacy/index.yml | 2 +- windows/security/index.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md index 1b603f9a53..692cfa0a09 100644 --- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md +++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md @@ -9,7 +9,7 @@ ms.pagetype: security ms.localizationpriority: high audience: ITPro ms.author: siosulli -author: dansimplfin +author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article diff --git a/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md b/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md index e46a00da1b..170bd2f449 100644 --- a/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md +++ b/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md @@ -9,7 +9,7 @@ ms.topic: article f1.keywords: - NOCSH ms.author: siosulli -author: dansimplfin +author: dansimp manager: dansimp audience: itpro ms.collection: diff --git a/windows/privacy/deploy-data-processor-service-windows.md b/windows/privacy/deploy-data-processor-service-windows.md index b7633028fd..01a6bbec79 100644 --- a/windows/privacy/deploy-data-processor-service-windows.md +++ b/windows/privacy/deploy-data-processor-service-windows.md @@ -9,7 +9,7 @@ ms.topic: article f1.keywords: - NOCSH ms.author: siosulli -author: dansimplfin +author: dansimp manager: dansimp audience: itpro ms.collection: diff --git a/windows/privacy/index.yml b/windows/privacy/index.yml index 85f43428fe..ad4c6fefef 100644 --- a/windows/privacy/index.yml +++ b/windows/privacy/index.yml @@ -11,7 +11,7 @@ metadata: ms.product: windows ms.topic: hub-page # Required ms.collection: M365-security-compliance - author: dansimplfin + author: dansimp ms.author: dansimp manager: dansimp ms.date: 07/21/2020 #Required; mm/dd/yyyy format. diff --git a/windows/security/index.yml b/windows/security/index.yml index 1fb33314ce..83e7dcbb53 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -12,7 +12,7 @@ metadata: ms.product: windows ms.topic: hub-page # Required ms.collection: M365-security-compliance # Optional; Remove if no collection is used. - author: dansimplfin #Required; your GitHub user alias, with correct capitalization. + author: dansimp #Required; your GitHub user alias, with correct capitalization. ms.author: dansimp #Required; microsoft alias of author; optional team alias. ms.date: 01/08/2018 #Required; mm/dd/yyyy format. ms.localizationpriority: high From e1dd2d1a68c6a58fec06fe871899928e2dd3d65a Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Thu, 29 Apr 2021 15:32:58 -0700 Subject: [PATCH 156/156] Update deploy-wdac-policies-with-script.md --- .../deploy-wdac-policies-with-script.md | 27 ++++++++++++++++--- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md index d100941402..3aed014401 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md @@ -28,13 +28,12 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p > [!NOTE] > To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool. -## Script-based deployment process for WDAC policy +## Script-based deployment process for Windows 10 version 1903 and above 1. Initialize the variables to be used by the script. ```powershell # Policy binary files should be named as {GUID}.cip for multiple policy format files (where {GUID} = from the Policy XML) - # Single policy format binaries should be named as SiPolicy.p7b. $PolicyBinary = "" $DestinationFolder = $env:windir+"\System32\CodeIntegrity\CIPolicies\Active\" $RefreshPolicyTool = "" @@ -43,7 +42,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p 2. Copy WDAC policy binary to the destination folder. ```powershell - cp $PolicyBinary $DestinationFolder + Copy-Item -Path $PolicyBinary -Destination $DestinationFolder -Force ``` 3. Repeat steps 1-2 as appropriate to deploy additional WDAC policies. @@ -53,4 +52,24 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p & $RefreshPolicyTool ``` -5. If successful, you should see the message **Rebootless ConfigCI Policy Refreshing Succeeded!** +## Script-based deployment process for Windows 10 versions earlier than 1903 + +1. Initialize the variables to be used by the script. + + ```powershell + # Policy binary files should be named as SiPolicy.p7b for Windows 10 versions earlier than 1903 + $PolicyBinary = "" + $DestinationBinary = $env:windir+"\System32\CodeIntegrity\SiPolicy.p7b" + ``` + +2. Copy WDAC policy binary to the destination. + + ```powershell + Copy-Item -Path $PolicyBinary -Destination $DestinationBinary -Force + ``` + +3. Refresh and activate WDAC policy using WMI + + ```powershell + Invoke-CimMethod -Namespace root\Microsoft\Windows\CI -ClassName PS_UpdateAndCompareCIPolicy -MethodName Update -Arguments @{FilePath = $DestinationBinary} + ```

h3-|oiMJ=TXlJ$J_{3jT$bB4UR;QJwC9Kc~N7fKhiB<}l z^I8JVStO|3WcFgH&e0tb&?LOy83ki1vK5u?F?z7y*QyQoCGa#Z#_7}ezxzXWFFHgI?q@Yw`y}R@y`IP|6o+XSDK~V#iQ!th zw0c?g)a6gpM_9erBcD&f5ZqkCxdAF{;=CtvrcHs9S~Dof7+Ji9k})n-UNH?{wVl$^ zCeHzxKpIE)=0BLxU+y}fDsM9JA}Jm>l=c-7YYy_$K&DQ3mWf!o<`hq99|hKh#@^Ik zDr*B^il%G30|Jna8U+?sIi3r)_^c@g#cJ9!a;9 z%M?G-VJ3-T{HZQ#qWVtZkQ9T^fV7Qaz9JChc!+VNc{8Zk*v35sJr z(u#1T6$v1S#0pO{BwTRVJ@OyO=2}B{@0V#-cFKr_DRwyZUJA7bG97rMh}t;D(&HZa zt%`3KKo}RkbfM#;@p#KbOx2wkN}W>k)i%}u3fDxs90m_oP?C}!ed!$n< zrL}qF3$5zmc%AwxQawQkdT<)@;8Wf9&M;=x9HnElvo=LbAShoS>3O9%L~(Rp;jlE5 zzcU?i3Dj?}kf70te~1J2B*gh+7paG6`A-D0wWhVxI~&Ph zDrx0EWG=1Js%qu#y2b!xyz%e`?RTk+{IpF_Iz9ycfx@+4o?A8C`gGv1S5)urwd{%I zcY*pnE@+l+j*ejGKv((=-Ht4(1zbbIp!0C)T!olS{n|SbmA&cZYP5jwm9w{}7SaK5 zfTVew`?>FR!V-uJUD^C-kwa&4?nU`g6{4Z{2zy&Q$y@+zEi|S}?|jWl7HDt<5OVO! zOuIm%QRT+^gA?JGNju=KPQ2~$4!IMpTk8sChx9eWG%p{IT+lg#5_6 zV$%s+6*nPr=DtL<|9T_Q9Bl_J*chBBL8B0LQRUvoJ+#fyV5x4O78$Yu+;5B}vRj-Z z_QplZHdwURWLK`Ba5Wi-mI!~hNe%iUBjyvu9weiX-bnQv$2H<3T?qT0VJyeQZFzSzHXks`sSE5*FlLUoOaiQA6T#kW#^dMYNH@X6Nz)x%xCyWy}AaS8LpRg)F5 zeC&n3q{wN_9?e$=`qRXNSy|&#S<*Dm)Jz@<3Hgf@xcVM^UJK;&?PWUu>BmY5!HWp+8^(e)ZkEzU-fLv|HH+V?TQtHlD~CP ziUKQ=o9LWaztQ~2s;iP&!0%k7W?vu!ZIQUbs z@-9l^+^AQG9Pg5tO9C-W)tKZ5xASZdJ{OiD?b8wQ3Hma}%)D1<{S@=- zzfUI}hD@J@@Y@5c5^zA_FlMFlkGSWlwWw{#n?EI_b}c86`c$y z&OoUKO7PVhn=o{!Dj;a{Z~(w)5T;K+&bjdNyYD@1Fe~t}P1WW}6B1gdEg;~84?({E)k(>+mAyJ|Y9RO7kc+@jiYz7oTBoayb&taJ_?@h~=teG9?5(cA<1 z3(?G)cA54rv?9X(vjSED_o}5??FCRRwfzHcE)gZ__qW%)%ebp6>gqO{*5Uq}sYuDh z4CgPx#fY(Y;Jd9f^htsxU#X!LJnpS}ato8=a{8ay*h8@dOsMvP8+)o^~|b z4^&Lkv3x3>JAw+E*8FQlU#^quSmzWs)EuCRLs)#7?HOa@CBg+;rFJyKxN%8~G0&RP?Q%;V{n5`FR97@v+&f zay-p}Rys0QEwCZgRb#X(!)-Sz=6MRO`#y!v{=xefThVB*4}!(M0Y8%T*CHi+>wXIfML7rQdv7mn-6j;mw&934nUyn| zcEcIPOVl?9Fp^SX!bf}eZ< z5ytF#1lorGb$46vGsDoFb`j29{RlLeQZg-?Hf@nPldAaxB9a_qbxoHxU--OcRJjjw zR-o~q&EsTL9w@!e*XhQom0C2he>tKdgLed%%+-?P5s3Y0HK-=+$Q!Z^hB z_f<`4j4+TX@4EY922{&z_B<8&w2E&dp-L0`5slSsvwWV4E%_>R4gITvk7W*QrFI3X zQlY`Rpe+EK3*-sU2GkcE_*iA6hlY!vf76!``)o0^Ps`0k%l0w>^7K4FVYqz|OuM)& zHh5;K|68^^%?0i$D#O%5p19pR$#z8c=za;0TcO%d(l&X;YF7%etXveblpkFZ&)n`X zs=;>8i)mTDX)R%lXv`H$SIfn&XVh6g@zy*2Q`uv80kPbBdvWXayq>%YoBpEumwKMosK`d1dw;7#F$eWsU4ho5hHZl!@z{?GanMF1%B{E9rZaE9OfR#% zR}G5A#xs-a>{z3`(pRJoTIS5S|Me}Yu(Ag~b|$L57B*`+yaeB!H>k94=kRPeSX_!8l-X0$T;|XSbkBCrJQYE?lK+|KUXTa+<=2q{yh{g0@81yfqO zip&vb=7mmB@wB~$I>h*7vUhoBZqJXQo1Ao_bJYwo6#*SZg;Mhs#_hMoeY<*|29;sr zv-pmEKjM;$lYE@&#`nv~2A;tL-+h6mH;b7OWN|_t7}Uq*D72M4+S-U+l!C#r5>4M- zyyfMrG-f|Pt1M=6LY9R6OFgZOR{Rh3M73UQN?UAK+ZUC`@>wa1QUF)wyVv%GM>3EQ z)@O=!ED7gY54U{bZ1B)MpaqXg=#^92lBlb=_hh@~RSef^w(4YDY-k4h24m4o-SSw% z=5kofR3Q(gDXa!+<9%f}g~1Jnkp*0YACwvT8UU7F&1A3jGY>4?}N=OIO(=FWZb!?(GcsfC@*xT}mk6 zfzo#GdgQU3e(SmNK#_=fqnPOIrn;1}r&9ygdzbC84Kd`-&|FpFjs{~X@{&Y^M_4?I9kq`nS{~6|5HHMvO;%N}?-~Z~k zD!>?`JMG5){&SKF2L9ITlI+d(>|ZO&eH`)hs&OK1zP=m%eyZn>C)!1eNjmhm1_skp zq~}EeHm4>mmOj(AW^F`a>@-Akv|@;;`uJvtD#6$cFwi%;8sz?BU<}#fy{H}!0|gC|0&thB_~7Z0ZS5SfGK9~om* zg1Sc7DM!$7VoMXTnnp|BV5XzT6H{gLWNM)Z7e7Kb>NL7(Ze`g;NPCwh zBuhrz9@0;|S^kJzXR%Bd>BYF4_p45yAe_S=^z?z=JO!p%`(Y>U9;}Qydop8-SKosl zqaNyX1`{djGSMn!^I+i}uL!{z{W`BM@-h#)?2bth&w6c2M;xrToj!N}Mzjy>%Iv_$ zvDx$fW0l_ZneFWn(7CvH0zB4ZsbQ!$BbBh>*)*p2q>bjEIzTKg+Wge;<|u2^SWFg| zqHHW$_ z>%w$i9fi6U(RUIu&c*qAZ5A(QzVTylX*|zk_WBsJyp;D<-U%C+F$XWB&X1)VW*j}w z6qb&CaK8E4=FzR5$*^k?CepnsLG+&3eDp^4P1;`BJ3Q=KLIoSM^OBz9^*QTXzw$0S zQmw=nnVj)8*6V$w;aIxp!7N}#ZDc>Xers|=b50=jJ+gA@8|=KnsS~*#8%Lo{vC-7M zv!TT=7FsXQm1m9W`{$=pj@|PdnI(i?w|z7fiuSxD>WGBrx1Ejdwb}Juf0ohmjv3lb zR{LG|d+K@nh4Zd+H};k@rbWWqE4Z)cuk`ie-`p7&!b*S>IxY32VYgAtTT&(76L-Q$ zZU(21(P17*g&QLqGQ~-yM`-6nIQN)*EkAtxT%ELXjY}(+9(zu2bBA$u|0*mp=UvRTc zV%awCeLx%F77zJ}e|nBN1%UcrXuG*G3V7(iPRT4lzdN%cxYBMxm9C{l^OHYcqU%|d zTb)!|RZ%H_mEm_c>{N~1NxsDCt#<~-%FgGPvYMxRUl%$sWai({v|F241yZ6Q9Sm_Y znt&xPNrIvZk#LJivl_pu(2*6~&OsaR$d*gZqDtLxd%70X2J(-Ty;l^`-k6?>q`>dU z%SWKwT7c5b?0ZmW|33Nb7>YMgJJUJ_BYCglddBl?6ZCq$F^LzH^UR%seI2k`?bqFO}mA?-AhpLOIqa_u06yiwZe9pIJZ|J1IGTnl7tzdJZw7EE&J2<|3xz{y5Il)e9^2+9o>nFagvQrV3 zz4lg&@d$Ltj3_YTJ(~w$vm0G;vYt$(Jj$?OiNX5@H7bRh-)HT5egq$EcO4k9Zlp`O zeOIbR@^Q*O9qI@rf~qEgQZ&Q=(h=xeK60Hb>-|)8%{p;674EQv9WtwxEORj*lRh>b zboNhyFqA0b@V_7nU}qUAkDIpIk~7F}883G4ZCLewQ#BvmNfA%$-CZ#gTr)EN(4krw ziH{@UVY~C1JzqY?DQb|m7`K)lxm_ui(WFj9yAZGJ!abh6y3M=z%NR4hGbZcy4s<8t zK*9fX)pzpp?9pZoDSZAOJ-HpBzP({rXgy-HGYT6NpSZIOYc}$-gf!(Osn*cP?b(A?&lu-}k-{dJ9%(%)hvnMceWV|~GqPdn=jCKLY_Hn1nA}Ap zvGahZWTjQxCeS*uGJ|d!$;CmQZVv?jc%@mJt6&3!e&Thn(;%Kqn+68RydgGH6yF64 zfD!joo6c2;FBqFWre`$mqdx*=O(Ago#U5Iz>Mx&oc>Jn?>lb)|ydUwyUBa#x8r z*u6h6xUUs@I^$P3YSi-2!`o_>EXN`eX7RHP;)RABsH&y$Jq`qp5Ej@w zgtpv(9vgHSz56G`RQPP$ljyN}!v2ywox>&!L>sp?K<>-)Sv29D;F*i@-VQ<5BGGOS zks=e5nF7VEMrW5liX%O2CO4k0FE*shw_At2YD(b0eJ6^(Z%3r}!KrEJ)kuA5kINzGR`z2=jRF-F5y`yJ9@jf9&11c(fa ztORxk7PCO#&LJs$(_>%2hNpgi|HBx@j7_*(n24Hb^^@M3-zP2f(F)pBk`qj=uR*Zt6-e3( z5_sZxe{YJRaRw--5`>ED2Y2K#q2b2=w&BjhmaqR0g&af@N|ikKM)0iOtnyxZmSz~v z4N4wb!|KJ%2h86V%;6h9K*n}_)I|~>@Vlg%?}W9!JyqJZw%1P8#PZB)<_7VlpSY|< zsa%2-H>e>cmbiLW-JWq8eCYO5@Vmq$6rI#kv)Dc8P=qot82Qrul{phz6Z8rr!IwuX zW8-;N=aHi93BnkA2B@sIzkl%b_Z#}M+82_UPDjrN+mdxL)|6anlPHRk#sz`(wsEjr z^teZ(4{MnzuM{@!Oc6&`q!zcOQpP23Ija|Y&L!v6Z%*uzA=9yXTJ9%4^z#mFFQ71` zrrGF?@+ak7#_-7AW$&`l5F`Hs+WK>QEpb?x6zijJcPC2uWc`I~?ioo&+dzF*d-)|# zQ%F+=;ycHunSPIbJ4yR+o#^d*ldid#<~~A>~*|2AOd? z&@(|DmL8**Q~%N^<&)Ndo( zX=7hRT%IASpUKiEP(F9c}os6gFStWsG zfBxMrgz5~)LgBYvh(3g)$ZS)tVx!39*Y((mF1VjYy<3a4>h#l>?hM|fM@QE3oi)Ic zD66g4v8kYc4)tac-l@FE`@~u`85&~|`gqL#(J>y4>Q-!RDB=@;52rh7QcRoX#8(9M zknqxCg-m7(dL`+8=Mx@O%jW#k{*(;@>*J1I3#^;Dx_gMu#5vx#S9-qXe>2Ty%$WaX zay{)LDBLk|vv|Yc+^_PwTN8>?O|0)oPi%iN?R0XpL&k#(S)Uhfr2ed*YWP){XBkaP zblZq^XOQq-{OK3Qah!6{4=66j0kU!^U@i zD)y_#NbNt+{LA6=z8pOrez&Gh$!Z~}%UCh|6}+_IQH`_hM49BM|1cJ$k|5D=bG0D( z_(GaH`4Fc`j=LNQT?eaAVID5ScXT+Bn-D4;%QYCn#FW87vOMMt8tI`s^fRgAGmcP@ zE46!ov{*ZsW5-ewDH3!%yPjr;Io94eJH9LGiH5*qWPsQnL2llR(3NL5ma z`#V6K$ag8_3d2x^Fpb&Nmu>GUjf?z~WDb~=R&#~c8_whly-?bZ9ji32Ppykx3&u}&Z}XANc%%20#ko8Z;ojgk*u1u$_WK+f=ORHt zyY;IlE||WEt}`>bt&SA7OyAYR#!v+PVp!szQ*rR}8vdU`&vE_*kG#0W*5k>+s*mlG zxl+}+E2~=Syk{2P0S$SYC6G${eESKI8KrJC5QAhTABF7y$}he~<(W~;ta9Il%?Fp@ zi9-9;Y+_XlTTaUmC)+8)&Jz~k_)0Awk2&YDhQla4KdRoeRs$q%f;{t#rwMrLQTMuA zZl6mIgqY^K+>R?Ts@)hi7OsN8qB5GkBQVdN;eH>2<55p^%*}^eZ1xBLG(g3Gj=$B#&Nuq>#W%d zXiIAc)}FMPgpv`B-p8~QqxK%Lw6Ie8temJm;E-JaS7AAkqeCktRpX((R;l}DP!?a{ zq}NHq1q+%OxL0u$3O$xzfYRJS^auuAnki6~%Pd2FfAb5g09#ER8;w4$l<6GH7KTYv96}L-^}4T4fdD<~1u|li77Uq-C1j zsf9*BwU_-6lo&hX{XjD`!`l-@>>S2b%G)^%x*P|s&(_*9_fZOFy(oC$vA&aJaVRho zavKj?s`iKJJo%lznfJH68<7S6(f>NeK%VaZ5R5kKJS+hDs+lR4J{_7!15bghw@{AH zfRjq^VqiWeoaJSgQsegxm3u!M9fkN{04w1DJv>qFzQRUR1GYE2TVHI9J?pmeYneI; zd+hQ?2i;S}90i+nyKN3sffjBt$8sJliZ^(w;+*&|^%jhbNZ-oZ8wEPmg#{dOC+zMm z-n^y&6*DNEk}u&Kb1k;Pe+W-c>0%STT4fWeqkPoCXmsq6V$gNB7?$HXR{-eTJ=I=Q z&zQUu<9Va4^No*7c4#e!;Z(nA7PQh)a%uK`$QZ^@#6fdrTpF%xdODmS1z= zdU^X2zhMevd}8x!S=kZO(hZLxyH{@coZph&WDcgBG)BJu2)TSW7`4Bc-|pI3aM+yO zSbN0!mpXm13J`irFPJFhgQwN+fJUS$tPDn69rGXT<=-5XDY3wi8bE1MN?_39ZGrh< zbo$eTJd(z2{Ee`>-X|)EbrwykX}Kb;1ZaN|Yo<^sS+%Ri1c28Z;d?-9FapDHJZ)9U zkMYCr7X>$+tx@J+BaIhz;J`EOaK#*osVESzIbE9xq$_ z@Zbb8gYqaeZ=D$bIRS3*@bR--4xx?PQ*Zp+cfy#jRyrCNYXp<+Tnpc~qhOU9pqoz2 zL}ZP6vZRPh_=?2;%8nR%$_+cyx>4|{pDk<7W-u`G34$j}iRuh@V~kb^+{C4oDbsN2 zW$u<wS+z4{abs}w z5~x0`%;ETomD1xOchSg(r&v<5XqZ{?jHIkxl_6=jp9%g$#$}s#z<-t96=;8BAzQz_ z*9YJGy1@_M-?SUi|Af5;u1DqyDu`lP9_NTm=DXzz$BbyOPFFEsm`3Wu=<_OHHy_nk zwS0cYG`Qr|ow7Wt)294Aub52OJ%pvgl{1c99#L1+I$8ylF^JD9UX7#I89XFZEK-1ezt19YJzdy@Abxzv%A($wO&e)u$HLbx; zl=L+Ta<|$RvOomin!z{M1e}R}#eJIst0j2%6_7YlfLa>bY<3WBkk~KEuh~Rd73Jj~ zN*4nU3nhWx(QsoYxVqQgz|o>Po~s-QVpdpu5EX~%TwbC|Z=*+qJX7(8gYqPGkga;7 zeY=-H5qCt>+fc@X5mi-_)$S+E`tEFI_xtYz(OMidCm_(4)l6VN#`k!|e=3a&v1{_e zb_-K^YelX@)$BlLM-fQ5`Aql3|M+}R%+hP41%SeW)4_jet} z^yIWAi(Y=Mpb>9_u7eIk@AX=b?TAg8Pm%y6P>LkqWcRm2r~<};}$HqfY?ixZGaX+Z7#ho_;^UZ4Q%AUxlln1?5DnSoEP9_a9Z<_dZ3E)X{wo z?3)>GdNA#&G6L`1lU3N&o@AtnQX-*WY09tvkeOmo&sKBGF7vdZZ(I4g$np~^!bvZ$ za=XJgCo&o3Rm02}GW!Qu`Mq)K@pJU0PIMK9uKvB!u}L360sCdbxW9#Z4q4;e{*oy9 z=xrY0!s4aM4>8({e+JDONVVh#3T1-yebQi3zdg|8t2o@B2Qvq)kh{h;tEf+3Rd0*& zkwl(LMGkYFrmu>VT5&5vkk1fr{I7X9swOSl&TFNwvaD#^qWsBUinH~t&!vh^Hm10~ z);{?;Kcx*(``Q-B6*C?z^T=kxuH@GXQpv`YJc;~gG#8qm*;a~Y)`*ank-(NAdi5M2 z5*1nlUU?Y2FY*w2(idy%NifwFqyS)Z0G70O% zk-Z=dgXIjw*7^CR9Hok!L5?)2kIAePjZ+=)~tSB|GHS+ z_#>t9t1Ly4rroSuo9PEFuk_d>zt3fr5vrSY<(y`&_ijrI{p*7E)gsxFgh_LSW^N!H z>#{cUS>OR9a~6Aoe+>4&0N%Hjm=FXB;%5F_MN&oF%R z7&ucqL_Z^2=APr&Z_EmfDBqp&?EQ$!nGxn`_QI(##cnu9blt*O!}Wm$6(847DKpDR zRkcvb^tUO<+X{%q9XUR|C|OdpayHPq+v(qYC8CYp5(&$(t(<1yISMsB-yqrBIdNSr z9;i@<%-}Jk!1UYruC|&txstt38_)DXh@O*l6>4x$ZSBXqbGPD}c0IpQK~5CmU0xFo zhOk@LIzY9^eAlcZS)nrpw>9L+zcq$_(septb#F3E0RR2>P|Kl=O)RBS3U|v)Z3g&P z1AHOf|B*KpAKmA1ceHDxAIE93xMxv~pOH0*P3D#e#ywkUX|ulKQ6W_OK=c*L^wFg4 z9l1KE=9lfdBjR%ke*3RJGOTbhSW&&ZAzQeSsGSjff66uFH!YNPiynHNQtgzy+)U&< zzybB--B$wR3rinD&X@ijbMur@vz8#{0{5Y&7Ky8SrgDCv`nx~?eyk(Xt&Z0J85rgY zpSo+3as<-%ogj9Xm}-thF1ca9ghZqs!%X6~hs@CkOWkg*-g!xkVOT6kI-Is>(rgQa z@=ttS@f5h%pi$^^keim70jQV4n=|zEGEC(d_ls#l;*RbF7a$9G;xJB`7~<(d2%bk=}AJkiT%-PnP0TRR4nv!IBRdzq+H#n|FkbF#@MotUgx$WSeD! zjXMSNzM4H)bWFH;Ft~mF3G{~QTVZmY8u@=_ZUVr-DP6)lwJSY33lUosfzJ7) zRvJkxOS6i;6ojr`TAQCZBTpKl)}bx--qZJ#I_G$mG+|UNMFGhQ_j9Qe0nEaZam|Wn zm}O)sn#8O@Ws{{n%|e)sYc|%?o)n)s9B(;VN9RwrknW!`BvS#rWt{xWVE_ zM3*`N3<*quMKxeG7V6o=y?%Zt12b)YbUC(0RR<+$+)85}<;aKYczW4UiBivR=}U0$ zIlO$k4EH}Kz^2*bhM81+g-$we*yk}a({foOe0hX8T+;!v?EUUi`p|$j;W%c~mvJtk zQa>+T0xtsarUb+Lj8_Z6=xcW&Fg@B^bkPkr9PVpg%*{1#Bh9#{&6#Du4<<^}?(_mE zFv1Ce^nGbK>VkJfxnvvFY$M=a*dJ7&0;{r|nUdEf_T48v%dta^L$(r&AMVFaaxI6i z8&F2@6d9nR4Mw}JgOcUg5&G!Kt5P0~Le{KqHk*S- z<-5YO;W*`s)}$&KOvnFscQ=%aGR1$W{IS*>&}!5s*Vzx1_{t5&l^gH6%i>15NDZ;J z_*FjhhVgxnp!+?*95hL1{DnT6upZ*nNGa;G``oEJxek3UtWT^M&UuA5hOlR@PtKDF zWM+30Ya(*{?Gm9L2v~F|MD?l6dznY5nQB*@-pBrUV>rk zYUfQ7zy!^>eb8RmzO)I9Uz8*mPZBpJ;=e}5DU+t;R#+i|;dLIrx;u#O%%t0KKJnCr zeAeM2HAwDJlTwi-8HADwXwdy|V`$WPvQ>M$p*fIKU6Zbz(j<+uHpBgtIE2q?o&r3J z4-kDI5;&E0QOK#TbH6V|PKT@hRpa z<3F|pzUh&8KYbWmUV_o+r7<*Nrw?gZSf= zF$N4D03BDZ2y_nMC?JuA&MWo-o?~v17b0j{4;H5}+j;r-Jq~R|S)K%(g61c`h2>u! z^TQ%-$esf!Gp><{GmqQpOC|J+g0~&G_$?U^nwrY)HqjRpgI3P^cUC73M*OT;W65VF zQ?Lau_^aT?C*O3tO)bY!(Qi*H4udssEl1p5y%m%9f#Jz|Z-RFZ10E^pKm~d0VFtr@ zYxrMJ)d5xm=BN+B>Er0sL)(M|Kv6zR{4|`F`d*IE!ja)-0snQHrKM2^_+GpDsLVci z6Pad*IC+#3;av3cLV` z*mO*UaXgp;BIr~H`bEUuF3JDn0}#mKg|tafvv1vL;#cNI3c0LgpyMn75!H$-wq>cY zINk$t%5gI!aTY$l!Kx+igYhFdECkFS(BJ!&!3i3i>P!%bE|?Jt&*V3&8y0oAnI`0d zk{VM)i@-F4g29aZ5;)sKcV)b0Dpvj&yhQ^%u3aH+2~<;{+55(X1f~5KXuz01q6J07 z8vEadD#2y&%t?HZ&kQ?&H6SN>5a{)lwH|?_y#j^2rCk^ke`$x$NzD?!Ez>e85d#nt zI7qmzo#5-^cFmfUThAF$iEIl7ah9}Xv%5D#gsloQS9)L%$2980B3Lfkk z09XncGIu~Am)ajKiBi#A<4*9XTPsyR19{K}v%uz)uG$+ESyW~RuKE#(@jsNKD0B!* zjfD1{9#3G1{^FjiT1`%irbds6mESQYuHd}{pyA6GF|S1Ghl~q@mmg$xHSRua`WO;q z#T=ah3PI1krDD>19)f;Nh_D95NGSK3Vr6$1g1a0eAds9Z$8rh;R_NioK~94~0k2ll zF^SSSO}FGI@H?a?=2@iw~u>P`oGSV+u+t+h}Ui%7E!z-!SJdsnAo zo2mYJ=Sg>Lal?Ka@dDpZ&`~mt!tVBm5y4cX7H4bEx+HbLfMxh4RbV= z-9%#ivCqyeAR6&2Xu=A5l+OgVB74v*OM0IV6Mmj-Bz*hZ-wGe;oA5;$w8TAY_aW?7?I>NhHfW-snW?C75Jr zk!%U*7u^W19JnKlmMt|Bkn zxpO5Se?B`(m9dtaof1u{w>8ul5gBR2E_IE*;7WRMdU|?%*YbF^HZ{T-X}|Y+*@)G= z&a3Cur9r7KI}1U<5j|>i?-|CcZS$W+T~G(#n9U8ql=glT6^A8z2EM)VAgn`Smbq~^ zSXX$3fWsjCz_4^yB0%}<|L`gxZd8Gnc5qrwW{-#!Cwh)iDg!Ip0g>9|^^t!Tp{CkY zs7;uXB{VbPi~~Qng5fuYB4fn=qwCEBq5i)AalML)O36|rCF|JAS`tyRWjC0yCA+aN z*(p*XVVDuJ6K3p;eXT4*vXfny>?32}e|M_)^7(u}zvn*@o^$S5ANQPd&n1F0>A1A| z!;LVZx=1=+8K=qT3>IMKQ0&I)HlaN>j|Y((47MXEJ>w|3`4-Y;rn`5%*RvTcM0bn5 z)-2nt4%f3}Y^JAMA`CPct%r)tUemYL`xj>}zIv*Wu85pGlojh&>W>QbvOW7woTyF!J*Dc-KlLwAm;`K)C0 zCz-?52z2K@K`5ZRd8KYIAJ9o0!xDgOPz)C0cHgfBS3g@W_Wk)K6*^h7qBL?#iK|3W!Bbzkw`dEuC}ukaJ1Djd~a{5 z@x?P64 zLg5*%dBwhAXCAdeq;x}$>?8DOoSlO`Xn>*X5`fitZ! zGOJ%MCI=i=qAWL8CJGX++;RC5Dh#?E`$&^i5IJRVLM2W_H^vLdA7{8*n)Y_duOnVe zOVDS_agN>mLls_u&CgsuE<)x|zug0j?~=bfv>#`c6y*XMVaD21AG~&pZb*|4+fT?@ zKlfiuiPT;O>#nZftIkx3g|A;*Tklmr=^UnK;s?c!d(E-}0fV7mUa9A7auQB-Unl}R z$fK5HX7gK*Lf3Ckh3WPco3)(F+g(dOvXhS!vHE7cBho2lCNCg3;Ij1n7GGPdnnkHr zo%3|_Byr2@7HY(yx`T^vEr@Nu!Qp#P_9Wv$@6~^k)6lokuV+HJMHwd(aG0LdkJSs< zozEJOT$`0Sf?><-hMvj`02%i}yq?GljFdYLVkU>9`1JCvD^E>bc2F28voA?QOHBA` zW2ad0*`<*0-LuI7b^~(|onNwZ zq|D6BbmPJNF+sD;OTL?L(Pks-$mN{2x}V&5BgQNzKGW7-KK9Xy(xin2^ z=eEsl5|DNY#>Mwg(=B<~-rQcw-+nxC7D4McUG)Tf&eIHaLo7?7#EW_! z$7bCSh^;la`bTRINTaTuFwtvk2P**qgf*1{B+sD0!ppCo;G4^<-M>(Vf<`pGfX7q24*lfcli@p$0g1 zKVKT)1@q?oGpxY;HP^y=G9&hgalq9Niu=VSA1qll7NApWUNJp$@94%?Kj+au&Y*ki z`M!x{ahgrrx#C^ZVasSynX(lZACDg|CNr_Ye`(8{GCm?Tgu-VI?qeUGe;qlG3q9JL zn2M}e?4?EYe}Aa*K~P-*PB=P$*5q2A@rc@ag7mfAgp_TYHb+Bi#xW1EkQr`!psdxf5pBNV{|j`)k|8 zaf{Q@?1?)}rqPIz2JPmy=Z7oHJV42&wfZIch7=ahZUqdWCAFS=UC^p_FoUUhxR(2OO-Ju~(kqL)(Phkvq_s@vYn z={yrC9DQU4J3M>oDdpnW>eHe(Os3dPp{atRyN&-KoQ6V$j6-puSMUVKs4J$m2hTp- z;!`eSOw?cev?;6Dz*PSdB32ekm+oHh6`A-y7SdDTr8&=_g&e8=n#ABfbr?haX>ztR zc~E@Uug405=?Pl}J)C7}yDSbU$4`Z!X=j!tl62W?MNt7=^x6ws^;LGZ;g=$uoxJ!*?b-m861MtwC5$QsK?~;P0S&aX6ln~V2!$G? zEGg=-1WP?L@!w*4HiiLX5Y~&jhK22dHdS+ZHaeWKJhe24#NK+sJ>4iML%@qM)i?Fb zSWb3*zp@?|g}x5|_RjaHk6fwm!BSFLe0}e|c4E3eH_0ca3uos~RyWQb7Jhfay0Xx> zIW+$L13uNWJrI(_d^cZ4&Dv~db>YJ$ped*S(b0{P{4P}{i&A}QA8p^?I%G=O0!#&imYf^4!)s)y1kO6VAK31v>_U#pMA$exPzHr7Ur>KX{ zbjNo9;;KdU%f*BFP1G{d10~qaGqvlYp1ATcNXimVE zk8C5Q2C|jZ=xse=T?5Pp*l=R#3o-!ctfDz3$|t&b#jZX? z5h>Q8uW5_w1&qOLt~?S<`c{Vss5^KxSEX+kM^|jjtuM`7i9+9HZ;yS#qO)WIv$2hS zO6IO^>_i^a>gsD5?W>4nR z>JF0?LHADHCoHDB-YF;|4_5MML|lHvS|C;97II(Q zgAD4!qysLt3}?dO@;)dAl!H)isas`XC{et~7vs$Kz0SbLLoby6LwaYq!-awXLox9S z@eJ_{VrmM<5Vw>>PXAHXCv;*p{MLx@aohB2Mst8^9mLjj7O5_QUxntwTvm0kF9`tn z!U?6+1(-)iUV5d5z5bu=2TKkEH7*Yulhu^(s^-=ngRZ89Vv}9ThqKdq!9o>hJu{n? zRbCR-VAVaYPvtX5X!rz-1as4>Rc&kJ+MJx<&Gi1TW=S2|?umR~oo_KzY=O)x3hB!2 z%FT9`q_z%f4q!R^hrotDy;3**AmGo)Zc;wLQ30l@=F{%8-|&jTB9{jj0`-KV3wr9S z2jx~j6&aYI{c~HV(R*VObHV6S?dAG5l{aji>OVm+XLA17d`)#paA$wpaT$Y;f2@e; zkvU}rYY!%`b72UQ1_7idZ3WWn!W~u|EZgek+9EfrQrQ}*E504b_->udtVc2R!hcX1 znq6!!SC3-Axk<6^ATQkgLobEMLt>BVy{cgz{$yutK4$u9dG#^(U-sTx0`3->m-&?Q zUc!U*`c;oy_$hBO%y$iE3Q{`peX{t6MHfzd!#w&QE1IK~es6GexqBMZrw`K%F%>c> zdu(tu!l5sf@QDOov|-1fi9$Uh2%@J=#0YFrg*}XX0_7e7d9-w-K3nW{0hBO^-Fkh9 z;*s>Pe`ur9qO7t~yTF%`@#I4>(=zOEV{5MEPRx-MSIdpSR^5Kp+-$$An51{U4iv@O ze19_mH_c`QSqIXw;h#tXM1zIKDhwladwInsWv&fyTYRay-NsPd(IotZRMqW8p}pon zp+N&1Q5QY|zlUj22h`X%m_QW5!aX?G#?(xPo$k$N78J9Ad`N0l=Ck>UPWVOXYsB{2zlRODJv6TY7WCyTY6q=3kJtE%SUX`rA#KPiQ zfBh#h*9mNJZd+;}UfuqrjJ*;y=MVH)3%c4<38gRon8@5RXx>`1&2(kEO`>c8^5E>i z&>t|t(_aG3z)=6Z>8ZK^ zTHqAqb_a)Ny#6XfLustBIygR#ZJVO=X{$eRMW`Pm<;O z``f*zk3Ik9#sHlW$Vjq1xTarQt?^{RDK_GZ46Ath9OZr2*>5;0_ysNxhQFhipT~h3 zw-xcx)KdVL{PivD?7r4-P}Wn5o}HsqA{7vGK@vF7h{|0I~1Lt*{(Xj7&R7HNF<7aF&CSAwcNy{c2tczFA(s{@yj z@qkj8#+AZ zwc=tw=^btEuDa-cRI6*bZ!z3A(EE)=bYnteG?KhW^$sFa5$?=pL8CRkpsrq7YvA8( zP)b@=zR2DgpYZwiy=vET9JXo0Y{%cmydJNH3_cj_waSxqP(+`!l=28YoEi1vv*iw` zAAT||(g};=K82q%Q-Y6F7;jA=ESgO|s@ki%8*e1mB42nuaGoxbqM(>NOU{Xia;>D> z{kl_gbc>-J(cbBa;+mPs5y`LRI1pUmp8ZyhV^JF8|5%~MKOq#pR34?~ojTab{CwQY zrqlo6Mn`q=T8rz7OF*mcjPpt*-brPe`jPPYwzu_<6Ncj#YI6La)}#XFvXS!(%+u0( z26c&Sy7;{T`-qAIxPLQN^g5ASdJ1>v=*~T_g|{f(8Sg^hdeP#EN0K>hN8Jp3q3gS_ z<6U=2j5z_RVY<=|@>jQfOyZ|jcq%-m+6P}e9{|~c zBtBSLvtM?Z@0UE1RFy*s!-jmziw;o~*B7zFr72E65~!dFP(o29B(A* zOmWqC*5}JcB#BYnBjn2#)sT;?f81`P@EE%vz*sS+$S-64-;2w)8rJ~B(8*)k@0*P( zIJ9R~h_A{+xYZM#x4PYV4~cnBIMR1NXRTfppG^cyG8X3>w$y#}gI@J;89FA^ty0V$ z5in?iuRdPZz}42FMtD`=h)$}TZS8=2qF#~&ZPQZi_%|DBJNWze!|D>zY*lUng@}&o-Z|2Uq3^y zvxA3cR5(Pd&{75#Xzt-n5>8 zZO2{;a5k<8a#3;2ueD4>7O-jBd~LYzv{>JW_?}naK2fnJvNe%3qi#$yhDwP?Wxxp3 zfFVeM1M_9LavlEXLBajGt3i#eIS)pvT@|mCbaNyif}ZBr611np^Eu*>)%l_?T>515 zlJ^fm2LdcCUmfW%Q|t5Kw5^egx<{M@y&u04f^}RKI2tgj`nOp;gG+N7FJ2%XFX7l3 z-Ge=Ae0_xLc#_zJLiBWg_V=lG{m~{caTo`?suHr)chtJP`F_iEJnvYg7;A?uyp-fT z-<9`fM@fN&wn5KE&M=kB2)5?Iy0wDgH)&}0jcFa*Sz?i2h>-O{X^{v{FuEol3us zB9$-BNuXQ2Ge`v{`P`3^vBkbBTii-VLrdK(p?rNa!_^pJN1om97Emdh9+4FghQMU_ z-##??jzIDaYc4jJkEH@GQvLH!MaUr8lq#Jw>026CCELX1YW=Lh2CIC6DXAea71 zpuw<2%lNdTiLY{R(LzGXcB<;zingj|8 z4RFW6?xDe*0p{B7UL~T@Z0+LZh8dS+c``eHO7~K+p-_7cDMwBB1(Y1vlYimbOddHe zi!E;QgyX)1X6F)z`I#lEOP_3&HAgFeZtkI{Uu%@{LK-`~uDDaA85 zhd2dWd{ZRS3T&$|{bu0xVEE#@_9nIc?IN_bixr&&cYY=!eTcbj{XEdV)e}|6-HvE; zBwsX$RrPVu^g->plv)+7 zFHBb&6}yR=&r$_UzaSbNQQTx;lV=dX1V@g3$y42q6+5v!Hs~MJ`a0C-jZ9?AqM;mF z9hy+>Ssp-7|FTROGF0EnC&YEozDi}H?T$|longYRRa~9Q`V58DP0ds^_1o$R4^(a6kG^YDA?7AwS6=W0S1UDU zh$K5Y=a7qRPx?>uqX(s7<4a0fA8QpHdE!y@_1EO_67&L5=3Zn6H+Od6!D2i5OI(AJ z_~+zcC8_W6 zv&+RPWzofUY#U!eqrj{ZWE*Y$BCy#R1x`Rq-Vwx(P$6-6IaKZfSzSh}QjbvfKLWiR za`InIS>@eE?W?#|J577s*ebYsk<5bNF)G9MshNn&m#z`xDU1}*dc~Gw1`$3!JxpGt zg2&*4$?SB78cu~FrjhqY8(8D7=G5WaY&i7K54Ic*skh;})O!q^e)3P26@&Q4CAdn7 zlNFED`ifp9@*UnW_kS`)GAARpxZuElz+c6x+yScISTb$nMr9x)sfg_u9tn&%Sd&FfW=8Db3PDYy$ zj&>_#FeE=z#n;*1knRo3_H}cQ)fZAuRuHdAL4(tQoG!}FtM9Mjbq9Eo5q3K<6{?0) zG`2x@*I+D$>Cuk|N;zRf>bqPcDQMz^Mxb5F3`;24ezP3>@-14-S-_nZK}A>LY&31! zjb{QFxmJI1I}bMK=>F{exEG(Ae<4iRfHG7f1QCS1#uCP|{rOq@72^3AMr9Bhj4Ks& zIcaFOBny-Sh5OmH%JGs4Z%XTDUOZQ@Ka? z%G{`{Nk%eR)PK3bAV2QowOu+_0dhbKQSp_vk39PYNAwz;dEN4ouiRIqSPJ%?rtw{% zodWAftk;8XIVE&~@LQ4qfUS$E8z>VE<1)Lr($NyD2!cU#b92T%v3jM_&@PtOsc7Unf*jQs%W)zy&eK2n~)Qu=Yxmc>H$;=mQvB!-d%qRlCU z1@cdJ7hTM8U$!uayT{v?EAC{N`YpsVGa&Ay{WU{JVKBN|d1U?-+Gdp|Gy0vn1{fYb z&BVBsD`2KOrgi8wNVQuLWprFbH!dPQKYULsbuZp@oKEShJDuZ{v}JX{E$Ttz61^JLF4zkM+Gl%w{R(h63!jRg`9C8Hj=&5z3-aQfbSb+Du-C`IP z0^r$2fdmAK17wV8pv9PWV9srO-lT|hpQGj~-vQfwPIz4+%_+R+XyjCr>Tg*UBr}^) zQH9lg;;an28CZ|NSBb|5nsB-h(4F8NhR_W|c$YE9gn2My)lAx{#(wUeN;H#eR@dz} zEKUao(o^rcSAa~LxY@SeR-_IjHJFR?I1~WW#SU}h4{K6SB(${Eq>>ll^LcXY1jTcz zqBC%lO!pat@N8%K0rz93^&q*yJVDz%P@BZs`@%UBx0mw-*Y?*s4Q#5(4R>LTtm@Y) zdjb22pl~_Dg&YitF`$W{LF=b83P`yx=t#ZR;yF7tj@;{qw3k+VLMC$9_>jMNchA7) z3r2*H?2!s3rI5KE=g){T-+8llW=SZ$;?v~a_icGK+a~xyI;8^n`kz0fUARXO1IxF@ z4J+WFEF1Skm0Q1vF29W=;6-4ELEYuZLB6gAQ$u>cr{-2jBDg+q2~+iQ4d5*42vbgooEZY%h21#O)VV$RvB_ zDYtX}3&1qe89H95-#Fz_)y0vZFW-zZ_~S$SU32z6za0syk#X8dA8=9CW$t)h|B8q~ zhD|zLY@c=7J6p%`qvA+!`y!STIc4_th)v7=pJ_Vol@3LY_G%fWs>ZE#a_|*p;ahu^ z20T>q(bJ26B5!-j1{AI^5T?10vol)xR{hT;u#!5^?l-n^qPVj8W?(z)B_aS=i=v~f zrzN-$L5oF4$+61e5ER!DAzhO%V-T&ft>a?XE*Lgw)>$Bzbl}Q9mlIf!QjxjO=uFzC z#k;XuFQtB^3&ZEEQ{QTE8G8J9#1ky6=(Y57U|C|NvhZ;jqjD$dZN+K@d3san#r9Hb z)669Ii|w9mGAoe9k8wb7AN+@7%y*tSgvcU&MR8gyB6%5}s$cRh?yx;I@=fVY~U(9X<5HcO{nlEmpl%Yz#mw7s;~ z6-nhtOZcT^gVFcV*Lji`O}<^yomoA(B!sJ$Q);|b<+61YiMjZm>1HbeSkR&Cg>|mB z4;%+qN%8JSufPJtbEa8B0e=5+(^CTM`@{h#z*eQy@bCQ)GRl(Iz-j2iH11?Bq?MFQS5-#T9m$MKh87E5Hb2kBJ0Yy}Q`Y;`J2_SbUQa{IP4E&2q z^2j`Jt4B}}OR@S=<@S#yFM&@(X zsSSMPnuC%Y(%^*)XZ!{yaCq^A}N1XWFr68H zNtP1JU9XiTVexXM+Guk&uy;=-XiL_mRzTXVe#^}nfR-$pHp<*Yh1g2M3uB`nf|S4J z%T8)WrrZ1o}4C9?Y_Z=OWmQK8MG#r3j+5p?uQr~w|5-~MuzxfIK4?hQs zH|So}s9Y{q?d=R}rVXUwE%kG1e9==FZlRSiaQ1-$^e0_3NdOU<6l?*GG2z1m9*!Dw z&;+BoXO*%1y;>Tekd|StB9PnXT3pk!mS60^{9Ww%WVBTzxMb(fVd3&!uZ71ofstn# zK!jKdSky-PUK$XW)e zg9Ub(+=-`VT&z)NaqQ0iJ)h0iGGU6vcC&C{=MW)S0zdul7+R;nphJli064M$0?Q9> z8ePjT?Gj!lBbsCDulL>{cKn^OEYMh+=gOnD?+DtZvd%0N_l2COsKCW=i~!d48)yt9 zFH@sS{F=s^an2#>P*&LD67~D)+Pk%PS3B)dj&W{R&j~NaoeF-{6u4BgWh)&nou)|18ifs$ zK-N`+iu}R)8qyP0^;P>Uqrzi&?~Y~h{BV^IftaT)B0if-uoBDgXY3Jq`9?eFcZbBd z$jfh5*wdkC{1?tTbNgbA-{5UW4ywVRSoWB#{pMc9h5C(LUQjOr#jcqaqwuJs_ne~} zMeX#FZ$}y`V$T$1#x1=WaIS8W`#G4=Fs1g1TyK7VOP@BcpgFMExc`>8_(z$2hSwJ# z4j^_Z@L>oZ;C%f1V3|pP{TzGfVNA3qnj$emq`zD)H+-Iv;DXYULfr1AUsoMp4&Y>%_yby#KmM@g6M9RZ_` zy|zQW4VZI3Q&pHR8|Haa?pao%b(wFwlsElq(U{+UG@3{W-O&eESw9f-|g2FWh5WIoy{OC;oZN5eKDLFJEzq0v25MA2s`L?>Dse2P0 zGUuPk=QW8QG;$;rpy%jnA`cH%uYgb;#ON?XF!IeWq(bUso(d< zSrkn^@o9UebU!m~oet9075wvEMkdwuDX5*ZYP0a=a#Wb$ZP$^Nq_omDVcy;28n@;< z>Q6PxKYZG_!9%7ljN_l4thWkm26xqKLcS$P4~VP%ABtBrzBSY^}G8{9sjNYq0-@>5SEm*Wr*`{*3meQ zNZA;IxN!Gq)wi#hbpDvbl(M~U6)&E(0CjlgstRBZYx(=XMrQ8-f3>LG>WSQX30gC2 zL|tE8u@O3c_k9(E!VcPN#%c5?X%gt}fQvwP%dzs1rEf-;qU@6YxBtSVC>zW9m*SO0 zIKlqnEPro)3g*e+A9c82bg;K&aOnrj#BEou8kMPEzY29b;zU|PKbqZ_-!VmbLTd=p+L!W(AfgBsUo7#)LvS96i{Ma?w!pdndNsqH@cebJ?5V8Tw%^_ETXx zZCBn@XQ_~wnRxr)iB5j}r314jg6Xeby+X^Srz=wY{flwzU7#uG^bX{egXDs}AXQkzBaOG3`oN552D%t7R)KOk=d+3O)>G zzH#HmaF3OH@GZKQct&w_PM7#$fq(z)$kf#9?LMQlxi-3NG#wD8?hDKwQDc<}L#MXP zq0IempFSPLJOJlae?JZDmWxC}+J$%ay>%!CuV7*i`|U2l=chigiICTAAz3x zWIpnZ))_j!3rn$nlCzNg@#4RGs-M^OhE0Q-|TBbf-KU9BV6H@4lVl&0w!q|`#_)lDXpRM+Qa+wf(XPaDz<(&r= zMso4BMa|c)->B=HK(9jhl1DL>%!8Y?A}u;T`6s7v66b>+2F-+T4<%Nw)Ob`%Z;byFAB_1X*zPA^m7iI>*>Ua(Ul4m2lVj z7*%@~l^FvA_US;Wwi%+&)-q0QUooWG_n~7T`{;q1xVHp$5HwFfUYjjTt}2Mxlhyli zU{QJtx#)XP!IEL+K`eXZZX<)9Pk*#|7Z#LEEm~z6H-72O{PJh1^gzu0*b+E!4J&Dh8*9D-R8Y-a^2?fA0vX-Xklk zic5L0Omue(5ZYyO_ieEdLeE*J_c*AK-LIdI58Fq0b$;(Q+g;t5$-$b$XWJG_Q%Dp~ z;FHy_siyBg>dT{rYDAM`uhpcTSG%xi5|1%!!Dz`0`=(Z;68{iqSHka=@NL zPeUwyZWL}Qti#%nL0iGZd?(xHjtIrg{)%9KkL&Vw;E2UYg+VR?v}eJh^yc#MZ&pH( z8R5a8nNYI`VyQ~QVnDN^g~Xgp8+G)x@0^>y=9CERxw$*0~YpGG!){B->>&gO&dw34lD^UfxJ{IrB4r{} zCdD6^8~|^#0_$&C?`_UibqoiMw@4ob=1m-x-1S)Wumnc61BzcgpE%}Q#Lyf*QGPI^ zhgCh4yh_4U2h0VQxECO44js{BHicSn=>o)3d8@)K!sfUie=qbGzjga<7;X?XE(03D zAXzgFhI(U>mB_;}n)}F_r)$PWls;!LqAc84hn!XVxf&bYR|_&FL=-=(G7DdLjFh<^ z3kTLA>X_S+GI2YUoGioMdR-IWw*I>A;{e4A|@?P&O;i1^Kqs#5AHji26%!V}a zHgBQKt_3Feu`8!QH9fC}#zXZLIl4g)9ie3B)*M+_@@E!f&ta&+lh&Cw*#-pO{y zV?@GhknJ^3abJX!yoILqjiFLlE^HGX#PeGSgUfqcAR8{SluTZrStx3u$e?6Gol;a=I#9h_fhkb9Gz& zwS&vgua}vwT@WNff!Tu7b7ViGps~ZRGe3aaHPw7Kn#=>6A0HKsJ5dJr~^T#Nq6;8F8C8lxU#Kaix!|No&0a zIgg*E?z!BExu=}^j82A0izlZipy3}>^AgvGlm2}ZIAD*l?@06oT*~5Vq6;}IfzD=Ff22;*reTOJ!L%2QZ5O!@=06kKdC*Q2!}XD;gPJFCc`@b%~|MLiO%{YXFafTOu<&<5u(jUD-{_rNV4aHEK5~Z0y&)&%#b2JROaA(od-p)(#LZD z6;M2Sspd(97Zgt#R+p`5P9>m{;-$QnqY2)pjOviMX!DXuo%0d0<$1UMN+a3hujzc6 z`LZCpvuL7vR*QgBM=$2L*Ha)9Q+x>A;zPwx*36-`v-fuB@??EVKtTY#AARAsiSYE< ztkRB#9O-GNJTbxF={tCK#i`#)Kz+0%I=AN&Qadl`@l{K0tCAWuNQb&HHz&iDk6kvW zlW4}wTs+|xalV`hr&*0}QuO!zHVKLp1@bXTu5fVo!}{ih9nlI_4{xIKyKgeO&4al@cp{#xHGy%Kfe+5GYm$!%_HHJ|xCDW9zgn)rVm zEX@~%?nvBE2@N>%zXMUJLp%Q)*uJvK` z6t<^BAiBV;q(YXQwSuGUBxentJ1`Fi7@M5iOB(zh!ZKqI zitHo|gtb@^UA;+}GtCD}fPK^$EuJnziRbj`(+}=a!@023!(l09T4q*S#uQZ~tkN@q z`OJHJYjt$*NN&mk+KTZ_0Z7UOZr~Gd@A!1nwZ{zf*}%Tw!b@qXqwT5JcPMZfx0?#W z-verw;c`Q--Sa~$%Npv8@Wan1wQkTsF%20z6JM&=}gzBHIPvn}R-#PL}rYDhr`1ZK3`GpC2`UuOM(?;PVBSWYmMQ zEG`U+_ek?RF2na89q$9p3Gi7yYjiHeS}1T>IUK4jGC$13jTjrtd29gZ;&jj`RFZ|J z%)G~S2`7qfD+^|W@d>nK<^PyA8Ljn4)R@5LqN!&5aGP)kz(d#(8x=T>$g>GilYY3bY8aD-Huq|Un5v(BJ*7qdI2C`}Rr+Dlb*8A{bL z!*$InqOiGt2^YylpqNH_Q|~H)pEAkXXEvub#(m{m$!^ZcovxdrqD-LIA@E*x-8q-w z$H}B~jH2szaak>ApQu=$>cPv=+LMf;@^0K)F~bPLLtC)wrnXD!>B8T#L~U`0kTMjT`I@&XU>3u1wd7m@uVR7)TLW0zbA=sBaJYES2VvwEc+n2J))WeE{Hjon}QXl78g2ti6JLQjW-nKi`hV)eF|vQ#<|pXJr|N9 z)CuyYC1pfh_%+_Fz}a814FTI{Rv~VIy;(+Eaz7^Mt;&a_Itp>=wGZZN1AJ?nVMuca zi+|R1#e?fykSl$Z(aE_0H-!ZrMpF+nVvAvh z|ENo5a>0zYMx%oB0b|0^yk;4aZs_LWb8fc%4COiQjfW9}8CE^A!*25WnT>=qxq@wv!pf~QP8k@b%kzY-f?x&6+a-1YVT+cF&e zcWpQ#R3xHa!0L9d;cg}^PX#HXnWQ|}J&&~>$M14K<6b$hk+iqWdW8EicSa@DL=%K9 zvQEu=G2zvy`#eKzQ~S_6|B9vj@6nSwAFH#SpW|iN#yD2q7JG#K zCll2z986X}D1t$})UQ&5$(wvK&l+_^HLT2%~*IoZxBCs7VE!;r*i&+v~ae3~{- znvC2tuxCh1)yYTC_IhU7i8Tu}_h&jDX#bnBt#?lhX|!1wcwIZNHtpAQ!RzH(ZWL*| zpTkP~K|5)cpdOfDtwqNvOK2PJOO9wO-uswh-ZMd?N+TLpOpFSx?o0T39EyW>)FfQW ziLja+)B`6gKjf$;tVWGQW~}LsOx$l{WkO4#`latH9VSPx6fViBT(P%{Lo0(wEGv^> zBU7A8xW_rGfGM?_Z(G*Wkwl4Y5QV5QA24Rb4Zb1aWois)?>i0>fX|h#C4XGkh6w|p zy*1xAD}DVW-tVP0+&b==7j)O=rkXI_mS$Jfr3 zr~T|qEe-#ZM2C1mtx+m)qKq0u=B5BJo8p`5`*zAmZk;4bKf7fqsL4&QwQI~?)W0hm z&DWW($YtueBncPj3lzQ0>bVk%Q8($|R6?an37@oPcbwNuc{)Gd(w`3Dd4& zf6GitqET9<%S->0`rcp5C!l$=7F7Be0Cww!cxm8jg<$%mj`HSX%AI&uqn%@6kJJWN zCuzQk=R1Xd=%7}!NSoOgb%88yfZYqUWwct)#W4H7xZygte1mlPtDj}`NzxsG?RADo z_*RkXa69+c+v{mKvSzx2pfcZa_R*$RVH!vBla1cGcd|4zl0p-8Dbb`GeN;r61dEtB z{RD zl%f--|KGPzP@I9Fuf0&l9O8d*4@f)~qoBBSikuatcrM#S$DyIrFLU|u%kHZjP`f=& zPLch2zPf>e!uLAAz5SiF`l!py%*N`q7cl=dUo5#6D_$8MS_@|g5J`gg7tI4|C8eVpMO@l-w;&IK>$-n zSR@?!NXNo+=5V|&*U-s1>q@0x%|Tuev%E(hZugf$LuSv&0D+autgQY0%YZ08W-u5! z+`{svAC-W}Wz4x0+dXiv)!#F76e6+tCMFe5jilvAj~-=+Uv`L_TCd<22~ypa(qX;d zzj;6&p84mo%%9p=q+t>S6}Et*!vnOVgrsDZ=jzjC*%hpJ*7x;$(qZAR*|9QoLuLY%Ty}4t{Q18ZJNks?mMoj zT*eGtU7`|U$1P%|T$a)(*M=_Cim9ZsBYD0Xne#la^LqX{ujlvYkKgz5`@KKc@B8za zG3)CRqGI{`N1)eFNyQ~)YNdC_1Xy&9b@<^xK5*vgZA+sdMdV0f0?JzV@_t07_`oW+ zb2!M(rub)r-9jySbRJ)xobM56bgnmGrX^1=JRz&8iFhO=BFK*m%`4t!U z!gSmb6~0|NUI)zh!w(zl?*la6f}_ zY`bd(-OlE(Gyjt8wy2^E4q2{}mKOg8g8)5F7jpdJN}D7jEMnFlu<5c&7Sgc=e05nF zNHaX-&nSu?3#TR$^k+aK-ag7s58flQ$*n^tiYayCcGPTSTXkEg6y#z0+`@`qvy8Fz z1-3k*pHr7rciJ$*Mq)hCv9cbId1a{*qzwC&w(Qosnh2~I%h9XP2X*eKWWr+l;zyO9;!Kc*xS1`aP#9>)asfmNdSlpK%!|%O9~tY2c&dgh^lM1ZJ%jT z^zO8TVmM2UH^lTP8a8Bv7h(Yo_CZ{Im_y|T=;{uS^icy(l?wqRe$d39G{`YFI%SbC z*!MhS${+~SlYfduE%Ok%z*x8{3`W=DyZ+H1!Wjd~69cluAlj8E@?tfUhCzK^Xl3k2 z+naEK;a4M~{q6cuHH52kvyzU!q6YIX5)z+tuJK})0yYCn{@iZvX!^pAbE-Mc%TB#{ zL~S8G#(;FK>&+NdyliO4T{b(lj`RY|S39A@k>xj!Nv!MR4ER{psz9MsDSU9hTbm#? zeErPGuR$8YW|)!q4I}q--SH8$f&8M-Rty6u)F?a9R4Z8*RwT&eu^M3jwCXq?lHB$e z2JE~f#8dT|ow;L{u-5SkcA)w!0bROK$x4CpxE=XcB}7Rt(4-=GXKzE(S;&F2K_o*g z>y67x>cFMrhh)6wVd%nkv-+i+$_=il;2;Z}jc~57z)|yLzJSL(m!B7?N0xmx%TU+M zGxyWwtbkY1ruCqy-aIh%{KS)+`U0hE9T3t$E@Lt#DbH%*c~>MW-cL2|Ma4p`2@<MJ>GPn|>ime5<@#$^94}JU2aS4vE=9^)YfYz<*<87y@aEmgeQT2J zT=;Q7c$F0u)5d`H22MbQ9-2^)L^3up2?yUnP$lp&DLL6*sRs)TzuEZEdv%uqBnma& ztf`=j)t)(U$oTl1pz|CJEs?ItLg`0(W(R@eA+Du-J8+dMcboevs`i5RYN#?B1n3mi zJ>kY?X4n)PZ9^ix3U~lLCDvzEnSK+=EAXNX?^0DXECYG53I;P~?rVz|6 zLEzKZ5K%{ymXdnstZ50G+9!u_y7dXz2tZ)Ui311!icG3FhTB$)R*u%E`}ds$X#BD< ztVb+mZ0F8co8YV81v)`Jp)ic5g|KiIdVa#U^0Z|;QW*C&3Yi-EzidUJNPKODyre@p zjZhe@J(Mu&AyH616tm69NGs_zCF%6E41@Si>ozfW>skn&dNk67r3ZXEEAxWi7N9_R zry*(MwEFr6U#mQ3>4@$6$usH0kL|#g(!bCK10Au`xZC4KAA&S(Q(zgGV5)t$MI1F} z)uQL~*V9vr?G?0=s8iomI<9=R$7-lEE^EbZ71XE&_R!H(OmO{KY*}N|=Eov%WT7^C z$r%2gfOBTBR|;xyO21kLJ*5GyFskdfteCnY)kizdeb0%R7P!M8c?Uz#s?aejSd})%f#dE?0E_g)a^Zc34@Hun zg_>+uyJxL-to@?j_Sot?1q7{ss#b0Q7aq=;D7jEy7sfOWnIRrle!h8KiXDA)tscV} z>6q73>TPbFkGg;VK4zp%$?UHKK1>1l0!@2mS+&L$#N2#AMDIVz?Estc2EHJ8$PuvO z!y(?9T#qA4oxKC*BaLyAz-V@2r=|P1@a*$7Q1vTpsxriNieJTp0`SCmZ0zLgp&IKJ z%@NiXAGXYbvbtN5mr0z8XAqH-Ga-=qiGT!b0bL{+k6T+$FSi4nD^3ASaUZ)S*<&-}*VSsz6+D{vHAKBs zlng10m<~ep$VMm|fS5=%vApxq)KrbqH8(&7nkf7RLMPytGCL#5WU~HS1?|nkT3w;k zdA{i+$KWa9qS>}VmaJV2!&5SQEx^x}{ZwcF1-5ViEJDj S6JsyfJKEY|$1O|G=zjyB&8znS From 872c5e87a3e77f556a749d096f9d34e9998b52cc Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 23 Apr 2021 10:24:04 -0700 Subject: [PATCH 081/156] fixing issues --- windows/deployment/TOC.yml | 2 +- windows/deployment/update/deployment-service-overview.md | 6 ++++-- .../deployment/update/deployment-service-troubleshooting.md | 4 +++- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 1964f9049f..7d4cdda4eb 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -167,7 +167,7 @@ - name: Windows Update for Business deployment service href: update/deployment-service-overview.md - name: Troubleshooting the Windows Update for Business deployment service - href: update/deployment-service-overview.md + href: update/deployment-service-troubleshooting.md - name: Enforcing compliance deadlines for updates href: update/wufb-compliancedeadlines.md - name: Integrate Windows Update for Business with management solutions diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index 3153e63472..5eec3aacb9 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -12,10 +12,12 @@ manager: laurawi ms.topic: article --- -> Applies to: Windows 10 + # Windows Update for Business deployment service +> Applies to: Windows 10 + The Windows Update for Business deployment service is a cloud service within the Windows Update for Business product family. It provides control over the approval, scheduling, and safeguarding of updates delivered from Windows Update. It's designed to work in harmony with your existing Windows Update for Business policies. The deployment service is designed for IT Pros who are looking for more control than is provided through deferral policies and deployment rings. It provides the following abilities: @@ -156,6 +158,6 @@ Avoid using different channels to manage the same resources. If you use Microsof To learn more about the deployment service, try the following: - Release blogs -- [Windows 10 feature updates policy in Intune](mem/intune/protect/windows-10-feature-updates) +- [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates) - Windows 10 quality updates policy in Intune {LINK?} - [Windows updates API overview in Microsoft Graph](/graph/windowsupdates-concept-overview) diff --git a/windows/deployment/update/deployment-service-troubleshooting.md b/windows/deployment/update/deployment-service-troubleshooting.md index 2780242f8f..3cbe32d5fd 100644 --- a/windows/deployment/update/deployment-service-troubleshooting.md +++ b/windows/deployment/update/deployment-service-troubleshooting.md @@ -12,10 +12,12 @@ manager: laurawi ms.topic: article --- -> Applies to: Windows 10 + # Troubleshooting the Windows Update for Business deployment service +> Applies to: Windows 10 + This troubleshooting guide addresses the most common issues that IT administrators face when using the Windows Update for Business [deployment service](deployment-service-overview.md). For a general troubleshooting guide for Windows Update, see [Windows Update troubleshooting](windows-update-troubleshooting.md). ## The device isn't receiving an update that I deployed From 358df81f2e643bd1386dfce732f10760caf0c3db Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 23 Apr 2021 11:16:26 -0700 Subject: [PATCH 082/156] fixes based on feedback --- windows/deployment/TOC.yml | 4 ++-- .../deployment/update/deployment-service-overview.md | 10 +++++----- .../update/deployment-service-troubleshooting.md | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 7d4cdda4eb..3ba791f451 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -166,8 +166,8 @@ href: update/waas-configure-wufb.md - name: Windows Update for Business deployment service href: update/deployment-service-overview.md - - name: Troubleshooting the Windows Update for Business deployment service - href: update/deployment-service-troubleshooting.md + - name: Troubleshooting the Windows Update for Business deployment service + href: update/deployment-service-troubleshooting.md - name: Enforcing compliance deadlines for updates href: update/wufb-compliancedeadlines.md - name: Integrate Windows Update for Business with management solutions diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index 5eec3aacb9..478de242b5 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -31,7 +31,7 @@ The service is compliant {COMPLIANT WITH WHAT? BY ITSELF THE WORD DOESN'T MEAN A ## How it works -The deployment service complements existing Windows Update for Business capabilities, including existing device policies and Update Compliance. +The deployment service complements existing Windows Update for Business capabilities, including existing device policies and [Update Compliance](update-compliance-monitor.md). {BIG IMAGE} @@ -39,7 +39,7 @@ Unlike existing client policy, the deployment service does not interact with dev {SMALLER IMAGE} -The deployment service exposes these capabilities through Microsoft Graph REST APIs {LINK}. You can call the APIs directly, through a Graph SDK, or integrate them with a management tool such as Microsoft Endpoint Manager. +The deployment service exposes these capabilities through Microsoft [Graph REST APIs](/graph/overview). You can call the APIs directly, through a Graph SDK, or integrate them with a management tool such as Microsoft Endpoint Manager. ## Prerequisites @@ -88,7 +88,7 @@ The deployment service protects deployments through a combination of rollout con ### Schedule rollouts with automatic piloting -The deployment service allows any update to be deployed over a period of days or weeks. Once an update has been scheduled, the deployment service optimizes the deployment based on the scheduling parameters and unique attributes spanning the devices being updated. The service does the following: {IN THIS ORDER SPECIFICALLY OR JUST IN GENERAL?} +The deployment service allows any update to be deployed over a period of days or weeks. Once an update has been scheduled, the deployment service optimizes the deployment based on the scheduling parameters and unique attributes spanning the devices being updated. The service follows these steps: 1. Determine the number of devices to be updated in each deployment wave, based on scheduling parameters. 2. Select devices for each deployment wave so that earlier waves have a diversity of hardware and software, to function as pilot device populations. @@ -115,7 +115,7 @@ Deployment scheduling controls are always available, but to take advantage of th #### Set the **AllowWUfBCloudProcessing** policy -To enroll devices in Windows Update for Business cloud processing {IS THIS THE SAME THING AS THE DEPLOYMENT SERVICE?}, set the **AllowWUfBCloudProcessing** policy using mobile device management (MDM) policy. +To enroll devices in Windows Update for Business cloud processing, set the **AllowWUfBCloudProcessing** policy using mobile device management (MDM) policy. > [!NOTE] > Setting this policy by using Group Policy isn't currently supported. @@ -133,7 +133,7 @@ Following is an example of setting the policy using Microsoft Endpoint Manager: 5. In **Configuration settings**, select **Add**, enter the following settings, select **Save**, and then select **Next**. - Name: **AllowWUfBCloudProcessing** - Description: Enter a description. - - OMA-URI: \`./Vendor/MSFT/Policy/Config/System/AllowWUfBCloudProcessing\` + - OMA-URI: `./Vendor/MSFT/Policy/Config/System/AllowWUfBCloudProcessing` - Data type: **String** - Value: **1** 6. In **Assignments**, select the groups that will receive the profile, and then select **Next**. diff --git a/windows/deployment/update/deployment-service-troubleshooting.md b/windows/deployment/update/deployment-service-troubleshooting.md index 3cbe32d5fd..ac3498ecbd 100644 --- a/windows/deployment/update/deployment-service-troubleshooting.md +++ b/windows/deployment/update/deployment-service-troubleshooting.md @@ -32,4 +32,4 @@ This troubleshooting guide addresses the most common issues that IT administrato ## The device is receiving an update that I didn't deploy - Check that the device is scanning the Windows Update service and not a different endpoint. If the device is scanning for updates from a WSUS endpoint, for example, it might receive different updates. To learn more about scanning for updates, see [Scanning updates](how-windows-update-works.md#scanning-updates). -- **Feature updates only***: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is not successfully enrolled might receive different updates according to its feature update deferral period, for example. A device that is successfully enrolled will be represented by an Azure AD device resource with an update management enrollment for feature updates and have no Azure AD device registration errors. +- **Feature updates only**: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is not successfully enrolled might receive different updates according to its feature update deferral period, for example. A device that is successfully enrolled will be represented by an Azure AD device resource with an update management enrollment for feature updates and have no Azure AD device registration errors. From 8d5c19c8c80e65fd4243adcd591f566e376b5480 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 23 Apr 2021 11:29:36 -0700 Subject: [PATCH 083/156] trying to make the TOC.yml happy --- windows/deployment/TOC.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 3ba791f451..396ab38067 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -166,8 +166,8 @@ href: update/waas-configure-wufb.md - name: Windows Update for Business deployment service href: update/deployment-service-overview.md - - name: Troubleshooting the Windows Update for Business deployment service - href: update/deployment-service-troubleshooting.md + - name: Troubleshooting the Windows Update for Business deployment service + href: update/deployment-service-troubleshooting.md - name: Enforcing compliance deadlines for updates href: update/wufb-compliancedeadlines.md - name: Integrate Windows Update for Business with management solutions From 7071c2cbe72f3cbfa76821c7068ad24a98390bf0 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 23 Apr 2021 11:34:18 -0700 Subject: [PATCH 084/156] TOC fu --- windows/deployment/TOC.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 396ab38067..7d4cdda4eb 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -166,8 +166,8 @@ href: update/waas-configure-wufb.md - name: Windows Update for Business deployment service href: update/deployment-service-overview.md - - name: Troubleshooting the Windows Update for Business deployment service - href: update/deployment-service-troubleshooting.md + - name: Troubleshooting the Windows Update for Business deployment service + href: update/deployment-service-troubleshooting.md - name: Enforcing compliance deadlines for updates href: update/wufb-compliancedeadlines.md - name: Integrate Windows Update for Business with management solutions From 79baead0da39f0f95efc61892a22776e41fefb46 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Fri, 23 Apr 2021 15:22:28 -0700 Subject: [PATCH 085/156] Update faq-md-app-guard.md --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 5d37b3aa5d..9a7f8f0ed3 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -143,7 +143,7 @@ In the Microsoft Defender Firewall user interface go through the following steps There is a known issue such that if you change the Exploit Protection settings for CFG and possibly others, hvsimgr cannot launch. To mitigate this issue, go to **Windows Security** > **App and Browser control** > **Exploit Protection Setting**, and then switch CFG to **use default**. -### How can I have ICS in enabled state yet still use Application Guard? +### How can I disable portions of ICS without breaking Application Guard? ICS is enabled by default in Windows, and ICS must be enabled in order for Application Guard to function correctly. We do not recommend disabling ICS; however, you can disable ICS in part by using a Group Policy and editing registry keys. @@ -184,4 +184,4 @@ Policy: Allow installation of devices using drivers that match these device setu ## See also -[Configure Microsoft Defender Application Guard policy settings](./configure-md-app-guard.md) \ No newline at end of file +[Configure Microsoft Defender Application Guard policy settings](./configure-md-app-guard.md) From dd6e3491fb611edecff40632283a330286280ede Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 24 Apr 2021 03:39:28 +0500 Subject: [PATCH 086/156] Update windows/deployment/update/servicing-stack-updates.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/deployment/update/servicing-stack-updates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index a60534ef8d..defeb5d1ea 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -53,7 +53,7 @@ Typically, the improvements are reliability and performance improvements that do * Servicing stack updates contain the full servicing stack; as a result, typically administrators only need to install the latest servicing stack update for the operating system. * Installing servicing stack update does not require restarting the device, so installation should not be disruptive. * Servicing stack update releases are specific to the operating system version (build number), much like quality updates. -* It can be delivered via Windows updates or search to install latest available [Servicing stack update for Windows 10](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001). +* Servicing stack updates can be delivered via Windows Update, or you can perform a search to install the latest available [Servicing stack update for Windows 10](https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001). * Once a servicing stack update is installed, it cannot be removed or uninstalled from the machine. ## Simplifying on-premises deployment of servicing stack updates From 387603e22ebcb7f83d952068ec1fc942df2940fc Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Fri, 23 Apr 2021 19:07:26 -0700 Subject: [PATCH 087/156] Update windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-how-it-works-authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index d0647fff25..41ee599349 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -52,7 +52,7 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| > [!NOTE] -> You might have an on-premises domain federated with Azure AD. Once you have successfully provisioned WHFB PIN/Bio on the AADJ device, any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT and trigger authenticate against your DC (if LOS to DC is available) to get Kerberos. It no longer uses ADFS to authenticate for WHFB sign-ins. +> You might have an on-premises domain federated with Azure AD. Once you have successfully provisioned Windows Hello for Business PIN/Bio on the Azure AD joined device, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Azure AD to get PRT and trigger authenticate against your DC (if LOS to DC is available) to get Kerberos. It no longer uses AD FS to authenticate for Windows Hello for Business sign-ins. ## Azure AD join authentication to Active Directory using a Certificate From cc5989f5a5593c9442241f7425676b7d2c0dcfe0 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Fri, 23 Apr 2021 19:07:52 -0700 Subject: [PATCH 088/156] Update windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-how-it-works-authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 41ee599349..7439db90b9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -65,7 +65,7 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it has not be revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.| > [!NOTE] -> You may have on-premises domain Federated with Azure AD. Once user successfully provisioned WHFB PIN/Bio on, any future login of WHFB (PIN/Bio) sign-in will directly authenticate against AAD to get PRT, as well as Authenticate against your DC (if LOS to DC available) to get Kerberos as mentioned above. ADFS federation used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation. +> You may have an on-premises domain federated with Azure AD. Once you have successfully provisioned Windows Hello for Business PIN/Bio on, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Azure AD to get PRT, as well as authenticate against your DC (if LOS to DC is available) to get Kerberos as mentioned ppreviously. AD FS federation is used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation. ## Hybrid Azure AD join authentication using a Key From 594bfb310b13ce6d04fbcec9fc4c2cc076ee8386 Mon Sep 17 00:00:00 2001 From: illfated Date: Sat, 24 Apr 2021 11:49:32 +0200 Subject: [PATCH 089/156] MarkDown update: replace deprecated HTML tags - As requested in issue ticket #9449 (** tags causing issue in localized articles**), this Pull Request aims to remove HTML tags known to cause layout and readability issues in the MS Docs document pages, Frame Overflow being a frequent and obvious layout-breaking issue in translated articles. Changes proposed: - Replace HTML tag with its MD equivalent ** ** - Replace single asterisk * with underscore _ (when combined with **) - Simplify usage of bold formatting (** **) to only the outer pair - Replace HTML tag with MarkDown underscore _ _ Whitespace changes: - Remove redundant end-of-line (EOL) blanks (trailing space) - Normalize spacing in numbered lists and bullet point lists to 1 space - Replace end-of-file (EOF) consecutive blank lines with 1 NewLine - Normalize layout spacing in MarkDown tables (consistency) - Normalize layout to 1 blank line after H2, H3, H4 headings - Allow up to 2 blank lines spacing (not 3 or more), ex. H1 page title Closes #9449 --- .../mdm/diagnosticlog-csp.md | 286 +++++++++--------- .../client-management/mdm/provisioning-csp.md | 43 ++- windows/client-management/mdm/proxy-csp.md | 52 ++-- windows/client-management/mdm/update-csp.md | 49 ++- .../mdm/win32appinventory-csp.md | 38 +-- 5 files changed, 221 insertions(+), 247 deletions(-) diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index 3ef1008019..d33f4f7d36 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -13,23 +13,24 @@ ms.date: 11/19/2019 --- # DiagnosticLog CSP -The DiagnosticLog configuration service provider (CSP) provides the following feature areas: + +The DiagnosticLog configuration service provider (CSP) provides the following feature areas: - [DiagnosticArchive area](#diagnosticarchive-area). Capture and upload event logs, log files, and registry values for troubleshooting. - [Policy area](#policy-area). Configure Windows event log policies, such as maximum log size. - [EtwLog area](#etwlog-area). Control ETW trace sessions. - [DeviceStateData area](#devicestatedata-area). Provide additional device information. - [FileDownload area](#filedownload-area). Pull trace and state data directly from the device. -The following are the links to different versions of the DiagnosticLog CSP DDF files: +The following are the links to different versions of the DiagnosticLog CSP DDF files: - [DiagnosticLog CSP version 1.4](diagnosticlog-ddf.md#version-1-4) - [DiagnosticLog CSP version 1.3](diagnosticlog-ddf.md#version-1-3) - [DiagnosticLog CSP version 1.2](diagnosticlog-ddf.md#version-1-2) The following shows the DiagnosticLog CSP in tree format. + ``` -./Vendor/MSFT -DiagnosticLog +./Vendor/MSFT/DiagnosticLog ----EtwLog --------Collectors ------------CollectorName @@ -59,7 +60,8 @@ DiagnosticLog ----------------DataBlocks --------------------BlockNumber ``` -**./Vendor/MSFT/DiagnosticLog** + +**./Vendor/MSFT/DiagnosticLog** The root node for the DiagnosticLog CSP. Rest of the nodes in the DiagnosticLog CSP are described within their respective feature area sections. @@ -68,18 +70,18 @@ Rest of the nodes in the DiagnosticLog CSP are described within their respective The DiagnosticArchive functionality within the DiagnosticLog CSP is used to trigger devices to gather troubleshooting data into a zip archive file and upload that archive to cloud storage. DiagnosticArchive is designed for ad-hoc troubleshooting scenarios, such as an IT admin investigating an app installation failure using a collection of event log events, registry values, and app or OS log files. -> [!Note] +> [!NOTE] > DiagnosticArchive is a "break glass" backstop option for device troubleshooting. Diagnostic data such as log files can grow to many gigabytes. Gathering, transferring, and storing large amounts of data may burden the user's device, the network and cloud storage. Management servers invoking DiagnosticArchive must take care to minimize data gathering frequency and scope. The following section describes the nodes for the DiagnosticArchive functionality. -**DiagnosticArchive** -Added in version 1.4 of the CSP in Windows 10, version 1903. Root node for the DiagnosticArchive functionality. +**DiagnosticArchive** +Added in version 1.4 of the CSP in Windows 10, version 1903. Root node for the DiagnosticArchive functionality. The supported operation is Get. -**DiagnosticArchive/ArchiveDefinition** -Added in version 1.4 of the CSP in Windows 10, version 1903. +**DiagnosticArchive/ArchiveDefinition** +Added in version 1.4 of the CSP in Windows 10, version 1903. The supported operations are Add and Execute. @@ -87,7 +89,7 @@ The data type is string. Expected value: Set and Execute are functionality equivalent, and each accepts a `Collection` XML snippet (as a string) describing what data to gather and where to upload it. The results are zipped and uploaded to the specified SasUrl. The zipped filename format is "DiagLogs-{ComputerName}-YYYYMMDDTHHMMSSZ.zip". - + The following is an example of a `Collection` XML. ``` xml @@ -107,16 +109,16 @@ The following is an example of a `Collection` XML. ``` The XML should include the following elements within the `Collection` element: -**ID** +**ID** The ID value uniquely identifies this data-gathering request. To avoid accidental repetition of data gathering, the CSP ignores subsequent Set or Execute invocations with the same ID value. The CSP expects the value to be populated when the request is received, so it must be generated by the IT admin or the management server. -**SasUrl** +**SasUrl** The SasUrl value is the target URI to which the CSP uploads the zip file containing the gathered data. It is the responsibility of the management server to provision storage in such a way that the storage server accepts the device's HTTP PUT to this URL. For example, the device management service could: - Provision cloud storage reachable by the target device, such as a Microsoft Azure blob storage container - Generate a Shared Access Signature URL granting the possessor (the target device) time-limited write access to the storage container -- Pass this value to the CSP on the target device through the `Collection` XML as the `SasUrl` value. +- Pass this value to the CSP on the target device through the `Collection` XML as the `SasUrl` value. -**One or more data gathering directives, which may include any of the following:** +**One or more data gathering directives, which may include any of the following:** - **RegistryKey** - Exports all of the key names and values under a given path (recursive). @@ -133,53 +135,53 @@ The SasUrl value is the target URI to which the CSP uploads the zip file contain - This directive type allows the execution of specific commands such as ipconfig.exe. Note that DiagnosticArchive and the Commands directives are not a general-purpose scripting platform. These commands are allowed in the DiagnosticArchive context to handle cases where critical device information may not be available through existing log files. - Expected input value: The full command line including path and any arguments, such as `%windir%\\system32\\ipconfig.exe /all`. - Output format: Console text output from the command is captured in a text file and included in the overall output archive. For commands which may generate file output rather than console output, a subsequent FolderFiles directive would be used to capture that output. The example XML above demonstrates this pattern with mdmdiagnosticstool.exe's -out parameter. - - Privacy guardrails: To enable diagnostic data capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only the following commands are allowed: - - %windir%\\system32\\certutil.exe - - %windir%\\system32\\dxdiag.exe - - %windir%\\system32\\gpresult.exe - - %windir%\\system32\\msinfo32.exe - - %windir%\\system32\\netsh.exe - - %windir%\\system32\\nltest.exe - - %windir%\\system32\\ping.exe - - %windir%\\system32\\powercfg.exe - - %windir%\\system32\\w32tm.exe - - %windir%\\system32\\wpr.exe - - %windir%\\system32\\dsregcmd.exe - - %windir%\\system32\\dispdiag.exe - - %windir%\\system32\\ipconfig.exe - - %windir%\\system32\\logman.exe - - %windir%\\system32\\tracelog.exe - - %programfiles%\\windows defender\\mpcmdrun.exe - - %windir%\\system32\\MdmDiagnosticsTool.exe - - %windir%\\system32\\pnputil.exe + - Privacy guardrails: To enable diagnostic data capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only the following commands are allowed: + - %windir%\\system32\\certutil.exe + - %windir%\\system32\\dxdiag.exe + - %windir%\\system32\\gpresult.exe + - %windir%\\system32\\msinfo32.exe + - %windir%\\system32\\netsh.exe + - %windir%\\system32\\nltest.exe + - %windir%\\system32\\ping.exe + - %windir%\\system32\\powercfg.exe + - %windir%\\system32\\w32tm.exe + - %windir%\\system32\\wpr.exe + - %windir%\\system32\\dsregcmd.exe + - %windir%\\system32\\dispdiag.exe + - %windir%\\system32\\ipconfig.exe + - %windir%\\system32\\logman.exe + - %windir%\\system32\\tracelog.exe + - %programfiles%\\windows defender\\mpcmdrun.exe + - %windir%\\system32\\MdmDiagnosticsTool.exe + - %windir%\\system32\\pnputil.exe - **FoldersFiles** - Captures log files from a given path (without recursion). - Expected input value: File path with or without wildcards, such as "%windir%\\System32", or "%programfiles%\\*.log". - - Privacy guardrails: To enable diagnostic log capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only paths under the following roots are allowed: - - %PROGRAMFILES% - - %PROGRAMDATA% - - %PUBLIC% - - %WINDIR% - - %TEMP% - - %TMP% - - Additionally, only files with the following extensions are captured: - - .log - - .txt - - .dmp - - .cab - - .zip - - .xml - - .html - - .evtx - - .etl + - Privacy guardrails: To enable diagnostic log capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only paths under the following roots are allowed: + - %PROGRAMFILES% + - %PROGRAMDATA% + - %PUBLIC% + - %WINDIR% + - %TEMP% + - %TMP% + - Additionally, only files with the following extensions are captured: + - .log + - .txt + - .dmp + - .cab + - .zip + - .xml + - .html + - .evtx + - .etl -**DiagnosticArchive/ArchiveResults** -Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run. +**DiagnosticArchive/ArchiveResults** +Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run. The supported operation is Get. -The data type is string. +The data type is string. A Get to the above URI will return the results of the data gathering for the last diagnostics request. For the example above it returns: @@ -230,6 +232,7 @@ A Get to the above URI will return the results of the data gathering for the las Each data gathering node is annotated with the HRESULT of the action and the collection is also annotated with an overall HRESULT. In this example, note that the mdmdiagnosticstool.exe command failed. ### Making use of the uploaded data + The zip archive which is created and uploaded by the CSP contains a folder structure like the following: ```powershell @@ -313,7 +316,7 @@ foreach( $element in $resultElements ) Copy-Item $file.FullName -Destination (Join-Path -Path $reformattedArchivePath -ChildPath $leafSummaryString) } } -#endregion +#endregion Remove-Item -Path $diagnosticArchiveTempUnzippedPath -Force -Recurse ``` That example script produces a set of files similar to the following, which can be a useful view for an administrator interactively browsing the results without needing to navigate any sub-folders or refer to `results.xml` repeatedly: @@ -341,17 +344,17 @@ The Policy functionality within the DiagnosticLog CSP configures Windows event l The following section describes the nodes for the Policy functionality. -**Policy** +**Policy** Added in version 1.4 of the CSP in Windows 10, version 1903. Root node to control settings for channels in Event Log. The supported operation is Get. -**Policy/Channels** +**Policy/Channels** Added in version 1.4 of the CSP in Windows 10, version 1903. Node that contains Event Log channel settings. The supported operation is Get. -**Policy/Channels/_ChannelName_** +**Policy/Channels/_ChannelName_** Added in version 1.4 of the CSP in Windows 10, version 1903. Dynamic node to represent a registered channel. The node name must be a valid Windows event log channel name, such as ``Microsoft-Client-Licensing-Platform%2FAdmin``. When specifying the name in the LocURI, it must be URL encoded, otherwise it may unexpectedly translate into a different URI. Supported operations are Add, Delete, and Get. @@ -414,7 +417,7 @@ Get **Channel** ​ ``` -**Policy/Channels/_ChannelName_/MaximumFileSize** +**Policy/Channels/_ChannelName_/MaximumFileSize** Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting specifies the maximum size of the log file in megabytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte and 2 terabytes in megabyte increments. @@ -510,7 +513,7 @@ Replace **MaximumFileSize** ``` -**Policy/Channels/_ChannelName_/SDDL** +**Policy/Channels/_ChannelName_/SDDL** Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting represents SDDL string controlling access to the channel. Supported operations are Add, Delete, Get, and Replace. @@ -519,7 +522,7 @@ The data type is string. Default string is as follows: -https://docs.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype. +https://docs.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype. Add **SDDL** ``` xml @@ -608,14 +611,14 @@ Replace **SDDL** ``` -**Policy/Channels/_ChannelName_/ActionWhenFull** -Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting controls Event Log behavior when the log file reaches its maximum size. +**Policy/Channels/_ChannelName_/ActionWhenFull** +Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting controls Event Log behavior when the log file reaches its maximum size. Supported operations are Add, Delete, Get, and Replace. The data type is string. -The following are the possible values: +The following are the possible values: - Truncate — When the log file reaches its maximum file size, new events are not written to the log and are lost. - Overwrite — When the log file reaches its maximum file size, new events overwrite old events. - Archive — When the log file reaches its maximum size, the log file is saved to the location specified by the "Archive Location" policy setting. If archive location value is not set, the new file is saved in the same directory as current log file. @@ -709,14 +712,14 @@ Replace **ActionWhenFull** ``` -**Policy/Channels/_ChannelName_/Enabled** +**Policy/Channels/_ChannelName_/Enabled** Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting specifies whether the channel should be enabled or disabled. Supported operations are Add, Delete, Get, and Replace. The data type is boolean. -The following are the possible values: +The following are the possible values: - TRUE — Enables the channel. - FALSE — Disables the channel. @@ -828,22 +831,22 @@ The DiagnosticLog CSP maintains a log file for each collector node and the log f For each collector node, the user can: -- Start or stop the session with all registered and enabled providers -- Query session status -- Change trace log file mode -- Change trace log file size limit +- Start or stop the session with all registered and enabled providers +- Query session status +- Change trace log file mode +- Change trace log file size limit The configurations log file mode and log file size limit does not take effect while trace session is in progress. These are applied when user stops the current session and then starts it again for this collector. For each registered provider in this collector, the user can: -- Specify keywords to filter events from this provider -- Change trace level to filter events from this provider -- Enable or disable the provider in the trace session +- Specify keywords to filter events from this provider +- Change trace level to filter events from this provider +- Enable or disable the provider in the trace session The changes on **State**, **Keywords**, and **TraceLevel** takes effect immediately while trace session is in progress. -> [!Note] +> [!NOTE] > Microsoft-WindowsPhone-Enterprise-Diagnostics-Provider (GUID - 3da494e4-0fe2-415C-b895-fb5265c5c83b) has the required debug resource files built into Windows OS, which will allow the logs files to be decoded on the remote machine. Any other logs may not have the debug resources required to decode. ### Channel-based tracing @@ -864,34 +867,34 @@ For more information about using DiagnosticLog to collect logs remotely from a P To gather diagnostics using this CSP: -1. Specify a *CollectorName* for the container of the target ETW providers. -2. (Optional) Set logging and log file parameters using the following options: +1. Specify a *CollectorName* for the container of the target ETW providers. +2. (Optional) Set logging and log file parameters using the following options: - TraceLogFileMode - LogFileSizeLimitMB -3. Indicate one or more target ETW providers by supplying its *ProviderGUID* to the Add operation of EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*. -4. (Optional) Set logging and log file parameters using the following options: +3. Indicate one or more target ETW providers by supplying its *ProviderGUID* to the Add operation of EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*. +4. (Optional) Set logging and log file parameters using the following options: - TraceLevel - Keywords -5. Start logging using **TraceControl** EXECUTE command “START”. -6. Perform actions on the target device that will generate activity in the log files. -7. Stop logging using **TraceControl** EXECUTE command “STOP”. -8. Collect the log file located in the `%temp%` folder using the method described in [Reading a log file](#reading-a-log-file). +5. Start logging using **TraceControl** EXECUTE command “START”. +6. Perform actions on the target device that will generate activity in the log files. +7. Stop logging using **TraceControl** EXECUTE command “STOP”. +8. Collect the log file located in the `%temp%` folder using the method described in [Reading a log file](#reading-a-log-file). The following section describes the nodes for EtwLog functionality. -**EtwLog** +**EtwLog** Node to contain the Error Tracing for Windows log. The supported operation is Get. -**EtwLog/Collectors** +**EtwLog/Collectors** Interior node to contain dynamic child interior nodes for active providers. The supported operation is Get. -**EtwLog/Collectors/***CollectorName* +**EtwLog/Collectors/_CollectorName_** Dynamic nodes to represent active collector configuration. Supported operations are Add, Delete, and Get. @@ -937,7 +940,7 @@ Delete a collector ``` -**EtwLog/Collectors/*CollectorName*/TraceStatus** +**EtwLog/Collectors/*CollectorName*/TraceStatus** Specifies whether the current logging status is running. The data type is an integer. @@ -947,11 +950,11 @@ The supported operation is Get. The following table represents the possible values: | Value | Description | -|-------|-------------| +| ----- | ----------- | | 0 | Stopped | | 1 | Started | -**EtwLog/Collectors/*CollectorName*/TraceLogFileMode** +**EtwLog/Collectors/*CollectorName*/TraceLogFileMode** Specifies the log file logging mode. The data type is an integer. @@ -961,11 +964,11 @@ Supported operations are Get and Replace. The following table lists the possible values: | Value | Description | -|-------|--------------------| +| ----- | ------------------ | | EVENT_TRACE_FILE_MODE_SEQUENTIAL (0x00000001) | Writes events to a log file sequentially; stops when the file reaches its maximum size. | -| EVENT_TRACE_FILE_MODE_CIRCULAR (0x00000002) | Writes events to a log file. After the file reaches the maximum size, the oldest events are replaced with incoming events. | +| EVENT_TRACE_FILE_MODE_CIRCULAR (0x00000002) | Writes events to a log file. After the file reaches the maximum size, the oldest events are replaced with incoming events. | -**EtwLog/Collectors/*CollectorName*/TraceControl** +**EtwLog/Collectors/*CollectorName*/TraceControl** Specifies the logging and report action state. The data type is a string. @@ -973,9 +976,9 @@ The data type is a string. The following table lists the possible values: | Value | Description | -|-------|--------------------| +| ----- | ------------------ | | START | Start log tracing. | -| STOP | Stop log tracing | +| STOP | Stop log tracing. | The supported operation is Execute. @@ -1029,7 +1032,7 @@ Stop collector trace logging ``` -**EtwLog/Collectors/*CollectorName*/LogFileSizeLimitMB** +**EtwLog/Collectors/*CollectorName*/LogFileSizeLimitMB** Sets the log file size limit, in MB. The data type is an integer. @@ -1038,15 +1041,15 @@ Valid values are 1-2048. The default value is 4. Supported operations are Get and Replace. -**EtwLog/Collectors/*CollectorName*/Providers** +**EtwLog/Collectors/*CollectorName*/Providers** Interior node to contain dynamic child interior nodes for active providers. The supported operation is Get. -**EtwLog/Collectors/*CollectorName*/Providers/***ProviderGUID* +**EtwLog/Collectors/*CollectorName*/Providers/_ProviderGUID_** Dynamic nodes to represent active provider configuration per provider GUID. -> [!Note] +> [!NOTE] > Microsoft-WindowsPhone-Enterprise-Diagnostics-Provider (GUID - 3da494e4-0fe2-415C-b895-fb5265c5c83b) has the required debug resource files built into Windows OS, which will allow the logs files to be decoded on the remote machine. Any other logs may not have the debug resources required to decode. Supported operations are Add, Delete, and Get. @@ -1092,7 +1095,7 @@ Delete a provider ``` -**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/TraceLevel** +**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/TraceLevel** Specifies the level of detail included in the trace log. The data type is an integer. @@ -1102,12 +1105,12 @@ Supported operations are Get and Replace. The following table lists the possible values: | Value | Description | -|-------|--------------------| +| ----- | ------------------ | | 1 – TRACE_LEVEL_CRITICAL | Abnormal exit or termination events | -| 2 – TRACE_LEVEL_ERROR | Severe error events | -| 3 – TRACE_LEVEL_WARNING | Warning events such as allocation failures | -| 4 – TRACE_LEVEL_INFORMATION | Non-error events, such as entry or exit events | -| 5 – TRACE_LEVEL_VERBOSE | Detailed information | +| 2 – TRACE_LEVEL_ERROR | Severe error events | +| 3 – TRACE_LEVEL_WARNING | Warning events such as allocation failures | +| 4 – TRACE_LEVEL_INFORMATION | Non-error events, such as entry or exit events | +| 5 – TRACE_LEVEL_VERBOSE | Detailed information | Set provider **TraceLevel** @@ -1132,7 +1135,7 @@ Set provider **TraceLevel** ``` -**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/Keywords** +**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/Keywords** Specifies the provider keywords to be used as MatchAnyKeyword for this provider. The data type is a string. @@ -1156,7 +1159,7 @@ Get provider **Keywords** - + ``` @@ -1181,24 +1184,24 @@ Set provider **Keywords** 12345678FFFFFFFF - + ``` -**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/State** +**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/State** Specifies if this provider is enabled in the trace session. The data type is a boolean. Supported operations are Get and Replace. This change will be effective during active trace session. -The following table lists the possible values: +The following table lists the possible values: | Value | Description | -|-------|--------------------| -| TRUE | Provider is enabled in the trace session. This is the default. | -| FALSE | Provider is disabled in the trace session. | +| ----- | ------------------ | +| TRUE | Provider is enabled in the trace session. This is the default. | +| FALSE | Provider is disabled in the trace session. | Set provider **State** @@ -1223,12 +1226,12 @@ Set provider **State** ``` -**EtwLog/Channels** +**EtwLog/Channels** Interior node to contain dynamic child interior nodes for registered channels. The supported operation is Get. -**EtwLog/Channels/***ChannelName* +**EtwLog/Channels/_ChannelName_** Dynamic nodes to represent a registered channel. The node name must be a valid Windows event log channel name, such as "Microsoft-Client-Licensing-Platform%2FAdmin" Supported operations are Add, Delete, and Get. @@ -1274,7 +1277,7 @@ Delete a channel ``` -**EtwLog/Channels/*ChannelName*/Export** +**EtwLog/Channels/*ChannelName*/Export** Node to trigger the command to export channel event data into the log file. The supported operation is Execute. @@ -1298,7 +1301,7 @@ Export channel event data ``` -**EtwLog/Channels/*ChannelName*/Filter** +**EtwLog/Channels/*ChannelName*/Filter** Specifies the XPath query string to filter the events while exporting. The data type is a string. @@ -1326,7 +1329,7 @@ Get channel **Filter** ``` -**EtwLog/Channels/*ChannelName*/State** +**EtwLog/Channels/*ChannelName*/State** Specifies if the Channel is enabled or disabled. The data type is a boolean. @@ -1335,10 +1338,10 @@ Supported operations are Get and Replace. The following table lists the possible values: -| Value | Description | -|-------|--------------------| -| TRUE | Channel is enabled. | -| FALSE | Channel is disabled. | +| Value | Description | +| ----- | -------------------- | +| TRUE | Channel is enabled. | +| FALSE | Channel is disabled. | Get channel **State** @@ -1388,10 +1391,10 @@ The DeviceStateData functionality within the DiagnosticLog CSP provides addition The following section describes the nodes for the DeviceStateData functionality. -**DeviceStateData** +**DeviceStateData** Added in version 1.3 of the CSP in Windows 10, version 1607. Node for all types of device state data that are exposed. -**DeviceStateData/MdmConfiguration** +**DeviceStateData/MdmConfiguration** Added in version 1.3 of the CSP in Windows 10, version 1607. Triggers the snapping of device management state data with SNAP. The supported value is Execute. @@ -1418,9 +1421,11 @@ The supported value is Execute. ``` ## FileDownload area + The FileDownload feature of the DiagnosticLog CSP enables a management server to pull data directly from the device. In the FileDownload context the client and server roles are conceptually reversed, with the management server acting as a client to download the data from the managed device. ### Comparing FileDownload and DiagnosticArchive + Both the FileDownload and DiagnosticArchive features can be used to get data from the device to the management server, but they are optimized for different workflows. - FileDownload enables the management server to directly pull byte-level trace data from the managed device. The data transfer takes place through the existing OMA-DM/SyncML context. It is typically used together with the EtwLogs feature as part of an advanced monitoring or diagnostic flow. FileDownlod requires granular orchestration by the management server, but avoids the need for dedicated cloud storage. @@ -1428,16 +1433,16 @@ Both the FileDownload and DiagnosticArchive features can be used to get data fro The following section describes the nodes for the FileDownload functionality. -**FileDownload** +**FileDownload** Node to contain child nodes for log file transportation protocols and corresponding actions. -**FileDownload/DMChannel** +**FileDownload/DMChannel** Node to contain child nodes using DM channel for transport protocol. -**FileDownload/DMChannel/***FileContext* +**FileDownload/DMChannel/_FileContext_** Dynamic interior nodes that represents per log file context. -**FileDownload/DMChannel/*FileContext*/BlockSizeKB** +**FileDownload/DMChannel/*FileContext*/BlockSizeKB** Sets the log read buffer, in KB. The data type is an integer. @@ -1488,7 +1493,7 @@ Get **BlockSizeKB** ``` -**FileDownload/DMChannel/*FileContext*/BlockCount** +**FileDownload/DMChannel/*FileContext*/BlockCount** Represents the total read block count for the log file. The data type is an integer. @@ -1514,7 +1519,7 @@ Get **BlockCount** ``` -**FileDownload/DMChannel/*FileContext*/BlockIndexToRead** +**FileDownload/DMChannel/*FileContext*/BlockIndexToRead** Represents the read block start location. The data type is an integer. @@ -1567,7 +1572,7 @@ Set **BlockIndexToRead** at 1 ``` -**FileDownload/DMChannel/*FileContext*/BlockData** +**FileDownload/DMChannel/*FileContext*/BlockData** The data type is Base64. The only supported operation is Get. @@ -1591,21 +1596,22 @@ Get **BlockData** ``` -**FileDownload/DMChannel/*FileContext*/DataBlocks** +**FileDownload/DMChannel/*FileContext*/DataBlocks** Node to transfer the selected log file block to the DM server. -**FileDownload/DMChannel/*FileContext*/DataBlocks/***BlockNumber* +**FileDownload/DMChannel/*FileContext*/DataBlocks/_BlockNumber_** The data type is Base64. The supported operation is Get. ### Reading a log file -To read a log file: -1. Enumerate log file under **./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel**. -2. Select a log file in the Enumeration result. -3. Set **BlockSizeKB** per DM server payload limitation. -4. Get **BlockCount** to determine total read request. -5. Set **BlockIndexToRead** to initialize read start point. -6. Get **BlockData** for upload log block. -7. Increase **BlockIndexToRead**. -8. Repeat steps 5 to 7 until **BlockIndexToRead == (BlockIndexToRead – 1)**. \ No newline at end of file + +To read a log file: +1. Enumerate log file under **./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel**. +2. Select a log file in the Enumeration result. +3. Set **BlockSizeKB** per DM server payload limitation. +4. Get **BlockCount** to determine total read request. +5. Set **BlockIndexToRead** to initialize read start point. +6. Get **BlockData** for upload log block. +7. Increase **BlockIndexToRead**. +8. Repeat steps 5 to 7 until **BlockIndexToRead == (BlockIndexToRead – 1)**. diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md index 1e6a236656..c562978934 100644 --- a/windows/client-management/mdm/provisioning-csp.md +++ b/windows/client-management/mdm/provisioning-csp.md @@ -17,13 +17,13 @@ ms.date: 06/26/2017 The Provisioning configuration service provider is used for bulk user enrollment to an MDM service. -> **Note**  Bulk enrollment does not work when two factor authentication is enabled. - - +> [!NOTE] +> Bulk enrollment does not work when two-factor authentication is enabled. For bulk enrollment step-by-step guide, see [Bulk enrollment](bulk-enrollment-using-windows-provisioning-tool.md). The following shows the Provisioning configuration service provider in tree format. + ``` ./Vendor/MSFT/ProvisioningCommands ProvisioningCommands @@ -40,43 +40,34 @@ ProvisioningCommands ----------------RestartRequired ----------------ContinueInstall ``` -**./Vendor/MSFT** + +**./Vendor/MSFT/ProvisioningCommands** Root node for Provisioning CSP. -**Provisioning/Enrollments** +**Provisioning/Enrollments** Node for defining bulk enrollment of users into an MDM service. -**Provisioning/Enrollments/***UPN* +**Provisioning/Enrollments/_UPN_** Unique identifier for the enrollment. For bulk enrollment, this must a service account that is allowed to enroll multiple users. Example, "generic-device@contoso.com" -**Provisioning/Enrollments/*UPN*/DiscoveryServiceFullURL** +**Provisioning/Enrollments/*UPN*/DiscoveryServiceFullURL** The full URL for the discovery service. -**Provisioning/Enrollments/*UPN*/Secret** +**Provisioning/Enrollments/*UPN*/Secret** This information is dependent on the AuthPolicy being used. Possible values: -- Password string for on-premises authentication enrollment -- Federated security token for federated enrollment -- Certificate thumb print for certificated based enrollment +- Password string for on-premises authentication enrollment +- Federated security token for federated enrollment +- Certificate thumb print for certificated based enrollment -**Provisioning/Enrollments/*UPN*/AuthPolicy** +**Provisioning/Enrollments/*UPN*/AuthPolicy** Specifies the authentication policy used by the MDM service. Valid values: -- OnPremise -- Certificate +- OnPremise +- Certificate -**Provisioning/Enrollments/*UPN*/PolicyServiceFullURL** +**Provisioning/Enrollments/*UPN*/PolicyServiceFullURL** Specifies the policy service URL. -**Provisioning/Enrollments/*UPN*/EnrollmentServiceFullURL** +**Provisioning/Enrollments/*UPN*/EnrollmentServiceFullURL** Specifies the enrollment service URL. - - - - - - - - - - diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md index 540a52a931..7e1fad2f77 100644 --- a/windows/client-management/mdm/proxy-csp.md +++ b/windows/client-management/mdm/proxy-csp.md @@ -17,18 +17,17 @@ ms.date: 06/26/2017 The PROXY configuration service provider is used to configure proxy connections. -> **Note**  Use [CM\_ProxyEntries CSP](cm-proxyentries-csp.md) instead of PROXY CSP, which will be deprecated in a future release. +> [!NOTE] +> Use [CM\_ProxyEntries CSP](cm-proxyentries-csp.md) instead of PROXY CSP, which will be deprecated in a future release. This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. - - For the PROXY CSP, you cannot use the Replace command unless the node already exists. The following shows the PROXY configuration service provider management object in tree format as used by OMA DM. The OMA Client Provisioning protocol is not supported by this configuration service provider. + ``` -./Vendor/MSFT -Proxy +./Vendor/MSFT/Proxy ----* --------ProxyId --------Name @@ -56,82 +55,73 @@ Proxy ------------Microsoft ----------------Guid ``` -**./Vendor/MSFT/Proxy** + +**./Vendor/MSFT/Proxy** Root node for the proxy connection. -***ProxyName*** +***ProxyName*** Defines the name of a proxy connection. It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two proxy connections, use "PROXY0" and "PROXY1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), but no spaces may appear in the name (use %20 instead). The addition, update, and deletion of this sub-tree of nodes have be specified in a single atomic transaction. -***ProxyName*/PROXYID** +***ProxyName*/PROXYID** Specifies the unique identifier of the proxy connection. -***ProxyName*/NAME** +***ProxyName*/NAME** Specifies the user-friendly name of the proxy connection. -***ProxyName*/ADDR** +***ProxyName*/ADDR** Specifies the address of the proxy server. This value may be the network name of the server, or any other string (such as an IP address) used to uniquely identify the proxy connection. -***ProxyName*/ADDRTYPE** +***ProxyName*/ADDRTYPE** Specifies the type of address used to identify the proxy server. The valid values are IPV4, IPV6, E164, ALPHA. -***ProxyName*/PROXYTYPE** +***ProxyName*/PROXYTYPE** Specifies the type of proxy connection. Depending on the ProxyID, the valid values are ISA, WAP, SOCKS, or NULL. -***ProxyName*/Ports** +***ProxyName*/Ports** Node for port information. -***ProxyName*/Ports/***PortName* +***ProxyName*/Ports/_PortName_** Defines the name of a port. It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two ports, use "PORT0" and "PORT1" as the element names. -***ProxyName*/Ports/*PortName*/PortNbr** +***ProxyName*/Ports/*PortName*/PortNbr** Specifies the port number to be associated with the parent port. -***ProxyName*/Ports/*PortName*/Services** +***ProxyName*/Ports/*PortName*/Services** Node for services information. -***ProxyName*/Ports/Services/***ServiceName* +***ProxyName*/Ports/Services/_ServiceName_** Defines the name of a service. It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two services, use "SERVICE0" and "SERVICE1" as the element names. -***ProxyName*/Ports/Services/*ServiceName*/ServiceName** +***ProxyName*/Ports/Services/*ServiceName*/ServiceName** Specifies the protocol to be associated with the parent port. One commonly used value is "HTTP". -***ProxyName*/ConRefs** +***ProxyName*/ConRefs** Node for connection reference information -***ProxyName*/ConRefs/***ConRefName* +***ProxyName*/ConRefs/_ConRefName_** Defines the name of a connection reference. It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two connection references, use "CONREF0" and "CONREF1" as the element names. -***ProxyName*/ConRefs/*ConRefName*/ConRef** +***ProxyName*/ConRefs/*ConRefName*/ConRef** Specifies one single connectivity object associated with the proxy connection. ## Related topics - [Configuration service provider reference](configuration-service-provider-reference.md) - - - - - - - - - diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index db915eb9fe..6239123fae 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -16,13 +16,13 @@ ms.date: 02/23/2018 The Update configuration service provider enables IT administrators to manage and control the rollout of new updates. -> [!Note] -> The Update CSP functionality of 'AprrovedUpdates' is not recommended for managing desktop devices. To manage updates to desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation for the recommended policies. +> [!NOTE] +> The Update CSP functionality of 'AprrovedUpdates' is not recommended for managing desktop devices. To manage updates to desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation for the recommended policies. The following shows the Update configuration service provider in tree format. -```./Vendor/MSFT -Update +``` +./Vendor/MSFT/Update ----ApprovedUpdates --------Approved Update Guid ------------ApprovedTime @@ -50,7 +50,8 @@ Update --------QualityUpdateStatus --------FeatureUpdateStatus ``` -**Update** + +**./Vendor/MSFT/Update**