From cc24af8dc583dd27a4812fe3e44bd6cb861f596f Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 10 Jul 2020 11:42:42 +0500 Subject: [PATCH 01/33] Update hello-hybrid-key-whfb-provision.md --- .../hello-for-business/hello-hybrid-key-whfb-provision.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index 85992e20d5..248225b8c5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -27,7 +27,7 @@ ms.reviewer: ## Provisioning The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**. -![Event358](images/Event358.png) +![Event358](images/Event358-2.png) The first thing to validate is the computer has processed device registration. You can view this from the User device registration logs where the check **Device is AAD joined (AADJ or DJ++): Yes** appears. Additionally, you can validate this using the **dsregcmd /status** command from a console prompt where the value for **AzureADJoined** reads **Yes**. From 553b46611215cf7f03a818033a445811262be0df Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 10 Jul 2020 11:45:14 +0500 Subject: [PATCH 02/33] Add files via upload --- .../hello-for-business/images/event358-2.png | Bin 0 -> 91933 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/identity-protection/hello-for-business/images/event358-2.png diff --git a/windows/security/identity-protection/hello-for-business/images/event358-2.png b/windows/security/identity-protection/hello-for-business/images/event358-2.png new file mode 100644 index 0000000000000000000000000000000000000000..53fd554323f4d0967c9319676db8815658a4627e GIT binary patch literal 91933 zcmb@tgLh=j_dPtBOl;e>ZD(TJw#`X0!Ni%^w$-t1P0WsM^Ou?D^Ihxx1KzXNUER0( zc6If=Rp;!p_o-hBauRUR*wA0Te1ZEeDXR443&`W=F$f9%*^;7>n)mtg&0I)U=*ySd z7?@W>u+MW4XC(>YFIAJcN1rE94w9PAU%tTi{yjj@D5ZXU`SMZtT~tWLL+>;b!UuH# zW5|Dzp=Ed08-bMccEkH3r-YLFK18?HKqxjZFOQNs=Wk=Cpal_8;_b%E-n0Lv4!e%9 zio&k_^2Jc%+UaQmNBxVLnfWG)s&(0f8H&SJx1Xq}sKIQ(_sg4`pdbINTOipBn*VxR zto>o5Emo>9hY{qT1^AOUQ9i2cdx8O|wK3raS17;!XCJI~ikI=5emK;L(BS#G?BV~{ zPn7mXkHBR&XpQ2^pDc95fA&bBRJ?^i!2fe+D5h_7lYonhYx?A_QSsY<_HMbBx23D2 zv-C^I_eI1QF`@l`V~P_;iE=tYNzhj$IFe67YJP|!1rgT1$EBx7hqHi`?&R4zF=(C^Z@kChfpsu9nz zKB>yxlp?dSwO!uy2R~uH+G|zTSbi7OETLykeU;zSrx2mx+N67QD{w>lJB()cH2}GS zsd`&oAG}2+D8>?Q7N>tDtdFnsdhdTiaJ>ZD$+(O%^coS6S1X^ZJblS)bV*O_{LW7 zMfl3W=ZQ82`o%9Y4`*R5r5B9*YFSgPZo|0hFw$}iJsdpz zS>5X-qK=>!eCsd(Lb_Xpvc1ty-f`A-9j1enN(m%hGnTkg)FI0o%*vCTPT)fT(>y7v z5Sd(yhISuKsOKg*&-p>c74_}Gd)a1lW zNC4!~ACSyI9|QY8b(bNY^*!Gn((%+>ITj(Tm?>8 zZCPE>3@q8`dqNPoE>=NqBxyYh8es8~y_4}u?kV3-9vEt*M_@qVZ#P_pg8Z~KE_c>9_Vi5PqBm;R zfmyjc{}ZW~_k2!C38J`00%B^@1Ou%hv}gsDn2`@L^6&7RonA{b3C9TMIZY2sO|o$( zI_Q|}-d`le4$oTfqio>!(~H2O zb0l~K2%o^KaJ06fO5+)y0?-+8j=7;@}@E``#P0~$@$B7A`)TAmYnQetB8?^!1mE32(Tj1a)tN}uuwmC-qNneo?T ze@8uf97tV$?BIxB*bD3f0|OO4En<5m3l5-N38+bWUWFjxX-1-F5k^SbgRO{;yyaT8-f4a>@Cw>h`B;%m@<5)g;ud$ek0bIjTSC zIPt!Ebsk6%^vtsiIYJ6yGI}BQoGU*5-t;33m}nfvivoQ9I};w&%_$$+t?Q1A_eZ-rzj&a4it8L-3o+r{s2 zt(XgUchW%+RZg!HdNKN;=V(w$=EH)Y{X!rz#LUYP0QX$O`@t*yYMx>vsQ3!(*aveEs)SdHZ-QGfpmNsc*>$7u6? zT&kgDR8K11fx;2~7u{1V9mQsY%V{AC;_$xcJ($aZUO3L$ZBi+bw*2}oEOQLmzTN7i zoj;8#r)h0yrth*_Wo==p3}-*jO5B<|t>8P~P9aXYT*0xx(des}ehlLzBdH%np3{}p zcx^{K9!*n;Vu0rcTjQepa}ZcJ*V%R2h~ju+v(v4OZ|j#ih%juryfQywB)H&3C*{?r z+zhroI5Wg~%PQ_8}qZ%MAn;TGtv*ft-F=fxuI*8p%8qA*RD}tSbETq0!Cx zSiHFrtHEqHoxR&&FN(+W$dy4lh;47*IBr-8&y9G`aS-8EPwjlT>}dj9VTWqIz^U0r z3(7c=DMf4>avX}tefJNCcRZ-QkwL?MeU`noW{1wM$_kpv%uuLgsl_Un(GP%uPzS!a zniJN#herGfqt>Lv3Yf>*d;$(rH*C_p6&rR+-b0<*@zHCWUoxSf;$YX6SiA z4^|~XulM)?qwixcc*);@A*qW4U1$(;JgcFGJ~N}DlGBSGjh$NTOx2)n{rL>F{b>*D z)??Qc7OJ-AuH%GhX9(ty_u4P=SU;eWCuVD{)AiBKlxsuJ8TX{f<%dRUBrhmO{6eyb zisHA;-!z;a#8B@j0)6kkZA?3R5LbWFNoJaM;ve@zi;>PLh28wX(s;QsoHq!5>{s#_ z_Xd$Lwl`8_OyLRXg({|88rk3CJ;VDw0kN7_9YGs$xEvfRdZQV-L=yZk{kR-)arWgz zkAS6|zpD?xod-D8QA4Pt0fsYySCT882+0v3M|cl%|G-EVkJr!R(f-SmH)iyU^{6v# z^893fNNxc9PiZe$_>85Hpggz3IU?BKy-Fsl&AkcEXc*KT)19s;9#rENz(u?uuTWu= zi-`LPn_T*)cKdx`^1N8a@1K<{gEE>yQ8WS)Z8SHR1J|G>v6O@;SUJHEy*#ZwGaPVC z-u^vhG(C?dt8x`tT)2wb{=G@x;1cSdrQ3;r;iY7Mjq&5zZmHe#Y z#I3Tzb2=@c9FrMJ+=U)qOUpB!0%9JM_x*}Ea6BGnBK7EqM8YSx7^SUa?5EhO%fs-x zMKB+`bV-q7Q9R5GY37b8+}Wr@NPAuq%x9~$mWpDt`SqSIa>CS@jIBN?k-JhMWZE)7 zVlZdCsdG|+$6aj5L7kJ5 zm9xu^j$gYDfvJ##gFOvauF)SP`kuMOM%Q3+B&cc)B&$-pPlPs5T)f+#$txphoh80M>MgdjNa(N=2w|igp)0-m%e@qa+C@^!LKNU*R;pp z^-eeAG!-bY>m@6pRsdFe)O>SUd0oP93J*1IMEgQfuMy---d732)F&l-+&Ud?_Sj60M~NmULU;$ z%#6&O?f3a2g8qPkWFWI0ZCdHTWf^PE*j921E@dW@ZO62+3yaE-PJfze=!~feh4j}( zOgx<}DxQe3p*h0p^)D1|x4{yL5WV6ZW3!r!Z>F&JW)QX$vI8>p7tr}U=N}~uxbPK2 zD`Q|a%F-GpXs`x;c`iSMNBzjdmp`-!XBEx<9#y#@!(<-^5dTLa#s-~yyY{U!*!}F%YQQ=0{ z)#E%-`Jw5=lrodxS}U);;(OGDpLRLaOajK>&geJ_gy3CmLkNLw`$V+zKgPLm*E2@r z=sCJ8RrMcBMJ@Pkc(sxJI^Zzu48=Td-I;;_Dl0J<9TzS%D`L6X%6-kNbNV zOXlvk@7esT)G<5(ixQEdQ&~Zb0@Y;VG5FseuJa#nYkLmoZ-mBMO9rPY&LvJ1QLcWT zxv3S^+S~m!UM#+hJ^9|wd4`cO!nVE^JSpp@&Huv5t9)PA42u7VYMLv*-Ds}WhuZ`@ z6@?Xi;2-&uw+1IL4b1qlT%Oo|lNI)K8K*;nKPEWz+Hl7~8EL_=D0ADCv)+kZ+|f~@ ztLB@Vefux<5bwSc>p=4jobY}&hFo(5Y3@yeF(Z}({AcB6+KX@@U=j#YHo$s`P{ymC zKyEVS2Y<&4@M>8*miQ>}`vu!j;v&R+p-A?2oVLDo|DFyRo+Xqv@BP3N@(I; z@87h>Xs@$5J;^fk{7~N3>B^~~-PP~^TYBq2fb9INQf((QMCtMxY|ALJ-405$*|`(C zo(fS&Wjw?mCze$@S)N+s_`1|S?D{B%w5R2q_Vzq_IZGk*{@W_8LQzX`TxjYqZR8Wc z{D$%E+xZqrIV!_NWqzU!D@huslUWrWFyfk02orM9)l|Irl&Nbd=m(L7UdP8)8{VRJ zc6?yC)S*@K+z|?$ts!gPTtiLVsD>Yi6%}hCmaC^?t87pPAx3(v?+*8@G%fV#q5vX% zxK)CsEpT_&#xts0sQjBsa{KFbYb(I=2((2AwDP;v@>>?Rc5<|KJ^N)XnA8n(9EFnv zi+V&L4INET52=x*w!X+7)a601=-#lrw6P%oz^?EVyf9KGt{pTx>%{4NMxHFai~;-I zlh`d&Mq8yCPb;*wzCmd=!muK&_w`_**L{JuePtDc%rvp4e$VWWClxKh$zy`MRun{< z$7**0Rmf5gMl`#T1x;PbX_+bhr4wV#y{nqa{6LePyEzXPbiGmwzlsZsZB>anNR^a>U#+>n$?vw{(bElDpfkDgF}TEeNaI?-S2z3t`oOD0l@{B&v~;Ed?&>{Zw`)Lyq=RM;}wam%mW3c zqP$XM9-mol9=t3Ui-ay+?U$1O(G2Gq{)P2eO31f-TyXf`?1aPB)Lrn>JKs>f=WGmA zJPmr4O+LWnb&6*8G;gyJg^FqkiwntsC z&1s{wf4s+!?#=8?mCFXt6Q6!h)Fc&QA~dtU|FJHpe(F8hoNiyig25Chv7ba`{sPX= zwB3H>f_`QW-X2h{>yb_O*FzFs#sD8Sdlv09Q2tRTh>r)CZP0rEyFPn}V1-z|{@MSS z=)a5gx1!N_J0cdbB0q+MDvJK)tB|i4&G}?r&*YsA1*mLnT9k<&?Yeg=b{l#;@AO$? z{lseMJ(My3rpNj&0+mOj7M%C_V{u%3JVLypx_SEBMW70Ks17yKe}qoA?vB7M{06LC zXq{%eT=B~)?yhBJYuPMw{D0(5v-E2&R(pO>pMVp1c48((i_ACEO8Mt5P&RBh9G6&` zV61<q&WgQAui&go%h)6A{EKnd=D_sAd2UB4&2u^DhA&AU{N@qCB( zqcdNx`~BzaO1wW&9rvGqLJ zVxwCRdr;lqmvbM~ln)YjP({d2gpV;xdI=aAYU!YHd=-3nl2U}L7o?M-Bb za3NU4s%o;)Ldng`gGROsk*l{tDR!AZ*0J$9!;<+p!ZflM-RXV@<-{=-o=eKTtV`}) z5*!*Ez!oJC2qn(PhL3jB3BQAYW2Qgr?dQ{I;)LonP6y6HDA#f?qv(2v^y(FKk@3}C z*)w7rFk+_4;1DSNTNHok5?65hvi5+CJUz^f-T6>DycHgVU!a6xD!c zW$oJCOV|D+a>GGidEmsw1M&U1pU-P=v4(SPSUTSUaO*(daIuz`R1Ci-+*gtIJbI+s z@R{QzE>;mft}0S_6zlXgQd1f+SzlEIU7 z*=WLg$v1Lvm^V*prT^NRccSrhPwDpFW2qghN)pKRgsJ8OfIbq(S>loc((ZsG7135? z^MO3XctbMCy@37lY7=;?(*Mr^H8qz*>+PR@brmD8Do7AC!ihwh8t?4~W^Uz_2wHyU zLOnm5>Co4|C3qm+?|h&P1RYbbv6TMg#&|R6!Qm& zZdxwkJ}vw{t5`B2#ABmc20w&rR}L|47Y8&y zPUFy-{19W0n5;`i_1a~ALu9wvf6wX_Y)uu60dNu$hcHrmw?0*K|(q9g!Y)qLY?uy-06?boxcT^sDN;SjmD$LQ|1Ugpt=7!P+-lRSt!MTT{n2h{x`z zwj|1}yfj%Z&ZIan)p)(bb!9lm>ob*|haJg&a7h}xEgIV(@^DyOK0ldfl)*-Sd(}&`S}8; zCPl4N5Cee$IRBzg*N?WcEh43y4{c}08%wNC4^w1(Um#uv3|2VB5L;->CSyBClK}ms zANoU-?-yhKrN|{E7O%U5$x^zuaXw)m;DIR&M7o@Z^T@sRBt{YQ=o*YPrL80I1H{SN>^P?ukXF!f}^EHIb9bQ zS>@u1f})z!|u z^zR?ItlknR++ty7Ug~mc$#{El|KZacAE;h_W-anRL5TOG)V}f0T8=2~(+j10AUIB- z(?7h?y!u*-#p^v)@pjOzoFw&avGN~&_<(zF2xMS*p}VR14^MpkK=^Da*4_QzsXxOv z@6!L?e+YjAWB5A?!b=8Gh0Fh+8qa@`@wCbjqn~#F7ctgo-kreY7j;^E&M)!I6jL4+``wh+E-o4+O zekC(GpsB^RUXxl$=NAKADA>~Jy%l2<+ZwsC;cx^+S)(qQ`>QKV8L4)m9V_>zX86o!A)rv)9qcO zM>K0jP!dRRh&mXG->-5DRB2Imxj^9{=m~YoMLzl_BYIY161PO+><%AqYc2+j9vJ8c z;OYB?S})UG32vS%gu_J*nj>gbMV@Z;YOE*BQ*!#ka#T@Ho9=q>uB}5r@V|je(3BA= zQ)=*eJU-93`mCrh6e{Dmv{bY4j;k_8m^KZ^h9cy%b(C8_hlQNtUD50`_(^$J%PI6;m2{ zvCA1MYpBjdE7pF!)GHRE_HF1XGT3FdR~*Y4QYYfsOdM5YK`pNd76Gz8SFS(Y!!5kB zXEPCLJ61mw6D3nboa;Vx0w_d}2T3qZ7xr(q{0XDG`W-JJmHdw+L=vZ4znOH(Nho0Nqj43X;3|du_ zgUAg^WsW2@M!meb(re)cw>Rf-Z&P;{Tp0z&L0Nl%uSDG}h35J+vX|sE-FQ&Fm$NcH zA(H@qiMU#KbANAEf>+2$Wx}YAR_EbTpsI~u@>A62C;bCHSEsv1~?bp?>VY=2QFHyt%5N{0*-qDF|0uMjfb{OQiY$|avPpoSg>7}5I z702t{s>17OuE0riGZP_W zC&812%B|9bFY^Nx6)tci1Fifz=(N6ShL^{q7T^D2bnMNI;c64QjI z;lcaEPijw%vq@1Bt-{|5;o%vJTPpkH9hJ}sAdc8WLqiL8iO;QC150IUc4E6vdigz) zc0wYvpo4k0H@4QzK_oGCj+dBeN=W`0w-$+>F7pwJ1H8eD|7D(V007|BVzCPE)@v*> zMS>JPx2OnQ3LEImBI4z8(y$f@XsD0N83#tc#!}$^bU8vNxd)PFJunz2y0>aw@EfXKKZNlC zaodN7i)uz+g_t)HiVh4uaZ?`Iw zQ)4%BgKs70a{8;!)gRP~_B5DPL_2iM(;mJCw&5_|2+)`6{MmUFO$h*T-rdflNd|(E znoqz5x;e=q@cfc)DQFpiF0fsm0ab4$%u>0tH%UZ7Vcq4+*Rcn~!T1xTTN`&BuM6Mt zbx+8bd%W)OY`}Jzu{`h60F0QTHRD6u-jeGnZZs~P@R%JPV!c0pXX+K`y@bw>ktPJ6 zQMc`zn0J zmM;?YBU|$ec%JF|TOBRsDH(El45AK#ki<#t!5twWm`js*c{rOpZw!-8;c7v5)pTFI z?gjU*OjFo=&*|38=e($sPa2dRNR6GJ*KalPOzBstb%)Y@+N z?S{AsCY$NSI)nCX=Whbr_#7|KmLS-_TVIamM{IGr@%CD~8ILj?08Nr(Oy%i*8vZc| zW5DgZBj#`+IEqPOqcCJKz~mTK?KRm)EpLZR=D-{JRl$m@-w8Pe$P@|ow|22N3|)&a zXL`9YUGjRwlpB&BQ&$VJC5iMTRg!g*_eN{GLqF7S1@sCX%B(d~7(0 z59EgG@&zLl&vInegO6gWLymJdD7832Vbp8}_uoPtAJg@hI@pW6l@D*KjcyhR>N-8P zbg+fN;X{~#knjX80Vj)7MyrvYOFHP`q2R%Nu|8kR_a{vr`f@946>iT%(f3(2SkIJw z>V0^O>``mH*=%kd8eDe3JJ)`ED$!fjz^utFStT-^*H7Uw?__A(p}PtXyvZ^IK*#Lp zc>uP{jkUF&3#KE>R#LWa7KS@`jGEyHIbgk6J^0KfPh|PRPddN5)&H9<%su-@BSiG} z1U_`Z7+fqBbnVT}6RppBDasO~J2CQNM--}~G`mJiQfy3bNxkG9)7EPX&Tx3Nq34nn z@;{|{YBl_frc(l=vB)kcP1F>^SeE#&kcCFGXz;c&|2M-Lo9d~BKEUvgN=&w$&f7$6 zaBT}4pvhlyU6_WYy&F}l;57q0qJn)DdjoyYpqa93E45yq44>62cb(NBS$-mM6vT4W;s8L$ia@b*;AT~ z@X*`W@fOvp1p%A{-ktg(5yA9_e`@gp=aDp8_aG=4fukeF%@z33 z1K#dCZON@7wk1C|EK)rqLk<`2|fw7*kf1#qduXUlvrwOnRMf}<1YT7lhPn_{w5$$O ztu9$(lr9BQ#PFR?8`?mhckiM` zmn%7Uf9BB0u!l}t4FQDQi{buYp9W{4K)kn@Dq5R(`Fvl!tabmvaU5nMi19I4!t)An z?MY@=ucOia6~7QIm9lPcW&74_9Pc7>x3WA|Eh*A;Zh>&I9A@wqE{N!baDiYXP&R1U zUo#F9giqY?HtdtpTS1vTh-UOuS3hcI##k6^{VrxoK8Y3#te@wpwdnD1t0qfC^V_hD1QQ-77rB&jA#?Fn_E;p+9UfY%aDDu%Gcp%vrMoMTHn%owhm6 zcoBalgx{{L!-G@ zMycb#!b}s+&k)$&F{>13^zBosN4ELHu25w4cSan=j;!R!Rs%f>v!Uap`3Hw?Fcw!c zOe)HL4!02K=`_P=v)k9;X7m=mj&pgIlrSHi$zP*1yYTzen9qA?=z_l&1r!N?MR@q~vy7CH+B-*?0IV!(eyzI?{=7;S z2|Mp+t{X;O)Noz+_Tr1__-Y4CdXlX0N)pwQ<8K@lEL!Qt`>kV=CQNKDa-MSW0T@K++nP5O~O;6hq$` zVq31P^l_?ya&i~!TTFZesln4^3gC%soDB-PzJS#jzV3xcwi&?T9$EzB1-YRANTb<* z4Bo*VT_pZDLVZ0)c{Zf%On&N5-4oPVjLdR-gSXE7=2$Y3F?3KQJ8P`=6jAy^zGwc1 zK1UxFZGyy6C^K)2Kf4%2m33r3LB4`)x7Hizd^&8BlFkOcrl;L{h&)_9bU9EfNfyhU zP@gd8Ns~gkZ`1xu2*B;<_&VBzPXXc{sxv4vSbv{*F5DtTB9M=%z!hfcgs$4eqMPi- zHjw{Ws-Q@`?*0Cg7jlr%3a&%~fAne+jxdnUZo#wo_1>xY1|+%{ibq6PatIpeJ+#_Q z^cL314BZt*TGPH4dO)ONU3soI#J{)|A2I!%lmd*7(6r)bN64N6^pxKrZj&wssfT znpIGSQ9Uh#JMF;br)~1<7C7a=9#YUfJ-a2Gqtd@;iijs-Ef*u~gtZ`>LL+d#s1tFp zL$PL4{}KqgDSkuxLyOq~J{;FzNAG6UmS-N5Wl^LP+EFU!V2cAS5rg=DbqSLfD}j7W zrl-1{Y`4*>%9@iCu;sDJR;iV7MvBX-#NACKS#R6YK6mr#9*zcIIL7FW4=NQsqz&ad z1D9m%rWJh9%;6=s_D{eYf2PAZvgp*;*0GbT>&KDUoJI}D@I?HiCXopqay)A0p(svg zX@HIr!@r}X-P$z{>3l3YUGr&vwW*7(WU7^ogn&UI+{T}r@ZyU(axNmGeZajx+d_4G znuyX8tMXhjGXPm&XT{V^k(Kf-XGN?D%K~BTnB&SV)PK7zkr?Hdr4R&BkE^A zb`|;eX0JhTY63Z-26#~qcO-WCCoD0&9!Sfxq1ggIC6n0vxv=7^f#Ue%c?lIo6RIX% zR_6Hn6zs8PKd_lrbV#_G2F1>q;rGHsBz$ZOB-S7bsap0hfxf(OK;w%Q>((Qiye{ur!uoDs5OLasC_T_IIv?=%b~%nrw1 z&@%f<{o?3?>bUTWNq|d*gI@D#nu;m9ly~M3j`|=uYbuTy`w=wSRe}iionqk25khWh z@AbxN+(`smohbQ5+OCG%#VfXpd?Wm%_}bn2XD&7ItShi-=F)}iqCYxsdg|v9bV3r* zl@(4A;snaE>OzXk6ZWkNXIGE&muyQ5?R%l`*zzKIgS_}(mcrRS`7p}M0vK?Q7r3=d z9P2IFQoDYGFBf2ewGY=+bOto7<8^q#;uWfg!%wq4Y^=h3T6=Sl)CiFPf9T^VZoI6& zF$Z>JXLToa5u7jMJotNH8!B&#^Vp%wut4&dzMo>YxfFUOq3`EaqD}f*^qQLP~Y+502;dCaaJ5*6OX5}u7R5dr)K>J z(#D$r-xu=HOPJsm=M8(ijXxBk4P4N!rhxAEQf>1&@|aBd%_9`%eAidy(A&Nr5d2~@ z`3yTCa%Q~IE9v$4T6s;%(wuvZAolm?5g;i0J!a!Fk!QQVYV`1c+IT&)p3g54kaZ8C z>7)=ioqi~N7yf8Gd2dWP=F%necTosjo38~~6F+Gp&oSSRosAVRFY8rq5K!EBQhzpTz+ z2*3S2uJ^nDDSpzIyz1fxPV+D}hCK8BOMPZ$aJIX>eL%|mp23hW$R4uMv|LVPnrxSv z-^<~P-s34G2Pb4m$8pi`Jk#fz4L*ff^&ivS3XkC0&tGRc)+c-*OGk6{KJ1!DCTBJ< z=0gvR9I9thd`Etq$5Rll)ly}7+Edo~dj#HbS;0Kh{x<7dFyU?-=%&A4;(qxK>tzS} zS!lA%H*4#m9+v-5&;Rlo6L-4t#76mk=&mQS`n%7=){ntNk!c}yq~9Bq zo51uNhshzNj7Dt8ec#~xIthWjl%enR`r^;JL(z<8tw5bZ#vlyDN1Ep1q*FcrGu3mV zg1{w}fHfn~KljwbdrFva;wmaCf;Kyljcem>w`%IDP6&QHn77;x0*1v(!o_oWMdD-I zTr?Au<72{pmTVcie1vG}nm%<25Y03Qre^Q*-0qY4Qw1^h7`d?te{kyXtbTFI2GR< z>g~DhKdm%bbaG@o`m8;AiqhbU_f=%ef~2bcSfXv>saZwcub6$HI4az(Q&uB$teiE; z$@%CiME;Q(&4GnlHVPbB&JqkfRG5gpM!sJPhSrJLlaohdS4H=?HikIQpyj2iW~H&M zaNWUJ&*J7r4;XbSQpN+A5B_m`9wJ3O-&?;nWP7wM~_wStYqRF3&$F6ejP@ zMeT=4&#Y>8YLi9yh$pOf*M(k6Z{Mr_!2gl&w^1%FJlj+HuIob~!6r)1x2jq_ydH|7 z&lw2Rm+L|4NLxr3OLl$$Z%aDaaoNO_Azo;De3v_Te6Ori{j(10#w@+L^YYCl(be?e zg~b;uHXA!axH6%!DZLHjj~n}GR)ZbO@hV51v_TT*Vq-_8j*|O@LYk{@9$;P7?cTo`kOwL!`ssfOZ9sv_yRdxFM7Mo@5=|`!bPY`4 zc$?st-cDdr4NUmq${DPPk25+bvZm%p%w}L2Ad_4m6|qjed152irY;WS8TugCoNI(Tk-R1Y>vFvgU5cLvk5}&s zWMrZOqqDYuK8@HqFdI6~cDm^JRA1 z*`_i%%5*foFaikO^tCuo&q=6N>ps@8sY$$NG*&z@cCJH0lVB%hj!Hiuj${WrFW$U` zY+u`oXP3s&Qo%py>pmyYXOrtL)~r+cwy3yB`vk6&tO*JdZJQYGUn>qTy@P8-AY0$X zrZ)5B-1C1HzC3+W^lbUgM!URcbsoHO4o!Q{6ld4IHaMlCGW#~l;$s^)p| zbM<@Z_Vjh@a4pz|PEC-nVy(;3flW|4VE^71;%|k(8q9f1;6W|~8D0aeh3)>eTMn5# z_dBJ#6P-2yb+c@jE?i=^WHuKKx(r8Gf(8@L@W3xrKv@9aZ)6@@EoNmZAKOSVFKV&$ zJR=eJ(W7f632wKjvb4qcfV855oJBf&cQk40BoVm4{f;Eb#i4fL}#Mvs(gO;GU%K$RqXfKxDE z6^9ic&CVY6Do+^!g8o#tUbzp>K^$@QijJ?+lBy%FyCR;$pjHXjb`=x1FE7JU8)ztIXEFXK6w zY?dUG-bHpO40>vL7tq_=aTc!RasjM~WCoiE42CmTfnIm}M9P(gLkHWL4C;&rY^V}? zNC8iqQ$yiniFbRHfAv5PU>1Ms@OLqx6*#lT(@cT|?9DlZy)*OEGmr@{escAIZ7$pVtk>8cunzdCoAkbRyph$MZxjK#_cnyVzP`#o}HZ zTYo5z8`-&Os`bFe!g^jvROmgDiLZ(qT+h`zut^NfnzIOeCw%UB0LMRBPe`9ttDi8e z$WQ^Vs%oem+#2V@S_J8rQ=*!>|kpC z;YmUZDTZK`kUbOr8lOxB8i%CrcxZyZO+2-w)ndvncc6gZ7x|SeyEAgG_GoziSE^%X zh;3?%SgE1fQE8%eqzgWTqg}snE^Ps&8!kP({96D&m`8;;X@BRf$YEI zT)9_$F=}6KUGG&zzEVUK2=i$LxAqbK-Z+(5bA`22n5&8YE0I3@_AcA9rk)tD!`8I0 zUKst1Ui<-A@k2fLvyP&u(uU^MJ&kC&#)O4cS`!gb^XDvL{knaZyb4zL< zJzF$O{zNQ;vN0LqwV9m_;tg+`#WonHM_MQ>MF%;a8cI)tuA*!078K?UlA6Ms4g1m! z@Zcz$D4I1+!)C!Avf@3Gg1cS!9l>C^0?B2u=yk#byCkx<5^B&f7|aEW8Yq>X>3KL= zG5zSccT$h+cR-w>@5K*tv`iG~p})hy4wMelP1idqVzD!Pgd`fu%Mi&p;Ydanx|))P z5|akqoh%s6x1QP55GK=T;8mK6Eyi6_Xwqr}V2kPZ|J0LpC-Yp*sy4fwM}28*u&XD5 z%NXTKB_BB0X;~x)RMtfOtnOiyH*txMoHa=pVS1`Gq>PCW)zhPDt1{G{%)ElM9&_g6 z@Ws5`OhqBpe>RC?;FvE~C@`WS+g;lo?Ge%FynwY9!G9)SFAql0NoN;}f!OG~tu<_R zyQJN=f}p=U9v(@~7-TGFR2w@(mCKHv;o5M7M}TX!knqsx61r5StN}VOn+(!s@L)Ky z&~qTNct`i|$V(%-USTgHFaU?2I4M`6CG_p>2u((Nu4HdCGVk#_CRgS&d?FkB>P%@6 z4@jb81!!`K3ZpWppbKBNF?C zGG@P%uGLr6jc#_i9vzigi@U20=9;pNHU>3xmO4=M{coY72hj2euQ1U&YriJLv2k{p zpl_tS!rz~-j}5$iy?FBg-vUQdk9(}Tq0I}9 zW0so8h(P>vA8lhp;pkX?6&;RHp4KH|kn(_IGdbIoSsX zm_C9n3+r83Z`>Y^<8AAnkYo~I+g0!I0wb&<{%S3Vo1oaJ_p)Ca6lmPX=c2oA@VPgS zYu&-?kpz&RD&rQ?y4F2t&rU==X$0RudXMQw(4olDNB*d(FD{IHy$)`?agFv#j!>pg z%$U)nHLB^Z#*pd@G{D#dE}Xp)0Xo8Ei={QWO}`h%Zo1KGJvWKobjrrY`QUkPm!DAK zW~E_EJbKRiS4-C`)uF0;T`{}i*A6wf3IGpm(=V+o=;3j>T_eC6u`h^HCK4StAVij6 zxx~wb`T=LIb-&HBP2~8hPTK}E$|{x{0=Vu7kJnPdY5h*`(DcT?!y{-nPABJHY9Zg+ zzU0S8VX&OwIBs*Z$XZcO_UyeHE!`bMA*{+BF2ZPFr1r0E|K`%QMm54vS>fzED>|#N%vyV_|tH*9?ctwPgS8MNM#)_7cZw%8#vmp*`t3xh)}*U8;S zZD_sc@$3~V6B*yHX1w~PUgNZ*_WJl1|2RKH&?4!2izQx#Ws`lkM@1 z!S5QBc+@uKLG-{|1a_BjXSC*@6) z;I4O=W0jAhKdbc;Fub~}eXVbg=V5%a(jtq`FJdNjRT(h|x|8;J;tm%vD%b2f=jQj( ziH4?;CWJE;`;I{G5i99UFM6I_@Kbrg?BTBV%@*$9`Vv;Z?F6U`^jZ@!dAOfaj%%cL zC*aYY%~srPMbB||SkbYRbH8`Sq@2A*ASD}!Q^DJDMzYYDZvzcU7?1As5k0q2f1~_X zq*SZx3F@5$m%KsjutQ1##LCiq;Rq zrXcW8vrGX+)KgpcM(FK6*chN7k(E^UVl1XMc~Zv0)id{gZ6e&E-yXFnD!8BUPE5t{ z^}YA&Ki8a0I*M@Ku6b))U;5ZvJzc}lCot9n#fa|>J{}~Yl zxnUkaodY%qYXR{gM|5dB0|px60z?(S!mJaEM;G}dyKr0%Rzlh{Tu)YTvu3dYn*pKs zs48eG!~tFjw$E0Q+A0EDpw`j}Mq5GM`Bx;yLc}TQa4{bh`*n!yywaie7eP zu>@RCLX4j9RGn$F|C)$~lOn>#bkx5{v7JTjv0_4zltjoN0C%9u zwh0#~QY^(Cio3go2d6ltxVyW1akt_QMT@(;ySux)hG1X%em~*lYiD?sY=Z4iP{eH4A~E9sHrG062~v|8*Gw#)$9ya1**DWn&(f8g z9&Bsw3q{*ug-$q{Dk+;=j$zXlaQ!^=B$-<>vX5S2|zS;D}{0?&<- zM+weMWx%AO+_@hlsd-9-CZa+OvC)MlbCcXQR5t@Xdwk1%`x=!2LWXlb51EM-3jMM- z^e4D2%ExcZaQLgh<2?EClOoQ&*X?%!)^dRI=HgaG28W6i%bETf2Qt)`G1k*UW(TsD zB3QlvU8}ekedc@<*dT$j_#+<2*B_tFoG&(!VAeQ};K&_IUitNpe?gg(GX7_LUQwy> z?|gW-gp8Sr{D0J}LpVQ1c6ax9(+l_*MI4=9p~yJ)-W5HJ*Gjc;`mLu9gLuMQJvB z>e@{}c#by9o5@SF^07xD0Pf|NH2@H8#IFbxPeAYpX$ZCpPyl({NZpQBCrO1UA7?^s z=uCSMi1Hq96&8SU6#)eUu5ltCjPUfhdM&7cy0U;zb5Q>wQ0NyIsM*LFqh5?Suq z+xQL&vS(wzj_PIfP*>*Qs_AIZchJ2t8d%N??j0TFC(ysCee@f&7SGPM?(RQSGn)~hn^^ELaVG|R|Ve6Mq@^FH0N#ng_%uY5Qcy!K_=Y%N0 z(NVh72KbIEZihguRVkV;4;3gjgq{M^NpVZc>ul>)Q~>0bjE-50WmYPGpqa-=b$>RP&q z-4XOH#~8CdDIWUPIT<4qatX5WhakyS5qmXsiUpx~!>>ZSVOF5jDazA)J1A6**vWID#TdZHTTntD53cu0V z>bR5Je7`N)!kp3!336GRmuWK)^q^s`^Z|jqiO=20FC@AM4o9411bNKA7VN-j;1|-b z#(2V2SeG%>z39;^kaL{dd3WuOy;>dogTa94TaFO3pEd_bP-=ifLbxYeA%O2^TPS-N zizgffx~*LpL-^QTkLCy@rdiA+5@T~;HIj2C@&s=t3x=k-$CGTRj7~Vi6y^&hj|jd{ zfg2gy^W6^L6vJNTU81)nU&vEfC>9ldg;q8 zA()9nnvJ%k$&C=xVA6}rzHvNudp|WZTRt6~r|XZh+gDDA-IqXHy~=t${I#URcY;sL z=x862w+?lveB8nBV}%RMS@P;97Bi1}pPj9%Hf z>1R*m0NGC!mE7j$X09OQu=#($lh!r+?pv*SbBA9VrZU)5OMRc@qF7$(6J``~Sm*KvcOUU6?SL}ai?;#@bM}e#Vl<{0 zdK>WDgc4B&k4Jvm&K_22JpYb%I~+cY?LP9bS!r@%d#1lDs2`EuEUkJXQz{k{Hf4k0 zTvB@v)^?iqCF{Iv8j)p$JP4-bbpYhHlM)uDR^w6KUJ3%iYRTDVT=y1@nko+XbD=SP zR#lz;OL|@yb{$->V+vFb78;uhTPRX7`>BWh_W%~Z6O%+4yDq?Ry?9t;v`NIWu5Q%c zRz>%z&jTrG&(MKkj+9LNye_5?Az)(l;8)s&Ziy1^5Ah zSHlH0)t;Ex>hBGXpZks!>Udf=`7+&DZmo8>iDKS{`1wC!&v)F(ORW&k`hdE`DA_fwTRF0CKWi*W%bCO3>9&n4#e0Qx+}_z0sI zgP}dtotQ|3^L%F3hlnL=+BY9Q>-j;P`2KDF{~zkR&Xt0EF=xmm@u=b_Gdxb; z0HgraP?<$I@Anfz>s6Pp!JR(Sj8Xw(UaCfmO+rRf?}(s!#DG>RV*XCOm@G4S(#7o< z)gIkAse796j-WF$NB#eRi$VSQyW!sfaV3XdYwEFoRJN*_IF-QIPDB0)~C$h%t$<~~ZFW00R2&@Pn*6oLf49$>6C*$~~mP&}7Z4=&LJOR(st6nwxH}=H;bKED{ljhc9!=t-l-9UpCEx z-pRq_z?bLV55adn33{@@Z)Dr7OZE_NR-Yi?9caaN8YU2>yk^ z=hW$o){!Cjb%Do|6rWgb?a%fuUZ!>v6oGs}Z_9U#l3UlB_ZsjuXPA#>UT`eAGk1)^ z`-{+C|AYEIg{tTdPRQh&D5*S8MA}?&T{GXBsrjB>Fvi%^uH`t|xL!T_%(G^Yd)wY? z?+VED$zfmRH23B)kb(|9o|g0a;Rm_pQz+;)^kUfqh$YRm@ioOeQ{9EwRaEj%3kAgb zpFRebXr%jmX`)uWFUui;;@>`h1~RZpAhJ+f};?&bDr zCsZ2z^tmnFf%Kh1J~?@J*e$27UM16zzReXImJfw}ONM5j3{$LPNR2(EZ+{Vb;=Ep+ zbI*%VVJ1>vaA`--GYOGso(xWXasg|` z8|(L>YKuo_!W4%(M>Otj9>1uGZF*^DgSUA~7Y7CH{n0E}n6tz2{ngU+hu{XGilO$s zzlsg_5*U>z!?y+{W!MfGss=fo@tSt{JLr&-)pl z>t+VQ_P#bxNCQDk-XB*l*o$0l8N%t#Ik9_LF!miccK2KrwdV`1;%~HpQ5>te&PwlM z`O6`NpK#OqDjIw?j~(^O1G))d8+Gh4LF;O=?E`X&%S^ z-gGc>!OsHnmbgg0_@P@TyjO-g-pb^Rv$b$)NiI%a9%sd%9_6k6L|WzR8TJd(kuCpw zcG@uM$3amNZ-3gWt|-Yir-&b>65o4W2zf3-sk=Pj6EHJF+4(+jm6=IrqLSIh8O@q+Z@RFE)PI+1{vGvtj%W(Sa^OzEq$6t( z(YG*#L8Ya~aYYc)sH2r9+4OQVS(3b-`zL7RYKMEXw=Ab4;>DP%pOQ*g?Ik;l@EYRB z8A<#*yBMOeHkUf7{}#`1_$yTVOcmVZ?-NWU@Oo~~c>|5A&Cogk1z7QBo&xAU9*+Qp z7+>g(ZA@m&eM=)Q29qxc*>WTB@+T+sMkxzDCW#eWMc#z9f; zpEm+E4adh~{}gu-v}J!?k=`b&>aN)(K|bChkm!J9BtlLxEQCb4OY{WuEDN)G2AGz=Uq^xS!R` zj3?R}Edu_1r`o1K20tidSU+uDSyqinwff{-#9T|h%LrGF!bxu(rrs}1ftnR)b%~~7 z*xeuoDk{^_^YGZCow1~{YL`KCo@FiFFJWVH(?1vd1h+3&F;SV4X%m~$lUvHF?JlO4 zJ*NrmCbJ^cRy8m!%9Ql;(e1hYybRPq*Hf zj2(31ckYZ)QEMv)#XjMOeOCN?7T%}s|Gs0(XRd_K&F;8&h_am9F$|qr+kJ*}4Qd;J zN4^~`m`=1u?`BFcbhbGJ(Cy0WTCQUj?qzOhZi=^*PWtu zcN7t&$+CQ6`1%L&(0nNRjNJISqr4q|0>*1MPh(v+=L~7>ND#?RK?}3wBDIbn;AvKJ zT0eOA_xO`dY7};lD-C-|i$-fIfrN$rp1y|8w?es{f4Cz>^cvK^Drj`B6*=~qsckW+7d)r>=65t(Y| z%jSD#lHJhh668H#+cJFoI_SKP^qvk&e&CBIxhwNC^4ipsc-thg zw%}NtS*b+uAhJ)P|3U(n&rR6A{ITFL_KVu3n8=*}G3P8%>A8Eqng@A714)!h((s&S z=2A2GINoRXYooTb*x#Cv-~{dP2t>5e`s8S<`n>XA$so>6_uDqCD zrUPVEMx96_c^ej|I|=K}+W0Ij&IUolSQ0S^0&g^OYG-;-PBx~lm@)M1SP7R9d)(rO zt#e+5sqdYng0skMQ5CD*iYbK1hjAh?_NzE|(E!zB=u^#DOIHP?6 z1e$YMu5)M2z#1AcVQ8;7g>w?=AEF#aQ&cH5VUY+VAm+C~o;+WTZk}a$)Y8=MC48r# zaZODx*m0U`@`M&EcTrUMn6nDTJC6UrooKb`E(VXNh6fy zC`BiX&aLk{lw=^6MGd#575`w}I)(tVx$iAWduArq;#6&aXTNfgqJyRiEy?C#{@<+FXg;GUjE`Q|HD)&jH`Vl(K5BvhsD_0i^D~Yj8+&a z2SPaL68*G)AWlP9BYM`^G1Ffdm0_aS{amUTWpN43ucb$&28f6AfEB+!nTM4VNVIm+ zQISBFbzSc^w)gv7G9E{lsMx~i8mCy2bU#vMw)ZIH6c-#s$}ORGXvZ#PT$ z2z$blgByIdw71QDE!h4%_^HH&o9G(%!SVB>Im}RM*|Gx|`bV>{zggtFef?Nyq#HAb z#V#Uu%C{iyr0v<{2_6g=qNV!E;~5(WHdRUgX>mhp;U!mQ%olf=9XW5J?T-%tK69lt zd?0#K$?;)#bwd$$%T}=2lR&9}K47*DsaLB$VD*p!HG2=v-Zl$uf9%1Isof?e#-4uJ zA0@P^Z+i(whEm~g%e>9to~4V0kW7QO_a&l$)hG|q%kq!0XN;lwUid8hwB^q z)csWc(lQ(RAa`14s`731-d+TfSK)De$EVNfvZIZ0f+@(ap+vCcL{k9bqW+Z_oBf}- zMZWH2#tw0*r4~Q{09H#sCNymuOH8(Y(qGu5F+14;QRNE7p{9#PlUY!iY#RpqQJD5i z4oyL?ZSr7kX(qM#U}eq!<;Uqv{d8>X`X)+;F-s9vOA(I?xLlskII&zp%xH+{NLJ9P z`BL<5{>5_d`sF_hgPc4V3J;=%qI{P@^Wr=u(lCS1{-(Xp@|8 zmHN8hU}FAFt&{N>f77{4>TdvJaWk@}T$U4|qj`R9e2s9X%k%dbZ|^MmA=OVHt^#4B zK2P+Yl_3`jIj!HDp%k(VzJX;cg}eTi!MH`omz8~2n;4aS)*7lP<*If}Eo0C<1SxzO z0e#)drZ56~N8eJ&_}!-w>Sg0s5PRCPSe5-?^-x}6urb=LEDP9VfMjZ$D`T%Y&NEz& z@aKc~tLp#0jZc`P3F zF%*;gX>qozW=Bn1l2D4 zH{ud<3*K=9*8hz+M|Ocihr2Kg+8`v}g+kUT`|&m8{0@OA5psV*H`zaSXx zg9?WAjT=JYoGE>B5t)k6>eNrv}&$b(~(8%XJpv<8d3d+~K6|B_GSE#l?Zws#p;` zf33+l)fm0FGHkgW#t{CFJC}V{TW%OjW;7aFAl$fGl{q3U6jr^GI&{+t@e64elXv|t zKCNn8Q#-JKc2#11FC7m4Iln{BL!jJm{HivsE@XlG?sZ{7)MU_Qc46frPug%kzl1GO z=lQ1E3Yj;5=v<}+RK+g~SGGhj%5)CQp201z(JQ98;giI8L2pSyxRJG?KvR^?R}(BI z>Vt2OQuwpd(c9T3E*y{F$YrcJEvO+^$w_x^wEQ_j1h=Im5k^1!v24 z0hNWKhE`(W_d@mS8(WIC`R)FDUUeVF$ceaT9+W%MeOErQidSSkA6}fcNe$rHF4?=K zH}Mb6#G?ltf}6R5ry8Rp;!NEa_CxPFSUi=Yt*nPzi={+u6Sk`4lGBlPR(yJezUnPH z_8Tn=#jIhE@xOLQMl*jBq?o@Onb5P@*H$(l{r9R%e6LZYtsT^lgcF~tI2rXY&DrI$ zQI%!IkO{C_R&XbH!IYo$p~^RO7CLez)?Um+&O> zJ3bQA&-t@Jl;;NUzdz8+bC%@uhNwk(P@NiXyU#`(i4Sb%sj!?Q!*uJHS!Kt(AZ&}Y z!s{FR06&P~T)+(-{PJBNdx@!LHt$Cb<@Ym68G=F-3OarWLX-jTyVahP!$=K+*6jZ7 ztRu7FIp_>z@B1ZnvhKdc356uW_<3S+FvQ1AfgbI14v9uwSz9vdWs|zbmO)s@reU{u zk>YyP&_du;=%@iXQ~ylGz%iFE@uGqk?xb|2jmH`2bC>qSlCbe2`k@LoqXi&FsK}f{0E*=ec}z zT(tIZt^ufUa?4gwKm3#VN+3ir1hxDOP%k{krvT2VG`Y~wk^oN_Tg~Q4Lvp1;@1Ldw zW|0lELUcr*=Lc$fTamp#a%*pQyt4=f3xWS#zljaf>PJ{5Ypo8ne#|d)a4`Y_r$e8& zs`?$7bSu^^Or&;J@cKfL#YFbeGsoGX(q8^?GdJ;fCw93R_#0r}CT=aKQU5Jxl*^MW zyErd4{(~5CJgMz$B?p|nnNlmeWn!Ta4rS6xolo8!S`MR^h@GBilIP42Z^~sb$Y7O2 z;BK597ih=<6iOWg`u{mNXVe4wlZr}i2Nr%Q`Si3+MQJqJ6HC%LybA`3-n<2jlx)=D!Ko%+-^g%ySr;|`hIqv{-XB=jYH2k8ZktS|I>=Ynm2p1 z3B#BpSn(S?|6!M13&f@5kQZ`Zxe+0&8{D6@RpajL-F(64L@o_5Oz+5fc0hZS9MIot zSG##{y;CgZXl@6WwSsc&WK94!`&RrK&pCeYMhrq3gQ{?+Gz|aw)_iGMN{HLY$7p>S zb2#Xh{)dt0b+v@F1f()d?WZex+HmT&`!Ptw;73-)6p-^f0unsx3nC6=ZU%*3X~5AQ zUy#U#xqd~AM5bI2*x89Bj}o^O<17^3$r!`lTbNy+7zJu%Hl;|gHI@C8g!Bd+xia;u z>G=eo*lk+NG`jt=8oSUF8t5&VSd`G}+}y61NE>4|S~yd-r|27gq+VZUCt*gtnz()S zeIsUgK7=`^uQfB7FS_a`sPhx{&dc`6mawSGU?qrL8Wh#biZr>}u%i{i2?fJc4Idar zw$pyp1a9{E7tsAoA{qdXD6?iIz_yugaxI!de7xnEx1W%__M<7oCQFS2WlyOctbj-0 zeHz)+mM`M?UdvkaOQ!@bw_f)ZCJcUbTZ>nl6-%)T>Bi-n*SrY;p-=R4tGRF0Oy-45 zeFJkx4u%^*sSIb)Fm9jG6tyaVMB-YtYbuw)H>AC_o>m12H0SlDr5I6{+R4Cmv~28; zVjNze6;{Vgv8YqM_3tt3cD?wMo$2x~0b|N>?)F^=>Bmm$?Uy{OQJzo=Pp;h|ykqhD zO#L@Ghx!YocCzk1Y^~|c+W{@VGDvZDr*TLiq;w1Ov(-`*lHXIQ+)(`(JW6)@?(RnNwWtgV}>aI9PB!jwW_stA0&v--D znkN}9Pz+V60oOktoGTLtQ`hmXm{KIQ^-P}Zs(t1=Pi=wMc6RpzCCIEIq6( zuGL~9>kT=cle-J3sCKx$AAdGX$Gy9Hc$KQ0UTt<%EkJy^ zkL2S(%XJxkXnMz1K&T!{#^Y3{7J0y1Q}Jb`n3;^0lHjjeqoGLvj;^m2m#$X{2?Q8Z zo@Mb1%gd8D!7b8P^m@75y7GM~9tR^jiJ*yW(&L*|;2Z&$;aaeEcjK2<;5|*YpYb;> z+7&kzI5>E(MTOxnv*T(*JvXEH-d*Is9|QxyhdUmTsR?Ai^-7*8Tyr`nb;rur84X-W z&e4a!HAW`1=tg@jUIo7{p7qP%)){n9Hvs_G2jRoZ7SN5RmjG`GFCk{S*2{LfO*v5| z4@$`r>Vq}qzk}-xvVOA@;}yoRe`OKKSFD6%+HrGyu?>jR$7m!0PMFen3MW%a`u?4@ zc9lqx-(%fI}P#R!5e%;4#H&hpj!WDwc60^03SjRaf`enCbNLB%X zBwiRD8}hsDepsR1kB9eC8-u_PCndj{virN--1RT~BuiwFn8 zVTVyp{EJCWqkI9K{xgiDsR#evmYAY{-@aHv214?X2q$4N!ffkO<3=|_LensUBp~D| zlqoUSWbA$GA{j+L+oF{(mko_;BaNPv#jpQrBVto7yTMiPWIi{T44sMae@AzUvbl!m<$ctK2%NawbLk^L4744UsV8zjMOf3VIemdz79 zq1CvjSwXw0x(PSGzp)MX2@!(Ia({``FZAv(*f_u&8BCS zXoRLY9y)&}nwKjbr0D0|kK6;Vq_VJi?MZUw0E*X^7M+bu_|zdoDHTy)02 z;mAHA7gkxE=plZX7~iL%$mty4cO(6a(DJ2*N9&Ko^0K6c&?UboN2__gl$%v708#^i z7u#soNaG&Jo#ctp>**pkaH9SbE;QdKj6W*9R|~A~8w>^HVoNkBA}<<*s%-c7gNL~CQ4Ghh#a%ODQZt`cy zCF<>k+cB#Ym|7+2ZcEVXt|chx8W~wkDMXuv=*<352-f)8+@DB8X?koVjBYkJcwE4r z8|5$idkOk}rcas9vZRnRZ}exDO^-(um;QjSs8945+WSj!S4U%VvteyJ**%Qik+%~y zzJS6gLWnlo!QPH|r<6|bAKfv4PE_YqMKAih5e`;@`QFb9ip!f7PNSu%l7c$yoa`|#zLCMwfzG+ThA4Rh$J;KpI|ez@A2sx zWcCtQuBN&9*C|YFV4RVOcbfGC5lw05b6TB=-=`HnY8nAKW}`ClXyLI( z0It8wvz!&sK6jhYm=1vyLP7wk3G8B_#S%|oEMtbRa7KOX^>~JpeSLpXb^@uRHHXua zyfwcYYB9FJg!ZwfD5|?yI(p_t2c}b5tKnJpLMo7}{PBEZiEF-dCIykvPfJPn*uQ#6 zcd%9Sc_L>$rUICVbHqwnNh2#7BL>@+&el&&NnR5MWbE*Woc*LhJPnt%S}$xyjd$lR zNso#0vOQ?=l;0=gWbgh=A(hej*%)KDq@=}a_~)j#l~AQthQ;pFvWB?KUQckK-9to z)d0b9^|x7Eub-mUKlX@%UUqb>t`97KnWWKwp{8-)87eI&B*w;b;HWj@$$LFr#jI9z z+wX1}ykAfGdCYKQQ3Z9*3Mcs2@+dvYc6&X&dlz0V%uK(nU9mcwABE<#S=SJa4xRS^|4AgSYvnf!%1@Sv0pS4}#J(@Xu_A;aT@;AHVY zE!&t->;t*1SM7m{JW_AQux!Ql$7fp_&AtGit!WJlh_7!I|Me7=-5^FlhRke}-bUD7 z;w%L|2qE&w!Av$NGEZ-`LN#1g2SsI02%_0mfr|x-L?;?bxm$JT^LCmr&O&! zxjkOH48OJIhL5UW-HGG##4ok?HV1;tPgBBZ0Af}X=R*CZbD=l&yX92Pj4?G3vs4mT^x;owxOzOV#1*Kf))vD)0zxPQ z$nFf7yrI6m#+BKLL%$zK|?j|(QmyRd6DWI!~z*^RDxHsdQz%tH`P4Bibxrm84 zmL@VmtWt;8H;!o}##Yx~Rkipn&xO@D$KgY|EwLGHi~sE$L-V_^c)D7_Tz%qS=KI`T zr@`VG^dg#>5s(`BrKHhCB!dZHWX%mY^bRpqskh3$wI;$x&|!(hLXnn1Ok*V(%2hp{X8ZiULyUlU_p6Gz*!T_lEBZQ|T!y=FPIi=`mr#_C0U4OP z#%RfYHOuPy-XQFe^NCMLi@@jCi}Jj%aCTA@DR4Ei;09PC{`Dt# zwO>j{A(J9p|5}hJLcS<+vPfi9BoJK5L?wR(?)z>d;bHc2!5NGKr$5|R#kV_d#VoZP}6Ss$^>E|JeTes;pI4RId zx!xA)=C zH!}m_gcg_NuY6321e2ioYM`&S(2SD_^^jQJdooaJ+1>tvlD_w0UStt9a1ce3z>Rka zm0OMepRD%wN|H4pl`4vM*c_ycy+1#ou5968`{N}evydf}+*mt=9_hmMu+NS!9*xzE z@$;2-QQq9|!P{I%ngb5{I#=~xgT+7P>$S?+xdH@y&K9_f)1>lgs@g|iLkN?v<+aL* za^s9JuuVDn^Zl`qIb9BIESB0E>hORlK%4gs1|MmasTS!97);&d#oKS8{P^<8+(g~# z#$q|-x2Q@WwmL_eQ~stM6Zz>+(=-Ni7B>d5uL? zu;njbW~u>;_C{S=;20IYe;R}D`{ShPyJf0ldnBN!014!o=%uI;sfJTRnX$|q>7LSpCQ?^Rx?vd_Si6~YB%ZgXvSl-(Kl!SC2aavLz) zjKwyntXnCTQM}b(9}C}IHoIHft0mY^CRT)2Y2=}0<~!UNkGY;n#6J`i3XT(B?Rq2I0XzNm6} zCMjEqU**6(gtooOg3G>XDEpPyL2G!~-5z|Dfy28Y45!lVg+^0TR-3m&pK-F~jpn@L z1}F`4{@bzDHAi_TX3}7g8w-XsfaTrC)hNy%*U{9`b*^a~5ucYmZ;L|N@ml2SX(VDJ zU9{MK2U2DR_U5enZ2tB|%}Bior4YvUms^wWlzOpT@;=RlULZKg#iuqO)o5-}r)v#9 z%@HSwy#>-!XS^YwSMDSE!LRsSe%C(d``sg9oO}Eg*=x529B#J?+pNW5og?IV6~|8K zs9Nv37t^&N2-1p+8VT5G5G}hIsNK2(_`#OPF3_ECDNp|7T8(w~`M_CrtW52AFYpz9 z3nKg({~*!o2K(9l(!x%0H9W4`2?v#_IZV5-BwHE7b6GL8un$a?-$f9jHB=~?;Dklc zrR5iyfEo}h^KpBO9H*0FrwxUFm)?#XSb$vh%O6a*QM9iUnY4R^W z8=e0~1YQDj6A9dN`(5>)S*J39Kw?Hqin#oicX>{abi5I4u?Brd1ZZV7Wp02)nJVFx z<7(7Bz`I*tyN4|`6NxG_aSF}{w{T7gx-^cKyC+{=*NB5chgGv5flLPAXwDipbh{6K zv4$!0B|{d=E`v7%W!F4c=SrYZ$LnkTQTS!vY`b~+v#+2N)qy#)@O=?UwU+{VKdSus zoW|MN7oZ$iZM$ng(B>vxx-zhoFjW}as$>rjMFJBCr!LTyxGqL#jr7^xu}eCC{j}8b zvF)dm6PMJWIfB(5^ZZ{c4t(sU_Vrq%oL&eMmC=ARnI}lztb`s0>8RG!BT=Q6AaYdH z!5mI{Nts7a9u+f=L(nf&pI*>c~|EiG$?dPS^1#E z*m>=NcSviKtcJi3TyGs3rjbb0&PiF|A4H1s*zLqu2h4eOI2A)VT7CsK(&1kbs|&CO zSz5jBKkqn<%O)#&&EAKZna4lAM+jhD{Rc|C}qa<~pus9{d|*L(Ctu`jd> zBU+mg2{_LJ(PeHJO%kf=VcHqz2En#DMR1)jh01v`um6&T$X38bFOQppIm zSe2WMf=g9MavSqnuTM0`;=uV0`9+46=k3T9SL~%#E-laR(k@k%l_J6hc>G6s_J$vt zTY;E4p`)@Vw-5LzEF?cqzYk z8P$y_7Wi>7_SS!OheVE-prDk$0)Jm`Um+_GVbXyDTO$tomUI@Q( z`kzAWcHQCSEHN02Aa=Bxzt=oz&wZ@_3%RkC;#~6@YV*w+kIQZ~pzQhmc%2=&lFnAO z#S{wY?MJ0*yAp%`v3b0&6lmk5+jAu2YBj;PcGW;10 z!Zd>q>YB)C=~33Whc- zU&N>@C*@7${R=Jz+LwHLW>OK#-@#VrlWsx46NE!w4vf2{On=g9esF`cgu|}9_x&M5 z`Fblx=pWf*o>KasBh=RyUR8U=(Jv0?=}^A|%*!)R+%+&Gc!Whg;V#p4j zdUZhIvRMz~Xfil1=ZT26TFPTF#_W|VW;uGkil3_`;VYS|_MC&lR9PW4UHiGn-ALF9 zH$+T6lRPIWQHQW_NJyyZ8bJ`JV|MYl7w#D3dKqS4g%4Q{0cu54Lys40@#X|Ek2co! zo*oqIlJ@~tic1u`+4Bzh2<&>E3DlC z52u!Bx=d0A(u=wHkP~=hboP)#0yyvUN2Ua$oFF8PAjr8$=O0+n#TY*@obVA6`P@|> zK>E6V=7!k0Q~IXg|Ik?rLP6=ymelLVie0oX;fXX+@Q!i8iP=307BZUP!~;KAeo+vI za%D^pJlSG0dz0QQVtl1Yx$YxK<^pQ$N9gWcF265OcnjE}#OO-@QjUF@7MVbq`2Zp)9T;pxeLn|k)zPENLuF0R?%*G8K7Bc>I-2X4rW6Q1xO@Kd z5H>X{`sYqUIkarq2gH!M_7G~b=<59hHk`jF2wiMEV(~h#SYGiYcN;=(f4aa=wr!Av zzqief4Bn$+ejIxf`1IK&_4yE9z2)vJlj(Er-hYzk?z=AKyl!wp@714VRI`E@)fOYNB5yV(6Ql%j z{0(zd5$HFA6}Hkwvo%Z{E62ZNT;E4HN8vBRa;?|(bdPjTW)pB&B7Q~lfvJ5h3uAKW z^#KTeB2hu}((QbBRw&;(8s*P-iPSFlzOr$hB8s6GwSV$8H#FO)A`STS!K{y${6Ru0 zNwV}*IdqEBEfe`Lg|a>p#0a2uyDj4M8x-LYaMl0`U(aMoG-s3NwgLj z-aHYY*(vUUqt!DRECLD%Iwc`Yt@S=iIOf-S82U|=p@xNZ(ayo3h*89^S~J=V86h(csvp~s2Og2yHYWIR6ov>oTV2vW5O@p?Nr3Uubu+Aqm<3#!WA|;LQ6?>`h;r zj{&g8pEvN?^+2^e`;H}DiZQ3mqD7-EG6y4(^LaSBHRgCU*?h);2hL4eVm@0Ytmc5K z!$x$+v|Qvpnh+D8K5xF*aIL{S3Z##%+O-7uzV^g=#7dpQ*c~3A%MfcJXqoE51wTYb z_ zJ<(@wXA5W1puDM`5H@xkNW$eC1!;oS@Ee|t>Tjo&nQ`7u7#CJLzX@#iB*jCW1?M=g zCh7GAH2H>n^iQe#x#y>aYy4?bmD@@?+u8g>lI`h40e1C9XDTfRV$v@C8u5Ee|V$SQZ&_B9lWQ}!Hp5CNub*RbjUXbD?`cZ3GX zlTb*ODA3T>z8T_oF8ercycz#Ky|S_X%c2b6p*; zZS)RFod@D)VAjP8J}q^2wOf7g3}_IYU5~9<XAXS5S|#bVag=gVHyxDJR2Y{~}~3Xw=greyc*K}arn3ckJNJ&5N5xWW6XS4J29 z`R;ax{L6n2#>prEKJg-tguQU65<>)5HzPoP=PMTMiL8O)qx}w0-Ga;8`)k_8a?|~% zMl+9{f2^S~?yCH(QgCAz2O8+;&QIm~zEes`IVymmTdo4Bs5&8rX zGDpeS$|p$dG*57~CRD+Bl%Y72d<>tnFA!(30a>e0`m{UGaDZoA%z|K5CdunA+5eSFZ86Jt(q1s)aW z3$smXhtXd0D`;RHwAD4WiDQU_f{hcn19TW~9WYjUCMU8N%t|B$7AruoUJ6wCKkPJq z7(1jpvMc1+XRcJI^FkwDAD&(@_cj`(?2uyj)rC{vCxx_9Zdm4HI1$g~+bFxco(4ne zVh?{&cde4-`M~EHRU@Ux634!4Z({1EQU;oxEt>a^EaYFjxtD4%Rm${E4=xhR^HNt| z6~v>+LNgO~ckZp92W5D0lWf56r4u;34byoyxdLh}Z95YZlT}!r1>ep;xxYAGtcs(k zgkvZD)i{4Mo?MBRUF2c|G`DGO)@X`S+5Z))KiM4vi+(7Pnv=`@r&$>GAQ!EnbhM^- zK>BydFH=y|?nKCjzsdA1N`H`&r^GuJxK2dem^IziL2XT!pusbuXfX7ERVN7H?Y-y` zP7@og9`0t} zcC3SlG#=0S|A(D>2`<@ye*9Fy;e?$lDt8=MqckDrWGNa;FRjQkR z<`8GSeq$>lPa}|;owZl|#jUx;{dczIIT=9mVz- z1KgcEBV1C9qw^M8(#^YR9+~_c^zRe~rF|tENK>66cCE+hLL2z0#E^)M>{SaNw{Pzt zxVoBAnU`L#{@$Wul$CSsHf$97ggC-)#C>?c(-Sg%F}s$qx3TmeZ?(nf5#PpyqrLC1 zrcLFLRyr`JPV`)%cIY0|5&|e48e0$exQbZX zL%Mf?UvMzGwh2dAsRrpHU*_Y$)o8TStJEkLgi_}6;$ zO3l&FA0GZED^P{f?DCW6iNhS>>;sng;-jGy!FN3 zj>l-uM`mUQ`@1MT6>(SmnNt+Gx{NtXp>ejdBn#(c7Ntry-3k7~upoPXys~^Pwrt*j zA0|J@?39!LZ+f43i{qGDcpLQ&iVE%qr}wxP_oF;b9-Yh5+qvK)PC0T9-pp#|368?H zulOD>40Nxv=}x${7>}9rm*D~RS$y@~4>(_C*%U<&4XLviTDzCy((`p~24~6x(IKSqPu!RT9i3$cly6c%B#A~^VkAnq;M@x*nS&b<*B&INlA;V|<6c^Q z9y?+jnD@ZWT~(;uHy=NjwL*^`JI2M3!5ty!adv3OPk;F30r?HPF}vvwZEO zG2G0YB37_LS(2^|?wpoEky^^r_hqX8#Z^It`JfezPXEwE{94++;4Csm}8`jnK zt8obF@^HO2K4$L7WH_~t5i6Jdf=zMU!@pLBeE+uI144tOsADVele7;uZCZ~P2e)V8 z1(jAi`E4EHS{#k*iG^&>M)maztlyK*f_~v9=F)ayPJayQ+aIk;HnH~f?$HX0*k$-6 z!U^AP+JNb=^n<$KrZqub71vL>0S`gWb0`kg>ARP@vv=3^DCO={ZU9D5+}Rr}ZT-XB zqv5DEA~z}usU|bD30H90m@X2G{?>A0=ggMfpwx8BH3v1?mg?(8Pu20oQ7Wmh5PZhjbrDWdC zGEV$}*GG)R{o@|OjGgIdKWrSE4SzIZ6o!rX5b<4~!(eVC+j;y1wlp?%NIw>L;h}uE zbm<8DQ?qdY1CQgU*tAAx@CNQ7s}AUk$EP;I;rGX}YhV3(6H;sji8K z-|V)-u>0;uGif=p%j?gUwE2b1lbba(gD0mRuRZV(9(rp993OoaJv`hnXmk%`ou7w? zhmFAVKSm;`G7A+(ceLrQVGeN~`RXwId*6>fT`KTa|3_GP9{gl2vI@oZUM>6p3Cwv3A2$EEfzA4pHciKy)7Bzp^H*H{ z4`a@0IhuE9Q>V;m=}!v}^l0LUY;MqHu=j?Wtpqlz0G1y)=^;lzyrZ2u3UAKBC|s%X zL9YS*;gGP5$>ZZqDePQXsS3THp1{JN;lfA1ump|+K4p%8$b~QsOo%2S;c#%ML27gv za|EPM--0)v9EYdBzX)?^C$tK@xm?*8=IK7nwRmidV%czKgjkh-6M|}O!|KO6dm}h{l}VwpI_$U zKZ1q1Hp~G{n4=GR3=G1u7oNlu6FV#a|ocm{Ps)4-bp&wA7< z7FxP*KJr24#OS$h57+jq^+??OWnCM$>N^NQ)rXi2-&`KcoGG;py}8khux?LsWK-p& zfPafNaJ}*i9(aHo5FWniP=_B-nb8UljA+lC4~^m4lgb<@x7;tG9hxzhwjNCa(XNeU zLv2ox2t8VP!6v9Fx~k5wKJfBSr%~=^@g~SaeUSQzd)0P~?D7z+(`!GSVV~kPgq$+9 zeQ+#``*64Mb#Ys8b*4>d6!yYrN4Pc&X7Op&%`@;iy9Xb6YdxEt6MP$6^J{6-GJnH? zRzpPUcC25me`*xF4@bQ?6T73N^#*HN4c8aBd#6(Ah4y{&v2yzR_-fG!>|Q(t4?g}r zc0~K*z5(G7UD=4W8;+quQvdTza&c_kH}y3l__gnIOTQ2t+0(1+77ZHog0^BOsDMMav9$b8apynPj{7z!p-Fp4>Rbme)=>us+E^cIVH-J|Ve3WLC7G$AVV~+rTXZ9^~W?l^(TDsuk zyPq&y>b;(530Gq^nsn}MDW|ETE+4UN5CT0!tSmN$99GvVqbmmVXbNpb7EWJ?XLYer za}U38XOwU=|9a)-M(O(MT$U$=Q+e~#(qOXpfvbxHO7k*NQmL;yS64rY1YRw=Ghgz_ zk*5%qWl;{kt$QKdz8Y~CuOmzBi8kIfxSW(z7eCxX$p%CO%@SnVqMNed#!j^Rx-c&r z8u#W1u;t3ADP!j;e^Xf|Dr&fynO|VN>nL7MtfdSj_W-ep#dqg)bM}qvEPs+yyB?ez zxi*5i8i~pIuy=H>t7Ac#2Ek3kEZ^rxCPHuElpxnv+J(8WrDc+nSbMW9B){VHSd_vC zflWPFn;wgZV%M>}tYmFnZu-u>VSf{;mGQU(1)TjJrp&^NQ-? z%MBW6Dsyq-+;x;G9MHnimi1#tQ4YHYh@hq&5gMpQ;*C@$7Y9Xky*|Oq%hSW9-aTU5 zqzR|os_M0Iux%0RcVz3HWY{6xjkWo2^))94I}|6LK}@a@j*d?7^$&!dtsFVoxhyXE z(&uGI{g2XhwW)@KhaXEP{zfj8-c49vD9p3S(4SN8wA5Y@dy@4H7w-P`^z`J?SF?1f zK2A=~%!M!CPw06-a%&gL-HV)D>AQ8l?i80?5$7jG)y1Xy4-D}~erhZWvvtzq><1fR z_rV-Y8sJqIm->W{ivgYip>_Si!^;a<85zHsc3ZWi-u*{qv3_ne>{lckYUAF`Lm=kv zf9w00k4v@)&O~u_@@xTL^K~X0Dqn~8!R#55QD}=mzxvZ|_AIVVgJfmS&=m~+MRD=pS|eV1|0fkS+C_rwcIs4R9>>2C+FrHEFO2BK5HT8 zAC#VT7+r7HYnfvj-k6C_t7A$}Wg~-BmWDOYPRAMB;g~Y-5%`KMPEmMAHWY_E&(RVs zeV$^S7uAtAw$Kg8*M*$kkb@GsreV1$PwV=Sp&BY1$%N#|Uqk8h`I0PohbE1Mv2swk z^afT2qE7bQgPw=4uR*J+tDCiK_}`R2eP2#1(FUEqo(!p+RAzcDVl5B8E)>p}jW=0q zT}P4=wOzwHQd;!M4==06d9te4a)v-KvcU+Zhs)YkVI^#=;0@A)Y%wJG24DUP0#9l_37$%8K+FK<2%dIqp` zjRqD@=~~N=;_&^1mjw@BM(eozGlj1oh0&`ylko~(YWoR%XU)QEgPU=Rm&#-5mjtyp zef!SKwy|Y1(>CH{x z-a!wxzsipMUzxVRy@&2wvhue6)Af*zeG$VuIsfCHJpuxM2FsLL;J4vsg=J+5bboa! z-hQG}y&bIr_m;m>0Sn6gUk0t_$U-shi>Vmh$w^S|0{=Pgse)(DW@rgXdDAfhjk3wG z4*mW!Sf_h8q4em%PlsNwW6N)U7idN0cH!mR&>6^`q(SiUsqOwMncoS&)_?wrvi+J2 z8-wzuRW3UIY9}nWTSqECUnV;4^uD`WedyP)ejZRB^qZiz{3AXc*no{w@^sHyzd8{R z_^)tx?#$bSoXwD9huL%1Gsh0}?RRnfG0c1KXI!kb`9lvudbrSaH}=eD=_cy$^24;& zEbQNv+j&6KLz694PM(S#7fRS~YwlDDQhd1@h&j5J$vlhpIowT|-zGA9bEEx-{>?qT z2%o+*|E~21dewx?)0p?-$IR)>uPHT>t(~k0r@ozrVZ%nUy3Ha*nN0A@}c_DW-yXPQPfWUv0d#d2c*-S;;d1N0?Vvas!O8UGb6DN+GLRPsRQiTm0y<5)`*yz1B zj2|9aI;u51%vEe-O2c$`=s`!<)=SfB=0FFXrw6*NAq5Lx zpM_&7)weuc_;Rp3xHS2)S*O82^sMvzz3_%*q4M)H89pu@YKH=B|8O=|N2JwVdyA~N z>nKcZZv%-Va3eAi2^r-O$z?1LK8+2#Qkh4qhG|&K&N}|GOBJvciCJ4-y`0OwgC_?y z)-q~X7Hg>9bkI3gc1~H;)s0Jomw|N{VJ#b)6;l~dn#lT3iC)UeKl!a8x8A4va&8;LwOK(}ZyMlaUtNdKUR#75yIQxhweqpPmN3h; z$jVH^)p#!qe&z#KF5SUz@yOdtQA|DxsD2IF%v#n;g_1eeFzvO%z}?A*c2ny({&j+ZTk@qZI44>xF160l{>IaDg`QB#tE?R$^G&&$`cdC)3t z>oQuWDIg$V;hx%}@7}2s(j%@Sy4;i5qW2N$P?R2xs3T=)K4A>JbT<%x_A=r#Gf*yf zhnJHQ+Jb1DyPSaQ+ylhL-5DZ7HA>UtkeZf@QjG!*j&|HAg?pk)xd*gV0kxe9hT<4@ z4b{iw>A%hwZ;T`GmUi#=pgF=U*Yiavgh<(*q5gRiGOvLd$N zyDwLvJg6%?Jze2tFJX4>nPLzdkP~wpR}-?3TP|nm(5Er~WA7}$qdc}g{$JnhX5;Rz zxI2YnEu~7G`mMX%TW={9Dzvn?OL2FCOR%5;k`RLscbDDlX62ii%^NmpsNKSC^Ud#h z7P7PRo;h=7-Z?X`%(0c>>Fol!r55>x6=*EI%F3kaEU&ns-E^vpq_Gky$4<4_!OPK( z_$UcVFJEAJYiepxT2q9zlYT^+$saC}5eRn{qpTCrCr({JouL8g zThBr?Vi@{{x0;Q?(%$7zcUs9$N#)bl9B%Eh9D6Cb&%ayFq=~KhH3TB(MJQ|$C z15#Zk>p#)A1|t7bGHRu+aI+_?Z3%J8G9}bRR!wO>v~|_YHbq6nP&#{&)ghS>NX;ln zI@HpJ-tH=^<0qer>=fw5#Ie~C2ZVZZeiXtWQWA%zhElGCT~jqukDqSQ&(o!Of<}6y zQc;J5<@?}q`wMvbuHkUir{l!FQVhCtB>Wv~ke7Ijl}V5D@ld0xIG5>{oSKRJ`~tYR zx}iMHYL9BEJ6zNX$YoOY3Y5?`7H4mGh%0bl?IP^oR|HvjB>Y^Rppn+M^uY#$J=|Q? zto`U~)a6&sBK3#?BR_u@BO+qaD+1U*=K#Eh4?~o<24w|Vt@{s=RgioP=hO4i(5Qsc zu?lB4WyAl$yAWW>MQRE;uahof_uR$EaS4U5pD+BKq$s|e#M++PTJ9492Xd}d6z8!z zUcH=y4ANI<-*S~}Szj<(sLjZvlfKgE6of!aI`$kp0@qH%;CT95%qYDFUp^EArNq=C zo1VM${E}(QTFw=nQNzXqGVNz$4~O&ro&RaD8NtCH-&2B^34M^hVk)Mr+==rSEgU~Z301hf6vf>uvyH8FactU4v z|Mpuf*|e9*vFmahy1Gjsl1O1MI)@+bdj-qRT*ArCo3Lv8DVT`!9ufnbTKEIrp0Nt2 z&z!@a_zRH4c1Gn!Que7l6y+5|7S$6&!kk!;2I}lmkIu%_uNGkE@kA7fJrElkiqf4^ z@ap#~T4WdldZWKj2BwXF5ld1laBAH$R;HxW(CelT3^(HR(jW27`h&agPp1YrQT7q6nD!ku z9KOJGLGKvEx@*X=D}`E}gP$jSjM-<>kh*U*)@uD^Jz2 zU@3Mt`!0JUiaKUL1?&@cc!o#FK3pZo$v2!?*UIMoP z-4Lyo5f`n)!Kwejw6cB}+tUk@+)bGH<2qQ}d~oo!&yn4EIAS$L*tTXV4(!~Id7G{x zWI!*3d#YhFfjRi3&G9&#mkNDNDH02s;M02~#tn2r{{9u1JY_8opS^&LlZ^-TsBIIYuPyx zgJYQU`8Qa5;0)q+#v!fP7o$h`BL1t-@YUD*aUt(4Hf`L36Z&x6A61GM-uf1aiUAnc z-NX7?m%#-0urTCZxPr>!D~LOiik@R1#efJ$RA1hT*>hH6=fRUWmUt1);XP4)ZXG_G zy^85r>fHm~q61h^7CJU@IRD?db`9@;j9=AxoJh)r>ejc|HjA$g)gW=*LM+&jj*!kh z*$z}RI74Bv7NzQLcz(){czb+jK(B>Xi0na-WhdkCmAaNKT%YbKWACWacjYN`k7ydy zV$+E&crieNgi|M3aFU;Ar(?|IE!Z8m5g+!fWkEYSeLRr`f_QD#Y`k|{BzuRHUdpV^ z-ig^$w<7Sv?by9*2d2GwFM@S@FzcI3tz_(3y_f|ep{V;mhfN8~S()(%<54D2GhKxA z$6ZWFK9t0CSv+++n%ujfQ=|uy4(-LsJ%=#+hZQVv&X%|xnD_06c;VlVVRV;R7Nml1 zp=oO?y0h7u)p0mZoaUj-NX$R68gt(t4zV%|T9Xzsvk^6Q8Vq>pIlR=bH3}WSJ6qV+(agFN;%A84SL>oD;oC3 zp^mI9X{cN;|3T=}@7kW_bno#2LkFUJ{|NYGZNtTjbKah8I5^c=HmP5ueO{cAB}Uz z)i76xxWMY~%rQaSHGJq9i(zr-_dPr{Z94N%Za@MP6Zp+P}tPzw?45E$bO zk1FdP+ccg$-NMrhIih+-BEl(`1rZUT1CRg>>QLO&9|L+g5a*#|n|zqHb-$3&$+>~a zpusWvN4tF!sLD=x3ja z;_Mg}k8=sncx7=+0Yh3=b8Ckb>@(TZv}^a>fw_NW&-`5{c9WI<&b>g|~>N+O@? za{uTcHgF5ULWH0jGLsq(ft}IIA&Tv%O=Zv^Di%>Ck~Yl6^fiZ=4Sd2Kp_VtG=bM&>$>yfAmOSDOCE_TaTI={V}pzPZspYF2ohxs`M@G;_PCr zqj#_S@nC;9;=rh*F~d1>03L8j!v0+ckyu&@#~y>&mb4U=MvK!s*E9VJ8&t3ha3Ymz zegC(%+!LdppUI*V4l6!`Ip>MZwACoGm$sDIsoNbGH$V+Ttt0Lr6N+FLF`8Ur(9f+a zd}$z*=K3^L*CJmJh(fx-$Bvw`;;tCm*AaCM4P@eFl_l)2ZrgWahmFSg2r;y}UtY2n z%T-WYa#3*JodrT^+kfb})_ddxGC{7yr01W*_v?5po+WaPV+q{Yuqs6mA{ViA9zi?|K#QQXSjbvz^2F z|IAHw@CKPHJpJu)w(tOU?79kFy%zi9_Ms{w3K1eVbiVy*JpRfHaIHwi-VHyGiv^M}d7$^$r}63wx5Fp@Aa*B_L0Q`Rsc{m9ogn%$6M`EJ}Ps9wL!0P<&Q}-YwrVqP=?R&x23GU9JP8E zc=|T6;69g&n$UP99tZb_!N*t8GC69Y+QP1y&>%r{KW!n{3|-yPU^8^JMs>OOjn9ZK zpW&H7LCptR5rS(pNg95!4>%17BQ4Fxfm3Oy>-+>JO}q~S>g>>9P{XCG6I=D}Ia|T@ z&o^nW?N44)VeQI-?6%N7>M271QF^$-H@Fz`-~o7h(&w1;@dVr+Y0qv;(W?zgmq^5n z55&|@XCtf81Ko#O_v9D!JAU{W3Ow$|=bt};?h-#{leSR1iaokv^rI>yf3uKX&50Iy z!7F5JbD580P@s|p$)WnSw?#OcP$?WqJ4j&3I*-(RVz=V`*b(oA$Osp>iJGpR4{}Fz zA#J7T_8=xrnuO0^o`6^n8GF6c7WzP<2uWD>?}^a&9f>YooPW`OXq&lq9*JjPpNMg8 zX*jh1APa9yC#9nw8;9DhpJGK?BV=U4Ligbp0>!ulG_XJ~S1ZjZIlmDnFLp$qd=op|>9Ex0P_%L2Weo%Jk}vA7`! z_rEuut@>!00<=s4ny$9DK6z~Cs9>RGX+*J?-i^VYXK!b9?sflU9H9v%V9h7WPeU9)h(OU&9Vdf*dyWq=D7y?zfyj=lpw9>_t1 z#*_62XPI@ey8ssvlkT(pw8uKLHj>RH8zcAy4Dc2f*6$*71{2GwMMW zw%9+W8=F|Z^ZK_qRM!h{eR(emXFh=;gN9 z9j|_L2Rw~#tpCt96Z+31UvEe9q7N}_#8}KYr$O}4k!&?h`|QX^p2xFYn=tpCH?TOv z7k7-SV(0VA%d2tczh7g4UTE9j`{6M}zxgD3DaD|Hnk3qzc>mFHczogp#Ju=A`pAn} z%>S%%E!)nw?aG_l&|+r|!>rRew8;L~5US%Xcw^=+9RJ}3cD^k;V2{za_k*{ClD$R2 z;c&W5gN@h;_x&?o^|CUq)FvUxHxI7?;dL_QCMwVvC?!0jhgst z1AE9%c*m6v42}9mwvi4^x0OQ!JJ46@=#$YDyAHC@p>9+lWJ_JgS zrwHl73YI>F-_qtJo$gmp0{~UjS?$rbjRk#-#KF>FHgx}WTit8R3tQq7Nm=ZmP8>B3}KtbL5uh4y(t4r_N$ zQof=Ro8I{l`37?_baqaIL$r;EMDvMBCgzmsWxZxO zZS&DGY-Lk~Ei9?irRC6LgfyC;#`ZRmvfBrA4n5q3wdnq zL(6N)XSS9_e`{-3nr1D>S|34{z^};=f`iy13?!n2V~GMbvB?vZ@tk5+mJ2xZy+Mr}Z&yisgzL}{?sZ(r*MpSse+%b~ls1x=h=)|8Hd9EL#Y=w&i;1?eSZ>w)cB`@~IPNZ%>%*tPjxM zAI)E5<8W>wH{GMKOM3KXWHa<$o9*|T4ZXr3T;ikm@wE+FrV~x0v7+gBA^neFEBCjc zgCn&8ErZ^J?I_Ut7;bReQrl5G3l4|ck;N+ii=eWoOxh>@oBGhcMElW=M$ok_*Gq4Y zU$Y^VVK5lk%G}n;(_?;(#+vG1ToL4OI5(D?>fr5_W+bnlj&I*u*s^!FHhn$5zV9a_ zHvDh)lCG?*M0HI)E4%pcQvCG(a%7ntAkJNfXUE-%`##-<_?;_Q`W55v52{jMU(e+J zCJIvTx|8_+`Fk+pz9~4G+sO9k{wG84lhS?smwhl5vyK+9I^L+&D|MW-4XMMS`=YP; z*Na%VH|4)Blh%Rm^`5tHzO}zvvRHlAoz4G4vZ)*zeCEQUshB=z7iy(9CbAqYr%{%H z@1J}Rt54^(OfKmJNU1%|(sw7;{OY7rXg6v@Dx+;ZX}_fB>od3ChOc%cvDqWo6k*O!RxB>kWy`8?@rTTGj#?tD(XwwySZ{ZH5?rs*+&SJL4!+J z)2z;w4k+~gKmE>vYc#J)=>PNqBI|F~1)<*SzfL5Zjh%Zf-6wV_5~{hdGq*3k1+ms^d56$`QU zN)yy7DWo-ZOuoKe#{xZF)2nscayXou%T3>lo(7wt0ZQ8LMIV0u?eHnuk2PyoBX0jO zR6EBY#@7)A7xrP!&+Bpgav8jW!=Tg`;`r)4h)+6)%k^Fe^K}3XEkyNSQ!HUx-%@#p-Tnu2n>a*T!+krb7Ugt z1b3wtCwDH!>a7QnRd0cJa5!8HsV#M+Z52jzhKWoBWHJ_L=FF~TEdQxu8Nvg+ASLad zaQb3PkP_O4MYZ*aUo{uYPo_XCaztpXGb#=ypvqf;w3A1fF0{|MDnzW#5~+j*cDZso z5toV+nO&H@e8{9k4i4tMh z_Tgx*3Bh53aFXRCaot(ikGTUwLhX=quJt+PNgTW3$|2T%SF^RqI$i+Rp|Nmis>JEy zYJ|8u)13|=mRnGpmqN~A5rX@duGYd54|=@R0IPZp!1qJpL6o!^VaUv9 z8xrzSWweGqrA|&)auMr)oP;e0E+8*2kNsvYJ&zqf{EYZ46U-(1@bj*VNY78g>{s8! z>bT=b&egHiNNs5~+xD|8b1UY)@iWe*S?`t7^rp&2R3~o7&+n{4x>AL#eRD8n$~GjV z7NRWYGHUfE=*< zDt$SbAbdHgCI8Itzr?N+g=i{2hYy~99n)83vh+D0evXY9I*4RsVn$YlN=-e^&wLwC zO?VsoPi7)%#~Qrx?Ix6}Of3D)uV*2*!i>g>1lBGWa;ll`YfoNALAF))#LcH!ooBuG zFTB0*1WGf`;KbbT@czcCXYHDoD*-ACvHz!eICQ2C4F#z< zcxXEkE5TNK^p!+PS#Az$Yin`%%bD1gn2pAqc&vS68d7!kWU*PyWN$uk9<|Nezm*aF z*!Hu^JRIJ2lIgW=!B0#VT4#C{Ktk$Pp1GoxUB38u22K_mP(j_Rr^IMN$Dw)mO21(L}7+dV=*eNli5h56r<2y9-IZRcK0CiD^qW<07dO z4Ku4GlgiY!OR;ojBAG~&NyNh4Y=altf9jRiSOs*YP1|zkq-m}CiO^ra_-;Sbm+q{$ zWPd8Fld+_T+34i7PHwH**tURBPCGfm)3phK=clx+`0-W@i?Rj@N$A+P4_iSuEP8RAtMv=j63hwHvMt1yGtU9z4GwZmTi4Rdr81Ebm$t9N*7K2gW$7x+nl+34R(^E{K3#v99bb}p1;-B_ zM`>v#aRT8O_U1R3HS=pcetU0>obWy-J=7OY66@vK*at^r*wCIV{mBuXSsLA4Od~19 z=I`TSH~KBCSvnn4CccY)u4I+(9R<0j5%pCDWL?+_L*#Hg^sl=xWbDgW^v@w-8;l1xaOcIC{7sYQoF-;_dt4oOu+}=k0B= z;en0&P^1?z*|B#&&t&(lD@V4dJHD9lGd_D|7>sdoIHOauoyaJ9Z88g{a>rYf@zL`` z;9)+6sS6I^3YiEs)HkqTGiMX?SfCfW%buOu0nvdzY(k(fJ%>w~<*2aOv%UUpkvsIk zgjXMBd$+$Z`DqOFGa{EbWm(iXOkTVJlkSay`NUZyNo6hDms+4<{fF9R>f*(CJ?I4X zpG_yu=mNV<^3CFDn6!E|#;LX0sOr4bgOT(K z2K}G-7(XnYMcP+^q`fClPTDb~PbjmIxgZxQ#rZ700mXIbgRCv4KOTw7oNdS`v+g}X z_t2;3)aIn*R_E0DJx6h|={C$Hefr~n--Q7xSGGOwsHZ=|yU+K7w1IeN8|c=!(w^h- z#=V_za@T&gg)Jq(E(<5toPj*@6)YjLW-R%P1;yD_Ac3-ZGan9zbMv^V4&I_xvS2e7 z->T*m1z8x?uwXMvzZksr-M4rv`ZyjL{{Y*cng+m#?(qQbefVBH^q)zX{C+Fb)&lhy!|P^Yn-b8pMvj`_&Kd!@G~7tE+`=sp?L~ zJPTPp(|y3DbtTYQ6>6cqbo<647e z);-p#8BZNbWC5282>b;fBzaD>aJ#iUg$g1mv=A2Pjl)p@Sca!XRtSv&aLH% zB=*+-bycXYYP}Bw4Pgn7s>!>ZNe+d<*40XwmodUF&2@*RvXYQjon4|C{Npq86O=&Xn!&p9TJO9 zp4N#34WL7VDN)2~H<&B0J-JS=M$vOBD6n74IW_CWK5!xO{QRr|Vq|`y@S%Zj2oAA* zF(xXI?OW0I)i%2Kf54rOVWey;_G~+iI#~M|J#UOI*1jW_yCJ}r=wJ8ixA8a}&W+)w zI(P$Fg$BlYLY%xCOQvqX`LuYfUAGg`+ipWAT|MfX?BV5m3u2{ZY=3I+2uFx23!#&` zAtK0!446)AfTjq+X4t;rGDpPR5(*E~5v*Tu1c|54AgxRU_wY~_A~mI2h2Y>|_`6#N zTN)IFJ`hBMW6*ud%aSs2Dzh5Zrq-`92?0tdbk#y1v>H7|i&Hx{W6$0TNJ&mXQ)xL4 zXD36V@j$Sr0VO%s%at^E2Mw-q_CgW#Zh`Rh%t3+9h3OF>bAnP#?@L-8E1L{72W@fn zaz=Ok5p4cB9!UwSu`x~pC-43(p*oq~&Cpe!+S`)_zFD{SG|NwekoZRSfd}z{G(X)U zmC{h(Cg=^RI}KA>7{3okNL{w9x31y_g;%u-exmX8Vm8ceaz~fwkXAOdmEAzvi(+o9 zB&%5K-!#3H?nFi=F6y9u7!>7+#*!<@R&;`=LosP1YrD9*xDbO`9hh9AMOn@joOf2B zYmkxMzG$q{!o^p^0`8nRehL{!4zR#EwGL#0D06^Vn~#(;#VFG^vEVGVM1LB{rag@I zH7Kv&gIzl=;oR=oIGNcM1ET|2AR8LYW&6G)lKvyMoVo?w`*=1Vbq)FepJ(Uptgp?Q zdkAL|&Lg>?-Wr_dHYXfhwG`!IFLVob{zbIIG6S&}ne542f)UpLR(RB8<7(+O=SSPp zwx2jEui3h7P$IkXt2k^lBc@va2# zl)pHqG)^v1_()+qxEeFICFA(UpRvBUm__8<`@@?U^YJ0}0G@D(oko8w(OW0z#->0_ zc=kS2Z`p~2@(ZX@cp|*NBkNN~&nIKg<~1zX%%CuP795Df;oMwq>O*$Ddv%9va6g2q ztFdLlLag6@42G}?`0}&+;MS0apMUxh-!I>cI=ivB_m$xo*sT-14QKGv?4{VSX*&{X zJTSDUBdY5(h#J-h?otDLILT-xjxIP75%LPGm^BR>_Z>jFdv}Z(G7{a~>#=_74_LD! z4x2L67}DPxH92(%yLAWx9UUPtUB#(m>v6ow1;aZ#G1)=4MnjdK4r63z^bGYTgK8=& z8r%>)pf?7N4oC5hWmvdw6B5!2;5XuV409=B_1TmxN6&%Yi0N}1VtjQtwQmEqTv21x z9rxgtPy^Qf_#@Nf1S!93&tC9%6hki&qqrgu752X9HMlEWmHzOLks*HmR4mzk7LKDI z!Yj{=hI>;UE~hu^t+75dM)x|ka}GzhfF`V*{2kWqJqMS2Ucplj_JyjV2sycRh`MbA zf;2VAI-Ltk_s)n7_akd9BV@!@=hr2m+*p8pNB1Eys{;3Z`Z;d#1ukb4z~mK*uF-x7 zj0`~#ahB_ToPuRr;#eE>@8ipCXe-;X(*VRqxS+8i8~SQTX2Ztwm*E!H2kM&jcml4!!Afnu5Xc9Y;6}COf;+JC1j$%jxV$l7T ze&`?Gg~+*r#S0hX*i{ic$oC-whoM`z2Wl^_#;OCC5Y%N5RHX&5AJ`RLLmZ*aO+$@= zILjfuSYLt6g7Pa#NZV0`EBVK;erF;gUi&xh9uSW3AYW3?4E!*C9^w;=(eL#S@KCHf z%1f^j2dhM%+aghM_6lS@J7aL4-st98$=Z|lwNh0K1`mjWOOpa?0;1rk ztAS^4jc=-QK>_ zwt266JgKWxE@Qvb%{=H++w?&wOOw8pZ2B6M?f&dSI@@})c`s~XuWy#OO?_xS`sxys zOUks(({_(=q27k(IPa}=CfJrs|NgalQ)nKFP*0kly<1P}PwPW(YY6*;A6MOu_kVgA zp42va9s8Ziqn(0I@aX%?zp!DOHfSqb(36&Lo1a4KF6`pIDx3PyHgF^cXwV|LF z)r0m|YA?aIGCJ8LiMD0Z{DNHtJ?VSxS2oUPm;WEx{3(X3jnL`M?b_W|PoZsW>)AFh zeJ!o<U27o9HDjxbZC?;{6KE@!#-^vo(tNbP(kJb$HX}WP*0mWy z-?n=w2=Zw$9VSD~Jp92E)H$fjkZ+a{{hEDd$B7pwhLbH4hhja63 z9!hQ=biks62OS`Uk1$ZsL91<=ZC*N1uz}3xcUx@pws$;r1~gsxojNZ%DAIwct!#Rn zFfiGs(^~?9Ji#foS09>>$`#6NrJId2qfi|LCquE#OVe%3wLMOtz5MiJo1dn)9cbyL zcmct=QibX(}{7D`hi$xHGJw5q3#p7cA#R(4BX@;i<4cHsLL@XEJ);63Ig^zmwF z<=iPWA3dJxLiHEQX{(#94$LmLeUG#U`<=)V>MGad>lpio7&bk&-H9e%cW_; z?*eVxoIx>u;ifDBOGh!+7%6XqcLx z6S*Ej8NVji_V?@MquAyX5YlYZub0ObA+2qCTiW~GHtqMy;cz%NmYeF}>BCm^avt3= ztnGWT?6NFLx82$6_dqW_wms(0%Ce--Da# z;KgDQv{gCCNJ~epfyR@zIv(bbMYYJfdCxWrALE%~dQFqKIsNc!3u)YMqFGUjkNoWBD%)xoP><;dCc9Ui^+C9FPK#yw(!=inqEwA#>bg3~NhZbzYg_KIRiv1(7 z;|;|~Uc3hTQghf&dA2Lye+m+NGYXDw!M78pvK{!SJ?RR!GHo+UJJoPwf}Y$g=!(6* zvmO5a=~rGj91iEN;HElwQ9~mdWkK-Kl_TNQNhH-unA4Hz zvT$Vo0bC&~D~|^215FCGrX?VTZ4eJ3kOd8l(Snl*8U+nPV-JPc2%UNW-dXrH?(OHo zo&=^({0o6WS_K!e3D!ZK0xg5C#u{W1c;v^g*p6{xgYFlBQfv`q&|o0648ggy4Y)y{ zEEWQg2*EuBdA31L*zcsCR((m`n_pYJ7Hp(B2uZU&+SW@*Q;D6RcKr2A*6f{QlO%1_ zt!LV{?Vf4dwr$&}X;0gjwr#tsZQHgnZB5&!p7;EQ^X0_*sUj-w$jHdb+*$YDYhBCj z@ldM*JRL&W$Np&k9!noqZRGrPwz&qQ!a35x{@=!#ovorU7XPxR-nr3_KsrwXuZJL^ z9n@N;apwK4v9$NSAI$@~+jLze=wr02N@?HfucuxCTm%Y|M1` z-G@d4BM%)SC4)-gHZ1)jrXnx_SDVOt6(V%G_23V9?%}eErZWW(TuvtNB{RAKX4Y)4 z5FPOWhLMek4Y${|$0j2gV5?7Ofl8Vx)UPxNWkk1vj-pN>IKB*?7g?VbO_OvaJRAfR z_&$kQkU!d5Eg`qROlYRD)eCofDb=3C$d@If77-WHF61*g@;S^X$Odt>TAY5Ki8=`X z(ALMVAsSNTO+dlL3ay8qxLqC*G(KNWoOQv6F*L<%Rxtdt^!B)Kl1zw)9&;cv{@wdy zz|JI=!XlQ5llKSS0<-hJWLlFQxXL&mDk}+E&0oIBk3Ct96}bXG(Kdb_K^ORU;dK={ zVfj6Aip#N3t(?eoR?B@OAigJ5SzO(x?I9PUk&}7T$j!$q#YuJ$>VB0!#)FhVD=Ibm zKG5m~iq5c`fa>Y<1Y;k8R~eNgSqY)+Gi(2(O%Q9$N$E&~GpgZNTq-OW0i>^lG)(-?^SxE~Cr2AK@BC0Hr92&5en0itB z2-j4)9RYrT?T%D9WA5;9GVBkGRFjWbVq;BzNT1Ui=IdVJqBLDT`Y$P#PO-sb#N5go)f353oV)8a;eygy~dgp zmM{i~Z)LXsv`7))7!Q~KN{=eU{u7^`5z}fq6t`v_*KA8QZ3gO%{)SHR^NTs1o9c=> zRnABZA8PQEXy<}zahoUe9aBu>>Otx9d@$+w=F58xGs!~O?86R@Egvwcu#~O~eAA;+ znE4I=%S()|mW}p1HNGo-$EPxz*-=JfBK0WhWY$ha;)Rw{+{ZykA75NCHcTUAG+DdWF>t(jE`81&v>Qz!zVtgYF|-)`u< z1@0j9Og;M*z0h{1)&kH#+gpX)*j6*hg_$mIN(-WLv$v#3ag#Fows6CH%tIe-T#@>PhN~5dKqkHOkC4iqNwXF~v zj(16_xbAa+`IC{Y8!qST0^{7Q`#7I-gnn4&kKfap)0&)I&!`&5S~5&LyqEPqKMamG>8a^^Rq75{zR8UD7f3azu< z40ii{1<=~6w-HsuZ*_xREe_onx?JBf$7sbrxH0VK`o``0CUL=!{2UhIxWc>XE)ndtNBeW zWm$1`!Ji^YXMqvCX;nmXk=CFH+!?)MxZwGTZ zszc-U)!cJf-PZ%6dE8n@zwWJJRXx4uiMbE6ZzrpQ<5mzj{!>BK7uRzo-Y5j+IdWGM zNLt19Md45pRGR8(4_=8tj2$y*strTL0_C>v)ZCB(h}b4k6yIBxUj_UFqoF+l#Dw?V zge_^kEp?=EIufM}6PopjTLBQ&bP2yDPl0)|sg|IlLfaVerY@aU{kEEoroz?MM~Vp+ z^TMb+o*sxHY2}G6Hrq)~MVc-FVlAO?Jo3q0-&b~Wp!rwnE=Mg~xISar$l>led z-uE9oRha_FBTbm}_566vMl8~~A5$%>C0*#I?Oc7#?eIJs`h6+M&~v6*oUQFPD4VQ- zr?+>hnLzt#&t<(J95ytu`z6<Jn4nFO@LksX9 z?Z1uQ*2&A9E&_239cwBA(J9oFDVUunfz4puTOcai%Bo-+N8wnLOS z!07_R*B-n-tcI}QqQUV~%FQvZ2varfp=zdQz5qo7)HZlwWB9-t%hww83IO_WGTISY) z#P=;fA>u(E(1h`jTji;;OjW$VFp7B5301C02C9KDkT*<-a-3q?3R%Y00EgY1PvYS& zAY!$6j3PAAkL#V!KT#4%^o$7JwFWMS9NKj9rW>Z&wzuz@{6~dL|G>3C7-_dt+9cen zw5>7BRY1Oe`+z=W;4mvx7tdIn#}xt#E2}c1=KUEVf@V1~*{geKsT6dg7NWNG6cyhxp= zi+z7d49}@gqmU~r?odMnl?y;qu)l65-c z%quz$yi~!tcpeJ#xk)mP+SsHK^~IwCX07sJZ^cT(iB9CG&26Cqs@vHIL-2Fxwx$^sw(Lt)uE;&W36X1SG^u&xb<&! z7U&TN(`7D=7||0k4Zvw*iE16|9Hc}h8d8Kw{@K__;}$8n+@T3$S4+W4n&18XIrV!r z_kNEK*eRY%`(`lWLyWPPd349Ls`#CGsaV@Bak_$7yhsiGH`>YBc|K=GwRt=&x=(Ag z@c8W6q!}1xnDEN%ID;A#uYs`x&@hr8rYegnVv07{B5m}x@v48otlDlAt;%iD3S``M z2C}V1`T4vPL!fClXErMlQkvCEyakg4t;csKNIWs4tp8cA6t^@*pO|rDw5vg$`hw4v z?y{QAJsTHIb9v*t*YAW;d~&j%i@w6LY|=e%+H?)dLI3XCjt zW$S>Iy>rgOIHl9}^p&zAk-f*SJ>QH;N%iLD90RxrbH7%QK6``#QQDf7N`=*7lgt?U zWPGDE^LXDcav`=dI4QZIb<#_lkiN*Fr5;8ZYr@9Y?ie>{b87Z0C*b1rwF2T!Y5+FHRuO!5(hcyMw#qMJMKr@)_J!QZZQB+>fdQV)TOV=?t& z%Y-PWY2xM|I);aUPlwILunQ<80tjem!s%c`JSK=-t%k89476A-x`RUTC-@RUlFjxJtzwo zseE5*|0J1*B(|;<(kjOvn0-{`gH2dT?xPIl9$mHdDZHUsN&a!_M8AlK$zY*DqFU=; zyS^?NOg`z-!jlNAGw+VhYHLjKv7sz6ZuhBgbx@Q*mBgN=tf~=)X?YfxpG>-}|EKt2mctuW3*}|jw&ZZ_E zy~+ABhN6~`$M4lOsLn|02X^_eH3~8w3H1v#%PfQ;Y?@9;>KaSC$AeT^047~z&8EOLhmRMitkK1KMV)E{1sj$*(%(}>_KWhk ztDO#**2JhFeO687^$z4Zrwjw(a50OQi958ESc=AL{V^NC#aPw+tixA{W+KB-?%-z? zn1_UIT*EQMAIzMhtuci7ftN6VX=2dF}eoUu{1ND7RaLg0~FfC2C>oUg&kL4QTVCeu~u>EiZa^Prr=kE6ObqLd^4 zOIew6Bc$mo(P5{3n;HLPPm_zp5_ctQUTGimHVsp4AGaH&ADFbKs%l*n8&4wnw4=;i z-3)(i3K>RO&DDxfFULyKTrycsVX2xxW#u1bE9BO+JwfsqGMCrt)(jRiC2vp{t}fTt zopY;L!PDAqNER!RpTS=Dm;*XxjoJ^UM<#P+ZulRC$pG061B>qAmRBmoXcki|(iJY( z#0s11I`KIc^OW>=R3z*PLDI(jX}hH$ky;A9pNq^sR!k(iJ`lkIb*_%gZbfInQ#tyS zEL$^VN;n=kYZv#SgVZUhsmc*pmY-S9tx*qNJ_@Mt!(w-TQ`430)avWYE}O3z`^b4S zl+x*vh zB-VEEHP1TlZ0BQm^=OB(3!;xyHJiFN^G{cS3`&rdRUesjC_m_XIQ=*?;o?$h15^yd z>2v-1hrf}QVSWI({M^@ZH5>@oWHy?+u$2W)5FZ)d_PNoS2d8*&7U)evVgX>vrQ}6x z209o3=4Ih(svz>0=uZbp4F{LqLWP2ysy~g!^VqJr>%PlUS~72 zxJWll%if!JYBfvjJvRzEP}*jp|;50s(4Nu_Dx7Gy~KHeUre6c+&c zja`(I#FxB|faq}XT4!O@pps!=5!k5L)*o&;7NZY-sE>g(25{=ZG7F(Tr{aLX? z5p}sb6o2U1ei6f9yR|KVt10wU4*f5|&w);KM3jw<{L~hVj#&L6Ti!-3z*smyk$nR8bNh|>j@w2GS=O_}PVOo~>u5x-F}8IaR^+BlBY zrbBIu*LDB3`6`nVn}SJENnU9I{}+3yuyZ-QanQ+*k%V?A36E{HGM#?a9+{asGWb^rX-Z@Qf$3CK{W_`U>$s?b0if`tmy z1DgJdE%CH?TM^FyB!yQAf}bn}k+FDdZA)ps1*qEr4mV6GroIK=&E}#awaLWXQb{kx zh#J(xhoj^>;Ohd4{91YfPZzcfzf-z;VAIn%t|jBit(J@0g~NM;%zi2MVBVWdtGW=_ z^F8%}LIh$k{w$Z4gaPB1D&P zrN2nNCI;{2AxIjE&@6bN*_LhNRcm{z`yK(Bf0Xn$!WY({7F#Qs1bT_4Sy+q6Sm*EV zxe}@dS99>}zH%TTqQf=)QPINQa zdo=)Vz6oijy?Qz3tS+2r0#w#BCW}mI!4o@!0$4M~KeVAQuZXpt8^tl5s9lumd^OmBgPrf$ApbL`T-Q99w(iMBjJ8xDHt7?W`sYbaM4;7N%yDmJ0M z3-)Ai(2N4Ts1>bfR8RLFkcxLJs>l9slV4lMP8G64Os|3ks9s=CXvj}GoJVR<6_bga zdcXz@mQjyIv^?LdqyTq|g9s`dYz?Y%GbFqUm=jpmg=+kicZCFHXAzYTGIOYNFn7Rs z@ZhCapO{;{%0V>Q$0+xotpM`T&KGLBoKk(8kt$UmJZfU0_zCfp^{fX!A&iXF5N%CG zeb@!IN(Wl66i%wuIEf+M#xjqa~J?1p zE}TaHNVEbt1~=8tWAb(F3)h;>VhUC#wghF3RXHk=T5T%vp`AyQni>w<7W%|>{sQIn zX+*-JTbitonErYV8`DZpK(_vbwNsFhsJ)#z=yu4d!^y})i!dIOALw5SGsbyl`A-x| zdEFIR=;m&+w}MW>-9w1aNh~h>iAtB=iuOHLaroleP(*E=56ddt!O;7)A9B&v7wn7Z zGQ_7=UbLPR>uJjin~YAf&d8Fg<5gI5D_LE#Zoez!!gbU!_Yz^Em{y8?TuIXh>27Bo z@@04AcJ`a08AWL?0UuJ!tNTbCwc((uXtvQcH;TK!C(cznCEP3hM%_~Zk~z1gk_RZU zFJ3~FueBLwWcf-o>ofKNdV!DRn;yK&fr7%abHN)oJTv^D`cbl5sXb9j)ufke@ zKUb!A>i2qr-dhlci-TmXNr_W`6SBOgqIGSM0`tjF(XY8a6(LY43_nFhxd@RYk8W-1 zfOq~A=<8zCMcwbet;}F2@=GA7>UqpajQXd}k2D8RkTCmlK$Q^%&aRn=U8}0BPr`WB zcQq@YdowbpvjmtzsJ6VymMou(WD8JC(H!GAZ2Xmu9!aHj1$?#PwG<`ooe8D3yk|OT zO-=8u9ys2V${~hE-gY_GK}R_X`q?OfSH8w%ma10bpDHW;y(2R7`Yyhui+L93Z!S*a z8i{JiJg_MDN*QPIn!CLOCXDs%-c5|$p(k`Fev;IZ8j@$N)`VWcUX802KMZ3tqM-gF zkdM-2^8^bKYg*tt3PNHC(A>|SXm9AX+Jx;fo2X%F0%7}pu$(#-DS9=5gJc(?6UB)F zJjSdU;y)_N2Y4kB!%q%lOTETdKYToQvYLNUCuZn(mn1^ljOcFG3=z}~b#ZTgU-G*b zlC-dWb(e2)Wr<6j56*R3vXk93=$p#CLlF~qap^zTzgSr%8WMIj_1~stpK)zZ?qJm zaAEa@GG2&2!d-eEr@s_jI5=0DoTlBA_fUe4@0nTDf_>U?2zZ48^AQ*x5ln#O`**ek z`+bl~9GCqj{4ADN!bKu>&auv4JOt8{Z9H(6(}Qa`D%uzw9d7F`Za6#-B=4WaXLc7D z4P=?Sj3JIgC)RBA3f+5DON8DrWzn*f?|?iOVkZSHF@> zk^{NpMNC1eM#Q)mtD9TXfV71|RKd$i3tEEq{$k{v+3$%pzQj~W2|Qq)xfwiI?SKAZ zazv8P_Nmx1vyKQ6hSPhp80R^ij5Dr^_SN7JjIshXp~}HAvmirw#3Pr3Y1#=5@d-vN zqIu}gP)?IWnx6pTgP{T{@CzX(4t6HyG^0XZ$D=>o3^^V=7z8@a_-k5)#~+hRXCnf- zN`6!GSS;9qsqE(wX%h(!O1ndV;9dDL*IM`(jcb~5UCe1-w@^vgdsF>vj{rkqF~4qY!> z-HwH8RV&2v7yI8V8xg5oC2#)q04_7~K^fczcc1JBzPuylli(DE=f62ifoTc)V+DE) zs6aPRo2l`SCn`AtII-qiX-%B8|8)~b2?vlrXYS(1Pn-SS4N*1i z@C-N}igaZiE$E2hf!83!dxK~H5rKXXw8~EJKcp0WhnS4IXLwCXeu^*l5@|I<49p+!%=BV z;GX-vAyZc%MF9zKl}t>v4C!1~X8(s*G> ziIEdtw`&19u`KaaS?b2fvw?242JMLexXtt1vdL?JN|jV< zeHeE6Hll!U8q<6~1IQ@5y-_WhGZb-3RpjHN7i=)+5U##DX^@ehNTVw^B=H!`-F37_ z>Cgp4bJa;YF=C%KtO^)jAVLjLVc|xPkBI8SLn&R;a4j+92|B-BgQ1RUOgeaxH#ZZv zwQxH-w)Uxu7ceEUtr&1WKVMsT1Z(z@H}tEXlT(=TV-w9TYp;a2h?>jWmEvhY?h<3X zF>(}*%s#0mtsb`_e}(eD!QlPCU>je9AYUB8HN8Aft7()kCpyr>W8$qz7#$s!g~m(! z3>qCw5U_T4`Ql-wfaKfxW26cid^I>lAg|>T*6SXIseXg^-VNQ} zR92td3(!O_(o4=`98Ks04-XIG?bPmNr+!Ae#7Z(1WL8k3pj`?!hZmcfC>dCMn3NfR z55zmGzLW?;Qzr049yT2~XMQ+39$N(nT2MapmZ1ji+LQgx1c!?lB5i#e0u)_*z#%6v zA7;C6_htFuD$$}Ho37>1xSXj*M)C^wPcVM?N4sk1KeVsgdZMen;!#}c1*aN*B2b@a&9P6S zs(f%yzCF>o6;D1sl7jjcyMMc(1-a4x+o6F`H4?v~@(xZArp9^1coNaRqARZ`_@P z{1ahnR8R?w#cIE?2X30x#r@*RsN$3Tcb@0+E4T-Iwk464C?dblaI~T$ss=+mJQ^@^ znGXliDl<2s9u-tdyNiDrf@6t_fd>C*NEa|994+uk^SCACU69$p&+`^(L={xfQAprs zj`oP6`Snc_f{QahzKT20o2|9Bg?uyo4nXNtzD=rvTi_iP{x2oSKu-O~;0bnBaO^w` z?ytc{0cHj>%97@iHy#<3E9$V&$+5B;qG`C`HX78w48|-NgSblifm?_x;}-=M$fk4d zkFFNXviR8c(0-D*Cg4L>ERnk=)P3Yzi{Wm`LZsmD{23??jHVCpwQ)ekFT1HycHhCu|@2j)7h67>WG^`wvx+~Sbk9V zZ-no|k=ta_;ow<}fbGvl!jS>fPleAFAC%$*=0+xhxAPwX2@|^()WbOS2oI_YZse7c zCbSi-P3mfSa0W4O9vy6Co3gN8Qt9@EohPEEW(ku2Bz{+-Vv4OBSoZF{OGKT@y&?i@ z(`#0xUnGD8#%AJ*vDo)WH%jCh4CWs{SHt8aMv>Jt^T2n37?YHij#Pxt zK?bNc0{yKi7_xt0OQ2M8Wgv$dHw`nBUi3&{geh6&-%nRCsm+;;+^N1TwUBJM^P?uXvcyU z^kFCE9UXu8w!xvdQoJ-`IcEbpkhqDq36j4@dWH&0xu1I#yNgG%FCxo7#=#f{_Rh40 zFRB~p@%PpXMPV2rK8Tm+AyTNdf!56B)QCBMOllgIQxM__F*LV>I30BiWu1~hS-)Rv zV{~&9Wv&MwSjoxrbPkce&BGD(`!9(0f<)re7jpz6?guT>i5t}torpv^lDN9NyN6}E zYqG$q42Znuh+oBwe&;7mUKAl%#D5ZWC3ZN+geXET+hgqGa$5I6+-N*YDsR zAftLbWy2VF8x}zVFB0~-IoUEr!6$-6cC6g~&d_&*@Fc8d#bq{6mZX-EAAS`PcGZa( zKOF;efe}1gMp8Cdz0(BxbG5R0Z^X*Lz%UrVZm8mjL?vyScDkg< z?KqdFF8Cp~4PVa#UuQy_A71tP{>bZv^Mzunr)J40sq0@)i+6`hMwp2 z)871xv$3?2{_v1dfk+1q&?C2LyYYkXK~j~P3q30`}aLgT@Vf8J*D&fW9#wj z(f6&ek$U3s`ut;?Xyq-t!4|(SOav!2_cTFIF-~6De__?h zH~4ryK8=3TqMp&b@8r~6t_`G|e|+kWz&2|Bbrg<8t!p~C{&~If+|>?q^rhVO1@{@% z^{ET7@wwLBy9fCE{qDL_@g>p7DKz&zx#VlRZ^G@HgCkS3Jo@3M!I~eXNP7R*<>{-g zr~dWRj&APb_&faxbHC*7Q_7R=yMg|CiVy3HVG`}?2#rkdH?S!9+J&IXOQ$RY~lMJQqF&?vyfoiZ~j}o z=OWY^1R5NJba~+Y|9hxC!2e#W|GgRhzkP5(odHJ{yv(ot|9;~z=fZgJ=eaO+gJf(R93tgvBKb87P2G)m+qYR$g={`ZcTRVYHxKqwr~giCpe=qA0PRTn8$$+C`)7Vk#!J>l1vdG(2QOoewmw(;jjzuN0mY-) zSB^863qP9tefLE2>$BzA`Y*?FuCKgbA64nGcl33s{maz5ACyk$ z@F&gR9(LSHg(DVScynL=gTY(|RWA2OMbFH&tDKIJhA+R>IPtETYo6FLgydVAeStTu zh84<>y*tGcVBYgSUgv_>H`-j^li!;3%3loJY{=DK+ubi!JwP`*Q+WHJl!vgL^KT*V z_k1fQwIjTaenE-F%f642`6Fi6>5-*>bDP#>iba-}$2<0_D&wN>@*^x^59iHL3+4#W`kE##G7tm$)c3~tX&%@k&Jrg!cHa0dI5~tmm z;+GdmJIDx+-D~>Ci#*HJRg&-@esrk>hrUWkjY>-$EV8yC$+$(yQCT{jgq19y$MRs< zt}P2o{?O%0`HQOHx%cD;wiF_9lCWa*wdR76scxs_q@=b#`Ux(jKr3dNjFqELy?gmn zu`sjZJ5=Hkc5@u<;gnmQZ|P&hr^3bjCQuqhv8pSb99Mc{%=pem@CPzl^?&56;#vLBZZ? zgK@o(^pa)#PexDpnNmV}?0N!?Mu|wZ^;|7Kud-DeU9@+pE6R@vYoV1K#{CiVOs0o2!yQXAQf;c5M*jIkTMSBUNRzs$i>HlztZGh*{y zvG@LkUTgc6xx1K{t8SGs+&ixO*_}(?QPaP~AJwXq?-4jdcYi$6-#?IijCfZY+>@`y zok_W(&X?=u`$;`$a{*`&3p;)bQKSmbdmx;n!6_v-LjM{QpZ!zwU`wMbe@0%fRtGHE zqzlu(dp28|vjN|5E&z_rtGIjC%(XXoGU>C?w}Y&MXk%f-K3u3px%yohAz4`j%dn@V zUQbt6Ha0fX7UE(W$kEZ!N(tza!Wy%UUU>JO=dt#v(xW7*VW1#`vd62??GKUsMz%gV z1sv*V)CgWpqk$T7E|;IgNXGhm(!)H(gTawrRj1~zG-^p^eTRpTlDPD`2%@e~EJ(O0 zn=^!(HHTz&Qi9KCPN+S5aPL=bg!%u-2JQ7ieQrzRwT}I3zE79YOb;bb+7(&k_Qq60 zlRQO)Fu%d1*oTYi6eDftbk}K)=Pz0sO|&mvtg^fTT-<7hr=P*3^!24)4#ga6mUqxB zY{BOr3H+5Egd&#lw|JljCI(QGe{KLTcQMU4J@egXe8Ul!NyzyT|BE!?Esyu}Wo#G< zfyX9&h=Pz&`SmhM^q-R{GEvZ*LR+ibgLEH#y0Cxx`*#BarL@ZUPDgs%(ncEa&Y*!k zs-L}o)n(H^taLz4-I};&t~Ds0mKC7d%kS2HjLsHJb3^!yxCH9z%gExVF0PX^4MJl|d&S%T3oQ*IFxO-tqwRoU zAlhcKz58|b=X=e#P1a@;!Ny~*NZT@Mz~@z5czB{!bBBmQ!1K^8%0oM(kLgxkTv~ji zJ@P-Zy{gG^(>tKk1hbg|ec-Sl#`d_%pyNyWnC$dC3iMTY66?<&ol^EW$W4YnE{aXu zuCnyKP}=K!aojDjAwq`8ipUV9VVlBRTLe4lU+5nhYBdYTykUo4K(VzC!6KXf^HnYc zv`hUesv(}$1PVmcRaoE(h*M%HskMoZFAhE}Rit?_at-Cs5peUbZO*AAB#cz_A66?c2k&Q$ixtH$!*WObG3lxG30gCOrX<@I7SLa!9O@$roVQg=BtFQ)s?7T zJ)hq*8SqHUWhG^b3B6rLZiYu}cllcx+dX*)%wF%Fm>sz|kUnije>~g97H${9zlN-m zT8}W8ajcW8SO&0lvVvVE)a{0}0X%nqwPIBbAq&!vv;|VB#qWGLo`zHu=k6XkA{DCO z1`vJk?f#u>Iwp;NVWR@{l|<8f?-(fb#1=>cX5K^6!$s%dFs`ZC1{XSNw9B zaag1YBB|{1PlR4jf}niozldw*B>JsGe&5%{+*--#txuq3SP%QVX_AT zFHsI5=L;myu0`YlS&c`ez4)F@FjOq%M`kwg<}MYetNiu|C*>>5+UJ@lZ}DR~JpTaV zsxJOA{uIe>1^bDumT-fmqynb8)zVkj^NkqR1tscpZB(WOcC=y)$mn!qt zfr#Vs#w3MSau6vR4WQkM=FViOZ`bK8L?Ob3aNkEM+h*Ah7bij5SniW`rAO+vm0|_~ z?|ErxY2#PQBzgq&$BHaTQ-%yJj+HHjbb1DcS zTu`~nbjeCV^D0{JhPQm2IJU*)rI*DG%ev2^WT>dIaOQCGmwISSTd?W=E%CPw*T|zp z_&P+xV&K`ln4Ml7*w~Odm-88m+yK$AsAv%B6n|(syvDv$7u+9o?6@nU2$(5uxvv|1 zyLO6zk_!aijCR-(2l8Fr210m2uFzhfFjuD;>SL}#(3)LvPy_F{lwX%xNyuWDTqxfi z)4>{YUB@iKQyI?l+R^U(8km`7)(~j+a|4q~Zj1@Eb^gLV^B`h1)EayR?%(Tqe=Y56 z97uod8A!d{>UX{jI7lVQbM@F_yCp%G-mfwMQd3N4T4+hm*dUmh`vCFD#w+cSKN8(W zg0XqYZI`LIkh(FA9Tso>KuJqW6xkxuA-F9)d}u#+zMviDx52v9g7334>z?RNkImIb z`P<=TThz$*a|C87?E5F5kjVGjd|PjBdv4}lCuVKof0@s4luSIM&Y_^|0*GhYlpFn~ zZlU@ZF30A9#u_YxAA-Xf#S6@)+qwXr9<*cDGH~v&8%Yb(iJ67l@sDg2qqu%;i{Lqn zjLHC{CgXu$Gta18uHNtoii`cqIupLm|B!|9ItUOS5QXMo%`iCP5+%VyB$4^;!9Ti;*qXoM zW_M7fli{zr$gv_u;NlV!{-|1O-{AlI_Flw3#r>^e9GOL&`|+a{{3YN37~D9}e=XRj zrFaf5_8%#s;RB( z>*kIzt~jK-;gm{Cq}TP0)zbG5Z+{Vr`m(5w2N6E!+0A!TfbO(dbWh zVgIY&i@Khitys@7mFcu4BYFQ7-9DDXQ2E_bS#`Cz@3{0J@nm3O7<_@FADEz=SBf0f z5fhFd_o3{dL^xvK&CQK}VK+o%se_~rsg_@trxW!VAGDE`D!NxUUY!(jIy3xJK|mQAx?7XbtCSTCzs~cFaDkxMA%$?J6J7jvN8&JUYKlf!$w8kT8k=+4XO^<4mHVK4 z--_rsl`~;xNhmA!z)#=2Ri8#ua7p57;a<#*ZH@Li@{*2Kg~``nWgJ!&Hx65KlycH+`U9p->p20m{*W?5w=YIHH^13kZ@C{(U7T$PqSsJoHC z>=m-9l-IWOZDc2ilpmagDn^Bf7a_EAB;r6;LavJVg3PO53xMl2_QxGX+qy{{%)E-p-B}wLzvUPSYO)9NwF5tgfwHIL7^~U5Y?$ z;cLnzpx3bkw&f4#sG)l6rvjVLM4YF7Y_8nXUY9HP4W&&U8#)8ub6P%-`~?(-BhvM5 zJeQ#(ZvlDICVH9rn~ac0R53W*S<5f_bS?QoljgVvSUB5Lnl2C8VQhsZ)F2n6W;fMf z{8puh+ZtH=EmSMP4)QZt+8HGpu3x`x-EvX++>%NRbLG|a^~RLfviDB;Vq|X8`3|Fc zJrat$M!TY&uv#Hp_4sfNcRxG6-`lyD5%6jE+){i<{M`$c+Oa*ZE~^1c{v5cSOC{cO zxFqA?*72x;Xy<`_>)N)fZpe^>3mj`Tnzt~XDq?RfgYQf83M*`BiTO}?Lq5`}t`WYJ zN8Jdkzb#@jM2Hv-Iu)B+Z>zrzcCr|eUL1tTlWc`fDieqLHGQ1o(4T=!Je()&zI&7# zLvB4Z^FtC6Kk;3}d+o!+T*@U9VcmkfojtW6#`4;E16g+LEptS^hhitZexY z@tSiX1l+@Kzfy4Ilg%K7pnmf7E}m8eNg3OtBOrRR7@g%&g5$b!!7)1hCoa8fw@(c3JvMz?G4McuF$+14gV>7uo{OwRsUX(VSR?rE-oWvNs5se^B7V zRG*X`clZAgc8-meHBprA*tXTNZQDl2wr$(#*ttO`>DabAwr$&*`;NZMhxrF}&plPA z_TFnfYmXqTT2sO37QizI$s>G45IWOIW~y!gVWB8lCf0LN-E1cfuscm|!Ixc1T%`K7 zdIj|RW5FXNN=WqTctiSdP_PmlSE2Up%tGn$k)e=I4mRg|6fx}?@okAmjNiT|(x1gE zFqo>))P-0~P{qPx0Jt7m&U8hX_EsgeA2=erP|$7qw!G#YQyz{F98^ATb};^7!U0{#wA#o);jd)`LLQ~2%R+O9Lx0cVALy0~ zyXnn0xpYv#MKmOnJjV)`BD2dlv(e=~<$rweD3TilZq#R)N#S5d_GcZBd0(v7)IPWlc`LPi8F7X6IW#L&$RMc{bxJ`rolYzIc(*XvYumwiw^P z0li2t;RXO4JwjYC!7!8s_EWkcs)+?sPsf0lztSj(%Fu3%!+oee^`KrqL_cVf+Wjex zhSmEkV$j+V+7RN8j1SV*0V6kGj+~3c_bM&-X5sCJN5as zhL;?bJjzH!jEae`ApJ!}C>L}Qt4DsTJp_}_JF@c(fWcg@=RTvG0;Fj54&x29f!(UV zq=-CNDk|v(KX9xWv4|~KE?do9=_YvH_e&ouYWGjfLS1nY8C5wNqG*1VV22-$;2>!am`82Byyw3fBDSwmhHx zL)X&xFQP=uucZXB>g%b800Ve+B=SMKAtr`M{H}4{Y_saLT~fqu;cLHv;B6yMYg2fq zlla8*21fDaJ*Imw(>LL73I*nk6fG4RYJ&jJ+xqA?oY4V0*gKRb^# zM>~xi&>jL#MB$-rh0^Ok_)nkJ98i9(dbyuM{91#Y$mv0`iC-|@fxF(%s$`84K|_4%jX4h-@Ij4VA?+H#++FxZ+FsTldY!L&Oy>xfEj{M7kMRW>W6a~f;k zf+Uhy6vX9#&@RqvxXJlFoN_3sY{7|%wuP5KHA0iK))Mp>LGsz9oUA%Bb&0GP;K_lJ zC_PD6DbEHt7IGMTXhUGmE8*(0VCOKX9hd=Zk1gs|tH8T#)Q*Oe~?p*IPFXV15^q!>$^fBUho6Xr@hQ9Le^d>bP!YQ75U{jzMPzLOYWiQ;$;? z!#vLdjmulvr9ChK^Cl&xk?g1m1Exvp*Ku1^hc$uS&Sc4BE8C3%{eOrT7)11jFwtU* zaRyOgD$=XEs2c5T?L_LDVygHd{W2&Q4L-K*r~?|I1-%TqBKGbf#mGc@mFEPZ3dkX0ustS8M(0&$d-p z4t`|~_L)lhPG7`xtp!Wo<+a4x=%}fZ7rMEuG2Goq(|w9i{;bt{9y-d{^d0o2Py#vh z=gQKbW_MK6+OTLXL`ivqsY`(b&^oMe#3+!5rQ5h8v^5=}6CHXpj&aPlLZtv<4%(i! z$;@0^S9DhZOPL=;2ka|%4&D%g$4&o_F-t-@@pRa`8#q8U4!;L6YRxv6L|4pq(QfKHtERr-jbBF5A ze&F#54^yByW$r0)=xG1lnX>&afPc05j;cRcXuHfp(}3#oup`e_X1z0|83-J-%a*Wu z&mCw(Vas3TL|lt1M>8bKM%?_Z@J&g?GoDKQxpF|t#f7cd#TUZuQMbG1ryE@bAEe=I zX9}x(?eLE=zKOfrZYuz^>g=BP+rGxm7UjZNw!^AN5_58%qKf{Kz$E78bNLR&8=442 z_}YNK`O@L?zya>FORw!R#iOg!&T7mfxASt$$jYvJeJ-zan`Qv`Y>G4)=$s`zy>+Iy z8B7fNOTWEPf`ENX8q9dW_jjRfmic`Ly$H||oL|yH)PYV@KXy@ST)g#r8NHx z`T?Yu10lQ0Q^^j2Q;&4K?%?mP+907Cae4W;N7ePwT;7O#q`FVI#isB4*)T#A9e+3ZPogVH z$dJ5L1DltUWRp)dlJ8B#8IGO;9Utd!1|<@w}{nAzv9cK z!hWyU6c_H!!#^hAkzi~s(SPg1mYo3|$3I=}Eb`Eppx&LXH|08kc>Lfd!WA&GemZ6N zCAzQkujl*`qLS!yOBynjgtjA4ye1%s_4To*6_j{hlUT53$AjC7CT2Lg^z{_cTCIg0 z=ylRD=CFzAL9=BkQDP>r;QOZ5&|mmEtsn}31Q?iCW(PkT=!F1hyn@f%IoYFeE;puz zNz1u|r8VTFJBMv69X9lTy0>B8-XJr?QK|6pcTX%op~2YYRjH~_#!gDKe0+S4Oi#96 z9=d!aM~*;(N1ORIut&AWina+-z8l7Wf5U|eF@v)GCPcs#Nm?)0S&wk6La1~v;lR3( zyPsJ`zZCNZVxe}3?tf5R3PgUM3;q|k?76=#&m?u3F<_Gq~o0ioX(a%_JJ^0Kuu za{&;ntt2#)^M8kai13_~U6ybz$Niao-V=8;-nL34L3^E7sIsI63c)tC>~(8#%HijR z@h>)-a3S;kTTKipTVKHY*W-CEyz%vVe%z-y^i>yG7-8{ZC)vBTw!ULe9dnS*Y!eLs zL&xWH2g$<5(%tkxg&AovdTbtdJfDSASd0P^ji@y))}rX51bHIfdVjk?yZGydK1xmr zUE+fxnHpV2(cV1Xh5e?}=6P_O!?&fdn+7>pa}(KS&fTG4DPVh~L;d~p ztbvp1Jrc}^7)Wm%%%x>Axz)Z9v=UKD|ABp%?Bs64*G$A43flw++SLh2JWKRA0-q|C zVcsb>f}VLHsZT~9i$OEOcBl3B=4@;<>&M`2|mpUA-z)++h>FmrQ40{HtM#DKZ^&F5@l=B57o2lWagCF18T_-Rexd@DW}J=X4lWY zw!uU`HtbxK6O_$7^j)@u_DSV@Za7%fc`wR{&Qkw_iw;Mh$bBMc&YPC>(kHb3OS`*s z63A-fA%uuiDV3u6xyKbag zrb6ARzSzuqt4UxoVF>MWOOHT zjO<`37N+$)iEqoB7g$_RVTquBvan1zCW%J!1RY#d=w&zg%=%XEk-#0w=I}zkDqMxaxWZ1x&J6TV z_XnT8|0$Gdm|(mG(KW*Rzxx$#D{Wbz4*R6kCAsc(ToJiNa?p5;(fd+Q&LBHl#tURg zUMEBptNzz^?WLgI>fI}4Weos@ZbaQvdYy zkj9lbyjw#ml#cIIGY-BM-EyhuO`6VkvQ>+n^@T{e)Q3o3IdwiilHgCXZ!G9Q;7@&P z+LxWPE{vo2Z1Z}4#~?8eGGrsnNIJVD)pFwrf9elSQ0E&C=PaZAYX8lJVX?y7Byh@) zF?A8ZYsS>?&;gb2&jeZ605$rL4z*_b4aLCsi(4NXCFrh#_hz%(WK?ci@-B>R&_Mtq z`CC+r`JOp+98X6)>g^laO@usCQ;C2T)uH=Y0EqE$a+-Jl&wr~i_v>f=STEqE0y$Nh zB%vLQQO+M%)VsYA_Rb`xT|vP=MvSW7(fJ-TXC)wN3?M9lcxE!o*+_{SpCcCEhA*jF zcrzG7wnJJUQK|*;zIMOD$BVX^{{pW1N3QR;O`B#|CU#~ddD%5V*d~w5ntB}ukYg`9`?5q7jIsn zMq7WxXa(aKFpmNbjY6Rxtp#BqS5Yw9-(K%_uZO6&K!`kt&Hu#beZI0M>_uBK$*=TY zDb*XMP5$cSxwq&9j}QO*^+4D)%F&{y;=(#fUgPz6+TtERfmYGVQoQ?;fM}kLQT(u@t)I6JU4xFhte)HxV-yMu)JgYFW zg@>=pjITArgr@CgDG@BOVde7 zu9#Hz_A+BBDHSNZDEEeDg&pauLdoxp=w44rVxO4nBW;2At6^tRN$h0hgf$)l5%2Bz zDOCZWTqz_v)(C&_RN&N@9t2r_nT_t8z zF0~OX#^BxA&G6sOs}UXccrk77G9)No#Kq^io@YghH@6d+T6f-@k*V<$FubSYGwfQ| zMa?@$h^fiYEZ$>Zb6&dW5yW((KU9kZgC*jvl2~7(1h85Dg;Y*4?#$$nx8iQ1>9L#E z8;Zuwf+!$PT@VVc$7|^zzBUd^ub&?^IDQy4~m5k=vN)AE4grS2H_p=V9-cKPZQgZVA93$MixOK0$OJYb2}tR zfO#I()!RYr9f-!)?Ws~#IAM9a?$B}NqRcp*Ex#W=o!%YSREEVCHSv_CDLw{|iEX8j zJTu}A-xeNMdcKLLbnSv!e&XikadV{_`}J1-nH|mh=zcU{1twNCM0oSCxRxwILxHmTYRFC|oAKCGl)`MP1Bd!4866)_p-l`PJQHof4cxcs6k?lJp&_UK0vcwqL zR|-e{lEugPmASeiS5qNwwFZ;3;Q|c>6#O)r-D2NOc#3hql2R=NXMO0ZVWu;4KR!Zw zKAsIRWGcRrAo7R1g;eP2#awtt*kc2eYWOR#OjfH!x!fPH@6^OL-_5wE^M)4Mi~&1ZHci61&NOoe z8c+sWHhSzDOG`x>IFSN%3{*7K=2pP&YJ85gWad^@>4Ir+835&V@s%o(txq~F;Q^HF z3>P<&jII7-1hKgJV3`IV1rr6nX2L|P@d+KVIy;=c)V?p#h{SO=y)g?}iNEpBQ%(Fw z>WsfIk#q4us=mlt=02C_&X4Bnu1M?W9}fsUfn<2@#?!m(TD6t1Zck*$OvKn=+3_sz zS5XNA;mKGlhi+k5nTAQO*2~SOd5A+?KGmo^Ccu_RH8hNwmnPkY!kzu_Uw&yWhreNT zF7$-nr=s}nf6Z!efN7n0;|M;Z@%q0OTSt}KIT2kn9r|Yn>A>Y*u&+0^aDrxo%38g# z@mj8gt-HwbJ{}NUU62QOC*Z6~6^uMKfQ*Lcfn2~WbUQol-w#)8GF~!{Q7nOO;m8M@ z{-nk8TGlTvnhhS4mtLLOdBvE4b55iAFVU6MlHSp3dn(PB0*7U$71>CENpCl?6PZb| zwLa#*wEaKXxf(2>I0$;ckH5Z$C2Jl-{LDa)6tZIuJEr<~{Gjsuec9SwVZtU7gCEa1 z_j`8-M$sh!k_G59R{sUQ=#Ifo*>d#Jr6)F54i3pmb9rB2KT(`IjSNa>%y1$fQQ-7@ zOB9ii1vQbUimsbzxoTRTF_KLSAbY^$L$d%BA6Opdu3_?T?f zMGm9f_5|-D3o)A54A-+@7+~!r`j`kybUlm7*!l6&maXh&N}xf0w!66q7GmFp08Du+ zquz=WwWzNBKs?fJ4SN>3?&IIJ(~M-NO>g+x`rm0QxVX+rvpd5VXZC-E_3Wwn+7ZPv zkhml4cVyD4c8r4Iy)9WAoNhi~@Ok|~v7#HHuXzbgBq8?a!hdP?T%*!-Lhi(QTuU-# zBELXHI~l)g;J2%dUmUOQ1O+8*geiPsnlBH=@}vuv-BQz861)Gd< zJ0@Vqybr(CHIkLG?ryqZUp+iaYGt4?q)E@VSs=Zv$E*(c|M%r`5*-+tlkJoV183Pa z;tEL<&n!H(=EWH_K8FAgsRr>TQx>6fkj7H*Zx;@aRiKFc%@)rZ*6m(wsSg6pa*6@w zlc`R~-&{T>btk=g`<>4KHMiWTeIb7#bgsC)+}u==xYTTyMW?bfEN@y*yb{Ypj61AZ zL`-{r!~wV@=Ubj>rZ30Gq)5RpB1NOsz~ok7&}11gIGv8x0Nj#~MRV%s{C0 z)lQSBGOVY5@cau(8^SdOS(U_JX<;>|bGWkB)8;VuMe`sI$Wxn|^yCPYCzc{e!NsT` z8d^GPv~RX*+$^Ur`=o1)RV4Jqv{Ifn+8T`5l~OqY^R~PEOFYt)lOTp@L+N6(+K7}9 zD=~+3Ko4yD0Jrux8zCPa-5U37P5M^a)7|Hm$+zI$_S*UK-4{;Bcgx#~NCMfnkhN8B zv)8uadl>A3xoN>%6`a7wt`7Wjx)x>d*BBEXO0|W{TaQ}tP@9>cp}mMx%;!mn zTY}iq?haDE@fgIV+vVH$>>prMM&@@p&^7fXb0U*}C6n%Uh&}a(UF5H;n2?so!|4Tr zpUHW|B-b(}Cwu&A0_xl;rnz7Y05)9}(WwKdtS1IKu3Y&}7{X=V8e4GW+ru?zJ*FH) z9ayO_9`3wt-t`!Po`w(px~J35JYx%_5;VNAE+mCbHz$Kso{ayr! z{zMr-*Tes@aEbn33s)lE)y^vKxeWO_U&I$<=U*4H0uZ`TVocXkI-_~Qx92#z=W9^E z=$y3-e_N01BDw-UR;XWeczD8FTH2#AM;gNQeJQvbpPa*1 zdhrh+p9<%6zD~Em9ACrnTFBn%tQn9d^_I==f3NW(-B3k;B?QzMRR8gi0znlCoB=OJ z%aTD89=z*TLC5HbWQ3*)hK&xRiBthkLG?}u#q@T7`5B7)J5l7{q4)Ro#Niyc7<1X{ z^s(1dTi5Dp=IZL_q=&h?g+wuYkVC;+UbB?#U$G*!)w4#{GJpzukpM{b>16`OC4hL0xnLpRqj{h(XJEiYeWWyRFwoW z7mJ;UOGwufh=~B}pMU7(`-8|j>byUN4?HCb^g@WGz^4QWo&_;fkl_vxiz(>(7N#wX z_2%q#>EI>LpAZ25^yBIr6#DPzrMcQWut~tyNX62FhLT52hVLd<92>!vt8_@@=;`vS z;*@=mUEH%$xzLhJCkEOFf6`?MAVE#xk7VNGta(_&2OtqvdN4s7_YD4tpU#i-8n2&q zmGXI6p;xz!c*4GwNvgLX=+0${6EJy4!VjM1#GEwg@AX*uD~CdVgqP&aL4XJVcW#TY zN$U!Le(=W7ypiuoXR;fRclB)N1pOH(0wi3L2@KY>fmp6FKoaVbm!@G5#cIpNdCVp+ z4!^iro7xwN#l0<9e`#jJ8>JTIc^iN~- zwd}KIbeK`Pf8KH6uXFAX+6ma3Ss|~MAa%=c#Y}eeh+Y4H(nHFnyJ`5{LHS+bg07RS zPz2pXtBB1oI@4V1k5;#PBS4qShOAfgZtT2A`0;Uw9Qsa8a<_941XN2XUe4Nun1c{P??dqB}}9$Sr1=L2Mm(OYEX6KVB~I_xw_ z$A^}lOHK5mA!NdG1RNIa^1^kF{wPtEeQJ7??zYX3vvd4SK{2}$s~vm&ssH=v?(WEg z_%M9U3*Defp`?olylaYGoFhms`!aq!7wad(@9;ZUH3kEzR}FeQ_~C&)fUha#b81i} z0>xe^|Net_rG6JKCwz_*+$$Ad51K&@H%QW4)PRk-;lXH<=Vz7rgQxu&;l-B|M0Ykv zRy*THcKAi*r__fRQ9PkRSX8p+-UU4zz2z17uR2+qW`O;+@=I9{XSF_Gl#7)#Tek{a z%@cIi0BF?^-j`cH@?J&gK!Lcw6m~y)b^pQ1aNLXQ%6dlqDQK($jOpJWQXhV&^_`}x zS^+_UZzc=+@Cx-S^>Foc452EfmAUcCMG{7XCu3UPBR(?%wfSQNzVF5yohdq7@0~WNs(RxN&=f zPfrF^I9W&kAsYPlwBWe=KeHCf0Jg8;qeU9RDF+>~O^QjK;KO-;3G42rXx`Pd5^dsi z=tLKLERBGF>MRrrgRM^cwe)(D%fg8|jI++>=Sx*D#$%Yckf)#T{3*KJ3(b-aR0`9> zYc|zw?}xC<9yG9-KeA#U*#e|+rMN}FH-7z=880{6_S3)8Crwlpp5|+4=1Y)X`>C@0 z@d5m^3Wg!{iMyiI4g95+Nhl@gn$wJ@^Z2<^tb)|+#m?TWT9pm^Qr!d%pQo*$E!QCR z<1eMSoWWY+uZJp3hWB!qQ4^@_jjkwVofc6b-An?YeS=YEnSNK4#GL+fd+s;Cm&jET zxLETwC0dKasCX99iSaHP>0@n}arpQ#I68R~Z6ER7`2_FHj=H}R zORnYhFCOt$Z$|C~F5L0iw4?-q@EirsASkRWq^6{GJ2!oW_D?E#OwZ_m@hk-g_}~79 zm4{XDgW~*t&GUIDSrwuL0om=nEQ zDKOIkJ}QO|Rvh!-7S1;E$;qfTe>JEi-!5>d0t7*pKpU%%1hu$Q?+q_oQLq*j&YT`x zkP5LoGlJ=JtR!w~1L+-taPZAfIjmVj1sT;bLqq$hJi2=Mg6{VM91B{sR5S%wQb08a3O{vdP zOxWy`qNjyO*SFZ=J#465Z)_rJBc85zH^Nh6Y6p0%PFyX5U#yiRbBLEC;rG;1o5_(W zXz8__uedKN?8e&g!#m71#)FhavkERS>GrZS)$%%x(HD`sAv#5QsI@Cs^m3#C6ms&u z8!Q^-n(GLy+gH{bv^DG00+`DjA)g4qcpxWJ84MEC5#3-kIv5{lmhn!^weiBrDfa3U zw!+nB9IK?l?w{p(&+|BCY;=E+cZELyDGL+5hbHv3Jq}H~uHTDy2ZSYDE+6RCC1(59 z{va%=&M)ZtV&#P(gaQ8G+R}PM1Cs}BFP;&gqQh}RCtJH1MAK1=uDS2NdB`F`wI8nl zgDscRXgLYn4L{7x5mv(~hVXBbu9*reI&Var@LhVfg(J<2O%40|V}-ntL)m5Gcz-Ze z%C2}#g8nm%t0;zr{_eof-letMB^cYqG22;x1RT#!Y|huEhtV$ zTnyRvyRJdtL2f(+-}f~pi_ZfyG-}G-xQExmOHbD;7Hqix8kjxYFwyfw*2YuQvw~S6 z=$Xxjp{Me?hsPC7XW5_Na$%)DbPB%Dr}rnz9gG76t; zM4{P2YH!d>!n^w#K`-x5jK{CmIQmDJ$*^A0%$V*n%$#PqG1JNO5%g?*W zVqBDFK^43W{qI@k`LQ80ilp*e9AIXfXPplIVLy>k|D0j*o}(CMce@b3n#Lwnx-gYO^B zNw@z49teO3b(%jfA#8qWcjNZ{=6nUgx+&A2m-tZgLE?jfTw$dvo8-%iQ46hS@GlyM zml94L6*g!l<0ev~r|{9P4AJQkWrj1~3{@wXg#3Gw{`PPtBOoXtQT~41({jNxNkKq~ zJE`%9Y#LqPUFx~hnKsISyf+D#4H9N$M^v67dwA~vR$NDDzt;QlzlCN0c61W~XI%hLccoPa>OwIoCajCb z$6N*`%z+e#xLMR;SzKGW21L3 z@i?$u#kpFpkr~!MfrmLbdCAbs(V0@|{5kfrWO&uKU+gQd>ZxQd=!zlAYr*umV&DBJ zzVE|S!UOmFX~*h{^8&Lo~K-%;PvI=8R-yY)T9^#O@`q=4e`#|2A%et zO|QkaB)IQUNq)8z5&^k^p{sC?qe{>fqj<^$MSZMa(bvZeV*Q-+wW~8o^t>umGRiNfPgQYGdxNtw|K}6%o4kiN0 zK@{>@A@{-_+s`Y$_=e+FP{~!;Dm<^=?CXRyyKJG;g}%`yVi6*{1c^t`0(!m}w9_1v z=17s+-%zZYk*5!&H@>9GoD4q*Gt-@zuUV#Y`q zahuJ?J~anYv5d(zr*Z|N7j-KT85wj#*VR21>^06=HHe%n zqT0eMw;6#NDE@FE}o>yUQV5IzI<) z>KqD+YCwmy5e}RK*sNBu35(CO(WWa#p8Dsk==5V%`%N1Qv>5uy;!Ji+TSt_X7yYvVY`%C6tD+X*w30QW8LEjg>7??CEFxM^A=EDeUI7sHU%JI{ZPRB z4YO)M_{i>HVXd&8Cb_;J169wL_M~KRr?UNKzmljtW7?v@S=on03nVDpNg!g>E@7-n zU@I2O!nSNZ+6E>T-6tPHh;D`wY0M7&qXfYeVZ$PkLi81N5Mv!B|>ND!`G|?%xrD1qc>f|k_ z-iJ5QS<@f95~GPp|1`E%JXob1n9`k&38|P^H>%SjP8=KGY%Jm7p_A)9b`i01T~*7R z)MzH)dC#8M^wY0Pv3w|P460v_>2V}+jj|^({RP5zwC!j-u)l4;njd$fgg0fCq&P8ILj@tnRfh$0efWz^ z+t+oDpABy{=bhxpL>0mz^&}PhGO&32=CA&yY{1;odU^Ty#oDTy||YZ21MK zjTkOyd~pO>Fk#33OS}t{Yw^9DU_V&1t&I_#Ew=-U1XoyT{eBKs!;fY`Bv~&OF_qf@ zlaH7*T)+;^at&Tex@$I3!0-vMZnJ|Aw&Ag!kGSB13Y9AW{zeJRrU6l%mU84 zh^MK22(e?cN+e{xn71P<(rbvn-I?i43DH%sx!`}XO=vf5oE!WYi|N-{zRp}ORw93G zF?mPCSD-H*_-&0!N@{A$>V*hfohSOQob{sn6G6(eq%|cizEFiM7kgOE8%;7EU%dJB zx((}~jn$?hlYkYQT`n&5M$EKWhQK{GFA`#0wE#nka3v7}7OFb`SAs*tw0OAqKTJvL zkmi5tuPdB3)RQ*3cP&+{-h!T9E02fo*n+Q=wqv6qqFOHWRHSFe?w7+Q<6(~fN~q*z zhyN729^4*Wbn}ai`W>IEFg=GwX?cu6Ch_C(V#)V+G(63wP8JtNFjj+R5}dB1mJyW7 znq7DqGFeCBa?-bn=r(JDP`i%0##^(uloucBgUwHGieR9vKrFn>cEq5LG5 zQrhOc5-W(1`7@k2y-mY>y>1VRZrU~!;(mmLK}xPPgrUd5SfH!rs@la_absGE z?6bEtOvG%y_N-M;2Zo?M(pPZ+`a}e!{QxbrcSb*YA1UNo0P6mpo9_A%ApA=|f7=Nc z;?A+r_Bv>A`e?`X3`FkB81YG$N(AT|TDhN;d@<~cgFsY!!fSBw0Jo)z0flxVy9J{vi4??z+K?LA}f&b_&e4hp`@?W zOjGRL+~~6Oetce+u({=jMl;JuelT>g>IDek6jGs*JJNU^!?uHT1n;^lC?24ZK?k~0 zb3M|^Ok}v#4mNuD+Lzaj5>a0T9c}r;K$rt{>3T5Qz+X5|RBrPpXL6nSEXqxGlUUh4 zsQ+pJ49z!kq`m#%Ad#O%k!R;SJ%jsic(^2#Doiq&7-Z6MDcZ4-tOLS~C) zks2##CFZb*j8`>4)*iedZ-XG|ygYamGVoiwuX*WKGlR?tc>0z-2?VFV&~@&}n2YtG zQG2k%sNeZ+eS0KPJneY9b!&-uNHnctt|GrSv&h8qLge$SA{xy2*2Kz`OT|@PZK)(r z%T=XTq|;CiX*}}%LW}31`S>k=sD)W1G1(!oToSg{nvivCE32^Emd`DUn0^?IUf7Ft zK#+zZbKWx&8*NQnE?kN~Snq&T?NXf;wx%?~ruTse?;pq9hqF@zD{j7)yU@Z$f4AA5!j+At=ziGu-MjBvB! z0(Lui<8h-chkaqyc4IjYHVFZ+TrTA-^sOd-EWci$4N>pkZ1dCLy9ZJl%wM3M+EA z9Dc|oB)iVsBk&6Q%iY8CR>tXaSYEfaKzKYpE~$kcrzdYhT+EYL z?GGN8>I`a49L~gMhX-?E!;iLCtI=hUU4hw$RV%_0@qf%1?MOs10MQ6zrR`=*4cl-H z%+Me5kg&T5ZepySOIDGblnNs`MpZ@(i?zQ_v16fj0O+~S1~?z4po!$n7)j+d-KYT7GU23Azb^^ zo4jB@y`Z=logz7G@$OovRwmRiGvvyrjQkI9gcR+v53EXIA=_ z5_HU#8&OQ93OYBsQuh5xKx%2N%t|oo*~AN4tIiF0E|t^4tn+T*Jqxz7+M28})HE-#1+c z-!B_#x^~hjBF(n4U1dUe3A@r^`bhM<9((Ot*!$4yTi zk@0L4D9=NLa%zqWZTfR{9zxNudRdkWTzM<%%ZHRJ!A@MI-u+DR~ujK zFgqd_Xe0lcQsa`t)h;+M7WO=&M!NWX10pbZFp|@9LpyiJBkx!X#j?ex$r5XwI)1oM zvp@~!_gj0waJOA+Byqm^zd+_a3Ir#N1jM7&Yn&`|p}`pViCj89{k4;tWG*mjvEM2E zId}EYm+;bSeJ`~B!j$uE1{ZCDTXbARl6YK9rbiSTcw+dnfFP;+K=1qhrRK|N$A*e1 z0T5p{hpz9);|!UF&Lf2+*psPs+G6wGPPgTYJjWzddnI2Q^s^s+eLbNz+hnLvn zuW>*}l>UQu+V^a9zyS;Eg{i6K5?g%ieT7R;%+7{05khl~MF6YGBf{mdgwM1<-s|s2 z-k}d0*tItL>M5qHX)|YB00>9ksP(Ro;~`{m9%%2mub6Rw4-NvPTN&MuVyci7uL#2j z*+c&MB49Bb3tz9}*L1RjBbZU7q(mbx@n9+g1RU>%lq43#b=9akA>6qj0A}Ou1$s5h^b6vlJ0diU zxK&@2?eKy!p@DL{%pUtjjrW9+K-l`o&hi2_ls#V5REPkYMT40CiLCQ365qQ4&DntQ zCKO?|`M^DGTboQNa_1x>>96vroh#HY_MdynS-j61$0v?=98b*+D5%M2 z=WmK?WAoh)DO07$ms;#cS5LfK#rPyXN`6We=7Pm6+D!{6P3Fdd!KO8Qw?4Sw4sCFl_S>8$|)VpGqocdr6>@k_bE&1)5JMSk^qmi%g; z(&?2Lq~l7-Zw~><2xJt!>P3R^&EleIh$h(#05$up$LAFj^~UF)tHnL?X`RE?i;V_} ziz=DSo_#2J8QK(C&cKR{mDjZSnlpP=ORa8}!taq7{fHx9MRGgokD){=W zU~rgpy?3d2P6NIBG#jay1Z74W81T(Yydk%aWz0d8!*uFri63L>FZS}Vji4~a&SVVL zUogpn>tXne+{J~wF??wLkoz?uD}{3T(GaS`CbvhbT#h?G{5P8keWvwGT^7-NTpT)%6GD9R1-Uv9C0^<}6K6_tzG)0E)?I{TJ5qh@49r5r^{#VL&uc(;~BX~|EQZ8Wk{ zcHi>GXuQ)okLd)1wvK$@vl3YN!)3I|Z-c8B@}29DZg@IZqQw`0N{Db5yk#6A)vw+? z);O?n`vKy(kwsMrAU0Wz%XvxSl{8ZZ8w1Wivf}0SA-uoj}*BsAE>|A z%K=xECKY;G#35p~`VZ__!IAAhX)-sp4#Vds^Uu=oxVMDAqf>!Hv)%WoqO$e-YkJ`% z-IxV_+MBTsGA8E(vC6kw+D=vvC|3;uR&U6Cfn6+u!FD$Zc&}rAwxmn=(g*)Hav-z;K&6Cw^CDI-I21MhlV(FKsY=^RUC^)3ulcnoZ{}zxM6Y(qz8aEIQ z-&c0MQ>TT3(lUaM&1GLEnCy70`BR4|gz0Qfr2A6Ff%*j#t@l&Y&aOKe(+^PFEY>A; zNWOdeIWcct{vMpwoyXYTa7L^s0x?-R=hpU1~XdiL2uy94HWhPTgR#yqE_Yl(>)K9 zDLZ1c#{eOb@Xp9H&RTmi@;KV)v(q0R_hR%Y|KMZwlgCSUBtCzMq^cENQ^9m+PJWpO zW3ADItL2nq?J)p;^NdaMy-(4^)5ie+7Yh-urj8{JvVkB03?2)h%?loHs+8Ed7w&{e zKN2|Z0L*C2<^ng@Rel8N4e&naS^rmpCN^H=ryx{j7-EW+Iy3`y?`b71SCa1!n`OJf z+wriOvqwjsu34ITvi3nviE|^gy2qGO;7Fr3vl%<~y?B8kEZ_;DSci}JsKa`s7*2n% zfkg0qf^%E>y;kj9}nNK-=OVz84Q1 z2}^Ood&ivXBI*g_{;t^yot(7rTEVMkT^vQ)sP(*L3qxJT7Z z4WO}f!jCxTOKbilx!9H<~gWdfxpp@ z1;6F@(QenS$?aD$W9^CBVu@vqgF&F8z;+~PcI^ikA!LY?hm`nwpJw6p3THugBRJW6 zPq5Seu+c=usZ^(0?Eh%(s)FL`)@%ZS;Enu9u*L~a2<{f#LI`dl1h+;T*TxzR9z1A} zh7jC6xCeI{*Ty>#n9iMBQ#CbH^EBt}RGo)iTfVivwN~vDset%P&|WLHg4AU`DL%{_8QO)MJ%npB$ z@-exs)NF4&MK{C$F6y%_)|lL9uo}PP#rMmNpn`kc*`3kM9=p0!Z?~?k3v<2LlAw0!|!|fNgQeO zdttAJ1$Yp0rwgp%awG;Nc;iN&FCrjUOIa{$)a#0KIFsB=@D!N->SBRHBj*ci_6iAEeb6gXMg9{t*r)>564fn6L6 zM`@juCQMuUeTr7k-Udd7)PSnOU8i&_z&E^Yxg1_2l{5XA74v|9dUG5cdtD3I(o9D>3qPiX8Tg;Yr&aLoBO#`Y;`~^3Az1B#BGE z<}^d13>QeN8O4pN=d)+R zF<8=$i62#>5^y&;i`{?!bFU}afBVRfnY-KiF`bFK{FjDfV=Jdis_eT1oH@tSLh6Zh zq?SvaSEwlM1)zwk41)z9soSosK!}` zE%rO^N3ZB%#~v2-sNq-=FWFDNJd-XTTz3<}#{}Fo%aWjvDAc|ep^fg;3xB~8ia3qX zc~aYqB`)C1qHu*>WZ@@Ouip2_ts}X!+L0EBI$F-O&7H3)ViwUeAR5NDiw2mXi1FZm zY2eesM-Cb|m|M9xBw&>AjiN2||C9J=Z=q@SuT3EiEq&CQ+4eczXa0EQeFVKPlk&)s z&A$z7sIBnz9`)7sfq3FljD%CQ`D8E3M^nthsXQav-@-XZ!nuNrN1rMZcg z-i zH`amAnPcU?wgKGYE;MM@SFce+o-wr3`4c%o2+FU3s*`(dCdGGjt&$k}m@4$ZJUT z@9f>%f1A`c8N$9D%w?fppokm9-PtU!YVXcMI`;%vJty`wj?gHB8zwSfHR&X52>JyF zk$8cc2#fB-;|AR%3wHfqdH+NCyU8%C7f7w)LqNpMuKkID#kEnl21oaOt;NcNh$g8; z|M8rH&QnuZwjELhCbE_gyJhXqd;L@M%>`ti{BWkbp>T~BT1%=-8S*nsmBUhZYHYB#yNDh?T_o_Q#a&1#TiV!1BbKORP z+LY=wMX(>bii*m=xl?ktaTao)MEn5^ybSot)BndEj~PwGvU^EbG?3rtdJpons_Ko# zH&VV}Ja%QGD=C|^A7I!T>wG2%owc5)_iW!ti(O|TTE2Z$nlQ63s}N#hX6v}w>Q1XabVFS>OS3GYV(w(wEI$UzBGVV(M!?fqWnTMHSo z&DwF_Yej%11=r`%l7kF=4BM6CQ=iUe!uA zVQ+dOIX}h1<*2_W)`S-y zPwI8Zb{Cf9)$H3Ha~gZxQ*8`NauH6JF^kr{?aE1oeoc5e@JTW{mq0M*D*DE8eYkZwCM{iEazVNdbvzY>sKGnH3vKf*7x_ZAzLgk>*m=KuVlC! zE-UN3w{W^sgcebxxftvH?%0N)*YXz+i05PrHozXL+2EvrqDeaQmE^?VZLJqgIs~h@ z21vbV`K)JObdkJV|HK|7vi9o-!>^K%a&)?prO=1Jc3yu+CTjPD3_2)o$y7162Z%~i zB1IMAsH0fd)SqCshv%NrW1SNC68zx7*hI8T5K&Xdw0~Ta9;xdCKV;19 zdGoZjKk>y8CtPiK{RNrbyZ2CK0Z-!DC~X8b_e(_&%w7?uHIR*8(L}LL3r%tRw7oI? zB}G1VXy)9F$R2)$jNqEUVX8Z)5f9dJxfFf3(1D`_i8lWc{$ahe--S9S#M;!4WL$F| zbKEJ32xwkV^#)Z>QAIx7nwK(5<9YRe2ha)&nrps+w0Y(}<};o0{b&4zzL|c)UP4N9 z&A!z4#azA#l|<4jdDxp`9G!>8w;fXek6zDb;SDmo8nK-X6#MM&n~kg! zs<-&nSV$^lxF%cN-pyQmW?=pE4>2IS2voZ#N%*~s@2h^J2jWRRb-UVDq)y~I5pifg zJr4X+R{n#sFkC-Ply8|ABhNNj>e#jvKjCHvImh$$89f#OA>#$ycEG4sE`3CKW$>y$ zY;b4=y$EgKjc3+Ec2JL=``L9>=$QXq*W5QAGxV&#hU=rLoz6P8Q=*>g%E|`82{nyB z&`i5F4act}j1=5X&pM^?y4KJQ=?mhs)L`K_!trslXlm5Tu@!Kp*9aVKkm z%;A+$!IMR#g;ENik}YdExUrM!9$8 zW22(}KF**rHTq&GF7a%{SatbWL;g#D*M{dDNcK&=>-REhDRKgYUS@B$^m!0GtzQTT0eBsE4AOoo0htb>t&YS_?iMw;W)n^3G6KMf=#1PEgFkP~De`nfV)M45wtM;rfX ziiQvHQAH{JCNsc`a`|E4GUdhXE_~I=Va*ID=!|b6S0sl8+{0j8dz5RvGv>2$4Z4h-h*2OP6^dD z)uU*G)wof&-0TS?*_()7kr(b5+4F0lVViaCejEh@?yb|qoF0t|Wa{_Fp|l%L42tIu zn=IIE@x9|_Ab%zT;$pEsxOzqdkQD(3FUm+MSF^!7*4+e;v&Y*lF5;*%V?Y z>cp$7@}f|+_FBh~`}}1y)Py#gp}IG0?IHp_L0DHAkCgnT2X2-h5oth;!rjC6JKn>B zDwmf%{n(!q$oeh0Tx*(emCsd|_jPx4R{&jXZgji)#IxhV(Z*~5V{c;taVN9N8H=BD z&L375(87>WCakVs-%7L|fSPYsHV7LIb_tiAEE#3NlKa*bhAkKnS5k?w_=IV*5V6*w z4?1zXLMJJkNRvkUn)xGP-x-fMMR)G6)Ey?$;b8_M1Pl-Gv#mpJ7 z-TF-Gn|kPM8$H#O{@Bt4v1p(J^X&zD4gyvZ{Jj?08PgVqt0LA3avL3yY=ok9`S(cI z+^Pm_n}E}S%@ebQ?_zx@)r$g3wkHfB()`k_t1O$kQ`E&Jnp`7QW#3J9 zN?}T+yHqkQB(+@U^I_~2`DFFr&b2CRI2*IZET>+DVxV=D+Vn~!c!yoUvdKc$n2NR1 zr4baNZ1tFw_MRoADY`h;_d)6R^4wlr66);J3JP$ag|UoZ1v@yR#qAj8r3zOEZetG| z^2-{n3HxMmVzfApm4iJ8F5K^IkZ*;1X&W;x(fcKro@>UZM}{RC42ZW8lPI)@rI`kh z0=ZOVqog%3%J^spx{7a1e?ABLN%tK5x>2tX_rZurbL`>y)=<5B7?obX!@|@E={;3g z5g1F$$&NejIO&^{`?(3_Y41d(t7G$lV|`@;hrGxldT_;-bj(sRZiX?zaRzDneg8{5 zpd>Xi}|^=bc<ZOB{!}v=L=? zIDKhNyO(?}8_}4oFoR)Vc`WkJ^4q%sD7VhBi-ZXWV5~wsb=h{2Q=yWj27iGH`0wOn zwGNbv`ShCgpZqWsc8^HZ9#ZU?CyPW3L5wRDhnj(B7k2A)5V7j(ySKb70ii{T=lP)3 zZp0=bUN%2z59RL0?sr^zn`;V%%ShSTCQAq599%$?{ba@vh5DRJnJ^wSjk8;k=KU?G ziv=tt_N-u0G6YsoVs6X>M2UU5{URVl@wxC^p=m_r8F8#zXWG`8yEU^@5zAJ39SvDk zPVCOE(8sY^hgLpklGFgg&_8RBk^TyF75-*1)FMy*wD5;{Z&_LLQv~Vd90zg7$97eW zhxeF0g_|{DB*Fy+)pH^6kht{k4iYSW1}6^aveBdz|p^Jon_AcpekC9k}zYl zX_TrEvgoJaz~9n`wML8W2e2acZkY*P(VRIlaiv;=X&x+K0>;Hl*EK4tPt)dVIdaOM zxckc~_OvxJKU2h0@oD9=9Q8#*ES)>Th~Mqp)Q-wy`0Pm1F1EQrP1lZAklStKd^LuE z=ZL#~UX0NWug8Mo4Z;`*`(lsud2m+dk6%DvXT3k+VYjigPMuk&ZbS+H$eL*;<^WMB z1x^>QwJ3S(CxumC)&JY0B#~J=|5FvOO&v^ET}E(y?d+|4Txyq?58dxRJ1uQPyx`gA zl{)y7g-ztt%m%_f>Y?_E4Ij4i9fU2PmL3k4aP+*7XeHZQL}1T+GXvt&#wz@H&bJM1F_pG1Z6fK9*9}UzztlN~2+Aa4 z#hl4V{}8mX7wF96=!Q7je>d;)VWR1XQu}VN;h(X5m9w_Cl+x##0my1N*GgtnG@mXm z{Rx?@wg+6s&M`7$>6eX^tE=qnrEm#E3RI@HMWj7WH9d0RGt5gixr(DrzLOGyOE|g6d}Ig|IWA_I zxvJdLts)@eE00n%YVB&f__lVY!NMM{=Vr_S@bor@h6jwDSC`98xwT6huS#&QvvY<0 zmVtTQ7ots6HbsT2j&-DLH?NAx+}Aso$`qXF9;CqqzA+I-3MWNtyu+_*&0JZblJ1oP zbr5v0P*y(%1sCV$Nx{p^6NZRI($%Y zKfx!duWZ|rZsy)1xan7G=bx1KYWSind5I$CdaGoWF1U=h$2N%V>a2go-<^cD2nD$p zv>@F#9DPRNCQ=3_RX!L)PK3$1yZs9@S5MK9?OoZ{$7mdUq3~DV@@%-8F24+1VPd*u zbpItR8IBIYXr9u$YX8hSNa*Y>W=`QB9xr( z_?m^1K${i$0jS7-SimS^WP+}Oa+X{ZAJryS1*kycE1XSfhk2YC>$(&VId#egj=PP!0Ol+6{H(VQPga=eRECy=o%d5gixKVq(^5;+^}LkYwVy=5fD7b=A2w4w-zrz^KDeM=8xN+>qe18Ymq zy)TK|kL{6wgYdVGPBr@$EFl4Q2Rl8qVcvvjJmtTq=kU0s5pSaPBA1Y%`;m6T&`94# zStuYC7?z%+T7S7TTT?(f;xkGm;XAl@82MBk8u;!lYB^%Q{HxC`)N`GKF&!;603;

(v$%XxNY&O%6_sf$1_EeD1t#qr?6<58#PDj$ zkP3O_5H`@JWy(=ftU5R?Q1NTVbL^X+8gL6bz(Co+%S zWvTf3mn=N%Xb00aG|Dpw)`+3Z2};JNm0SuEGy(EfC5#}$Q7h5qNHyJpWYx~Ciw*b# zNg&*Ks!io*oLhkM{E3S)MXyPxBNJYtyf!URB;u9?+V{SjVgF@(lKnds=8*I1-jhoZ zD8ZibXQb5mRhul_4r$<6f9|GiNW5IOe!!?+9j=^+PXb`VdjHIPtAa@`DQ?anNZ-YnMYa6 zbPmorEPH7n0t~nJ{S7iHa>4S#{ZZ4=vDqNno2|8Sn!Q|>YqpTBIzN;=HGLdB%sx1QH~dyuF28Haq(U-(XbxO?7EUI7dj7> zYF8iOHyRIRTi1F>@f+u>QT6RVcU{LFuKFn}?2pY&bB|)jNoxn0R5uT8%O~&%R7dil q{67QqSpSE^@LwtW|G$r(p9PK^=36ZvE~Y<0J<4x1 Date: Tue, 18 Aug 2020 10:04:46 -0700 Subject: [PATCH 03/33] Update information for Delivery Optimization 1. The name of the product is Delivery Optimization (it's not Windows Update Delivery Optimization). 2. The policy to recommend is DownloadMode Simple / 99 and not Bypass. Note that Bypass is being deprecated in the Holiday 2021 release. 3. Added links to IT Pro docs --- ...system-components-to-microsoft-services.md | 24 ++++++++++++------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 9969fd5ca2..0425efd0a6 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -107,7 +107,7 @@ The following table lists management options for each setting, beginning with Wi | [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [27. Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [28. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [28. Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [29. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | @@ -217,7 +217,7 @@ See the following table for a summary of the management settings for Windows Ser | [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [27. Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) | -| [28. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [28. Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [29. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ## How to configure each setting @@ -1560,7 +1560,7 @@ To turn off Messaging cloud sync: You can disable Teredo by using Group Policy or by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](https://technet.microsoft.com/library/cc722030.aspx). >[!NOTE] ->If you disable Teredo, some XBOX gaming features and Windows Update Delivery Optimization will not work. +>If you disable Teredo, some XBOX gaming features and Delivery Optimization (with Group or Internet peering) will not work. - **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Network** > **TCPIP Settings** > **IPv6 Transition Technologies** > **Set Teredo State** and set it to **Disabled State**. @@ -1809,19 +1809,19 @@ You can turn off apps for websites, preventing customers who visit websites that - Create a new REG_DWORD registry setting named **EnableAppUriHandlers** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. -### 28. Windows Update Delivery Optimization +### 28. Delivery Optimization -Windows Update Delivery Optimization lets you get Windows updates and Microsoft Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet. +Delivery Optimization is the downloader of Windows updates, Microsoft Store apps, Office and other content from Microsoft. Delivery Optimization can also download from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization Peer-to-Peer option turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet. -By default, PCs running Windows 10 Enterprise and Windows 10 Education will only use Delivery Optimization to get and receive updates for PCs and apps on your local network. +By default, PCs running Windows 10 will only use Delivery Optimization to get and receive updates for PCs and apps on your local network. Use the UI, Group Policy, or Registry Keys to set up Delivery Optimization. -In Windows 10 version 1607 and above you can stop network traffic related to Windows Update Delivery Optimization by setting **Download Mode** to **Bypass** (99), as described below. +In Windows 10 version 1607 and above you can stop network traffic related to Delivery Optimization Cloud Service by setting **Download Mode** to **Simple Mode** (99), as described below. ### 28.1 Settings > Update & security -You can set up Delivery Optimization from the **Settings** UI. +You can set up Delivery Optimization Peer-to-Peer from the **Settings** UI. - Go to **Settings** > **Update & security** > **Windows Update** > **Advanced options** > **Choose how updates are delivered**. @@ -1837,9 +1837,12 @@ You can find the Delivery Optimization Group Policy objects under **Computer Con | Max Cache Size | Lets you specify the maximum cache size as a percentage of disk size.
The default value is 20, which represents 20% of the disk.| | Max Upload Bandwidth | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity.
The default value is 0, which means unlimited possible bandwidth.| + +For a comprehensive list of Delivery Optimization Policies, see [Delivery Optimization Reference](https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference). + ### 28.3 Delivery Optimization -- **Enable** the **Download Mode** Group Policy under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Delivery Optimization** and set the **Download Mode** to **"Bypass"** to prevent traffic. +- **Enable** the **Download Mode** Group Policy under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Delivery Optimization** and set the **Download Mode** to **"Simple Mode (99)"** to prevent traffic between peers as well as traffic back to the Delivery Optimization Cloud Service. -or- @@ -1848,6 +1851,9 @@ You can find the Delivery Optimization Group Policy objects under **Computer Con For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684). +For IT Professionals, information about Delivery Optimization is available here: [Delivery Optimization for Windows 10 updates] +(https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization). + ### 29. Windows Update You can turn off Windows Update by setting the following registry entries: From 198257d87732bd8bc7f6d7d121d5919da1da3fea Mon Sep 17 00:00:00 2001 From: Gao Qinglin Date: Thu, 20 Aug 2020 18:08:10 +0800 Subject: [PATCH 04/33] Migrate to card based landing page. --- browsers/edge/microsoft-edge.yml | 182 ++++++++++++++++++++++--------- 1 file changed, 131 insertions(+), 51 deletions(-) diff --git a/browsers/edge/microsoft-edge.yml b/browsers/edge/microsoft-edge.yml index 2b47ccaaf7..364fbe43e6 100644 --- a/browsers/edge/microsoft-edge.yml +++ b/browsers/edge/microsoft-edge.yml @@ -1,60 +1,140 @@ -### YamlMime:YamlDocument +### YamlMime:Landing + +title: Deploy and use Microsoft Edge # < 60 chars +summary: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. # < 160 chars -documentType: LandingData -title: Microsoft Edge metadata: - title: Microsoft Edge - description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. + title: Microsoft Edge deployment documentation # Required; page title displayed in search results. Include the brand. < 60 chars. + description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. # Required; article description that is displayed in search results. < 160 chars. keywords: Microsoft Edge, issues, fixes, announcements, Windows Server, advisories + ms.prod: edge ms.localizationpriority: medium author: lizap ms.author: elizapo manager: dougkim - ms.topic: article + ms.topic: landing-page ms.devlang: na + ms.date: 08/19/2020 #Required; mm/dd/yyyy format. -sections: -- items: - - type: markdown - text: " - Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. - " -- title: What's new -- items: - - type: markdown - text: " - Find out the latest and greatest news on Microsoft Edge.
- -

**The latest in Microsoft Edge**
See what's new for users and developers in the next update to Microsoft Edge - now available with the Windows 10 April 2018 update!
Find out more
**Evaluate the impact**
Review the latest Forrester Total Economic Impact (TEI) report to learn about the impact Microsoft Edge can have in your organization.
Download the reports

**Microsoft Edge for iOS and Android**
Microsoft Edge brings familiar features across your PC and phone, which allows browsing to go with you, no matter what device you use.
Learn more
**Application Guard**
Microsoft Edge with Windows Defender Application Guard is the most secure browser on Windows 10 Enterprise.
Learn more
- " -- title: Compatibility -- items: - - type: markdown - text: " - Even if you still have legacy apps in your organization, you can default to the secure, modern experience of Microsoft Edge and provide a consistent level of compatibility with existing legacy applications.
- -

**Test your site on Microsoft Edge**
Test your site on Microsoft Edge for free instantly, with remote browser testing powered by BrowserStack. You can also use the linting tool sonarwhal to assess your site's accessibility, speed, security, and more.
Test your site on Microsoft Edge for free on BrowserStack
Use sonarwhal to improve your website.
**Improve compatibility with Enterprise Mode**
With Enterprise Mode you can use Microsoft Edge as your default browser, while ensuring apps continue working on IE11.
Use Enterprise mode to improve compatibility
Turn on Enterprise Mode and use a site list
Enterprise Site List Portal
Ultimate browser strategy on Windows 10
**Web Application Compatibility Lab Kit**
The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge.
Find out more
- " -- title: Security -- items: - - type: markdown - text: " - Microsoft Edge uses Windows Hello and Windows Defender SmartScreen to defend against phishing and malware. Take a look at some of the additional features behind the strong defense that Microsoft Edge provides against web-based attacks.
- -

**NSS Labs web browser security reports**
See the results of two global tests measuring how effective browsers are at protecting against socially engineered malware and phishing attacks.
Download the reports
**Microsoft Edge sandbox**
See how Microsoft Edge has significantly reduced the attack surface of the sandbox by configuring the app container to further reduce its privilege.
Find out more
**Windows Defender SmartScreen**
Manage your organization's computer settings with Group Policy and MDM settings to display a warning page to employees or block a site entirely.
Read the docs
- " -- title: Deployment and end user readiness -- items: - - type: markdown - text: " - Find resources and learn about features to help you deploy Microsoft Edge in your organization to get your users up and running quickly.
- -

**Deployment**
Find resources, learn about features, and get answers to commonly asked questions to help you deploy Microsoft Edge in your organization.
Microsoft Edge deployment guide
Microsoft Edge FAQ
System requirements and language support
Group Policy and MDM settings in Microsoft Edge
Download the Web Application Compatibility Lab Kit
Microsoft Edge training and demonstrations
**End user readiness**
Help your users get started on Microsoft Edge quickly and learn about features like tab management, instant access to Office files, and more.
Quick Start: Microsoft Edge (PDF, .98 MB)
Find it faster with Microsoft Edge (PDF, 605 KB)
Use Microsoft Edge to collaborate (PDF, 468 KB)
Import bookmarks
Password management
Microsoft Edge tips and tricks (video, 20:26)
- " -- title: Stay informed -- items: - - type: markdown - text: " - -

**Sign up for the Windows IT Pro Insider**
Get the latest tools, tips, and expert guidance on deployment, management, security, and more.
Learn more
**Microsoft Edge Dev blog**
Keep up with the latest browser trends, security tips, and news for IT professionals.
Read the blog
**Microsoft Edge Dev on Twitter**
Get the latest news and updates from the Microsoft Web Platform team.
Visit Twitter
- " +# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new + +landingContent: +# Cards and links should be based on top customer tasks or top subjects +# Start card title with a verb + # Card (optional) + - title: What's new + linkLists: + - linkListType: whats-new + links: + - text: The latest in Microsoft Edge + url: https://blogs.windows.com/msedgedev/2018/04/30/edgehtml-17-april-2018-update/#C7jCBdbPSG6bCXHr.97 + - text: Microsoft Edge for iOS and Android + url: https://blogs.windows.com/windowsexperience/2017/11/30/microsoft-edge-now-available-for-ios-and-android + - text: Application Guard + url: https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview + - linkListType: download + links: + - text: Evaluate the impact + url: /microsoft-edge/deploy/microsoft-edge-forrester + + # Card (optional) + - title: Test your site on Microsoft Edge + linkLists: + - linkListType: overview + links: + - text: Test your site on Microsoft Edge for free on BrowserStack + url: https://developer.microsoft.com/microsoft-edge/tools/remote/ + - text: Use sonarwhal to improve your website + url: https://sonarwhal.com/ + + # Card (optional) + - title: Improve compatibility with Enterprise Mode + linkLists: + - linkListType: how-to-guide + links: + - text: Use Enterprise mode to improve compatibility + url: /microsoft-edge/deploy/emie-to-improve-compatibility + - text: Turn on Enterprise Mode and use a site list + url: https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list + - text: Enterprise Site List Portal + url: https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal + + # Card (optional) + - title: Web Application Compatibility Lab Kit + linkLists: + - linkListType: overview + links: + - text: Overview + url: /microsoft-edge/deploy/emie-to-improve-compatibility + + # Card (optional) + - title: Security + linkLists: + - linkListType: download + links: + - text: NSS Labs web browser security reports + url: https://www.microsoft.com/download/details.aspx?id=54773 + - linkListType: overview + links: + - text: Microsoft Edge sandbox + url: https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/ + - text: Windows Defender SmartScreen + url: https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview + + # Card (optional) + - title: Deployment + linkLists: + - linkListType: overview + links: + - text: Microsoft Edge deployment guide + url: /microsoft-edge/deploy/ + - text: Microsoft Edge FAQ + url: /microsoft-edge/deploy/microsoft-edge-faq + - text: System requirements and language support + url: /microsoft-edge/deploy/hardware-and-software-requirements + - text: Group Policy and MDM settings in Microsoft Edge + url: /microsoft-edge/deploy/available-policies + - text: Microsoft Edge training and demonstrations + url: /microsoft-edge/deploy/edge-technical-demos + - linkListType: download + links: + - text: Web Application Compatibility Lab Kit + url: https://www.microsoft.com/itpro/microsoft-edge/web-app-compat-toolkit + + # Card (optional) + - title: Deployment + linkLists: + - linkListType: video + links: + - text: Microsoft Edge tips and tricks (video, 20:26) + url: https://myignite.microsoft.com/sessions/56630?source=sessions + - linkListType: download + links: + - text: Quick Start - Microsoft Edge (PDF, .98 MB) + url: https://go.microsoft.com/fwlink/?linkid=825648 + - text: Find it faster with Microsoft Edge (PDF, 605 KB) + url: https://go.microsoft.com/fwlink/?linkid=825661 + - text: Use Microsoft Edge to collaborate (PDF, 468 KB) + url: https://go.microsoft.com/fwlink/?linkid=825653 + - text: Group Policy and MDM settings in Microsoft Edge + url: /microsoft-edge/deploy/available-policies + - text: Microsoft Edge training and demonstrations + url: /microsoft-edge/deploy/edge-technical-demos + - linkListType: how-to-guide + links: + - text: Import bookmarks + url: https://microsoftedgetips.microsoft.com/2/39 + - text: Password management + url: https://microsoftedgetips.microsoft.com/2/18 + + # Card (optional) + - title: Stay informed + linkLists: + - linkListType: overview + links: + - text: Sign up for the Windows IT Pro Insider + url: https://aka.ms/windows-it-pro-insider + - text: Microsoft Edge Dev blog + url: https://blogs.windows.com/msedgedev + - text: Microsoft Edge Dev on Twitter + url: https://twitter.com/MSEdgeDev From 331ff5e6a944f68648496b05c72b880433689876 Mon Sep 17 00:00:00 2001 From: Gao Qinglin Date: Thu, 20 Aug 2020 18:17:04 +0800 Subject: [PATCH 05/33] Fix card title --- browsers/edge/microsoft-edge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/microsoft-edge.yml b/browsers/edge/microsoft-edge.yml index 364fbe43e6..d86d40d0d4 100644 --- a/browsers/edge/microsoft-edge.yml +++ b/browsers/edge/microsoft-edge.yml @@ -102,7 +102,7 @@ landingContent: url: https://www.microsoft.com/itpro/microsoft-edge/web-app-compat-toolkit # Card (optional) - - title: Deployment + - title: End user readiness linkLists: - linkListType: video links: From 302c79292b3b94c11f2757057dab58f50edb0b3a Mon Sep 17 00:00:00 2001 From: Gao Qinglin Date: Fri, 21 Aug 2020 09:25:01 +0800 Subject: [PATCH 06/33] Change title --- browsers/edge/microsoft-edge.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/browsers/edge/microsoft-edge.yml b/browsers/edge/microsoft-edge.yml index d86d40d0d4..e789b19575 100644 --- a/browsers/edge/microsoft-edge.yml +++ b/browsers/edge/microsoft-edge.yml @@ -1,10 +1,10 @@ ### YamlMime:Landing -title: Deploy and use Microsoft Edge # < 60 chars +title: Microsoft Edge Legacy # < 60 chars summary: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. # < 160 chars metadata: - title: Microsoft Edge deployment documentation # Required; page title displayed in search results. Include the brand. < 60 chars. + title: Microsoft Edge Legacy # Required; page title displayed in search results. Include the brand. < 60 chars. description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. # Required; article description that is displayed in search results. < 160 chars. keywords: Microsoft Edge, issues, fixes, announcements, Windows Server, advisories ms.prod: edge From afb44e928e89dbd9c0437d0ec9d574c7807b9ba6 Mon Sep 17 00:00:00 2001 From: TimShererWithAquent Date: Fri, 21 Aug 2020 12:15:26 -0700 Subject: [PATCH 07/33] Edit descriptions for SEO. --- .../hello-for-business/hello-hybrid-key-whfb-settings.md | 2 +- .../identity-protection/hello-for-business/hello-overview.md | 2 +- .../hello-for-business/hello-planning-guide.md | 2 +- .../identity-protection/hello-for-business/hello-videos.md | 2 +- .../hello-for-business/passwordless-strategy.md | 2 +- ...figure-diffie-hellman-protocol-over-ikev2-vpn-connections.md | 2 +- windows/security/identity-protection/vpn/vpn-authentication.md | 2 +- .../identity-protection/vpn/vpn-auto-trigger-profile.md | 2 +- windows/security/identity-protection/vpn/vpn-guide.md | 2 +- windows/security/identity-protection/vpn/vpn-name-resolution.md | 2 +- windows/security/identity-protection/vpn/vpn-routing.md | 2 +- .../security/identity-protection/vpn/vpn-security-features.md | 2 +- .../bitlocker/bitlocker-management-for-enterprises.md | 2 +- ...security-monitoring-recommendations-for-many-audit-events.md | 2 +- .../auditing/audit-other-privilege-use-events.md | 2 +- .../threat-protection/auditing/basic-security-audit-policies.md | 2 +- windows/security/threat-protection/auditing/event-4608.md | 2 +- windows/security/threat-protection/auditing/event-4615.md | 2 +- windows/security/threat-protection/auditing/event-4616.md | 2 +- windows/security/threat-protection/auditing/event-4625.md | 2 +- 20 files changed, 20 insertions(+), 20 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index d8eb2ac3ed..9103431811 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -1,6 +1,6 @@ --- title: Configure Hybrid Windows Hello for Business key trust Settings -description: Configuring Windows Hello for Business settings in hybrid key trust deployment. +description: Begin the process of configuring your hybrid key trust environment for Windows Hello for Business. Start with your Active Directory configuration. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 6a70672f7a..5d10205e13 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -1,7 +1,7 @@ --- title: Windows Hello for Business Overview (Windows 10) ms.reviewer: An overview of Windows Hello for Business -description: An overview of Windows Hello for Business +description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices in Windows 10. keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index c3acaa98e3..3fff407e34 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -1,6 +1,6 @@ --- title: Planning a Windows Hello for Business Deployment -description: A guide to planning a Windows Hello for Business deployment +description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure. keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md index 00eddf6eee..c53586ff18 100644 --- a/windows/security/identity-protection/hello-for-business/hello-videos.md +++ b/windows/security/identity-protection/hello-for-business/hello-videos.md @@ -1,6 +1,6 @@ --- title: Windows Hello for Business Videos -description: Windows Hello for Business Videos +description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10. keywords: identity, PIN, biometric, Hello, passport, video, watch, passwordless ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 57238c3214..dd1b6b18e0 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -1,6 +1,6 @@ --- title: Passwordless Strategy -description: Reducing Password Usage Surface +description: Learn about the password-less strategy and how Windows Hello for Business implements this strategy in Windows 10. keywords: identity, PIN, biometric, Hello, passport, video, watch, passwordless ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md index 22355b9383..6b9868b0f0 100644 --- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md +++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -1,6 +1,6 @@ --- title: How to configure Diffie Hellman protocol over IKEv2 VPN connections (Windows 10) -description: Explains how to secure VPN connections for Diffie Hellman Group 2 +description: Learn how to update the Diffie Hellman configuration of VPN servers and clients by running VPN cmdlets to secure connections. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md index 9f6f6fa2a5..3fe2c08d57 100644 --- a/windows/security/identity-protection/vpn/vpn-authentication.md +++ b/windows/security/identity-protection/vpn/vpn-authentication.md @@ -1,6 +1,6 @@ --- title: VPN authentication options (Windows 10) -description: tbd +description: Learn about the EAP authentication methods that Windows supports in VPNs to provide secure authentication using username/password and certificate-based methods. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md index 09ca26d20e..81d9364aea 100644 --- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md @@ -1,6 +1,6 @@ --- title: VPN auto-triggered profile options (Windows 10) -description: tbd +description: Learn about the types of auto-trigger rules for VPNs in Windows 10, which start a VPN when it is needed to access a resource. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md index c72139b6db..cb543ad1cd 100644 --- a/windows/security/identity-protection/vpn/vpn-guide.md +++ b/windows/security/identity-protection/vpn/vpn-guide.md @@ -1,6 +1,6 @@ --- title: Windows 10 VPN technical guide (Windows 10) -description: Use this guide to configure VPN deployment for Windows 10. +description: Learn about decisions to make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/vpn/vpn-name-resolution.md b/windows/security/identity-protection/vpn/vpn-name-resolution.md index 5c277ef964..6ff26370e3 100644 --- a/windows/security/identity-protection/vpn/vpn-name-resolution.md +++ b/windows/security/identity-protection/vpn/vpn-name-resolution.md @@ -1,6 +1,6 @@ --- title: VPN name resolution (Windows 10) -description: tbd +description: Learn how the name resolution setting in the VPN profile configures how name resolution works when a VPN client connects to a VPN server. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md index c8ce525e53..416bc57d04 100644 --- a/windows/security/identity-protection/vpn/vpn-routing.md +++ b/windows/security/identity-protection/vpn/vpn-routing.md @@ -1,6 +1,6 @@ --- title: VPN routing decisions (Windows 10) -description: tbd +description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md index 0ac0b47d38..d8f4768540 100644 --- a/windows/security/identity-protection/vpn/vpn-security-features.md +++ b/windows/security/identity-protection/vpn/vpn-security-features.md @@ -1,6 +1,6 @@ --- title: VPN security features (Windows 10) -description: tbd +description: Learn about security features for VPN, including LockDown VPN, Windows Information Protection integration with VPN, and traffic filters. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index 2314ea2eaf..9e07197ff8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -1,6 +1,6 @@ --- title: BitLocker Management Recommendations for Enterprises (Windows 10) -description: This topic explains recommendations for managing BitLocker. +description: Refer to relevant documentation, products, and services to learn about managing BitLocker for enterprises and see recommendations for different computers. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md index b062a6e72b..505da9bbb0 100644 --- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md +++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md @@ -1,6 +1,6 @@ --- title: Appendix A, Security monitoring recommendations for many audit events (Windows 10) -description: Appendix A, Security monitoring recommendations for many audit events +description: Learn about recommendations for the type of monitoring required for certain classes of security audit events. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md index f6d870f605..9adb4cfd74 100644 --- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md +++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md @@ -1,6 +1,6 @@ --- title: Audit Other Privilege Use Events (Windows 10) -description: This security policy setting is not used. +description: Learn about the audit other privilege use events, an auditing subcategory that should not have any events in it but enables generation of event 4985(S). ms.assetid: 5f7f5b25-42a6-499f-8aa2-01ac79a2a63c ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md index 1e73acf50d..3856637432 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md @@ -1,6 +1,6 @@ --- title: Basic security audit policies (Windows 10) -description: Before you implement auditing, you must decide on an auditing policy. +description: Learn about basic security audit policies that specify the categories of security-related events that you want to audit for the needs of your organization. ms.assetid: 3B678568-7AD7-4734-9BB4-53CF5E04E1D3 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md index 22a7d07d71..337ef1defe 100644 --- a/windows/security/threat-protection/auditing/event-4608.md +++ b/windows/security/threat-protection/auditing/event-4608.md @@ -1,6 +1,6 @@ --- title: 4608(S) Windows is starting up. (Windows 10) -description: Describes security event 4608(S) Windows is starting up. +description: Describes security event 4608(S) Windows is starting up. This event is logged when LSASS.EXE process starts and the auditing subsystem is initialized. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md index 9231f28b82..0490e0ae3e 100644 --- a/windows/security/threat-protection/auditing/event-4615.md +++ b/windows/security/threat-protection/auditing/event-4615.md @@ -1,6 +1,6 @@ --- title: 4615(S) Invalid use of LPC port. (Windows 10) -description: Describes security event 4615(S) Invalid use of LPC port. +description: Describes security event 4615(S) Invalid use of LPC port. It appears that the Invalid use of LPC port event never occurs. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md index 8681a67e8f..3f8ed0ecac 100644 --- a/windows/security/threat-protection/auditing/event-4616.md +++ b/windows/security/threat-protection/auditing/event-4616.md @@ -1,6 +1,6 @@ --- title: 4616(S) The system time was changed. (Windows 10) -description: Describes security event 4616(S) The system time was changed. +description: Describes security event 4616(S) The system time was changed. This event is generated every time system time is changed. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index 08fcff8219..c345d192b5 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -1,6 +1,6 @@ --- title: 4625(F) An account failed to log on. (Windows 10) -description: Describes security event 4625(F) An account failed to log on. +description: Describes security event 4625(F) An account failed to log on. This event is generated if an account logon attempt failed for a locked out account. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy From e60e680691f4456357596319dbf5b8c66f9a0933 Mon Sep 17 00:00:00 2001 From: Gao Qinglin Date: Mon, 24 Aug 2020 16:45:29 +0800 Subject: [PATCH 08/33] Add EOS notification --- browsers/edge/microsoft-edge.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/browsers/edge/microsoft-edge.yml b/browsers/edge/microsoft-edge.yml index e789b19575..797d881911 100644 --- a/browsers/edge/microsoft-edge.yml +++ b/browsers/edge/microsoft-edge.yml @@ -26,6 +26,10 @@ landingContent: linkLists: - linkListType: whats-new links: + - text: Documentation for Microsoft Edge version 77 or later + url: https://docs.microsoft.com/DeployEdge/ + - text: Microsoft Edge Legacy desktop app will reach end of support on March 9, 2021 + url: https://techcommunity.microsoft.com/t5/microsoft-365-blog/microsoft-365-apps-say-farewell-to-internet-explorer-11-and/ba-p/1591666 - text: The latest in Microsoft Edge url: https://blogs.windows.com/msedgedev/2018/04/30/edgehtml-17-april-2018-update/#C7jCBdbPSG6bCXHr.97 - text: Microsoft Edge for iOS and Android From eef195501e88c647152c4a2ee4b3828517fa2649 Mon Sep 17 00:00:00 2001 From: TimShererWithAquent Date: Mon, 24 Aug 2020 07:44:06 -0700 Subject: [PATCH 09/33] Additional fixes. --- windows/security/threat-protection/auditing/event-4608.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md index 337ef1defe..4fc5d6a6f8 100644 --- a/windows/security/threat-protection/auditing/event-4608.md +++ b/windows/security/threat-protection/auditing/event-4608.md @@ -1,6 +1,6 @@ --- title: 4608(S) Windows is starting up. (Windows 10) -description: Describes security event 4608(S) Windows is starting up. This event is logged when LSASS.EXE process starts and the auditing subsystem is initialized. +description: Describes security event 4608(S) Windows is starting up. This event is logged when the LSASS.EXE process starts and the auditing subsystem is initialized. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy From b8c8a29275b29f48ee8f58da457d950c596da6e5 Mon Sep 17 00:00:00 2001 From: aktsuda Date: Tue, 25 Aug 2020 19:02:50 +0900 Subject: [PATCH 10/33] Update kernel-dma-protection-for-thunderbolt.md The item of "Virtualization technology in Firmware" doesn't exist in msinfo32.exe. So, it should be replaced with **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is NOT shown (this means Virtualization technology in Firmware is disabled). --- .../kernel-dma-protection-for-thunderbolt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md index 6ea046a8f3..85a687c064 100644 --- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md @@ -84,7 +84,7 @@ Beginning with Windows 10 version 1809, you can use Security Center to check if 1. Launch MSINFO32.exe in a command prompt, or in the Windows search bar. 2. Check the value of **Kernel DMA Protection**. ![Kernel DMA protection in System Information](bitlocker/images/kernel-dma-protection.png) -3. If the current state of **Kernel DMA Protection** is OFF and **Virtualization Technology in Firmware** is NO: +3. If the current state of **Kernel DMA Protection** is OFF and **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is NOT shown (this means Virtualization technology in Firmware is disabled): - Reboot into BIOS settings - Turn on Intel Virtualization Technology. - Turn on Intel Virtualization Technology for I/O (VT-d). In Windows 10 version 1803, only Intel VT-d is supported. Other platforms can use DMA attack mitigations described in [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md). From a79dcf597a188e26eeb3b7353c7c9196491d1314 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 26 Aug 2020 08:51:50 +0530 Subject: [PATCH 11/33] replaced old link to new link as per the user repot #8138, so i replaced old link to new link old link **https://www.microsoft.com/en-us/download/details.aspx?id=41653** new link **https://www.microsoft.com/download/details.aspx?id=56519** --- .../microsoft-defender-atp/configure-proxy-internet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 18707f606c..a25c911a4f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -150,7 +150,7 @@ Microsoft Defender ATP is built on Azure cloud, deployed in the following region - \+\ - \+\ -You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https://www.microsoft.com/en-us/download/details.aspx?id=41653). +You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https://www.microsoft.com/download/details.aspx?id=56519). > [!NOTE] > As a cloud-based solution, the IP range can change. It's recommended you move to DNS resolving setting. From 012cd7717bcce28b59a2bce6a8428135bfa4a198 Mon Sep 17 00:00:00 2001 From: aktsuda Date: Wed, 26 Aug 2020 16:38:45 +0900 Subject: [PATCH 12/33] Update kernel-dma-protection-for-thunderbolt.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changed “Virtualization technology in Firmware” to “Hyper-V - Virtualization Enabled in Firmware” and added Note. --- .../kernel-dma-protection-for-thunderbolt.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md index 85a687c064..2d8554f52b 100644 --- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md @@ -84,11 +84,15 @@ Beginning with Windows 10 version 1809, you can use Security Center to check if 1. Launch MSINFO32.exe in a command prompt, or in the Windows search bar. 2. Check the value of **Kernel DMA Protection**. ![Kernel DMA protection in System Information](bitlocker/images/kernel-dma-protection.png) -3. If the current state of **Kernel DMA Protection** is OFF and **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is NOT shown (this means Virtualization technology in Firmware is disabled): +3. If the current state of **Kernel DMA Protection** is OFF and **Hyper-V - Virtualization Enabled in Firmware** is NO: - Reboot into BIOS settings - Turn on Intel Virtualization Technology. - Turn on Intel Virtualization Technology for I/O (VT-d). In Windows 10 version 1803, only Intel VT-d is supported. Other platforms can use DMA attack mitigations described in [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md). - Reboot system into Windows 10. + +>[!NOTE] +> **Hyper-V - Virtualization Enabled in Firmware** is NOT shown when **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is shown because this means that **Hyper-V - Virtualization Enabled in Firmware** is YES. + 4. If the state of **Kernel DMA Protection** remains Off, then the system does not support this feature. For systems that do not support Kernel DMA Protection, please refer to the [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md) or [Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating system](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf) for other means of DMA protection. From b99989dd56da41779a9ee5bd05e93ce6bf4aedc5 Mon Sep 17 00:00:00 2001 From: Mati Goldberg Date: Wed, 26 Aug 2020 19:02:43 +0300 Subject: [PATCH 13/33] update to new cli --- .../microsoft-defender-atp/mac-resources.md | 69 +++++++++---------- 1 file changed, 33 insertions(+), 36 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 7367f5ccb6..c82f6bfdb6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -30,36 +30,31 @@ If you can reproduce a problem, increase the logging level, run the system for s 1. Increase logging level: ```bash - mdatp --log-level verbose + mdatp log level set --level verbose ``` ```Output - Creating connection to daemon - Connection established - Operation succeeded + Log level configured successfully ``` 2. Reproduce the problem -3. Run `sudo mdatp --diagnostic --create` to back up Microsoft Defender ATP's logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds. +3. Run `sudo mdatp diagnostic create` to back up Microsoft Defender ATP's logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds. ```bash - sudo mdatp --diagnostic --create + sudo mdatp diagnostic create ``` ```Output - Creating connection to daemon - Connection established + Diagnostic file created: "/Library/Application Support/Microsoft/Defender/wdavdiag/932e68a8-8f2e-4ad0-a7f2-65eb97c0de01.zip" ``` 4. Restore logging level: ```bash - mdatp --log-level info + mdatp log level set --level info ``` ```Output - Creating connection to daemon - Connection established - Operation succeeded + Log level configured successfully ``` ## Logging installation issues @@ -85,30 +80,32 @@ There are several ways to uninstall Microsoft Defender ATP for Mac. Note that wh Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line: -|Group |Scenario |Command | -|-------------|-------------------------------------------|-----------------------------------------------------------------------| -|Configuration|Turn on/off real-time protection |`mdatp --config realTimeProtectionEnabled [true/false]` | -|Configuration|Turn on/off cloud protection |`mdatp --config cloudEnabled [true/false]` | -|Configuration|Turn on/off product diagnostics |`mdatp --config cloudDiagnosticEnabled [true/false]` | -|Configuration|Turn on/off automatic sample submission |`mdatp --config cloudAutomaticSampleSubmission [true/false]` | -|Configuration|Add a threat name to the allowed list |`mdatp threat allowed add --name [threat-name]` | -|Configuration|Remove a threat name from the allowed list |`mdatp threat allowed remove --name [threat-name]` | -|Configuration|List all allowed threat names |`mdatp threat allowed list` | -|Configuration|Turn on PUA protection |`mdatp --threat --type-handling potentially_unwanted_application block`| -|Configuration|Turn off PUA protection |`mdatp --threat --type-handling potentially_unwanted_application off` | -|Configuration|Turn on audit mode for PUA protection |`mdatp --threat --type-handling potentially_unwanted_application audit`| -|Configuration|Turn on/off passiveMode |`mdatp --config passiveMode [on/off]` | -|Diagnostics |Change the log level |`mdatp --log-level [error/warning/info/verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic --create` | -|Health |Check the product's health |`mdatp --health` | -|Protection |Scan a path |`mdatp --scan --path [path]` | -|Protection |Do a quick scan |`mdatp --scan --quick` | -|Protection |Do a full scan |`mdatp --scan --full` | -|Protection |Cancel an ongoing on-demand scan |`mdatp --scan --cancel` | -|Protection |Request a security intelligence update |`mdatp --definition-update` | -|EDR |Turn on/off EDR preview for Mac |`mdatp --edr --early-preview [true/false]` OR `mdatp --edr --earlyPreview [true/false]` for versions earlier than 100.78.0 | -|EDR |Add group tag to device. EDR tags are used for managing device groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups |`mdatp --edr --set-tag GROUP [name]` | -|EDR |Remove group tag from device |`mdatp --edr --remove-tag [name]` | +|Group |Scenario |Command | +|-------------|-------------------------------------------|----------------------------------------------------------------------------------| +|Configuration|Turn on/off real-time protection |`mdatp config real-time-protection [enabled/disabled]` | +|Configuration|Turn on/off cloud protection |`mdatp config cloud --value [enabled/disabled]` | +|Configuration|Turn on/off product diagnostics |`mdatp config cloud-diagnostic --value [enabled/disabled]` | +|Configuration|Turn on/off automatic sample submission |`mdatp config cloud-automatic-sample-submission --value [enabled/disabled]` | +|Configuration|Add a threat name to the allowed list |`mdatp threat allowed add --name [threat-name]` | +|Configuration|Remove a threat name from the allowed list |`mdatp threat allowed remove --name [threat-name]` | +|Configuration|List all allowed threat names |`mdatp threat allowed list` | +|Configuration|Turn on PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action block` | +|Configuration|Turn off PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action off` | +|Configuration|Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action audit` | +|Configuration|Turn on/off passiveMode |`mdatp config passive-mode --value enabled [enabled/disabled]` | +|Diagnostics |Change the log level |`mdatp log level set --level [error/warning/info/verbose]` | +|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create` | +|Health |Check the product's health |`mdatp health` | +|Health |Check for a spefic product attribute |`mdatp health --field [attribute: healthy/licensed/engine_version...]` | +|Protection |Scan a path |`mdatp scan custom --path [path]` | +|Protection |Do a quick scan |`mdatp scan quick` | +|Protection |Do a full scan |`mdatp scan full` | +|Protection |Cancel an ongoing on-demand scan |`mdatp scan cancel` | +|Protection |Request a security intelligence update |`mdatp definitions update` | +|EDR |Turn on/off EDR preview for Mac |`mdatp edr early-preview [enabled/disabled]` | +|EDR |Add group tag to device. EDR tags are used for managing device groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups |`mdatp edr tag set --name GROUP --value [name]` | +|EDR |Remove group tag from device |`mdatp edr tag remove --tag-name [name]` | +|EDR |Add Group Id |`mdatp edr group-ids --group-id [group]` | ### How to enable autocompletion From d5f96181c1582f65df0e3ba7d9d09b0d6c723f50 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 26 Aug 2020 10:29:46 -0700 Subject: [PATCH 14/33] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 8f16436956..b6f5890d5e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -13,6 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: dansimp +ms.date: 08/26/2020 --- # Microsoft Defender Antivirus compatibility @@ -26,7 +27,7 @@ manager: dansimp Microsoft Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) together with your antivirus protection. - If your organization's endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, then Microsoft Defender Antivirus automatically goes into disabled mode. - If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Microsoft Defender Antivirus automatically goes into passive mode. (Real-time protection and threats are not remediated by Microsoft Defender Antivirus.) -- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode) (currently in private preview) enabled, then Microsoft Defender Antivirus runs in the background and blocks/remediates malicious items that are detected, such as during a post-breach attack. +- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode) (currently in preview) enabled, then whenever a malicious artifact is detected, blocking and remediation actions are taken. ## Antivirus and Microsoft Defender ATP From 4b54b20e7b174ac120f15dbdf06659c977938be4 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 26 Aug 2020 10:30:46 -0700 Subject: [PATCH 15/33] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index b6f5890d5e..200a5cd47a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -27,7 +27,7 @@ ms.date: 08/26/2020 Microsoft Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) together with your antivirus protection. - If your organization's endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, then Microsoft Defender Antivirus automatically goes into disabled mode. - If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Microsoft Defender Antivirus automatically goes into passive mode. (Real-time protection and threats are not remediated by Microsoft Defender Antivirus.) -- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode) (currently in preview) enabled, then whenever a malicious artifact is detected, blocking and remediation actions are taken. +- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode) (currently in preview) enabled, then whenever a malicious artifact is detected, Microsoft Defender ATP takes action to block and remediate the artifact. ## Antivirus and Microsoft Defender ATP From 51e5d8f7e90ceddc02c4a6a0524428f29809e0f0 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 26 Aug 2020 14:35:29 -0700 Subject: [PATCH 16/33] Added context info --- windows/client-management/mdm/dmclient-csp.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 9469f12408..3cf423ab1c 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -21,6 +21,10 @@ The following diagram shows the DMClient CSP in tree format. ![dmclient csp](images/provisioning-csp-dmclient-th2.png) + +**./Vendor/MSFT** +All the nodes in this CSP are supported in device context, except for the ExchangeID node, which is supported in user context. For device context, use the **./Device/Vendor/MSFT** path and for user context, use the **./User/Vendor/MSFT** path. + **DMClient** Root node for the CSP. From 65914367ff0428ae6d0d442bfd8b74cda463ad08 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 26 Aug 2020 14:51:16 -0700 Subject: [PATCH 17/33] Corrected heading and added necessary markup --- .../vpn/vpn-auto-trigger-profile.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md index 81d9364aea..6c9d93fb62 100644 --- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md @@ -61,13 +61,14 @@ When the trigger occurs, VPN tries to connect. If an error occurs or any user in When a device has multiple profiles with Always On triggers, the user can specify the active profile in **Settings** > **Network & Internet** > **VPN** > *VPN profile* by selecting the **Let apps automatically use this VPN connection** checkbox. By default, the first MDM-configured profile is marked as **Active**. Devices with multiple users have the same restriction: only one profile and therefore only one user will be able to use the Always On triggers. -Preserving user Always On preference +## Preserving user Always On preference -Windows has a feature to preserve a user’s AlwaysOn preference. In the event that a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList. -Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference. -Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config -Value: AutoTriggerDisabledProfilesList -Type: REG_MULTI_SZ +Windows has a feature to preserve a user’s AlwaysOn preference. In the event that a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value **AutoTriggerDisabledProfilesList**. +Should a management tool remove or add the same profile name back and set **AlwaysOn** to **true**, Windows will not check the box if the profile name exists in the following registry value in order to preserve user preference. + +**Key:** HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config
+**Value:** AutoTriggerDisabledProfilesList
+**Type:** REG_MULTI_SZ ## Trusted network detection From 55985e3bd084d6f31cc29b267bb47179403ddd65 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 26 Aug 2020 14:52:54 -0700 Subject: [PATCH 18/33] minor update --- windows/client-management/mdm/dmclient-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 3cf423ab1c..1a4bfc0284 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -23,7 +23,7 @@ The following diagram shows the DMClient CSP in tree format. **./Vendor/MSFT** -All the nodes in this CSP are supported in device context, except for the ExchangeID node, which is supported in user context. For device context, use the **./Device/Vendor/MSFT** path and for user context, use the **./User/Vendor/MSFT** path. +All the nodes in this CSP are supported in the device context, except for the **ExchangeID** node, which is supported in the user context. For the device context, use the **./Device/Vendor/MSFT** path and for the user context, use the **./User/Vendor/MSFT** path. **DMClient** Root node for the CSP. From 677bf739bfc4d0d7aa0e606af2f116a4f6af1bd9 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 26 Aug 2020 14:58:15 -0700 Subject: [PATCH 19/33] Added a blank line between paragraphs --- .../security/identity-protection/vpn/vpn-auto-trigger-profile.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md index 6c9d93fb62..29c8f5e474 100644 --- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md @@ -64,6 +64,7 @@ When a device has multiple profiles with Always On triggers, the user can specif ## Preserving user Always On preference Windows has a feature to preserve a user’s AlwaysOn preference. In the event that a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value **AutoTriggerDisabledProfilesList**. + Should a management tool remove or add the same profile name back and set **AlwaysOn** to **true**, Windows will not check the box if the profile name exists in the following registry value in order to preserve user preference. **Key:** HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config
From 0ddcce4d4c8df63abe43a925a8ea25547e286ebc Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 26 Aug 2020 15:00:34 -0700 Subject: [PATCH 20/33] Applied [!NOTE] style and code block type --- windows/security/threat-protection/auditing/event-4608.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md index 4fc5d6a6f8..1403c1517c 100644 --- a/windows/security/threat-protection/auditing/event-4608.md +++ b/windows/security/threat-protection/auditing/event-4608.md @@ -30,12 +30,13 @@ This event is logged when LSASS.EXE process starts and the auditing subsystem is It typically generates during operating system startup process. -> **Note**  For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. +> [!NOTE] +> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
***Event XML:*** -``` +```xml - - From 0a230c8f7c2a54a89d00f7bc74e5f9cd920c698b Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 26 Aug 2020 15:03:38 -0700 Subject: [PATCH 21/33] Applied note styles and code block type --- .../security/threat-protection/auditing/event-4616.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md index 3f8ed0ecac..55900a59c2 100644 --- a/windows/security/threat-protection/auditing/event-4616.md +++ b/windows/security/threat-protection/auditing/event-4616.md @@ -32,12 +32,13 @@ This event is always logged regardless of the "Audit Security State Change" sub- You will typically see these events with “**Subject\\Security ID**” = “**LOCAL SERVICE**”, these are normal time correction actions. -> **Note**  For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. +> [!NOTE] +> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
***Event XML:*** -``` +```xml - - @@ -87,7 +88,8 @@ You will typically see these events with “**Subject\\Security ID**” = “**L - **Security ID** \[Type = SID\]**:** SID of account that requested the “change system time” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). +> [!NOTE] +> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). - **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change system time” operation. @@ -161,7 +163,8 @@ You will typically see these events with “**Subject\\Security ID**” = “**L For 4616(S): The system time was changed. -> **Important**  For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). +> [!IMPORTANT] +> For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). - Report all “**Subject\\Security ID**” not equals **“LOCAL SERVICE”**, which means that the time change was not made not by Windows Time service. From 9e30dd929594d317fd7d91f3e0fdd2d4a919a252 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 26 Aug 2020 15:16:52 -0700 Subject: [PATCH 22/33] Applied note styles, indented table in list item, appllied type to code block --- .../threat-protection/auditing/event-4625.md | 69 ++++++++++--------- 1 file changed, 37 insertions(+), 32 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index c345d192b5..c74bb341be 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -32,12 +32,13 @@ It generates on the computer where logon attempt was made, for example, if logon This event generates on domain controllers, member servers, and workstations. -> **Note**  For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. +> [!NOTE] +> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
***Event XML:*** -``` +```xml - - @@ -93,7 +94,8 @@ This event generates on domain controllers, member servers, and workstations. - **Security ID** \[Type = SID\]**:** SID of account that reported information about logon failure. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). +> [!NOTE] +> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). - **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported information about logon failure. @@ -129,7 +131,8 @@ This event generates on domain controllers, member servers, and workstations. - **Security ID** \[Type = SID\]**:** SID of the account that was specified in the logon attempt. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). +> [!NOTE] +> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). - **Account Name** \[Type = UnicodeString\]**:** the name of the account that was specified in the logon attempt. @@ -151,35 +154,36 @@ This event generates on domain controllers, member servers, and workstations. - **Failure Reason** \[Type = UnicodeString\]**:** textual explanation of **Status** field value. For this event it typically has “**Account locked out**” value. -- **Status** \[Type = HexInt32\]**:** the reason why logon failed. For this event it typically has “**0xC0000234**” value. The most common status codes are listed in “Table 12. Windows logon status codes.” +- **Status** \[Type = HexInt32\]**:** the reason why logon failed. For this event it typically has “**0xC0000234**” value. The most common status codes are listed in Table 12. Windows logon status codes. -| Status\\Sub-Status Code | Description | -|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| 0XC000005E | There are currently no logon servers available to service the logon request. | -| 0xC0000064 | User logon with misspelled or bad user account | -| 0xC000006A | User logon with misspelled or bad password | -| 0XC000006D | This is either due to a bad username or authentication information | -| 0XC000006E | Unknown user name or bad password. | -| 0xC000006F | User logon outside authorized hours | -| 0xC0000070 | User logon from unauthorized workstation | -| 0xC0000071 | User logon with expired password | -| 0xC0000072 | User logon to account disabled by administrator | -| 0XC00000DC | Indicates the Sam Server was in the wrong state to perform the desired operation. | -| 0XC0000133 | Clocks between DC and other computer too far out of sync | -| 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine | -| 0XC000018C | The logon request failed because the trust relationship between the primary domain and the trusted domain failed. | -| 0XC0000192 | An attempt was made to logon, but the N**etlogon** service was not started. | -| 0xC0000193 | User logon with expired account | -| 0XC0000224 | User is required to change password at next logon | -| 0XC0000225 | Evidently a bug in Windows and not a risk | -| 0xC0000234 | User logon with account locked | -| 0XC00002EE | Failure Reason: An Error occurred during Logon | -| 0XC0000413 | Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. | -| 0x0 | Status OK. | + **Table 12: Windows logon status codes.** -> Table: Windows logon status codes. -> -> **Note**  To see the meaning of other status\\sub-status codes you may also check for status code in the Window header file ntstatus.h in Windows SDK. + | Status\\Sub-Status Code | Description | + |-------------------------|------------------------------------------------------------------------------------------------------| + | 0XC000005E | There are currently no logon servers available to service the logon request. | + | 0xC0000064 | User logon with misspelled or bad user account | + | 0xC000006A | User logon with misspelled or bad password | + | 0XC000006D | This is either due to a bad username or authentication information | + | 0XC000006E | Unknown user name or bad password. | + | 0xC000006F | User logon outside authorized hours | + | 0xC0000070 | User logon from unauthorized workstation | + | 0xC0000071 | User logon with expired password | + | 0xC0000072 | User logon to account disabled by administrator | + | 0XC00000DC | Indicates the Sam Server was in the wrong state to perform the desired operation. | + | 0XC0000133 | Clocks between DC and other computer too far out of sync | + | 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine | + | 0XC000018C | The logon request failed because the trust relationship between the primary domain and the trusted domain failed. | + | 0XC0000192 | An attempt was made to logon, but the N**etlogon** service was not started. | + | 0xC0000193 | User logon with expired account | + | 0XC0000224 | User is required to change password at next logon | + | 0XC0000225 | Evidently a bug in Windows and not a risk | + | 0xC0000234 | User logon with account locked | + | 0XC00002EE | Failure Reason: An Error occurred during Logon | + | 0XC0000413 | Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. | + | 0x0 | Status OK. | + +> [!NOTE] +> To see the meaning of other status\\sub-status codes you may also check for status code in the Window header file ntstatus.h in Windows SDK. More information: @@ -241,7 +245,8 @@ More information: For 4625(F): An account failed to log on. -> **Important**  For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). +> [!IMPORTANT] +> For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). - If you have a pre-defined “**Process Name**” for the process reported in this event, monitor all events with “**Process Name**” not equal to your defined value. From 53386c304f02e7d99c024f8bea616b7e7f5797bd Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 26 Aug 2020 15:16:57 -0700 Subject: [PATCH 23/33] Added Acrolinx suggestions --- windows/client-management/mdm/dmclient-csp.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 1a4bfc0284..6ed30e55f1 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -29,7 +29,7 @@ All the nodes in this CSP are supported in the device context, except for the ** Root node for the CSP. **UpdateManagementServiceAddress** -For provisioning packages only. Specifies the list of servers (semicolon delimited). The first server in the semicolon delimited list is the server that will be used to instantiate MDM sessions. The list can be a permutation or a subset of the existing server list. You cannot add new servers to the list using this node. +For provisioning packages only. Specifies the list of servers (semicolon delimited). The first server in the semicolon-delimited list is the server that will be used to instantiate MDM sessions. The list can be a permutation or a subset of the existing server list. You cannot add new servers to the list using this node. **HWDevID** Added in Windows 10, version 1703. Returns the hardware device ID. @@ -225,7 +225,7 @@ Added in Windows 10, version 1607. Returns the hardware device ID. Supported operation is Get. **Provider/*ProviderID*/CommercialID** -Added in Windows 10, version 1607. Configures the identifier used to uniquely associate this diagnostic data of this device as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its diagnostic data with your organization.. +Added in Windows 10, version 1607. Configures the identifier used to uniquely associate this diagnostic data of this device as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its diagnostic data with your organization. Supported operations are Add, Get, Replace, and Delete. @@ -269,7 +269,7 @@ Supported operations are Add, Delete, Get, and Replace. Value type is integer. **Provider/*ProviderID*/AADSendDeviceToken** -Device. Added in Windows 10 version 1803. For Azure AD backed enrollments, this will cause the client to send a Device Token if the User Token can not be obtained. +Device. Added in Windows 10 version 1803. For Azure AD backed enrollments, this will cause the client to send a Device Token if the User Token cannot be obtained. Supported operations are Add, Delete, Get, and Replace. Value type is bool. From 7eee073fe84ca2e9ef70d35bacbb392eee5aff39 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 26 Aug 2020 15:21:22 -0700 Subject: [PATCH 24/33] Added line breaks to make text follow the first image Before this, text ran down the right side of the image, narrowly. --- windows/security/threat-protection/auditing/event-4608.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md index 1403c1517c..1905a2e516 100644 --- a/windows/security/threat-protection/auditing/event-4608.md +++ b/windows/security/threat-protection/auditing/event-4608.md @@ -20,7 +20,7 @@ ms.author: dansimp - Windows Server 2016 -Event 4608 illustration +Event 4608 illustration

***Subcategory:*** [Audit Security State Change](audit-security-state-change.md) From bb8c5d8d46bad8b97c9654ee7b56568fb98e4e0f Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 26 Aug 2020 15:24:08 -0700 Subject: [PATCH 25/33] Added line breaks after image to cause text to follow Before this, text ran down the right side of the image, narrowly. --- windows/security/threat-protection/auditing/event-4616.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md index 55900a59c2..45dd88d4c2 100644 --- a/windows/security/threat-protection/auditing/event-4616.md +++ b/windows/security/threat-protection/auditing/event-4616.md @@ -20,7 +20,7 @@ ms.author: dansimp - Windows Server 2016 -Event 4616 illustration +Event 4616 illustration

***Subcategory:*** [Audit Security State Change](audit-security-state-change.md) From 49158fb3c5f81c431cf85c3c1757d1fb1e8341e0 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 26 Aug 2020 15:25:11 -0700 Subject: [PATCH 26/33] Added line breaks after the image This prevents text from running down the right side in a narrow column and note boxes from overlaying the image. --- windows/security/threat-protection/auditing/event-4625.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index c74bb341be..0883373134 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -20,7 +20,7 @@ ms.author: dansimp - Windows Server 2016 -Event 4625 illustration +Event 4625 illustration

***Subcategories:*** [Audit Account Lockout](audit-account-lockout.md) and [Audit Logon](audit-logon.md) From b335d4a6d77c9cba7e20027575e226695abe383e Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 26 Aug 2020 15:39:08 -0700 Subject: [PATCH 27/33] Changing text wrap on image --- windows/security/threat-protection/auditing/event-4625.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index 0883373134..6a4b2c5844 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -20,7 +20,7 @@ ms.author: dansimp - Windows Server 2016 -Event 4625 illustration

+Event 4625 illustration ***Subcategories:*** [Audit Account Lockout](audit-account-lockout.md) and [Audit Logon](audit-logon.md) From e28be36ffef227a5f4daf8d8996343348ab28d1b Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 26 Aug 2020 15:43:44 -0700 Subject: [PATCH 28/33] Changed text wrap on image --- windows/security/threat-protection/auditing/event-4608.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md index 1905a2e516..5f0730407d 100644 --- a/windows/security/threat-protection/auditing/event-4608.md +++ b/windows/security/threat-protection/auditing/event-4608.md @@ -20,7 +20,7 @@ ms.author: dansimp - Windows Server 2016 -Event 4608 illustration

+Event 4608 illustration ***Subcategory:*** [Audit Security State Change](audit-security-state-change.md) From 0099a85d81c5b24124062d83a23c08c7f046da37 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 26 Aug 2020 15:44:26 -0700 Subject: [PATCH 29/33] Changed text wrap on image --- windows/security/threat-protection/auditing/event-4616.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md index 45dd88d4c2..eaa93363e3 100644 --- a/windows/security/threat-protection/auditing/event-4616.md +++ b/windows/security/threat-protection/auditing/event-4616.md @@ -20,7 +20,7 @@ ms.author: dansimp - Windows Server 2016 -Event 4616 illustration

+Event 4616 illustration ***Subcategory:*** [Audit Security State Change](audit-security-state-change.md) From 6d3a4aecb58905dc0caee14ad5e1b2b293a77f2d Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 26 Aug 2020 15:55:48 -0700 Subject: [PATCH 30/33] Indented tables and a note, restored lost bullet --- .../threat-protection/auditing/event-4625.md | 60 ++++++++++--------- 1 file changed, 31 insertions(+), 29 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index 6a4b2c5844..d3eb7d0dc6 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -111,28 +111,30 @@ This event generates on domain controllers, member servers, and workstations. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. -**Logon Type** \[Type = UInt32\]**:** the type of logon which was performed. “Table 11. Windows Logon Types” contains the list of possible values for this field. +- **Logon Type** \[Type = UInt32\]**:** the type of logon which was performed. “Table 11. Windows Logon Types” contains the list of possible values for this field. -| Logon Type | Logon Title | Description | -|-----------------------------------------------------------------|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| 2 | Interactive | A user logged on to this computer. | -| 3 | Network | A user or computer logged on to this computer from the network. | -| 4 | Batch | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. | -| 5 | Service | A service was started by the Service Control Manager. | -| 7 | Unlock | This workstation was unlocked. | -| 8 | NetworkCleartext | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). | -| 9 | NewCredentials | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. | -| 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop. | -| 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. | -> Table: Windows Logon Types + **Table 11: Windows Logon Types** + + | Logon Type | Logon Title | Description | + |-----------------------------------------------------------------|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| + | 2 | Interactive | A user logged on to this computer. | + | 3 | Network | A user or computer logged on to this computer from the network. | + | 4 | Batch | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. | + | 5 | Service | A service was started by the Service Control Manager. | + | 7 | Unlock | This workstation was unlocked. | + | 8 | NetworkCleartext | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). | + | 9 | NewCredentials | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. | + | 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop. | + | 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. | + **Account For Which Logon Failed:** - **Security ID** \[Type = SID\]**:** SID of the account that was specified in the logon attempt. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -> [!NOTE] -> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). + > [!NOTE] + > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). - **Account Name** \[Type = UnicodeString\]**:** the name of the account that was specified in the logon attempt. @@ -191,7 +193,7 @@ More information: **Process Information:** -- **Caller Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process that attempted the logon. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column): +- **Caller Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process that attempted the logon. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):

Task manager illustration @@ -282,17 +284,17 @@ For 4625(F): An account failed to log on. - Monitor for all events with the fields and values in the following table: -| **Field** | Value to monitor for | -|----------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0XC000005E – “There are currently no logon servers available to service the logon request.”
This is typically not a security issue but it can be an infrastructure or availability issue. | -| **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0xC0000064 – “User logon with misspelled or bad user account”.
Especially if you get a number of these in a row, it can be a sign of user enumeration attack. | -| **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0xC000006A – “User logon with misspelled or bad password” for critical accounts or service accounts.
Especially watch for a number of such events in a row. | -| **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0XC000006D – “This is either due to a bad username or authentication information” for critical accounts or service accounts.
Especially watch for a number of such events in a row. | -| **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0xC000006F – “User logon outside authorized hours”. | -| **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0xC0000070 – “User logon from unauthorized workstation”. | -| **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0xC0000072 – “User logon to account disabled by administrator”. | -| **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0XC000015B – “The user has not been granted the requested logon type (aka logon right) at this machine”. | -| **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0XC0000192 – “An attempt was made to logon, but the Netlogon service was not started”.
This is typically not a security issue but it can be an infrastructure or availability issue. | -| **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0xC0000193 – “User logon with expired account”. | -| **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0XC0000413 – “Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine”. | + | **Field** | Value to monitor for | + |----------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| + | **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0XC000005E – “There are currently no logon servers available to service the logon request.”
This is typically not a security issue but it can be an infrastructure or availability issue. | + | **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0xC0000064 – “User logon with misspelled or bad user account”.
Especially if you get a number of these in a row, it can be a sign of user enumeration attack. | + | **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0xC000006A – “User logon with misspelled or bad password” for critical accounts or service accounts.
Especially watch for a number of such events in a row. | + | **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0XC000006D – “This is either due to a bad username or authentication information” for critical accounts or service accounts.
Especially watch for a number of such events in a row. | + | **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0xC000006F – “User logon outside authorized hours”. | + | **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0xC0000070 – “User logon from unauthorized workstation”. | + | **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0xC0000072 – “User logon to account disabled by administrator”. | + | **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0XC000015B – “The user has not been granted the requested logon type (aka logon right) at this machine”. | + | **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0XC0000192 – “An attempt was made to logon, but the Netlogon service was not started”.
This is typically not a security issue but it can be an infrastructure or availability issue. | + | **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0xC0000193 – “User logon with expired account”. | + | **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0XC0000413 – “Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine”. | From 054c6835ad2c55f7e45a69f168afd306525396d9 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 26 Aug 2020 16:07:32 -0700 Subject: [PATCH 31/33] Indented a note in a list item --- windows/security/threat-protection/auditing/event-4616.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md index eaa93363e3..3f700f0719 100644 --- a/windows/security/threat-protection/auditing/event-4616.md +++ b/windows/security/threat-protection/auditing/event-4616.md @@ -88,8 +88,8 @@ You will typically see these events with “**Subject\\Security ID**” = “**L - **Security ID** \[Type = SID\]**:** SID of account that requested the “change system time” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -> [!NOTE] -> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). + > [!NOTE] + > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). - **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change system time” operation. From 8c1e4d2baa880e269ac8a7013709504c69a496ad Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 26 Aug 2020 16:08:27 -0700 Subject: [PATCH 32/33] Indented a note in a list item --- windows/security/threat-protection/auditing/event-4625.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index d3eb7d0dc6..84cf52d450 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -94,8 +94,8 @@ This event generates on domain controllers, member servers, and workstations. - **Security ID** \[Type = SID\]**:** SID of account that reported information about logon failure. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -> [!NOTE] -> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). + > [!NOTE] + > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). - **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported information about logon failure. From 5791b6e7280958973ac2784bf26cf336038b1030 Mon Sep 17 00:00:00 2001 From: Kelly Baker Date: Wed, 26 Aug 2020 16:20:38 -0700 Subject: [PATCH 33/33] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...s-operating-system-components-to-microsoft-services.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 0425efd0a6..f378372d1d 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -415,7 +415,7 @@ To turn off Insider Preview builds for Windows 10: ### 8. Internet Explorer > [!NOTE] ->When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](https://support.microsoft.com/en-us/help/815141/ie-enhanced-security-configuration-changes-browsing-experience). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings: +>When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](https://support.microsoft.com/help/815141/ie-enhanced-security-configuration-changes-browsing-experience). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings: | Policy | Description | |------------------------------------------------------|-----------------------------------------------------------------------------------------------------| @@ -1664,7 +1664,7 @@ You can turn off **Enhanced Notifications** as follows: ### 24.1 Windows Defender SmartScreen -To disable Windows Defender Smartscreen: +To disable Windows Defender SmartScreen: In Group Policy, configure: @@ -1838,7 +1838,7 @@ You can find the Delivery Optimization Group Policy objects under **Computer Con | Max Upload Bandwidth | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity.
The default value is 0, which means unlimited possible bandwidth.| -For a comprehensive list of Delivery Optimization Policies, see [Delivery Optimization Reference](https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference). +For a comprehensive list of Delivery Optimization Policies, see [Delivery Optimization Reference](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference). ### 28.3 Delivery Optimization @@ -1852,7 +1852,7 @@ For a comprehensive list of Delivery Optimization Policies, see [Delivery Optimi For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684). For IT Professionals, information about Delivery Optimization is available here: [Delivery Optimization for Windows 10 updates] -(https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization). +(https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization). ### 29. Windows Update