From 4f8b3beca8f3eb65dabbe4bc90f18cada5ad1371 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Tue, 10 Oct 2017 10:02:53 -0700
Subject: [PATCH 1/5] Updated deny rules

---
 .../deploy-code-integrity-policies-steps.md   | 554 ++++++++++++++++--
 1 file changed, 490 insertions(+), 64 deletions(-)

diff --git a/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md b/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md
index 8b11311fb6..3af32baedf 100644
--- a/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md
+++ b/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md
@@ -76,7 +76,9 @@ Certain software applications may allow additional code to run by design. These
 
 Microsoft recommends that you install the latest security updates. The June 2017 Windows updates resolve several issues in in-box PowerShell modules that allowed an attacker to bypass Windows Defender Device Guard code integrity policies. These modules cannot be blocked by name or version, and therefore must be blocked by their corresponding hashes. 
 
-Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet:
+For October 2017, we are announcing an update to system.management.automation.dll in which we are revoking older versions by hash values, instead of version rules.
+
+Microsoft recommends that you block the following icrosoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet:
 
 ```
 <?xml version="1.0" encoding="utf-8"?>
@@ -94,9 +96,6 @@ Microsoft recommends that you block the following Microsoft-signed applications
     <Rule>
       <Option>Enabled:Advanced Boot Options Menu</Option>
     </Rule>
-    <Rule>
-      <Option>Required:Enforce Store Applications</Option>
-    </Rule>
     <Rule>
       <Option>Enabled:UMCI</Option>
     </Rule>
@@ -113,7 +112,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
     <Deny  ID="ID_DENY_WINDBG"        FriendlyName="windbg.exe"         FileName="windbg.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
     <Deny  ID="ID_DENY_MSBUILD"       FriendlyName="MSBuild.exe"        FileName="MSBuild.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
     <Deny  ID="ID_DENY_CSI"           FriendlyName="csi.exe"            FileName="csi.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_DBGHOST"       FriendlyName="dbghost.exe"       FileName="DBGHOST.Exe" MinimumFileVersion = "2.3.0.0" /> 
+    <Deny  ID="ID_DENY_DBGHOST"       FriendlyName="dbghost.exe"        FileName="DBGHOST.Exe" MinimumFileVersion = "2.3.0.0" /> 
     <Deny  ID="ID_DENY_DBGSVC"        FriendlyName="dbgsvc.exe"         FileName="DBGSVC.Exe" MinimumFileVersion = "2.3.0.0" />    
     <Deny  ID="ID_DENY_DNX"           FriendlyName="dnx.exe"            FileName="dnx.Exe" MinimumFileVersion = "65535.65535.65535.65535" />   
     <Deny  ID="ID_DENY_RCSI"          FriendlyName="rcsi.exe"           FileName="rcsi.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
@@ -123,43 +122,257 @@ Microsoft recommends that you block the following Microsoft-signed applications
     <Deny  ID="ID_DENY_FSI"           FriendlyName="fsi.exe"            FileName="fsi.exe" MinimumFileVersion = "65535.65535.65535.65535" />
     <Deny  ID="ID_DENY_FSI_ANYCPU"    FriendlyName="fsiAnyCpu.exe"      FileName="fsiAnyCpu.exe" MinimumFileVersion = "65535.65535.65535.65535" />
     <Deny  ID="ID_DENY_MSHTA"         FriendlyName="mshta.exe"          FileName="mshta.exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_SMA"           FriendlyName="System.Management.Automation.dll" FileName="System.Management.Automation.dll" MinimumFileVersion = "10.0.16215.999" />
 
+    <Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6" />
+    <Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF" />
+    <Deny ID="ID_DENY_D_3" FriendlyName="Powershell 3" Hash="148972F670E18790D62D753E01ED8D22B351A57E45544D88ACE380FEDAF24A40" />
+    <Deny ID="ID_DENY_D_4" FriendlyName="Powershell 4" Hash="29DF1D593D0D7AB365F02645E7EF4BCCA060763A" />
+    <Deny ID="ID_DENY_D_5" FriendlyName="Powershell 5" Hash="2E3C47BBE1BA99842EE187F756CA616EFED61B94" />
+    <Deny ID="ID_DENY_D_6" FriendlyName="Powershell 6" Hash="38DC1956313B160696A172074C6F5DA9852BF508F55AFB7FA079B98F2849AFB5" />
+    <Deny ID="ID_DENY_D_7" FriendlyName="Powershell 7" Hash="513B625EA507ED9CE83E2FB2ED4F3D586C2AA379" />
+    <Deny ID="ID_DENY_D_8" FriendlyName="Powershell 8" Hash="71FC552E66327EDAA72D72C362846BD80CB65EECFAE95C4D790C9A2330D95EE6" />
+    <Deny ID="ID_DENY_D_9" FriendlyName="Powershell 9" Hash="72E4EC687CFE357F3E681A7500B6FF009717A2E9538956908D3B52B9C865C189" />
+    <Deny ID="ID_DENY_D_10" FriendlyName="Powershell 10" Hash="74E207F539C4EAC648A5507EB158AEE9F6EA401E51808E83E73709CFA0820FDD" />
+    <Deny ID="ID_DENY_D_11" FriendlyName="Powershell 11" Hash="75288A0CF0806A68D8DA721538E64038D755BBE74B52F4B63FEE5049AE868AC0" />
+    <Deny ID="ID_DENY_D_12" FriendlyName="Powershell 12" Hash="7DB3AD53985C455990DD9847DE15BDB271E0C8D1" />
+    <Deny ID="ID_DENY_D_13" FriendlyName="Powershell 13" Hash="84BB081141DA50B3839CD275FF34854F53AECB96CA9AEB8BCD24355C33C1E73E" />
+    <Deny ID="ID_DENY_D_14" FriendlyName="Powershell 14" Hash="86DADE56A1DBAB6DDC2769839F89244693D319C6" />
+    <Deny ID="ID_DENY_D_15" FriendlyName="Powershell 15" Hash="BD3139CE7553AC7003C96304F08EAEC2CDB2CC6A869D36D6F1E478DA02D3AA16" />
+    <Deny ID="ID_DENY_D_16" FriendlyName="Powershell 16" Hash="BE3FFE10CDE8B62C3E8FD4D8198F272B6BD15364A33362BB07A0AFF6731DABA1" />
+    <Deny ID="ID_DENY_D_17" FriendlyName="Powershell 17" Hash="C1196433541B87D22CE2DD19AAAF133C9C13037A" />
+    <Deny ID="ID_DENY_D_18" FriendlyName="Powershell 18" Hash="C6C073A80A8E76DC13E724B5E66FE4035A19CCA0C1AF3FABBC18E5185D1B66CB" />
+    <Deny ID="ID_DENY_D_19" FriendlyName="Powershell 19" Hash="CE5EA2D29F9DD3F15CF3682564B0E765ED3A8FE1" />
+    <Deny ID="ID_DENY_D_20" FriendlyName="Powershell 20" Hash="D027E09D9D9828A87701288EFC91D240C0DEC2C3" />
+    <Deny ID="ID_DENY_D_21" FriendlyName="Powershell 21" Hash="D2CFC8F6729E510AE5BA9BECCF37E0B49DDF5E31" />
+    <Deny ID="ID_DENY_D_22" FriendlyName="Powershell 22" Hash="DED853481A176999723413685A79B36DD0F120F9" />
+    <Deny ID="ID_DENY_D_23" FriendlyName="Powershell 23" Hash="DFCD10EAA2A22884E0A41C4D9E6E8DA265321870" />
+    <Deny ID="ID_DENY_D_24" FriendlyName="Powershell 24" Hash="F16E605B55774CDFFDB0EB99FAFF43A40622ED2AB1C011D1195878F4B20030BC" />
+    <Deny ID="ID_DENY_D_25" FriendlyName="Powershell 25" Hash="F29A958287788A6EEDE6035D49EF5CB85EEC40D214FDDE5A0C6CAA65AFC00EEC" />
+    <Deny ID="ID_DENY_D_26" FriendlyName="Powershell 26" Hash="F875E43E12685ECE0BA2D42D55A13798CE9F1FFDE3CAE253D2529F4304811A52" />
+    <!--System.Management.Automation.dll -->
+    <Deny ID="ID_DENY_D_27" FriendlyName="PowerShell 27" Hash="720D826A84284E18E0003526A0CD9B7FF0C4A98A"/>
+    <Deny ID="ID_DENY_D_28" FriendlyName="PowerShell 28" Hash="CB5DF9D0D25571948C3D257882E07C7FA5E768448E0DEBF637E110F9FF575808"/>
+    <Deny ID="ID_DENY_D_29" FriendlyName="PowerShell 29" Hash="3C7265C3393C585D32E509B2D2EC048C73AC5EE6"/>
+    <Deny ID="ID_DENY_D_30" FriendlyName="PowerShell 30" Hash="7F1E03E956CA38CC0C491CB958D6E61A52491269CDB363BC488B525F80C56424"/>
+    <Deny ID="ID_DENY_D_31" FriendlyName="PowerShell 31" Hash="27D86C9B54E1A97399A6DC9C9DF9AE030CB734C8"/>
+    <Deny ID="ID_DENY_D_32" FriendlyName="PowerShell 32" Hash="917BD10E82C6E932F9C63B9BDCCC1D9BF04510CD8491B005CFFD273B48B5CD1E"/>
+    <Deny ID="ID_DENY_D_33" FriendlyName="PowerShell 33" Hash="B3BB2D75AECB34ED316CE54C6D513420186E4950"/>
+    <Deny ID="ID_DENY_D_34" FriendlyName="PowerShell 34" Hash="B734F6269A6738861E1DF98EE0E4E7377FAED10B82AAA9731DA0BB1CB366FCCE"/>
+    <Deny ID="ID_DENY_D_35" FriendlyName="PowerShell 35" Hash="FF378B465F2C8A87B4092F7C1F96399C0156CEEB"/>
+    <Deny ID="ID_DENY_D_36" FriendlyName="PowerShell 36" Hash="9B884CFE78F921042B003574AE30D9E86EE3DCC11E7110A1C92927F13C3F47E6"/>
+    <Deny ID="ID_DENY_D_37" FriendlyName="PowerShell 37" Hash="C7B99E8B59182112A3A14BD39880BDCDDD5C724F"/>
+    <Deny ID="ID_DENY_D_38" FriendlyName="PowerShell 38" Hash="6E585890C7369D6D8DA85C8B6B7411463BAA1ACAE9CE4197E033A46C897B35E5"/>
+    <Deny ID="ID_DENY_D_39" FriendlyName="PowerShell 39" Hash="BA4B3A92123FBCE66398020AFBCC0BCA1D1AAAD7"/>
+    <Deny ID="ID_DENY_D_40" FriendlyName="PowerShell 40" Hash="D8D361E3690676C7FDC483003BFC5C0C39FB16B42DFC881FB8D42A1064740B0B"/>
+    <Deny ID="ID_DENY_D_41" FriendlyName="PowerShell 41" Hash="1EA5104AE1A7A53F9421E0193B749F310B9261D1"/>
+    <Deny ID="ID_DENY_D_42" FriendlyName="PowerShell 42" Hash="66C1B8569019512ACDDC145DA6D348A68DE008BE7C05930AD0EC6927C26061AD"/>
+    <Deny ID="ID_DENY_D_43" FriendlyName="PowerShell 43" Hash="4EB2C3A4B551FC028E00F2E7DA9D0F1E38728571"/>
+    <Deny ID="ID_DENY_D_44" FriendlyName="PowerShell 44" Hash="30EAC589069FB79D540080B04B7FDBB8A9B1DF4E96B9D7C98519E49A1ED56851"/>
+    <Deny ID="ID_DENY_D_45" FriendlyName="PowerShell 45" Hash="E55505B609DD7A22F55C4BA9EDAD5627ECA6A8E8"/>
+    <Deny ID="ID_DENY_D_46" FriendlyName="PowerShell 46" Hash="ABDDA9C1EDA9F2344FB5B79890B7FD854D0E3D28BEC26AE33AAD196948AB642D"/>
+    <Deny ID="ID_DENY_D_47" FriendlyName="PowerShell 47" Hash="A15964475D213FB752B42E7DCDDBF4B14D623D14"/>
+    <Deny ID="ID_DENY_D_48" FriendlyName="PowerShell 48" Hash="61A68B436D828193E0C7B44D2AF83D22A9CB557B90186E4E6AC998CE5E3BFE8A"/>
+    <Deny ID="ID_DENY_D_49" FriendlyName="PowerShell 49" Hash="DB0C4B5CA1CBC3B117AB0439C5937B6A263DFD87"/>
+    <Deny ID="ID_DENY_D_50" FriendlyName="PowerShell 50" Hash="6D4FB385328CA01700092E1CDF75A97123A95120D5F8A9877FFB4D5A8531380B"/>
+    <Deny ID="ID_DENY_D_51" FriendlyName="PowerShell 51" Hash="72F9DCDA6ECDD6906A2538DFE795A2E2CA787BBC"/>
+    <Deny ID="ID_DENY_D_52" FriendlyName="PowerShell 52" Hash="F98FEC4A0306BD398F7FB7F611679B7797D32D54D1F2B35D728C0C7A058153ED"/>
+    <Deny ID="ID_DENY_D_53" FriendlyName="PowerShell 53" Hash="C980B65B86F780AC93B9458E9657291083CFEDA8"/>
+    <Deny ID="ID_DENY_D_54" FriendlyName="PowerShell 54" Hash="F9473493FF53274B8E75EC7E517F324AA0C5644C6F8045D3EF3A1B9A669ECF78"/>
+    <Deny ID="ID_DENY_D_55" FriendlyName="PowerShell 55" Hash="C30355B5E6FA3F793A3CC0A649945829723DD85C"/>
+    <Deny ID="ID_DENY_D_56" FriendlyName="PowerShell 56" Hash="4EB14099165177F0F3A1FACE32E72CF2DD221DB44155E73AFF94CB7DA195EF22"/>
+    <Deny ID="ID_DENY_D_57" FriendlyName="PowerShell 57" Hash="5C6CC1903D3DA2054ECD9A295EEE26F5561E152A"/>
+    <Deny ID="ID_DENY_D_58" FriendlyName="PowerShell 58" Hash="0BF8CAB75DAB712FC848DE7CC7DC5C8A10D666515E7535F89146F45AAAF9EF54"/>
+    <Deny ID="ID_DENY_D_59" FriendlyName="PowerShell 59" Hash="1443E8F56DEE11EEF5B746E3657C2F953FD4F6EA"/>
+    <Deny ID="ID_DENY_D_60" FriendlyName="PowerShell 60" Hash="487CB42795046E885303FC96EA54C3234E1B2072DAEB4F9218C21CC6C39A3223"/>
+    <Deny ID="ID_DENY_D_61" FriendlyName="PowerShell 61" Hash="072D4E33D1478C863DBAB20BF5DFF1A0FB5A9D53"/>
+    <Deny ID="ID_DENY_D_62" FriendlyName="PowerShell 62" Hash="631E091AE7AD2C543EE5755BC9D8DB34683C41E20D9A6CD41C8F07827156D6DB"/>
+    <Deny ID="ID_DENY_D_63" FriendlyName="PowerShell 63" Hash="FD15A313B890369B7D8E26C13B2070AE044FB4D8"/>
+    <Deny ID="ID_DENY_D_64" FriendlyName="PowerShell 64" Hash="AB9886A0993F87C2A39BC7822EE44FD4B4751C530ACF292ACD0319C967FB4F3B"/>
+    <Deny ID="ID_DENY_D_65" FriendlyName="PowerShell 65" Hash="4BAFD867B59328E7BB853148FE6D16B9411D7A12"/>
+    <Deny ID="ID_DENY_D_66" FriendlyName="PowerShell 66" Hash="D1F22B37902C2DD53FA27438436D9D236A196C10C8E492A8F4A14768644592D3"/>
+    <Deny ID="ID_DENY_D_67" FriendlyName="PowerShell 67" Hash="AC53AE4C8AB56D84393D67D820BEBDC3218739D3"/>
+    <Deny ID="ID_DENY_D_68" FriendlyName="PowerShell 68" Hash="49580C9459C3917E6F982C8E0D753D293DFA2E4FD1152F78FF7C73CF8B422507"/>
+    <Deny ID="ID_DENY_D_69" FriendlyName="PowerShell 69" Hash="333678A44D4BEBE9BEA3041FFDA9E2B55B58F1B5"/>
+    <Deny ID="ID_DENY_D_70" FriendlyName="PowerShell 70" Hash="94CBBC3970F01280D98C951BD0C4158D4B09A2BE21B8A27790D9F127B78C6F3F"/>
+    <Deny ID="ID_DENY_D_71" FriendlyName="PowerShell 71" Hash="5F5620DC049FE1F1C2DBAC077A59BA69CF2FF72C"/>
+    <Deny ID="ID_DENY_D_72" FriendlyName="PowerShell 72" Hash="A32C0769F36CAE0B6A7A1B8CCB6B7A75AA8BEB7F49815E96B4E120BFD7527E0A"/>
+    <Deny ID="ID_DENY_D_73" FriendlyName="PowerShell 73" Hash="BDBE541D269EC8235563842D024F9E37883DFB57"/>
+    <Deny ID="ID_DENY_D_74" FriendlyName="PowerShell 74" Hash="441076C7FD0AD481E6AC3198F08BE80EA9EB2926CA81D733F798D03DBEFD683E"/>
+    <Deny ID="ID_DENY_D_75" FriendlyName="PowerShell 75" Hash="FD6FE9143A46F4EBB46E6B46332FA7171002EBF0"/>
+    <Deny ID="ID_DENY_D_76" FriendlyName="PowerShell 76" Hash="85399D84601207AB92C8CA4D7D6E58CB1B0B0B57ED94FA7E5A1191FA1810E223"/>
+    <Deny ID="ID_DENY_D_77" FriendlyName="PowerShell 77" Hash="98FD94A89DCF92A7BEDB51C72BAD1A67650DD6E5"/>
+    <Deny ID="ID_DENY_D_78" FriendlyName="PowerShell 78" Hash="5CE4B042E986DAFEB7E2D2ABFB80376C4DEC325DB23B584B76039EEA6E1A74B1"/>
+    <Deny ID="ID_DENY_D_79" FriendlyName="PowerShell 79" Hash="6BC1E70F0EA84E88AC28BEAF74C10F3ABDF99209"/>
+    <Deny ID="ID_DENY_D_80" FriendlyName="PowerShell 80" Hash="93CB3907D1A9473E8A90593250C4A95EAE3A7066E9D8A57535CBDF82AA4AD4C2"/>
+    <Deny ID="ID_DENY_D_81" FriendlyName="PowerShell 81" Hash="7FCE82DBBC0FE45AFBE3927C323349C32D5A463A"/>
+    <Deny ID="ID_DENY_D_82" FriendlyName="PowerShell 82" Hash="2EDA8CA129E30CB5522C4DCD1E5AFDCA1E9C6447DD7053DACEF18DCDCCF3E2BC"/>
+    <Deny ID="ID_DENY_D_83" FriendlyName="PowerShell 83" Hash="BDB3DAC80667A0B931835D5D658C08F236B413D1"/>
+    <Deny ID="ID_DENY_D_84" FriendlyName="PowerShell 84" Hash="51287BACB692AAC5A8659774D982B304DC0C0B4A4D8F41CBCCD47D69796786DE"/>
+    <Deny ID="ID_DENY_D_85" FriendlyName="PowerShell 85" Hash="9633529CACE25ACCB29EBC5941DE1874903C0297"/>
+    <Deny ID="ID_DENY_D_86" FriendlyName="PowerShell 86" Hash="483A3997D5DA69A51DC7EA368A36C3CA4A5BD56CB08BFD9912BE799005156C18"/>
+    <Deny ID="ID_DENY_D_87" FriendlyName="PowerShell 87" Hash="B3493E30A2C347B550331C86529BDC288EAF8186"/>
+    <Deny ID="ID_DENY_D_88" FriendlyName="PowerShell 88" Hash="9371E2333906441715DE15FEE8A9AA03C4D076CA3C04D9A7AB0CC32189DA66ED"/>
+    <Deny ID="ID_DENY_D_89" FriendlyName="PowerShell 89" Hash="5D4B0794EB973D61CF74A700F11BE84E527E0E51"/>
+    <Deny ID="ID_DENY_D_90" FriendlyName="PowerShell 90" Hash="537DE34A1F4B3F8345D02F5BBA2B063F070A42FC1581AAC2AA91C1D071B14521"/>
+    <Deny ID="ID_DENY_D_91" FriendlyName="PowerShell 91" Hash="F3C75F35F42C1C5B3B4ED888187D6AB4035F994C"/>
+    <Deny ID="ID_DENY_D_92" FriendlyName="PowerShell 92" Hash="AD5678ED0734281973465DD728281A6C0EA146620FF2106A4EEFC7E94622B92F"/>
+    <Deny ID="ID_DENY_D_93" FriendlyName="PowerShell 93" Hash="91C0F76798A9679188C7D93FDEBAF797BDBE41B2"/>
+    <Deny ID="ID_DENY_D_94" FriendlyName="PowerShell 94" Hash="1D9244EAFEDFBFC02E13822E24A476C36FFD362B9D18F6CD195B654A34F946FF"/>
+    <Deny ID="ID_DENY_D_95" FriendlyName="PowerShell 95" Hash="7FCB424E67DDAC49413B45D7DCD636AD70E23B41"/>
+    <Deny ID="ID_DENY_D_96" FriendlyName="PowerShell 96" Hash="7E6F9A738520F78D1E9D0D0883FB07DD9188408CBE7C2937BDE1590F90C61753"/>
+    <Deny ID="ID_DENY_D_97" FriendlyName="PowerShell 97" Hash="A9745E20419EC1C90B23FE965D3C2DF028AF39DC"/>
+    <Deny ID="ID_DENY_D_98" FriendlyName="PowerShell 98" Hash="71B5B58EAA0C90397BC9546BCCA8C657500499CD2087CD7D7E1753D54C07E71D"/>
+    <Deny ID="ID_DENY_D_99" FriendlyName="PowerShell 99" Hash="3E5294910C59394DA93962128968E6C23016A028"/>
+    <Deny ID="ID_DENY_D_100" FriendlyName="PowerShell 100" Hash="DA700D4F58BCEA1D5A9CAD4F20AC725C6A354F9DA40E4F8F95E1C3DC7B84F550"/>
+    <Deny ID="ID_DENY_D_101" FriendlyName="PowerShell 101" Hash="266896FD257AD8EE9FC73B3A50306A573714EA8A"/>
+    <Deny ID="ID_DENY_D_102" FriendlyName="PowerShell 102" Hash="8E36BD08084C73AF674F2DAD568EE3BA2C85769FA7B3400CB62F7A7BD028BE9A"/>
+    <Deny ID="ID_DENY_D_103" FriendlyName="PowerShell 103" Hash="2CB781B3BD79FD277D92332ACA22C04430F9D692"/>
+    <Deny ID="ID_DENY_D_104" FriendlyName="PowerShell 104" Hash="92AE03F0090C0A5DF329B4B3FFEDBA622B0521BA699FA303C24120A30ED4C9E6"/>
+    <Deny ID="ID_DENY_D_105" FriendlyName="PowerShell 105" Hash="D82583F7D5EA477C94630AC5AAEB771C85BD4B0A"/>
+    <Deny ID="ID_DENY_D_106" FriendlyName="PowerShell 106" Hash="9B0F39AB233628A971ACEC53029C9B608CAB99868F1A1C5ABE20BC1BD1C2B70E"/>
+    <Deny ID="ID_DENY_D_107" FriendlyName="PowerShell 107" Hash="2DF4350DE3C97C9D4FD2973F8C5EA8AE621D22A8"/>
+    <Deny ID="ID_DENY_D_108" FriendlyName="PowerShell 108" Hash="015CE571E8503A353E2250D4D0DA19493B3311F3437527E6DDD2D2B6439FA2EB"/>
+    <Deny ID="ID_DENY_D_109" FriendlyName="PowerShell 109" Hash="080DEC3B15AD5AFE9BF3B0943A36285E92BAF469"/>
+    <Deny ID="ID_DENY_D_110" FriendlyName="PowerShell 110" Hash="F1391E78F17EA6097906B99C6F4F0AE8DD2E519856F837A3BCC58FBB87DAAE62"/>
+    <Deny ID="ID_DENY_D_111" FriendlyName="PowerShell 111" Hash="F87C726CCB5E64C6F363C21255935D5FEA9E4A0E"/>
+    <Deny ID="ID_DENY_D_112" FriendlyName="PowerShell 112" Hash="B7B42C3C8C61FD2616C16BBCF36EA15EC26A67536E94764D72A91CE04B89AAA4"/>
+    <Deny ID="ID_DENY_D_113" FriendlyName="PowerShell 113" Hash="25F52340199A0EA352C8B1A7014BCB610B232523"/>
+    <Deny ID="ID_DENY_D_114" FriendlyName="PowerShell 114" Hash="64D6D1F3A053908C5635BD6BDA36BC8E72D518C7ECE8DA761C0DDE70C50BB632"/>
+    <Deny ID="ID_DENY_D_115" FriendlyName="PowerShell 115" Hash="029198F05598109037A0E9E332EC052317E834DA"/>
+    <Deny ID="ID_DENY_D_116" FriendlyName="PowerShell 116" Hash="70B4BB6C2B7E9237FB14ABBC94955012285E2CAA74F91455EE52809CDAD4E7FC"/>
+    <Deny ID="ID_DENY_D_117" FriendlyName="PowerShell 117" Hash="A4390EF2D77F76DC4EFE55FF74EE1D06C303FDAE"/>
+    <Deny ID="ID_DENY_D_118" FriendlyName="PowerShell 118" Hash="3246A0CB329B030DA104E04B1A0728DE83724B08C724FD0238CE4578A0245576"/>
+    <Deny ID="ID_DENY_D_119" FriendlyName="PowerShell 119" Hash="89CEAB6518DA4E7F75B3C75BC04A112D3637B737"/>
+    <Deny ID="ID_DENY_D_120" FriendlyName="PowerShell 120" Hash="6581E491FBFF954A1A4B9CEA69B63951D67EB56DF871ED8B055193595F042B0D"/>
+    <Deny ID="ID_DENY_D_121" FriendlyName="PowerShell 121" Hash="00419E981EDC8613E600C939677F7B460855BF7E"/>
+    <Deny ID="ID_DENY_D_122" FriendlyName="PowerShell 122" Hash="61B724BCFC3DA1CC1583DB0BC42EFE166E92D8D3CE91E58A29F7AEBEFAE2149F"/>
+    <Deny ID="ID_DENY_D_123" FriendlyName="PowerShell 123" Hash="272EF88BBA9B4B54D242FFE1E96D07DBF53497A0"/>
+    <Deny ID="ID_DENY_D_124" FriendlyName="PowerShell 124" Hash="AFC0968EDCE9E5FC1BC392382833EBEF3265B32D3ECBB529D89A1DF33A31E9BD"/>
+    <Deny ID="ID_DENY_D_125" FriendlyName="PowerShell 125" Hash="CD9D9789B3B31562C4BE44B6BEEA8815C5EDAE1F"/>
+    <Deny ID="ID_DENY_D_126" FriendlyName="PowerShell 126" Hash="FCAF8DC3C7A5D3B29B19A9C5F89324BF65B50C440AC0316B08532CEA2F1FF9B0"/>
+    <Deny ID="ID_DENY_D_127" FriendlyName="PowerShell 127" Hash="941D0FD47887035A04E17F46DE6C4004D7FD8871"/>
+    <Deny ID="ID_DENY_D_128" FriendlyName="PowerShell 128" Hash="4AD6DC7FF0A2E776CE7F27B4E3D3C1C380CA3548DFED565429D88C3BBE61DD0F"/>
+    <Deny ID="ID_DENY_D_129" FriendlyName="PowerShell 129" Hash="421D1142105358B8360454E43FD15767DA111DBA"/>
+    <Deny ID="ID_DENY_D_130" FriendlyName="PowerShell 130" Hash="692CABD40C1EDFCB6DC50591F31FAE30848E579D6EF4D2CA0811D06B086CF8BE"/>
+    <Deny ID="ID_DENY_D_131" FriendlyName="PowerShell 131" Hash="AC9F095DD4AE80B124F55541761AA1F35E49A575"/>
+    <Deny ID="ID_DENY_D_132" FriendlyName="PowerShell 132" Hash="0D8A0FB3BF3CF80D44ED20D9F1E7292E9EE5A49ABCE68592DED55A71B0ACAECE"/>
+    <Deny ID="ID_DENY_D_133" FriendlyName="PowerShell 133" Hash="B1CF2A18B281F73FE6685B5CE74D1BA50BE9AFE5"/>
+    <Deny ID="ID_DENY_D_134" FriendlyName="PowerShell 134" Hash="095B79953F9E3E2FB721693FBFAD5841112D592B6CA7EB2055B262DEB7C7008A"/>
+    <Deny ID="ID_DENY_D_135" FriendlyName="PowerShell 135" Hash="128D7D03E4B85DBF95427D72EFF833DAB5E92C33"/>
+    <Deny ID="ID_DENY_D_136" FriendlyName="PowerShell 136" Hash="EACFC615FDE29BD858088AF42E0917E4B4CA5991EFB4394FB3129735D7299235"/>
+    <Deny ID="ID_DENY_D_137" FriendlyName="PowerShell 137" Hash="47D2F87F2D2D516D712A156421F0C2BD285200E9"/>
+    <Deny ID="ID_DENY_D_138" FriendlyName="PowerShell 138" Hash="8CACA1828E7770DADF21D558976D415AC7BDA16D58926308FD5E9D5087F4B0E6"/>
+    <Deny ID="ID_DENY_D_139" FriendlyName="PowerShell 139" Hash="CD9D70B0107801567EEADC4ECD74511A1A6FF4FE"/>
+    <Deny ID="ID_DENY_D_140" FriendlyName="PowerShell 140" Hash="9C96396EFCC9DC09F119DE8695CB3372F82DB46D23A1B7A88BD86CBE814233E1"/>
+    <Deny ID="ID_DENY_D_141" FriendlyName="PowerShell 141" Hash="233E3B5108A43239C6C13292043DED0567281AF9"/>
+    <Deny ID="ID_DENY_D_142" FriendlyName="PowerShell 142" Hash="6EDF19CC53EA2064CE108957343EB3505359CF05BD6955C7502AF565BD761702"/>
+    <Deny ID="ID_DENY_D_143" FriendlyName="PowerShell 143" Hash="CD725B606888E5C5426FEAB44E2CC7722DFE5411"/>
+    <Deny ID="ID_DENY_D_144" FriendlyName="PowerShell 144" Hash="B20C4F36AE6A3AC323759C81173FACE1B1C112FA5B701C65DCD7313D7CE59907"/>
+    <Deny ID="ID_DENY_D_145" FriendlyName="PowerShell 145" Hash="E5212F1081B5777B88F5C41174ADEDB35B4258CF"/>
+    <Deny ID="ID_DENY_D_146" FriendlyName="PowerShell 146" Hash="F4DE5B5395701F8C94D65D732E4D212E1879C9C84345B46A941965B094F75017"/>
+    <Deny ID="ID_DENY_D_147" FriendlyName="PowerShell 147" Hash="EC41A3FB8D6E3B0F55F6583C14C45B6238753019"/>
+    <Deny ID="ID_DENY_D_148" FriendlyName="PowerShell 148" Hash="76CA6B396796351685198D6189E865AFD7FB9E6C5CEFA9EA0B5F0A9F1FC98D57"/>
+    <Deny ID="ID_DENY_D_149" FriendlyName="PowerShell 149" Hash="3B2B7042A84033CA846AFE472912524F7BAD57E5"/>
+    <Deny ID="ID_DENY_D_150" FriendlyName="PowerShell 150" Hash="2DF95ABEB23DAA0377DFA6360976B69D3CEE7325A9B7571F331D569809FAED8B"/>
+    <Deny ID="ID_DENY_D_151" FriendlyName="PowerShell 151" Hash="7BED2F9C0ADF1597C7EBB79163BDA21D8D7D28CA"/>
+    <Deny ID="ID_DENY_D_152" FriendlyName="PowerShell 152" Hash="44BDD2DADB13E7A8FF6AFCF4AE3E2CC830506D9475B4C2C71D319E169977998F"/>
+    <Deny ID="ID_DENY_D_153" FriendlyName="PowerShell 153" Hash="A1251FA30162B13456A4687495726FF793D511BE"/>
+    <Deny ID="ID_DENY_D_154" FriendlyName="PowerShell 154" Hash="9C15E4DE10DE47ACD393359D523211AD8596C61FE54F2C0664D48E1D249231CE"/>
+    <Deny ID="ID_DENY_D_155" FriendlyName="PowerShell 155" Hash="D835947C84CFBA652B553A77A90475E02291AA5F"/>
+    <Deny ID="ID_DENY_D_156" FriendlyName="PowerShell 156" Hash="B4D6DAA10398D5DA192DFDD75010F428D24762D432934F0E2030D39610D43E12"/>
+    <Deny ID="ID_DENY_D_157" FriendlyName="PowerShell 157" Hash="1F85BBEC1DFC5785B91735A7C561E664F7FE1E94"/>
+    <Deny ID="ID_DENY_D_158" FriendlyName="PowerShell 158" Hash="828F05BFF829019EC0F3082323FEA859C0D71CCE14B5B75C07E7D418EF354269"/>
+    <Deny ID="ID_DENY_D_159" FriendlyName="PowerShell 159" Hash="FC0E23771620B41E6920F2463F49B84307D8BA91"/>
+    <Deny ID="ID_DENY_D_160" FriendlyName="PowerShell 160" Hash="C4FA568C852A46316308A660B80D83A11D41071F1CF4A79847A3F56714CC47AF"/>
+    <Deny ID="ID_DENY_D_161" FriendlyName="PowerShell 161" Hash="D18240AEE8B9B964F6B9CDFC5AFB6C343C286636"/>
+    <Deny ID="ID_DENY_D_162" FriendlyName="PowerShell 162" Hash="7B4C39285569F14AA9799332C542A0796717C5EF9D636BD11B2841450BC6399D"/>
+    <Deny ID="ID_DENY_D_163" FriendlyName="PowerShell 163" Hash="1A16008D330330182AA555B1D3E9BE0B2D6BECBF"/>
+    <Deny ID="ID_DENY_D_164" FriendlyName="PowerShell 164" Hash="D7685E259D0328937487856A3AB68B6D9D420DD4E02541F4D71164DFA65B4644"/>
+    <Deny ID="ID_DENY_D_165" FriendlyName="PowerShell 165" Hash="FBA274406B503B464B349805149E6AA722909CC9"/>
+    <Deny ID="ID_DENY_D_166" FriendlyName="PowerShell 166" Hash="FEBC97ED819C79E54157895457DBA755F182D6330A5103E0663AFA07E01E5CF8"/>
+    <Deny ID="ID_DENY_D_167" FriendlyName="PowerShell 167" Hash="293AF426A39282770387F5EE25CA719A91419A18"/>
+    <Deny ID="ID_DENY_D_168" FriendlyName="PowerShell 168" Hash="A9E655A96A124BC361D9CC5C7663FC033AA6F6609916EFAA76B6A6E9713A0D32"/>
+    <Deny ID="ID_DENY_D_169" FriendlyName="PowerShell 169" Hash="AEBFE7497F4A1947B5CB32650843CA0F85BD56D0"/>
+    <Deny ID="ID_DENY_D_170" FriendlyName="PowerShell 170" Hash="8C385B2C16136C097C96701D2140E014BF454CFA7297BE0C28431DED15339C0F"/>
+    <Deny ID="ID_DENY_D_171" FriendlyName="PowerShell 171" Hash="8FB604CD72701B83BC265D87F52B36C6F14E5DBE"/>
+    <Deny ID="ID_DENY_D_172" FriendlyName="PowerShell 172" Hash="B35AFBA7A897CB882C14A08AFB36A8EC938BDA14DF070234A2CCBDBA8F7DF91C"/>
+    <Deny ID="ID_DENY_D_173" FriendlyName="PowerShell 173" Hash="CE70309DB83C9202F45028EBEC252747F4936E6F"/>
+    <Deny ID="ID_DENY_D_174" FriendlyName="PowerShell 174" Hash="1F6D74FDA1F9EE6BBAC72E7E717A01B9FFC29822561D11175F6809D12215B4ED"/>
+    <Deny ID="ID_DENY_D_175" FriendlyName="PowerShell 175" Hash="9D71AD914DBB2FDF793742AA63AEEF4E4A430790"/>
+    <Deny ID="ID_DENY_D_176" FriendlyName="PowerShell 176" Hash="8CC1B5FA9A9609AC811F6505FA9B68E85A87BAE1EF676EFFE1BE438EACBDF3E1"/>
+    <Deny ID="ID_DENY_D_177" FriendlyName="PowerShell 177" Hash="7484FD78A9298DBA24AC5C882D16DB6146E53712"/>
+    <Deny ID="ID_DENY_D_178" FriendlyName="PowerShell 178" Hash="A79A74BFB768312E8EE089060C5C3238D59EF0C044A450FEB97DCA26815ECB34"/>
+    <Deny ID="ID_DENY_D_179" FriendlyName="PowerShell 179" Hash="78C3C6AEF52A6A5392C55F1EC98AF18053B3087D"/>
+    <Deny ID="ID_DENY_D_180" FriendlyName="PowerShell 180" Hash="493B620FCAD8A91D1FD7C726697E09358CA90822E8D6E021DF56E70B46F7C346"/>
+    <Deny ID="ID_DENY_D_181" FriendlyName="PowerShell 181" Hash="783FFB771F08BCF55C2EA474B5460EB65EA9444C"/>
+    <Deny ID="ID_DENY_D_182" FriendlyName="PowerShell 182" Hash="09DA1592B8457F860297821EB7FAA7F3BB71FC1916ED5DEE6D85044953640D5C"/>
+    <Deny ID="ID_DENY_D_183" FriendlyName="PowerShell 183" Hash="B303D1689ED99613E4F52CE6E5F96AAEBC3A45C3"/>
+    <Deny ID="ID_DENY_D_184" FriendlyName="PowerShell 184" Hash="82AB406FD78DCF58F65DC14D6FDDD72840015F3FE5B554428969BECA0325CD9C"/>
+    <Deny ID="ID_DENY_D_185" FriendlyName="PowerShell 185" Hash="DB5C6CB23C23BA6A3CD4FD4EC0A4DAEE3FC66500"/>
+    <Deny ID="ID_DENY_D_186" FriendlyName="PowerShell 186" Hash="9A46C16C5151D97A0EFA3EA503249E31A6D5D8D25E4F07CD4E5E077A574713FB"/>
+    <Deny ID="ID_DENY_D_187" FriendlyName="PowerShell 187" Hash="C1E08AD32F680100C51F138C6C095139E7230C3B"/>
+    <Deny ID="ID_DENY_D_188" FriendlyName="PowerShell 188" Hash="A5D5C1F79CD26216194D4C72DBAA3E48CB4A143D9E1F78819E52E9FEB2AD0AE3"/>
+    <Deny ID="ID_DENY_D_189" FriendlyName="PowerShell 189" Hash="BACA825D0852E2D8F3D92381D112B99B5DD56D9F"/>
+    <Deny ID="ID_DENY_D_190" FriendlyName="PowerShell 190" Hash="ABA28E0FC251E1D7FE5E264E1B36EC5E482D70AA434E75A756356F23F0C1F2F4"/>
+    <Deny ID="ID_DENY_D_191" FriendlyName="PowerShell 191" Hash="E89C29D38F554F6CB73B5FD3D0A783CC12FFEBC3"/>
+    <Deny ID="ID_DENY_D_192" FriendlyName="PowerShell 192" Hash="4C93CBDCF4328D27681453D8DFD7495955A07EE6A0EFB9A593853A86990CF528"/>
+    <Deny ID="ID_DENY_D_193" FriendlyName="PowerShell 193" Hash="5B5E7942233D7C8A325A429FC4F4AE281325E8F9"/>
+    <Deny ID="ID_DENY_D_194" FriendlyName="PowerShell 194" Hash="40DA20086ED76A5EA5F62901D110216EE206E7EEB2F2BFF02F61D0BE85B0BB5A"/>
+    <Deny ID="ID_DENY_D_195" FriendlyName="PowerShell 195" Hash="926DCACC6983F85A8ABBCB5EE13F3C756705A1D5"/>
+    <Deny ID="ID_DENY_D_196" FriendlyName="PowerShell 196" Hash="A22761E2BF18F02BB630962E3C5E32738770AAEA77F8EDA233E77792EB480072"/>
+    <Deny ID="ID_DENY_D_197" FriendlyName="PowerShell 197" Hash="6FE6723A355DEB4BC6B8637A634D1B43AFA64112"/>
+    <Deny ID="ID_DENY_D_198" FriendlyName="PowerShell 198" Hash="9BCC55A97A275F7D81110877F1BB5B41F86A848EA02B4EE1E1E6A44D927A488F"/>
+    <Deny ID="ID_DENY_D_199" FriendlyName="PowerShell 199" Hash="8D5599B34BED4A660DACC0922F6C2F112F264758"/>
+    <Deny ID="ID_DENY_D_200" FriendlyName="PowerShell 200" Hash="F375014915E5E027F697B29201362B56F2D9E598247C96F86ABADCC6FF42F034"/>
+    <Deny ID="ID_DENY_D_201" FriendlyName="PowerShell 201" Hash="CCFB247A3BCA9C64D82F647F3D30A3172E645F13"/>
+    <Deny ID="ID_DENY_D_202" FriendlyName="PowerShell 202" Hash="5E52ABBC051368315F078D31F01B0C1B904C1DDB6D1C1E4A91BE276BDF44C66F"/>
+    <Deny ID="ID_DENY_D_203" FriendlyName="PowerShell 203" Hash="E8EB859531F426CC45A3CB9118F399C92054563E"/>
+    <Deny ID="ID_DENY_D_204" FriendlyName="PowerShell 204" Hash="CD9E1D41F8D982F4AA6C610A2EFEAEBA5B0CDD883DF4A86FA0180ACD333CAA86"/>
+    <Deny ID="ID_DENY_D_205" FriendlyName="PowerShell 205" Hash="C92D4EAC917EE4842A437C54F96D87F003199DE8"/>
+    <Deny ID="ID_DENY_D_206" FriendlyName="PowerShell 206" Hash="3A270242EB49E06405FD654FA4954B166297BBC886891C64B4424134C39872DB"/>
+    <Deny ID="ID_DENY_D_207" FriendlyName="PowerShell 207" Hash="66681D9171981216B31996429695931DA2A638B9"/>
+    <Deny ID="ID_DENY_D_208" FriendlyName="PowerShell 208" Hash="7A2DF7D56912CB4EB5B36D071496EDC97661086B0E4C9CC5D9C61779A5A7DAAA"/>
+    <Deny ID="ID_DENY_D_209" FriendlyName="PowerShell 209" Hash="9DCA54C85E4C645CB296FE3055E90255B6506A95"/>
+    <Deny ID="ID_DENY_D_210" FriendlyName="PowerShell 210" Hash="8C9C58AD12FE61CBF021634EC6A4B3094750FC002DA224423E0BCEB01ECF292A"/>
+    <Deny ID="ID_DENY_D_211" FriendlyName="PowerShell 211" Hash="3AF2587E8B62F88DC363D7F5308EE4C1A6147338"/>
+    <Deny ID="ID_DENY_D_212" FriendlyName="PowerShell 212" Hash="D32D88F158FD341E32708CCADD48C426D227D0EC8465FF4304C7B7EAC2C6A93E"/>
+    <Deny ID="ID_DENY_D_213" FriendlyName="PowerShell 213" Hash="D3D453EBC368DF7CC2200474035E5898B58D93F1"/>
+    <Deny ID="ID_DENY_D_214" FriendlyName="PowerShell 214" Hash="BBE569BCC282B3AF682C1528D4E3BC53C1A0C6B5905FA34ADB4305160967B64A"/>
+    <Deny ID="ID_DENY_D_215" FriendlyName="PowerShell 215" Hash="D147CE5C7E7037D1BE3C0AF67EDB6F528C77DB0A"/>
+    <Deny ID="ID_DENY_D_216" FriendlyName="PowerShell 216" Hash="11F936112832738AD9B3A1C67537D5542DE8E86856CF2A5893C4D26CF3A2C558"/>
+    <Deny ID="ID_DENY_D_217" FriendlyName="PowerShell 217" Hash="7DBB41B87FAA887DE456C8E6A72E09D2839FA1E7"/>
+    <Deny ID="ID_DENY_D_218" FriendlyName="PowerShell 218" Hash="3741F3D2F264E047339C95A66085599A49766DEF1C5BD0C32237CE87FA0B41FB"/>
+    <Deny ID="ID_DENY_D_219" FriendlyName="PowerShell 219" Hash="5F3AECC89BAF094EAFA3C25E6B883EE68A6F00B0"/>
+    <Deny ID="ID_DENY_D_220" FriendlyName="PowerShell 220" Hash="AA085BE6498D2E3F527F3D72A5D1C604508133F0CDC05AD404BB49E8E3FB1A1B"/>
+    <Deny ID="ID_DENY_D_221" FriendlyName="PowerShell 221" Hash="DDE4D9A08514347CDE706C42920F43523FC74DEA"/>
+    <Deny ID="ID_DENY_D_222" FriendlyName="PowerShell 222" Hash="81835C6294B96282A4D7D70383BBF797C2E4E7CEF99648F85DDA50F7F41B02F6"/>
+    <Deny ID="ID_DENY_D_223" FriendlyName="PowerShell 223" Hash="48092864C96C4BF9B68B5006EAEDAB8B57B3738C"/>
+    <Deny ID="ID_DENY_D_224" FriendlyName="PowerShell 224" Hash="36EF3BED9A5D0D563BCB354BFDD2931F6256759D1D905BA5DC21CDA496F2FEB7"/>
+    <Deny ID="ID_DENY_D_225" FriendlyName="PowerShell 225" Hash="7F6725BA8CCD2DAEEFD0C9590A5DF9D98642CCEA"/>
+    <Deny ID="ID_DENY_D_226" FriendlyName="PowerShell 226" Hash="DB68DB3AE32A8A662AA6EE16CF459124D2701719D019B614CE9BF115F5F9C904"/>
+    <Deny ID="ID_DENY_D_227" FriendlyName="PowerShell 227" Hash="FF205856A3209227D571EAD4B8C1E611E7FF9924"/>
+    <Deny ID="ID_DENY_D_228" FriendlyName="PowerShell 228" Hash="A63B38CE17DA60C4C431FC42C4507A0B7C19B384AC9E121E2988AD026E71ED63"/>
+    <Deny ID="ID_DENY_D_229" FriendlyName="PowerShell 229" Hash="479C9429691314D3E21E4F4CA8B95D5BD2BDDEDA"/>
+    <Deny ID="ID_DENY_D_230" FriendlyName="PowerShell 230" Hash="2BA4E369D267A9ABDEBA50DA2CB5FC56A8EE4382C5BCFCFFD121350B88A6F0E1"/>
+    <Deny ID="ID_DENY_D_231" FriendlyName="PowerShell 231" Hash="C7D70B96440D215173F35412D56CF9329886D8D3"/>
+    <Deny ID="ID_DENY_D_232" FriendlyName="PowerShell 232" Hash="B00C54F1AA77D88335675EAF07ED834E68FD96DD7606914C2867F9C506AB0A56"/>
+    <Deny ID="ID_DENY_D_233" FriendlyName="PowerShell 233" Hash="2AB804E1FF982AE0EDB591BC61AA909CF32E99C5"/>
+    <Deny ID="ID_DENY_D_234" FriendlyName="PowerShell 234" Hash="253120422B0DD987C293CAF5928FA820414C0A01622FD0EAF304A750FC5AEEFE"/>
+    <Deny ID="ID_DENY_D_235" FriendlyName="PowerShell 235" Hash="8DAB1D74CAEDBAA8D17805CF00D64A44F5831C12"/>
+    <Deny ID="ID_DENY_D_236" FriendlyName="PowerShell 236" Hash="AC1CE3AA9023E23F2F63D5A3536294B914686057336402E059DEF6559D1CE723"/>
+    <Deny ID="ID_DENY_D_237" FriendlyName="PowerShell 237" Hash="993425279D204D1D14C3EB989DEB4805ADC558CF"/>
+    <Deny ID="ID_DENY_D_238" FriendlyName="PowerShell 238" Hash="BDADDD710E47EB8D24B78E542F3996B0EA2CA577ABD515785819302DB15839DD"/>
+    <Deny ID="ID_DENY_D_239" FriendlyName="PowerShell 239" Hash="F4DB0CDF3A3FD163A9B90789CC6D14D326AD609C"/>
+    <Deny ID="ID_DENY_D_240" FriendlyName="PowerShell 240" Hash="5D249D8366077713024552CA8D08F164E975AFF89E8909E35A43F02B0DC66F70"/>
+    <Deny ID="ID_DENY_D_241" FriendlyName="PowerShell 241" Hash="5B8E45EECA32C2F0968C2252229D768B0DB796A0"/>
+    <Deny ID="ID_DENY_D_242" FriendlyName="PowerShell 242" Hash="B4D336B32C27E3D3FEBE4B06252DDE9683814E7E903C98448972AAB7389DFC02"/>
+    <Deny ID="ID_DENY_D_243" FriendlyName="PowerShell 243" Hash="4F5D66B449C4D2FDEA532F9B5DBECA5ACA8195EF"/>
+    <Deny ID="ID_DENY_D_244" FriendlyName="PowerShell 244" Hash="39F2F19A5C6708CE8CE4E1ABBEBA8D3D1A6220391CA86B2D319E347B46005C97"/>
+    <Deny ID="ID_DENY_D_245" FriendlyName="PowerShell 245" Hash="4BFB3F95CA1B79DA3C6B0A2ECB432059E686F967"/>
+    <Deny ID="ID_DENY_D_246" FriendlyName="PowerShell 246" Hash="0C4688AACD02829850DE0F792AC06D3C87895412A910EA76F7F9BF31B3B4A3E9"/>
+    <Deny ID="ID_DENY_D_247" FriendlyName="PowerShell 247" Hash="6DC048AFA50B5B1B0AD7DD3125AC83D46FED730A"/>
+    <Deny ID="ID_DENY_D_248" FriendlyName="PowerShell 248" Hash="432F666CCE8CD222484E263AE02F63E0038143DD6AD07B3EB1633CD3C498C13D"/>
 
-    <Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="DED853481A176999723413685A79B36DD0F120F9" />
-    <Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="D027E09D9D9828A87701288EFC91D240C0DEC2C3" />
-    <Deny ID="ID_DENY_D_3" FriendlyName="Powershell 3" Hash="46936F4F0AFE4C87D2E55595F74DDDFFC9AD94EE" />
-    <Deny ID="ID_DENY_D_4" FriendlyName="Powershell 4" Hash="5090F22BB9C0B168C7F5E9E800784A05AFCCBC4F" />
-    <Deny ID="ID_DENY_D_5" FriendlyName="Powershell 5" Hash="A920D0706FCEA648D28638E9198BCC368996B8FD" />
-    <Deny ID="ID_DENY_D_6" FriendlyName="Powershell 6" Hash="93E22F2BA6C8B1C09F100F9C0E3B06FAF2D1DDB6" />
-    <Deny ID="ID_DENY_D_7" FriendlyName="Powershell 7" Hash="943E307BE7B0B381715CA5CC0FAB7B558025BA80" />
-    <Deny ID="ID_DENY_D_8" FriendlyName="Powershell 8" Hash="DE6A02520E1D7325025F2761A97D36E407E8490C" />
-    <Deny ID="ID_DENY_D_9" FriendlyName="Powershell 9" Hash="CC968868EDC6718DA14DDDB11228A04D5D5BD9A5" />
-    <Deny ID="ID_DENY_D_10" FriendlyName="Powershell 10" Hash="789D0657689DB6F0900A787BEF52A449585A92B5" />
-    <Deny ID="ID_DENY_D_11" FriendlyName="Powershell 11" Hash="F29A958287788A6EEDE6035D49EF5CB85EEC40D214FDDE5A0C6CAA65AFC00EEC" />
-    <Deny ID="ID_DENY_D_12" FriendlyName="Powershell 12" Hash="84BB081141DA50B3839CD275FF34854F53AECB96CA9AEB8BCD24355C33C1E73E" />
-    <Deny ID="ID_DENY_D_13" FriendlyName="Powershell 13" Hash="8D396FEAEED1F0CA709B62B1F27EDC9CCEFF95E3473C923624362A042E91D787" />
-    <Deny ID="ID_DENY_D_14" FriendlyName="Powershell 14" Hash="7BF44433D3A606104778F64B11B92C52FC99C4BA570C50B70438275D0B587B8E" />
-    <Deny ID="ID_DENY_D_15" FriendlyName="Powershell 15" Hash="6B3CB996EC5129D345830C3D6D5C7C009372FFD9F08837E8B2572AB31E9648A5" />
-    <Deny ID="ID_DENY_D_16" FriendlyName="Powershell 16" Hash="C3A5DAB20947CA8FD092E75C25177E7BAE7884CA58710F14827144C09EA1F94B" />
-    <Deny ID="ID_DENY_D_17" FriendlyName="Powershell 17" Hash="BE3FFE10CDE8B62C3E8FD4D8198F272B6BD15364A33362BB07A0AFF6731DABA1" />
-    <Deny ID="ID_DENY_D_18" FriendlyName="Powershell 18" Hash="75288A0CF0806A68D8DA721538E64038D755BBE74B52F4B63FEE5049AE868AC0" />
-    <Deny ID="ID_DENY_D_19" FriendlyName="Powershell 19" Hash="F875E43E12685ECE0BA2D42D55A13798CE9F1FFDE3CAE253D2529F4304811A52" />
-    <Deny ID="ID_DENY_D_20" FriendlyName="Powershell 20" Hash="6D89FDD29D50C07801FB01F031CDB96E2E14288F066BD895356AE0517ABB09CE" />
-    <Deny ID="ID_DENY_D_21" FriendlyName="Powershell 21" Hash="326669C4A31E2049E3750BCF4287241BB8B555B3670D31A1ACA74C3AC598DF81" />
-    <Deny ID="ID_DENY_D_22" FriendlyName="Powershell 22" Hash="38DC1956313B160696A172074C6F5DA9852BF508F55AFB7FA079B98F2849AFB5" />
-    <Deny ID="ID_DENY_D_23" FriendlyName="Powershell 23" Hash="C6C073A80A8E76DC13E724B5E66FE4035A19CCA0C1AF3FABBC18E5185D1B66CB" />
-    <Deny ID="ID_DENY_D_24" FriendlyName="Powershell 24" Hash="9EA4BD3D8FB8F490E8099E0412F091E545AF028E3C4CAF179324B679124D1742" />
-    <Deny ID="ID_DENY_D_25" FriendlyName="Powershell 25" Hash="CD83C3C293EC4D24D3328C74881FA04AAF9CCF73E099631A9EB100BD0F384F58" />
-    <Deny ID="ID_DENY_D_26" FriendlyName="Powershell 26" Hash="74E207F539C4EAC648A5507EB158AEE9F6EA401E51808E83E73709CFA0820FDD" />
-    <Deny ID="ID_DENY_D_27" FriendlyName="Powershell 27" Hash="148972F670E18790D62D753E01ED8D22B351A57E45544D88ACE380FEDAF24A40" />
-    <Deny ID="ID_DENY_D_28" FriendlyName="Powershell 28" Hash="72E4EC687CFE357F3E681A7500B6FF009717A2E9538956908D3B52B9C865C189" />
-    <Deny ID="ID_DENY_D_29" FriendlyName="Powershell 29" Hash="F16E605B55774CDFFDB0EB99FAFF43A40622ED2AB1C011D1195878F4B20030BC" />
-    <Deny ID="ID_DENY_D_30" FriendlyName="Powershell 30" Hash="BD3139CE7553AC7003C96304F08EAEC2CDB2CC6A869D36D6F1E478DA02D3AA16" />
-    <Deny ID="ID_DENY_D_31" FriendlyName="Powershell 31" Hash="71FC552E66327EDAA72D72C362846BD80CB65EECFAE95C4D790C9A2330D95EE6" />
-    <Deny ID="ID_DENY_D_32" FriendlyName="Powershell 32" Hash="A1D1AF7675C2596D0DF977F57B54372298A56EE0F3E1FF2D974D387D7F69DD4E" />
-    <Deny ID="ID_DENY_D_33" FriendlyName="Powershell 33" Hash="0D905709AB1174F8E12A063F259A52DABE85CAEB8018985F5411F1CE9C6C99C3" />
-    <Deny ID="ID_DENY_D_34" FriendlyName="Powershell 34" Hash="939C291D4A2592209EC7664EC832670FA0AC1009F974F47489D866751F4B862F" />
   </FileRules>
   <!--Signers-->
   <Signers />
@@ -178,21 +391,20 @@ Microsoft recommends that you block the following Microsoft-signed applications
           <FileRuleRef RuleID="ID_DENY_BGINFO"/>
           <FileRuleRef RuleID="ID_DENY_CBD"/>
           <FileRuleRef RuleID="ID_DENY_KD"/>
-          <FileRuleRef RuleID="ID_DENY_NTKD"/>
-          <FileRuleRef RuleID="ID_DENY_WINDBG"/>
-          <FileRuleRef RuleID="ID_DENY_MSBUILD"/>
-          <FileRuleRef RuleID="ID_DENY_CSI"/>
-          <FileRuleRef RuleID="ID_DENY_DBGHOST"/>
-          <FileRuleRef RuleID="ID_DENY_DBGSVC"/>
-          <FileRuleRef RuleID="ID_DENY_DNX"/>
-          <FileRuleRef RuleID="ID_DENY_RCSI"/>
-          <FileRuleRef RuleID="ID_DENY_NTSD"/>
-          <FileRuleRef RuleID="ID_DENY_LXSS"/>
-          <FileRuleRef RuleID="ID_DENY_BASH"/>
-          <FileRuleRef RuleID="ID_DENY_FSI"/>
-          <FileRuleRef RuleID="ID_DENY_FSI_ANYCPU"/>
-          <FileRuleRef RuleID="ID_DENY_MSHTA"/>
-          <FileRuleRef RuleID="ID_DENY_SMA"/>
+          <FileRuleRef RuleID="ID_DENY_NTKD" />
+          <FileRuleRef RuleID="ID_DENY_WINDBG" />
+          <FileRuleRef RuleID="ID_DENY_MSBUILD" />
+          <FileRuleRef RuleID="ID_DENY_CSI" />
+          <FileRuleRef RuleID="ID_DENY_DBGHOST" />
+          <FileRuleRef RuleID="ID_DENY_DBGSVC" />
+          <FileRuleRef RuleID="ID_DENY_DNX" />
+          <FileRuleRef RuleID="ID_DENY_RCSI" />
+          <FileRuleRef RuleID="ID_DENY_NTSD" />
+          <FileRuleRef RuleID="ID_DENY_LXSS" />
+          <FileRuleRef RuleID="ID_DENY_BASH" />
+          <FileRuleRef RuleID="ID_DENY_FSI" />
+          <FileRuleRef RuleID="ID_DENY_FSI_ANYCPU" />
+          <FileRuleRef RuleID="ID_DENY_MSHTA" />
           <FileRuleRef RuleID="ID_DENY_D_1" />
           <FileRuleRef RuleID="ID_DENY_D_2" />
           <FileRuleRef RuleID="ID_DENY_D_3" />
@@ -219,19 +431,233 @@ Microsoft recommends that you block the following Microsoft-signed applications
           <FileRuleRef RuleID="ID_DENY_D_24" />
           <FileRuleRef RuleID="ID_DENY_D_25" />
           <FileRuleRef RuleID="ID_DENY_D_26" />
-          <FileRuleRef RuleID="ID_DENY_D_27" />
-          <FileRuleRef RuleID="ID_DENY_D_28" />
-          <FileRuleRef RuleID="ID_DENY_D_29" />
-          <FileRuleRef RuleID="ID_DENY_D_30" />
-          <FileRuleRef RuleID="ID_DENY_D_31" />
-          <FileRuleRef RuleID="ID_DENY_D_32" />
-          <FileRuleRef RuleID="ID_DENY_D_33" />
-          <FileRuleRef RuleID="ID_DENY_D_34" />
+          <FileRuleRef RuleID="ID_DENY_D_27"/>
+          <FileRuleRef RuleID="ID_DENY_D_28"/>
+          <FileRuleRef RuleID="ID_DENY_D_29"/>
+          <FileRuleRef RuleID="ID_DENY_D_30"/>
+          <FileRuleRef RuleID="ID_DENY_D_31"/>
+          <FileRuleRef RuleID="ID_DENY_D_32"/>
+          <FileRuleRef RuleID="ID_DENY_D_33"/>
+          <FileRuleRef RuleID="ID_DENY_D_34"/>
+          <FileRuleRef RuleID="ID_DENY_D_35"/>
+          <FileRuleRef RuleID="ID_DENY_D_36"/>
+          <FileRuleRef RuleID="ID_DENY_D_37"/>
+          <FileRuleRef RuleID="ID_DENY_D_38"/>
+          <FileRuleRef RuleID="ID_DENY_D_39"/>
+          <FileRuleRef RuleID="ID_DENY_D_40"/>
+          <FileRuleRef RuleID="ID_DENY_D_41"/>
+          <FileRuleRef RuleID="ID_DENY_D_42"/>
+          <FileRuleRef RuleID="ID_DENY_D_43"/>
+          <FileRuleRef RuleID="ID_DENY_D_44"/>
+          <FileRuleRef RuleID="ID_DENY_D_45"/>
+          <FileRuleRef RuleID="ID_DENY_D_46"/>
+          <FileRuleRef RuleID="ID_DENY_D_47"/>
+          <FileRuleRef RuleID="ID_DENY_D_48"/>
+          <FileRuleRef RuleID="ID_DENY_D_49"/>
+          <FileRuleRef RuleID="ID_DENY_D_50"/>
+          <FileRuleRef RuleID="ID_DENY_D_51"/>
+          <FileRuleRef RuleID="ID_DENY_D_52"/>
+          <FileRuleRef RuleID="ID_DENY_D_53"/>
+          <FileRuleRef RuleID="ID_DENY_D_54"/>
+          <FileRuleRef RuleID="ID_DENY_D_55"/>
+          <FileRuleRef RuleID="ID_DENY_D_56"/>
+          <FileRuleRef RuleID="ID_DENY_D_57"/>
+          <FileRuleRef RuleID="ID_DENY_D_58"/>
+          <FileRuleRef RuleID="ID_DENY_D_59"/>
+          <FileRuleRef RuleID="ID_DENY_D_60"/>
+          <FileRuleRef RuleID="ID_DENY_D_61"/>
+          <FileRuleRef RuleID="ID_DENY_D_62"/>
+          <FileRuleRef RuleID="ID_DENY_D_63"/>
+          <FileRuleRef RuleID="ID_DENY_D_64"/>
+          <FileRuleRef RuleID="ID_DENY_D_65"/>
+          <FileRuleRef RuleID="ID_DENY_D_66"/>
+          <FileRuleRef RuleID="ID_DENY_D_67"/>
+          <FileRuleRef RuleID="ID_DENY_D_68"/>
+          <FileRuleRef RuleID="ID_DENY_D_69"/>
+          <FileRuleRef RuleID="ID_DENY_D_70"/>
+          <FileRuleRef RuleID="ID_DENY_D_71"/>
+          <FileRuleRef RuleID="ID_DENY_D_72"/>
+          <FileRuleRef RuleID="ID_DENY_D_73"/>
+          <FileRuleRef RuleID="ID_DENY_D_74"/>
+          <FileRuleRef RuleID="ID_DENY_D_75"/>
+          <FileRuleRef RuleID="ID_DENY_D_76"/>
+          <FileRuleRef RuleID="ID_DENY_D_77"/>
+          <FileRuleRef RuleID="ID_DENY_D_78"/>
+          <FileRuleRef RuleID="ID_DENY_D_79"/>
+          <FileRuleRef RuleID="ID_DENY_D_80"/>
+          <FileRuleRef RuleID="ID_DENY_D_81"/>
+          <FileRuleRef RuleID="ID_DENY_D_82"/>
+          <FileRuleRef RuleID="ID_DENY_D_83"/>
+          <FileRuleRef RuleID="ID_DENY_D_84"/>
+          <FileRuleRef RuleID="ID_DENY_D_85"/>
+          <FileRuleRef RuleID="ID_DENY_D_86"/>
+          <FileRuleRef RuleID="ID_DENY_D_87"/>
+          <FileRuleRef RuleID="ID_DENY_D_88"/>
+          <FileRuleRef RuleID="ID_DENY_D_89"/>
+          <FileRuleRef RuleID="ID_DENY_D_90"/>
+          <FileRuleRef RuleID="ID_DENY_D_91"/>
+          <FileRuleRef RuleID="ID_DENY_D_92"/>
+          <FileRuleRef RuleID="ID_DENY_D_93"/>
+          <FileRuleRef RuleID="ID_DENY_D_94"/>
+          <FileRuleRef RuleID="ID_DENY_D_95"/>
+          <FileRuleRef RuleID="ID_DENY_D_96"/>
+          <FileRuleRef RuleID="ID_DENY_D_97"/>
+          <FileRuleRef RuleID="ID_DENY_D_98"/>
+          <FileRuleRef RuleID="ID_DENY_D_99"/>
+          <FileRuleRef RuleID="ID_DENY_D_100"/>
+          <FileRuleRef RuleID="ID_DENY_D_101"/>
+          <FileRuleRef RuleID="ID_DENY_D_102"/>
+          <FileRuleRef RuleID="ID_DENY_D_103"/>
+          <FileRuleRef RuleID="ID_DENY_D_104"/>
+          <FileRuleRef RuleID="ID_DENY_D_105"/>
+          <FileRuleRef RuleID="ID_DENY_D_106"/>
+          <FileRuleRef RuleID="ID_DENY_D_107"/>
+          <FileRuleRef RuleID="ID_DENY_D_108"/>
+          <FileRuleRef RuleID="ID_DENY_D_109"/>
+          <FileRuleRef RuleID="ID_DENY_D_110"/>
+          <FileRuleRef RuleID="ID_DENY_D_111"/>
+          <FileRuleRef RuleID="ID_DENY_D_112"/>
+          <FileRuleRef RuleID="ID_DENY_D_113"/>
+          <FileRuleRef RuleID="ID_DENY_D_114"/>
+          <FileRuleRef RuleID="ID_DENY_D_115"/>
+          <FileRuleRef RuleID="ID_DENY_D_116"/>
+          <FileRuleRef RuleID="ID_DENY_D_117"/>
+          <FileRuleRef RuleID="ID_DENY_D_118"/>
+          <FileRuleRef RuleID="ID_DENY_D_119"/>
+          <FileRuleRef RuleID="ID_DENY_D_120"/>
+          <FileRuleRef RuleID="ID_DENY_D_121"/>
+          <FileRuleRef RuleID="ID_DENY_D_122"/>
+          <FileRuleRef RuleID="ID_DENY_D_123"/>
+          <FileRuleRef RuleID="ID_DENY_D_124"/>
+          <FileRuleRef RuleID="ID_DENY_D_125"/>
+          <FileRuleRef RuleID="ID_DENY_D_126"/>
+          <FileRuleRef RuleID="ID_DENY_D_127"/>
+          <FileRuleRef RuleID="ID_DENY_D_128"/>
+          <FileRuleRef RuleID="ID_DENY_D_129"/>
+          <FileRuleRef RuleID="ID_DENY_D_130"/>
+          <FileRuleRef RuleID="ID_DENY_D_131"/>
+          <FileRuleRef RuleID="ID_DENY_D_132"/>
+          <FileRuleRef RuleID="ID_DENY_D_133"/>
+          <FileRuleRef RuleID="ID_DENY_D_134"/>
+          <FileRuleRef RuleID="ID_DENY_D_135"/>
+          <FileRuleRef RuleID="ID_DENY_D_136"/>
+          <FileRuleRef RuleID="ID_DENY_D_137"/>
+          <FileRuleRef RuleID="ID_DENY_D_138"/>
+          <FileRuleRef RuleID="ID_DENY_D_139"/>
+          <FileRuleRef RuleID="ID_DENY_D_140"/>
+          <FileRuleRef RuleID="ID_DENY_D_141"/>
+          <FileRuleRef RuleID="ID_DENY_D_142"/>
+          <FileRuleRef RuleID="ID_DENY_D_143"/>
+          <FileRuleRef RuleID="ID_DENY_D_144"/>
+          <FileRuleRef RuleID="ID_DENY_D_145"/>
+          <FileRuleRef RuleID="ID_DENY_D_146"/>
+          <FileRuleRef RuleID="ID_DENY_D_147"/>
+          <FileRuleRef RuleID="ID_DENY_D_148"/>
+          <FileRuleRef RuleID="ID_DENY_D_149"/>
+          <FileRuleRef RuleID="ID_DENY_D_150"/>
+          <FileRuleRef RuleID="ID_DENY_D_151"/>
+          <FileRuleRef RuleID="ID_DENY_D_152"/>
+          <FileRuleRef RuleID="ID_DENY_D_153"/>
+          <FileRuleRef RuleID="ID_DENY_D_154"/>
+          <FileRuleRef RuleID="ID_DENY_D_155"/>
+          <FileRuleRef RuleID="ID_DENY_D_156"/>
+          <FileRuleRef RuleID="ID_DENY_D_157"/>
+          <FileRuleRef RuleID="ID_DENY_D_158"/>
+          <FileRuleRef RuleID="ID_DENY_D_159"/>
+          <FileRuleRef RuleID="ID_DENY_D_160"/>
+          <FileRuleRef RuleID="ID_DENY_D_161"/>
+          <FileRuleRef RuleID="ID_DENY_D_162"/>
+          <FileRuleRef RuleID="ID_DENY_D_163"/>
+          <FileRuleRef RuleID="ID_DENY_D_164"/>
+          <FileRuleRef RuleID="ID_DENY_D_165"/>
+          <FileRuleRef RuleID="ID_DENY_D_166"/>
+          <FileRuleRef RuleID="ID_DENY_D_167"/>
+          <FileRuleRef RuleID="ID_DENY_D_168"/>
+          <FileRuleRef RuleID="ID_DENY_D_169"/>
+          <FileRuleRef RuleID="ID_DENY_D_170"/>
+          <FileRuleRef RuleID="ID_DENY_D_171"/>
+          <FileRuleRef RuleID="ID_DENY_D_172"/>
+          <FileRuleRef RuleID="ID_DENY_D_173"/>
+          <FileRuleRef RuleID="ID_DENY_D_174"/>
+          <FileRuleRef RuleID="ID_DENY_D_175"/>
+          <FileRuleRef RuleID="ID_DENY_D_176"/>
+          <FileRuleRef RuleID="ID_DENY_D_177"/>
+          <FileRuleRef RuleID="ID_DENY_D_178"/>
+          <FileRuleRef RuleID="ID_DENY_D_179"/>
+          <FileRuleRef RuleID="ID_DENY_D_180"/>
+          <FileRuleRef RuleID="ID_DENY_D_181"/>
+          <FileRuleRef RuleID="ID_DENY_D_182"/>
+          <FileRuleRef RuleID="ID_DENY_D_183"/>
+          <FileRuleRef RuleID="ID_DENY_D_184"/>
+          <FileRuleRef RuleID="ID_DENY_D_185"/>
+          <FileRuleRef RuleID="ID_DENY_D_186"/>
+          <FileRuleRef RuleID="ID_DENY_D_187"/>
+          <FileRuleRef RuleID="ID_DENY_D_188"/>
+          <FileRuleRef RuleID="ID_DENY_D_189"/>
+          <FileRuleRef RuleID="ID_DENY_D_190"/>
+          <FileRuleRef RuleID="ID_DENY_D_191"/>
+          <FileRuleRef RuleID="ID_DENY_D_192"/>
+          <FileRuleRef RuleID="ID_DENY_D_193"/>
+          <FileRuleRef RuleID="ID_DENY_D_194"/>
+          <FileRuleRef RuleID="ID_DENY_D_195"/>
+          <FileRuleRef RuleID="ID_DENY_D_196"/>
+          <FileRuleRef RuleID="ID_DENY_D_197"/>
+          <FileRuleRef RuleID="ID_DENY_D_198"/>
+          <FileRuleRef RuleID="ID_DENY_D_199"/>
+          <FileRuleRef RuleID="ID_DENY_D_200"/>
+          <FileRuleRef RuleID="ID_DENY_D_201"/>
+          <FileRuleRef RuleID="ID_DENY_D_202"/>
+          <FileRuleRef RuleID="ID_DENY_D_203"/>
+          <FileRuleRef RuleID="ID_DENY_D_204"/>
+          <FileRuleRef RuleID="ID_DENY_D_205"/>
+          <FileRuleRef RuleID="ID_DENY_D_206"/>
+          <FileRuleRef RuleID="ID_DENY_D_207"/>
+          <FileRuleRef RuleID="ID_DENY_D_208"/>
+          <FileRuleRef RuleID="ID_DENY_D_209"/>
+          <FileRuleRef RuleID="ID_DENY_D_210"/>
+          <FileRuleRef RuleID="ID_DENY_D_211"/>
+          <FileRuleRef RuleID="ID_DENY_D_212"/>
+          <FileRuleRef RuleID="ID_DENY_D_213"/>
+          <FileRuleRef RuleID="ID_DENY_D_214"/>
+          <FileRuleRef RuleID="ID_DENY_D_215"/>
+          <FileRuleRef RuleID="ID_DENY_D_216"/>
+          <FileRuleRef RuleID="ID_DENY_D_217"/>
+          <FileRuleRef RuleID="ID_DENY_D_218"/>
+          <FileRuleRef RuleID="ID_DENY_D_219"/>
+          <FileRuleRef RuleID="ID_DENY_D_220"/>
+          <FileRuleRef RuleID="ID_DENY_D_221"/>
+          <FileRuleRef RuleID="ID_DENY_D_222"/>
+          <FileRuleRef RuleID="ID_DENY_D_223"/>
+          <FileRuleRef RuleID="ID_DENY_D_224"/>
+          <FileRuleRef RuleID="ID_DENY_D_225"/>
+          <FileRuleRef RuleID="ID_DENY_D_226"/>
+          <FileRuleRef RuleID="ID_DENY_D_227"/>
+          <FileRuleRef RuleID="ID_DENY_D_228"/>
+          <FileRuleRef RuleID="ID_DENY_D_229"/>
+          <FileRuleRef RuleID="ID_DENY_D_230"/>
+          <FileRuleRef RuleID="ID_DENY_D_231"/>
+          <FileRuleRef RuleID="ID_DENY_D_232"/>
+          <FileRuleRef RuleID="ID_DENY_D_233"/>
+          <FileRuleRef RuleID="ID_DENY_D_234"/>
+          <FileRuleRef RuleID="ID_DENY_D_235"/>
+          <FileRuleRef RuleID="ID_DENY_D_236"/>
+          <FileRuleRef RuleID="ID_DENY_D_237"/>
+          <FileRuleRef RuleID="ID_DENY_D_238"/>
+          <FileRuleRef RuleID="ID_DENY_D_239"/>
+          <FileRuleRef RuleID="ID_DENY_D_240"/>
+          <FileRuleRef RuleID="ID_DENY_D_241"/>
+          <FileRuleRef RuleID="ID_DENY_D_242"/>
+          <FileRuleRef RuleID="ID_DENY_D_243"/>
+          <FileRuleRef RuleID="ID_DENY_D_244"/>
+          <FileRuleRef RuleID="ID_DENY_D_245"/>
+          <FileRuleRef RuleID="ID_DENY_D_246"/>
+          <FileRuleRef RuleID="ID_DENY_D_247"/>
+          <FileRuleRef RuleID="ID_DENY_D_248"/>
         </FileRulesRef>
       </ProductSigners>
     </SigningScenario>
   </SigningScenarios>
-  <UpdatePolicySigners />
+  <UpdatePolicySigners />v
   <CiSigners />
   <HvciOptions>0</HvciOptions>
 </SiPolicy>

From 0f7ccbfe983dcdde62d5e307957b9e6bd87535c0 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Tue, 10 Oct 2017 10:17:41 -0700
Subject: [PATCH 2/5] Fix typo

---
 .../device-guard/deploy-code-integrity-policies-steps.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md b/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md
index 3af32baedf..8c523bb65d 100644
--- a/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md
+++ b/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md
@@ -78,7 +78,7 @@ Microsoft recommends that you install the latest security updates. The June 2017
 
 For October 2017, we are announcing an update to system.management.automation.dll in which we are revoking older versions by hash values, instead of version rules.
 
-Microsoft recommends that you block the following icrosoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet:
+Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet:
 
 ```
 <?xml version="1.0" encoding="utf-8"?>

From 7d724f797976896c6adeedde639da77559ccab4c Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Tue, 10 Oct 2017 11:32:05 -0700
Subject: [PATCH 3/5] added visualuiaverifynative.exe

---
 .../device-guard/deploy-code-integrity-policies-steps.md      | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md b/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md
index 8c523bb65d..ca63dd6b20 100644
--- a/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md
+++ b/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md
@@ -122,6 +122,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
     <Deny  ID="ID_DENY_FSI"           FriendlyName="fsi.exe"            FileName="fsi.exe" MinimumFileVersion = "65535.65535.65535.65535" />
     <Deny  ID="ID_DENY_FSI_ANYCPU"    FriendlyName="fsiAnyCpu.exe"      FileName="fsiAnyCpu.exe" MinimumFileVersion = "65535.65535.65535.65535" />
     <Deny  ID="ID_DENY_MSHTA"         FriendlyName="mshta.exe"          FileName="mshta.exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_VISUALUIAVERIFY"         FriendlyName="visualuiaverifynative.exe"          FileName="visualuiaverifynative.exe" MinimumFileVersion = "65535.65535.65535.65535" />
 
     <Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6" />
     <Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF" />
@@ -405,6 +406,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
           <FileRuleRef RuleID="ID_DENY_FSI" />
           <FileRuleRef RuleID="ID_DENY_FSI_ANYCPU" />
           <FileRuleRef RuleID="ID_DENY_MSHTA" />
+          <FileRuleRef RuleID="ID_DENY_VISUALUIAVERIFY" />
           <FileRuleRef RuleID="ID_DENY_D_1" />
           <FileRuleRef RuleID="ID_DENY_D_2" />
           <FileRuleRef RuleID="ID_DENY_D_3" />
@@ -657,7 +659,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
       </ProductSigners>
     </SigningScenario>
   </SigningScenarios>
-  <UpdatePolicySigners />v
+  <UpdatePolicySigners />
   <CiSigners />
   <HvciOptions>0</HvciOptions>
 </SiPolicy>

From fe4f3f71e01386820634ef0fd0b34eca43e01c77 Mon Sep 17 00:00:00 2001
From: Nicholas Brower <nibr@microsoft.com>
Date: Tue, 10 Oct 2017 18:34:02 +0000
Subject: [PATCH 4/5] Merged PR 3675: Policy CSP bug fixes.

[Bug 13932995](https://microsoft.visualstudio.com/OS/_workitems/edit/13932995)
---
 .../mdm/policy-csp-applicationmanagement.md   |  7 -------
 .../mdm/policy-csp-authentication.md          |  7 -------
 .../mdm/policy-csp-browser.md                 |  8 ++++----
 .../mdm/policy-csp-experience.md              |  7 -------
 ...policy-csp-localpoliciessecurityoptions.md | 20 +++++++++----------
 .../mdm/policy-csp-notifications.md           |  7 -------
 .../client-management/mdm/policy-csp-start.md | 10 +---------
 .../mdm/policy-csp-wirelessdisplay.md         |  7 ++++++-
 8 files changed, 21 insertions(+), 52 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 7953580ab4..6f5802427e 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -496,13 +496,6 @@ ms.date: 09/29/2017
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows disabling of the retail catalog and only enables the Private store.
 
-> [!IMPORTANT]
-> This node must be accessed using the following paths:
->
-> -   **./User/Vendor/MSFT/Policy/Config/ApplicationManagement/RequirePrivateStoreOnly** to set the policy.
-> -   **./User/Vendor/MSFT/Policy/Result/ApplicationManagement/RequirePrivateStoreOnly** to get the result.
-
-
 <p style="margin-left: 20px">The following list shows the supported values:
 
 -   0 (default) – Allow both public and Private store.
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index d33bbd648c..9db44013c0 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -119,13 +119,6 @@ ms.date: 09/29/2017
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources.
 
-> [!IMPORTANT]
-> This node must be accessed using the following paths:
->
-> -   **./User/Vendor/MSFT/Policy/Config/Authentication/AllowEAPCertSSO** to set the policy.
-> -   **./User/Vendor/MSFT/Policy/Result/Authentication/AllowEAPCertSSO** to get the result.
-
-
 <p style="margin-left: 20px">The following list shows the supported values:
 
 -   0 – Not allowed.
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 2c7f399858..e31c570992 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 10/10/2017
 ---
 
 # Policy CSP - Browser
@@ -231,7 +231,7 @@ ms.date: 09/29/2017
 
 <p style="margin-left: 20px">To verify AllowAutofill is set to 0 (not allowed):
 
-1.  Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile.
+1.  Open Microsoft Edge.
 2.  In the upper-right corner of the browser, click **…**.
 3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
 4.  Verify the setting **Save form entries** is greyed out.
@@ -1177,8 +1177,8 @@ Employees cannot remove these search engines, but they can set any one as the de
 	<td></td>
 	<td><img src="images/checkmark.png" alt="check mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
 </table>
 
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 4dfcea0e83..8f2199edcd 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -736,13 +736,6 @@ ms.date: 09/29/2017
 
 <p style="margin-left: 20px">This policy allows IT admins to turn on experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles.
 
-> [!IMPORTANT]
-> This node must be accessed using the following paths:
->
-> -   **./User/Vendor/MSFT/Policy/Config/Experience/AllowWindowsConsumerFeatures** to set the policy.
-> -   **./User/Vendor/MSFT/Policy/Result/Experience/AllowWindowsConsumerFeatures** to get the result.
-
- 
 <p style="margin-left: 20px">The following list shows the supported values:
 
 -   0 – Not allowed.
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index f2c1e120e8..bb7fdbd8d7 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 10/05/2017
 ---
 
 # Policy CSP - LocalPoliciesSecurityOptions
@@ -999,17 +999,17 @@ This policy setting controls the behavior of the elevation prompt for administra
 
 The options are:
 
-• Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments.
+- 0 - Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments.
 
-• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
+- 1 - Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
 
-• Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+- 2 - Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
 
-• Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+- 3 - Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
 
-• Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+- 4 - Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
 
-• Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+- 5 - Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
 
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
@@ -1057,11 +1057,11 @@ This policy setting controls the behavior of the elevation prompt for standard u
 
 The options are:
 
-• Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+- 3 - Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
 
-• Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
+- 0 - Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
 
-• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+- 1 - Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
 
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index f85714b12c..4b0a9b5e62 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -64,13 +64,6 @@ ms.date: 09/29/2017
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Boolean value that turns off notification mirroring.
 
-> [!IMPORTANT]
-> This node must be accessed using the following paths:
->
-> -   **./User/Vendor/MSFT/Policy/Config/Notifications/DisallowNotificationMirroring** to set the policy.
-> -   **./User/Vendor/MSFT/Policy/Result/Notifications/DisallowNotificationMirroring** to get the result.
-
-
 <p style="margin-left: 20px">For each user logged into the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device will not get mirrored to other devices of the same logged in user. If you disable or do not configure this policy (set value to 0) the notifications received by this user on this device will be mirrored to other devices of the same logged in user. This feature can be turned off by apps that do not want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page.
 
 <p style="margin-left: 20px">No reboot or service restart is required for this policy to take effect.
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index f73f1b8331..03c3fb2ea4 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -1536,15 +1536,7 @@ ms.date: 09/29/2017
 <!--EndScope-->
 <!--StartDescription-->
 > [!IMPORTANT]
-> This node is set on a per-user basis and must be accessed using the following paths:
-> -   **./User/Vendor/MSFT/Policy/Config/Start/StartLayout** to configure the policy.
-> -   **./User/Vendor/MSFT/Policy/Result/Start/StartLayout** to query the current value of the policy.
->
->
-> Added in Windows 10 version 1703: In addition to being able to set this node on a per user-basis, it can now also be set on a per-device basis using the following paths:
-> -   **./Device/Vendor/MSFT/Policy/Config/Start/StartLayout** to configure the policy.
-> -   **./Device/Vendor/MSFT/Policy/Result/Start/StartLayout** to query the current value of the policy.
-
+> Added in Windows 10 version 1703: In addition to being able to set this node on a per user-basis, it can now also be set on a per-device basis. For more information, see [Policy scope](./policy-configuration-service-provider.md#policy-scope)
 
 <p style="margin-left: 20px">Allows you to override the default Start layout and prevents the user from changing it. If both user and device policies are set, the user policy will be used. Apps pinned to the taskbar can also be changed with this policy
 
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index 0d7ab2b543..e249ddea29 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -234,7 +234,12 @@ ms.date: 09/29/2017
 
 <!--EndScope-->
 <!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703.
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Setting this policy controls whether or not the wireless display can send input&#8212;keyboard, mouse, pen, and touch input if the display supports it&#8212;back to the source device.
+
+<p style="margin-left: 20px">Allowed values:
+
+-   0 - Wireless display input disabled.
+-   1 (default) - Wireless display input enabled.
 
 <!--EndDescription-->
 <!--EndPolicy-->

From 2fc6b0b6aa73e86000a4baf4197ab60dc2ca0dda Mon Sep 17 00:00:00 2001
From: Nicholas Brower <nibr@microsoft.com>
Date: Tue, 10 Oct 2017 18:39:41 +0000
Subject: [PATCH 5/5] Merged PR 3678: Intro section added to Olympia enrollment
 guidelines.

---
 .../olympia/olympia-enrollment-guidelines.md  | 28 ++++++++++++++++---
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
index fddd959017..03d4f5f475 100644
--- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
+++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
@@ -6,10 +6,30 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/14/2017
+ms.date: 09/15/2017
 ---
 
-# Olympia Corp enrollment guidelines
+# Olympia Corp
+
+## What is Windows Insider Lab for Enterprise and Olympia Corp?
+
+Windows Insider Lab for Enterprise is intended for Windows Insiders who want to try new experimental and pre-release Enterprise Privacy and Security features*. To get the complete experience of these Enterprise features, Olympia Corp, a virtual corporation has been set up to reflect the IT infrastructure of real world business. Selected customers are invited to join Olympia Corp and try these features.
+
+As an Olympia user, you will have an opportunity to: 
+
+-   Use various Enterprise features like WIP (Windows Information Protection), ATP (Advanced Threat Protection), WDAG (Windows Defender Application Guard), and APP-V (Application virtualization).
+-   Learn how Microsoft is preparing for GDPR, as well as enabling enterprise customers to prepare for their own readiness.
+-   Validate and test pre-release software in your environment.
+-   Provide feedback.
+-   Interact with engineering team members through a variety of communication channels.
+
+\* Enterprise features may have reduced, or different security, privacy, accessibility, availability, and reliability standards relative to commercially provided services and software. We may change or discontinue any of the Enterprise features at any time without notice.
+
+For more information about Olympia Corp, please see [https://olympia.windows.com/Info/FAQ](https://olympia.windows.com/Info/FAQ).
+
+To request an Olympia Corp account, please fill out the survey at [https://aka.ms/RegisterOlympia](https://aka.ms/RegisterOlympia).
+
+## Enrollment guidelines
 
 Welcome to Olympia Corp. Here are the steps to add your account to your PC.
 
@@ -23,7 +43,7 @@ Choose one of the following two enrollment options:
 
 <a id="enrollment-keep-current-edition"></a>
 
-## Keep your current Windows 10 edition
+### Keep your current Windows 10 edition
 
 1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your PC (see [local administrator](https://support.microsoft.com/en-us/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
 
@@ -57,7 +77,7 @@ Choose one of the following two enrollment options:
 
 <a id="enrollment-upgrade-to-enterprise"></a>
 
-## Upgrade your Windows 10 edition from Pro to Enterprise
+### Upgrade your Windows 10 edition from Pro to Enterprise
 
 1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your PC (see [local administrator](https://support.microsoft.com/en-us/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).