From 67bb581bc655d31f37723a93542482667bc79f0e Mon Sep 17 00:00:00 2001 From: jirenugo <57419984+jirenugo@users.noreply.github.com> Date: Tue, 14 Jul 2020 01:23:19 -0700 Subject: [PATCH 001/115] Update credential-guard-manage.md --- .../credential-guard/credential-guard-manage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 7e98cba59b..a046602eea 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -155,7 +155,7 @@ DG_Readiness_Tool_v3.6.ps1 -Ready - You should perform regular reviews of the PCs that have Windows Defender Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for: - **Event ID 13** Windows Defender Credential Guard (LsaIso.exe) was started and will protect LSA credentials. - **Event ID 14** Windows Defender Credential Guard (LsaIso.exe) configuration: 0x1, 0 - - The first variable: 0x1 means Windows Defender Credential Guard is configured to run. 0x0 means it's not configured to run. + - The first variable: 0x1 means Windows Defender Credential Guard is configured to run. 0x0 means it's not configured to run. 0x2 means Windows Defender Credential Guard is configured to run with UEFI lock - The second variable: 0 means it's configured to run in protect mode. 1 means it's configured to run in test mode. This variable should always be 0. - **Event ID 15** Windows Defender Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Windows Defender Credential Guard. - **Event ID 16** Windows Defender Credential Guard (LsaIso.exe) failed to launch: \[error code\] From ba7bb8c25d7dae16e5645091c26afc2c9bd35c96 Mon Sep 17 00:00:00 2001 From: Hao Chen Date: Wed, 22 Jul 2020 17:51:40 +0800 Subject: [PATCH 002/115] change http to https --- .../access-control/active-directory-security-groups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index 4e3f264246..cd200f6b8c 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -2189,7 +2189,7 @@ This security group was introduced in Windows Server 2012, and it has not chang IIS\_IUSRS is a built-in group that is used by Internet Information Services beginning with IIS 7.0. A built-in account and group are guaranteed by the operating system to always have a unique SID. IIS 7.0 replaces the IUSR\_MachineName account and the IIS\_WPG group with the IIS\_IUSRS group to ensure that the actual names that are used by the new account and group will never be localized. For example, regardless of the language of the Windows operating system that you install, the IIS account name will always be IUSR, and the group name will be IIS\_IUSRS. -For more information, see [Understanding Built-In User and Group Accounts in IIS 7](http://www.iis.net/learn/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis). +For more information, see [Understanding Built-In User and Group Accounts in IIS 7](https://www.iis.net/learn/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis). This security group has not changed since Windows Server 2008. From 2199ca5fb507ef122968359c979bb0c22eb841db Mon Sep 17 00:00:00 2001 From: Hao Chen Date: Fri, 24 Jul 2020 10:02:14 +0800 Subject: [PATCH 003/115] replace more http --- windows/whats-new/ltsc/whats-new-windows-10-2019.md | 2 +- windows/whats-new/whats-new-windows-10-version-1703.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 8c41f40e80..7d1960a2b7 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -128,7 +128,7 @@ This also means you’ll see more links to other security apps within **Windows You can read more about ransomware mitigations and detection capability at: - [Averting ransomware epidemics in corporate networks with Windows Defender ATP](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/) -- [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](http://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) +- [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](https://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) - [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/) Also see [New capabilities of Windows Defender ATP further maximizing the effectiveness and robustness of endpoint security](https://blogs.windows.com/business/2018/04/17/new-capabilities-of-windows-defender-atp-further-maximizing-the-effectiveness-and-robustness-of-endpoint-security/#62FUJ3LuMXLQidVE.97) diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 2f32d6a64d..abeafe5f05 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -150,7 +150,7 @@ New features for Microsoft Defender AV in Windows 10, version 1703 include: In Windows 10, version 1607, we [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment in version 1703 with [updated behavior monitoring and always-on real-time protection](/windows/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). -You can read more about ransomware mitigations and detection capability in Microsoft Defender AV in the [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](http://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) and at the [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/). +You can read more about ransomware mitigations and detection capability in Microsoft Defender AV in the [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](https://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) and at the [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/). ### Device Guard and Credential Guard From eb7d45fd82de60b81a9e04e6a0d760c28715a65a Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Wed, 5 Aug 2020 17:43:37 -0700 Subject: [PATCH 004/115] Update .acrolinx-config.edn --- .acrolinx-config.edn | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.acrolinx-config.edn b/.acrolinx-config.edn index 61cb120716..5bd4162543 100644 --- a/.acrolinx-config.edn +++ b/.acrolinx-config.edn @@ -1,6 +1,21 @@ {:allowed-branchname-matches ["master"] :allowed-filename-matches ["windows/"] + :targets + { + :counts { + ;;:spelling 10 + ;;:grammar 3 + ;;:total 15 ;; absolute flag count but i don't know the difference between this and issues + ;;:issues 15 ;; coming from the platform, will need to be tested. + } + :scores { + ;;:terminology 100 + :min-score 20 ;; Confirmed with Hugo that you just comment out the single score and leave the structure in place + ;;:spelling 40 + } + } + :guidance-profile "d2b6c2c8-00ee-47f1-8d10-b280cc3434c1" ;; Profile ID for "M365-specific" :acrolinx-check-settings @@ -12,7 +27,7 @@ "TERMINOLOGY_VALID" "VOICE_GUIDANCE" ] - "termSetNames" ["M365"] + "termSetNames" ["M365" "Products" "Microsoft"] } :template-header From 821194a24052e9742b72ef7f094a7b4fb4f6e2eb Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 12 Aug 2020 18:31:16 +0300 Subject: [PATCH 005/115] note about security principal quota https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5318 --- .../hello-for-business/hello-cert-trust-adfs.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index d4c919784d..a24af0e830 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -152,6 +152,9 @@ Sign-in a domain controller with _Enterprise Admin_ equivalent credentials. 1. Start an elevated Windows PowerShell console. 2. Type `Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)`. +>[!NOTE] +> If the [default object creation quota for security principles](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/d55ca655-109b-4175-902a-3e9d60833012) is set, you will need to change it for the Group Managed Service Account in order to be able to register new devices. + ### Windows Server 2008 or 2008 R2 Domain Controllers Windows Server 2008 and 2008 R2 domain controllers do not host the Microsoft Key Distribution Service, nor do they support Group Managed Service Accounts. Therefore, you must use create a normal user account as a service account where you are responsible for changing the password on a regular basis. From 5c3c7151ab46bbb6ce2de3b1889d4a49a9b46546 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Sat, 22 Aug 2020 10:56:44 +0300 Subject: [PATCH 006/115] add note about unreachable machines on the network https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6771 --- .../bitlocker/bitlocker-how-to-enable-network-unlock.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index a7a7e7fce7..1fe88d096c 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -309,6 +309,9 @@ To turn off the unlock server, the PXE provider can be unregistered from the WDS To update the certificates used by Network Unlock, administrators need to import or generate the new certificate for the server and then update the Network Unlock certificate Group Policy setting on the domain controller. +> [!NOTE] +> Machines that do not get the GPO will ask for the PIN when booting. In this case one needs to investigate and understand why the machine could not get the GPO and update the certificate. + ## Troubleshoot Network Unlock Troubleshooting Network Unlock issues begins by verifying the environment. Many times, a small configuration issue will be the root cause of the failure. Items to verify include: From 8d5aefa6bf00959945fe756b7498b6d5250ece13 Mon Sep 17 00:00:00 2001 From: Ben McGarry <9434920+BenMcGarry@users.noreply.github.com> Date: Mon, 24 Aug 2020 15:06:41 +0100 Subject: [PATCH 007/115] Update WDAC hunting query Existing query does not appear to work within WDATP Advanced hunting, this updates the query to return the expected result. --- ...ation-control-events-centrally-using-advanced-hunting.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md index 3b0e313266..19bcd021e5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md +++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md @@ -30,10 +30,10 @@ This capability is supported beginning with Windows version 1607. Here is a simple example query that shows all the WDAC events generated in the last seven days from machines being monitored by Microsoft Defender ATP: ``` -MiscEvents -| where EventTime > ago(7d) and +DeviceEvents +| where Timestamp > ago(7d) and ActionType startswith "AppControl" -| summarize Machines=dcount(ComputerName) by ActionType +| summarize Machines=dcount(DeviceName) by ActionType | order by Machines desc ``` From 2b6ec3393ea3b7f2f3d0b7634a91cf02fcffb7cc Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 25 Aug 2020 21:02:02 +0500 Subject: [PATCH 008/115] Update advanced-security-audit-policy-settings.md --- .../auditing/advanced-security-audit-policy-settings.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index e36022563e..1ce7884399 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -64,7 +64,6 @@ Detailed Tracking security policy settings and audit events can be used to monit - [Audit Process Creation](audit-process-creation.md) - [Audit Process Termination](audit-process-termination.md) - [Audit RPC Events](audit-rpc-events.md) -- [Audit Credential Validation](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-credential-validation) - [Audit Token Right Adjusted](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-token-right-adjusted) ## DS Access From 7da92a413cafc5b8c7f70cadb82f62b45cd1dc0b Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 25 Aug 2020 17:03:27 -0700 Subject: [PATCH 009/115] Added Phase1 policy docs --- .../mdm/policy-csp-admx-ciphersuiteorder.md | 203 ++ .../mdm/policy-csp-admx-com.md | 197 ++ .../mdm/policy-csp-admx-conf.md | 2431 +++++++++++++++++ 3 files changed, 2831 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md create mode 100644 windows/client-management/mdm/policy-csp-admx-com.md create mode 100644 windows/client-management/mdm/policy-csp-admx-conf.md diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md new file mode 100644 index 0000000000..306231cdcf --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md @@ -0,0 +1,203 @@ +--- +title: Policy CSP - ADMX_CipherSuiteOrder +description: Policy CSP - ADMX_CipherSuiteOrder +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/17/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_CipherSuiteOrder + +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_CipherSuiteOrder policies + +
+
+ ADMX_CipherSuiteOrder/SSLCipherSuiteOrder +
+
+ ADMX_CipherSuiteOrder/SSLCurveOrder +
+
+ + +
+ + +**ADMX_CipherSuiteOrder/SSLCipherSuiteOrder** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting determines the cipher suites used by the Secure Socket Layer (SSL). + +If you enable this policy setting, SSL cipher suites are prioritized in the order specified. + +If you disable or do not configure this policy setting, default cipher suite order is used. + +For information about supported cipher suites, see [Cipher Suites in TLS/SSL (Schannel SSP)](https://go.microsoft.com/fwlink/?LinkId=517265). + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *SSL Cipher Suite Order* +- GP name: *Functions* +- GP path: *Network/SSL Configuration Settings* +- GP ADMX file name: *CipherSuiteOrder.admx* + + + +
+ +
+ + +**ADMX_CipherSuiteOrder/SSLCurveOrder** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting determines the priority order of ECC curves used with ECDHE cipher suites. + +If you enable this policy setting, ECC curves are prioritized in the order specified. Enter one curve name per line. + +If you disable or do not configure this policy setting, the default ECC curve order is used. + +The default curve order is as follows: + +- curve25519 +- NistP256 +- NistP384 + +To see all the curves supported on the system, enter the following command: + +``` cmd +CertUtil.exe -DisplayEccCurve +``` + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *ECC Curve Order* +- GP name: *EccCurves* +- GP path: *Network/SSL Configuration Settings* +- GP ADMX file name: *CipherSuiteOrder.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md new file mode 100644 index 0000000000..ff361f80d2 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-com.md @@ -0,0 +1,197 @@ +--- +title: Policy CSP - ADMX_COM +description: Policy CSP - ADMX_COM +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/18/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_COM + +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_COM policies + +
+
+ ADMX_COM/AppMgmt_COM_SearchForCLSID_1 +
+
+ ADMX_COM/AppMgmt_COM_SearchForCLSID_2 +
+
+ + +
+ + +**ADMX_COM/AppMgmt_COM_SearchForCLSID_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires. + +Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components. + +If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly. + +If you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop. + +This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Download missing COM components* +- GP name: *COMClassStore* +- GP path: *System* +- GP ADMX file name: *COM.admx* + + + +
+ +
+ + +**ADMX_COM/AppMgmt_COM_SearchForCLSID_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires. + +Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components. + +If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly. + +If you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop. + +This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Download missing COM components* +- GP name: *COMClassStore* +- GP path: *System* +- GP ADMX file name: *COM.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-conf.md b/windows/client-management/mdm/policy-csp-admx-conf.md new file mode 100644 index 0000000000..931927fe44 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-conf.md @@ -0,0 +1,2431 @@ +--- +title: Policy CSP - ADMX_Conf +description: Policy CSP - ADMX_Conf +ms.author: dansimp +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.localizationpriority: medium +ms.date: 08/18/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_Conf + +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## Policy CSP - ADMX_Conf + +
+
+ ADMX_Conf/AllowPersistAutoAcceptCalls + +
+
+ ADMX_Conf/DisableAdvCallingButton + +
+
+ ADMX_Conf/DisableAppSharing + +
+
+ ADMX_Conf/DisableAudioPage + +
+
+ ADMX_Conf/DisableChat + +
+
+ ADMX_Conf/DisableGeneralPage + +
+
+ ADMX_Conf/DisableNewWhiteboard + +
+
+ ADMX_Conf/DisableOldWhiteboard + +
+
+ ADMX_Conf/DisableRDS + +
+
+ ADMX_Conf/DisableSecurityPage + +
+
+ ADMX_Conf/DisableVideoPage + +
+
+ ADMX_Conf/EnableAutoConfiguration + +
+
+ ADMX_Conf/PreventAddingNewILS + +
+
+ ADMX_Conf/PreventAudio + +
+
+ ADMX_Conf/PreventAutoAccept + +
+
+ ADMX_Conf/PreventChangeDirectSound + +
+
+ ADMX_Conf/PreventChangingCallMode + +
+
+ ADMX_Conf/PreventDirectoryServices + +
+
+ ADMX_Conf/PreventFullDuplex + +
+
+ ADMX_Conf/PreventGrantingControl + +
+
+ ADMX_Conf/PreventReceivingFiles + +
+
+ ADMX_Conf/PreventReceivingVideo + +
+
+ ADMX_Conf/PreventSendingFiles + +
+
+ ADMX_Conf/PreventSendingVideo + +
+
+ ADMX_Conf/PreventSharing + +
+
+ ADMX_Conf/PreventSharingCMDPrompt + +
+
+ ADMX_Conf/PreventSharingDesktop + +
+
+ ADMX_Conf/PreventSharingExplorer + +
+
+ ADMX_Conf/PreventSharingTrueColor + +
+
+ ADMX_Conf/PreventWebDirectory + +
+
+ ADMX_Conf/RestrictFTSendSize + +
+
+ ADMX_Conf/SetAVThroughput + +
+
+ ADMX_Conf/SetIntranetSupport + +
+
+ ADMX_Conf/SetSecurityOptions + +
+
+ + +
+ + +**ADMX_Conf/AllowPersistAutoAcceptCalls** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting makes the automatic acceptance of incoming calls persistent. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow persisting automatic acceptance of Calls* +- GP name: *PersistAutoAcceptCalls* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableAdvCallingButton** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable the Advanced Calling button* +- GP name: *NoAdvancedCalling* +- GP path: *Windows Components/NetMeeting/Options Page* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableAppSharing** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable application Sharing* +- GP name: *NoAppSharing* +- GP path: *Windows Components/NetMeeting/Application Sharing* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableAudioPage** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide the Audio page* +- GP name: *NoAudioPage* +- GP path: *Windows Components/NetMeeting/Options Page* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableChat** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Chat feature of NetMeeting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable Chat* +- GP name: *NoChat* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableGeneralPage** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwidth settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide the General page* +- GP name: *NoGeneralPage* +- GP path: *Windows Components/NetMeeting/Options Page* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableNewWhiteboard** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the T.126 whiteboard feature of NetMeeting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable Whiteboard* +- GP name: *NoNewWhiteBoard* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableOldWhiteboard** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the 2.x whiteboard feature of NetMeeting. + +The 2.x whiteboard is available for compatibility with older versions of NetMeeting only. + +Deployers who do not need it can save bandwidth by disabling it. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable NetMeeting 2.x Whiteboard* +- GP name: *NoOldWhiteBoard* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableRDS** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable remote Desktop Sharing* +- GP name: *NoRDS* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableSecurityPage** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide the Security page* +- GP name: *NoSecurityPage* +- GP path: *Windows Components/NetMeeting/Options Page* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/DisableVideoPage** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Video page of the Tools Options dialog. Users will not then be able to change video settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide the Video page* +- GP name: *NoVideoPage* +- GP path: *Windows Components/NetMeeting/Options Page* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/EnableAutoConfiguration** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures NetMeeting to download settings for users each time it starts. + +The settings are downloaded from the URL listed in the "Configuration URL:" text box. + +Group Policy based settings have precedence over any conflicting settings set by downloading them from this URL. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable Automatic Configuration* +- GP name: *Use AutoConfig* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventAddingNewILS** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from adding directory (ILS) servers to the list of those they can use for placing calls. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent adding Directory servers* +- GP name: *NoAddingDirectoryServers* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventAudio** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the audio feature of NetMeeting. Users will not be able to send or receive audio. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable Audio* +- GP name: *NoAudio* +- GP path: *Windows Components/NetMeeting/Audio & Video* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventAutoAccept** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from turning on automatic acceptance of incoming calls. + +This ensures that others cannot call and connect to NetMeeting when the user is not present. + +This policy is recommended when deploying NetMeeting to run always. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent automatic acceptance of Calls* +- GP name: *NoAutoAcceptCalls* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventChangeDirectSound** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents prevents user from changing the DirectSound audio setting. + +DirectSound provides much better audio quality, but older audio hardware may not support it. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent changing DirectSound Audio setting* +- GP name: *NoChangeDirectSound* +- GP path: *Windows Components/NetMeeting/Audio & Video* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventChangingCallMode** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents prevents users from changing the way calls are placed, either directly or via a gatekeeper server. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent changing Call placement method* +- GP name: *NoChangingCallMode* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventDirectoryServices** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables the directory feature of NetMeeting. + +Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory. + +This policy is for deployers who have their own location or calling schemes such as a Web site or an address book. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable Directory services* +- GP name: *NoDirectoryServices* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventFullDuplex** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable full duplex Audio* +- GP name: *NoFullDuplex* +- GP path: *Windows Components/NetMeeting/Audio & Video* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventGrantingControl** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Control* +- GP name: *NoAllowControl* +- GP path: *Windows Components/NetMeeting/Application Sharing* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventReceivingFiles** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from receiving files from others in a conference. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent receiving files* +- GP name: *NoReceivingFiles* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventReceivingVideo** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from receiving video. Users will still be able to send video provided they have the hardware. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent receiving Video* +- GP name: *NoReceivingVideo* +- GP path: *Windows Components/NetMeeting/Audio & Video* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventSendingFiles** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sending files to others in a conference. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent sending files* +- GP name: *NoSendingFiles* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventSendingVideo** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sending video if they have the hardware. Users will still be able to receive video from others. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent sending Video* +- GP name: *NoSendingVideo* +- GP path: *Windows Components/NetMeeting/Audio & Video* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventSharing** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Sharing* +- GP name: *NoSharing* +- GP path: *Windows Components/NetMeeting/Application Sharing* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventSharingCMDPrompt** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications, since command prompts can be used to launch other applications. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Sharing Command Prompts* +- GP name: *NoSharingDosWindows* +- GP path: *Windows Components/NetMeeting/Application Sharing* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventSharingDesktop** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing the whole desktop. They will still be able to share individual applications. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Desktop Sharing* +- GP name: *NoSharingDesktop* +- GP path: *Windows Components/NetMeeting/Application Sharing* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventSharingExplorer** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications, since Explorer windows can be used to launch other applications. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Sharing Explorer windows* +- GP name: *NoSharingExplorer* +- GP path: *Windows Components/NetMeeting/Application Sharing* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventSharingTrueColor** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing applications in true color. True color sharing uses more bandwidth in a conference. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Application Sharing in true color* +- GP name: *NoTrueColorSharing* +- GP path: *Windows Components/NetMeeting/Application Sharing* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/PreventWebDirectory** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from viewing directories as Web pages in a browser. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent viewing Web directory* +- GP name: *NoWebDirectory* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/RestrictFTSendSize** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting limits the size of files users can send to others in a conference. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Limit the size of sent files* +- GP name: *MaxFileSendSize* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/SetAVThroughput** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Limit the bandwidth of Audio and Video* +- GP name: *MaximumBandwidth* +- GP path: *Windows Components/NetMeeting/Audio & Video* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/SetIntranetSupport** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting sets the URL NetMeeting will display when the user chooses the Help Online Support command. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set the intranet support Web page* +- GP name: *IntranetSupportURL* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +
+ + +**ADMX_Conf/SetSecurityOptions** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting sets the level of security for both outgoing and incoming NetMeeting calls. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set Call Security options* +- GP name: *CallSecurity* +- GP path: *Windows Components/NetMeeting* +- GP ADMX file name: *Conf.admx* + + + + +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + \ No newline at end of file From 9fde7a57dd32972f94c88510f6940cf8b4069dd0 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 26 Aug 2020 16:32:45 -0700 Subject: [PATCH 010/115] Added more Phase 1 policies --- .../policy-configuration-service-provider.md | 8 + .../mdm/policy-csp-admx-cpls.md | 117 ++++++ .../mdm/policy-csp-admx-ctrlaltdel.md | 339 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 1 + 4 files changed, 465 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-cpls.md create mode 100644 windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 7986a6fae0..e6f3e4b8d9 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -245,6 +245,14 @@ The following diagram shows the Policy configuration service provider in tree fo +### ADMX_Cpls policies + +
+
+ ADMX_Cpls/UseDefaultTile +
+
+ ### ADMX_DnsClient policies
diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md new file mode 100644 index 0000000000..05ddffee0c --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -0,0 +1,117 @@ +--- +title: Policy CSP - ADMX_Cpls +description: Policy CSP - ADMX_Cpls +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/26/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_Cpls +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_Cpls policies + +
+
+ ADMX_Cpls/UseDefaultTile +
+
+ + +
+ + +**ADMX_Cpls/UseDefaultTile** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo. + +> [!NOTE] +> The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed. + +If you enable this policy setting, the default user account picture will display for all users on the system with no customization allowed. + +If you disable or do not configure this policy setting, users will be able to customize their account pictures. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Apply the default account picture to all users* +- GP name: *UseDefaultTile* +- GP path: *Control Panel/User Accounts* +- GP ADMX file name: *Cpls.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md new file mode 100644 index 0000000000..c098646c75 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -0,0 +1,339 @@ +--- +title: Policy CSP - ADMX_CtrlAltDel +description: Policy CSP - ADMX_CtrlAltDel +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/26/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_CtrlAltDel +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_CtrlAltDel policies + +
+
+ ADMX_CtrlAltDel/DisableChangePassword +
+
+ ADMX_CtrlAltDel/DisableLockComputer +
+
+ ADMX_CtrlAltDel/DisableTaskMgr +
+
+ ADMX_CtrlAltDel/NoLogoff +
+
+ + +
+ + +**ADMX_CtrlAltDel/DisableChangePassword** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from changing their Windows password on demand. + +If you enable this policy setting, the 'Change Password' button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del. + +However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remove Change Password* +- GP name: *DisableChangePassword* +- GP path: *System/Ctrl+Alt+Del Options* +- GP ADMX file name: *CtrlAltDel.admx* + + + + +
+ + +**ADMX_CtrlAltDel/DisableLockComputer** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from locking the system. + +While locked, the desktop is hidden and the system cannot be used. Only the user who locked the system or the system administrator can unlock it. + +If you enable this policy setting, users cannot lock the computer from the keyboard using Ctrl+Alt+Del. + +If you disable or do not configure this policy setting, users will be able to lock the computer from the keyboard using Ctrl+Alt+Del. + +> [!TIP] +> To lock a computer without configuring a setting, press Ctrl+Alt+Delete, and then click Lock this computer. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remove Lock Computer* +- GP name: *DisableLockWorkstation* +- GP path: *System/Ctrl+Alt+Del Options* +- GP ADMX file name: *CtrlAltDel.admx* + + + +
+ + +**ADMX_CtrlAltDel/DisableTaskMgr** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from starting Task Manager. + +Task Manager (**taskmgr.exe**) lets users start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run. + +If you enable this policy setting, users will not be able to access Task Manager. If users try to start Task Manager, a message appears explaining that a policy prevents the action. + +If you disable or do not configure this policy setting, users can access Task Manager to start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remove Task Manager* +- GP name: *DisableTaskMgr* +- GP path: *System/Ctrl+Alt+Del Options* +- GP ADMX file name: *CtrlAltDel.admx* + + + +
+ + +**ADMX_CtrlAltDel/NoLogoff** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting disables or removes all menu items and buttons that log the user off the system. + +If you enable this policy setting, users will not see the Log off menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shutdown the computer, or clicking Log off from the Start menu. + +Also, see the 'Remove Logoff on the Start Menu' policy setting. + +If you disable or do not configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remove Logoff* +- GP name: *NoLogoff* +- GP path: *System/Ctrl+Alt+Del Options* +- GP ADMX file name: *CtrlAltDel.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 6e3d43c649..83e26f746f 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -42,6 +42,7 @@ ms.date: 08/18/2020 - [ADMX_AppCompat/AppCompatTurnOffUserActionRecord](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffuseractionrecord) - [ADMX_AppCompat/AppCompatTurnOffProgramInventory](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprograminventory) - [ADMX_AuditSettings/IncludeCmdLine](./policy-csp-admx-auditsettings.md#admx-auditsettings-includecmdline) +- [ADMX_Cpls/UseDefaultTile](./policy-csp-admx-cpls.md##admx-cpls-usedefaulttile) - [ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-allowfqdnnetbiosqueries) - [ADMX_DnsClient/DNS_AppendToMultiLabelName](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-appendtomultilabelname) - [ADMX_DnsClient/DNS_Domain](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-domain) From 61ca35c9c08b4ab763b32dbb5444e0b7fe492d97 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 26 Aug 2020 18:19:06 -0700 Subject: [PATCH 011/115] more updates --- .../policy-configuration-service-provider.md | 20 ++++++++++++++++++- .../mdm/policy-csps-admx-backed.md | 6 +++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index e6f3e4b8d9..1432aa2a6d 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -249,10 +249,28 @@ The following diagram shows the Policy configuration service provider in tree fo
- ADMX_Cpls/UseDefaultTile + ADMX_CtrlAltDel/DisableChangePassword +
+
+ ADMX_CtrlAltDel/DisableLockComputer +
+
+ ADMX_CtrlAltDel/DisableTaskMgr +
+
+ ADMX_CtrlAltDel/NoLogoff
+ +### ADMX_CtrlAltDel policies +
+
+ ADMX_Cpls/UseDefaultTile +
+
+ + ### ADMX_DnsClient policies
diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 83e26f746f..e44a49e5ed 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -42,7 +42,11 @@ ms.date: 08/18/2020 - [ADMX_AppCompat/AppCompatTurnOffUserActionRecord](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffuseractionrecord) - [ADMX_AppCompat/AppCompatTurnOffProgramInventory](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprograminventory) - [ADMX_AuditSettings/IncludeCmdLine](./policy-csp-admx-auditsettings.md#admx-auditsettings-includecmdline) -- [ADMX_Cpls/UseDefaultTile](./policy-csp-admx-cpls.md##admx-cpls-usedefaulttile) +- [ADMX_Cpls/UseDefaultTile](./policy-csp-admx-cpls.md#admx-cpls-usedefaulttile) +- [ADMX_CtrlAltDel/DisableChangePassword](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablechangepassword) +- [ADMX_CtrlAltDel/DisableLockComputer](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablelockcomputer) +- [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr) +- [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff) - [ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-allowfqdnnetbiosqueries) - [ADMX_DnsClient/DNS_AppendToMultiLabelName](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-appendtomultilabelname) - [ADMX_DnsClient/DNS_Domain](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-domain) From e546ca6030efa9b71ecec7af3ac70c3c1c379927 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 30 Aug 2020 11:33:19 +0500 Subject: [PATCH 012/115] Update credential-guard-requirements.md --- .../credential-guard/credential-guard-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index 25d125585e..8e3b5ae6a1 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -98,7 +98,7 @@ The following tables describe baseline protections, plus protections for improve | Hardware: **Trusted Platform Module (TPM)** |  **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.
[TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations) | A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. | | Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)| UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. | | Firmware: **Secure firmware update process** | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).| UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. | -| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise

Important:
Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard.

|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. | +| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 or Windows Server 2016

Important:
Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard.

|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. | > [!IMPORTANT] > The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Windows Defender Credential Guard can provide. From 1f41afd14c95b11e9bb5bad0959d07ad544088c5 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 31 Aug 2020 14:32:30 +0500 Subject: [PATCH 013/115] Update windows/security/identity-protection/credential-guard/credential-guard-requirements.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../credential-guard/credential-guard-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index 8e3b5ae6a1..cdf9c3ec9a 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -98,7 +98,7 @@ The following tables describe baseline protections, plus protections for improve | Hardware: **Trusted Platform Module (TPM)** |  **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.
[TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations) | A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. | | Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)| UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. | | Firmware: **Secure firmware update process** | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).| UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. | -| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 or Windows Server 2016

Important:
Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard.

|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. | +| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 or Windows Server 2016.

Important:
Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard.

|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. | > [!IMPORTANT] > The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Windows Defender Credential Guard can provide. From 4cd686ee25e7c192f40fefedcc9dfe079174cf82 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 31 Aug 2020 13:13:49 -0700 Subject: [PATCH 014/115] Deleted conf admx backed doc --- .../mdm/policy-csp-admx-conf.md | 2431 ----------------- 1 file changed, 2431 deletions(-) delete mode 100644 windows/client-management/mdm/policy-csp-admx-conf.md diff --git a/windows/client-management/mdm/policy-csp-admx-conf.md b/windows/client-management/mdm/policy-csp-admx-conf.md deleted file mode 100644 index 931927fe44..0000000000 --- a/windows/client-management/mdm/policy-csp-admx-conf.md +++ /dev/null @@ -1,2431 +0,0 @@ ---- -title: Policy CSP - ADMX_Conf -description: Policy CSP - ADMX_Conf -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.localizationpriority: medium -ms.date: 08/18/2020 -ms.reviewer: -manager: dansimp ---- - -# Policy CSP - ADMX_Conf - -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - -
- - -## Policy CSP - ADMX_Conf - -
-
- ADMX_Conf/AllowPersistAutoAcceptCalls - -
-
- ADMX_Conf/DisableAdvCallingButton - -
-
- ADMX_Conf/DisableAppSharing - -
-
- ADMX_Conf/DisableAudioPage - -
-
- ADMX_Conf/DisableChat - -
-
- ADMX_Conf/DisableGeneralPage - -
-
- ADMX_Conf/DisableNewWhiteboard - -
-
- ADMX_Conf/DisableOldWhiteboard - -
-
- ADMX_Conf/DisableRDS - -
-
- ADMX_Conf/DisableSecurityPage - -
-
- ADMX_Conf/DisableVideoPage - -
-
- ADMX_Conf/EnableAutoConfiguration - -
-
- ADMX_Conf/PreventAddingNewILS - -
-
- ADMX_Conf/PreventAudio - -
-
- ADMX_Conf/PreventAutoAccept - -
-
- ADMX_Conf/PreventChangeDirectSound - -
-
- ADMX_Conf/PreventChangingCallMode - -
-
- ADMX_Conf/PreventDirectoryServices - -
-
- ADMX_Conf/PreventFullDuplex - -
-
- ADMX_Conf/PreventGrantingControl - -
-
- ADMX_Conf/PreventReceivingFiles - -
-
- ADMX_Conf/PreventReceivingVideo - -
-
- ADMX_Conf/PreventSendingFiles - -
-
- ADMX_Conf/PreventSendingVideo - -
-
- ADMX_Conf/PreventSharing - -
-
- ADMX_Conf/PreventSharingCMDPrompt - -
-
- ADMX_Conf/PreventSharingDesktop - -
-
- ADMX_Conf/PreventSharingExplorer - -
-
- ADMX_Conf/PreventSharingTrueColor - -
-
- ADMX_Conf/PreventWebDirectory - -
-
- ADMX_Conf/RestrictFTSendSize - -
-
- ADMX_Conf/SetAVThroughput - -
-
- ADMX_Conf/SetIntranetSupport - -
-
- ADMX_Conf/SetSecurityOptions - -
-
- - -
- - -**ADMX_Conf/AllowPersistAutoAcceptCalls** - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting makes the automatic acceptance of incoming calls persistent. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Allow persisting automatic acceptance of Calls* -- GP name: *PersistAutoAcceptCalls* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableAdvCallingButton** - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable the Advanced Calling button* -- GP name: *NoAdvancedCalling* -- GP path: *Windows Components/NetMeeting/Options Page* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableAppSharing** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable application Sharing* -- GP name: *NoAppSharing* -- GP path: *Windows Components/NetMeeting/Application Sharing* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableAudioPage** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Hide the Audio page* -- GP name: *NoAudioPage* -- GP path: *Windows Components/NetMeeting/Options Page* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableChat** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Chat feature of NetMeeting. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable Chat* -- GP name: *NoChat* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableGeneralPage** - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwidth settings. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Hide the General page* -- GP name: *NoGeneralPage* -- GP path: *Windows Components/NetMeeting/Options Page* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableNewWhiteboard** - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the T.126 whiteboard feature of NetMeeting. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable Whiteboard* -- GP name: *NoNewWhiteBoard* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableOldWhiteboard** - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the 2.x whiteboard feature of NetMeeting. - -The 2.x whiteboard is available for compatibility with older versions of NetMeeting only. - -Deployers who do not need it can save bandwidth by disabling it. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable NetMeeting 2.x Whiteboard* -- GP name: *NoOldWhiteBoard* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableRDS** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable remote Desktop Sharing* -- GP name: *NoRDS* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableSecurityPage** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication settings. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Hide the Security page* -- GP name: *NoSecurityPage* -- GP path: *Windows Components/NetMeeting/Options Page* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/DisableVideoPage** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting hides the Video page of the Tools Options dialog. Users will not then be able to change video settings. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Hide the Video page* -- GP name: *NoVideoPage* -- GP path: *Windows Components/NetMeeting/Options Page* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/EnableAutoConfiguration** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting configures NetMeeting to download settings for users each time it starts. - -The settings are downloaded from the URL listed in the "Configuration URL:" text box. - -Group Policy based settings have precedence over any conflicting settings set by downloading them from this URL. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Enable Automatic Configuration* -- GP name: *Use AutoConfig* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventAddingNewILS** - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from adding directory (ILS) servers to the list of those they can use for placing calls. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent adding Directory servers* -- GP name: *NoAddingDirectoryServers* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventAudio** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the audio feature of NetMeeting. Users will not be able to send or receive audio. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable Audio* -- GP name: *NoAudio* -- GP path: *Windows Components/NetMeeting/Audio & Video* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventAutoAccept** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from turning on automatic acceptance of incoming calls. - -This ensures that others cannot call and connect to NetMeeting when the user is not present. - -This policy is recommended when deploying NetMeeting to run always. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent automatic acceptance of Calls* -- GP name: *NoAutoAcceptCalls* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventChangeDirectSound** - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents prevents user from changing the DirectSound audio setting. - -DirectSound provides much better audio quality, but older audio hardware may not support it. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent changing DirectSound Audio setting* -- GP name: *NoChangeDirectSound* -- GP path: *Windows Components/NetMeeting/Audio & Video* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventChangingCallMode** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents prevents users from changing the way calls are placed, either directly or via a gatekeeper server. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent changing Call placement method* -- GP name: *NoChangingCallMode* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventDirectoryServices** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the directory feature of NetMeeting. - -Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory. - -This policy is for deployers who have their own location or calling schemes such as a Web site or an address book. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable Directory services* -- GP name: *NoDirectoryServices* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventFullDuplex** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Disable full duplex Audio* -- GP name: *NoFullDuplex* -- GP path: *Windows Components/NetMeeting/Audio & Video* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventGrantingControl** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent Control* -- GP name: *NoAllowControl* -- GP path: *Windows Components/NetMeeting/Application Sharing* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventReceivingFiles** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from receiving files from others in a conference. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent receiving files* -- GP name: *NoReceivingFiles* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventReceivingVideo** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from receiving video. Users will still be able to send video provided they have the hardware. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent receiving Video* -- GP name: *NoReceivingVideo* -- GP path: *Windows Components/NetMeeting/Audio & Video* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventSendingFiles** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sending files to others in a conference. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent sending files* -- GP name: *NoSendingFiles* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventSendingVideo** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sending video if they have the hardware. Users will still be able to receive video from others. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent sending Video* -- GP name: *NoSendingVideo* -- GP path: *Windows Components/NetMeeting/Audio & Video* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventSharing** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent Sharing* -- GP name: *NoSharing* -- GP path: *Windows Components/NetMeeting/Application Sharing* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventSharingCMDPrompt** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications, since command prompts can be used to launch other applications. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent Sharing Command Prompts* -- GP name: *NoSharingDosWindows* -- GP path: *Windows Components/NetMeeting/Application Sharing* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventSharingDesktop** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing the whole desktop. They will still be able to share individual applications. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent Desktop Sharing* -- GP name: *NoSharingDesktop* -- GP path: *Windows Components/NetMeeting/Application Sharing* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventSharingExplorer** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications, since Explorer windows can be used to launch other applications. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent Sharing Explorer windows* -- GP name: *NoSharingExplorer* -- GP path: *Windows Components/NetMeeting/Application Sharing* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventSharingTrueColor** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from sharing applications in true color. True color sharing uses more bandwidth in a conference. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent Application Sharing in true color* -- GP name: *NoTrueColorSharing* -- GP path: *Windows Components/NetMeeting/Application Sharing* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/PreventWebDirectory** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from viewing directories as Web pages in a browser. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent viewing Web directory* -- GP name: *NoWebDirectory* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/RestrictFTSendSize** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting limits the size of files users can send to others in a conference. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Limit the size of sent files* -- GP name: *MaxFileSendSize* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/SetAVThroughput** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Limit the bandwidth of Audio and Video* -- GP name: *MaximumBandwidth* -- GP path: *Windows Components/NetMeeting/Audio & Video* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/SetIntranetSupport** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting sets the URL NetMeeting will display when the user chooses the Help Online Support command. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Set the intranet support Web page* -- GP name: *IntranetSupportURL* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -
- - -**ADMX_Conf/SetSecurityOptions** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in Windows 10 Insider Preview Build 20185. This policy setting sets the level of security for both outgoing and incoming NetMeeting calls. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Set Call Security options* -- GP name: *CallSecurity* -- GP path: *Windows Components/NetMeeting* -- GP ADMX file name: *Conf.admx* - - - - -Footnotes: - -- 1 - Available in Windows 10, version 1607. -- 2 - Available in Windows 10, version 1703. -- 3 - Available in Windows 10, version 1709. -- 4 - Available in Windows 10, version 1803. -- 5 - Available in Windows 10, version 1809. -- 6 - Available in Windows 10, version 1903. -- 7 - Available in Windows 10, version 1909. -- 8 - Available in Windows 10, version 2004. - - \ No newline at end of file From b0fc7d70f95da2b0345951235951b976214483e7 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 31 Aug 2020 13:30:48 -0700 Subject: [PATCH 015/115] Updated TOC --- windows/client-management/mdm/TOC.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 2d6a0b7bda..75636d24bc 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -174,8 +174,12 @@ #### [ADMX_AddRemovePrograms](policy-csp-admx-addremoveprograms.md) #### [ADMX_AppCompat](policy-csp-admx-appcompat.md) #### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md) +#### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md) #### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) #### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) +#### [ADMX_COM](policy-csp-admx-com.md) +#### [ADMX_Cpls](policy-csp-admx-cpls.md) +#### [ADMX_CtrlAltDel](policy-csp-admx-ctrlaltdel.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) From ad369cdc16e981d08fa7cf6039410972e47b4f25 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 31 Aug 2020 15:42:39 -0700 Subject: [PATCH 016/115] Added digitallocker policies --- windows/client-management/mdm/TOC.md | 1 + .../policy-configuration-service-provider.md | 9 + .../mdm/policy-csp-admx-digitallocker.md | 190 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 2 + 4 files changed, 202 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-digitallocker.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 75636d24bc..ed85670b3f 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -175,6 +175,7 @@ #### [ADMX_AppCompat](policy-csp-admx-appcompat.md) #### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md) #### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md) +#### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) #### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) #### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) #### [ADMX_COM](policy-csp-admx-com.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 1432aa2a6d..d8e11f5753 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -270,6 +270,15 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_DigitalLocker policies +
+
+ ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1 +
+
+ ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2 +
+
### ADMX_DnsClient policies diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md new file mode 100644 index 0000000000..0f8d44967e --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -0,0 +1,190 @@ +--- +title: Policy CSP - ADMX_DigitalLocker +description: Policy CSP - ADMX_DigitalLocker +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/31/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_DigitalLocker +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_DigitalLocker policies + +
+
+ ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1 +
+
+ ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2 +
+
+ + +
+ + +**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether Digital Locker can run. + +Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker. + +If you enable this setting, Digital Locker will not run. + +If you disable or do not configure this setting, Digital Locker can be run. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow Digital Locker to run* +- GP name: *DoNotRunDigitalLocker* +- GP path: *Windows Components/Digital Locker* +- GP ADMX file name: *DigitalLocker.admx* + + + +
+ + +**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether Digital Locker can run. + +Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker. + +If you enable this setting, Digital Locker will not run. + +If you disable or do not configure this setting, Digital Locker can be run. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow Digital Locker to run* +- GP name: *DoNotRunDigitalLocker* +- GP path: *Windows Components/Digital Locker* +- GP ADMX file name: *DigitalLocker.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index e44a49e5ed..3e4f4b9b71 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -47,6 +47,8 @@ ms.date: 08/18/2020 - [ADMX_CtrlAltDel/DisableLockComputer](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablelockcomputer) - [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr) - [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff) +- [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-1) +- [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-2) - [ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-allowfqdnnetbiosqueries) - [ADMX_DnsClient/DNS_AppendToMultiLabelName](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-appendtomultilabelname) - [ADMX_DnsClient/DNS_Domain](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-domain) From 743287dde4b207943485e21a80f2002c6a7aa427 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 31 Aug 2020 17:19:16 -0700 Subject: [PATCH 017/115] Added admx_dwm policies --- windows/client-management/mdm/TOC.md | 7 +- .../policy-configuration-service-provider.md | 32 + .../mdm/policy-csp-admx-dwm.md | 642 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 9 + 4 files changed, 687 insertions(+), 3 deletions(-) create mode 100644 windows/client-management/mdm/policy-csp-admx-dwm.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index ed85670b3f..1e7d3b4db7 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -175,12 +175,13 @@ #### [ADMX_AppCompat](policy-csp-admx-appcompat.md) #### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md) #### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md) -#### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) -#### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) -#### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) #### [ADMX_COM](policy-csp-admx-com.md) #### [ADMX_Cpls](policy-csp-admx-cpls.md) #### [ADMX_CtrlAltDel](policy-csp-admx-ctrlaltdel.md) +#### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) +#### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) +#### [ADMX_DWM](policy-csp-admx-dwm.md) +#### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index d8e11f5753..54cdc3966a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -351,6 +351,38 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_DWM policies + +
+
+ ADMX_DWM/DwmDefaultColorizationColor_1 +
+
+ ADMX_DWM/DwmDefaultColorizationColor_2 +
+
+ ADMX_DWM/DwmDisableAccentAndGradient +
+
+ ADMX_DWM/DwmDisallowAnimations_1 +
+
+ ADMX_DWM/DwmDisallowAnimations_2 +
+
+ ADMX_DWM/DwmDisallowColorizationColorChanges_1 +
+
+ ADMX_DWM/DwmDisallowColorizationColorChanges_2 +
+
+ ADMX_DWM/DwmDisallowFlip3D_1 +
+
+ ADMX_DWM/DwmDisallowFlip3D_2 +
+
+ ### ADMX_EventForwarding policies
diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md new file mode 100644 index 0000000000..18ce7f2672 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -0,0 +1,642 @@ +--- +title: Policy CSP - ADMX_DWM +description: Policy CSP - ADMX_DWM +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/31/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_DWM +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_DWM policies + +
+
+ ADMX_DWM/DwmDefaultColorizationColor_1 +
+
+ ADMX_DWM/DwmDefaultColorizationColor_2 +
+
+ ADMX_DWM/DwmDisableAccentAndGradient +
+
+ ADMX_DWM/DwmDisallowAnimations_1 +
+
+ ADMX_DWM/DwmDisallowAnimations_2 +
+
+ ADMX_DWM/DwmDisallowColorizationColorChanges_1 +
+
+ ADMX_DWM/DwmDisallowColorizationColorChanges_2 +
+
+ ADMX_DWM/DwmDisallowFlip3D_1 +
+
+ ADMX_DWM/DwmDisallowFlip3D_2 +
+
+ + +
+ + +**ADMX_DWM/DwmDefaultColorizationColor_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the default color for window frames when the user does not specify a color. + +If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. + +If you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color. + +> [!NOTE] +> This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify a default color* +- GP name: *DefaultColorizationColorState* +- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* +- GP ADMX file name: *DWM.admx* + + + + +
+ + +**ADMX_DWM/DwmDefaultColorizationColor_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the default color for window frames when the user does not specify a color. + +If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. + +If you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color. + +> [!NOTE] +> This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify a default color* +- GP name: *DefaultColorizationColorState* +- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* +- GP ADMX file name: *DWM.admx* + + + +
+ + +**ADMX_DWM/DwmDisableAccentAndGradient** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the Start background visuals. + +If you enable this policy setting, the Start background will use a solid color. + +If you disable or do not configure this policy setting, the Start background will use the default visuals. + +> [!NOTE] +> If this policy setting is enabled, users can continue to select a color in Start Personalization. However, setting the accent will have no effect. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Use solid color for Start background* +- GP name: *DisableAccentGradient* +- GP path: *Windows Components/Desktop Window Manager* +- GP ADMX file name: *DWM.admx* + + + +
+ + +**ADMX_DWM/DwmDisallowAnimations_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. + +If you enable this policy setting, window animations are turned off. + +If you disable or do not configure this policy setting, window animations are turned on. + +Changing this policy setting requires a logoff for it to be applied. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow window animations* +- GP name: *DisallowAnimations* +- GP path: *Windows Components/Desktop Window Manager* +- GP ADMX file name: *DWM.admx* + + + +
+ + +**ADMX_DWM/DwmDisallowAnimations_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. + +If you enable this policy setting, window animations are turned off. + +If you disable or do not configure this policy setting, window animations are turned on. + +Changing this policy setting requires a logoff for it to be applied. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow window animations* +- GP name: *DisallowAnimations* +- GP path: *Windows Components/Desktop Window Manager* +- GP ADMX file name: *DWM.admx* + + + +
+ + +**ADMX_DWM/DwmDisallowColorizationColorChanges_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the ability to change the color of window frames. + +If you enable this policy setting, you prevent users from changing the default window frame color. + +If you disable or do not configure this policy setting, you allow users to change the default window frame color. + +> [!NOTE] +> This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow color changes* +- GP name: *DisallowColorizationColorChanges* +- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* +- GP ADMX file name: *DWM.admx* + + + +
+ + +**ADMX_DWM/DwmDisallowFlip3D_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure the accessibility of the Flip 3D feature. Flip 3D allows the user to view items on the Windows desktop as they are being flipped through in three dimensions. + +If you enable this policy setting, Flip 3D is inaccessible. + +If you disable or do not configure this policy setting, Flip 3D is accessible, if desktop composition is turned on. When Windows Flip 3D is activated with the Windows+Tab keys, a visual version of the desktop is presented and items can be flipped through to select. + +Changing this policy setting requires a logoff for it to be applied. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow Flip3D invocation* +- GP name: *DisallowFlip3d* +- GP path: *Windows Components/Desktop Window Manager* +- GP ADMX file name: *DWM.admx* + + + +
+ + +**ADMX_DWM/DwmDisallowFlip3D_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure the accessibility of the Flip 3D feature. Flip 3D allows the user to view items on the Windows desktop as they are being flipped through in three dimensions. + +If you enable this policy setting, Flip 3D is inaccessible. + +If you disable or do not configure this policy setting, Flip 3D is accessible, if desktop composition is turned on. When Windows Flip 3D is activated with the Windows+Tab keys, a visual version of the desktop is presented and items can be flipped through to select. + +Changing this policy setting requires a logoff for it to be applied. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow Flip3D invocation* +- GP name: *DisallowFlip3d* +- GP path: *Windows Components/Desktop Window Manager* +- GP ADMX file name: *DWM.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 3e4f4b9b71..fb016d503a 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -71,6 +71,15 @@ ms.date: 08/18/2020 - [ADMX_DnsClient/DNS_UpdateTopLevelDomainZones](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-updatetopleveldomainzones) - [ADMX_DnsClient/DNS_UseDomainNameDevolution](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-usedomainnamedevolution) - [ADMX_DnsClient/Turn_Off_Multicast](./policy-csp-admx-dnsclient.md#admx-dnsclient-turn-off-multicast) +- [ADMX_DWM/DwmDefaultColorizationColor_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdefaultcolorizationcolor-1) +- [ADMX_DWM/DwmDefaultColorizationColor_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdefaultcolorizationcolor-2) +- [ADMX_DWM/DwmDisableAccentAndGradient](./policy-csp-admx-dwm.md#admx-dwm-dwmdisableaccentandgradient) +- [ADMX_DWM/DwmDisallowAnimations_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowanimations-1) +- [ADMX_DWM/DwmDisallowAnimations_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowanimations-2) +- [ADMX_DWM/DwmDisallowColorizationColorChanges_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowcolorizationcolorchanges-1) +- [ADMX_DWM/DwmDisallowColorizationColorChanges_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowcolorizationcolorchanges-2) +- [ADMX_DWM/DwmDisallowFlip3D_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowflip3d-1) +- [ADMX_DWM/DwmDisallowFlip3D_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowflip3d-2) - [ADMX_EventForwarding/ForwarderResourceUsage](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-forwarderresourceusage) - [ADMX_EventForwarding/SubscriptionManager](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-subscriptionmanager) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) From 16cf609749af0162c5e8f99e985cf5922c16f2c4 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 1 Sep 2020 21:15:55 +0530 Subject: [PATCH 018/115] replaced two links as per the user report #8193 , so i replaced with new links Below new links are added for Microsoft System Center 2012 Endpoint Protection **https://docs.microsoft.com/lifecycle/products/microsoft-system-center-2012-endpoint-protection** for Windows 10 Enterprise Evaluation **https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise** But i could not find an alternate for **Protecting the pre-OS environment with UEFI** --- .../secure-the-windows-10-boot-process.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md index 384c907c62..017eb64762 100644 --- a/windows/security/information-protection/secure-the-windows-10-boot-process.md +++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md @@ -96,7 +96,7 @@ Because Secure Boot has protected the bootloader and Trusted Boot has protected Early Launch Anti-Malware (ELAM) can load a Microsoft or non-Microsoft anti-malware driver before all non-Microsoft boot drivers and applications, thus continuing the chain of trust established by Secure Boot and Trusted Boot. Because the operating system hasn’t started yet, and because Windows needs to boot as quickly as possible, ELAM has a simple task: examine every boot driver and determine whether it is on the list of trusted drivers. If it’s not trusted, Windows won’t load it. -An ELAM driver isn’t a full-featured anti-malware solution; that loads later in the boot process. Windows Defender (included with Windows 10) supports ELAM, as does [Microsoft System Center 2012 Endpoint Protection](https://www.microsoft.com/server-cloud/system-center/endpoint-protection-2012.aspx) and several non-Microsoft anti-malware apps. +An ELAM driver isn’t a full-featured anti-malware solution; that loads later in the boot process. Windows Defender (included with Windows 10) supports ELAM, as does [Microsoft System Center 2012 Endpoint Protection](https://docs.microsoft.com/lifecycle/products/microsoft-system-center-2012-endpoint-protection) and several non-Microsoft anti-malware apps. ## Measured Boot If a PC in your organization does become infected with a rootkit, you need to know about it. Enterprise anti-malware apps can report malware infections to the IT department, but that doesn’t work with rootkits that hide their presence. In other words, you can’t trust the client to tell you whether it’s healthy. @@ -129,4 +129,4 @@ Measured Boot uses the power of UEFI, TPM, and Windows 10 to give you a way to Secure Boot, Trusted Boot, and Measured Boot create an architecture that is fundamentally resistant to bootkits and rootkits. In Windows 10, these features have the potential to eliminate kernel-level malware from your network. This is the most ground-breaking anti-malware solution that Windows has ever had; it’s leaps and bounds ahead of everything else. With Windows 10, you can truly trust the integrity of your operating system. ## Additional resources -- [Windows 10 Enterprise Evaluation](https://technet.microsoft.com/evalcenter/hh699156.aspx?ocid=wc-tn-wctc) +- [Windows 10 Enterprise LTSC 2019 or v2004 Evaluation](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) From c42a38a0558bc67b3c97567ae30a86c2c878d0b7 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 1 Sep 2020 15:52:44 -0700 Subject: [PATCH 019/115] Fixed build warnings --- .../policy-configuration-service-provider.md | 18 ++--- .../mdm/policy-csp-admx-dwm.md | 72 +++++++++++++++++++ 2 files changed, 81 insertions(+), 9 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 54cdc3966a..f4098e02d2 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -355,31 +355,31 @@ The following diagram shows the Policy configuration service provider in tree fo
- ADMX_DWM/DwmDefaultColorizationColor_1 + ADMX_DWM/DwmDefaultColorizationColor_1
- ADMX_DWM/DwmDefaultColorizationColor_2 + ADMX_DWM/DwmDefaultColorizationColor_2
- ADMX_DWM/DwmDisableAccentAndGradient + ADMX_DWM/DwmDisableAccentAndGradient
- ADMX_DWM/DwmDisallowAnimations_1 + ADMX_DWM/DwmDisallowAnimations_1
- ADMX_DWM/DwmDisallowAnimations_2 + ADMX_DWM/DwmDisallowAnimations_2
- ADMX_DWM/DwmDisallowColorizationColorChanges_1 + ADMX_DWM/DwmDisallowColorizationColorChanges_1
- ADMX_DWM/DwmDisallowColorizationColorChanges_2 + ADMX_DWM/DwmDisallowColorizationColorChanges_2
- ADMX_DWM/DwmDisallowFlip3D_1 + ADMX_DWM/DwmDisallowFlip3D_1
- ADMX_DWM/DwmDisallowFlip3D_2 + ADMX_DWM/DwmDisallowFlip3D_2
diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index 18ce7f2672..42d05c5279 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -485,6 +485,78 @@ ADMX Info:
+ +**ADMX_DWM/DwmDisallowColorizationColorChanges_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the ability to change the color of window frames. + +If you enable this policy setting, you prevent users from changing the default window frame color. + +If you disable or do not configure this policy setting, you allow users to change the default window frame color. + +> [!NOTE] +> This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow color changes* +- GP name: *DisallowColorizationColorChanges* +- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* +- GP ADMX file name: *DWM.admx* + + + +
+ **ADMX_DWM/DwmDisallowFlip3D_1** From 7aaeb1613c7af6ad10ddce0b678666e23e359f45 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 2 Sep 2020 10:19:21 +0500 Subject: [PATCH 020/115] Update hello-hybrid-cert-whfb-settings-dir-sync.md --- .../hello-hybrid-cert-whfb-settings-dir-sync.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index 7576402a17..e8e64a202e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -65,6 +65,9 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva > [!NOTE] > If your AD forest has multiple domains, make sure you add the ADConnect sync service account (ie. MSOL_12121212) into "Enterprise Key Admins" group to gain permission across the domains in the forest. +> [!NOTE] +> Transfer the PDC emulator FSMO role to a domain controller running Windows Server 2016 (or later) to be able to search Key Admins and Enterprise Key Admins groups (domain controllers running previous versions of Windows Server cannot translate the security identifier to a name for these groups). + ### Section Review > [!div class="checklist"] From c47197e966794a89975682ab60ab7bcac71841b6 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 2 Sep 2020 12:59:49 -0700 Subject: [PATCH 021/115] Updated SKU info --- .../mdm/policy-csp-admx-addremoveprograms.md | 110 +++++++-------- .../mdm/policy-csp-admx-appcompat.md | 72 +++++----- .../mdm/policy-csp-admx-auditsettings.md | 6 +- .../mdm/policy-csp-admx-ciphersuiteorder.md | 12 +- .../mdm/policy-csp-admx-com.md | 12 +- .../mdm/policy-csp-admx-cpls.md | 6 +- .../mdm/policy-csp-admx-ctrlaltdel.md | 24 ++-- .../mdm/policy-csp-admx-digitallocker.md | 12 +- .../mdm/policy-csp-admx-dnsclient.md | 132 +++++++++--------- .../mdm/policy-csp-admx-dwm.md | 54 +++---- .../mdm/policy-csp-admx-eventforwarding.md | 12 +- 11 files changed, 226 insertions(+), 226 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md index 37cf49d46f..36128621e3 100644 --- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md +++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md @@ -72,23 +72,23 @@ manager: dansimp Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -155,23 +155,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -236,23 +236,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -317,23 +317,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -399,23 +399,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -477,23 +477,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -555,23 +555,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -634,23 +634,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -712,23 +712,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -793,23 +793,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -874,23 +874,23 @@ ADMX Info: Home - cross mark + cross mark Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md index 527d07b981..ef0f985661 100644 --- a/windows/client-management/mdm/policy-csp-admx-appcompat.md +++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md @@ -79,19 +79,19 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -156,19 +156,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -227,19 +227,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -302,19 +302,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -378,19 +378,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -456,19 +456,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -523,19 +523,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -597,19 +597,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark @@ -670,19 +670,19 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise - check mark + check mark Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index 2f91449316..9a7fa24739 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -45,11 +45,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -57,7 +57,7 @@ manager: dansimp Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md index 306231cdcf..627b8ea61c 100644 --- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md +++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md @@ -49,11 +49,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -61,7 +61,7 @@ manager: dansimp Education - check mark + cross mark @@ -122,11 +122,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -134,7 +134,7 @@ ADMX Info: Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md index ff361f80d2..d7be4635d6 100644 --- a/windows/client-management/mdm/policy-csp-admx-com.md +++ b/windows/client-management/mdm/policy-csp-admx-com.md @@ -49,11 +49,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -61,7 +61,7 @@ manager: dansimp Education - check mark + cross mark @@ -124,11 +124,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -136,7 +136,7 @@ ADMX Info: Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md index 05ddffee0c..21bf8792f1 100644 --- a/windows/client-management/mdm/policy-csp-admx-cpls.md +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -45,11 +45,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -57,7 +57,7 @@ manager: dansimp Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md index c098646c75..9ecc74d2e9 100644 --- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -54,11 +54,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -66,7 +66,7 @@ manager: dansimp Education - check mark + cross mark @@ -124,11 +124,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -136,7 +136,7 @@ ADMX Info: Education - check mark + cross mark @@ -197,11 +197,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -209,7 +209,7 @@ ADMX Info: Education - check mark + cross mark @@ -268,11 +268,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -280,7 +280,7 @@ ADMX Info: Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md index 0f8d44967e..2d12ffdcdd 100644 --- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -48,11 +48,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -60,7 +60,7 @@ manager: dansimp Education - check mark + cross mark @@ -119,11 +119,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -131,7 +131,7 @@ ADMX Info: Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index e3fef30269..79b48babf1 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -108,11 +108,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -120,7 +120,7 @@ manager: dansimp Education - check mark + cross mark @@ -176,11 +176,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -188,7 +188,7 @@ ADMX Info: Education - check mark + cross mark @@ -253,11 +253,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -265,7 +265,7 @@ ADMX Info: Education - check mark + cross mark @@ -322,11 +322,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -334,7 +334,7 @@ ADMX Info: Education - check mark + cross mark @@ -409,11 +409,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -421,7 +421,7 @@ ADMX Info: Education - check mark + cross mark @@ -478,11 +478,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -490,7 +490,7 @@ ADMX Info: Education - check mark + cross mark @@ -547,11 +547,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -559,7 +559,7 @@ ADMX Info: Education - check mark + cross mark @@ -618,11 +618,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -630,7 +630,7 @@ ADMX Info: Education - check mark + cross mark @@ -691,11 +691,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -703,7 +703,7 @@ ADMX Info: Education - check mark + cross mark @@ -766,11 +766,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -778,7 +778,7 @@ ADMX Info: Education - check mark + cross mark @@ -840,11 +840,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -852,7 +852,7 @@ ADMX Info: Education - check mark + cross mark @@ -916,11 +916,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -928,7 +928,7 @@ ADMX Info: Education - check mark + cross mark @@ -985,11 +985,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -997,7 +997,7 @@ ADMX Info: Education - check mark + cross mark @@ -1058,11 +1058,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1070,7 +1070,7 @@ ADMX Info: Education - check mark + cross mark @@ -1134,11 +1134,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1146,7 +1146,7 @@ ADMX Info: Education - check mark + cross mark @@ -1205,11 +1205,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1217,7 +1217,7 @@ ADMX Info: Education - check mark + cross mark @@ -1281,11 +1281,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1293,7 +1293,7 @@ ADMX Info: Education - check mark + cross mark @@ -1350,11 +1350,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1362,7 +1362,7 @@ ADMX Info: Education - check mark + cross mark @@ -1422,11 +1422,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1434,7 +1434,7 @@ ADMX Info: Education - check mark + cross mark @@ -1497,11 +1497,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1509,7 +1509,7 @@ ADMX Info: Education - check mark + cross mark @@ -1568,11 +1568,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1580,7 +1580,7 @@ ADMX Info: Education - check mark + cross mark @@ -1655,11 +1655,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -1667,7 +1667,7 @@ ADMX Info: Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index 42d05c5279..07679cba68 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -69,11 +69,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -81,7 +81,7 @@ manager: dansimp Education - check mark + cross mark @@ -142,11 +142,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -154,7 +154,7 @@ ADMX Info: Education - check mark + cross mark @@ -214,11 +214,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -226,7 +226,7 @@ ADMX Info: Education - check mark + cross mark @@ -286,11 +286,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -298,7 +298,7 @@ ADMX Info: Education - check mark + cross mark @@ -357,11 +357,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -369,7 +369,7 @@ ADMX Info: Education - check mark + cross mark @@ -428,11 +428,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -440,7 +440,7 @@ ADMX Info: Education - check mark + cross mark @@ -500,11 +500,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -512,7 +512,7 @@ ADMX Info: Education - check mark + cross mark @@ -572,11 +572,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -584,7 +584,7 @@ ADMX Info: Education - check mark + cross mark @@ -643,11 +643,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -655,7 +655,7 @@ ADMX Info: Education - check mark + cross mark diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md index b964fbde10..ba0dcbb61d 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md +++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md @@ -49,11 +49,11 @@ manager: dansimp Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -61,7 +61,7 @@ manager: dansimp Education - check mark + cross mark @@ -122,11 +122,11 @@ ADMX Info: Pro - check mark + cross mark Business - check mark + cross mark Enterprise @@ -134,7 +134,7 @@ ADMX Info: Education - check mark + cross mark From c3de6f980e866c8ce97b1413d70e9113fa7d6cf9 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 2 Sep 2020 16:35:06 -0700 Subject: [PATCH 022/115] Added more Phase 1 policies --- .../policy-configuration-service-provider.md | 67 ++ .../mdm/policy-csp-admx-encryptfilesonmove.md | 116 ++++ .../policy-csp-admx-fileservervssprovider.md | 117 ++++ .../mdm/policy-csp-admx-filesys.md | 588 ++++++++++++++++++ .../mdm/policy-csp-admx-folderredirection.md | 569 +++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 17 + 6 files changed, 1474 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md create mode 100644 windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md create mode 100644 windows/client-management/mdm/policy-csp-admx-filesys.md create mode 100644 windows/client-management/mdm/policy-csp-admx-folderredirection.md diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index f4098e02d2..7af59f5534 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -383,6 +383,13 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_EncryptFilesonMove policies +
+
+ ADMX_EncryptFilesonMove/NoEncryptOnMove +
+
+ ### ADMX_EventForwarding policies
@@ -394,6 +401,66 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_FileServerVSSProvider policies +
+
+ ADMX_FileServerVSSProvider/Pol_EncryptProtocol +
+
+ +### ADMX_FileSys policies +
+
+ ADMX_FileSys/DisableCompression +
+
+ ADMX_FileSys/DisableDeleteNotification +
+
+ ADMX_FileSys/DisableEncryption +
+
+ ADMX_FileSys/EnablePagefileEncryption +
+
+ ADMX_FileSys/LongPathsEnabled +
+
+ ADMX_FileSys/ShortNameCreationSettings +
+
+ ADMX_FileSys/SymlinkEvaluation +
+
+ ADMX_FileSys/TxfDeprecatedFunctionality +
+
+ +### ADMX_FolderRedirection policies +
+
+ ADMX_FolderRedirection/DisableFRAdminPin +
+
+ ADMX_FolderRedirection/DisableFRAdminPinByFolder +
+
+ ADMX_FolderRedirection/FolderRedirectionEnableCacheRename +
+
+ ADMX_FolderRedirection/LocalizeXPRelativePaths_1 +
+
+ ADMX_FolderRedirection/LocalizeXPRelativePaths_2 +
+
+ ADMX_FolderRedirection/PrimaryComputer_FR_1 +
+
+ ADMX_FolderRedirection/PrimaryComputer_FR_2 +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md new file mode 100644 index 0000000000..ec7948b584 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md @@ -0,0 +1,116 @@ +--- +title: Policy CSP - ADMX_EncryptFilesonMove +description: Policy CSP - ADMX_EncryptFilesonMove +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/02/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_EncryptFilesonMove +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_EncryptFilesonMove policies + +
+
+ ADMX_EncryptFilesonMove/NoEncryptOnMove +
+
+ + +
+ + +**ADMX_EncryptFilesonMove/NoEncryptOnMove** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder. + +If you enable this policy setting, File Explorer will not automatically encrypt files that are moved to an encrypted folder. + +If you disable or do not configure this policy setting, File Explorer automatically encrypts files that are moved to an encrypted folder. + +This setting applies only to files moved within a volume. When files are moved to other volumes, or if you create a new file in an encrypted folder, File Explorer encrypts those files automatically. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not automatically encrypt files moved to encrypted folders* +- GP name: *NoEncryptOnMove* +- GP path: *System* +- GP ADMX file name: *EncryptFilesonMove.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md new file mode 100644 index 0000000000..78ba8174f4 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md @@ -0,0 +1,117 @@ +--- +title: Policy CSP - ADMX_FileServerVSSProvider +description: Policy CSP - ADMX_FileServerVSSProvider +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/02/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_FileServerVSSProvider +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_FileServerVSSProvider policies + +
+
+ ADMX_FileServerVSSProvider/Pol_EncryptProtocol +
+
+ + +
+ + +**ADMX_FileServerVSSProvider/Pol_EncryptProtocol** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. + +VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. + +By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. + +> [!NOTE] +> To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.* +- GP name: *EncryptProtocol* +- GP path: *System/File Share Shadow Copy Provider* +- GP ADMX file name: *FileServerVSSProvider.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md new file mode 100644 index 0000000000..c669f3279e --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-filesys.md @@ -0,0 +1,588 @@ +--- +title: Policy CSP - ADMX_FileSys +description: Policy CSP - ADMX_FileSys +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/02/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_FileSys +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_FileSys policies + +
+
+ ADMX_FileSys/DisableCompression +
+
+ ADMX_FileSys/DisableDeleteNotification +
+
+ ADMX_FileSys/DisableEncryption +
+
+ ADMX_FileSys/EnablePagefileEncryption +
+
+ ADMX_FileSys/LongPathsEnabled +
+
+ ADMX_FileSys/ShortNameCreationSettings +
+
+ ADMX_FileSys/SymlinkEvaluation +
+
+ ADMX_FileSys/TxfDeprecatedFunctionality +
+
+ + +
+ + +**ADMX_FileSys/DisableCompression** + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow compression on all NTFS volumes* +- GP name: *NtfsDisableCompression* +- GP path: *System/Filesystem/NTFS* +- GP ADMX file name: *FileSys.admx* + + + +
+ + +**ADMX_FileSys/DisableDeleteNotification** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation. + +A value of 0, the default, will enable delete notifications for all volumes. + +A value of 1 will disable delete notifications for all volumes. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable delete notifications on all volumes* +- GP name: *DisableDeleteNotification* +- GP path: *System/Filesystem* +- GP ADMX file name: *FileSys.admx* + + + +
+ + +**ADMX_FileSys/DisableEncryption** + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow encryption on all NTFS volumes* +- GP name: *NtfsDisableEncryption* +- GP path: *System/Filesystem/NTFS* +- GP ADMX file name: *FileSys.admx* + + + +
+ + +**ADMX_FileSys/EnablePagefileEncryption** + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable NTFS pagefile encryption* +- GP name: *NtfsEncryptPagingFile* +- GP path: *System/Filesystem/NTFS* +- GP ADMX file name: *FileSys.admx* + + + +
+ + +**ADMX_FileSys/LongPathsEnabled** + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable Win32 long paths* +- GP name: *LongPathsEnabled* +- GP path: *System/Filesystem* +- GP ADMX file name: *FileSys.admx* + + + +
+ + +**ADMX_FileSys/ShortNameCreationSettings** + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system. + +If you enable short names on all volumes then short names will always be generated. If you disable them on all volumes then they will never be generated. If you set short name creation to be configurable on a per volume basis then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes then short names will only be generated for files created on the system volume. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Short name creation options* +- GP name: *NtfsDisable8dot3NameCreation* +- GP path: *System/Filesystem/NTFS* +- GP ADMX file name: *FileSys.admx* + + + +
+ + +**ADMX_FileSys/SymlinkEvaluation** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links: + +- Local Link to a Local Target +- Local Link to a Remote Target +- Remote Link to Remote Target +- Remote Link to Local Target + +For more information, refer to the Windows Help section. + +> [!NOTE] +> If this policy is disabled or not configured, local administrators may select the types of symbolic links to be evaluated. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Selectively allow the evaluation of a symbolic link* +- GP name: *SymlinkLocalToLocalEvaluation* +- GP path: *System/Filesystem* +- GP ADMX file name: *FileSys.admx* + + + +
+ + +**ADMX_FileSys/TxfDeprecatedFunctionality** + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Enable it if you want to use the APIs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable / disable TXF deprecated features* +- GP name: *NtfsEnableTxfDeprecatedFunctionality* +- GP path: *System/Filesystem/NTFS* +- GP ADMX file name: *FileSys.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md new file mode 100644 index 0000000000..36a90041bd --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md @@ -0,0 +1,569 @@ +--- +title: Policy CSP - ADMX_FolderRedirection +description: Policy CSP - ADMX_FolderRedirection +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/02/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_FolderRedirection +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_FolderRedirection policies + +
+
+ ADMX_FolderRedirection/DisableFRAdminPin +
+
+ ADMX_FolderRedirection/DisableFRAdminPinByFolder +
+
+ ADMX_FolderRedirection/FolderRedirectionEnableCacheRename +
+
+ ADMX_FolderRedirection/LocalizeXPRelativePaths_1 +
+
+ ADMX_FolderRedirection/LocalizeXPRelativePaths_2 +
+
+ ADMX_FolderRedirection/PrimaryComputer_FR_1 +
+
+ ADMX_FolderRedirection/PrimaryComputer_FR_2 +
+
+ + +
+ + +**ADMX_FolderRedirection/DisableFRAdminPin** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default. + +If you enable this policy setting, users must manually select the files they wish to make available offline. + +If you disable or do not configure this policy setting, redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline. + +> [!NOTE] +> This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. + +> Do not enable this policy setting if users will need access to their redirected files if the network or server holding the redirected files becomes unavailable. + +> If one or more valid folder GUIDs are specified in the policy setting "Do not automatically make specific redirected folders available offline", that setting will override the configured value of "Do not automatically make all redirected folders available offline". + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not automatically make all redirected folders available offline* +- GP name: *DisableFRAdminPin* +- GP path: *System/Folder Redirection* +- GP ADMX file name: *FolderRedirection.admx* + + + +
+ + +**ADMX_FolderRedirection/DisableFRAdminPinByFolder** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether individual redirected shell folders are available offline by default. + +For the folders affected by this setting, users must manually select the files they wish to make available offline. + +If you disable or do not configure this policy setting, all redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline. + +> [!NOTE] +> This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. + +> The configuration of this policy for any folder will override the configured value of "Do not automatically make all redirected folders available offline". + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not automatically make specific redirected folders available offline* +- GP name: *DisableFRAdminPinByFolder* +- GP path: *System/Folder Redirection* +- GP ADMX file name: *FolderRedirection.admx* + + + +
+ + +**ADMX_FolderRedirection/FolderRedirectionEnableCacheRename** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or simply renamed in the Offline Files cache when a folder is redirected to a new location. + +If you enable this policy setting, when the path to a redirected folder is changed from one network location to another and Folder Redirection is configured to move the content to the new location, instead of copying the content to the new location, the cached content is renamed in the local cache and not copied to the new location. To use this policy setting, you must move or restore the server content to the new network location using a method that preserves the state of the files, including their timestamps, before updating the Folder Redirection location. + +If you disable or do not configure this policy setting, when the path to a redirected folder is changed and Folder Redirection is configured to move the content to the new location, Windows copies the contents of the local cache to the new network location, then deleted the content from the old network location. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable optimized move of contents in Offline Files cache on Folder Redirection server path change* +- GP name: *FolderRedirectionEnableCacheRename* +- GP path: *System/Folder Redirection* +- GP ADMX file name: *FolderRedirection.admx* + + + +
+ + +**ADMX_FolderRedirection/LocalizeXPRelativePaths_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively. + +If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder. + +If you disable or not configure this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use the standard English names for these subfolders when redirecting the Start Menu or legacy My Documents folder. + +> [!NOTE] +> This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirection policy already deployed for these folders in your existing localized environment. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Use localized subfolder names when redirecting Start Menu and My Documents* +- GP name: *LocalizeXPRelativePaths* +- GP path: *System/Folder Redirection* +- GP ADMX file name: *FolderRedirection.admx* + + + +
+ + +**ADMX_FolderRedirection/LocalizeXPRelativePaths_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively. + +If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder. + +If you disable or not configure this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use the standard English names for these subfolders when redirecting the Start Menu or legacy My Documents folder. + +> [!NOTE] +> This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirection policy already deployed for these folders in your existing localized environment. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Use localized subfolder names when redirecting Start Menu and My Documents* +- GP name: *LocalizeXPRelativePaths* +- GP path: *System/Folder Redirection* +- GP ADMX file name: *FolderRedirection.admx* + + + +
+ + +**ADMX_FolderRedirection/PrimaryComputer_FR_1** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office. + +To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function. + +If you enable this policy setting and the user has redirected folders, such as the Documents and Pictures folders, the folders are redirected on the user's primary computer only. + +If you disable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user logs on to. + +> [!NOTE] +> If you enable this policy setting in Computer Configuration and User Configuration, the Computer Configuration policy setting takes precedence. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Redirect folders on primary computers only* +- GP name: *PrimaryComputerEnabledFR* +- GP path: *System/Folder Redirection* +- GP ADMX file name: *FolderRedirection.admx* + + + +
+ + +**ADMX_FolderRedirection/PrimaryComputer_FR_2** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office. + +To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function. + +If you enable this policy setting and the user has redirected folders, such as the Documents and Pictures folders, the folders are redirected on the user's primary computer only. + +If you disable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user logs on to. + +> [!NOTE] +> If you enable this policy setting in Computer Configuration and User Configuration, the Computer Configuration policy setting takes precedence. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Redirect folders on primary computers only* +- GP name: *PrimaryComputerEnabledFR* +- GP path: *System/Folder Redirection* +- GP ADMX file name: *FolderRedirection.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index fb016d503a..583cd61135 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -80,8 +80,25 @@ ms.date: 08/18/2020 - [ADMX_DWM/DwmDisallowColorizationColorChanges_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowcolorizationcolorchanges-2) - [ADMX_DWM/DwmDisallowFlip3D_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowflip3d-1) - [ADMX_DWM/DwmDisallowFlip3D_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowflip3d-2) +- [ADMX_EncryptFilesonMove/NoEncryptOnMove](./policy-csp-admx-encryptfilesonmove.md#admx-encryptfilesonmove-noencryptonmove) - [ADMX_EventForwarding/ForwarderResourceUsage](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-forwarderresourceusage) - [ADMX_EventForwarding/SubscriptionManager](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-subscriptionmanager) +- [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol) +- [ADMX_FileSys/DisableCompression](./policy-csp-admx-filesys.md#admx-filesys-disablecompression) +- [ADMX_FileSys/DisableDeleteNotification](./policy-csp-admx-filesys.md#admx-filesys-disabledeletenotification) +- ADMX_FileSys/DisableEncryption](./policy-csp-admx-filesys.md#admx-filesys-disableencryption) +- [ADMX_FileSys/EnablePagefileEncryption](./policy-csp-admx-filesys.md#admx-filesys-enablepagefileencryption) +- [ADMX_FileSys/LongPathsEnabled](./policy-csp-admx-filesys.md#admx-filesys-longpathsenabled) +- [ADMX_FileSys/ShortNameCreationSettings](./policy-csp-admx-filesys.md#admx-filesys-shortnamecreationsettings) +- [ADMX_FileSys/SymlinkEvaluation](./policy-csp-admx-filesys.md#admx-filesys-symlinkevaluation) +- [ADMX_FileSys/TxfDeprecatedFunctionality](./policy-csp-admx-filesys.md#admx-filesys-txfdeprecatedfunctionality) +- [ADMX_FolderRedirection/DisableFRAdminPin](./policy-csp-admx-folderredirection.md#admx-folderredirection-disablefradminpin) +- [ADMX_FolderRedirection/DisableFRAdminPinByFolder](./policy-csp-admx-folderredirection.md#admx-folderredirection-disablefradminpinbyfolder) +- [ADMX_FolderRedirection/FolderRedirectionEnableCacheRename](./policy-csp-admx-folderredirection.md#admx-folderredirection-folderredirectionenablecacherename) +- [ADMX_FolderRedirection/LocalizeXPRelativePaths_1](./policy-csp-admx-folderredirection.md#admx-folderredirection-localizexprelativepaths-1) +- [ADMX_FolderRedirection/LocalizeXPRelativePaths_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-localizexprelativepaths-2) +- [ADMX_FolderRedirection/PrimaryComputer_FR_1](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-1) +- [ADMX_FolderRedirection/PrimaryComputer_FR_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-2) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From 257764fa808d142d8b98fa7a0657bda7c8ce5561 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 3 Sep 2020 12:17:33 -0700 Subject: [PATCH 023/115] Updated TOC --- windows/client-management/mdm/TOC.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 1e7d3b4db7..0ae110f8a1 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -181,7 +181,11 @@ #### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) #### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) #### [ADMX_DWM](policy-csp-admx-dwm.md) +#### [ADMX_EncryptFilesonMove](policy-csp-admx-encryptfilesonmove.md) #### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) +#### [ADMX_FileServerVSSProvider](policy-csp-admx-fileservervssprovider.md) +#### [ADMX_FileSys](policy-csp-admx-filesys.md) +#### [ADMX_FolderRedirection](policy-csp-admx-folderredirection.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) From b02c719a62c6715f6489b01b5043756b7196a18a Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 3 Sep 2020 15:31:50 -0700 Subject: [PATCH 024/115] Added two new policies --- windows/client-management/mdm/TOC.md | 2 + .../policy-configuration-service-provider.md | 32 ++ .../mdm/policy-csp-admx-help.md | 355 ++++++++++++++++++ .../mdm/policy-csp-admx-helpandsupport.md | 331 ++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 8 + 5 files changed, 728 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-help.md create mode 100644 windows/client-management/mdm/policy-csp-admx-helpandsupport.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 0ae110f8a1..823fb83d7d 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -186,6 +186,8 @@ #### [ADMX_FileServerVSSProvider](policy-csp-admx-fileservervssprovider.md) #### [ADMX_FileSys](policy-csp-admx-filesys.md) #### [ADMX_FolderRedirection](policy-csp-admx-folderredirection.md) +#### [ADMX_Help](policy-csp-admx-help.md) +#### [ADMX_HelpAndSupport](policy-csp-admx-helpandsupport.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 7af59f5534..d4d22830a6 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -461,6 +461,38 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_Help policies +
+
+ ADMX_Help/DisableHHDEP +
+
+ ADMX_Help/HelpQualifiedRootDir_Comp +
+
+ ADMX_Help/RestrictRunFromHelp +
+
+ ADMX_Help/RestrictRunFromHelp_Comp +
+
+ +### ADMX_HelpAndSupport policies +
+
+ ADMX_HelpAndSupport/ActiveHelp +
+
+ ADMX_HelpAndSupport/HPExplicitFeedback +
+
+ ADMX_HelpAndSupport/HPImplicitFeedback +
+
+ ADMX_HelpAndSupport/HPOnlineAssistance +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md new file mode 100644 index 0000000000..6a2eab55fc --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-help.md @@ -0,0 +1,355 @@ +--- +title: Policy CSP - ADMX_Help +description: Policy CSP - ADMX_Help +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/03/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_Help +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_Help policies + +
+
+ ADMX_Help/DisableHHDEP +
+
+ ADMX_Help/HelpQualifiedRootDir_Comp +
+
+ ADMX_Help/RestrictRunFromHelp +
+
+ ADMX_Help/RestrictRunFromHelp_Comp +
+
+ + +
+ + +**ADMX_Help/DisableHHDEP** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention. + +Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely. + +If you enable this policy setting, DEP for HTML Help Executable is turned off. This will allow certain legacy ActiveX controls to function without DEP shutting down HTML Help Executable. + +If you disable or do not configure this policy setting, DEP is turned on for HTML Help Executable. This provides an additional security benefit, but HTML Help stops if DEP detects system memory abnormalities. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Data Execution Prevention for HTML Help Executible* +- GP name: *DisableHHDEP* +- GP path: *System* +- GP ADMX file name: *Help.admx* + + + +
+ + +**ADMX_Help/HelpQualifiedRootDir_Comp** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It is strongly recommended that only folders requiring administrative privileges be added to this policy setting. + +If you enable this policy setting, the commands function only for .chm files in the specified folders and their subfolders. + +To restrict the commands to one or more folders, enable the policy setting and enter the desired folders in the text box on the Settings tab of the Policy Properties dialog box. Use a semicolon to separate folders. For example, to restrict the commands to only .chm files in the %windir%\help folder and D:\somefolder, add the following string to the edit box: "%windir%\help;D:\somefolder". + +> [!NOTE] +> An environment variable may be used, (for example, %windir%), as long as it is defined on the system. For example, %programfiles% is not defined on some early versions of Windows. + +The "Shortcut" command is used to add a link to a Help topic, and runs executables that are external to the Help file. The "WinHelp" command is used to add a link to a Help topic, and runs a WinHLP32.exe Help (.hlp) file. + +To disallow the "Shortcut" and "WinHelp" commands on the entire local system, enable the policy setting and leave the text box on the Settings tab of the Policy Properties dialog box blank. + +If you disable or do not configure this policy setting, these commands are fully functional for all Help files. + +> [!NOTE] +> Only folders on the local computer can be specified in this policy setting. You cannot use this policy setting to enable the "Shortcut" and "WinHelp" commands for .chm files that are stored on mapped drives or accessed using UNC paths. + +For additional options, see the "Restrict these programs from being launched from Help" policy. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Restrict potentially unsafe HTML Help functions to specified folders* +- GP name: *HelpQualifiedRootDir* +- GP path: *System* +- GP ADMX file name: *Help.admx* + + + +
+ + +**ADMX_Help/RestrictRunFromHelp** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to restrict programs from being run from online Help. + +If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas. + +If you disable or do not configure this policy setting, users can run all applications from online Help. + +> [!NOTE] +> You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings. + +> This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Restrict these programs from being launched from Help* +- GP name: *DisableInHelp* +- GP path: *System* +- GP ADMX file name: *Help.admx* + + + +
+ + +**ADMX_Help/RestrictRunFromHelp_Comp** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to restrict programs from being run from online Help. + +If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas. + +If you disable or do not configure this policy setting, users can run all applications from online Help. + +> [!NOTE] +> You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings. + +> This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Restrict these programs from being launched from Help* +- GP name: *DisableInHelp* +- GP path: *System* +- GP ADMX file name: *Help.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md new file mode 100644 index 0000000000..c076fcbc0b --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md @@ -0,0 +1,331 @@ +--- +title: Policy CSP - ADMX_HelpAndSupport +description: Policy CSP - ADMX_HelpAndSupport +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/03/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_HelpAndSupport +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_HelpAndSupport policies + +
+
+ ADMX_HelpAndSupport/ActiveHelp +
+
+ ADMX_HelpAndSupport/HPExplicitFeedback +
+
+ ADMX_HelpAndSupport/HPImplicitFeedback +
+
+ ADMX_HelpAndSupport/HPOnlineAssistance +
+
+ + +
+ + +**ADMX_HelpAndSupport/ActiveHelp** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links. + +If you enable this policy setting, active content links are not rendered. The text is displayed, but there are no clickable links for these elements. + +If you disable or do not configure this policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements). + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Active Help* +- GP name: *NoActiveHelp* +- GP path: *Windows Components/Online Assistance* +- GP ADMX file name: *HelpAndSupport.admx* + + + +
+ + +**ADMX_HelpAndSupport/HPExplicitFeedback** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can provide ratings for Help content. + +If you enable this policy setting, ratings controls are not added to Help content. + +If you disable or do not configure this policy setting, ratings controls are added to Help topics. + +Users can use the control to provide feedback on the quality and usefulness of the Help and Support content. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Help Ratings* +- GP name: *NoExplicitFeedback* +- GP path: *System/Internet Communication Management/Internet Communication settings* +- GP ADMX file name: *HelpAndSupport.admx* + + + +
+ + +**ADMX_HelpAndSupport/HPImplicitFeedback** + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it. + +If you enable this policy setting, users cannot participate in the Help Experience Improvement program. + +If you disable or do not configure this policy setting, users can turn on the Help Experience Improvement program feature from the Help and Support settings page. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Help Experience Improvement Program* +- GP name: *NoImplicitFeedback* +- GP path: *System/Internet Communication Management/Internet Communication settings* +- GP ADMX file name: *HelpAndSupport.admx* + + + +
+ + +**ADMX_HelpAndSupport/HPOnlineAssistance** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows. + +If you enable this policy setting, users are prevented from accessing online assistance content from Windows Online. + +If you disable or do not configure this policy setting, users can access online assistance if they have a connection to the Internet and have not disabled Windows Online from the Help and Support Options page. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Windows Online* +- GP name: *NoOnlineAssist* +- GP path: *System/Internet Communication Management/Internet Communication settings* +- GP ADMX file name: *HelpAndSupport.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 583cd61135..9df452c950 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -99,6 +99,14 @@ ms.date: 08/18/2020 - [ADMX_FolderRedirection/LocalizeXPRelativePaths_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-localizexprelativepaths-2) - [ADMX_FolderRedirection/PrimaryComputer_FR_1](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-1) - [ADMX_FolderRedirection/PrimaryComputer_FR_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-2) +- [ADMX_Help/DisableHHDEP](./policy-csp-admx-help.md#admx-help-disablehhdep) +- [ADMX_Help/HelpQualifiedRootDir_Comp](./policy-csp-admx-help.md#admx-help-helpqualifiedrootdir-comp) +- [ADMX_Help/RestrictRunFromHelp](./policy-csp-admx-help.md#admx-help-restrictrunfromhelp) +- [ADMX_Help/RestrictRunFromHelp_Comp](./policy-csp-admx-help.md#admx-help-restrictrunfromhelp-comp) +- [ADMX_HelpAndSupport/ActiveHelp](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-activehelp) +- [ADMX_HelpAndSupport/HPExplicitFeedback](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hpexplicitfeedback) +- [ADMX_HelpAndSupport/HPImplicitFeedback](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hpimplicitfeedback) +- [ADMX_HelpAndSupport/HPOnlineAssistance](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hponlineassistance) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From af5e6a8f0c31eeab73187d681938b0b7e41ab125 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 3 Sep 2020 16:54:09 -0700 Subject: [PATCH 025/115] Added kdc policies --- windows/client-management/mdm/TOC.md | 1 + .../policy-configuration-service-provider.md | 22 + .../mdm/policy-csp-admx-kdc.md | 517 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 6 + 4 files changed, 546 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-kdc.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 823fb83d7d..d8792f5dc5 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -188,6 +188,7 @@ #### [ADMX_FolderRedirection](policy-csp-admx-folderredirection.md) #### [ADMX_Help](policy-csp-admx-help.md) #### [ADMX_HelpAndSupport](policy-csp-admx-helpandsupport.md) +#### [ADMX_kdc](policy-csp-admx-kdc.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index d4d22830a6..40c53231d6 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -493,6 +493,28 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_kdc policies +
+
+ ADMX_kdc/CbacAndArmor +
+
+ ADMX_kdc/ForestSearch +
+
+ ADMX_kdc/PKINITFreshness +
+
+ ADMX_kdc/RequestCompoundId +
+
+ ADMX_kdc/TicketSizeThreshold +
+
+ ADMX_kdc/emitlili +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md new file mode 100644 index 0000000000..eeaae0037a --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-kdc.md @@ -0,0 +1,517 @@ +--- +title: Policy CSP - ADMX_kdc +description: Policy CSP - ADMX_kdc +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/13/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_kdc +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_kdc policies + +
+
+ ADMX_kdc/CbacAndArmor +
+
+ ADMX_kdc/ForestSearch +
+
+ ADMX_kdc/PKINITFreshness +
+
+ ADMX_kdc/RequestCompoundId +
+
+ ADMX_kdc/TicketSizeThreshold +
+
+ ADMX_kdc/emitlili +
+
+ + +
+ + +**ADMX_kdc/CbacAndArmor** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication. + +If you enable this policy setting, client computers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. + +If you disable or do not configure this policy setting, the domain controller does not support claims, compound authentication or armoring. + +If you configure the "Not supported" option, the domain controller does not support claims, compound authentication or armoring which is the default behavior for domain controllers running Windows Server 2008 R2 or earlier operating systems. + +> [!NOTE] +> For the following options of this KDC policy to be effective, the Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must be enabled on supported systems. If the Kerberos policy setting is not enabled, Kerberos authentication messages will not use these features. + +If you configure "Supported", the domain controller supports claims, compound authentication and Kerberos armoring. The domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring. + +**Domain functional level requirements** + +For the options "Always provide claims" and "Fail unarmored authentication requests", when the domain functional level is set to Windows Server 2008 R2 or earlier then domain controllers behave as if the "Supported" option is selected. + +When the domain functional level is set to Windows Server 2012 then the domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring, and: + +- If you set the "Always provide claims" option, always returns claims for accounts and supports the RFC behavior for advertising the flexible authentication secure tunneling (FAST). +- If you set the "Fail unarmored authentication requests" option, rejects unarmored Kerberos messages. + +> [!WARNING] +> When "Fail unarmored authentication requests" is set, then client computers which do not support Kerberos armoring will fail to authenticate to the domain controller. + +To ensure this feature is effective, deploy enough domain controllers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware to handle the authentication requests. Insufficient number of domain controllers that support this policy result in authentication failures whenever Dynamic Access Control or Kerberos armoring is required (that is, the "Supported" option is enabled). + +Impact on domain controller performance when this policy setting is enabled: + +- Secure Kerberos domain capability discovery is required resulting in additional message exchanges. +- Claims and compound authentication for Dynamic Access Control increases the size and complexity of the data in the message which results in more processing time and greater Kerberos service ticket size. +- Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors which results in increased processing time, but does not change the service ticket size. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *KDC support for claims, compound authentication and Kerberos armoring* +- GP name: *EnableCbacAndArmor* +- GP path: *System/KDC* +- GP ADMX file name: *kdc.admx* + + + +
+ + +**ADMX_kdc/ForestSearch** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs). + +If you enable this policy setting, the KDC will search the forests in this list if it is unable to resolve a two-part SPN in the local forest. The forest search is performed by using a global catalog or name suffix hints. If a match is found, the KDC will return a referral ticket to the client for the appropriate domain. + +If you disable or do not configure this policy setting, the KDC will not search the listed forests to resolve the SPN. If the KDC is unable to resolve the SPN because the name is not found, NTLM authentication might be used. + +To ensure consistent behavior, this policy setting must be supported and set identically on all domain controllers in the domain. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Use forest search order* +- GP name: *UseForestSearch* +- GP path: *System/KDC* +- GP ADMX file name: *kdc.admx* + + + +
+ + +**ADMX_kdc/PKINITFreshness** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Support for PKInit Freshness Extension requires Windows Server 2016 domain functional level (DFL). If the domain controller’s domain is not at Windows Server 2016 DFL or higher this policy will not be applied. + +This policy setting allows you to configure a domain controller (DC) to support the PKInit Freshness Extension. + +If you enable this policy setting, the following options are supported: + +Supported: PKInit Freshness Extension is supported on request. Kerberos clients successfully authenticating with the PKInit Freshness Extension will get the fresh public key identity SID. + +Required: PKInit Freshness Extension is required for successful authentication. Kerberos clients which do not support the PKInit Freshness Extension will always fail when using public key credentials. + +If you disable or not configure this policy setting, then the DC will never offer the PKInit Freshness Extension and accept valid authentication requests without checking for freshness. Users will never receive the fresh public key identity SID. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *KDC support for PKInit Freshness Extension* +- GP name: *PKINITFreshness* +- GP path: *System/KDC* +- GP ADMX file name: *kdc.admx* + + + +
+ + +**ADMX_kdc/RequestCompoundId** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure a domain controller to request compound authentication. + +> [!NOTE] +> For a domain controller to request compound authentication, the policy "KDC support for claims, compound authentication, and Kerberos armoring" must be configured and enabled. + +If you enable this policy setting, domain controllers will request compound authentication. The returned service ticket will contain compound authentication only when the account is explicitly configured. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. + +If you disable or do not configure this policy setting, domain controllers will return service tickets that contain compound authentication any time the client sends a compound authentication request regardless of the account configuration. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Request compound authentication* +- GP name: *RequestCompoundId* +- GP path: *System/KDC* +- GP ADMX file name: *kdc.admx* + + + +
+ + +**ADMX_kdc/TicketSizeThreshold** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure at what size Kerberos tickets will trigger the warning event issued during Kerberos authentication. The ticket size warnings are logged in the System log. + +If you enable this policy setting, you can set the threshold limit for Kerberos ticket which trigger the warning events. If set too high, then authentication failures might be occurring even though warning events are not being logged. If set too low, then there will be too many ticket warnings in the log to be useful for analysis. This value should be set to the same value as the Kerberos policy "Set maximum Kerberos SSPI context token buffer size" or the smallest MaxTokenSize used in your environment if you are not configuring using Group Policy. + +If you disable or do not configure this policy setting, the threshold value defaults to 12,000 bytes, which is the default Kerberos MaxTokenSize for Windows 7, Windows Server 2008 R2 and prior versions. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Warning for large Kerberos tickets* +- GP name: *EnableTicketSizeThreshold* +- GP path: *System/KDC* +- GP ADMX file name: *kdc.admx* + + + +
+ + +**ADMX_kdc/emitlili** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether the domain controller provides information about previous logons to client computers. + +If you enable this policy setting, the domain controller provides the information message about previous logons. + +For Windows Logon to leverage this feature, the "Display information about previous logons during user logon" policy setting located in the Windows Logon Options node under Windows Components also needs to be enabled. + +If you disable or do not configure this policy setting, the domain controller does not provide information about previous logons unless the "Display information about previous logons during user logon" policy setting is enabled. + +> [!NOTE] +> Information about previous logons is provided only if the domain functional level is Windows Server 2008. In domains with a domain functional level of Windows Server 2003, Windows 2000 native, or Windows 2000 mixed, domain controllers cannot provide information about previous logons, and enabling this policy setting does not affect anything. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Provide information about previous logons to client computers* +- GP name: *EmitLILI* +- GP path: *System/KDC* +- GP ADMX file name: *kdc.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 9df452c950..59e8966494 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -107,6 +107,12 @@ ms.date: 08/18/2020 - [ADMX_HelpAndSupport/HPExplicitFeedback](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hpexplicitfeedback) - [ADMX_HelpAndSupport/HPImplicitFeedback](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hpimplicitfeedback) - [ADMX_HelpAndSupport/HPOnlineAssistance](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hponlineassistance) +- [ADMX_kdc/CbacAndArmor](./policy-csp-admx-kdc.md#admx-kdc-cbacandarmor) +- [ADMX_kdc/ForestSearch](./policy-csp-admx-kdc.md#admx-kdc-forestsearch) +- [ADMX_kdc/PKINITFreshness](./policy-csp-admx-kdc.md#admx-kdc-pkinitfreshness) +- [ADMX_kdc/RequestCompoundId](./policy-csp-admx-kdc.md#admx-kdc-requestcompoundid) +- [ADMX_kdc/TicketSizeThreshold](./policy-csp-admx-kdc.md#admx-kdc-ticketsizethreshold) +- [ADMX_kdc/emitlili](./policy-csp-admx-kdc.md#admx-kdc-emitlili) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From 032a7518c5047cdcacbab7c2202ae93ee1101351 Mon Sep 17 00:00:00 2001 From: Mark Wodrich Date: Thu, 3 Sep 2020 16:54:44 -0700 Subject: [PATCH 026/115] Update StackPivot compatibility considerations --- .../microsoft-defender-atp/exploit-protection-reference.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md index d8f35500f4..388335525b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md @@ -667,7 +667,7 @@ Compatibility issues are uncommon. Applications which depend on replacing Window ### Description -The *validate stack integrity (StackPivot) mitigation helps protect against the Stack Pivot attack, a ROP attack where an attacker creates a fake stack in heap memory, and then tricks the application into returning into the fake stack which controls the flow of execution. +The *validate stack integrity (StackPivot)* mitigation helps protect against the Stack Pivot attack, a ROP attack where an attacker creates a fake stack in heap memory, and then tricks the application into returning into the fake stack which controls the flow of execution. This mitigation intercepts a number of Windows APIs, and inspects the value of the stack pointer. If the address of the stack pointer does not fall between the bottom and the top of the stack, then an event is recorded and, if not in audit mode, the process will be terminated. @@ -710,7 +710,10 @@ The APIs intercepted by this mitigation are: ### Compatibility considerations -Compatibility issues are uncommon. Applications which are leveraging fake stacks will be impacted, and there is also a small risk of revealing subtle timing bugs in multi-threaded applications. +Applications which are leveraging fake stacks will be impacted, and there is also a small risk of revealing subtle timing bugs in multi-threaded applications. +Applications which perform API interception, particularly security software, can cause compatibility problems with this mitigation. + +This mitigation is incompatible with the Arbitrary Code Guard mitigation. ### Configuration options From ae76541e4ff5c03ea8f69a10255ca577cc96713b Mon Sep 17 00:00:00 2001 From: Ben Watt <13239035+wattbt@users.noreply.github.com> Date: Fri, 4 Sep 2020 14:09:05 +0100 Subject: [PATCH 027/115] Added missing final steps The steps for deploying the custom configuration profile did not finish as the previous section did, by explaining how the configuration profile should be assigned. I have added identical steps to the Systems Extension Policy before it. --- .../microsoft-defender-atp/mac-sysext-policies.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index 3cd6ef23e7..a146b082c5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -279,3 +279,5 @@ To deploy this custom configuration profile: ![System extension in Intune screenshot](images/mac-system-extension-intune.png) +5. In the `Assignments` tab, assign this profile to **All Users & All devices**. +6. Review and create this configuration profile. From 02906ff61bf797b97476a1085c83b80ba9ba2e2a Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Fri, 4 Sep 2020 08:57:04 -0700 Subject: [PATCH 028/115] Added fix for TCP fragmentation issue --- .../faq-md-app-guard.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 4dcd95abef..b787eae223 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -172,3 +172,11 @@ To understand why it is not enabled in Enterprise mode, check the status of the For CSP (Intune) you can query the status node by using **Get**. This is described in the [Application Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/windowsdefenderapplicationguard-csp). On this page, you will see the **status** node as well as the meaning of each bit. If the status is not 63, you are missing a prerequisite. For Group Policy you need to look at the registry. See **Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HVSIGP** Status. The meaning of each bit is the same as the CSP. + +### I'm encountering TCP fragmentation issue, and cannot enable my VPN connection. How do I fix this? + +WinNAT drops ICMP/UDP messages with packets greater than MTU when using Default Switch or Docker NAT network. Support for this has been added in [KB4571744](https://www.catalog.update.microsoft.com/Search.aspx?q=4571744). To fix the issue, install the update and enable the fix through these steps: + +a. Ensure that the FragmentAware DWORD is set to 1 in this registry settings: "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Services\\Winnat" + +b. Reboot. From deb31fdc1f9a2eabc8fa6f5030d0d6150d5fc9f0 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 4 Sep 2020 14:16:04 -0700 Subject: [PATCH 029/115] Added new admx-backed policies --- windows/client-management/mdm/TOC.md | 3 + .../policy-configuration-service-provider.md | 45 ++ .../mdm/policy-csp-admx-auditsettings.md | 2 +- .../mdm/policy-csp-admx-lanmanserver.md | 381 +++++++++++++++ ...icy-csp-admx-linklayertopologydiscovery.md | 190 ++++++++ .../mdm/policy-csp-admx-mmc.md | 445 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 11 + 7 files changed, 1076 insertions(+), 1 deletion(-) create mode 100644 windows/client-management/mdm/policy-csp-admx-lanmanserver.md create mode 100644 windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md create mode 100644 windows/client-management/mdm/policy-csp-admx-mmc.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index d8792f5dc5..4fda5ba460 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -189,6 +189,9 @@ #### [ADMX_Help](policy-csp-admx-help.md) #### [ADMX_HelpAndSupport](policy-csp-admx-helpandsupport.md) #### [ADMX_kdc](policy-csp-admx-kdc.md) +#### [ADMX_LanmanServer](policy-csp-admx-lanmanserver.md) +#### [ADMX_LinkLayerTopologyDiscovery](policy-csp-admx-linklayertopologydiscovery.md) +#### [ADMX_MMC](policy-csp-admx-mmc.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 40c53231d6..eb0216e211 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -515,6 +515,51 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_LanmanServer policies +
+
+ ADMX_LanmanServer/Pol_CipherSuiteOrder +
+
+ ADMX_LanmanServer/Pol_HashPublication +
+
+ ADMX_LanmanServer/Pol_HashSupportVersion +
+
+ ADMX_LanmanServer/Pol_HonorCipherSuiteOrder +
+
+ +### ADMX_LinkLayerTopologyDiscovery policies +
+
+ ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO +
+
+ ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr +
+
+ +### ADMX_MMC policies +
+
+ ADMX_MMC/MMC_ActiveXControl +
+
+ ADMX_MMC/MMC_ExtendView +
+
+ ADMX_MMC/MMC_LinkToWeb +
+
+ ADMX_MMC/MMC_Restrict_Author +
+
+ ADMX_MMC/MMC_Restrict_To_Permitted_Snapins +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index 9a7fa24739..1417d0598a 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -91,7 +91,7 @@ Default is Not configured. > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). ADMX Info: diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md new file mode 100644 index 0000000000..0e85c41572 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md @@ -0,0 +1,381 @@ +--- +title: Policy CSP - ADMX_LanmanServer +description: Policy CSP - ADMX_LanmanServer +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/13/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_LanmanServer +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_LanmanServer policies + +
+
+ ADMX_LanmanServer/Pol_CipherSuiteOrder +
+
+ ADMX_LanmanServer/Pol_HashPublication +
+
+ ADMX_LanmanServer/Pol_HashSupportVersion +
+
+ ADMX_LanmanServer/Pol_HonorCipherSuiteOrder +
+
+ + +
+ + +**ADMX_LanmanServer/Pol_CipherSuiteOrder** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting determines the cipher suites used by the SMB server. + +If you enable this policy setting, cipher suites are prioritized in the order specified. + +If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used. + +SMB 3.11 cipher suites: + +- AES_128_GCM +- AES_128_CCM + +SMB 3.0 and 3.02 cipher suites: + +- AES_128_CCM + +**How to modify this setting:** + +Arrange the desired cipher suites in the edit box, one cipher suite per line, in order from most to least preferred, with the most preferred cipher suite at the top. Remove any cipher suites you don't want to use. + +> [!NOTE] +> When configuring this security setting, changes will not take effect until you restart Windows. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Cipher suite order* +- GP name: *CipherSuiteOrder* +- GP path: *Network/Lanman Server* +- GP ADMX file name: *LanmanServer.admx* + + + +
+ + + +
+ + +**ADMX_LanmanServer/Pol_HashPublication** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that is stored in shared folders. This policy setting must be applied to server computers that have the File Services role and both the File Server and the BranchCache for Network Files role services installed. + +Policy configuration + +Select one of the following: + +- Not Configured. With this selection, hash publication settings are not applied to file servers. In the circumstance where file servers are domain members but you do not want to enable BranchCache on all file servers, you can specify Not Configured for this domain Group Policy setting, and then configure local machine policy to enable BranchCache on individual file servers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual servers where you want to enable BranchCache. +- Enabled. With this selection, hash publication is turned on for all file servers where Group Policy is applied. For example, if Hash Publication for BranchCache is enabled in domain Group Policy, hash publication is turned on for all domain member file servers to which the policy is applied. The file servers are then able to create content information for all content that is stored in BranchCache-enabled file shares. +- Disabled. With this selection, hash publication is turned off for all file servers where Group Policy is applied. + +In circumstances where this policy setting is enabled, you can also select the following configuration options: + +- Allow hash publication for all shared folders. With this option, BranchCache generates content information for all content in all shares on the file server. +- Allow hash publication only for shared folders on which BranchCache is enabled. With this option, content information is generated only for shared folders on which BranchCache is enabled. If you use this setting, you must enable BranchCache for individual shares in Share and Storage Management on the file server. +- Disallow hash publication on all shared folders. With this option, BranchCache does not generate content information for any shares on the computer and does not send content information to client computers that request content. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hash Publication for BranchCache* +- GP name: *HashPublicationForPeerCaching* +- GP path: *Network/Lanman Server* +- GP ADMX file name: *LanmanServer.admx* + + + +
+ + + +
+ + +**ADMX_LanmanServer/Pol_HashSupportVersion** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled. + +If you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it is the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes. + +Policy configuration + +Select one of the following: + +- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy setting. In this circumstance, which is the default, both V1 and V2 hash generation and retrieval are supported. +- Enabled. With this selection, the policy setting is applied and the hash version(s) that are specified in "Hash version supported" are generated and retrieved. +- Disabled. With this selection, both V1 and V2 hash generation and retrieval are supported. + +In circumstances where this setting is enabled, you can also select and configure the following option: + +Hash version supported: + +- To support V1 content information only, configure "Hash version supported" with the value of 1. +- To support V2 content information only, configure "Hash version supported" with the value of 2. +- To support both V1 and V2 content information, configure "Hash version supported" with the value of 3. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hash Version support for BranchCache* +- GP name: *HashSupportVersion* +- GP path: *Network/Lanman Server* +- GP ADMX file name: *LanmanServer.admx* + + + +
+ + +**ADMX_LanmanServer/Pol_HonorCipherSuiteOrder** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB client. + +If you enable this policy setting, the SMB server will select the cipher suite it most prefers from the list of client-supported cipher suites, ignoring the client's preferences. + +If you disable or do not configure this policy setting, the SMB server will select the cipher suite the client most prefers from the list of server-supported cipher suites. + +> [!NOTE] +> When configuring this security setting, changes will not take effect until you restart Windows. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Honor cipher suite order* +- GP name: *HonorCipherSuiteOrder* +- GP path: *Network/Lanman Server* +- GP ADMX file name: *LanmanServer.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md new file mode 100644 index 0000000000..8b7e93c9b9 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md @@ -0,0 +1,190 @@ +--- +title: Policy CSP - ADMX_LinkLayerTopologyDiscovery +description: Policy CSP - ADMX_LinkLayerTopologyDiscovery +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/04/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_LinkLayerTopologyDiscovery +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_LinkLayerTopologyDiscovery policies + +
+
+ ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO +
+
+ ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr +
+
+ + +
+ + +**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting changes the operational behavior of the Mapper I/O network protocol driver. + +LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network health analysis. + +If you enable this policy setting, additional options are available to fine-tune your selection. You may choose the "Allow operation while in domain" option to allow LLTDIO to operate on a network interface that's connected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "Allow operation while in public network" and "Prohibit operation while in private network" options instead. + +If you disable or do not configure this policy setting, the default behavior of LLTDIO will apply. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on Mapper I/O (LLTDIO) driver* +- GP name: *EnableLLTDIO* +- GP path: *Network/Link-Layer Topology Discovery* +- GP ADMX file name: *LinkLayerTopologyDiscovery.admx* + + + +
+ + +**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting changes the operational behavior of the Responder network protocol driver. + +The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Service activities such as bandwidth estimation and network health analysis. + +If you enable this policy setting, additional options are available to fine-tune your selection. You may choose the "Allow operation while in domain" option to allow the Responder to operate on a network interface that's connected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "Allow operation while in public network" and "Prohibit operation while in private network" options instead. + +If you disable or do not configure this policy setting, the default behavior for the Responder will apply. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on Responder (RSPNDR) driver* +- GP name: *EnableRspndr* +- GP path: *Network/Link-Layer Topology Discovery* +- GP ADMX file name: *LinkLayerTopologyDiscovery.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md new file mode 100644 index 0000000000..0766bd3fa0 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-mmc.md @@ -0,0 +1,445 @@ +--- +title: Policy CSP - ADMX_MMC +description: Policy CSP - ADMX_MMC +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/03/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_MMC +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_MMC policies + +
+
+ ADMX_MMC/MMC_ActiveXControl +
+
+ ADMX_MMC/MMC_ExtendView +
+
+ ADMX_MMC/MMC_LinkToWeb +
+
+ ADMX_MMC/MMC_Restrict_Author +
+
+ ADMX_MMC/MMC_Restrict_To_Permitted_Snapins +
+
+ + +
+ + +**ADMX_MMC/MMC_ActiveXControl** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of this snap-in. + +If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited. + +If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. + +To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited. + +- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. + +To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *ActiveX Control* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMC.admx* + + + +
+ + +**ADMX_MMC/MMC_ExtendView** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of this snap-in. + +If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited. + +If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. + +To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited. + +- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. + +To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Extended View (Web View)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMC.admx* + + + +
+ + +**ADMX_MMC/MMC_LinkToWeb** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of this snap-in. + +If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited. + +If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. + +To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited. + +- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. + +To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Link to Web Address* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMC.admx* + + + +
+ + +**ADMX_MMC/MMC_Restrict_Author** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from entering author mode. + +This setting prevents users from opening the Microsoft Management Console (MMC) in author mode, explicitly opening console files in author mode, and opening any console files that open in author mode by default. + +As a result, users cannot create console files or add or remove snap-ins. Also, because they cannot open author-mode console files, they cannot use the tools that the files contain. + +This setting permits users to open MMC user-mode console files, such as those on the Administrative Tools menu in Windows 2000 Server family or Windows Server 2003 family. However, users cannot open a blank MMC console window on the Start menu. (To open the MMC, click Start, click Run, and type mmc.) Users also cannot open a blank MMC console window from a command prompt. + +If you disable this setting or do not configure it, users can enter author mode and open author-mode console files. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Restrict the user from entering author mode* +- GP name: *RestrictAuthorMode* +- GP path: *Windows Components\Microsoft Management Console* +- GP ADMX file name: *MMC.admx* + + + +
+ + +**ADMX_MMC/MMC_Restrict_To_Permitted_Snapins** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins. + +- If you enable this setting, all snap-ins are prohibited, except those that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins. + +To explicitly permit a snap-in, open the Restricted/Permitted snap-ins setting folder and enable the settings representing the snap-in you want to permit. If a snap-in setting in the folder is disabled or not configured, the snap-in is prohibited. + +- If you disable this setting or do not configure it, all snap-ins are permitted, except those that you explicitly prohibit. Use this setting if you plan to permit use of most snap-ins. + +To explicitly prohibit a snap-in, open the Restricted/Permitted snap-ins setting folder and then disable the settings representing the snap-ins you want to prohibit. If a snap-in setting in the folder is enabled or not configured, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!NOTE] +> If you enable this setting, and you do not enable any settings in the Restricted/Permitted snap-ins folder, users cannot use any MMC snap-ins. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Restrict users to the explicitly permitted list of snap-ins* +- GP name: *RestrictToPermittedSnapins* +- GP path: *Windows Components\Microsoft Management Console* +- GP ADMX file name: *MMC.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 59e8966494..086d5e7cf3 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -113,6 +113,17 @@ ms.date: 08/18/2020 - [ADMX_kdc/RequestCompoundId](./policy-csp-admx-kdc.md#admx-kdc-requestcompoundid) - [ADMX_kdc/TicketSizeThreshold](./policy-csp-admx-kdc.md#admx-kdc-ticketsizethreshold) - [ADMX_kdc/emitlili](./policy-csp-admx-kdc.md#admx-kdc-emitlili) +- [ADMX_LanmanServer/Pol_CipherSuiteOrder](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-ciphersuiteorder) +- [ADMX_LanmanServer/Pol_HashPublication](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-hashpublication) +- [ADMX_LanmanServer/Pol_HashSupportVersion](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-hashsupportversion) +- [ADMX_LanmanServer/Pol_HonorCipherSuiteOrder](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-honorciphersuiteorder) +- [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablelltdio) +- [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablerspndr) +- [ADMX_MMC/MMC_ActiveXControl](./policy-csp-admx-mmc.md#admx-mmc-mmc-activexcontrol) +- [ADMX_MMC/MMC_ExtendView](./policy-csp-admx-mmc.md#admx-mmc-mmc-extendview) +- [ADMX_MMC/MMC_LinkToWeb](./policy-csp-admx-mmc.md#admx-mmc-mmc-linktoweb) +- [ADMX_MMC/MMC_Restrict_Author](./policy-csp-admx-mmc.md#admx-mmc-mmc-restrict-author) +- [ADMX_MMC/MMC_Restrict_To_Permitted_Snapins](./policy-csp-admx-mmc.md#admx-mmc-mmc-restrict-to-permitted-snapins) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From 5dc06cf3a417550fbb1029c45b1af4a9b9dbd2cc Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 4 Sep 2020 15:15:22 -0700 Subject: [PATCH 030/115] add partner table --- .../partner-applications.md | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index ee58dab8f6..3827f0fead 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -31,6 +31,36 @@ The support for third-party solutions help to further streamline, integrate, and Microsoft Defender ATP seamlessly integrates with existing security solutions - providing out of the box integration with SIEM, ticketing and IT service management solutions, managed security service providers (MSSP), IoC indicators ingestions and matching, automated device investigation and remediation based on external alerts, and integration with Security orchestration and automation response (SOAR) systems. +## Supported partner applications + +Partner name | Description |Category +:---|:---|:--- +|AzureSentinel | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel |Security information and analytics +|Elastic Security | Elastic Security is a free and open solution for preventing, detecting, and responding to threats.|Security information and analytics +|AttackIQ Platform | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets|Security information and analytics +|Skybox® Vulnerability Control | Skybox® Vulnerability Control cuts through the noise of vulnerability management, correlating business, network threat context to uncover your riskiest vulnerabilities.|Security information and analytics +| Splunk | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk |Security information and analytics +|IBM QRadar | Configure IBM QRadar to collect detections from Microsoft Defender ATP |Security information and analytics +|Cymulate | Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions |Security information and analytics +| HP ArcSight |Use HP ArcSight to pull Microsoft Defender ATP detections |Security information and analytics +|SafeBreach | Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations|Security information and analytics +| RSA NetWitness| Steam Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API|Security information and analytics +| XM Cyber| Prioritize your response to an alert based on risk factors and high value assets.|Security information and analytics + Demisto, a Palo Alto Networks Company|Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response|Orchestration and automation + |||Orchestration and automation + |||Orchestration and automation + |||Orchestration and automation + |||Orchestration and automation + |||Orchestration and automation + |||Orchestration and automation +Palo Alto Networks |Enrich your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender ATP using MineMeld|Threat intelligence +ThreatConnect | Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender ATP connectors |Threat intelligence +MISP (Malware Information Sharing Platform) | Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Microsoft Defender ATP environment| Threat intelligence + |||Network security + ||| Cross platform +||| Additional integrations + ||| Manages security service providers + ## SIEM integration Microsoft Defender ATP supports SIEM integration through a variety of methods - specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management. For more information, see [Enable SIEM integration](enable-siem-integration.md). From 3a5c7ce0fd275c7712fe0582bf15518595d338b8 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 7 Sep 2020 10:30:52 +0300 Subject: [PATCH 031/115] add note about Quota changed note location as requested by mapalko --- .../hello-for-business/hello-cert-trust-adfs.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index a24af0e830..c6a05e42f4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -145,6 +145,9 @@ Windows Server 2012 or later domain controllers support Group Managed Service Ac GMSA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers. Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GMSA. Before you can create a GMSA, you must first create a root key for the service. You can skip this if your environment already uses GMSA. +>[!NOTE] +> If the [default object creation quota for security principles](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/d55ca655-109b-4175-902a-3e9d60833012) is set, you will need to change it for the Group Managed Service Account in order to be able to register new devices. + #### Create KDS Root Key Sign-in a domain controller with _Enterprise Admin_ equivalent credentials. @@ -152,9 +155,6 @@ Sign-in a domain controller with _Enterprise Admin_ equivalent credentials. 1. Start an elevated Windows PowerShell console. 2. Type `Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)`. ->[!NOTE] -> If the [default object creation quota for security principles](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/d55ca655-109b-4175-902a-3e9d60833012) is set, you will need to change it for the Group Managed Service Account in order to be able to register new devices. - ### Windows Server 2008 or 2008 R2 Domain Controllers Windows Server 2008 and 2008 R2 domain controllers do not host the Microsoft Key Distribution Service, nor do they support Group Managed Service Accounts. Therefore, you must use create a normal user account as a service account where you are responsible for changing the password on a regular basis. From 5fcf0e0f585de0e470b7793d50d628e0d7a5869d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Sep 2020 14:03:23 -0700 Subject: [PATCH 032/115] little fixes --- .../symantec-to-microsoft-defender-atp-onboard.md | 4 ++-- .../symantec-to-microsoft-defender-atp-prepare.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md index ef82adfcff..94a5e41dbd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md @@ -1,6 +1,6 @@ --- -title: Phase 3 - Onboard to Microsoft Defender ATP -description: This is Phase 3, Onboarding, of making the switch from Symantec to Microsoft Defender ATP +title: Symantec to Microsoft Defender ATP - Phase 3, Onboarding +description: This is Phase 3, Onboarding, of migrating from Symantec to Microsoft Defender ATP keywords: migration, windows defender advanced threat protection, atp, edr search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md index e110562968..ecc6ea1cba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md @@ -1,5 +1,5 @@ --- -title: Phase 1 - Prepare for your migration to Microsoft Defender ATP +title: Symantec to Microsoft Defender ATP - Phase 1, Preparing description: This is Phase 1, Prepare, of migrating from Symantec to Microsoft Defender ATP. keywords: migration, windows defender advanced threat protection, atp, edr search.product: eADQiWindows 10XVcnh From 9b945b1f4706891b96a89ff7d3fd4029d2ab8c19 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 8 Sep 2020 15:54:15 -0700 Subject: [PATCH 033/115] Added list of 104 new policy settings --- .../mdm/policy-csp-admx-mmcsnapins.md | 428 ++++++++++++++++++ 1 file changed, 428 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-mmcsnapins.md diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md new file mode 100644 index 0000000000..f10ab007ff --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -0,0 +1,428 @@ +--- +title: Policy CSP - ADMX_MMCSnapins +description: Policy CSP - ADMX_MMCSnapins +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/13/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_MMCSnapins +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_MMCSnapins policies + +
+
+ ADMX_MMCSnapins/MMC_ADMComputers_1 +
+
+ ADMX_MMCSnapins/MMC_ADMComputers_2 +
+
+ ADMX_MMCSnapins/MMC_ADMUsers_1 +
+
+ ADMX_MMCSnapins/MMC_ADMUsers_2 +
+
+ ADMX_MMCSnapins/MMC_ADSI +
+
+ ADMX_MMCSnapins/MMC_ActiveDirDomTrusts +
+
+ ADMX_MMCSnapins/MMC_ActiveDirSitesServices +
+
+ ADMX_MMCSnapins/MMC_ActiveDirUsersComp +
+
+ ADMX_MMCSnapins/MMC_AppleTalkRouting +
+
+ ADMX_MMCSnapins/MMC_AuthMan +
+
+ ADMX_MMCSnapins/MMC_CertAuth +
+
+ ADMX_MMCSnapins/MMC_CertAuthPolSet +
+
+ ADMX_MMCSnapins/MMC_Certs +
+
+ ADMX_MMCSnapins/MMC_CertsTemplate +
+
+ ADMX_MMCSnapins/MMC_ComponentServices +
+
+ ADMX_MMCSnapins/MMC_ComputerManagement +
+
+ ADMX_MMCSnapins/MMC_ConnectionSharingNAT +
+
+ ADMX_MMCSnapins/MMC_DCOMCFG +
+
+ ADMX_MMCSnapins/MMC_DFS +
+
+ ADMX_MMCSnapins/MMC_DHCPRelayMgmt +
+
+ ADMX_MMCSnapins/MMC_DeviceManager_1 +
+
+ ADMX_MMCSnapins/MMC_DeviceManager_2 +
+
+ ADMX_MMCSnapins/MMC_DiskDefrag +
+
+ ADMX_MMCSnapins/MMC_DiskMgmt +
+
+ ADMX_MMCSnapins/MMC_EnterprisePKI +
+
+ ADMX_MMCSnapins/MMC_EventViewer_1 +
+
+ ADMX_MMCSnapins/MMC_EventViewer_2 +
+
+ ADMX_MMCSnapins/MMC_EventViewer_3 +
+
+ ADMX_MMCSnapins/MMC_EventViewer_4 +
+
+ ADMX_MMCSnapins/MMC_FAXService +
+
+ ADMX_MMCSnapins/MMC_FailoverClusters +
+
+ ADMX_MMCSnapins/MMC_FolderRedirection_1 +
+
+ ADMX_MMCSnapins/MMC_FolderRedirection_2 +
+
+ ADMX_MMCSnapins/MMC_FrontPageExt +
+
+ ADMX_MMCSnapins/MMC_GroupPolicyManagementSnapIn +
+
+ ADMX_MMCSnapins/MMC_GroupPolicySnapIn +
+
+ ADMX_MMCSnapins/MMC_GroupPolicyTab +
+
+ ADMX_MMCSnapins/MMC_HRA +
+
+ ADMX_MMCSnapins/MMC_IAS +
+
+ ADMX_MMCSnapins/MMC_IASLogging +
+
+ ADMX_MMCSnapins/MMC_IEMaintenance_1 +
+
+ ADMX_MMCSnapins/MMC_IEMaintenance_2 +
+
+ ADMX_MMCSnapins/MMC_IGMPRouting +
+
+ ADMX_MMCSnapins/MMC_IIS +
+
+ ADMX_MMCSnapins/MMC_IPRouting +
+
+ ADMX_MMCSnapins/MMC_IPSecManage_GP +
+
+ ADMX_MMCSnapins/MMC_IPXRIPRouting +
+
+ ADMX_MMCSnapins/MMC_IPXRouting +
+
+ ADMX_MMCSnapins/MMC_IPXSAPRouting +
+
+ ADMX_MMCSnapins/MMC_IndexingService +
+
+ ADMX_MMCSnapins/MMC_IpSecManage +
+
+ ADMX_MMCSnapins/MMC_IpSecMonitor +
+
+ ADMX_MMCSnapins/MMC_LocalUsersGroups +
+
+ ADMX_MMCSnapins/MMC_LogicalMappedDrives +
+
+ ADMX_MMCSnapins/MMC_NPSUI +
+
+ ADMX_MMCSnapins/MMC_NapSnap +
+
+ ADMX_MMCSnapins/MMC_NapSnap_GP +
+
+ ADMX_MMCSnapins/MMC_Net_Framework +
+
+ ADMX_MMCSnapins/MMC_OCSP +
+
+ ADMX_MMCSnapins/MMC_OSPFRouting +
+
+ ADMX_MMCSnapins/MMC_PerfLogsAlerts +
+
+ ADMX_MMCSnapins/MMC_PublicKey +
+
+ ADMX_MMCSnapins/MMC_QoSAdmission +
+
+ ADMX_MMCSnapins/MMC_RAS_DialinUser +
+
+ ADMX_MMCSnapins/MMC_RIPRouting +
+
+ ADMX_MMCSnapins/MMC_RIS +
+
+ ADMX_MMCSnapins/MMC_RRA +
+
+ ADMX_MMCSnapins/MMC_RSM +
+
+ ADMX_MMCSnapins/MMC_RemStore +
+
+ ADMX_MMCSnapins/MMC_RemoteAccess +
+
+ ADMX_MMCSnapins/MMC_RemoteDesktop +
+
+ ADMX_MMCSnapins/MMC_ResultantSetOfPolicySnapIn +
+
+ ADMX_MMCSnapins/MMC_Routing +
+
+ ADMX_MMCSnapins/MMC_SCA +
+
+ ADMX_MMCSnapins/MMC_SMTPProtocol +
+
+ ADMX_MMCSnapins/MMC_SNMP +
+
+ ADMX_MMCSnapins/MMC_ScriptsMachine_1 +
+
+ ADMX_MMCSnapins/MMC_ScriptsMachine_2 +
+
+ ADMX_MMCSnapins/MMC_ScriptsUser_1 +
+
+ ADMX_MMCSnapins/MMC_ScriptsUser_2 +
+
+ ADMX_MMCSnapins/MMC_SecuritySettings_1 +
+
+ ADMX_MMCSnapins/MMC_SecuritySettings_2 +
+
+ ADMX_MMCSnapins/MMC_SecurityTemplates +
+
+ ADMX_MMCSnapins/MMC_SendConsoleMessage +
+
+ ADMX_MMCSnapins/MMC_ServerManager +
+
+ ADMX_MMCSnapins/MMC_ServiceDependencies +
+
+ ADMX_MMCSnapins/MMC_Services +
+
+ ADMX_MMCSnapins/MMC_SharedFolders +
+
+ ADMX_MMCSnapins/MMC_SharedFolders_Ext +
+
+ ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_1 +
+
+ ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_2 +
+
+ ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_1 +
+
+ ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_2 +
+
+ ADMX_MMCSnapins/MMC_SysInfo +
+
+ ADMX_MMCSnapins/MMC_SysProp +
+
+ ADMX_MMCSnapins/MMC_TPMManagement +
+
+ ADMX_MMCSnapins/MMC_Telephony +
+
+ ADMX_MMCSnapins/MMC_TerminalServices +
+
+ ADMX_MMCSnapins/MMC_WMI +
+
+ ADMX_MMCSnapins/MMC_WindowsFirewall +
+
+ ADMX_MMCSnapins/MMC_WindowsFirewall_GP +
+
+ ADMX_MMCSnapins/MMC_WiredNetworkPolicy +
+
+ ADMX_MMCSnapins/MMC_WirelessMon +
+
+ ADMX_MMCSnapins/MMC_WirelessNetworkPolicy +
+
+ + +
+ + +**ADMX_AuditSettings/IncludeCmdLine** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled. + +If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied. + +If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events. + +Default is Not configured. + +> [!NOTE] +> When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information, such as passwords or user data. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Include command line in process creation events* +- GP name: *IncludeCmdLine* +- GP path: *System/Audit Process Creation* +- GP ADMX file name: *AuditSettings.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From 98f3d9c90c1bfd28acaf1979a8da62398c0a5388 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Thu, 10 Sep 2020 14:29:03 +0200 Subject: [PATCH 034/115] Update windows-10-poc-sc-config-mgr.md Added markdown code for code snippets. Corrected an URL. Multiple small edits, like removing trailing spaces, extraneous line shifts, etc.. --- .../windows-10-poc-sc-config-mgr.md | 383 +++++++++--------- 1 file changed, 196 insertions(+), 187 deletions(-) diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index 67a95f1168..f66b5105f1 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -20,19 +20,22 @@ ms.topic: article **Applies to** -- Windows 10 +- Windows 10 **Important**: This guide leverages the proof of concept (PoC) environment, and some settings that are configured in the following guides: + - [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md) - [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) Please complete all steps in these guides before attempting the procedures in this guide. If you wish to skip the Windows 10 deployment procedures in the MDT guide and move directly to this guide, you must at least install MDT and the Windows ADK before performing procedures in this guide. All steps in the first guide are required before attempting the procedures in this guide. The PoC environment is a virtual network running on Hyper-V with three virtual machines (VMs): + - **DC1**: A contoso.com domain controller, DNS server, and DHCP server. - **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network. - **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been cloned from a physical computer on your corporate network for testing purposes. -This guide leverages the Hyper-V server role to perform procedures. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work. + +>This guide leverages the Hyper-V server role to perform procedures. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work. >Multiple features and services are installed on SRV1 in this guide. This is not a typical installation, and is only done to set up a lab environment with a bare minimum of resources. However, if less than 4 GB of RAM is allocated to SRV1 in the Hyper-V console, some procedures will be extremely slow to complete. If resources are limited on the Hyper-V host, consider reducing RAM allocation on DC1 and PC1, and then increasing the RAM allocation on SRV1. You can adjust RAM allocation for a VM by right-clicking the VM in the Hyper-V Manager console, clicking **Settings**, clicking **Memory**, and modifying the value next to **Maximum RAM**. @@ -42,8 +45,6 @@ This guide provides end-to-end instructions to install and configure Microsoft E Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed. -
-
TopicDescriptionTime @@ -59,24 +60,23 @@ Topics and procedures in this guide are summarized in the following table. An es
Deploy Windows 10 using PXE and Configuration ManagerDeploy Windows 10 using Configuration Manager deployment packages and task sequences.60 minutes
Replace a client with Windows 10 using Configuration ManagerReplace a client computer with Windows 10 using Configuration Manager.90 minutes
Refresh a client with Windows 10 using Configuration ManagerUse a task sequence to refresh a client with Windows 10 using Configuration Manager and MDT90 minutes -
-
## Install prerequisites -1. Before installing Microsoft Endpoint Configuration Manager, we must install prerequisite services and features. Type the following command at an elevated Windows PowerShell prompt on SRV1: - ``` +1. Before installing Microsoft Endpoint Configuration Manager, we must install prerequisite services and features. Type the following command at an elevated Windows PowerShell prompt on SRV1: + + ```powershell Install-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ ``` >If the request to add features fails, retry the installation by typing the command again. 2. Download [SQL Server 2014 SP2](https://www.microsoft.com/evalcenter/evaluate-sql-server-2014-sp2) from the Microsoft Evaluation Center as an .ISO file on the Hyper-V host computer. Save the file to the **C:\VHD** directory. -3. When you have downloaded the file **SQLServer2014SP2-FullSlipstream-x64-ENU.iso** and placed it in the C:\VHD directory, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: +3. When you have downloaded the file **SQLServer2014SP2-FullSlipstream-x64-ENU.iso** and placed it in the C:\VHD directory, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` + ```powershell Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\SQLServer2014SP2-FullSlipstream-x64-ENU.iso ``` @@ -84,30 +84,32 @@ Topics and procedures in this guide are summarized in the following table. An es 4. Type the following command at an elevated Windows PowerShell prompt on SRV1 to install SQL Server: - ``` + ```powershell D:\setup.exe /q /ACTION=Install /ERRORREPORTING="False" /FEATURES=SQLENGINE,RS,IS,SSMS,TOOLS,ADV_SSMS,CONN /INSTANCENAME=MSSQLSERVER /INSTANCEDIR="C:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT="NT AUTHORITY\System" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" /SQLSVCSTARTUPTYPE=Automatic /AGTSVCACCOUNT="NT AUTHORITY\SYSTEM" /AGTSVCSTARTUPTYPE=Automatic /RSSVCACCOUNT="NT AUTHORITY\System" /RSSVCSTARTUPTYPE=Automatic /ISSVCACCOUNT="NT AUTHORITY\System" /ISSVCSTARTUPTYPE=Disabled /ASCOLLATION="Latin1_General_CI_AS" /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /TCPENABLED="1" /NPENABLED="1" /IAcceptSQLServerLicenseTerms ``` + Installation will take several minutes. When installation is complete, the following output will be displayed: - ``` + ```dos Microsoft (R) SQL Server 2014 12.00.5000.00 Copyright (c) Microsoft Corporation. All rights reserved. - + Microsoft (R) .NET Framework CasPol 2.0.50727.7905 Copyright (c) Microsoft Corporation. All rights reserved. - + Success Microsoft (R) .NET Framework CasPol 2.0.50727.7905 Copyright (c) Microsoft Corporation. All rights reserved. - + Success One or more affected files have operations pending. You should restart your computer to complete this process. PS C:\> ``` + 5. Type the following commands at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell New-NetFirewallRule -DisplayName "SQL Server" -Direction Inbound –Protocol TCP –LocalPort 1433 -Action allow New-NetFirewallRule -DisplayName "SQL Admin Connection" -Direction Inbound –Protocol TCP –LocalPort 1434 -Action allow New-NetFirewallRule -DisplayName "SQL Database Management" -Direction Inbound –Protocol UDP –LocalPort 1434 -Action allow @@ -115,13 +117,13 @@ Topics and procedures in this guide are summarized in the following table. An es New-NetFirewallRule -DisplayName "SQL Debugger/RPC" -Direction Inbound –Protocol TCP –LocalPort 135 -Action allow ``` -7. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 1703. Installation might require several minutes to acquire all components. +6. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://docs.microsoft.com/windows-hardware/get-started/adk-install) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 2004. Installation might require several minutes to acquire all components. ## Install Microsoft Endpoint Configuration Manager 1. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt: - ``` + ```powershell $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0 Stop-Process -Name Explorer @@ -131,7 +133,7 @@ Topics and procedures in this guide are summarized in the following table. An es 3. Before starting the installation, verify that WMI is working on SRV1. See the following examples. Verify that **Running** is displayed under **Status** and **True** is displayed next to **TcpTestSucceeded**: - ``` + ```dos Get-Service Winmgmt Status Name DisplayName @@ -153,19 +155,20 @@ Topics and procedures in this guide are summarized in the following table. An es PingReplyDetails (RTT) : 0 ms TcpTestSucceeded : True ``` + You can also verify WMI using the WMI console by typing **wmimgmt.msc**, right-clicking **WMI Control (Local)** in the console tree, and then clicking **Properties**. If the WMI service is not started, attempt to start it or reboot the computer. If WMI is running but errors are present, see [WMIDiag](https://blogs.technet.microsoft.com/askperf/2015/05/12/wmidiag-2-2-is-here/) for troubleshooting information. 4. To extend the Active Directory schema, type the following command at an elevated Windows PowerShell prompt: - ``` + ```powershell cmd /c C:\configmgr\SMSSETUP\BIN\X64\extadsch.exe ``` 5. Temporarily switch to the DC1 VM, and type the following command at an elevated command prompt on DC1: - ``` + ```dos adsiedit.msc ``` @@ -182,9 +185,10 @@ Topics and procedures in this guide are summarized in the following table. An es 16. Close the ADSI Edit console and switch back to SRV1. 17. To start Configuration Manager installation, type the following command at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell cmd /c C:\configmgr\SMSSETUP\BIN\X64\Setup.exe ``` + 18. Provide the following in the Microsoft Endpoint Configuration Manager Setup Wizard: - **Before You Begin**: Read the text and click *Next*. - **Getting Started**: Choose **Install a Configuration Manager primary site** and select the **Use typical installation options for a stand-alone primary site** checkbox. @@ -192,7 +196,7 @@ Topics and procedures in this guide are summarized in the following table. An es - **Product Key**: Choose **Install the evaluation edition of this Product**. - **Microsoft Software License Terms**: Read the terms and then select the **I accept these license terms** checkbox. - **Prerequisite Licenses**: Review license terms and select all three checkboxes on the page. - - **Prerequisite Downloads**: Choose **Download required files** and enter **c:\windows\temp** next to **Path**. + - **Prerequisite Downloads**: Choose **Download required files** and enter **c:\windows\temp** next to **Path**. - **Site and Installation Settings**: Site code: **PS1**, Site name: **Contoso**. - use default settings for all other options - **Usage Data**: Read the text and click **Next**. @@ -202,37 +206,39 @@ Topics and procedures in this guide are summarized in the following table. An es >There should be at most three warnings present: WSUS on site server, configuration for SQL Server memory usage, and SQL Server process memory allocation. These warnings can safely be ignored in this test environment. - Depending on the speed of the Hyper-V host and resources allocated to SRV1, installation can require approximately one hour. Click **Close** when installation is complete. + Depending on the speed of the Hyper-V host and resources allocated to SRV1, installation can require approximately one hour. Click **Close** when installation is complete. 19. If desired, re-enable IE Enhanced Security Configuration at this time on SRV1: - ``` + ```powershell Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 1 Stop-Process -Name Explorer ``` ## Download MDOP and install DaRT ->[!IMPORTANT] ->This step requires an MSDN subscription or volume licence agreement. For more information, see [Ready for Windows 10: MDOP 2015 and more tools are now available](https://blogs.technet.microsoft.com/windowsitpro/2015/08/17/ready-for-windows-10-mdop-2015-and-more-tools-are-now-available/). ->If your organization qualifies and does not already have an MSDN subscription, you can obtain a [free MSDN subscription with BizSpark](https://blogs.msdn.microsoft.com/zainnab/2011/03/14/bizspark-free-msdn-subscription-for-start-up-companies/). +> [!IMPORTANT] +> This step requires an MSDN subscription or volume licence agreement. For more information, see [Ready for Windows 10: MDOP 2015 and more tools are now available](https://blogs.technet.microsoft.com/windowsitpro/2015/08/17/ready-for-windows-10-mdop-2015-and-more-tools-are-now-available/). +> If your organization qualifies and does not already have an MSDN subscription, you can obtain a [free MSDN subscription with BizSpark](https://blogs.msdn.microsoft.com/zainnab/2011/03/14/bizspark-free-msdn-subscription-for-start-up-companies/). 1. Download the [Microsoft Desktop Optimization Pack 2015](https://msdn.microsoft.com/subscriptions/downloads/#ProductFamilyId=597) to the Hyper-V host using an MSDN subscription. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso, 2.79 GB) to the C:\VHD directory on the Hyper-V host. 2. Type the following command at an elevated Windows PowerShell prompt on the Hyper-V host to mount the MDOP file on SRV1: - ``` + ```powershell Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso ``` + 3. Type the following command at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell cmd /c "D:\DaRT\DaRT 10\Installers\en-us\x64\MSDaRT100.msi" ``` + 4. Install DaRT 10 using default settings. 5. Type the following commands at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell Copy-Item "C:\Program Files\Microsoft DaRT\v10\Toolsx64.cab" -Destination "C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64" Copy-Item "C:\Program Files\Microsoft DaRT\v10\Toolsx86.cab" -Destination "C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x86" ``` @@ -245,7 +251,7 @@ This section contains several procedures to support Zero Touch installation with 1. Type the following commands at a Windows PowerShell prompt on SRV1: - ``` + ```powershell New-Item -ItemType Directory -Path "C:\Sources\OSD\Boot" New-Item -ItemType Directory -Path "C:\Sources\OSD\OS" New-Item -ItemType Directory -Path "C:\Sources\OSD\Settings" @@ -278,7 +284,7 @@ This section contains several procedures to support Zero Touch installation with 3. On the **Network Access Account** tab, choose **Specify the account that accesses network locations**. 4. Click the yellow starburst and then click **New Account**. 5. Click **Browse** and then under **Enter the object name to select**, type **CM_NAA** and click **OK**. -6. Next to **Password** and **Confirm Password**, type pass@word1, and then click **OK** twice. +6. Next to **Password** and **Confirm Password**, type **pass@word1**, and then click **OK** twice. ### Configure a boundary group @@ -300,19 +306,20 @@ This section contains several procedures to support Zero Touch installation with ### Enable PXE on the distribution point ->[!IMPORTANT] ->Before enabling PXE in Configuration Manager, ensure that any previous installation of WDS does not cause conflicts. Configuration Manager will automatically configure the WDS service to manage PXE requests. To disable a previous installation, if it exists, type the following commands at an elevated Windows PowerShell prompt on SRV1: +> [!IMPORTANT] +> Before enabling PXE in Configuration Manager, ensure that any previous installation of WDS does not cause conflicts. Configuration Manager will automatically configure the WDS service to manage PXE requests. To disable a previous installation, if it exists, type the following commands at an elevated Windows PowerShell prompt on SRV1: -``` +```powershell WDSUTIL /Set-Server /AnswerClients:None ``` 1. Determine the MAC address of the internal network adapter on SRV1. To determine this, type the following command at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell (Get-NetAdapter "Ethernet").MacAddress ``` - >If the internal network adapter, assigned an IP address of 192.168.0.2, is not named "Ethernet" then replace the name "Ethernet" in the previous command with the name of this network adapter. You can review the names of network adapters and the IP addresses assigned to them by typing **ipconfig**. + + > If the internal network adapter, assigned an IP address of 192.168.0.2, is not named "Ethernet" then replace the name "Ethernet" in the previous command with the name of this network adapter. You can review the names of network adapters and the IP addresses assigned to them by typing **ipconfig**. 2. In the Microsoft Endpoint Configuration Manager console, in the **Administration** workspace, click **Distribution Points**. 3. In the display pane, right-click **SRV1.CONTOSO.COM** and then click **Properties**. @@ -325,13 +332,12 @@ WDSUTIL /Set-Server /AnswerClients:None - **Respond to PXE requests on specific network interfaces**: Click the yellow starburst and then enter the MAC address determined in the first step of this procedure. See the following example: - - Config Mgr PXE + ![Config Mgr PXE](images/configmgr-pxe.png) 5. Click **OK**. 6. Wait for a minute, then type the following command at an elevated Windows PowerShell prompt on SRV1, and verify that the files displayed are present: - ``` + ```powershell cmd /c dir /b C:\RemoteInstall\SMSBoot\x64 abortpxe.com @@ -342,31 +348,32 @@ WDSUTIL /Set-Server /AnswerClients:None wdsmgfw.efi wdsnbp.com ``` + >If these files are not present in the C:\RemoteInstall directory, verify that the REMINST share is configured as C:\RemoteInstall. You can view the properties of this share by typing "net share REMINST" at a command prompt. If the share path is set to a different value, then replace C:\RemoteInstall with your REMINST share path. >You can also type the following command at an elevated Windows PowerShell prompt to open the Configuration Manager Trace Log Tool. In the tool, click **File**, click **Open**, and then open the **distmgr.log** file. If errors are present, they will be highlighted in red: - ``` + ```powershell Invoke-Item 'C:\Program Files\Microsoft Configuration Manager\tools\cmtrace.exe' ``` The log file will updated continuously while Configuration Manager is running. Wait for Configuration Manager to repair any issues that are present, and periodically re-check that the files are present in the REMINST share location. Close the Configuration Manager Trace Log Tool when done. You will see the following line in distmgr.log that indicates the REMINST share is being populated with necessary files: - Running: WDSUTIL.exe /Initialize-Server /REMINST:"C:\RemoteInstall" + `Running: WDSUTIL.exe /Initialize-Server /REMINST:"C:\RemoteInstall"` Once the files are present in the REMINST share location, you can close the cmtrace tool. -### Create a branding image file +### Create a branding image file 1. If you have a bitmap (.BMP) image for suitable use as a branding image, copy it to the C:\Sources\OSD\Branding folder on SRV1. Otherwise, use the following step to copy a simple branding image. 2. Type the following command at an elevated Windows PowerShell prompt: + ```powershell + Copy-Item -Path "C:\ProgramData\Microsoft\User Account Pictures\user.bmp" -Destination "C:\Sources\OSD\Branding\contoso.bmp" ``` - copy "C:\ProgramData\Microsoft\User Account Pictures\user.bmp" "C:\Sources\OSD\Branding\contoso.bmp" - ``` + >You can open C:\Sources\OSD\Branding\contoso.bmp in MSPaint.exe if desired to customize this image. - -### Create a boot image for Configuration Manager +### Create a boot image for Configuration Manager 1. In the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Boot Images**, and then click **Create Boot Image using MDT**. 2. On the Package Source page, under **Package source folder to be created (UNC Path):**, type **\\\SRV1\Sources$\OSD\Boot\Zero Touch WinPE x64**, and then click **Next**. @@ -380,13 +387,13 @@ WDSUTIL /Set-Server /AnswerClients:None 9. In the Distribute Content Wizard, click **Next**, click **Add** and select **Distribution Point**, select the **SRV1.CONTOSO.COM** checkbox, click **OK**, click **Next** twice, and then click **Close**. 10. Use the CMTrace application to view the **distmgr.log** file again and verify that the boot image has been distributed. To open CMTrace, type the following command at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell Invoke-Item 'C:\Program Files\Microsoft Configuration Manager\tools\cmtrace.exe' ``` - + In the trace tool, click **Tools** on the menu and choose **Find**. Search for "**STATMSG: ID=2301**". For example: - ``` + ```console STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=SRV1.CONTOSO.COM SITE=PS1 PID=924 TID=1424 GMTDATE=Tue Oct 09 22:36:30.986 2018 ISTR0="Zero Touch WinPE x64" ISTR1="PS10000A" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="PS10000A" SMS_DISTRIBUTION_MANAGER 10/9/2018 3:36:30 PM 1424 (0x0590) ``` @@ -395,7 +402,7 @@ WDSUTIL /Set-Server /AnswerClients:None 13. Select the **Deploy this boot image from the PXE-enabled distribution point** checkbox, and click **OK**. 14. Review the distmgr.log file again for "**STATMSG: ID=2301**" and verify that there are three folders under **C:\RemoteInstall\SMSImages** with boot images. See the following example: - ``` + ```console cmd /c dir /s /b C:\RemoteInstall\SMSImages C:\RemoteInstall\SMSImages\PS100004 @@ -414,9 +421,10 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 1. In [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md) the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1. To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and type the following command: - ``` + ```powershell Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso ``` + 2. Verify that the Windows Enterprise installation DVD is mounted on SRV1 as drive letter D. 3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, click **Start**, type **deployment**, and then click **Deployment Workbench**. @@ -424,12 +432,12 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 4. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**. 5. Use the following settings for the New Deployment Share Wizard: - - Deployment share path: **C:\MDTBuildLab**
- - Share name: **MDTBuildLab$**
- - Deployment share description: **MDT build lab**
- - Options: click **Next** to accept the default
- - Summary: click **Next**
- - Progress: settings will be applied
+ - Deployment share path: **C:\MDTBuildLab** + - Share name: **MDTBuildLab$** + - Deployment share description: **MDT build lab** + - Options: click **Next** to accept the default + - Summary: click **Next** + - Progress: settings will be applied - Confirmation: click **Finish** 6. Expand the **Deployment Shares** node, and then expand **MDT build lab**. @@ -438,19 +446,19 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 7. Right-click the **Windows 10** folder created in the previous step, and then click **Import Operating System**. -8. Use the following settings for the Import Operating System Wizard: - - OS Type: **Full set of source files**
- - Source: **D:\\**
- - Destination: **W10Ent_x64**
+8. Use the following settings for the Import Operating System Wizard: + - OS Type: **Full set of source files** + - Source: **D:\\** + - Destination: **W10Ent_x64** - Summary: click **Next** - Confirmation: click **Finish** 9. For purposes of this test lab, we will not add applications, such as Microsoft Office, to the deployment share. For information about adding applications, see the [Add applications](deploy-windows-mdt/create-a-windows-10-reference-image.md#add-applications) section of the [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md) topic in the TechNet library. 10. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the **Task Sequences** node under **MDT Build Lab** and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: - - Task sequence ID: **REFW10X64-001**
- - Task sequence name: **Windows 10 Enterprise x64 Default Image**
- - Task sequence comments: **Reference Build**
+ - Task sequence ID: **REFW10X64-001** + - Task sequence name: **Windows 10 Enterprise x64 Default Image** + - Task sequence comments: **Reference Build** - Template: **Standard Client Task Sequence** - Select OS: click **Windows 10 Enterprise Evaluation in W10Ent_x64 install.wim** - Specify Product Key: **Do not specify a product key at this time** @@ -467,7 +475,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 13. On the Properties tab of the group that was created in the previous step, change the Name from New Group to **Custom Tasks (Pre-Windows Update)** and then click **Apply**. To see the name change, click **Tattoo**, then click the new group again. -14. Click the **Custom Tasks (Pre-Windows Update)** group again, click **Add**, point to **Roles**, and then click **Install Roles and Features**. +14. Click the **Custom Tasks (Pre-Windows Update)** group again, click **Add**, point to **Roles**, and then click **Install Roles and Features**. 15. Under **Select the roles and features that should be installed**, select **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** and then click **Apply**. @@ -480,7 +488,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 19. Replace the default rules with the following text: - ``` + ```ini [Settings] Priority=Default @@ -515,7 +523,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 20. Click **Apply** and then click **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file: - ``` + ```ini [Settings] Priority=Default @@ -535,17 +543,18 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 24. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. Note that in MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI). - >Hint: Top copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**. + >Hint: Top copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**. 25. Open a Windows PowerShell prompt on the Hyper-V host computer and type the following commands: - ``` - New-VM –Name REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB + ```powershell + New-VM –Name REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB Set-VMMemory -VMName REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20 Set-VMDvdDrive -VMName REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso Start-VM REFW10X64-001 vmconnect localhost REFW10X64-001 ``` + 26. In the Windows Deployment Wizard, select **Windows 10 Enterprise x64 Default Image**, and then click **Next**. 27. Accept the default values on the Capture Image page, and click **Next**. Operating system installation will complete after 5 to 10 minutes and then the VM will reboot automatically. Allow the system to boot normally (do not press a key). The process is fully automated. @@ -560,13 +569,13 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi - Capture the installation to a Windows Imaging (WIM) file. - Turn off the virtual machine. - This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host and your network's download speed. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on SRV1. The file name is **REFW10X64-001.wim**. + This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host and your network's download speed. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on SRV1. The file name is **REFW10X64-001.wim**. ### Add a Windows 10 operating system image 1. Type the following commands at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell New-Item -ItemType Directory -Path "C:\Sources\OSD\OS\Windows 10 Enterprise x64" cmd /c copy /z "C:\MDTBuildLab\Captures\REFW10X64-001.wim" "C:\Sources\OSD\OS\Windows 10 Enterprise x64" ``` @@ -599,18 +608,18 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi - Join a domain: **contoso.com** - Account: click **Set** - User name: **contoso\CM_JD** - - Password: pass@word1 - - Confirm password: pass@word1 + - Password: **pass@word1** + - Confirm password: **pass@word1** - Click **OK** - Windows Settings - User name: **Contoso** - Organization name: **Contoso** - Product key: \ - Administrator Account: **Enable the account and specify the local administrator password** - - Password: pass@word1 - - Confirm password: pass@word1 + - Password: **pass@word1** + - Confirm password: **pass@word1** - Click **Next** - + 5. On the Capture Settings page, accept the default settings and click **Next**. 6. On the Boot Image page, browse and select the **Zero Touch WinPE x64** boot image package, click **OK**, and then click **Next**. @@ -645,28 +654,27 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 4. In the **State Restore** group, click the **Set Status 5** action, click **Add** in the upper left corner, point to **User State**, and click **Request State Store**. This adds a new action immediately after **Set Status 5**. -5. Configure the **Request State Store** action that was just added with the following settings:
- - Request state storage location to: **Restore state from another computer**
- - Select the **If computer account fails to connect to state store, use the Network Access account** checkbox.
- - Options tab: Select the **Continue on error** checkbox.
- - Add Condition: **Task Sequence Variable**:
- - Variable: **USMTLOCAL**
- - Condition: **not equals**
- - Value: **True**
- - Click **OK**.
- - Click **Apply**
. +5. Configure the **Request State Store** action that was just added with the following settings: + - Request state storage location to: **Restore state from another computer** + - Select the **If computer account fails to connect to state store, use the Network Access account** checkbox. + - Options tab: Select the **Continue on error** checkbox. + - Add Condition: **Task Sequence Variable**: + - Variable: **USMTLOCAL** + - Condition: **not equals** + - Value: **True** + - Click **OK** + - Click **Apply** 6. In the **State Restore** group, click **Restore User State**, click **Add**, point to **User State**, and click **Release State Store**. -7. Configure the **Release State Store** action that was just added with the following settings:
- - Options tab: Select the **Continue on error** checkbox.
- - Add Condition: **Task Sequence Variable**:
- - Variable: **USMTLOCAL**
- - Condition: **not equals**
- - Value: **True**
- - Click **OK**.
- - Click **OK**
. - +7. Configure the **Release State Store** action that was just added with the following settings: + - Options tab: Select the **Continue on error** checkbox. + - Add Condition: **Task Sequence Variable**: + - Variable: **USMTLOCAL** + - Condition: **not equals** + - Value: **True** + - Click **OK** + - Click **OK** ### Finalize the operating system configuration @@ -675,26 +683,27 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 1. In the MDT deployment workbench on SRV1, right-click **Deployment Shares** and then click **New Deployment Share**. 2. Use the following settings for the New Deployment Share Wizard: - - Deployment share path: **C:\MDTProduction**
- - Share name: **MDTProduction$**
- - Deployment share description: **MDT Production**
- - Options: click **Next** to accept the default
- - Summary: click **Next**
- - Progress: settings will be applied
+ - Deployment share path: **C:\MDTProduction** + - Share name: **MDTProduction$** + - Deployment share description: **MDT Production** + - Options: click **Next** to accept the default + - Summary: click **Next** + - Progress: settings will be applied - Confirmation: click **Finish** -3. Right-click the **MDT Production** deployment share, and click **Properties**. +3. Right-click the **MDT Production** deployment share, and click **Properties**. 4. Click the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then click **OK**. 5. Type the following command at an elevated Windows PowerShell prompt on SRV1: - ``` + ```powershell notepad "C:\Sources\OSD\Settings\Windows 10 x64 Settings\CustomSettings.ini" ``` + 6. Replace the contents of the file with the following text, and then save the file: - ``` + ```ini [Settings] Priority=Default Properties=OSDMigrateConfigFiles,OSDMigrateMode @@ -712,11 +721,10 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi >As noted previously, if you wish to migrate accounts other than those in the Contoso domain, then change the OSDMigrateAdditionalCaptureOptions option. For example, the following option will capture settings from all user accounts: - ``` + ```ini OSDMigrateAdditionalCaptureOptions=/all ``` - 7. Return to the Configuration Manager console, and in the Software Library workspace, expand **Application Management**, click **Packages**, right-click **Windows 10 x64 Settings**, and then click **Update Distribution Points**. Click **OK** in the popup that appears. 8. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Distribute Content**. @@ -727,14 +735,14 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi ### Create a deployment for the task sequence -1. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Deploy**. +1. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Deploy**. 2. On the General page, next to **Collection**, click **Browse**, select the **All Unknown Computers** collection, click **OK**, and then click **Next**. -3. On the Deployment Settings page, use the following settings:
- - Purpose: **Available**
- - Make available to the following: **Only media and PXE**
- - Click **Next**.
+3. On the Deployment Settings page, use the following settings: + - Purpose: **Available** + - Make available to the following: **Only media and PXE** + - Click **Next**. 4. Click **Next** five times to accept defaults on the Scheduling, User Experience, Alerts, and Distribution Points pages. 5. Click **Close**. @@ -745,7 +753,7 @@ In this first deployment scenario, we will deploy Windows 10 using PXE. This sce 1. Type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` + ```powershell New-VM –Name "PC4" –NewVHDPath "c:\vhd\pc4.vhdx" -NewVHDSizeBytes 40GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2 Set-VMMemory -VMName "PC4" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20 Start-VM PC4 @@ -754,18 +762,18 @@ In this first deployment scenario, we will deploy Windows 10 using PXE. This sce 2. Press ENTER when prompted to start the network boot service. -3. In the Task Sequence Wizard, provide the password: pass@word1, and then click **Next**. +3. In the Task Sequence Wizard, provide the password: **pass@word1**, and then click **Next**. 4. Before you click **Next** in the Task Sequence Wizard, press the **F8** key. A command prompt will open. -5. At the command prompt, type **explorer.exe** and review the Windows PE file structure. +5. At the command prompt, type **explorer.exe** and review the Windows PE file structure. 6. The smsts.log file is critical for troubleshooting any installation problems that might be encountered. Depending on the deployment phase, the smsts.log file is created in different locations: - - X:\windows\temp\SMSTSLog\smsts.log before disks are formatted. - - x:\smstslog\smsts.log after disks are formatted. - - c:\_SMSTaskSequence\Logs\Smstslog\smsts.log before the Microsoft Endpoint Configuration Manager client is installed. - - c:\windows\ccm\logs\Smstslog\smsts.log after the Microsoft Endpoint Configuration Manager client is installed. - - c:\windows\ccm\logs\smsts.log when the task sequence is complete. + - X:\Windows\temp\SMSTSLog\smsts.log before disks are formatted. + - X:\smstslog\smsts.log after disks are formatted. + - C:\\_SMSTaskSequence\Logs\Smstslog\smsts.log before the Microsoft Endpoint Configuration Manager client is installed. + - C:\Windows\ccm\logs\Smstslog\smsts.log after the Microsoft Endpoint Configuration Manager client is installed. + - C:\Windows\ccm\logs\smsts.log when the task sequence is complete. Note: If a reboot is pending on the client, the reboot will be blocked as long as the command window is open. @@ -783,14 +791,14 @@ In this first deployment scenario, we will deploy Windows 10 using PXE. This sce - Join the computer to the contoso.com domain - Install any applications that were specified in the reference image - 12. When Windows 10 installation has completed, sign in to PC4 using the **contoso\administrator** account. 13. Right-click **Start**, click **Run**, type **control appwiz.cpl**, press ENTER, click **Turn Windows features on or off**, and verify that **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** is installed. This is a feature included in the reference image. 14. Shut down the PC4 VM. ->Note: The following two procedures 1) Replace a client with Windows 10 and 2) Refresh a client with Windows 10 have been exchanged in their order in this guide compared to the previous version. This is to avoid having to restore Hyper-V checkpoints to have access to PC1 before the OS is upgraded. If this is your first time going through this guide, you won't notice any change, but if you have tried the guide previously then this change should make it simpler to complete. +> [!NOTE] +> The following two procedures 1) Replace a client with Windows 10 and 2) Refresh a client with Windows 10 have been exchanged in their order in this guide compared to the previous version. This is to avoid having to restore Hyper-V checkpoints to have access to PC1 before the OS is upgraded. If this is your first time going through this guide, you won't notice any change, but if you have tried the guide previously then this change should make it simpler to complete. ## Replace a client with Windows 10 using Configuration Manager @@ -823,7 +831,7 @@ In the replace procedure, PC1 will not be migrated to a new operating system. It Create a VM named PC4 to receive the applications and settings from PC1. This VM represents a new computer that will replace PC1. To create this VM, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: -``` +```powershell New-VM –Name "PC4" –NewVHDPath "c:\vhd\pc4.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2 Set-VMMemory -VMName "PC4" -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 2048MB -Buffer 20 Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF @@ -837,64 +845,66 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF 2. If a PC1 checkpoint has not already been saved, then save a checkpoint by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` + ```powershell Checkpoint-VM -Name PC1 -SnapshotName BeginState ``` 3. On SRV1, in the Configuration Manager console, in the Administration workspace, expand **Hierarchy Configuration** and click on **Discovery Methods**. 4. Double-click **Active Directory System Discovery** and on the **General** tab select the **Enable Active Directory System Discovery** checkbox. 5. Click the yellow starburst, click **Browse**, select **contoso\Computers**, and then click **OK** three times. -6. When a popup dialog box asks if you want to run full discovery, click **Yes**. +6. When a popup dialog box asks if you want to run full discovery, click **Yes**. 7. In the Assets and Compliance workspace, click **Devices** and verify that the computer account names for SRV1 and PC1 are displayed. See the following example (GREGLIN-PC1 is the computer account name of PC1 in this example): ![assets](images/configmgr-assets.png) >If you do not see the computer account for PC1, try clicking the **Refresh** button in the upper right corner of the console. - + The **Client** column indicates that the Configuration Manager client is not currently installed. This procedure will be carried out next. 8. Sign in to PC1 using the contoso\administrator account and type the following at an elevated command prompt to remove any pre-existing client configuration, if it exists. Note: this command requires an elevated command prompt not an elevated Windows PowerShell prompt: - ``` + ```dos sc stop ccmsetup "\\SRV1\c$\Program Files\Microsoft Configuration Manager\Client\CCMSetup.exe" /Uninstall ``` + >If PC1 still has Configuration Manager registry settings that were applied by Group Policy, startup scripts, or other policies in its previous domain, these might not all be removed by CCMSetup /Uninstall and can cause problems with installation or registration of the client in its new environment. It might be necessary to manually remove these settings if they are present. For more information, see [Manual removal of the Configuration Manager client](https://blogs.technet.microsoft.com/michaelgriswold/2013/01/02/manual-removal-of-the-sccm-client/). -9. On PC1, temporarily stop Windows Update from queuing items for download and clear all BITS jobs from the queue: +9. On PC1, temporarily stop Windows Update from queuing items for download and clear all BITS jobs from the queue. From an elevated command prompt, type: - ``` + ```dos net stop wuauserv net stop BITS ``` Verify that both services were stopped successfully, then type the following at an elevated command prompt: - ``` + ```dos del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" net start BITS bitsadmin /list /allusers ``` - Verify that BITSAdmin displays 0 jobs. + Verify that BITSAdmin displays 0 jobs. 10. To install the Configuration Manager client as a standalone process, type the following at an elevated command prompt: - ``` + ```dos "\\SRV1\c$\Program Files\Microsoft Configuration Manager\Client\CCMSetup.exe" /mp:SRV1.contoso.com /logon SMSSITECODE=PS1 ``` -11. On PC1, using file explorer, open the **C:\Windows\ccmsetup** directory. During client installation, files will be downloaded here. + +11. On PC1, using file explorer, open the **C:\Windows\ccmsetup** directory. During client installation, files will be downloaded here. 12. Installation progress will be captured in the file: **c:\windows\ccmsetup\logs\ccmsetup.log**. You can periodically open this file in notepad, or you can type the following command at an elevated Windows PowerShell prompt to monitor installation progress: - ``` + ```powershell Get-Content -Path c:\windows\ccmsetup\logs\ccmsetup.log -Wait ``` - + Installation might require several minutes, and display of the log file will appear to hang while some applications are installed. This is normal. When setup is complete, verify that **CcmSetup is existing with return code 0** is displayed on the last line of the ccmsetup.log file and then press **CTRL-C** to break out of the Get-Content operation (if you are viewing the log in Windows PowerShell the last line will be wrapped). A return code of 0 indicates that installation was successful and you should now see a directory created at **C:\Windows\CCM** that contains files used in registration of the client with its site. -13. On PC1, open the Configuration Manager control panel applet by typing the following command: +13. On PC1, open the Configuration Manager control panel applet by typing the following command from a command prompt: - ``` + ```dos control smscfgrc ``` @@ -917,14 +927,14 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF 1. On SRV1, in the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections** and then click **Create Device Collection**. 2. Use the following settings in the **Create Device Collection Wizard**: - - General > Name: **Install Windows 10 Enterprise x64**
- - General > Limiting collection: **All Systems**
- - Membership Rules > Add Rule: **Direct Rule**
- - The **Create Direct Membership Rule Wizard** opens, click **Next**
- - Search for Resources > Resource class: **System Resource**
- - Search for Resources > Attribute name: **Name**
- - Search for Resources > Value: **%**
- - Select Resources > Value: Select the computername associated with the PC1 VM
+ - General > Name: **Install Windows 10 Enterprise x64** + - General > Limiting collection: **All Systems** + - Membership Rules > Add Rule: **Direct Rule** + - The **Create Direct Membership Rule Wizard** opens, click **Next** + - Search for Resources > Resource class: **System Resource** + - Search for Resources > Attribute name: **Name** + - Search for Resources > Value: **%** + - Select Resources > Value: Select the computername associated with the PC1 VM - Click **Next** twice and then click **Close** in both windows (Next, Next, Close, then Next, Next, Close) 3. Double-click the Install Windows 10 Enterprise x64 device collection and verify that the PC1 computer account is displayed. @@ -932,17 +942,16 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF 4. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64** and then click **Deploy**. 5. Use the following settings in the Deploy Software wizard: - - General > Collection: Click Browse and select **Install Windows 10 Enterprise x64**
- - Deployment Settings > Purpose: **Available**
- - Deployment Settings > Make available to the following: **Configuration Manager clients, media and PXE**
- - Scheduling > Click **Next**
- - User Experience > Click **Next**
- - Alerts > Click **Next**
- - Distribution Points > Click **Next**
- - Summary > Click **Next**
+ - General > Collection: Click Browse and select **Install Windows 10 Enterprise x64** + - Deployment Settings > Purpose: **Available** + - Deployment Settings > Make available to the following: **Configuration Manager clients, media and PXE** + - Scheduling > Click **Next** + - User Experience > Click **Next** + - Alerts > Click **Next** + - Distribution Points > Click **Next** + - Summary > Click **Next** - Verify that the wizard completed successfully and then click **Close** - ### Associate PC4 with PC1 1. On SRV1 in the Configuration Manager console, in the Assets and Compliance workspace, right-click **Devices** and then click **Import Computer Information**. @@ -977,14 +986,14 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF 1. On SRV1, in the Configuration Manager console, in the Assets and Compliance workspace, right-click **Device Collections** and then click **Create Device Collection**. 2. Use the following settings in the **Create Device Collection Wizard**: - - General > Name: **USMT Backup (Replace)**
- - General > Limiting collection: **All Systems**
- - Membership Rules > Add Rule: **Direct Rule**
- - The **Create Direct Membership Rule Wizard** opens, click **Next**
- - Search for Resources > Resource class: **System Resource**
- - Search for Resources > Attribute name: **Name**
- - Search for Resources > Value: **%**
- - Select Resources > Value: Select the computername associated with the PC1 VM (GREGLIN-PC1 in this example).
+ - General > Name: **USMT Backup (Replace)** + - General > Limiting collection: **All Systems** + - Membership Rules > Add Rule: **Direct Rule** + - The **Create Direct Membership Rule Wizard** opens, click **Next** + - Search for Resources > Resource class: **System Resource** + - Search for Resources > Attribute name: **Name** + - Search for Resources > Value: **%** + - Select Resources > Value: Select the computername associated with the PC1 VM (GREGLIN-PC1 in this example). - Click **Next** twice and then click **Close** in both windows. 3. Click **Device Collections** and then double-click **USMT Backup (Replace)**. Verify that the computer name/hostname associated with PC1 is displayed in the collection. Do not proceed until this name is displayed. @@ -992,27 +1001,29 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF ### Create a new deployment In the Configuration Manager console, in the Software Library workspace under Operating Systems, click **Task Sequences**, right-click **Replace Task Sequence**, click **Deploy**, and use the following settings: -- General > Collection: **USMT Backup (Replace)**
-- Deployment Settings > Purpose: **Available**
-- Deployment Settings > Make available to the following: **Only Configuration Manager Clients**
-- Scheduling: Click **Next**
-- User Experience: Click **Next**
-- Alerts: Click **Next**
-- Distribution Points: Click **Next**
+ +- General > Collection: **USMT Backup (Replace)** +- Deployment Settings > Purpose: **Available** +- Deployment Settings > Make available to the following: **Only Configuration Manager Clients** +- Scheduling: Click **Next** +- User Experience: Click **Next** +- Alerts: Click **Next** +- Distribution Points: Click **Next** - Click **Next** and then click **Close**. ### Verify the backup -1. On PC1, open the Configuration Manager control panel applet by typing the following command: +1. On PC1, open the Configuration Manager control panel applet by typing the following command in a command prompt: - ``` + ```dos control smscfgrc ``` + 2. On the **Actions** tab, click **Machine Policy Retrieval & Evaluation Cycle**, click **Run Now**, click **OK**, and then click **OK** again. This is one method that can be used to run a task sequence in addition to the Client Notification method that will be demonstrated in the computer refresh procedure. 3. Type the following at an elevated command prompt to open the Software Center: - ``` + ```dos C:\Windows\CCM\SCClient.exe ``` @@ -1029,18 +1040,19 @@ In the Configuration Manager console, in the Software Library workspace under Op 1. Start PC4 and press ENTER for a network boot when prompted. To start PC4, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` + ```powershell Start-VM PC4 vmconnect localhost PC4 ``` -2. In the **Welcome to the Task Sequence Wizard**, enter pass@word1 and click **Next**. -3. Choose the **Windows 10 Enterprise X64** image. -4. Setup will install the operating system using the Windows 10 Enterprise x64 reference image, install the configuration manager client, join PC4 to the domain, and restore users and settings from PC1. -5. Save checkpoints for all VMs if you wish to review their status at a later date. This is not required (checkpoints do take up space on the Hyper-V host). Note: the next procedure will install a new OS on PC1 update its status in Configuration Manager and in Active Directory as a Windows 10 device, so you cannot return to a previous checkpoint only on the PC1 VM without a conflict. Therefore, if you do create a checkpoint, you should do this for all VMs. + +1. In the **Welcome to the Task Sequence Wizard**, enter **pass@word1** and click **Next**. +1. Choose the **Windows 10 Enterprise X64** image. +1. Setup will install the operating system using the Windows 10 Enterprise x64 reference image, install the configuration manager client, join PC4 to the domain, and restore users and settings from PC1. +1. Save checkpoints for all VMs if you wish to review their status at a later date. This is not required (checkpoints do take up space on the Hyper-V host). Note: the next procedure will install a new OS on PC1 update its status in Configuration Manager and in Active Directory as a Windows 10 device, so you cannot return to a previous checkpoint only on the PC1 VM without a conflict. Therefore, if you do create a checkpoint, you should do this for all VMs. To save a checkpoint for all VMs, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: - ``` + ```powershell Checkpoint-VM -Name DC1 -SnapshotName cm-refresh Checkpoint-VM -Name SRV1 -SnapshotName cm-refresh Checkpoint-VM -Name PC1 -SnapshotName cm-refresh @@ -1048,7 +1060,6 @@ In the Configuration Manager console, in the Software Library workspace under Op ## Refresh a client with Windows 10 using Configuration Manager - ### Initiate the computer refresh 1. On SRV1, in the Assets and Compliance workspace, click **Device Collections** and then double-click **Install Windows 10 Enterprise x64**. @@ -1060,16 +1071,14 @@ In the Configuration Manager console, in the Software Library workspace under Op The computer will restart several times during the installation process. Installation includes downloading updates, reinstalling the Configuration Manager Client Agent, and restoring the user state. You can view status of the installation in the Configuration Manager console by accessing the Monitoring workspace, clicking **Deployments**, and then double-clicking the deployment associated with the **Install Windows 10 Enterprise x64** collection. Under **Asset Details**, right-click the device and then click **More Details**. Click the **Status** tab to see a list of tasks that have been performed. See the following example: - ![asset](images/configmgr-asset.png) - - You can also monitor progress of the installation by using the MDT deployment workbench and viewing the **Monitoring** node under **Deployment Shares\MDT Production**. - + ![asset](images/configmgr-asset.png) + + You can also monitor progress of the installation by using the MDT deployment workbench and viewing the **Monitoring** node under **Deployment Shares\MDT Production**. + When installation has completed, sign in using the contoso\administrator account or the contoso\user1 account and verify that applications and settings have been successfully backed up and restored to your new Windows 10 Enterprise operating system. ![post-refresh](images/configmgr-post-refresh.png) - - ## Related Topics [System Center 2012 Configuration Manager Survival Guide](https://social.technet.microsoft.com/wiki/contents/articles/7075.system-center-2012-configuration-manager-survival-guide.aspx#Step-by-Step_Guides) From e334e2adce321b5703e10afc489daa5c508eb2d6 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Thu, 10 Sep 2020 15:04:37 +0200 Subject: [PATCH 035/115] Update windows-10-poc-sc-config-mgr.md Converted HTML table to markdown. --- .../windows-10-poc-sc-config-mgr.md | 34 +++++++++---------- 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index f66b5105f1..1db27c1143 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -45,23 +45,21 @@ This guide provides end-to-end instructions to install and configure Microsoft E Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed. -
- -
TopicDescriptionTime - -
Install prerequisitesInstall prerequisite Windows Server roles and features, download, install and configure SQL Server, configure firewall rules, and install the Windows ADK.60 minutes -
Install Microsoft Endpoint Configuration ManagerDownload Microsoft Endpoint Configuration Manager, configure prerequisites, and install the package.45 minutes -
Download MDOP and install DaRTDownload the Microsoft Desktop Optimization Pack 2015 and install DaRT 10.15 minutes -
Prepare for Zero Touch installationPrerequisite procedures to support Zero Touch installation.60 minutes -
Create a boot image for Configuration ManagerUse the MDT wizard to create the boot image in Configuration Manager.20 minutes -
Create a Windows 10 reference imageThis procedure can be skipped if it was done previously, otherwise instructions are provided to create a reference image.0-60 minutes -
Add a Windows 10 operating system imageAdd a Windows 10 operating system image and distribute it.10 minutes
Create a task sequenceCreate a Configuration Manager task sequence with MDT integration using the MDT wizard15 minutes -
Finalize the operating system configurationEnable monitoring, configure rules, and distribute content.30 minutes -
Deploy Windows 10 using PXE and Configuration ManagerDeploy Windows 10 using Configuration Manager deployment packages and task sequences.60 minutes -
Replace a client with Windows 10 using Configuration ManagerReplace a client computer with Windows 10 using Configuration Manager.90 minutes -
Refresh a client with Windows 10 using Configuration ManagerUse a task sequence to refresh a client with Windows 10 using Configuration Manager and MDT90 minutes -
-
+|||| +|--- |--- |--- | +|Topic|Description|Time| +|[Install prerequisites](#install-prerequisites)|Install prerequisite Windows Server roles and features, download, install and configure SQL Server, configure firewall rules, and install the Windows ADK.|60 minutes| +|[Install Microsoft Endpoint Configuration Manager](#install-microsoft-endpoint-configuration-manager)|Download Microsoft Endpoint Configuration Manager, configure prerequisites, and install the package.|45 minutes| +|[Download MDOP and install DaRT](#download-mdop-and-install-dart)|Download the Microsoft Desktop Optimization Pack 2015 and install DaRT 10.|15 minutes| +|[Prepare for Zero Touch installation](#prepare-for-zero-touch-installation)|Prerequisite procedures to support Zero Touch installation.|60 minutes| +|[Create a boot image for Configuration Manager](#create-a-boot-image-for-configuration-manager)|Use the MDT wizard to create the boot image in Configuration Manager.|20 minutes| +|[Create a Windows 10 reference image](#create-a-windows-10-reference-image)|This procedure can be skipped if it was done previously, otherwise instructions are provided to create a reference image.|0-60 minutes| +|[Add a Windows 10 operating system image](#add-a-windows-10-operating-system-image)|Add a Windows 10 operating system image and distribute it.|10 minutes| +|[Create a task sequence](#create-a-task-sequence)|Create a Configuration Manager task sequence with MDT integration using the MDT wizard|15 minutes| +|[Finalize the operating system configuration](#finalize-the-operating-system-configuration)|Enable monitoring, configure rules, and distribute content.|30 minutes| +|[Deploy Windows 10 using PXE and Configuration Manager](#deploy-windows-10-using-pxe-and-configuration-manager)|Deploy Windows 10 using Configuration Manager deployment packages and task sequences.|60 minutes| +|[Replace a client with Windows 10 using Configuration Manager](#replace-a-client-with-windows-10-using-configuration-manager)|Replace a client computer with Windows 10 using Configuration Manager.|90 minutes| +|[Refresh a client with Windows 10 using Configuration Manager](#refresh-a-client-with-windows-10-using-configuration-manager)|Use a task sequence to refresh a client with Windows 10 using Configuration Manager and MDT|90 minutes| ## Install prerequisites @@ -219,7 +217,7 @@ Topics and procedures in this guide are summarized in the following table. An es > [!IMPORTANT] > This step requires an MSDN subscription or volume licence agreement. For more information, see [Ready for Windows 10: MDOP 2015 and more tools are now available](https://blogs.technet.microsoft.com/windowsitpro/2015/08/17/ready-for-windows-10-mdop-2015-and-more-tools-are-now-available/). -> If your organization qualifies and does not already have an MSDN subscription, you can obtain a [free MSDN subscription with BizSpark](https://blogs.msdn.microsoft.com/zainnab/2011/03/14/bizspark-free-msdn-subscription-for-start-up-companies/). +> If your organization qualifies and does not already have an MSDN subscription, you can obtain a [free MSDN subscription with BizSpark](https://docs.microsoft.com/archive/blogs/zainnab/bizspark-free-msdn-subscription-for-start-up-companies/). 1. Download the [Microsoft Desktop Optimization Pack 2015](https://msdn.microsoft.com/subscriptions/downloads/#ProductFamilyId=597) to the Hyper-V host using an MSDN subscription. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso, 2.79 GB) to the C:\VHD directory on the Hyper-V host. From 938207fdc8d05dc45a76d3d7c2e1dbd44bc376af Mon Sep 17 00:00:00 2001 From: Sunny Zankharia Date: Thu, 10 Sep 2020 13:05:35 -0700 Subject: [PATCH 036/115] Update appguard-gp-turn-on.png --- .../images/appguard-gp-turn-on.png | Bin 149078 -> 271633 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-turn-on.png b/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-turn-on.png index 1afbd303b083267401540bd0121b1dd9cf4415e0..7ee172b509f4a9130745edb23bd2476d72a5cda8 100644 GIT binary patch literal 271633 zcmc$`WmH_<)-FgONC*-VBtU==!6i6Bg9Udj+}+&??h@Py?(XjHE`__h6_nh{d(Qdp zcW?I?{inO{9@Jp38nu_qHP@8qnN^{3GNPF1MCb?z2$`dUCRmgK5P6 zH>{tSVOO7s`rq{<;mGpfyfjlkFGwRMGMy-B%@(NGH)UwHVw0Gog4vK@dMRrr{Yk(;67WB}J?zQ%kHP!Ti0`$U9N*Lk z{^zr~uamF@RnY$3)OFnY|7*~eaX_|4qqX<*StEzFW~cL6noY-%6Q>rWVA1`!KC|N6 zO-j$kCFXzT*>!1q^aq%Z*WwL%N}x@OBxvDY(a_Mq=uxcA&ToeQWfmA)o0ptqrKXyv z6#q`U9UsRmFPA=;Z2Z6WaeUT3GrP9Ds-&Y;Jez>KoF*ZOE?JM9zv7uHQHT6>%;!du z)$QvFPkB&*rZvs!6ZvlBFv6rSZt1?{03( zo=E@c`WufX*CD$}AcN*%$*d~wuE}7(NERQ7K40JrE|EROsiUiFvhZ6{ysx2=kvaNT zS4;|KWpv~+4AHU@@f4Jlc?Cl=vu|(gXX}sC!K)FsbA7vcFFXFDLw_dY8~SL7H^ZZaBr6?Q&^{sO)gV4K(b;Nr_90r%D(Yyp;a;>Fl!Vp>z!jsMN4nLs1Bj{T21Je`udXG!XUVpndjl3A~rGPm?V6XFn?B3_9{8<*iPkhvdSu` zs1(~MoLZBjX-UjApDMbEUoH;4esnbq{E3kA{JIX0Tb@B)&sw!G|;|OW4h`$99p^LX0d}qho$xM+#|kur$E{*49`UM&HQr7ep5oa}wUI<_DzN z)ajPr+4<_Hm|`VUYil|x4r%(%+%4|JtD`6Qig_1DoVe&+?P~((RwvH$L*O;kn&fm~ zo9rsiMARiW-aXK9inKg^&GR$!gp3O*0>UP{KCFYBmeo;a-~Fe$LBrC$k{NlMg;0KrqOcqb%># zn@hzOSjsAR!B5hgvXZ*K(O&ZDTH^WI(W}|W3v}=lM)QnL^Tf=`@$RP5h=8qV-fbB` z{pwXU6Vq?cIEs6Qp7PDHu;l)c6qXI&ZI$U(S(tLVj!xR0euYWKWGe>WM;%)-=iO7M zyNcG}MSADp1Ff&`f3?>5FOejEwt6r;H#6`vTpT(oK`0b`BtdUozA{upJ(C|f8s~Vs z6YVY}^O$^CRO=b%yd^clQ2S1Y60r|C zmW?K7Safhdwrky!`xLjbc&lPtItWjJpw$s|t+hQe{Dni-94|@M10BL=6AVt)7##QR z{fdvqS-Q?)TPETce>@-$0UHx#-5yLUSS$Ya?l+NroEsUWa`JI_WBp!&clf5SGS-*v!l%0zuMo}PvKZ(2;o?sDVa?!z8Q4F1 zArOYW%E=V*r)4Rh`!Ms&O0)Nz*;{I(_J#W-;y3$&UtXSM%V&L)PZQ0HKC+K5qWtft zINL!#_0uozmXHvBO^1R`{L7}!J|;s5tKkbZ3Dowq+Ryna336j-S)Detq_a`(pZ|Jp zA+hYk2hlaUU1;0UNnd6)S)*i}^g3g-X=C=9k%T?oU2yO|-MqtwemTt=%!DLmeSuzv zwo&TvaG03gWbP0|hjn5l-3JZ$IMD2?+nz>#I~tce8aMd8h#gwlN3mFP&8Oxj&rO%^T{IBqrN5`>tybGKh$jgJg#hATD1CCSo0g>4yqF1 z?HL*m8RSg<4Cw_?oY}il>}@JY=>7&MLmFK#@zRnS9?jo8^S&wws5M_w6~FV*zV*u> zvK9)5C|~j~@voigICPtGp));*P~XhEWy5~HK)qtMV<*B$OAP1;-4+h?WG!poN+?DXyDLrg1=!Yb;EQ!DIp|Pi$({Cd-howrHO+JoN~@nAGz(` zZ(%yztPOCoq_0i8RyePNs^DI|DeU>A2ew_8?PbpTZSrO0Zv30ATES?@A}kF&K?&v| zAOxnZ+^TEMi1$z9Ef1>fr>iA+PYIoKFgilGTk)l#+mPW4>F2}AxDLj)~b`G{xjbs&uGu~=f3%j!AjSQ*2lff zC`FS=JX~XwywRLbpC@pY>2zJJL`PRW>C=BI8@GH{-- z0{EYyuLj|dt4!;~Kju4+EWvBOL3Z1s)0GIV$;>CYlfoC&v&~1DN<&lq%{mn zVKnl|erMGK?V4mCFO(#O`umOfog$FENW;=#9e|mtjA*Nlqhlx_m3BrKZ0{Qd4#WcL z_lw+PBwX%as$!Ete^;G++lQ z?VXPsJ3FNOAP5ZY>A-Gl^=NcfC(j8_h?x-J=Q*P>GrtDcY+cm zJvq{?F1d2nvGViN^3rdWec`#iHG`X-51BLb80k-dcWQmA{i`h3e)FCESNVkd;ZKa; z1JtXGX)FLPkz-2rMkI~dA~(v8%y0dsanrw7aU~L9%?T*Z_`%ZUc(fu=be3{nvnefr za~YJyPDT0z@&Y&k=@%IQCa6FD)rst9H5HRW%tDKAcwZ(WzADzyvs?P~_t{f%u3=Va zbMJJ&ICnr|TYiP=uhXZ^4XD#I`Ou`kUWe6af||X*%u(;qX?tpg`%KF#c7lHg)S#bb zhj;UaxPVjLspr-GqNMHbS)85R?aR%bQ#67;4qbWMCcQ8Fv}cBv0q)zLe>6{OZ$2+5 zU0Cr)tY(gzkp8&IDo*kU_MeyI^J~}L_wx5T zpVm5bp!ZXgu!p6l!D!g#;2_Lx^~eVreaO@)<#t@@Ryi?0epd!)C|-6@EFBDDkB%f6 zZMdadp1b?4I{Q3Y3W+8-*rT3N$d3)VoSG$vhXAj#O0LY)xz~15CN5r%+~gzUUy%{r zg2x=0spjMr&-N2AIz>j6cYUg@Ha`8r?@UG;cdX;0@FdKx;CgDZVx?0NPPV{fK2<&z zHrP+6n|QGKlRS=*Dd*K=#i@hDFZ!qK2g!ZOSMaA%D((%;*+Jx!21(sL5CD<5)kiuI z1#zPT^htH}=B7;I^*HWRRoqM98#JWJ`330{x;OH^PoPwkWy6VtxB5QqALwg7y+P~{ z6(n<+0?ZbsFIgg5VR1+F>F0xVEIkaSo8)9q-%z;|KhY_b`(xjPr_tey`44DJeLb>cSd?)~a#v`OJ#zJUIoY9c<(C7L1DzdS${w(WdfvygKt;(qf;k+-oD(`#yG{c~pH}XN7gV{V4(T zl@Ap?zB$EG<#6mM#v=yrZOQ1lS+4(A{148Ghr2dQ^ebgKwggShSffi5juo%L60hRl zo=fmU{UOs;>NqbLREDZlk2WI#wlz&o*rzUPe+0YPHH&<+$mJHCLwm*0m39R=9^Wq& z1F_Q7)$Y~zBsB;QmKXNS-L`_POs=yWt(2u-rq;8>eVzL1v9)Cvj=cTx^3}mYU&Da6 zC-VLnZEdG^6g~ilYWP9y&jyzN&gwC9KuI;stnj2>9dB#G-hm_u=gXTS;FO84xfW&( z^4)IbdRDzxqUpSL(W*AH+Y6E04Ug9sO_hQ=0{qDs|<}6AzP#m?@ z__Cmkreww|S!E7PnYjB!`?U()nIKthaneQ6@PayxK~?M&c?ljhr_))_3;9BCYqcom zf@s+|4|AR5Md#n9^;bChKd&7P)tox5$+UXfc|aOL@uho#K&P5yFE(bv8#JBsZj~`g z!o(9xAL12@HGw}?eA_)}IJ^mV(m5^sL{z<3ycGa{rj8s9RrS-cLW4=!4*@m^(g%A6r=W%Juq=4-30UB!nUxHd~U^tnzBTrU>T>X?-Vk|I8uwrJSI3E>fT|mj0QSpkk~$mDv)%Rb9IYke1@F#NDN@b|a;_ zoS4<1lW&!Tf>}pv_r8u91qKq3c%{7m$EaIm;^&xkBPxKbP$h|6>94(KS6&*cDi&`t zH$mFdhX-EHG4=J@V-MXpih2YV4JQqKZc__oG)~nw3;}RRRd=X~pBl_4L%dRWZh%$8 z|Cybs51#UnN+x1`r*+%`5+_w^&vRr=P9OS3p8_wV8{0QvvjvSl^==Cn>`;Sa{K`oP z7U_ly`-8*9Qql$=bfGNnW`v4*cmF$$#s^&8oH||fR2k6YyeSaPu z|IS)o@STsaaKdo+z$CArFT7u`PzL$xZ?Gjix-Vt(tLqc0^7kUsDHfrDKY>jsW9S%- zBFu+0_MMnSh-oQUPsS70{AUc`szXsmpPV|7!h;pE+Y@Z<_oUKkC!DG}abe`gzqR%& z*9c5|^NBv(PIKA&3(vS$ORl|lq+QRMUwHm)p_%{sH&*~JKd5@r1PUv}O7Y&_*PPf#-6ar-*ZVNU{JAzL$H`$@RXEU@rl(C5MX zh9GU-XXPL~+SBEHoiMhJHrv_3b|RHGR*3vcoSJYX-O@-#C2BcO$v*B=aKVRE=4NVs zej(-f%+$98q@-N#HG=HOLBLNqB|WFL{&b|el{Wr&UDo`lS}%f;%~950S{^^k(bN&> zqWThSOWAcq0I~(REd`1&Rn2XuL{H2=sE(={HY_DrH#N)zJa>JhTQH9)*PBK9M~?00 zB$Xv=4afvb7sYWItR|Jcf`2s@OVzTbdH5La=I;zF`Bj=hR_6_Oi(3ZJ zrH{0%7&6A5KXvs(Cee8h*mr8PjRR9#G)jRh_P1-(#}l(mguXAHv1|Z@k9%eQ#C)&O z&@TDuHyG);^A0g$lrIu-Kk%jD5Pc3$7@lE{b+A{ct%+q}iDPDYYc?X51WyBIW{u3u zUX8`mD&&)dGTl4dX1)q zVbGLSY?XR6l{1Bdv89WHj~1JK==LH{9^V4c&&vHBP8Mt~w>@8l?`v5I7uCUSFqH)f zVMkGh*tI-|#<2tk%CZK$}%zi_QHDxPTvqoeNm>w)nov3I73zvY|VQS0y27 z9$$QPy4&$MYs!=K+Ozm@h|AI29I{-#P%M3J`;}7=b2aE2y2>{kK zA(|t15q1B>9tRz!M>FKcfl5wXMo!9}W`jq5m0!*FuBw@jma76TyTrsFUzv4p)eXco z^JX8fD}n|L09Mf7foWJ_5JaJ#&$+wTuEner?Ci`GPnM2z%SBY;hDv?QV%58rO>kTs z$Bshq0|kC?U~uq2e}7(nJ`HXPJpTL6$5`t^G%(r7vt=)r;6Ga{AcG-oDGNeDyR(0! zUn%v2aXxF&ok+Ya#ZNX1%j&&RMuqI+zhZnB7KC}?8Vn%SeL{G&~DO)10Y(r?_99F(dl$*T5Tjd!N&d$T39Z_nnx&F}qbd)=BV*?vE0xkNzZ zN<+uPL&wVcg_HB}_Gq)JYF1v}#Hc1-A3EerPvOQ&hc@4JVooFL$0jx-)p zsg22R<#{aQ8A}%!bWrjeRnr6yVo$#55cr5|wgjgk9stwAuz{gkBCYB)&Z7prQdLwG z!o=oDRHj0Kyr?^5ypd1g9^dgXSUxJ5Wn0ox?zZ}(Mo%DmZa!@8lztxcL*xF+%UN@! z;0?e3l^+P@lng~hz_z~al8ZBWc+SEEm8srpnE^)qX{koUEK2tTLTlWte0qlEX-6p< zqJ_Ve7c|aq&>*U&V*C{2CL6f3Dbe@A33!WRBHHvZ8^v1a{h2aTRjM<7it3rfAI-yB z+WC8zrR9&W6Db=8g;Xu@9W}P4q?oFY8{0|Fu!8>jR@0_VR-xYi;wkKo2FU(5l47c? zM>lZa)chWJEom;IYI@b53rdnDAezK?3f^~0AL6?pP_1U5G7-{k z)6u=`?hVHJu|=Ldc$!4Vf4OiN{cd#xTlbnQJI*G>h^~WBmO8S?3a z^5`~Lwvn9fFN?$gr)A*;3`q>ZX;SgSS0xfLQ?AmYN$Q0ImAXBm3X0>(z@o~R``Q>2 zC%6Xqu z;rwHOoBh*|+*Rh*wD96^dNGus{M@Sb{@h696W&A%bzRdmHIxnc59tw0f7YDc{=#~$ z#66s1c!GFK#Vf-cAU!NJl!0ofvb2GC)8$$AvQ^Wo2?=3RmK8SJ3z4GNJdnQp426=fe7TTk!+_X62~N zD_DkgWKuS~@hfc{)!v15#RKckm850tO+x%HZ>hn@93A(Gv_FSyYaHiWycl{-IgP zy}S$n%0ljX`Csb4@Q9P7%DH~3IQ-!_y?&?bpc2xK!bhW zK|ZzlE9nQKf42B=WPUw7sWSbd=?_Pp1?{ne(%$rNvuKZzH>H7Rw1^dE#H#CI*#k5L z^Z7ITc{C?(>YI$@e7ZTM`MFGfpN`tvo1Q?@+EACHnS6`IimU$;t#32a(Dpc>K-J`G z^e^STN%}86{%vEk-sXOnmiapAm{_B3Pr2qcJvUpv6-m~H`%Rmj&6Im*oP~3STI2IB zN@v`lpn)Qb!-TSmlgoqWGrgBJT4mNhdh&PAw*K}w{$B+lT`vDml^bHLS^bm$DJ=N) zOp=84wtaB>;J+AoNR%XM=zi6s+h6(oy=*&oW(0C3c@t;){F}T{g zz>85XKK`fg|8pfJS$NF4n)?{#N8ecYrv`$R+Y;OUpJCG{S)Mf`CNtGSL z$~TsE%A;8WZRP6`POhNCKlAu38X{K z+m#GV%?nea>WD`$iOfXoN|XTNii##KtF!mV}E{27%AYD8;K~kcAHx6NOJlUraK)=p*wjK@xP(RldA`%a+M_Je8=U@n3GLK zk9${~71~>A8)Di!`^U7BnyyHRh8DBDE{V{fH`D`}XZZ$ip$RrV*}o= zH91bn)d)s=HP5ek`M~O&P6&NqLtC<~E|T~RJWD#|!m<60$7SZZ@`Y%c?>8x~U4I&G zeE#$sC=@O8AkT_&7~!bRrarBlQ=#DI*R#iBG$s@-C_?IZCdfiU9eEw=9?~%Gp|Fd8 zd3gIdY=E7_Au`sARU)^|*ds)kR95;nhNwL@g8pILZs5k!-0ugM!kEya2 z&5;bZR79Sk0@EoT-$gXqcE5++&kcfnP0di0xq-A{CHbaUA|7AwYUQ_BAk)D`rO_Cj zJ>)sO5{nDTE{0EOFRZO!OiQec;`(Eh0*yA&s=W6dtY5SoiH;Bh&!I-|8o3`mLU`IJ zpX9-D5g8e`WVv%T+lpg+%)sz_oX)>HiX^6So2|Vw@Qq}NA|FfmJFn+Oyg5_kQdgkj zzxNb47wF6C+E=G68Uyumd%@D?!gWaApM>=enEWf6@BpWzFd5s~(+Q=~hdN5iCw>4F zchfL!2ehcNGMf@RY9eVl%w|&bJe=|p1c(owwbm&{(bdh|sxqc7JKM-$57oM0>ALl0 zvZeX)*j4d1)QV*7vPEr!=T1m*cLROV(XXvY+GL!e+_^)GBROrInd0I3TI`l=N5?k24#w0l=^)6JB!%yMG-=>!fJZFu zu$ze$0_=^hsm*-PVg1DDeOIj`v-8{DFi;AR9UUFIFFAoveE3QI@jNV(Jyj`|@oPBg z68Nf;%=Y!;)ejY_tO`#f4FdN_;sZ9j64h8chbKrJ-thvZ6F!J4iqYBQaGHRO2)5Le zUzgaLN7OR1*uXKJ@Z%Xop$-T>0s2H<3H|~i&1MnZOy%wj*!oZJP6w~M-e!wj(DRa% z*u=9n%&6G1rA^PO|AdrDtFu5%_;V|u=Bt{=2c8$4$0iIqyXQ?Vfb2|rgJ`a^!`KW( zQqAY{0BSywizmFrhP&0f-&DzX5`{3-jyn!xvJ^N0J><*Xplm8N(-$c|OYb2)=N`_d ze^Z&I%T*;QK@!p$JZW`espk%OQ=oeKO7s4_&Tfa|>e+WV`Cu?I5`1jHA%gN+IhCk!S(7>V+-?*; zPGu7V$QNq_S=O^Z!pt;M*Ltr5tNw}Vitot>>>p?RTZZt<2r|MaFF#oc7AXIyerqY z@E|D9VV~e0wpdLevB6A4JLw#FWbHZ==`8o~#C_U92CMDvl4<2#rd%JBs@;$pGdS{B1Mqvn06HWj2wFz#~@ z2?{4wZ@wiU-oB$3w^Z0=s2N9}rqFE=@`&?Y7QpZ?zzME^AC(T!A}d{ExT2}ri0SH8 zGS;PssRehvH+RQ4>z54rf!pzcFO|iNbYu@j2Vf_hx9xl>K+LCptNCCC^u+YLc;bik zwY+`Zr-wa(T0x~5x_x}{maVEWbjYKu<7(zUp|EI#TDM~Bzy~gCS_7}8o%>yaHRqXZ z?zaH)q#D7_Cp=`(aHs1sFI}UmLJaZid#`T>%>AJJVIBDx_*rCq&p?}}M014t3x|r9 z_BDW9>fr%iJZuZM$5wC(H+%T5EC#a$EOyN-!As$e%I%N_p)yFpbKeyCJv6=(0I_gA zKOyBNXl635Imm|qvY!bb@|$~0Uv~WNqes6dy_Ix;EWUTH{8HL4>G;C>G|6l=)6@DD z-XGdGs)~Z@IE4M#o7`O6_?WUyBIo4EyFf~v{fRtvI(nNRqw#p|hE&Y%HZ+U_aq%} zq{oakav2VxfA7iAmq1+2T;97MblI>?W9qfq&kRWEp6>?Hd*ZNQ*4)i^vqV38vD-kN zmL)lA5At)VXmRV#1Kncp^Q%eri?e`m7{5rdQI!U-n-A`c7QC*G;`o+*R^vujbvIcV zXmLUPOOrh##ijjs6?yU2g&v7`+rg$Wur}Rs`%cAfmI2gp(AffOyGw(-iz?Y!L|F`P z9bpX+Q{2}l?dW0dgtjf0N5-`0H6|-pS);52GUg$dzkov{*(h%jPAr}RX$q8p%MngR ze%Wt=%#(6iS0=Gtij39aXBK39Ive8Qvi4~+?u}P%&VXwfWvyT>^-!iFr9zAe*nk`v zG;4d$ZXikWgos{q-}fB8=pmo3leRU8g=rXw0*@&pY#V85Z>OF{{EwWrdEoA$?-r<~ z4Do*lAm4-+vj0X6&*FeD(=CU`n2^?ekempkwh#uHgHkC>WG2w{XT7*?`+u$cDYk23ZXoi8h0j*kq>}q1# z`28K0H11#~DLM4hRa)8$eFSTywmw@~8f0Xp&-?y{S}w$U6pVKy3uQXVz!Q9$YZbPjuNbzP|zEs%&{4=(}VLogeS z$C++wl-73fMRku{YVqQLwH`iRfoMYF&%mJb8)iW31UFA-C=mySJL00Y_?gPSutIxq zdt1jgt?udT1O-fV=!ZCN6MAVNWiCF8Pzrurtjx6tp!;Y~X??5zvWvO^Hb+g2UB3FJ z&Ut-g6A-=~C7OsK+&iZNX0H5GT#Hrtw90STd!3;{=JMLr{pq(QAFYxIGV6@gv6TKF zzZ}hh4&kI}1!0T42*Xc%lP*@}Nvcgrs!Hz7z7j;q*6|Bw*GIKXIwHnjNOHTZHzr=* ztL4R3yq^!ED9KjL!mlwx8o%48)w2W=i=DhzU4R9|M^u zKckJj=6dY!Tb>Lz1{;BIYTKdLS1ouZ*JdB{MbB!qZ>Lph?ssL&qq(9yE%8L4R*jfJgVL+92T?Kc^oL1tb1&2P>jLD0z3X#8OW{<4Q1O1 zt8ni9HL$eM1MPE3;iwt|OXANnV0|E?a0AF)q`#bxq~m0MF*$*461{mTvd^H;6-8lN4V`{K!Np`|s zqYrF)AdB#}qkxE-;-qcoI&G!cuodDftT+c&^}@IXj;_2(rvhZPdV` z9_0-*nv#oQOT=?W9&{I>j>;%tA}b1s$hZ1EYwDhUzv-i>X62-0# z5Hf$66YMr`UdW5?Vvd8**9RTu4BDNR)QVecL+E#Pgrm{#on922IM%-7+!ArTrnH(C zb&J%HA@JxRtwep#LT- z7afQwTAT8i1)`RYH4kKB5DIt2aA<7`exp@dH-XXkd+^@uTpHBJH61^OGP_=_elsLk z<3~(Czdd@rlWW3M+EJi&)EigOt^cR+q*g_Oqe9)MvIC*;`$wtlEv!|youHbBCmWI8sNj&~hu8Mu>*o8Y? zp$lsGoqO0TLDNGplW`<~G&g{Ah3ejpckK1IHBaLPpI3}IfsTednaLFHL)YIV&Qi6R zWGvX0bR~^QZFY^A*h$}xKV;*a>$Q;gop)IBS)ydxu${hFHx5M1!Jf7A=$&}OW&KQt zGkZLn+4WWSWkXV*!&n`!@nBK*%aKrjq{Ut+CE1nH`vnj5Qr0j(x_U0}@jnHK1rzFh zWjlzYs81MBj=+A*hAGgPq}Vere?p1ZjALzS93cBwh6VLd$MjqD>yabTFuL;?HsA;Z zH8|R{d_#({EsZ5W78_1GUZx-g&P_P9{zUof+Th^Ux#SSKFFgavuDXh;fhV{LkGAQk zP^aukcfCNCZ<)uTzsF_4ljpEb|AcrYX7H(S%nQ5V5hB@tbm0ZhOUPV9j6IL8j-GxY zUrg$-+HJ=IU`tdLi9vY6^gi)`UC7>uRrk6BzR$Pc;G^#?y54Tvvn==c6P%hUinHQ{ zwpyCBDqP2h=!NX6IXuo5lwHX?d@XvJ`VGD=-W3qm9_)!$~}eRhlIIpk;FUzZg75XCl`t zJ<`!4q?q43fCk+hiPHLh3RO+EdhGKa)w&F?SQZcR71jujoe|?z2eVQxJWu*$EgX&? zG(+2Y?6&Vi-$DFv@ouZlp=D3+%R>%?Y|3s@WPQDEtkjdf(z;~goY3rC*HBT^tm$|@ z9*8Rq?-DdgWacKfaqVb@g)TDWH)O~4%nXAKEEP_>^GPfD@3!Fa}X>O(|P`DqCO z>vG$M9>1#oW$$;Y?az;jJ0h@~8=u_p-K)t?_HN2hhD1LwAKd4i(!RsbOl=bWP+F1e zYuGXy#xhqX7b&x-os#67y8qI3Lg$;^_J@jE+}=V0SBvfUH>a_n@Q&`Nx z3c2;k%7yYYGKV}7CKni~G*cv*$B;Z+*?NT1fVfo$9cqh$2y30?Fk4xl78sge!+m00 z^G6#Mf+wGfRrZTK#ki?PSaYy;F;X6li! zTOPTdbrtw{jsINJkHvi@%ZfqO!k<-b29B^QoS{8bD6g>64PhW-={@KoqTx4KAhvWf zUgF_!L&x)WKd&geR-xHgw`%1^GY)J?$-GrM>S>tft1%x)VtsMI*EM)1I*sLj1< zM^8bTo~24sp=d>|^1%mINKm{2+d;V>JXboiAT2FckM5LuP~=L%TM-smCn1&=SZ6oM zFKbKLUhP|>o6{B(V2JuIC;&YLWEoad_Jbbw0p#a$%jyd6_l3Au(8Jf#zpu1`S2pl% z#Is50%kvW4XXYl(6DC|bLL>F6^M4T_zC$akT_Cwxx_7fLEra~7-bv40;rMZYti+^AL) zUJOREvV(0?UVSjJV_*n?J-~CCPmL)H7hGEmUl!a$R#mRTxq$9XvyS`pe3NOgR%;jy z5bBW6b}Z(j5&{br4aIhFiRkQH?o>^q(X{^(3fPPJ_ypi`RVjioKYl*GM?tL|+N#WG zm=2?JKb)rKGrpMIhCv*7`*-I>3oq)LlmnjU^h#E5rjIK zuE%i*|)kv_Uz-T!hWN*9Im3lcDsXeBTZ$q{#2JpBG z`JZTz9oj)i`j0+)+N{=NxbiTKGe@DLfwJP)XT0?NewWr0X9)$weoZ`RtzC6uror`^ zyWJZvx+5`-LneG|$NUi+ahSq+1|n`YVdER!=en7A+bcvXLe8gARNRyB`3Ei)2K)L;n;3U*P1bGakWgXZ_w zX`}W_woHzfs8`x>H~PP5lh81FJLDdCQEfb)Dn5I}mTQc(-e!bi zMPKfHvN!}}XSs%urZ->D)qUO@bRb&BR-=0wU)3^bi(TkXV3JIgh!7vWV=DE2deFk| zXgWx)QLwnsY-1iPT63^1J_yH_@vzyJ;QEeLaXN{?(4L$wXtX~FBTU>mhNIu``Vsqnk5%Do0gEfwoivR!j|3Cw+GMt| za6wUxX7+(-FH`4i71{-!;VZ(WIQUqZ!) z-L@uCi%dA&MNP-g%sXhaQt5rQ)MU3q>UH=c75aSFFEj~HSeb;9db(-<*!G_-i)~$J zG$!{ri7jTGRuNj>QvPrW@vFULBvZ6aOeX6{UeiO0yj0Ef$_RQm2@g)hBXY-pV~2Wr z#D`5@?z56`tOiH+8Of`nklqcIq%k_^<+Pm#C={2=`n5@*CPw^gA8WdjdAWMG8pW|{ z%i}uU?~zIl`3q2;cCbJ0E+(1R4*_p;KWf@MBaV?jgS|Tfyequu-M(53`R4CjynfC@ zcL(8?J}RF=A!cV0s&D3s+z&9&^;<2Dm5ZsJu+0BB$)!LCN33j%cB9#uh`pI2o$I81 z0d+}6rZZ>f34R#|`iDD`Oex$js{Vke*N%?5VvPz?iJHN&H%=A|2H&49J3J0;b>;fvOm9uU`hDcatZd}&rX}ym z{w2%RZT*gU^4!`P_>VB;jFyOyerg$_i>JIE?9(`5wrB=I$v zLy!&l&l#%^s3||& zNE&yk#ri(&UCaBhP*%rx{kzrqOh(dFRw}kHO%miqDuqg2%0r1AJQ+!;;?xxr#hi0$)ZQ* zDHX}z4M_8jo*6yKQ|)!9t1U~k=>OUSx4~8=Bxy}dgJvR9ujJxgg3es{&4aCsfn~FN z%lI%39FC}eT2hXtN6*(Cz@L}@0&4gDA8fs4RGV8DHG19}1q!riu~J-u6n8j4ahC*w z7I$|)72GAb6ej^fafcRn3$BF{+?`Kt z*P6D*>)HGH30tlK%&P6*l$RwGi1;Ta4<4E<2lTF_+{9X>^76bp$R@+Nxz`dRn50}j)_;b1}4^*E;y_T}}2^j^>I==V2t&;xmTi)m$l+i!)FTTQZ? zuQGDxWTy#5sCp%Sv!>c|xP20LjNx;gt+|ok0tFbKuT(j1Lur{>jWOXx9YO0Q_iKI@ z!*MKzkN5k^#K=0hNBp`#9|;%3YX~Hf4!3ZVHcG#JZ#^`s1bGRJB|lANASoattr&!-5LG zdiJ$Jz5c>-dIo$U`0=Wb^xGcXs$vO<28V7qZVL|;#1^^gbLH{%MH~^!EMMOdv$RxOFvtr1qa625L&-{hn%Gqj zR6keAt49w1|5Io4b(fE~2i{&Dtp=Y?MSTCA%gxd zuPU!yDk;f0jgW?h)Pwz#_jUw54ulCLE-uc&!NJJLC@d_@${L~kc0jMH3a}60)~`qb z;PyiWNdF3%mZ6b_?T^g1CbC!ZST0~ z={M$F8Y++P)@Hu&Ib^NDqBQXBEqFXFQ1}4q4&M2>t2kx#&Np#68H+fkN~B<_Z{Uq= zs)$FzfPmbu+5m?iKfxeLhtO%fmi-N>x15Cvjf~|v^}VO`C|d^hm*K^xuS-9LHXOgU zoPR~R;F>jrGar-p`Zja&?oAJ8dG%1s*8{(c5)Oyhzn(@73$+bSuQN`akN$NTvL`c& zqiFyc+p|p1$zT5O4TS&TBGkc!OEXXPY_RDq&Y{WDY;0oexT}A2YHL+U6RJNyOxA&K z-!deWisjeWrybqIGMQboKhI!A_z%09DjXgC#g1$4oWSOpb^6}5iM{q&736rPJGN8) zns+V|U&Vx6*%e|Jxqms%2HJ2LHlT5AJhBm8^rGAYL(A zg#080#BNHEZIt@v^TXxf{oiY^ES0=8<)rNWCPMfQW})adU%c5tXTXc)Y;$Bqnaq#t z(h$kntdjwSW#%iSkZoC-Y&%h=HIH76Pt8xF=9iWy=B6Qw6Z+Z+&T(RNj!=-p)#38a z&Q3s?OlWz04;@IlBu&-M+`oQ*uKl7ixHhn=L`YPKLD=Td8p~=_lzpr$uVxE^=g%mt z2T@pA(IFQr!SwHq`BPWLw({#+_#bq0xSk-u-mz9-gj=$ftz0*DB={P6Atq`pyB4w+3SLXWSE-Ek^(pir$v zCF%;-coLENM7!&TEAM9!1vdnj$|^+^iMV5Rlt~LQlSZR4rM0_a3yn8etNv5k(!V?e zKz!v+FYSuaTYG=J#Ke33Tesu(&tSQJvHnwRe?qWTlwy3(t8d#+R^|;XmKqFR%!7{9 zApNGVIBZA9PiQ~v*9Hw{h9l5U~qR{Po7^{A0Q8ut7GI*0hE)0kC#)$ z*1i5%jCN8{KWd1pSOg52>qm=Re7PtX<|j}qI`&t` z{B$+abuf=5PVMlW#x~#00M}D)5f3h7B89$#r>4WEpB153Rq?shkDun_eS1NIwNE;Lc^c2tdL9F8`N?K zF}|-jm2lgGtO}Z3T^Jwo+T0@C^_ATs&tPCQW8kWBRgRP4VT&vLsQF|@@IVlmRmrKV zn~cDJH`n3%r?>mfofYO*05s*~#rZHX{Fm*|(bA`toLdjJ$%EQQ^PmBMI(LlGzf`$u z0*6)5JI9dD8;iOshbDHfxkO=TjE6depd!gQM^=#Vvg2d6OSzH<>s0)p4icGbTh!N{ z@o$?gE^DcSA>Lzr03g}58~WZZ^^yzaUeFXwNyc!ju;ZUa;`UZXdFhwbws7~bavwVl zfnF%ZuK(0DSenPyc;|*xGHv_)h`c zUIHfY+3?pZ+@c zuHPCy<>Dy)w7SO;Kr6+eXE@d`nqiLyv4rxj7%SS>I;2L=C^+8Kdl5y30ryXtNP=0S z*E$HXMv&CduVhe~2zfZ+(kZNEV$Lulyxug(&1Eh4QA+v37_+*puRQx=YvVtAk~d|u z`&%Zbq>@J_&0NxA-*A8!P|D^=GwtPa)>mV#YSd~rpcba~09Uo-QHR3_8~ z(y#eyMEI@1lPDfM{e?zG!ZFFl1K&H}N7OvHmgJ^l24c>RXE!Qw{%};H7P#c7E#yC~ z&v)na(zfhF3P#Y%`SEsD!sp>;K9|dI)6x-^I%~*PInUKmdw#Pu8`RSm@2BKn)NQ|{ z{4Re>_dwCG>_h*xvJAyWQTE8-@zv`0gddwWJa}LG6Y0Fd4+}bT;#3~kkjaCoCv9X@ z0^~X?r>DjM)g8GuDcQ*Ff1lUQvzs~o98o1(Kl+--e!kf=A4(gn&s@Ni87)qh_6F>? ziQ2l$CG)MM(t`A(?}xnF((rn#C7z^l@Sv8JQuiyGH`d#EdVvgT%6+?p0vbkmc9EvGjeWe8HxpGNS*m~QkYyFS$nM`~ zbzW>s(oKy}>jabe6OSx4#CM`a-G7v8$h*@AUoR+i`H!@#MACJ1TzXIpb=iL7@;ArF zbB^PuX8?WV#e3mMNZmj$Ufg;+Vehe>vqPlbcYsQ-y{y%Eug!b+Z?H5@&g1%SH{G`> zA#(M0no9F~iQVG-8*qZ}7sRr-?b4*n=G&s=!{YbOhEji4gELyv*1>Y--^v=(0{^3oU1)93N-9Hzo>KUfl zXODTiY<`#oE_iyXYH1e}Kz`-my7N8HA|!}W+>_6#Owp@fqZ1Pm(jPd4R6db(X1%(pMhQ}lFQE<~VDGi#b;t;%2g^Hq>^vGVxP zBBU`>!fK4i|HVgjgSZ-Q3n4$=wqv$T_YV%=NQE1BzP3CN2k_qiXr{IJ5gaC1HXa~Y zVpgkr>ixFu(6uwBi8efrtfha~@nmW4ld)vScAk96HOm~Ob>j*yK4s>z)Nzw^z^msb zP{+^833@A96CK9GL!IKGmxi>dS6qu1W|&`YKl(GWpO!z5DvwVa7{qSx%78OS!itxyO6^olf;b7W#UJ( zR3hbH(m>1k>(bAzLO=RPRb34E(z5%_hlL0Zot55P={i4senVdd-aL#W0{+$aKAE6T zw_0_mUSGxG$6}Y@j?i-}KV-${iQ5f&Vv93*KWys|s)NmQ$;{6qG;G<2tzR2%<9z;q zVmL|8&~Bvi?sSon<@7R|Kea9tv|C)@_X zmH~CORJC-I$051co^~$t@=TMze^$Jc&`1ED;DE0ND7NdUe+Y z;Ums5!5ah2!Q7^8wZE7b^;U+1`fmW?UB*oRB$9*;(B)w{cFwAm zr_dp!sO#eF^n`6=x7HL83~By{A?HFp8&f$K#6)9?dun72T6(*?pzZaNR-sJLuW(Xj zZ}tLE0(p?8`iiOJ~(PaNH54^e>5IpA#xhxVE zJW`l@{jgEJ=JAyy>!`+>(mtT(?8GL$~qZ!~Z^XQ~Pb(Ec5{-?K8I7m=Z;9mUbWX!>^-apXm z_KhbV|1YbMhea8_AY|WV`hO-wJJ;u9zo9<7#;P#6Tq2~vmM@s%do=~OS-nT`^Yc@;~5_q*%G5H`tCRJY|eIp3Mo43cXrF)3bo4 zG<83Mj9mgQA0PIEx5w{qe(8ufmAD2H4dN_^{>}aG4bkgK@38hbdYPBu{jLZnA`Ky4 zccxstuo`{#>4;=9`9tsp-Hda|doKTxs4uO`Y-kZ$yj3+R;}7Or8Zh;u!_QA(Y?6Ya25=1)cQ@D#!Z3r|jD)oG6c*wu9B}O8%^RxHh;y2( z(#T?S!1j#LofFDpF<<>f@^VyT@Z1ox$!(s>;akDe^Th z*2JSS8}wnj`ji)KhIX( z!3QxF)OZyp_L<1in}P2Y8heq+&*$H~d6STkz)0ZDeb%)0WmbkIBi3;z)1tK3Hv?58f)i3Cdg(!P5< zI@YEkOBXx-{grDp_h@r%?XsE6U)o2vTAJ#C<|&r%Nc``n#;+(36dhAq> zAwk1GFjO3Iy0~-aeEI7|f)|hK?VHXDz8VY}T!g+3e+qupGXf~y@l}qHk8CWfHm{EX z`xeMTxS6&;z+e10ep@#80mK;ve%sjV!}(LyLSSZCPwcuk@u%NO4tL9#tPrTXs$($j zn9H7WFbPrqFrOv(pqL>4Qzps_qvAWgi}3VWe*N19#^KsvR6NBsRy zN5nj&s$Fu_A>2=*)+TO@nC-D}o^A0J<>Imw3kYz|YP{;ct5P_x=}U7p&Lf3C+q}d> z<$b1^ zi}&l-W&icb@Mph-lEq~4eZ4i zf1mpx!ptw<5vIJJh*ko#!I~E%br7#$Y(`ANMAXE@)ErT2x&y>_)d>pe#Y%CIeun>@ z4dU!`J}4g%l9v!i*C7<)!cY{_o(awK`${|ZNh8Pb7;9BAe}H%8O;Z%J1MCc!g9Yz} zYs&SHmj3&*svO!~oT^{n|Bx-)pH{r6YS|JUJH_JZy#hK*KISXpUNU3Y@UXq>3xJ13 zeyQ>7bY7CByYd!W?s>8HI!N&Uh{0(86@y`-xC1dBmEbbb%*AGkF_VcpLk`;}gkv#W z${neYnVX*Uj*5zkfG!#Clh^six3A-&HxBhm{PtXyp|5Xg zd!T(T@vy=FF@@t{B~xOtcIQ615Cvd4awTRvnL7^q71Y+fzKp(ou#>Zqsa|A36kg@k zqtNI^Rqlhw!ekMut+jY;UNjJs(8lbxeXil`knjGBH1KZIr1FYl%To@KMOx?Wv3Nuk9>AM_-;qw+oxG~M<^dvuCY33k3$qYt~7do ztsq68?UgwiXB(5`5#r(LYSGpAt0%_syu}uKvFkhDpJJMu>AqjWcliNqT#FP698S4@ z|L7OKJD%me`K%MP*V%Da_Un45(N(!G=4_!y{;MNMRwdWyac|@VLz-dh<)^YdrHS`n zDEW(o%~}IdiI$2$NhVSs%Q*@i5K`_oKf_Szx_&Blsz3Gj zIKLbtEY?WyqW|30%6w#a$>=h)blmUcq5gCV;02i7(q=L|Sf|FWFFK5ADoc?1g$nzX zr$oUX1r!qaGyL^M%_8~R(rrA~<_m$vYS$zt)Heq-eZJH;J&}PyN26w;kn+S{lEq)9 zUNZj_fa{ZKu1R4__4l}TJ)q{aHam2UbPHru*u?^)Qd4n?Vh(EK>ui+93bRm$~H4Ho6weJeB;hH5#}ORgoa_lZL9C zEnw4#BFV|PWH3gt2Xl>Ak3~o3g>~D~R3Pg$|IQ!l&XLjc7WZLp=rxst`rTy%5EObA zc8=be^-(nJxrQaT5pzZ+*j8+6H8QC`h!PHJr?F!n4XB=?Qr#STok-%cN>*V zTWh;|hIeFxjGB2C=g<{riZ#9TFLiTbxOX3Q>yBbsygP9f@hHil32&^Rs=1t{q2dvh z!;{pQl3J8qGHDAR=?MB_CxEv%pmX3He9NtUfHCn;Klq{AL`%H!gUe(c*KN};_Dtls zx17=6IIG(Gq53Jh_YbVNJRT^`Vl$)>0{>$d-*%*_1f|w5)1*3)ValwLkKt{TR-jCX zuhEC+!cz|6`1^j!m-;crqAkK*n>Jl8O=p*5R5`w>qTASU6aMx-&^#aCYk1>veEbiW z3?J+6HERaVlY#2;d>zXKgkFz|w|asS46bF#AS>USgCCPxtWZ5#R zFPtqz<(T*R1vM`44*me88+b_m4OE-=Um5)_>I7}px9~!Ta02VR4q}{<%iC?22R&u0 z6qNyszBh7xMb*-(78V;1Pj6QNZ(Jy^b!celWMwurbzp-NKOf(CRozEzpR$GAGA?7y}k7_kj;sh{T-HUe6RX#0~iW?b*-2|n<1^FiG(xFOU;Pq`gVqpJvc=k<5t~wPvkN0OI4*gp>t6kI4rWV_G zUpIMk?QI+0A%-4442^cz4IHq*~?CffVY@CBWpEy=3jb1oT|A18fwLFKM3@9x8PzF0QeT-m}aOR59N<}b`5 zh2J`Kid%$vyAvJw59eYQL69uskp$~O_)TO0>VFPOn1YrkWPOfs&U_K@%5#1L0Cpt|0i*xu6L zI>;5C;{PCYQfZFVLzlpvAnGQ ziiCtT2Q*xX5b&rq>6i$rDye}?LwGw0WqfTBONGR69YQKEiJQ6AXrpvb%W2 zIM7_XpuVu8wKlIwWxCW|fV)s7)w(-JO))%nL_?96gHXnclzWYhZBnyQX$ViH(a&FW zua3Bihe_1qXqf<-XA-1-{*^}ja-VpNr7J_IEP8l(2nU@FrA7;1UiZ#^Yc?%zU(oQG zi{CoB*|J0hZ5-CEUu)Lsmv0gyrt|DPHGWs|nRK*%>vnsfA5~nr;PL!97EJB=Nu5nH z$=v#lr>2P!vP`24e|0+mbB?0erkVlU_vwCsQ8cGMtl z61?aM)h&z-51(uCJ^}%Xl$lKDXINOMN^0P62L@U}^NJ1HVgx&otv8-Mc;+WDxFLdm zZcZN7hDSdJ%`N?a-kcBwV{lYkIo= z{QUgl;@o%_uI)J!TU)MyP-0b&jUph3jEx>usN5S6Fl>A{;1CFR3=9mduTPnrjKwiB zw{Jo;4eyj|WUz~ium~IfZux{y3fDmsBdZY*Cd1X0ZEhP@vwj@Bua=PQt>M(lcef+Y zysLik?&esAB-7@Yc~7iOe_8&ZZQ|H}Cdd*)S-toc z!$xFyhm#(#_iXoPz2lSB=k7nYgMb#wIlm-EjK@Pj2GHQM)*-cto?iA`la4#tyr67o zZ}Z*jZD>FS+n3r84{$0ZmmDs)T>bv_b#Qxs zfY8u_&u;jr<@0UlK|fB>mWSbx^O2+AcFS(rE*lt(zG>RA#kMxnCgPo<=E$huREjB9 zDw;gbZ4)i!cZ@)`mLm}5>xSuGg&RUIESM2I=IGO@-=zVzR*L@4>bJ1Ndi_9qFsxlk z7Yxovfl0_H2R%G1VwyKYwKk(H)P8G8!cU*UFSX1Dp3A`Mi0gE!1;?* z8reXNF2av>b)vff6zSLJJ&7vYY;XSQ|0`@LRXy-=L-b4?G>8B@1cmUQRs-Bv=r=Ar zZe^34j@vccFmZws?O+vk-{On>RS$hfOHEBr*%14&9yv%qfS`Wb!%OK;>KUVal}e)D z=I3c(U@b3yHIlg`IsQT4U?D1M(5)J`u|(BA5?rLO>UMw@lF8Kp($v-$32*T=dk?72gG`xKK{u)YqNQCTkcU68>mE7Eq#@~ zm_VX5w6i^8-?F5W=g6T8L(I#vDxQY-*G}9s%&WRA`e-O3i`yS_phZB1v@?6vJggrhH06Wly8K`VN z5b8{f7A1tr`TAy`SO3^(yTL6P&1i6#-T%8Mqn~bJIRlgHh;9k6}A zoEj;@#kY+^Q8&0W70n0Lm$O4iCuHU1uqRDyY4f<_lH4FV@2J4-bfWaIO{M`%(L^#V zwM++XZEekxXqj#cw^af+Pp&VjhxpFlL~c;Y`c>0OGJ-mOgwM#r6-*bjfTrvM{HjQu z=krraer|+yiT#4V5{FRLxbV#{()FKA-;oRrX)-W_w6v;EaiUJ=OOEDDx?7jT;|@%l zp+|~#kays+Lh1T6=Xh>fA$qlF)nQJ1f$dipmOVY_{XkLn3MH@_^9>lhFo>h-n&-H+ z^Jwel>*r-k+b}xF2X)J0z^G_UK_eJsiD3HW!vpy%n-)y0lNJ%uQ8W50XLWv4NmpMKiNmc% z9fp;UFYvdYeyd={N2YP#3<*0sMT{;de+R8Q*H-0{AUJup2_p%=-iwRhi;3&HkVWQ% ziHpm`M%HYbKS#?pKMSt&SX~%@HTK%F9T|H6Hc%fvk{IHH$u+K%l<44*vex)`pb_eG zXe_ptZ7o~baXeRZmMog287L~?si zxAoHA#I@-eD-ST>Twp&t-lq0W-75Q;KlB>{i#|GxmVrQx=5Z>JrT^^}xaDR3?*(@;y z=xYbnAhc%&Ag|MJbkS6KMeU*8@qk&l*b7u03B)Y44@S0EPqs%6QijGx;bkvxaayMa zXD3Yh(Ti5a2@S|+js3Y3Ei(ETx+GJ+ZSOEwG65=N6pq8>j9fQe3xNx;E- zi`^K8HFEiBHOx7}SL(qbs^NFn{bsCX$S|3a9ircfLtQ;8Iu1WFHdVm}>fqp`q2c2a z&OlrCH&O@9+7!00V1wLIy(;eHCB9j@= z#KdmS#nuan1Cx{Ux|O_Yx4?MxN*3OeQL$8r@F$kG-VHJ!IQB2jZU<8_&)kw|}Fm;5Q+) z8MUK3wWHS8meJb3q~2gl0l=9~nwW?JT`dbgGZ=2B<*{F!peas{$ftWacyM@CP=G?Q zCXybFlId~nn#z^4iR-)dve%Y$eaT1v(yV?~m4*%V6L7Q-`4l_cehYX=46N$f&QY?G zwnTj)mAH#k?_@BsG<%a832f&{#<$7s5w~P2W~(nA#UFl%#RMvgo|WgO<$o+XDtwl! z`_A|+gBw{?P2-p=38pEEi6g)#LtUDjKhRFxojDc_+6-p#Gi|d;JbLJ+!~C^M7Z>dF z`bz1VJZVeQnJi1^1lJKvrYSi@IHT@=9X2%`cJrc?`)XBXPU)Ulx3nk69R9S!H`=7v z=Q?!?Ltvuc@qnViG)D#5)@-lYwh#_>CcikrV3)B9EnfFgYO2HAUyoJgqK3OxY8MWV z(kkW%g7_}G3hcbAJ`=oJ9)*4Upb1fM8<9e?d}NnNJYqf)iX)no_CR(|2@IV4Zg9gug?sI!Mwcrqs}I9AMNG-T~D1cIHMk z>l*zL#MkAl{r$@&KijjbqQzViElc<*FAt$*)tcrhgRH5yv+Hb;l>~^Gh?*fHDppY; zRWXUk++6z)5zpxq;z@;4IxHiJQyp+ui;a$nh)88*8YE02G$$f7FRb3Df=Wp#MH;># z&!8ZqSLBKqWMQ2kt|4e=H9K4xP|@lRD;Zp;<5f1RR`OtsjGT-vteM>YK36zZo`tAx zb!S}Y6m!huVdkI}<(J@OdMIZQV1f+ROFu>^Dy1;>yBG2l@pP0bsDj<#x!uRd8!r{@ z64c6&pWf}sC`SUk6q*hkD-P|lvf2sd?5(!*m925%zTzjc-DHVocm(0??F%+%)KSoqk;6Dpu?_)??2U*~#EaZXP61 zD13lhstQ|Ek(kpGrly?*2Nw-74qryb#lkEZ6ty=dCQkSU%;^ZtI|~Ti8CZLE2Gn8BfQGG}N5X7<3dtqxz6^Hs^f?W$E3pZ%SIu@O-|(_aH0LLinO^j2OL3cgLm zdvSAebL5bH95yC-?SMht<2F2tgp%)OuxIa}PdrJc#s=3dc1tW){jL^9hez&cpW^dgk?Fb6j$r}lSsGfZkrX1FGv1z?tI3;}vI9eEJ?M9-#q#}Vw{#U!G8!^U zGJk>7@{RrZAAmJ$NqXzUiFuzI7PU(30$bAcv;F0m|BeX!8MuFG9pX0Ehwf&67E&Tt zLOOkZx!ch`r8Qs~GWy}Fhk-R;nG(e|+E9O4pZ$m_t|~mr*H6eGC8t#%)Bp_`DDSrT z-D29CeD5LJ#<{ehsvit2dxmmWYDRvoBI4pKU9VHXtB?XKz~RbMhKYbcT}45)Vh6m< zWnwpQReoVaNCYSozV-8T=I8H{IbP5d?*dpO2Kg<_-vK^ z*0)y_j9SxRx)GIeY|9WGW;`X6N7Z3@Nn@8pB@H7TdYSg=_g+^^ z^{N}3IY0PAGfFv?FLN*1wE4clKOFzF9EK%)Ynb;RKy3BpQ4HWRo~!dV%<8R1bS;k% zck(&iw=!71ywDEt;lFS%w@%J*9PZh|xmc|RbPpoC!k6-gbQ9*NRxE(6UVcqn>#`4$ zczX5s$(2Dx21CaAX%|YM##=4jY0}JpTU;Lar7NtYLeRuR_dU?)9ttDTueF&tMT2m0 z5K79K%F2~?b%KK+pm<)q2oWVGH%K)^Y?c^ec z@r6SPa2v@jdHl?>dJ3gK$5e2Jil$4kE;P5*X+8tNGXW) zSZZ8a(n>E<#Ad5D)(QMmU7W802nHM~U)o}JS`pXlA~J#A+A_C-7lV`+P(?UGn_FMD zy}nAy$N*-NMGw+p_~^36fl#ez)j(Zdj5s?7_!nj3m>?k^zsX|dMygaeK)fzf1fv(q zHJX0C2It`$on71KNc!2LId?F8f#m`Q??E~~!|?|-{`a9|#(I)_U2WKQb%qrXICQ;o zN?y{i*0p9E_2Y4o%E-CDj73>oY>(qn*JP!Y%fbE2!dP&R<`vCzpSBHhOFbgN;qv&5 z89L!{RPe$a*TZT5T$Lon zaB-HF%M2Wbu#e!plJKRO^6}utsG#G$^vvK5^19PkAq$^a#<)KQBJquQRvga=jF0Ct z^*$zWaG3i0e7eAu^g&m~wYA6?Z{}Jn-ETzUX)4n-4BxI@G2LHF{%Ztb3WWWJRbT(n zC1IMN^R-m_8RWg4k%NO91X2ZAG}QI4K<3SgfrvR5y-&MiTZf63FRHRJ;VIQ$IV{8U zhvFut44XUP4DVS5{&|)=S2nOzk$iOBcNanv@cZGVTcv_zd(FgGkqoSKR{Q!`6{InU1Kw*Km_ZfIm$zo%*aoFM|p-4PnPyG~2xO>R4O z_UNMG)9R&Xju68_q5UcN@87@U<58x3+1LantYUoMieD>QX;_%HBaWrzg91Z%*cj;5 zvcR+Y%X3Bs2+dMAqNF5LwWt?!-`k5D?5gx%B`9=+Z3vre zjuz}qQZ9w32*WpQO$C;oEsr#4cxUIA(M`?pbIc%ab{$F24mr1!?Lfq7Wc$=00LEC7 zy;>OL!K<(eDmJvyjD=(-q^C)*DOHc+oGg}|V;V4JsT~K%$Krze@{f7ok|BCjfm+cP zTICb-c9dh94zS&P2VV;Z>5m?!fyxn84aK%oRv|X+ zE8n>)UY?c;VRpKw<%1d-29*OK??K76Bk!TtJ>`;tNB)w9J8MLX#i(N@?G3L5Sx~_4zshd&>B3I=H2aH$M8+U?F6eq4~gGiYaHO(rXPjDEFgAy zJUyYs`hk4Ro()@n;#wYU%KPeV5VUlsd>7iSC#q*b5`!0K3EWd-Rg$+RyIWn(2T7@5 zZ6Pyf0|-mE`+mt`KEc(ql6Mv3C8w*_DDrb!k`QKz+kr%aj)r56kM-Z`r8pP63hdjj zOvlwFa7REW-C4@rCQXe>{%urbVc$&02iyB0ALQ%kmw?B1;D@cRO*EqyhV}bV=plOg zKO~V)VtO@zBe22)@?Z)&I-y@Yn~XEEi{uyh=%KTJR4OzM^(?H}wYhByJU~C#o;>(p z9g2G{bubKZaoP6u(KK~jt+WQ4>;U*Ha0-3~+WJ6gKW~Aso+|=na{=$vj;Hvp)n=6P zs<9Jdifs_Q6G6zStsRK0tUO$pZL2`1W-8T13hl`g8(@#UOeEeY!{NLn7SP#}!z$_x zvz)4*e(SfZ#HSL=BrMD!CL)hyu{}6&yvJyP9v%6I$~F8v!1{)zwL&b$_S?IM2YUxQ zZ~Ik=Nk})CWLeRKwwj(Ew(@y$i-^QrcUn-g5i+@?CT=kH?RnEg=M)>bN#7rN<0fNY znWsRSL_(aL@Lrii$8wXERRWmslXmZwUZG7Z^`?n9e_;U;CGJVG`-*H;Wla2B1PZhT z{AiBw1(k#(Zy^&=MU72aV90YQu#M(yGlQoV)D_q>_q)?k01ffAoZHO(7Rl^ zJ{88N)7E@}O89;xoo2T$uFJ^uJuKLRt zvo?XIY9UquO!-H;2=$Q^Rvnzkncq`AJsFdcgc*^OM7S2*iaSl#Zs%@A^^9E2Qsk7R zC55kHy3=Q-JF_!#CwcHIx5XIH$VCwpIw3{g!29pjzFR4(KU6znnPK*DVWBu7bxP%F zJ3WFNL}pYMzH~I(*m<^i40L^2)1%E4y;R+eb)9>*?_ZENd~_b~dFzp2AQ2q+Yic#1 z$@CYb$>$zFuY5c;C*O9ZBfCS!0VDv<(qjPI0EJOTD20q?S{`Pq`SJFGDq(vEfPE1K zLDS$(YsZ{)wD-J!i9J_Q>JY1ut7g8b(pO(`XE* zh=E$;Ae&Khx#k?H-~z0@(?u3Ego^KR@mxI};Q2qoNcM7y<&eP-0B8 zv}=@=4GDm-Xp%69mcS2xOFHiL7PYTH%$1>P9vWT&distAh&*ON#`btccMJKgTDGZ? zHgV5XEGMfsgE#}8Q-e1z0!`G7lpTdT*a9F5`N?5@YzR6xky;8PXH~l-re#2V)}UZe z#O6E=1A8X-3Y3|5s_`~l3I*`C1x6Ci&#c!!|5w8_4O%fZ zMjmniZQwMl9Pz7FQ@P@%#te`9*@HM$(Ot30w635RjH||sU;_^qN4BNu^<3V z)HTbmEsy@6ck>}x13f4?2jxoNafS&QtyiYzaNIJ`3r$H`=nX}(WeX_#YgPW>S#5(iiHf+G}xQSuC`X5iwGE9Q*T)wSv;tf6Ow&Qr)v7p-TE zDp#P%GCV0fi#-i`F(R@7V5=`eJW=}aQiOwjSsC)3f&np!Rgs)LgK{U)>Fyu?-qXRs zmC)hML=Qz9vuK98>Ha}*;({Bv2>gygJx{Axa|4x(U?0kiz~QmD8JL(Pw$!kTVK?x; z$XY5@PW)JtUFlr>I{Rqv)z1>Dey^jYXP|4j z4=?)zSP9`yCF0f)7K|w{l+aHmkgSuz$X|){RLNpzGC4y(q1+Ukm z((cv~Qy`;eP5}~?+-0}BqK3OMQ^K1y$ z9gg>ltBlL6?oz%G27VB?h%lILOm{l@;vDR4_+K)Z)Hc#_fx?G3@Ks%+u9i}T4I5x# zD?!3JtR5py{f3%2r_fHRVyD8c^uTe%mQ@)5*rRcyKz0J9qWYd9Oc&ba3Xs7r?V<^( zH^Qb6C~dunS{0&HB@>Dq3D<$Vup~dN-70mSaW2;VPSb*DiCygxac zzlC0MypjMVrxp(?t470mBY_D7#Dj#MYOV>LD)l^)qLm*i|6$9^I0gF-Ja1y=7h0?SZw6J~z$B1tVT?E-GRAO|UQnE6BSC?oMKL*J~YV`9= z5}I{mPgoOH4;q|h`tN1#aSCnb& zZSy2zY}Pw0VcXNWsp}fo0VPFgKn_V5ZueJ%1`@1|2NYR_ofvH7RHGro2Dy-CO3cvVr* zx_IA>oZ=k30BdG=slyJlml^kHS{9)D?HdOEa$f4*@O0~n^bkJ}`3`>#H>rkOYnNHI zZr{J7`bn`SR(-j53I6cvh?rY=@#%u!?%%~f^OsKb73-v0eTATT?&MQl!`l8559q9r zv8GA_kpm9W+}|SJW-ZsplNBJzdvsS)&=u|ykjFjwA0Xq>u>7a|^)19p&MAY9S(DT| zCHVMr`j5FOmnI%)!dS|m9PK0+F*#k_%Si3yZel(=iVS~0gT?0Ep?T*rVZYD>o^<_$ z@QT$8FE$}QwmLSEHsoPvPfq&^{^dQ?vqxB|i2+1Q*S(K6DH+Scj*G>QOO*eJFki3B zCd=fytltIOqIV_+CakZeUtttVTa zBHgh8X(gql8w|EecbC8>HYwepAl=;|-3`**#W~0G`u@kb-|ijbez^M!u=&NRIoF)e zeAb*lf#>&@#bj@X|S%$Qiw=~08m#BOU^T6LSbT-+LV>*fv3tnyK~j#_R}r#Ql2r$hI4R!SloWHwK7 zhOF>cifgUZ#?Ltg5~Ia37nDEmp~pOgESqGp8x)77B1c!h?(B?4>{M`y>pe?R*NuqQ zOn4M;RZCZ_lq036;4hFE5tq>61Nvb+f@JRpNf)Pf*1%fen6n!&042fcbUf}*n>HG^ zJ-XLc^f~6o=a|%w%8?K#C&6BWI`eKacbE5>*Og$S8CQL$j;r0vq^puN{TczM+~xUt zEgVGt=e3@)1xbQb!L;%oQj7W3ayu3*DnY}Zq=%}&A?(uUgS}c zDB^QQLxW$#d0bq^Qhr?$cTVm@2pyEMUu{{VG?KW=t;=J-tJDS{qy6@mcJ`X?R`lAD z*5LjSYDno>wY7Csb=1HmT1`6*Xz&yII=bYqCK6($oGzJ1!t^Na(he zF8rE^i_H4^Rv3}D4mD#v(y3~QGSs;^UH9Ki2=ur zxO-YIq{~!#TfR`wP;2DI1zRq-k(UR!jlR>W1;nN*u>Tx4v874mB&r1Da05O!M>91WKQfucyr zOlf^hWnFc3U1d#OmgARCoSW*_@+(lbok72Q2HLK&YqF2*W#9=au z(pWLeMjDEYDA{Bcm?WVfnA3bMqAxC^KrYNX@gf^^UraRldy$%=r?WMo1wgQLRQ`L~|vJB?h?(W+4 zP6?1X7!u}K%9JPMDMT`?Nv`gimz|%PeTaRP?a0By?08TX<-A*Y>r{y_GJpHDsPF!%u|Xh_V|cX!h=N8WTwO6h9)nxu}{jIWC?KMrOajo$U{^5(GK>DFJ*&g3P? z9;KDF=*Ws0e)F@r+%j-Oc3t3pC&N#N27jUsHAgPBK-_$58U{ql0}B!>mTG^8LtWhb zAX%Q6_A?MsyFcQ-zSp2y^d37lS802t4IJOkImmyRvDKH=?vdsVo+kldqvyaiesCXX+wenTaP*+oTQphyspuiiX zhFZmDl+?6K7+2<}!gSU9lkHQ<2C0pgWf-#CJ96=CIh`i@SF#|wu4wwDv3n}=vFhnu z1;~mQx?0Z$D*a^Y9y)@mG^x3{sWrK&sSz|wIaYF)QeXEEEI<@GN~_#s*rDD)>(MD= z-skRY$;d@DNc!?9gm@+NqFW;(Qt7cwg+N%AwyG(#JqxPq`w=PQ@~AX*$Xq7o zjT&nKV;XYw+5JtH)I8CjP=OYooK&40h7dD*W78hQ$4}`NJv<}RoWteATv=*dOV6BE zs$(Ef78dW#(h-{bJwYS_$7{0>vXl~Fi5^!AQJ|u8?a!-=CZ6nE{;8K)3;5HR*GXyr zu6HzRO{}FZMe!>6#RdhuVGnKNO+78xGGchWGCd%ES;67Y7Y*D=IGL%Fik& zurV`3X4?sqqs-jv^#AGSXUC3>GhkFCMnp(+PsJ=j44ascBwqDVw1(k|HP`gYYqRW> zM{k0zHfHP6exc{-)y7p95wjP*=+wCLJd=YUVmvqNp<<6}Qc})wFFRiMrP1^P;l9Z6 zImwleB5F8>#X2&piTHGz^}pJ*Tqz0?{A?5(>O4=L6T$lB>k$d9WfkE%a(LsQ)N6Lx z&HCU1j|4mF%j=4mfpLqPNwysq%FE&pjrQ=D1c0jKTJ0}J<|h_q)9tNJWp~x(lV<=9 zF?k0a>RwY@|3*+yw#t4Q!HI~7m@D)1^MkGgCuz}PQ1Mq@5(Y-Oa@dI>Py7|-gf=-9bm))h+YY&1{?D=yg~&Hh3W*QhrQneHnsJ^>~v1Rf7f&%{koL2xocz z9!^=E$W_JUOQ}+q&@tWj|KqhNow&s;6gd`^gA)TIrYAuq+Mb^Hr>AaOIqhpOXfaO> zAKLGX+rKpnCip_$Pc54$GP?}9Y_}Xp9BmU*?KCg(E08#mNzJ&l75&CnaIrS{d5s=V z0i8N2+|nI=lQ)duA$C<5A**Yy>!wF zBwA4&^xbEDMf7OE#u+?(_>XQ9{Iu3kzl)RcNC5of@ox!O??LawLZN(EBpS1I2J*_y zzA%Ev#mAqFT`Lz9=li;j1Jpciw+KQjc73l)WVnE7ma@0!_}!gDQ#gtQyAhmqss)f; zpXL^e;YRAhgm$F^7{cF|q_v6*S`q#8*Gt?#p7vkG-OO#wL4w%77uNN~0TfIw zcL@Kv?He6PAp86G*Z(j4?yx&2&P?)0OXz_7{cl_N%~=};gWdh>{{iX_;@|X%D?q+` zl(*a5ryRZ0)0bR-|4Z0`>8Zx8^U`WmPr@-%{ z(_KAeLVt@7N=3Of$eK03m5NuH5eh*)?p`;u0BI|A@n?@F!}rA~g2(ifRnpkv^;5fceF4C_q$6;&PQ+j=ZTXQ-;)z(m2H`$$#>xEmHM#m4msynQxPb;p*5j@kU`AjdYc2}j@6S9h;%3#4M0p!ClUY`$&C zG1NO9@#uKiE1Qb^Gty{)#<^_LA^TPPpr?u_y&CrX6;`$p^{6G?9gU zxjUL?zE;NX#B=Dn`@>g96=be9=J0gv#hXv3S1p%0EO`%s^}fzkzXd852-a<^W;Xj@ z{>q#oyBZXWOF9eL^!Qp)rInDxtXCvf)6Sq}H63{N;2(YP3v3JxRaI4c`}_8Gc4am* zbp}m-AS37H#kRMzy?s3EtA^yugG_qWjNSqe@0 ziPpI;QR*I-&y%Qlx9t?m%4*`xh*jG*#(Ihu zn^iFloAd4u;VV;1MhQwr%6TT}?zM))8q)@X>8?jgxW`yYsXUTaFsp~fPwaZ2-e8S7 zfpPlIHox@g!Q?|2(IWNXL#s6OPTRy8!Y>18Vv=_%D$#2AE~JuNdA0=pSbUfjZ+?m@ zDk?sI{#->ROpZptWoH&7FnmD5?=buA#_9IY#!ol9dJ8y{H)iUS{YXT-5`-h;;>L%E zB_emYP$%oF4$wY^XpV=IU3nSq%@Y@?I&28BJ}A*3!t|4A8v6$KM_pohA$a94j!~;# zaA3f6uorjHH0SNo`9SAn)iQ?DCSsd1FtfDdNb*y}JQf zyyRJ9SvJxw9`AH}<6ykh^U%DY3Dz@Fpcuc#?bsA#_$(Xt_G~F zfk`{-Bg9`MlPIe5cqg2tT$Nf_fJd2Hn}<1#2+x~4+T3M1&pCLJONqMFQGC!UUG8xO z$82l2kU(us8Hesm&$*vm6NW#d!i&>nc1t3e>2gN>$3U zx%&I*SYod_uj|;zA75f@GkJNHjWm#i>b>)miXHueA@zIL*%AZ=n80Bv2WRK#s3`04 zlD3HnP#5`PKv4wq!GoxdMXkKD+SU@lp$Lvg^RY$%&h3yw;ruqFv*{=4rm% zohUCaudAzz&#W`cfL5VcssVMpVeNXurj9UV8Sjg#`h%#7S(|drZ5liG!@gAkNZ<|r zwAJV75@|3>p$&4oeGi9IQm;qRkho29>@I?YIJyCgiKLeuV3boOmY?`?%{pwLxN^RM(E{jHO80U}MKja(3bhZRrS} zw`$}M`^gd^it@KO?K0UuwXa&c?co(q|FOtWoJosBZxRs`%gV^~_xG1sjunA~bDI<8 z+oOe)^z_ItU!E3>{5m+$sdDgj^S(HB+{&j&RFL#y~+WFc~u$*m^qAb5((^k|D8ZUkG}lL^iT_u+Mn@Wx3I$x=>;#6X|9oyv5f!y;gk~Du`n8sfKaxJb=ZeLkt&JoT~G*#}Oqq?v42Z-1C;jAYSUiBp>Y1tKJ ziR)P9&L>B!8grUNXMQ{uTrHbFStVZJS}&gH(89G;Z=C{(Wx8=xllD3;wO`h~oBD>y zmXozgT|5H`yjtNIC{q$DEEP%=a!V`ZHyPTO)Wf$LdmRZmwaH#!@xO@-tMxO_ez)%N zZe~6B(wteXh&=T(RJpuN33JFb6Z!EuM+=ichlzQ__rXn+ZO0zL`Q2s#Vg;%6OhiAg zHQ8wSiz=(;&c$`{eJYk?v9jy5GQC6GR<>9#`)O@XH>qZJdybQo5*XNtEMn1|ibR>j zJ2?VIm(lYy@wLateV6|(ocxXCeQqyGtXvt`#W9JwH-Ha!b$KyZuU&3!>*@Hm{o#l2 zU+tF_PG?UK*OAzX3N0Gu__|lS&eX?pg!{dzN&<=|tDHpPEA7KJspX$q8WWnigW|VK(Lc^d@oTv`idXET8DdtM_@Sd`9e4~rw0NJOx^2$ zX#<_~9tq})j}KM>ao#f>@+0-f<2Z7PkJ;;`TMRz69>vogK0G;#H--C5hndvx562SG zPehI3yw4R9Rs)4hC&MWD(@LbsN>ye9EuE_0IfwkSVBgq~GyGUFkWTL}wHN_HZU%bT z5=`dI&LEccLRPlp-OW2-mFM(zJGAdGSyO#w{zK|X%ADv;U3%?lH~Wbq zQ6b&UL?*Ymtb3+=yh4e2ASthvqj{}CFu%$Eo%+)zP=nHo%lg~ZhPMdfFirPTkB=U@Rd`JHVd8eQ~iQq(<0g`8m~H`Kt9^`U^$Ue zyY31}q2%MCal;d8?AkgX^)|!{WB~sgsw0=L`QSXGhh+WF1_!Uj=WP0ymg7qVJY;ae z;Bgx^&ctm_r~X0F`raQV)mzOYV_RQ9#fPlg{;a8im_m#3V>K4x3PB}3QOY5M9jz0P zGTCVxy9+C^LaiOs3&Rofw3*w}P%T(_9Atnj5aQrgW>H`t)A#$XJ1? zD|}5m%WNNu5Xu0|)jdkd5-aC(vkIMM>ZD+WiL^Is-)#5(YX4B!! zroj7+GX-P#sN~!7RgB;s&(ocN-2&zVS94z%Rm90kdj3eiOnOqN@5K+l&(DX%>k2mp zGW5@9#L3YDO%&rZuyz&Wr%%sTEevzIlDIt!ibcWyFEsK~t?S!_$N05aDwH?M7tPhP z)TXXVR@LoX5^s-2j)xFVsT z){rhBfO=s}7@gL7VdWesEZDv)2WT@_mkhy8O`Ztdp z-D$4y&IJ-64e_gg)qbC~Ce%{Ts;;iCtc<iCm8R`8Ne1A6Xq4v^%}jS47JT z>7$vSP+pYZadSOU38%3bas9N+BOXbFxsgt#>l!8D+O(M{aOT?Q&T>BCquG&^yt!CM zIn1E+2$_rUdc%a7#c#-XI8)wqb+UXRa(QrHx2`|(VixHeMX?sZzDMBLoV_=SI*nm2-zm@1LMK84_R0-rW(Iq`B3zdho+uKw1yO?zDUHaibDqEy1Dq48kcnQ) zEJ>?z^_(){4q*imIFHvM>AX(-DvzWa5}1e|_+2#2{3BdB8xC z4);%hb)>ZwT`ep2ou>i5qx<}seO8YRu%g|NO|3kUdt!+B)F1KbgogSHyz=To6U=WSbbxWEjbj9|FWGvxMOF+EMQJhniL8f_m*KG7&Qekaz z}7eCWtDMqi4rzhcP+Y$Q51_nBOX75?^~Xf$Z)XmGCtD@JwU$JFI8VR!@0J zQFxB@mEmC_A&m7p71T{Wd|mDMpunG~CP_`YS{FY{Ul{ed>IaY9M4ilFx7awMa>keT zhT{<%*L*9EP1yMP8Pto&!DHz|t6)kn7se)g=&OgAbxBa_ucE8qTJC2{*>4GS4Ph~6 zzeM_$Ox1>+&V=%?7l}?{f8T6!^MIB&;*D8#n0HP%rHK$t>Q#oJm594D>d24M9W0TH7td}X405X-Q`9W-hSAlCEx15o2uQis z8nfEF+d91xd2`JabOsO6aACQ`P^g6Et-;m@GDbK*=zO|-d|0QKuLOS~d#q-DQE@zd z`}RxOqZ3aX;aVE|rOwzks@M~@<<9sR^o#TT9)0f%MBME^L$+@CJAzP;VAH4_gGcIv0(=9-6~o3+@dv~vt7 zxYK;JvX2+qcem&s?0cNY_PG0N+W-ykcF<2(>Sp7paG5PX)K;Y3%J|Plx5C!69wiIA zQ>$7RvX;e!naF_mhk_aKf=$q1p9*@1A1jd>@ z=lMvWFkWo5soWnkle#Z$m;@V4Airug>~fkZ`OYxunX(@oS7eyW*XSm{bU)eiiItO* zR|6$AA5M4Rz{oLX3!m5ScZ06iKR}=SXc26|Ha;|NOjw%xwUJz(1e-mORv0~j^K~uL zm$cJTTM}m)a&XSTnIGDP@?Y2P+@XEY0_soC*pHoP6mj6>lhSOj1(7Z1&b=`)!|x#6 zXEG(Q8NYS8<>SHP%UFQ;g2rSigj7<__5RL>zg=oyY9Sim`ja<2uy|Xhxf0c{@-&Y# z*zZ?3x{zgN2-0zs$@a)U^Svq^n*F0xCy$)B9A1y>)4EOP=%MK*MhtC)D$?I#?TvWe z2tW553QMr15$KGy|BlG!2vbpc9?QwxtNs*PNz+Xk$-2!l6;Sb^?7cPu+g8u2K{t+; zhU*7O0(FI&DD+i^U;yP}QwtB9)exKahvbe*)T_}1iD>cKEJ7}A!`LHL*HfKm-z($C zZQ&k%UhXg6!EY@wCX%gmXp0f{xG@n z4K=|LkPYE*r7sPORIrutDHa%n!>3Sf7sf3KlUq3HI#W*|23r>k7N#dm(M?ks?&P;| zv=f$#Gs9($R^8zCaaGD5k_*(y@ z7oK?EVsL1Xf7++V_e`J1)(g}9)C*7JVN^_Vo-WxYZfzi~J(m_RPJg%IL{;9k)-e}igL_K1_#iZ7pS@w}xwv{!8wj%V_4tB`j_CA5S ztZGV4jUYc(|4?eak&OX#VRn|)d@$?FmoN1tD@U~nA|(k43C#h71A8z!c&b>Rz|;wz zDz~kU&_JZuul7TP=$_!(<>j3A^niO8p(*>+zL}@MJ@q|o5w3%>sj3Go5J%)GtR>MA+Dut=6sQ!F(oa#Iq3*CX66(GTQuT; zlUjU=YLoAv3%ftYO5quTEprb&=R@R{U{qU+|B=>?xOSQyXOk>DeV^OvVxVWn78hap z)oX*xi?x^OXh@|?v;LUp`4&=!OZMC$%|6Q-cNpkD(e-`Yl=b4|n0r8c;fD;#*qyQA zWfP*}iI_e(h!6YfU6r?7VVjhqf!(BH_7Ns)C+pTuz8HfuaVXfaDl>T42uMgbh4xY!sJ$IYJHI* z{{9%z9hm6oKoeaZ>R*YMZ&ROx{-Je*+eHz9FUC6D!~s*`XtHUtSgBpxgmAVflQ=#8zMzQ8)jX7-C^e=YE%=X<#G z@-P^lj(Pwt2MdJ?Gw0Ee$o(b!3e)A%yg89#994IUF&Y1t^51Pz6uo z2=)_f*Sbp^a_hAB-ew5(D8mU}eCWV-2#aNhud-96MT8o=n(De+I)9 zGfBg-FTgF^Gm1nUee)8D&9Ehv_JfKKq)GD?NgaCB5CbCb1C>+P%2Vdr)m5Iwjciig zY9hi|$D$R>Hk0r>jSW6ir3@Agq{9*4<|Vlo_4FGpOfW*xziVS6|B}wPuedlMZpS+* z*7qZllJZrM0B49<)#>%OjL;RUzO{YqSqPRZWq&-JXtI zY^o%88bjTJeov2MR_IcM$9TzgJ+{))l<+-92(}2-l(D?fb*x6zc7Ca0l7h#Xd)ydX za@;z*+(Y*If5fzIZ4Kb+RvqAAer;G5vOL;}M*(?XPNed86sFPb6%?kXrlzD6l9beK zBr=WxZ)Gs*52saR=irFdC~Z~UqYyGQyl!Dji|OIo(6eXH?%lfwP-cfSy#`PPYM{Sg zih65n3(??@&%zGoefTw$swcxJ^^EO~E62yYvrGS*JPIdG7*i7GACO84ypeS+-XB_8 z^|tmmgPK)gVMlRf7t>#1bo+bF??VV{bSE&w(G#6tv5bC?+g!9=$o-nMG6VNLS+L#i z9N!2b4C=BZS0Q)FA^+=~6AEiCeugMCQsx&l1*knLTG|l@JO&1afkYWZW_a;sMvX60 z>FLwA@$uR(U(Oz`kEp7ut{&C;h+H01GBXFk=6?Qs1`Y7@Gr;@uDYp;yITn{@w&+N) z{Du8x#M07cof67WP;-9Wh~)S!(v$OrhfSge$GU3;Wa(3*RfnbwOvD*eawLBTb<3&YHs=SO@P+~Li+Q^fK_jgub|R8(Qi zW<5itInsuLW%r~EJ({pChhcOqUdfE@W}ha8FS#!VG?FN(?abpYcA$}t=POI4WfztH zCgvQ`kKr{dkEsP#h1a9eE)oTubOOSZcgLGG0Ix%=J|uf1YHPIzV(Ik?Iye}wBI)X{ z_1|N7g6stv2w1j<)7En344OG|@Re63H&Id5b6*q!4!TI`iaPfIu#m(}$kjrlLS&eA zDxN|S0^?kw!!A%n)8y*pi1kvrPU^lLvwt~U0e-n8FfdR=ae}BBv17o~cxi@D!5n33 zG4O=RYMy!*HEDL|_A`m9Cj#1EvyGiIuBug1)&vIDt9zw;JZCJd&kH6*<;UXI^K$EF zB+A~-W2mNNOh;5{4PUEK?myM&n&V@Otc<@J41xgE*wU|GXB8LkCkeUx`S}^KYsx>5 zp9fWjyxVkub8l^Jjkv}xRLEW7nr}&q@DZXA#jN-CO@y=~%<*+=?pqqV(ZNQ$!+pqy zLiC4J-W!6^uQ(E>KDfLReRfO8txGedcYSi#$|6tKrBNqH%p`%~W&R|6SKXuSX@+jY zW6|x;V|opgBU>0a``b&=A;#*j@n7^bR=jl)Q5Zdn9iFj?-wQWYT8Ly#VGYy!yi=s) zLO*wa_HMbd@vLWYA%TI8cX|KAO|wpZQ>^}&&HBD3=6i5qgwTZPl_=5tyepiOrYvjs zbsX~LUMwDkcx17~uJ{u%p=eMVo%aw+Qwc=swe{C4> zt9DFxm!D5#PN-WD_|>08Xt=z&(h14+{%b)reD0x_?$n47sp<>+OIs2C)>h^w(7~_s zFPx;}o7-ImqNiNJ2?qxTVcs|Iv3wz&FLzTXhroS5v#L#>JY zZO#mXrPbcv{t1h0ZIgGn7wBP95wA``vmf#C=pZg>u{~YuP+`9_`>aw&VeS0+y2#Z@ zPqO!=CJwfld(4HjB1O(Kzs2R{@XEU?H~Ru$Sw5+DWa+vXg~b?}C7e{HF$q`e^6r$Uc2 z*~J|g#~G*secSu+268L1ASW+*Z zhy)nO6paa;9>i{~nYS!YFbO`LPQBUr(L8lmE3lqk=+u*Uisd^qRkQ+}$n58BZV{tt z#roGrex;5)EZ-*X{@$c(Ss`wl(~~eMBrGZ-0+Eri1%f01fm+xf+X7ZXeaH4To1yh3_a#kOIEZLAbKJ~N+NN`d(s7%dB9qMd`F?2}3ay5ITs*+QY zE4NSQDl?tDH;$=R{o{7vi21oZ`Gmh<#CUmSC|;CI$AWnJVwF4EH|_hsM~WPhovxmv z230dLS?W#{n3|f>$k(X^!OoqXo%NA|nR@T~)YSL5UsTD{Riu+>sHj4u!8lSjB_t-c z=>So6pn|ETv&`PO>7PmWifSggWv;S*C+G}i=hwf=R0?jcW=4%^r|!p3A}CxD{O|%a!G=*f`A*!73%Fu-3=b3kvd;m>bhwH%=f zxp45;7vQ)4<3(IsK;KyZcsdFS>wU!EOqq|@*P`6N`TLoFnQx6x|NpIEN&Md#CNOKC zI|zRr4pv^zix&0oi5SXOO~G<8vnL1BUaL>W#2W&h`#!rQ=gKU`=y>0&2>sLZN)_&CNeu6OX5x8VJE_L{#aKv5e zu{l9PS5ako=4>C_HXPINJ=ZW=1Z(V-W7d<2l=I!j^B+IX-3d?7{RE+pkT*&&e>*4` zNTs}$m6bdY5}m1=YH3*pc}EeR-WP}XQ^PbN>^^cd`-g|r9M%(Mfv~W|#4gx49ih1K zGVRBE6^uQ$j2x8eLbV@lT}1s@Qrjas?-ytbir=F=xfI0fNt~xe&^;38s-t6v%i*8e zPD;Cadr{FVE_sunw>mw%bB11_^Bs!+j2jXr+tzmz>xr89?r{^IOCMG5_GVLkPKY?`m9-f|8+Wyw*Vic90 zXJz&ES0H4A$E@?(!a~4myaceGLNfs!f-)SK?kizNc%Y&akOP&rblGSrxC$}?nC#%a z(%(pEWB8^x_#0Ij<-MLRWvOMHpHYyb0_>V3|kcUbE89+rvjbhQSGwmU*@+<*N z4PqW^7gyJ=c%JR*?K)y1w*wHcUha&2o|MFE`(7?gCS9)YYWwPJr2cYoZA}Ks=Y1)N z{QBj~Tkvi!ybv0~aMPiBAk;?!SV3e@Tr z6%}nwRhN5RoVxBW$tUt3cCgex7I50gQclaw%WJFm1yQ^(>9b$kfT`nsyh9$lK67>X z3w$X>y&w*Pd@(TuCO6!kKvIGFeqH@r+<^)U1e=%j=vQ)9R#tv~eh~lT+yeGd1&Fj; zT5bRenXpZNb0D$JWJPFFl0pw~+9EfmYbUz8n4nNU&=o28YcNOS%)ezG4wEtj)F?oa z5(E-%VnQ=TxpCc+?;q~e*4EZv9BI>Bn*B%>_phm`=}zE#zT|d!?&{=p1R`=L9>T5{ z2de`B9e-^CMPy{@__h0Cd=6TWoEC<}MndSZNhl9T?$*Z=$EH_)s*Um+)ImnjBu+9t zSaPrCFy^dzutQlqnPw-08#x}vkL=CThiir^|LV4xsSKo-yOlt(_@T*xwxU@zC0iz& z$~VlH<<$Mo{)u}`Z0+%RYu=VJJ+&XBpMkn8O-d03wIgv4mPl7{z}{#H8uH;&;y?G# z9|LZf$dH_zb%b>I`}gkw04FVkuwAHUP|uA4A)9D@ueKi|floNX3?|BLXzecm$_CU9 zFsop^#_bW5l0g7vON&J+P4PA-(c7#|cC0HJnjqPzCc=@9lqq81+Q-KHFXkDYzFX z9a2z#$xlc3874a88E|gcmnuHv`D+TS?bzeYM>sTcPnx)GrsbAS_j^Qgva<)xxq@5b zd2J2eykRXy5n6$*)Vvi?VYP3l`f^t&eXs-bj(Zfp!8Y2n>{QS6;q z+Yh1&d9=aLi7#)Mz9_IMPe>$*@IFxReV+<#y~;v$wOymW)m)BVTyW=m6g>sUSvK<$A4iKP+H1G zzqGI*)^n_50Sw-SCLn77X#1c5Z@8rswagn8`^bJZK;0Y9-@;g4l1hdTr{(^9;S27n zk!`vTx<|>_d%UtoUn@{sUfPy9g^+q4=z-I3qDP4Fu~Qbxez`f!`5hlzeFUQ_w-g-r z1XlKiSMw#0s_Jg~508G7rJ^UXKAdtyl}WY2VS|jgX3R9`P7ZTL6*C;`Y9tpw&O*aH z&d~UC0$_K);5rS-Ir+-cn=@*`+=mIz?W&)nxqPv%8T*zJ(mCavdFT&05Y*lF{ zf}@BLQWc(Uw>i>E)0zczm8-=W4t|FMd@cs8xFDbOq;X}_2|H13q!sxPkL?YrlT7(^ zeXG1)czSz(S&y@&8CbUGem#=Ie=5x<=F4rVzn2#K$a(bj|D4^Qb8`)gb|2oq2bRD0 z#fW!kbLe;!lQy?$cLIJ8gO~|b6Cf+e{3Q#(E{T*$2P$EqE&REtXbjqlvi(Ij@AuBt zq&~tV1GBxG{Hm@Lk$B;sbmZHHxNe?W&J{jBs!HTj%fMwH3k*}yOOFVh)~^&G$lJX* zZ2t@0c6eFhkG*Tfm;Bl=gW0l-+BJrd&~bCza7c4CZhi2=fFCk0neDjj5@Jr-9^p`n zt0tXI7a$O`#kUo(Ttxq_a$mIAe-Uw7g$$7s)zzmIs?L@i$(N8YNo3@=h)U5-`Ut;Q zZJ{yjBa}=3t|i#Ay|(USxp#eN;j9U;LMTcPOdjYIp-jYFMd zykv{DM_w*_Rfjtle}FzO&KGUsXG8=of{L9VVt&wlz;64d?5(@>S3ic&^IOsiQpS}va|7f(}?%0<+I&B?^`!DR;iH|?k8=qz=yrq`I zqWHN9@78z_*q|ML>r6(3C=oEP0S*YTtC0eIMR|GZz_a;aksk)Oa&nzuZbVMvrxkDp%+%zPEjb(Q5{X7U$;HOuV|}&h?xh z%QtmYO~Dk53S8e=)c#R4b+5@-hCkRzrq1dHF7=uC0Yc}{{lX+-QE7J~ zd2*D^uD|S(Tl>LP5@pn?E?TzWe; zk}y)~MeC0nez%s>Ij;QW{#pP7qVnS0j=^FR?OA2qjeM>Z>FXeD^C?g3h}msVQ@6r` z#Km$QJZJ3}6!i2N_%9T{^KB-smfLIAP#@;YHYBdz7-#*%UZNBc(WeLn$yoRW1h&VD zGqbX!Xu|t2sl!32N$NQOXn3r~7gkoJ+AXK5A_Z%`F8E_%dU^_e7u#2tEU^rE5Ii z&h*I@KS?7-82#YhR#Wd7QJ8nX2X}`zFgW-YPdDrY=HM|Ft#u}{J_3f;#QXo)!9&1f z1P<&TfTj))G4J1}+B^fU!%7+Vy9jb4cEZ>W5ZD3?UPRdBq)tY^L?2Qq=55E`;}&*~ z)a`M#91i=7pt>8LF+>M?5@OkqC~3vrF+4%MoYMzJ+>Cey8UN^Jal=cc2K8=p4) z(jkA#{Vxa!JX8>W%>xc(|Icn<@Gjc%0pmXJ>U>!QI6$WIQi#o0N3=q|xwq+~l9Lse zD5NmOI8;)w{n|YvocMnPZSo{e72K&#dY4w=L|!S|2())0E;V}6Vx#FkR<)!rUAEg- z3J{mJWc7tHK*J?Ahy+7=Ot4I$@jp!VMNW+9lOra$W4zVc@s+VP(dh{{AIa%W2)A=l z{pjwoaT7^&lCyh5+k_emU)9AEN)M>21iOo=e3qV8Dd~l9!dCRt;r9w~nJ@)_FegrP zhQ`Wim%Qu3iv2afLhj^5ZgE0h33Cy?7Q$-}=`SI?_Q_#Tz`j;dRdwD3-21a5Fan|G zloS*IBeS!&SA#<6_kltJQMuX=(Cs)SEY@*@VFWj8{9`JbQKn>BBsUfcmL~ zf2w&QL+S?U7#e@)6|s;)=c+}+)uxpyo~h7>L*zi`FH5)o>*kOGj` z^n9u&7&_WToQ|Fxshn+|sOCN0qPS^eGy0C!G%@vBPLcyC9Yb5Yidv*hQCS>hSWQO; zPY?U*#~9(;eTW?D@rR51k7V&V}UCRsQCJoc8kEX1bp!Vu)zSbuAd*e%3B3^ zgbcN7Tu8`M8W8FV#`CZ z{{-Q#+3oG^pFazYJMc6#G)RNX-44wqB_;9k@%IL&rV{1&9abLF12zs?ly4J%jDCOc)|04^klD@6&84NX*L|tre2QEGukFD~AF#|~1zp)) ztH9IQSHUKMh!LZBwPZ;uoZNH2d{R&}B_tLHW!CBs5M(t|J%>!l4W!|C2pR){IG!G? z0%rx3k^%f(;2(yZ$AhyVsIh?4E9M8m!(+GS4pyRDC>N7erA2wmL-wD28^DSm|9CJM zkypP*Bo{avc@9p`fXmyf^?NtX9gau8W}vpC-npKPJjm}ynGYd*ThdH(C9W@*`S)`0 z3{T#O;?`>f?CJWSt{LacozEu^uJ=kU+TZg!RHd3i-WUpKCnf6t?xJd$qGVp|ctWk< zN``;01PEKO$kh^U0AP#$_xo&382@hcf3<>1t4sR>P*`6g|HV@C_#t+E&CmX7!k^F` zIsb#}YkHx-djZx4IQmBLyG7S9EegTy-#!29dH=gX{D1LQH(+SBL;sq-d%rtz{hi(Q zWWF7~^&g!9MB_jBahEh4;A?7XkbQ(S!pPW|dLQw~TLTKqeXWjj17#NT-({p1gN}q{ zFDxv)e~-H48qUtnPKA9BTzox#Pya=yxo9DN!NGrnAg^#nZh$ZZKpGGTDwQx-M~4=_D20Hb1FS_RAj zDr|8{Niu#1I)Di6{A>gk=R!STbA0Cq91nh55K>fOluxyXMm_E7sR1M@bOJeOq!dTHm7Ud0a!FWJuNIO zOc6@Q#RaN=W)H1-U##mR4nYGl3!tFHEKPWKl8~(5=2-Ek&QfqP51f+X7d3!d!KlUQ zBNl`Aao`KP?j>K}5sRky2qMrU<+Qc@VGODf3uZL0Go_6p<|0|b`jti3dT>l-eZmCW zaEc~XmKmed+6U6A!YcQrh~{lwSzr1InheeIs>4U}pA-vYW0 zM?OqZL4x>C|G#4_8qkXkOBF+Si3AA*H|;M=hAlR8gdb2~;6+JOo@^Wb}3XT+=DGes>2Y@BY6_S^+AiIS|u)Zdl26@)8dnxclId}9*;l^Ug!OG zDAo4?ESH@POy1mFMw&bQ${;SFr`H|f9twDn?VX)+($ahmD2eW_EBAhx5b#BB-Gei$8ty!|a;%k3J=Hk#FK@;aRSPItf+UK)3?{s)hyzz~bM150lDc)L5Wxr(&b! z9)<5#ggYmd>;?R)+YO05FTVzNuIPU2gF|ej63{F_edOUeJd5UJ)b0GMVk zuv&R6M;`*1o`fVZEKKyee;^xYVPPR6Y^vHB=r(X%jt!%C9{6GMOf21)g&lZr@_23o ze9~)ST}qeex-*x`|B4K?3VABfzv(0`<~7Z**VFxE^~5}TTnJGBUB3Xv1UNj(!NHNP zLO)d(y#wsTjg1X}Veg-ui~Hjx3VX%@gt=dlEPca5U$jsjyfq>6YEy6odMglWMv$17p)Me%swx&rtm#aBA?(Cd| z-g)1IkW=WYJtAvX)(mY>HBu>Mia#;!*{4i9V$t=3-JRY1R|)DdL);(*Y>?A9fwjg< zvbvA3)}bNCeuOko*x=AL0z?m3egeo4B*uY2AczKFu|4Lq^SSP*44kesp&c`&2yJMj zE1@&PhvF4)aFce=k|aA%9?KIo-wz~cI(Rlz_S){_mMr9oQsO3k9sSPu9>nf=imkh8 zEcdeG(Z}|EM3bUNEHkLA%A&ieWkHwxJo=Xm3NsU(ULdY4*XiG2J}_s94%)uhmhJy9&fYRCsxJH&HXcPm;89BY z0SOsOT3Qg4j$tS%X=!PgAq)`d?viHc?g6E{JEfa}8HRzO-pv#LbIyC6PsdOD^5WWi zX3g4b-S@AS(QD8#fcgRm!xZpcvZLbb&UHd1uP-VK3KWX9&>l^JB&_%G@c4k)fyt51 zk&jVwS&v|M=q&443i-V??V`U&p&Cfg`@G<{d}pjPSBl!(!R*rQKtY-?Ot$;!vvQ8FFw-;Y)Y41cdONAAaV_x908MNt~hks#tq&y15|1vX7b z8BI_^DFcnd2f)B3by4>$)R4gc{HgbM3HCR*umjoB7_5pFn*!hkPNQZ((=SO(M3k#{ z0!p(1a$W%ba|Bq?&B%Xr?JD|j_1Rrqx|ZOqh;aDNjFb_D`rV_ionoB?Qt=6I;M{+} z+8MN`bT7A|5r~N-dQz)YOU|iWOmD19nVmhVO5^E)N`bjU9iuYwcu_nCt4}`Fqt1#0 z&H-SQVC$h2{MxZHyQ6aFQ|@eFK-)R^A2NFu z0M5w1JB|@(!9l5oQ*fiJSd;oBv4j~{xMtE%SzQ+MY=xYa{7X@>uF$#4dCzO_osVwH zAhR~pM6b&UFhTPNh4)cz7C^_D{d^?DL1O8>MY~?Ndqd_48O4sge~`U87TcA+Bx;|M zx9`%j6+%-ENmAriqu~-?|G4oYeci<$!Bz2>?2qP_B|uxfs+8MU=l5+545+I!djSxb zZRDGSM7ps>d+IWPLH{oPU+bVNh##AmZlnrY`~Ly3Bm1z2H?6d}c@7xv;_8|z=IJCS z_W*#?fN?!OeB|ou8-YG{WFcRbNHwE~YUCF)QhmV`t;X2Q-|Bk!Q^J-|5w&GI($nAl zVR(~dNi^mH0KT34Wpgeh-!)v&;A0r+1GlR63LSlRo07lg zxR|tkK}>4^h+W31l;D_Jh@t9Se#q9G&+<383ZR1(_w)qju zlINVw2Q0x(N#b2uEuq&NpXPLDlQXUI*x>V(kjbO!CC;k-p>;c;2S1$rpEg&{pZ|Y~ zApjx)Diw4d`9iM+4nXL-IkG{cPryC?1Qc@q_wFhCQF6=qn?1>h=n`2sv*787?jZAH z-mtXU=&=?dGZ~+sHxRWBUp?WRxnn<_#_U?UG@|cD+EY6;Lw=IFo@0@GVK?e#!VCUSTgX5* z+C4NBFUORTkpc8Du#-JD5Gbn0On}fX?D}%)n%Q}MZLO}pK2iaQu9Wv*BLm3tVfe7; zZTIZ=8-A`*kDFc?zZ9PipPV5%M|iZI0>l?O%vpcXpvMFJN_`!w0dNcoEIkN{p?-ON z5!Pc}_T!a-lVF++3Z&UE;d{~CA zaEe#23wbYok|u}1=n1|z0I}{@`YsbXA00J0m3#`~9F511&C$5G$;)_G|J%Uy3!mkr zAHkT(UF`H+;8{>R9`Aaa9C*}n5C;IPwM7{86a2edPqL3#g&wvEsZ=JKPb4;e5C_1! z+P`H>05;Wz8}hw+9oBO#Zx(o*+0$YK_>H!XlfVo~a!i1DGCm+600=|_G&)vB&bUY` zk>pEEyb{YZ=d;sOKmm{pi2@Ee1q3D{WcVZ>b<+JZ7~Ek*@@kNz2O1mm?dFL)ohq+&;hhxqkG9x1%}%2*vQG z!hsnq6tb|QyZTrztK(O)VKtYDJ$`|deZQhRNDeK$!X5o@E!zKEVa^t5tNQC#1LU=$ zKad+x?T$1QnHTmr{Grdq>Ux!dNe94Jpx7#U7+59Vf0fM|Iq}zx=&48l5BTQ~Z$J=f z_4@Epm4NB;%iPLy%=;M>c>sNz`LFm=m5H-DqR^ ztdET=4Q6bw3^V*lyNx$Qeoi$jScBHoI}Zumn8S{t}BCiJ>tSQsy!wB z{if|^`6Jm%sy~!Q#Dw%_P`}oag0LVOYz_s%SC1+=pbCOkQGah!J2{%vFN19U-oMgS z{OOEllBi9(u8m3g61T>}_jkHB0&I0oHNK}Bbbl_3(BFxQDWSNv2>RcLWb5Ttb&fQU zHUXd#K$0T>a{x*Nqgs1fxFFzS0A!a!LfSdtNZ$XNe0KJpv6vWAUN!*bBV9$GnUw%2 zHaRJ2gu+&Lxc$5MUvA*X0CW}1 zQ2nkL3;&+Y1*72Sq=4QZK!gDqYs1IoFD)%C0RdeA3#@No z;3>AaGf@a+u^8ysl=$_%z5ek#w}z9% zy-r^c{Qam|kkgx=Db!W-yQ=;!Bed-R^Y*`Fc7RL-sHOo~9kf4z2auApsA`uQD*po? zMawburwp`hq7#3`>V>r}zo`EEet&;@z<&uqGZwwOKmMPf+?FC>i_Inf_kN#h@_ax{ zu`3dq|2@E=r3L%$zYw@v9(@#fMSqu3jEc8J*g#C}h`)YCO zLhkB}&77MgZpFkiwv9gYTo}dYL_Ill8P1!1YHE;@rk4U<+nIlgHb&T3nJKcwz8G7i z`tQBG0d0%ZD?*+eu`z`66;TvwSpvcj3#&~wE^;%CGyGhRsy}9|XHY9^e>NuG;nM!d z7HKPA9+G%6`L8--*a8^64+EeywR@Yr$jchn3#xeICcAT0kB9yl(zEw6UTp1DmqmQ{ zlJbyhKDKMt$$v#dgY2qz8=v7$!&kb|{Oy(&4dh4z&I8}>mVXil=+R3z8z9#Ax=ZXV zFXEXmj`Y(7HBjdi=5*&(-0N7mbc?g8<1ma+W6aLyut*BY^m97HL`0n5k#f7z^DbA@ zVlwJB^>1{(krhgV#(5jyf1U}L7y`cu&`J5WSKfGjd>X`sFLFQTJ~Da*RjQQKS!zYV8^+c zWBZ)wqk8#Fk?WhRQC-NS#3vmqOC%)zdEU*~q=DHgms4Br2|b7dZ*X1E?WshYS~#g>53{`}kg$<7Tk$5`xG-}x}33YNJs3hOo{$>4R!PSIP{|~t|w>S&^ea2MVIy&){2(*kw$>2|{I6U`3Z9X{%mV0e|9 z7C3i&TM-ilAAUpE_sgca58jPw^d_&MBwsT&=@W8%x$bsCr|Xwl!9wQ5xPI5Ih;=>w znqO9L8m!T*Y7|XR9EsW-HOp=)0L#PI6?84ir-jZd&cA%VY_2x*&F37jaA#Q$&{6%J z3fg!}DygOBq|Ckz=?;J#SX7S#iqHjTixwX@+nNR7MAq4v^0!_lw#KczLIQ&2?~`5j zyV4H2Y6yfKS^2a%0g0!DW5sW+{5d7TxwwG?DeiU?!MQKk%T9D&Zw#a7J*!7K9{M!P zT3)@|$wzGi95bnnAA$)lLl8c`lG?}tl4cCelo?3ITCK0o*&#w8h~V98Ez2l#Ohr|) z%{+FuhwALgP(|x)Nr}Awv7I3S$-v}-+ppy&F=?>;q+#ek6#ei0n^wrsKPr>deAJH@ z{_NIiR)?I&sC>yr8-HtS9(yZG|+-jM2iQ zNf3C|CqucI_+wIs(D0vMxRcy|^I9o6O8*@7;oIZLwSD-+Gbl&>iCsC2XS7>@t;^%G zL4}8Jr9^bm1H^;?`aiwKu%Z!F4Z(&xY@uF6G~A0hVcac9iH60v!!yygq{^c^*RJ~9C~){1-R5QLtZkf zPSbKgq^m2&5U_m(aZU}kcoM$-R5KdiN~8iaI#wT&*q$Z&rejRJxW-X;-hp%9tE1zK zZ2@lb%#15T=4rdBthA9BkU-m^okJQzXMT^+bmkbi{VdDr&m`= z7?fCPkA8bIFzit$wgh8=K3l(2v0$ae%H~Tqv1GhD0g7zPb1hG=q0yNG;9%Jc@ zslZDc&$gE~UDLRSIX*{_w6%3G11p`4ps)G&cp0}8N>E}y)3fkw?_k-cNV>E|K52YG z!$BthzU=Rz~iqh6e_Xea&Dt6dkhkEP@1 z+>grH(-Ek2wk)I*m#o?NX!~;F&7-wPyA!*Lu*r}=sk`ppE2kdIJiSZ)Kn|wDEXEkh zmWS6-!jWN?Ia<_5&Ck{t?f=YMd^n^3b#OqdNd8ZvZ za=^1iyTTzVRM-{B_vXLk+=q9exVehDJG;!V3V$)jHK?MvJ64+?J9ykcL9ZFkR;NWfCM3Oa?BAZI6etI z5@%6ag9>^-40)a%nkya3D!>ob{YO0Z7Bnscf*dim`7Y25dK{qk^UO8-gI)92YQyZ7 zKfct6hvt&*h~sffw6q!TOs#H|VCs{NNGUFyDKwtBwS*J5%O!4?wrS{Q_H7MvXmQ7@ z9gR&*j~vj0b-4y!ZudAZxa;QTVKm8571@3^b2M=SOw`be)9tVl;}Q7^ic$-!Y}Ogn z>_If4Qq2PCvz+sQW>z7~0$=0Wc8bWM#R$q~I(57MbnFd29 z9>c-j$P6*&R`)AN*!~^x4+#0L!@|<&bW`x^a>D3TViq~wJ6!#C!hlp8XVub!ii1p+y*k$~pa&1pC&@fcb3=-+SI8ilU%*yF`|P~Zq(^fXZqU#* z{Jq^g>7>sNZjCg+8PWP)VCQKa=`hyl6X9SFeO2NXWE(+^?AR*4ENVtF3I%H;kvkJ* zK3+W(Za>xKxLDedLyfwc@dtP@nYMX+<3JPmR5}{Or>>92W6)2&Zd1=>9{U(o_mG? zfY1iMCi_tRZK|yuhf-))ou8nRKLmxBhb^Yz{Sjc*RpNc_ZDu|(*Hl?<#ahTb7iLZ- zs8m!j_ag(IudSYW_{%Rv43pJQ(e_Y z*?%15xwv4HM#P6}T7q-C$Lgr=rgs{lRzjYBur`?~-uxu>^}deV{(F-?jL>iwYgR5OAZ%{C&S{#UPuaoO>P@8e55*f{l#Jg@2wKx2V47|HIu_zO^N znoCO<>Eu$1$+4Dw`1mkHjk;)S@nLYiJh}Hocvf_@MMNqN9AaRpIx~RFT#SK5zzeoKrFtD5+iX5=!a>NN+u4l|wuyBQE zXk@rUAFb?(bb2Yd$e0VPa(Xy7e~($Ofbm#faLuztPR(>()rjv99v8sXOy~Z*^;-a- z!_>&25x1X$<;j_6)mUbm*S$89(4z^kQ7U4v!*}l%#Gbh2@3_7=uShk<%;%9G&nF2j z^sgui#XG<)e^{w}&Nb`YcI`ROdns~d+fEizl8!%fsKY{F=Zn*dxIp(b&IX~gM<2kC zW0v?S()?4qlKw{Cs#wT&RCT~K4eQtbc&HYd<(w%87KpmU=RxIC6pIk zH@4(4mum4mi06}oJ#nt?$T0z54f@{#dnmW$1ds&Dp8;7Y_3CpnyUHr|=cCIp;{wu2 zXF6P*afS3o>Of7}SRa+cL9?3O*jtqe7G~2l#6|GuzFa=cY;H=lP=SSYr9>$>j4@ZN z0R35MN?N=u>&2{Qo^&UW=KB29kzn< zHMBxGR2deU^1>lVK)BB?0biW6ZsX7@+^zGq{+&|I^hpSOjd*Y`Woc}0!O*BbwAcQr z=cLD_<&`;hh?`1$dZo|5wGqngcU!^0!yTPsjFTi>(85!r`TIDT6@_;v zc6V|&Kzy_ok*>39$Vt{J_y+)ADCSA81L4lw+iNZT=r|7p_@7o{w0JXV`hw;|7?hTIs} z-O(1&s4&5q#F8l#9p;%3TgBiyTu|K2b+AkCM-#f}w)L%eH8RZklvCe-jx}cdGiu>#U zpwF0I)6u7{o>B!%O=d%EMn1UPx`;uSz~!u&T`U&JcM)6G8*yKq6m1G@UKr--3af?U0(}Tx-ITE^?jJ$!T$!QCr z=OL#IAXO~qsQy`*@45`yUF1=66Z0za!o~(5*YQo`d@%AY88omoRTqU>e*TdAkNKqk_G?%T%(r`E%$+*i-|#xIh2v;=YcRLyF**WYpoD4kvMX(W zX#(x|1JctqNpxU63;Qjz`?xbV_3de=gjwz|D18xs+0~(IXWZS#>}qMYr4+!=Rq6jY zY~HsNFhR{@S~_wT#M><0N2Bq3qQgU}=O<8ErC%H*;OP42^|cth-4j|7<@qPNNY0TX z@*L?{)s74)hra0nF8hy$*{_y^x^kV)FD<%kXjx41i8 zeL*x|Cbw)mR`5CYrQ17Dwsyi_=+G}igreB81e{K6xx%{)$`IuvxwUg#e?E|l6mcFn zd4lqTn7L{f?%dSm$8?L2z>AYLk{U4`yyfpjhXF$ZAz#9kE)hUc=jvA*w(XqUGZirw zNWuqXEZLxpDcgbmHx@;XX=V#;TgNi)V1r9nXy-&ofL(FpW0-Ea#~nUaqan7X=J!=r z?^gRNZeW%Ix`3oAgln!eX{?t=V2&;fy^Q8sU@vek(R_+-%fC$v^IEBaVPnD@6OZW* z9%DWwX3M$+CyN&s`VCE|UZHOv8kjTAZ9p@&q5(Li3TZH7l_#L25D|(Vpi|LQX zZB`I_Sr8#VjD{+KtoiLLZR)` zMWyto7Ey8UxI{N__hv{Wk~UKp-iuvL6#zeD0l0jtU-xK%v3di?Znahl@KdO#*P3@Z zLL|!bFJWp()?YD0y_`&7<)~ zF(oPKc_dTr1{2H1QlE!3zV`S4%ZUiRM0&ah{6HV>$^3+pIcqGp0X{r(Cw%R$RO0=yk*pJV1vnO~x5-*@6IIfUhDv8s zKV;!*%c(yjZ8hSK9t^QlioEU8lr8@}sbzo*OYjvCb?s|spq<5DjEI9b?Mxcl63U9b zWsYxY7SJ38nq%xgkkx_Vfg|Rud9sKd`(weHd1fHo``{TjU!1&X7g1 z!42A0(UEk1XGCc2NsbtFbh;;@A+zoUpWv)z;qEy6c;DY*ntR@BMZpA~dE$p)lCT}D zjebdRCgi-cXTFn}O-qDsNfR4db$L=bWz$12>SbW5l5k-lmjWq{lJtpix%gR=$R|+y zU=@f5`C7Z(9g0Ub;9E`ZWk*XJcag-`jRavtXC*?+QndH7v zT2cq=SPE-P+$rPUcRc!<5`)m2XR&fvG;0~gv`?(%fdq1*f>mvqOTBnndt>;=o6Zl_ zvjo`t604D@g(Q|jO?+LI-fe_^FsqdXy`<0QtU?DDaM~aUp5tCxR6cfa>z?d7@#viz zj?tLZj>eRezp5K3w^bE-ot#Vd7b-$ZEWaQMHv_Zhp}zQ8$fp9vkDl5wO<}ccs9yl@18K?G#ES=8S>bWl*!?9 z9wk!X0+sXqcm`z4nDg{FL1MomVHFdZ^$EpeT`c=mSax@==?Zk_i-Mt($!-xex?ntM zKiXw~y2d=X+TrJEPqen}EG>&q(Itas4*{CKJx#c5!qoy}c=2^8GXFR;uRmEMiloVo zaZvI zi_j76M7t30ttw9LNPKZm6cZEa3?4vfJl(h>dzo(3(<7~f&Rxoq;W)J=@JigIs|;DT(U10$8KLN-z~!Vo{kJl z-JOox4-FAKHWZ(Ss(0`JgdgZk+-9N-$N4xZ~%Too32s_sc{Rv3sHsRhDYk z2L_EURAt?z_k0cQnaIF7mx2eY_8WI4uoU7JhNF>gYpjZVSs8BjR^hv8!V}hpAjl=_ z(O{N=N~(mIYkNfVT}c|=)2wFk{?L%wQ-_~}tC#Z2>N1rFU03z{cfD_Eh?bDLU z&`}-{(t0$l=w%^=(D5WfZ(^X%33IG4_@EFA^X7m5eS;1hM;oG~R9s|9A3O+|WFa{g z_6o=_6$Aw>fQ^iz_UCwT}`YJ$d17h)7b^EKwT+v(7lt%&>1eElxo-EWWR_1GiN=dW4Pn)P7HYM;BilI&V{ zM9)t5@s8hc#=aRekEVtBPnczN|C3z@vP93$#Xg`He{Z~9CRe5l5W zB0@T9OTyjh_e&A+mT4G6VUt&-gQ@+ECp0fVJeWy8f2Wg>tkZP8O%orzf~VBc;qI|2 z$uGEDInJt3t6^o8`++j=T(pSjYiB*n4o#|7jDk<M>BK1Pwfg;Gl5mq8=4fvxUgOk}7jA&Pkq)4HDcvc)`8>yxH@^_)iriF(q}{?6j=T zO)%%REaVJAzQdcem*_0+k7<4a0s`utXD}@0ovF-oc~h{B4cbPcy*$q@oZJ39{Ok70 zrH~w@Co0fiP-{;mbvjP`JQ`UkPlZEExaLBjm8&dv_qDBS~G6E>=S^gXy0RnkT0k?((>_n_XNJi8m}(Y;L^i_R8{3e14SyGMUlbHNw6p0!d;>UjUqu&dkbz_Yq2?a zCN3feF)~2umxWkRcON*j!~|)xMKRWRudj<6aT zS9GF83m)%~L-WcXn8-jO4^O>5dB#g+y(T$Mk>(!_d_$3nPf2(>Kj|pm!WFIv4^OzS zmG_8cK{8Ry=hUy>{_Wt~oIECdiPfQGG#u_IioQLj!Xm*DtAGUb^_#~;)WKmz#Ci1f z&skI-T6qe4U&Z_Q^!X8o^fwY$Z+har?PQ);{Em29VLIb}x4%c1dh;WV_XJTiexfVR zVrGX2(Lj9ZgGma#z!awV)~B>)OXrFQ_=>uY4?lE9VCjN`6;Tk86stv+dVkzNRh}TU+8%=4dVcX+4?8&NzHj?^(>l5ykF0tHXra&tyF1n;}K$^ z-myhJv!K&F3;nddF+m@YhaFTpuS=F+FtlJqQj)VEBU1OZh@9U~$pE>c=dl-ZdYfa@ z?-wm;=WHChtGQnC@-8nTrh_TOeA6UdP6NCfl51gkDxmB$ulU~WLawyN7>O5E_-q#D9{RmCnefqS(N_A(TFR%5Y2AZlgS4Si+j}+G}qVN zALX8TB3|r@{hSQ?6y`E% z>D_%o$=l--4Ew00Bn`FRn=qBI56-iD(4=W7rS;`{`}?mkpVOJ8>we@>4_l!2>-l)h zj!7@?e)aTjMJ{mg{qk2l>}d4hp1zV>6t=FVeO{h9T|?f&qWoPY>yD!TyF*R*$ezQV zg$ETZ2CGY75$u+3Jw)=y+fJqk1I81bgdvl;ALI-wQo#5C zBy`2iRl@a!4_NLDy{QW{Ri9mwM?2Kez0MV}7xrRdVbDDn6pj{5eu_;kd)K}f2P_)` z&gTG&S9%6l1KjrZ_6L9&cKhjbHa0eHZf-zv<)aYc8?7DF+j(`WzAKO`P15Nl{LAfj zG(KBUPCx0b4;>Ns)eM|BrUx<1e4Nz2&IW?TFOSD}G~QhQe5A9=RGa#j-2l5ev1xqR zR?%Evkv`OW`-e)A8~qhjupW1ubp-j|0iDWR`cj-nueEfyt^geAW*o0v>n_r4xn8{e zDR;1O<;*IaXdmWNj!8J6otap#D7rP}m?|29ew+%C)1=x*zBg{)nYY9>Z;>vD5@>^h zSHtWm=UzJtWnuC(3c4!**-!{#PL!jN-V0r*x-ec5Vqiu%U{~}usS>AxPqsNmR!Anx z>YHdgUUIG=1(|nfc}H2!Az^@nNu_381nrR7$FXQ+9K05`v?=v~PwYXyPXGWr5r$Al zuQH=RsB6~so(-3Hsqt!1tr%CJP55D{eO)6?_xmfSZfTPPr@9V5}SSk60 z{cb@Js{dA(ysas^)JGy0K`a=JUu}amydHXc;j|V96mEFwF_N)71MjQpFLG8Vnlh8Z z08er+o})3kW$UWMD!d+6s@>9`(pD?vtB=>2QbleHo(#48rO(k`zE6##5Fx&oxT3q7_5FXJnQGyos;YE))F&M}9h}GD{Rmm^m<#L9tn-G^=zI+u2#&6s2k7 zSc9>_lO!&N(XRw=-T8Ux8v8}F%C1TmRYDDcGt{xPHR(J zyCa2DywS>e!bIm;xU5LY*e?E4? z^-KV5+fad1k?=tqwr&s5Q&x%)CsRj8Uav?F@NXcM{bvbjL}y&lrLOx3CZFzht_fDj zTm&n9v%wFTljd2~ix{Cee%tn)AFWOUZ)};!G98M|l@@;`tL`}1*lDw^`UnO)d{CK4 zgnY-8Y@1DGO=z=QX$ob%&XW=yv=s8_GP68$ZmivXVYU*tL#N#@>;*e{Upp)+V!HSz z6r7Q@YoSAxOjLa?Ag@)@7$&e)t5^AWWfwaYZLXgv**YB~&U>h0`dQkWEa$9QG9tW9 zbY9tVJN&iP!I?0kKlJ`=TFB6t;17kh%LN$i+{7`j#=23eWM*mP`dgdu_Nf$lp-6nh z)+MNUxyAZbo}2gEq53G@7G!e6Rt>uDcBgB}&AY>iX_))1oDJ$*`C@=aRXP1EzDr_U zzXVhD!e3}IYQlcHq|cpfc9va%`C#dUzxs@4e5gA7UUH?0gP?N(7umF)`<}`A)2GSl zS94}4;e8Qnm|tBs7dN$V|qUhvGbEv~~lvA8VTvr_n$+ z)lF&3#$#g(?swtN9=AjkkGNh0B`Nk>yG3neOLJZnjN5K)c$>DUc@A(vg|h_bi?lG$ zmmka|AYE4fnD5RNJ<-aO<|y3OYY(S7Uo6a!B!jNo$t`(~p{S>R<6&A9x6;NfNVLvu z9H?g6-GNlcEMa(rLXLup%A~UI%IfO6)4(rj!04>5{uo_A&c+fcw?#>fuFa9we5(E6 zH|HlvKA{yrhQwMxIp}Q07j4&~+SalQ6m;EYV06Ogi4Dw|eiCeu*x>M&?o-?5x%)(> zyk3iw$FtNQfa(=tgF732jZvM#N1`@E-@9(Lp9w@klYUZ*cjwhf%I(KY~-rhAM2P#WpP(s{!V~&x0^)N<{vZ~EIbO9 z>XY>+6eXGPZ7CS4TioU|d9y&h^q3IL0IVVvQ)Py^Z^#W;UN+Jqo_T_ip#=wIA7-(^ z>5~rclMDy;H_6sQUkD;spcOMqAA2hj?ke`+wWIhp&GvW9jHZtx>yHA)45IN9E^A+$ z9a_#B#2lEP{MBnJLmy3-KAkpFuc$==A0}8VZKWAVHZc=Sa+h98UV6Xu0fm;8AP$cj zQn`+pI1*=1PhefEFK9aaj<)28t6w-!WS))8sY(yFpVz$Vv5Ma>;^^<<3d?}STOlE* zi=Wi5c>Kw7gnbBlC~g&EKa}Wg^_;fm5o&zjI2F~%pa^9jZ{^P1$dz7K9kflIYHK%Z ze}u#}R?_w6`4b=HEnQq5J7nCZv!MtRvR^70%&TCAt0}gCl5f`UW9*x(#^=o3gR}hg z1T$UMA}5pj>{VjFzX|5rCtX4EXZ!45L-AfzoX)#BUWV0sU5#2j3tjXM@anHleVKe3 zcIVc6em=5-`qigEqM{+-ztZgRvSg3#g&Oo2dT8?k3dP|+oTgo)Q~L0RP|KBP0Sj3& zq_OQvqlJE?T+xOL0v^q*-oq?nQVY+D3S{@^<5Q{Ly9TM#~3@vylSn{uF%lTJusnAW1RV{UUPto&e zxbllp!Wic#YBlgqwEJwXPxQ2^-hf!L zzFHFVJKXv?QkU}yS%hFA$z5%igK^W1S<|F8pI9*l(EG6JSlKQja&J5zLHo?Y&5`W+ z+ymXbx6j}ayaHZ(5m-?|8rQAd1H#m&Y`@q=lBv9TVQn@vb~t7Y2HkJx#96cDI{Tst zuGTU`#zwS3?2H6i8VqPIzQMIgaaEg4%6Dh2;;xI_8zFrj-8!}7xXl1U4F+Y_Nax!& zoj!*?cw=Em-{T(bvCTcA;1WbvWW^q?+5e51=8}NV%JzL>9^0)H1z1QVoEj_`*?YDnx`<+VIX;8?;z$PCTU>lYA8Y0 ztIXgKq~3+yIA1WyogDdR`o?U|zvF4PvD*MI6jn|78IAG}s2O1s7VC$8S9e9F$BB!T zx%|=Rb$qpTPS&4_-$+Ea8O6bx0|_7FsvoR5Ft#84e0lXlJ!{{<-4MvsuX>?80f;x~ z^Xg{^1$Zkjw&keMQDG~|0Y$}&yC+9=08WkMnn;SruRaXUuZOFZpV$mfdlk(kcFyM2 zAL$-_wPD3_C5s#dN4C9vM15>rN({yBjn+rI{ka;i?EmgU^Q-~P0DzRMjrlB|Vogp7 z2f2ldP4o`oN`;M_m{F`VdS_0p@ow3o=T!T6%9-_t-&xySv*MNi6dj5h45)A*`<|D? zWy_73PX{EU^$k$%7bi!F0q&2!Y;#pb(j?aY-Ov%z8%`rbEs~W}l=6O?l_N+dY`No? z5#gTgq~*AwvEj1aXXUA|H_uvH3ZjXg95}+uRMt5ttJo zwPjWk6CGWS7=gYi`ryI)CS7Q9`?1AiOmFeLvJPTcdk*FFVv((rzka?3h;Db%@>wn4~I<>8b9@qP|Gq z{4*6p*9^ZYdB$1rKIPiV3 zr8@<4HF`IbS2l1%#ou6Q%z#_g^B^`W?S!O@kZQX2bwHSSQIWyjOuF4LOEe>nJ0=U; zMwHr#9uhiT2j^YZEU((X(VApGmMyB<$N_eKMr&QrxLF!l-9z%Hk9CVm?gCUd^x_Np z5_?jpjXV_g;x(H}!S;t30#SlT+Uo$gUFA=`BrA}7a9FU+5jWE6J+*7do{e_=5R{gl zJXJ=xUAm4fBDZ~H(M(BI=Y=-R*bu}5UFz*yF96tkgtiO7R_E?*jrO#>f7c z;+EhQ+(Aq~+kyThM!N3l)Ve=Cn}Cw;h%A7CcI8i)#V)J35|zI2H9l}OOnzb;thVx^ zTYx`fdE3-8jl>u$Pp9wr ztzamk&6?c$EOAU=WZScCfZDAHb_RKVU6R{pndK1Vc0EF?oe#_vSxqt~S*7a;a|>aN z%)sI3tYJ>BMVulLt0cm`(`_2B%~r^2N)_|U%Wp2#+`Lv)R46oNd%mpg$Hr4_I_`$O z8W$A@5>qW~#@x`Noex*GBpH}2bw;E#Ind&((5Z_xl6AU#HJ|>@PHmPJ8k|Ay^B7PM zM+>ELmWXsfy!39rE^UCSFk~sU(}e>Mk+EN+uDQV9?q08>g!m@7MI3cd_E3N)krDqm4Fyo&o7b z>kFJD0WKe=JbQ-%Y!04iC|~|Yg-NX?7;c&s?HTVmDPvQ(g1t-0g)e3ex*bq-^jZ#Zf&3hE2VGr+wd7l+3i!pIg=vG*xxy8+F24GEV4wtKVQUl-3p zL%Xb-1+ZcT?UtOu-NiIe6nn08sTH-tU5dE`D)+RNrwQ0EHh2Ix_cItcSL~)snR6^+ z01gFSN-KJJV-$O}ngeD4UH8^Vkh35H2+!+aSRzCKvN=T$d7;Z0m>^cw*l{jy_r?pC zX0=K7InZ_Jtq}uR=J*tLaNihr(D*fvE<}mFa63ImD|TZ6=X#RYx!*m~e2~6Hpn55i z70k1HseZC7gp8Zo2BY||jweSDp~_IN9Z&ye2GU~C`t%T@UsN^WvTf?MBo!()t8T-k z;grbXA^?F$Z1fUlfmA`zhBJ+k^aj&qTdr$w&1*I?8Z{-&A%T9sFs%7Eu|PGIvVVSS z%$NqAi}loH@IW3(P@%Riv+qaTRHC;?Vp!Vh%%O#W$kjK5#GY!gh2%d zk4tYr+`f{e&Tk)-kFozd_gXc$LPZ4~pJ`k3OW<_fEwM0)2<8bye8D$ifpVC=uMr#BV!K*hI z8{&Cr459fm+s-)qPBl(#91%FR8+L9U-zgNVMBuMe7YgQX;ImYZl#q3gb9?*Q!YgbAEzKF1wHI+{tDf0KC&>7VQRGQyqpnH8~DRWQn6p1d_%Ppp0FE>&@>)Uqi>r02QC0%!S672*I8&KsM8+6BV zrnd)obZB+NuzEums@)O>nKPmk1M{Ovi_;Hv;g8aeoYP!o>$;NqxhA}U`)N}YWg}hy z>=#9B41`_9IUFYVv=>VAkinC2=c(Dp)l)c3P18;eI;@p<6?WTOxIwR^6RceynHuor z-Mj*?WJlQ9bx~*}8ktv7sztMr3IQ>zj51@0x)fa)hGy-T|GJ|2}Gd-8t=9G%sIO;3;iSo$Q#x6a`_=;T&T&p>3z*>EPz?*Y|TEQv;tGpwN!0pzj`wG&MkxWa-G`e0oI z84ktciDih`yV`<=i?@FIc-F~$-CDKZHnRY!wIO(r~e97)G`nR19>&Ry~v?QnAs=Z7t9Uod#wXoQPy1z)E z6+XYP&}P|z??381PDU@;;pK2D6OmHM{{Wp|;-CE}m7AMJwo~h{A)q{PGG64?1S`lA zFepMPN&9Fu-B*7#a8bZbr%6(0BCzb=vV|p$$Lq2F`bk|RWo?kI@P#k2d2V!SZ`RpB zHZ2zr@gd2X4T*?2Je%Y6_DDa)>kaT~WZ3m7JncyxD1KKLLwN!7VD9Hi#=j93blmG1 z)rCsABjcJ_@lIdaae5lts&z$yQ#wPct$3U^&CJX=C%hkD^yzmdoAb_(DIAOldN-=- zgI`5CxgPDGNvh5S^l7fRt}dQ@{hHUJk&+wT?|zoCjH^8{Jkzwnldr`_)mNHcVp^(~gXRl!JHkYr@pDSGpHVRyqSX*A14DTP@*HeZX-Sf3dRw-}B$RcCg<>@|O~&fhDAFD1#RR=c~uvgzNKN`G1KOE5HSYD|oo z!qBM4r)-rPJw!(NIX-FK^-e)^C3(^o0uVx`xyiRU1p>&tlrq+-)B9k5qqv$QWxSU) zc{dJbDz3Y0Gc=Qq1UFiNKUl@xNAL|s*t$I0EGZJQUA>v6HIKwD^uXPHOvZZhEa|ax zf`T_}clBl~%}67Sp}8Cq((UhFO;*g8khd#KqMi-$@Y}~JLA5E zkk^&Qh_&SUe&V2@sa@{ewJWUD9-7)SJZ69Z=k>%r$r*4j{0xknHD>DGa&9D|%B%52 z@brv#KU<8lh_G`L9LFr`alg#7wnFsExP^JkmEg{zg!=ysLl@B_=&0jrOO_nngmz^Wud*j zbL7T5jwks0zmf)oq`>i60&&6Q3H4as9|tp1UCGPa1)opu%a9F7DU0u=ovQ0u8d~WY zSeQ<@4}8lI{PJ>pq#%HF>O0?Bz>)Jt^;H{KHn%?kcYp3@)#hN0h)%g*#HAzCmWlXm zskQR1M9gM`4)CxqqX>@m4^E%uhZt2~xWFP&YR}fE!4F ziN;Yowm*DqA3{NUge>X2F4IYbbnHIN*3^uCC)1&TUYE`;G|f zk8nvEx*G4EDaSk|l!|b?+EWsO(g=7YKzAJ?ymofgqgu5#n)&^?w@2Y^ef3tu;Wts| zHKkSI8~X2nCiH1~UzntR?b9y#aH);4-X97b#WPoCth+ybw0gPD-s~TU@1dh~ZF#CN zX9p>Yo>b09CxleRfy>HV`)8M*9K9b4U*&oJQm1Aw|M=N!=U?s^1zK09T3=JHw?CU`N7{E(pS)_ zfqg(4YH@P&-Z)r+N0qK34}am&4p*y+VZ@{KFp96NTWTb12WEu)d4asj#FD5?6lG2}5E z>?w&%V;6Wo(hk2#=E_JF1rH{Rutm!=DPPXgfRBch)!$8;6o5Yy0D99-7nS@Dgg<}T zUb;xxv+GRJIZb(UlIDtL407;!WdzF~lt~#liQG{kLB4(wKallkvp*2%Rld12cdw?o zQn15kUNV{`MXkg8G5Li>X!d=-=nf4qo0x^xTVtsiirf{t8Ly5YC0CsYiS=^w(Xcmq zpE>M|rf}GAOyEpZA%SC8$h7ty98V}G8B_@O~gg_v{!rc>z)j3 z`r&1}iW#&0VAOCtC`ZaIA?@sP;QIP1c)23&C|6p2*@Gm)HTy&7-lJq=yG==XUU3w@ z@|Icc3M8@aoZHr;3mR4tb@e+>c|Ok+8iXlmkoNoLS+BCQTm8-njunI*tVr^k>y>#c z0#8gLTC>IS7;Jya+yv>BXgB3cZR%fVtI8{y&g$oQl=MR*Y(?L8S%0OpbXW{-J9bM4 z+J9yH=D(+sP0ht=QN48BIcdpZKk?Q@yuO?x#W(En zCc$#3GFMXjS4xddJXFLKCr1Vv zVH^S^QGg7~&%0LJ5Ls|ewn~f-r@cZXs3>~)Af55`r6+!>%~aRAbJLfA4L|6)7u8=2yPBRQA0A*fHxts&3gF6Uza z$O|=4rcfG_0styu0ni=R@ybzv-!^@c-T9+VYO>`ce!=sszp29XZvY)yBU4OZBc!4S zZ!0jT>2S0LG9MiuO5(m>68`)ciO`gs9S1N-?i0dmA7BQ)zz%imcrvS^d(Or_>jPrt z`8|pHKC}8kweVBZzf%w3KGNTp1-xE9@ao_E4S;=MLcskW^Ve_HAWV548r>XVDQ*7g z@AjC@R}___HvGqz#fo{jWA{{WvcH=KU@-gV(-#9!ar3`r2>#KQ_vI7yCsG0|8|?p4 z``%aOo}chd=|0B*czxsty33y_)ZZoEpCvyp@8drzoUfRt3HrxX+~-gK*RB3$bg!v> zuW;u&NFopH=ZpTma{6bLzX8ElAhm&mqXtkUbDhl!4Sg9T)XZ)A^qv$l@V6QeKcFrT z#88KZh6s2)##qafUO*+{4=WneO)`0x$aetLp6RthSyrk|)@~ z6a;ks(iDemLqCui8W;>Pu|B`gfj9YA;{n&^C!P(Wpb(XjDe3$I=%%TttBY%cYeLrn zr13JPYZQi&k@-KX4@eT9)JBgSHHYi7JT&UxDE232at}i5>gq{xac#@|oB#nDAoC~M z(LMAL=D#!8Wkci%Cjpri$GT|1+nhx3;y=;kj{qKo5D*(N_v$EnU;_OMTK)*C`A5m! zrobN{|FGIc@FP!T+URZX1g0O82q@y+Mz|iz5Q^L$ zQ^H-a0p0BrM1t-2eg4FHukOO1{D-Cct@mMFk@Ke){6;}mngYOZ^dO#v#m@83v*{C?&9eZVBf zpC$*6x4frd|9*XfJQ(JO5C6T2{^@wYKmKp|S^pap?*_C{KW*_J6AM&!G9Exe^=j?@ z8zRgSXvoAODDl5F#tP8jR9+8~3%}cE0K(m3GW7dB&~Sf?!P_AE}xI($COIy zwD01HV)xbA&j)%8q&e{{8XQT)$Dr{O(>=U`nMrSC$ox$RxxtaJw+2WE8PPw=1JLtr z!+AisKHTb`d>`J+{X6eVE>bGUu!mU-xDeQ{&m}(-s9;VUDnIKdHPx2aw258<6sE0- zYf;n0$nVEA56`rAJHXe%V!xdR)R3amDbV3V=x}Wu?Cexm)=RB?iPIZ>bj*7>jos63 z?5bBZ`p6H6E9?xH#}7z5Ntz2qy}I_AqSO=>k+bu%bjSkY)X)~dqP%=|)^Ld!sS@Df zV-n!<&g*_ZfF>sZawa;+w-Z%+9I~gT>5~ok4OG*Lc(@A*WB&5z9;Hn4f3}AaLXIJ> zefx@*Dq1EV!MWqvd!PtwGHQ|$T$qHDui36nZYWqiO z_ae>0d6X{`s_+J)S(1C{xxhnjn|+u*0c<#Ee6GMnF8JySrDhk`xZLZPkWb)ut4$ey z5Cup@I|ZAwpVg*|eJ+rz;q9h|Fi2h*(3lhJh6#d)xwC2!43}4u9_4om9g1>RoyI<) z8t9$;_XKT9QdgKnTC`hQJO%7!m8EQVXJ-A6JXH{l-lkz>aA&65IpLvq(uD&KaSSG- zaMk+Zh^VV$wmdCed~`tZqTMsf99gBo5L!TLoH?5^KREF<9Naw35hnn);+t3==RZ1< zz&E=AM;d+q%=^HZK|I`5{@J7&UnM0}`TUEwJ3AXSL*jQKw1v04$&Hrp?#!O*kSyA>r~ z1ED~?DQnI;9h96m3?sjMF%YrVVpgznzffyo=o!DZquD`KLuR4^Mvtjg$1DLiukx$X ziDC=ZJAO&l3)}vYbOh2UoqdYSHy=N*u5l4HJI?bn>Q{lomu>WvZGw$Z%{bx+q~n`) z3N9Rxxf6xFQVGmoBLl4kMqqe23a4D%VAT(0aU7yQgb;t5+5cWgnEOqfa>H`l}QtrMpa;2KF zEm-@pZ3RGZCQh7qQvvnkCd3pAr)Pm>6qHJ0cN&+F$N9ONV(XVw(4!+lT7a$6Iy~~M z7meH3t@Mu)Rye}5-RZn=+<7TiUnk4NYot);@pAX|kM;pW=sv3(u+~URw?N10_Gw#m zjaqspb;ke&I2ATT(Y(*!x>(0A+X;5WE$L5O3WkzrN zC*9qJEAJ2tGrt%9+9DoWMrYWNkAHQ@P>^=mZEWZz3cYds7&T@wnv>mP3;>zOudZsQ zE&!Bs#|j%}?0&r!C`%bcphMV^a4V6bRoJMrSE{e^)n?9mvesY4uNj(k`x|sSQGGipAsVKEr3kWjj)*K(m#&q zUKsE0Sv$FQUL!G?#Im@zB5t5KtAB5B2Al@KvL1mmaF42w{K|-n3OR^7Y_Q8Oe&kju ztugQw76HH!@!;FeQ}*q0@%bgslMwqVGf%}pk;2y;7>_2Np z0rGk0M!BSw?`Yv8)7>M|6CzuJNEPBE^@Dysb)E41ZR9Si*fGt1eT_16wY3Vwqihtn z5hKSuTr5*XCc`2_u4OCAy?c|F*jn-N$bojy)S%KdwGo{W9H}XG$1rf|P8+hd{DvBq zlaC|1iW+t3l|ssm<;=wt^uR{LGRS}$xkt6{Z)^n`pozm`(sWwV8g$&XqFLuUgGuNR zT4o$ejPeB^G;=1AIWf@!#?=shP#5&|7;=VfSa0RUAh3Adgx@nLJ5gvmcr>r-B)t}J zB>cC5>)WnXd8!*d#P_lqN)4yl`LWr)DM zJ;=fe1msdBmInmS@j7R?dnePFpM3~1RCIf*^>sK#(5x1syJD+R+`;Oj5No01fe(J~ zUNqn`m}ZENn#GX2{!aWLvg?pelAGRiSvvW4s%6m*){KDQMIP7TU$kef&*!li{K=f7 zNpE85a5IWJsLM{AjF#?IfPb*BZ`<1o(kxm#*vtE;DZfV9?DODbTVjZ&dEv0g=6RxGIc`pe&p6kE@dJ89AIJd&c}gz^3$A z!!Ay5ErSmzgGy%to&~^mus?MH0 z%$<4E(*W3+d>PKn*|}pH9W{yx*|88Q6)(dBBO>ePXRs8%LORj+7 zhQVzp)s-eYZi01#2J~zj)RbKsNRc7y!X^Cutx8^O;@kWAvI`z~ptVF5`sL)(1%v5n zRI%X|JMG$au_o;|zv|!9*=rtPHf1zdt{7OO1#_YesTP{cP-TI_hZJ#O>XDfaYd$e7 z!V~eSfq!d?dOxE-;FQm3_bxBk;IaF?Y~6R`c0cVA#(`(y!gTZS??U2eSRLCSL+);O zO##J=V03r-Wb{3HeUV!$PZ{$%B&0m^W|d|?g^_1jTn~_ik(DHv!doiC9j(xkS&2Zoa6G#0SFc;ZbNGFhwjhi;|Jnwl#rBT?>K})QWci(}+7vZoG9%Tn z|8S#BX@p|K?IN^2GyOF%`B;#!7u>es+v|kTUo46=2xbjl8TlKXOEMOz9t~JL3(nVD z1^R)w$N%x1wj^CfZ$IdLoU1VEnZi+YH+7Q zUMTmbFe!13Q2;V1)fH<8^=NG8xrVW3M1+@mcCK9vYUkT9t+`X|_KT0pB;ooL9V^p- z$M9L~eimSGmB5P23c=T*r8_~|-E2i)^$mN0?MxcgIi@Wz{m#kEtXp(8{FttE#Y%ci z&?|)luf?V0b?mpq@it!$u&j7@NTcu)rXM6>EZc!QqZGG%RvVRW(O&MUBDxT=(K$&B z4+Re(+p(ARnc;K9kC%@vBwLf2t>L`)+TFnd4!z>heY?DN`)g?P>2F{m{}TX;@@u^* zqb+TTx;J!v3O2f~d1vihIoWt##9%+U$07V~UfmSlBIg8P$9{fSR46JALwD;Pjivuv zI5=pnf^xwYN-Q-vwl_XyQc$Q5c?}NC#~&{D2S-{lnMLJtyL*vPzLG(f}H-LC`1To=G_mT``_ z=whNblGd!f3l{O;Nr<~{7{MgM0OLj8lexe;8n`IDr6XdQ7o=G~TmF}kja42nh(D+D zqOVy&-H2%U-lwgMIa|&=D{oa`zXVd)!*SneO48|TXS3YK?07Ty#LD#0y=#P(Pct9d zSPe{{jf__H0g%*E~^qLI+(=tWr+TyB)q7JaL?27Qy0S|k0e;9dd<=sD$zsU z*yo6I|BMYdLFGZicFU^83p&@pXSk#iVEpuk(%-+YeDJctnP~ks?)CT&4g1aUw@Yf@ z?ZJEXY4o?M@6WB@Vt?wdf6t^!;2-<}|MllP8xRSgXYqZxOo*a0v@_n6I78eB4LA+I zeQY#wAbB*m9eWf_A8`j7Y0uXE=?55rzdS6I?>|{T{ax<;`~Me?m-D-cI`mSq;wqH+ zi@+=f{_(g{3MKwXbxciJIXMYTbId9$;a{NQqUv}e^)>|IR&^>f^O<$aBK3q|h*=HD z>?x871N8@?R};=J34KWXUY#3}#YAF0M)-Aki=Q@S&Y0MfV!ztc!^dPlEA(G39yqxA zpg$hY`})JVp#O2}J$%|H`{S>E_%tu|M{V)p)6e9GrSrr4`xP|mf3*V8CPe?`n1O@) z=Lvsk?$+(OolB;p+Nb+6RcK$*NIMgF6H?|*1o0U|`3j$8jxQD2*dn%_Rg zhXSnM{Xd=YKmPeYzr=)YEr`QJv?0}hl;>+xqp70eTta#K&w2yWzc7?F>OY>xhkDK< zHT$pq%c}=8zt4Y^^*^uMf4}+ve>fptu0Vep4;MUe$)CKVnwteY*yi2>dgdK`_ahe^ z948$UQ%uLwLV$9~mv99_vY5B`kJBe_RD-qfy;Uw^PEPDQ?uR4S>l<$`3o;c$L7K*UERJX3o~aXo~tVgA6S=;2^X z!a6&HfZNaDS9Z+4{ST{kxb@Y#y@o%*t;@fKM794!DR}<;z)$zPxjv=+c`&}c{(YDE z`~S4#004@;KgT!YKevCqEjbNgT-?!A9jdwqlIT(fqUUy!~u1uP{Tp8V<0$B*SR43#WV_OLXs!$1Rd@*ezHC#@@pZTe@Z0uNSwUZk}4u^ddP{!9Zgy^|yF(6>u}!<9EAc z`6x7KQJ(^KN(v@Yo?o}&18A%)fq52UDgVgR{tY9T%KeR6e>;oi z#=|eKRt8X{%OFnJ_3_#?Q@F=t7DCx#8TL^4h!ZYbKAo(9irKUc+*)uMw3#RQ+j6zk z(ev>J9{nLTUd`&dD&PooGq`W12kSeo|Dfz_!(WVCGwggF7hJz0>%w zumMzk#62AXJM{_5f)8A8|Tl2b#O`zi4&hZEM$4$-dOM)}<84?SRm>;_a_J_0O zr<5vEJU1oE84W4!R3N-zN!~Q)DwOJksn7*y9AVJyZ@uLi=5UbFcaL*teJ{3sX{so= z^sB(jaET6D%#PxH0-+~km*h%S9`sjSpF}1o^g-uNAOP*=1xX0iheUZP7Rq}%X$tCG zChRsQf#e%f*&eGYB<;+bR`BlMl8{`e^;gBdmh=Z!b%5x3#NAT%{YcfD1>{q}qog@A zEkBs(<4`LZ|NK2+OEqX-*j=o%Mc7|L3dwQ`2P(4NDmy>o$Ol+3qXWBk(^cu6O3$X1 z#IkEs?6$&yJ;Wz!E{?rKj|M+tv)r^6UeGWk*n*nf^R}8JXM}gOZ%(YAfFp~Uvjt}6 zEYwMQ!#u32Ce>^OJ7)%5d3`@fUec_9@plI{GWr&Tagv2XXU$qLLDNS8E-Y@Wy?DS# z$#|#;8@GZrajl#esPBuTDgPk6q5~Sjan{?EyaBIbAYQVP;Of^#fvF)&oGWQI5|M38 zX+!)N`qnuS_*HVRw3O7%S~{RgCvu&ga6g}6j>!>#K~#o%BTMdW%m7m@52l$Z7Q$wf zbrdCc-3Bqvu^$OHp0_ZdrV(!ADCsZj=5-wq&YUHXH>SU!6trc1ceyhN2yT((%{YI* zDPr3o6i0Z6IT#0M$Xz8PT}|8&_^!#!+6mCSi4Js0!FICDRMpWiMsYx<8yzS4UeD$2 zQROxpogTffGPz!7JT!{>9z^1sEkHs{3<@&ibRDXxCA)T%Y7O=6Hpzj8Ziy<$fWzxL%j-tca`vDxwgBp^XY8@c zHa;HC+BGzEIa0WrARPI2ap!|P@BYv338qhJLpxGA=HOQWEuFo+!hLVc)_5}j;UJye zB7=weF=Ji=_h^4VhZtae3ctCY;}mRod~dJ&f&5?%KwsnwAl{}DiEsi06twl}h%vuQ zYa9sAv$N@!w`}sT)tqy6sXs;O_u?6!gjo(>_s2^C2(v50Uk>vJ!MOq!taat(hd|`n zTkLBEt&tZv=dP!1%faQl!`ZmMHgOi1aXkc5+mrS2s(wxO)- z(6-hA7Dw{INSos@b#P-iux&c{GxO>b3-#rK!HT0UVKW7DN&iYZZUG{!Q7nTpd=fG} zCh1;-6&1y}SsAhKOuK7J=Gc)z8nGU1L1~wwCkzCZtX1s?+MNHH+DKjlJbDnv8;DXBa~V4}OpS$z zSY8ob3KEqvR4P>p(IUbciC-;e%!>Io6k8T&oEwcmSd{&aOX_r|upVIrjJjj>8jpti zL$$i{5UdE)6_r4%{*2on2`O7sN6*Ug5xQyk`f?{Y2~yIY|FRv=&CboyH&2)dRXNUx zAuA*;rK`*MNU6^NAeJO0N#WQMR}-;?1<^3hDq|+pG}N-6$%&&u0y{gw7b}jBFOv0i zJJHE*K3qqYUW`8dT(y_$eM9#sIjo-0wjySa=#KgqvsvAbG>ynB3NcP|14ns+f@-8V z+U&BZD|Q~FfYEI>s8hW}sgGb#Vyd|G!hC#($ zV$c|hJ!!dMuxyNwrjq*4$SOx=j^vVAve*Uiz-4CcnTLh(wE2Ev$smX&bd;{xz4i>9 z4%Ftf(5Da(C-}2(w=qq>jjGw*Vp~B^SMJoaQX%pb?cCVW0xC~uY9HyOJZPkEz-N7w zQ81nr7$PDt6V~~34D23p=MRm%uB?6Ufe-;>_JGZg9w!C0jt9F5Dz4 z(Eg2a<|w?RopTujJ^z}-_SQD*!BCia2j|4Au;+z*(S^6$GsolEs~w)Uu-8Gd5G5ifF7 zWqkU@F0-Bn__;rxr>0Uwx*4S(`=5OqTuU764;c;OL+kKkv}ZYTWgv1nQ~Zi}>-v;)jC3?& zKJy!%s(IV%33_iGXV6Hs#G}v90~Uq=e`gGrP^IjYg85#*8-=!A#c# z$LllUq8pRw0IIl98lpJyqr@t`y%pwbG`NX%BhWIE*j1b7XOBw))byg`QyWqVW2tYG zlkR$@CHE$HIW@xoH=1@9{h4+sh6}6Zks`se_)W zArn^<-s*}l8EV9QIEel`hbWwb(`roP1W)N-qw0FNx;bGwDWARLJtg|A1 zuP!q1#N~(4qqXA?*2|VBP1{2Cn_q=T#jUGE^P?udJd?6OJbz7PDJ)W@v@% zqPy9uyR^al{)}4!tN-}aQ;wVu>ENW44@xdEq#y?}5q`xFCK+ziMIs3qgbbu5dI1Y7f>ycy4(te)BYh|vt z_c5RZ8(A`W!nLCzX(T`(gX2e!4n8i_*tzvJqH!qRcFp2PceWr{AJ&&E>&Y71v;yBu zK&DbisAsj8s=k!2%Id1J+m|qW`v4!a2 zCCO!C*UIf;v$e6iY@T(=?EXAO)B{rI9tnQBb zVg}YpnL29TO^sd8=jF|8jrQ6(et+`{2|irwTtt29^#Zv%gqN!k=?HIOb(c}^WOD}q zygX9XMH9o=`&2U2eb78y&S63u_Q7d`PD6#r+$@v^P|0q^FD$D4icQxfUD|E6gU1$W zX0}VO*LvOmYfp2H%?z&TTf)Ko2K@Rspb@9po}R0Jx{a(xUqk1^Z<}82+2Jhe&f~J& zN?e#Q@D+iDO=*bk%f-uG{qd>R3B%USxs7XRDW6d>N7pQuV6kNN1&ga#U{ zQKswSTs5T2=unDWafc~Q5ShVvu&eg*G(i4lyBv0x!I4@FQBhP_R}&e%UpY-Q=Lvca zA;l7FeeZ>VdBG$qrD7ML8e87n--`{#C?6R=DO*w1?NZ3F%!$bvA>?h+WaCLpNso&S|HtM7~YndBvJHLLxsatBAQy=t|W*A+X>uVFx~rJ_G*93w;Y&G>{Oi}t@DVcT79@|*`JU2 zW$u3&e#y*?Z7vajmL6w5Wu+6j3zqfr;m|MEj%D;k&6_BVO(y-Z?2cDEmp(uab_d3?Ci z4XZnM*tuWP4(MyQDF*V>XH81a;$D5r`$C5i?021%k~MJA0uw5qa@Q#vK-3#XkxV{% zdzWeB6${uYa)tMzSFFKoK7Sc zqdGmu-jF+1X|;d!Cd7*p^#x6do8krb}n#~%hMavfbdc5Z#_9v^~aUwQ5HMl81uqr z`02-Ad2_rLdr4*i#WXV6W3?JO@cWJs&i~HL0%KHpHFXwspg-8cjLXPd50#TaT;cr& zWWRQ}{KIxGrA~43YkS(V$`mcSqO-xC)PfvY(Jwb0MUu@{;MSa$tq`GIrqvjl7jK0% zX&cMrNM7wDyd{s9#24K(WYpbh@}R~4vS?fcdy!ug;yu1lDB$GDqik!U`@s#VoN?Xo ztWze4+XLs9OEehF+gF$ITN(}WoY;0Val1t*7ZqpiUG>?kqU{< zdRMqqj7`nD?b#ldVGwg34RT-xMLuoYVr7cT#uBudhNpeSi;eErk@+m32}?*pDR`@R z55*3`m^Hwit?_8IjOB34oM46niZM|i)Sku!VOSB=-I(OaGi@Z6&x`e`VAGCNLXc6W z%yAmZjw6!r*Axkdc#j$19z0bxbrhZ@etx9On!CT6FLom;MBLw&99i@Y*;?;0a_;^a zjMTSK6e=p%c*`XCX$1^;9wI%v${EN=%6q?lLp-aP;C4X&0GV%wSK&Q7W6XRtRqWCX ztELO~1u#9uugC2C*GFMgM%RqyF6r9Ol?g1lG>Tk)g)+K=6p2iVU2NQH5#Opg`$K%t zFlIFwCWDu`mr#s?gw!2&as}|V8>2xrE+8Q?6r8;&>+AZ`t+y9(BcvP7Xlcr^YYyK} z8jgG4XH3YZ^76RlBBy4+ZJuhSEpj&_A-t~b*VJr>Z>*FV7HDh1{<8a4rF!? zg-##yZCb*uP|o6_QfXvO1v8iI6s6golD_EvG7&RrHDd-68(-TH9bso+ytr9P=aTDG zjQF%wQ#H6G0?Y|>)+Xd0;m2x2J;!jB>yh4v_ZvNnC?$Di(v}5hb{WdKT!f9Kp($VS|$!(?dB^V*Z?YD@N}R`puz{o_S-F z=^=3?MXwOemLO6BW<@QEfvFy?-4i`#rE@_q;|h%YIz>iN=(FpW2>g+oiOu<-Zd^qi zJ+jo@AFLMAE@)wT=fax#EqWQj#{HW~aR~wayqMgN6WiUFOv4@I44FuiX)K==+ zPM%$Tt`8F>%T&fsfM#cWbI^3rGE*bg_4G6q3+l2ifhB}ve-v`W#tWIj@PqoL=M8&$7=I})YELu4e#Qog zf`aK^c66TS#WZbQ9Oo2*Q#O;^(b1cnZCL(#csi!00(M^^yiyHOFf)-G)1ghA!g{>? z66A7$lkCo>25F4oL~q5%yw3F!45fCbJYBNX+G3WwCvYg68j1x2h+RuL)f?jdqZ_2d zgDI}^7{gL4 zyl+n+z?ppPXtv&2{-Ny>jYQ}oSuU`+LXbcS%ve`}mBYJ(RdQZa|>VGT(x;);fFzm+K zz!coM_ryJn+pxU5;G1g2-2k&LPQE56-7l~4zB|H>T{HL`8mTr)KACdT)0`Urv>J74 zSx!|e6fX!rHaEl9?1i_~BW2wmuyK;SN*Bf$mt`BXS$R1J(uDAD5Bi9tP%OYDKdL8( zKJz92-)!t1*RET;@r!%aW1j%EfPZ32I%rEq?)W8gsK1 zgkM#q+2d%6*pbK+lf(soa@TZ@lvi(^BbnmeDTWqBivARl)@5f=TZ5=4M|bMSlP>K1 zC~|TT^Pe;i_)F}jh(P&-&DDG$HqyaVNxTk&sLftZGVw54+zj7ZYrptW+qN%H^+AH7 zW47_uF&bp7RmwHqMbNs&`!ooR2>A`S>> zh-BGk!{iAU;ineOFp|HJ@J(93nHbmII8)gg#`y@)(3Zx9a2}5|opFzrI!gItPtD{q z$8DqR4_|8%n(yg{dcMXezIS~EunS!6WPxxhk7V^42=(rb{A2B#w?wo>HUd`Rz z2FT>&0kP>%_(z}|fi8Gs_6=X@gBDLISG3V zwhkMfHp41Z-W2AF`|>NzA>pz_ioT1a$Wa~?;h`vH&VH9md%qaf4yK8NFwy#rR#yUJ z?+9ant3zxJs;T0=)_TGzQFQ(y}vTQA#M?h6!oRF$cTwJunP03t%yO4!;nZfSU{`Y;W)^E`a0Y{j!PCA}$ z-dtVg?0uiF1Lxvn6wp0gqvWx{NVG6R_sqn0e?J5%)W-fCt<&&TSDF#O;?(b2Q5xOi z9fa#ef;1jasrk{`(dwlu%BHpP=h*Lq6I#ad8BSA#;#Hs(t>DXd>x0Hx<}iij+QAA( zw-;4T&78~@erA&Iax;u2crJu>9yi%;M8ut7U+JwNV`Xg7@*`T}MfKfJs&K1QWK`Th z?4wH2+X2Fvl;zJsNE%~`d5{}Vge#RDnPlZg)>q!kPId3U*nx&YV9!_Fof|Y;?{!l3 z^v)gy6Qo{k&NM)^$gR&sE8ArxF4yS>lolwM#lcM5Wfk7tRY#i^&^>_ra{GqWsb9 zS@u=4vuZas;OApP&-A^XDaw2P^l_Z{&Y1N&#U6@L|0#r#*i_P=dHD6=h=y-1DEhDMY9buvPTx*?VpC=+=>74F;%xnmW z<131JGfshexvk+&-yurbeUJRev^FL)yK80?|*?h^lD=QPti;VCIap*VSt#D_Uz#-$jCcW5T%-KJI>E8uexvPP#|25~biy(oMh&)RtMRKPV&!G47aYgbap~y&u zGdT2FrVx={+NGJSPG*MvDVDf8j=9>@4X)^E%w2&Kflm^dlN$cg76#aP+r2?N#&Vnnh=@RUX<7I#sI~PKVZ?TjPAFnaf?;nB;xU!cJ%&Cs$cWDa zqM)TbN383XTvHT1WVf1ng>5^Z_p@%$LJ0cJLB}QKRDD#a)o4eZy({qlV(%@Zs(Rmd zUj-Ee0Rd@{23eG}Al=;|E!`m9px~mryKB+iAsy1)Al=<8U{CP-i~T=)oEK-DmwUZo zFc{1^*E65I@6UDJf;e1y+s%>3fS6=^dqyTTT8Tl%rQvdd3j^&~+|l!A(n@vJ^@T!u zLig)HAJm|J5ds5oYU$PLLS@{xQSJLx-=qZTs~am?;*uloy8I3`ln3Ew^(Z?AqXTOAO^yxY_WTe{2_ z0A;n`OSpo@wwnolCuN!m?mr8DooACG(B~>vHt) zT8m)S3yJ`X_dJO^pa1kMxJhAP?F*B{anLo%QPE-s&y~lF8smXwk>p>xVnzDD=2Qh;$@M3>8-w0GK!tmrim2U~NZFMtRNJKBO%=D?*^G`P&-m&bLjmZncv zI|eptyR)UJ^||~5Fv{~&boyRkBVOHbp9vF;*h6hjFa8MoQg}_r=W52gep&!yAb}Fk zxJ8S8E2Fz&khxFAf4G@ETvMdOhWN=^MyOMnwz?$!F?D8g9ZRF6^Cc#4u>4}=7{(piZSqYChs>F!tc_p?RKF`fEK1!-Tg(vTRL&ygkdAi&39{NF*M)(l$SLvS#Ew~!kRE$X zfn0$BQkLUE-hxr<&?i*Z>3~9F43e-UX!{o>&=68MQh(Mku*rcqP)qA*ume5AXOx$< zOXosZSovVYntca_K3qE?y}ECYsV8RiH?JN@e;rFM4NCUz97&lQK6&#*pff*~zj7R7 z5$VF7QNCq0$5oz~DmtZTOd?OYakL@T&U6}n8=+Z<0Lz8XKtb+sCX3W9Jcu^t?wgFW zt{^(ctN4oO_?08|`U9BC;YrjcClDFlA4H3tm-(6owt6$Y!w|(zp9RHK8#|1X0E4-2 zuC*&!Tv|C>V+o~+ze|r_1kcVrCr*^F$>A6E1{tIz0NJyoCW;1JG-HLK9L$=cuicO^ zx?B1pi0r0%Nj}yhK64F6W0Izkwu|CKYsxX050pg(fJ=4wtgQ9?CeNw=beFIOz28_{ zV_4P5fI7=Q+j`XbfA>uF6nl)+lBM2m9L0-7N4qu4lA*nJvX{Xzf-VFtmfJxonqMS> zDS$u{k$it6l&9q+tu%(-T(DbD*J!EbEpwNTBqLspTaBAtTuyyb+{7wv&zi@gEsD0Y zY_L?Y8=kL1tN1k69f6(z^=8`L)VlXLuzewhtDfKW<+f!cl{e?);c;UxiRi{6F(Y0( zp1z*(k6lGC(07EvAU_~5vG~Jcb}`;+2`fU=oMTPH9PguhQyix!1_pDcJW~}XPSw8N z(^@mff(dVQI%L^?ZmV=rr+Qa}1Vjlj_iJy`vYOx1a;1j>$45HPtD}wWmiN6@{HA@# zsVmYHqZ?LS>NLC}FH!yUcY(|{u){(_r9aM<*>k~>y+N9DI5K6(eXm~X;$S^lXL0H~ zD<8&m7a~ub)f_hm^}$6Czfp6!>dQ<}^B`5$)}YJHDgAB@?bqBUe^U?CVFja*Vj?kZ z8SJr8`zXyV)j=#GT!$t2XisZ55 z#02=ZYab)K^`mCt4mtYe6F=k7w}+g+=oJ+7*4{6@)Y}89jmv=F_>oE6UgLSV$bL}> zWp#NTs$hNCcF+qOj5H8E%jv-imgIh0RLk%7CjLgv;ZGfbghsgV!6z*pC!%0>zZ}DM z`so&jjF<6(cd+@N8Zz*oCtL&8u6?UHNfNk{@3;-`kyQL7u7eODoB>9T%Y| z(}rWnb0}Gw^f%w{%ffo8K7eCS`oc_Ja;BV>!<-{kXXC_wGK^>0_;PJNBetN|Cd|V?TSve+7Q*C_!q`8L{})* zeGjom>$%dR6<)*#QlpH|M1|jngBfmb=*=jQD*0D452V3icS99-)ZMtm+6KJmH~NPP zopO^L(qOw8PZKFH$COKhf$i}8PHpzFt%c-k{h{Poc{8waOFsEm&({DV7llw}o1r4r z>Z?-9%*4vz>Ztq;>g^@mNzM0s7##@aE)G0`!e?>7Sp1p%vt?m!+A?b@Kq*mASC=0K zR%CWYR%*aa+2b;AbrT_+pnD*JMJFw}-M9rKkyMX_^~DXxv}z=kaEbye`MYwA5Pr23 ztaK-Vp^S=j_E7Vy_9dd@d&5>3Iq zf&%45Q`6u5{POnaR6>vJ4gj@fLJ7aS`DftOjQO1;iokY%QlM&*q}_)?l?5}-tDF}b zO}sS<@#ndr$zUYEOm&drK!F(aIIy)#AJ!{6P~{hb{o%f7I#_0Il^zc$98=@M-lD@LB0ON(hJp6cJqsLfO^@#SpyZ1&$LTR? z%4W0ZbveIBpxOPZFwiexw%KJA9!mkif3(|nOvlAO68b`7btA2eSuG`Y5gu8PjVpkB zV8F`SSf8wUTQ$z(q&=9%rBIuPn&gM>?n(`-;>{%X?Q;cwo@6W244eFUjc9k1Ev)8JhaheLm4-u=WVmz2}v%awg2A$K62jJ}OUEx_bIW%6`SmL001- z);6=r{DFpbuEe^!iK}RJt0<6NDSaG*39w5N293{x+-y#d=Fw@vOb8YvBU*^n<`o=gn^Tdww5uV!w%!`O3}^Mp1<$jnpJgrz0J?3-8`MEuAY$odj1LL_}Yk zTOOQLR1^ZrD(0@fpUWMG7BJ7_!1E3Pdn`b$&@%OJoc5k&3PH)>9tZ#9#LSGJA2P4t z$I|pVnFPG*LqTa454}J`3nRp`c#~sPGm7(ey6BG|iRx=*;1TA!dmxsseXpeDwG$of zw5R+1EvwzLwGDagt>bau+8xn&7ePPA8~_JWvcmfN+h!t9DPW*^2cN}C zVivrJP>(GM)uaWiq)uid6@yyxg#>VHhjJ0QIE~5na!p{OO+UMh_DL-<+C-(MlNAr? z;3KIsjV&x=J?0D^~HV2So*P4kb+OG9X z2}7jTNdkyLzHiM#wRbsVRCsFD`g(9N!q9zy{A>Hx>TQx^nJn&=D2|pJ|CDl3C=$Qk$jT%EG_|>FCaL6YJYMpIR{$ zk6&pxSQWEk;J03t9f)SJLnq&|`+hr@4rNWKUohHCi?2g%6w;;7%sJ@OyH+O3bR=Gj z-$Uv2jd|>x7-3;YKedEO+9}QL&a8MYVWkaMpqen3#P_ImtSg>IPp$|l5YrNj{06SR z5`izQKaEQ$ZgBKe2@5;fQSEG!CFQR40C7R8_7+ZrQs2m(p3wWv zEwX>!A8V*b=XMf)K9^)HK_+U#Bs;RG!Pe`UjiDGvt! z*5uRLHM&!JsJ6Om@zXs;-2UzYrU3BoffB@9N`lGIxMP1CR+xdPQ_H^ivkm&Z3U>WH zY#gTY>pH0KB4p>;mdB{#))3D_lbnQr^Tre`Nzl1>OKC^&R zq9U}jFM{wqSWdaU2Wz$E1Kp%a)?%_ow;dxZ=DNN_`0b`(85uHe#dW~-7kYufs0o#_ z-0H?(H*-mVnmj3S9etp@sr&033J+Co2@VEE7Vl0_QISeZx$68?5?H#GX0=a6WvuNt zv6);-Y<$Ykf!O=+@yfET7}Rt?=i{uI3Fj?M#YoO|O39H66znMIAC#7g7^EjBr>%)A zI3tBk5s1v%#%a3M?)J@F0K&9$1{lhd<5|VNg@K z4<3vKp6V-xBJuisl!G+mU3W$V#r-L#G6e@pWjz`b$nGpdh!2m2kg0a$^Dtqu5?8;}4!RnsWNi<>CcD(aLt1`Yi(HIjz2s~{x% z;X#LyKW)2Ozd>Zs9e&KkY57q?6;_f|`4Skg0!6c6Kb?`zZpfsKC112?(Fk=)6{|lO z?0n^wo%J!0dLps0Yasnj%S)Sh?reDUtAWx4f&qA>gRZ}ANnHFl9dAu?*XH$BOT5fG zICBA(Sf+QZr!xiKV@k1cy zA|cApa7fG!K#EV?7X6T_UJV!bd(yM*@FOq&7Vr2(bJ7G1!d%@2top>Be0~Se zig2Oq_KX3-I@$g;j?+LkR~JY+f^eTL$oy-?$35NP!cPfK23s&WrKY%wEsACeDo32D z{xr);m{gR-R0>9^U`p$KekJpN=4@8N_Rw2XG zImt_5+F}D=&Ois^qWFJm2lIo08Ia-OYo6Nq#uHhA`I zOIkx(o3kxkfBR+v5_Et-_KOqScT1e@uFf^8}3(NaF-LR@2RMZVy#o zAaMrIlm20f=bIb}NRs<^MbPUKx9-6 zRZA5u;ddWfuApoeDhx;BVM}}$jfuqCfV2ykR{lO*6~tA!HeXFD z!o!`f;52MvvJ2kaFg}Hp8a^&=o%3lx-594P&44Q&+U=W*xjV|p+H-UckYV^`7ng-7=+{BGC!}? z_nkhfx)F~k7~mGEKA;$MOqA`BOxcGVY3K*trW=ofp{eJo)IJzB~ub!>og83cKIJ5{yFs(iI>+d!J>r7|EwpIVWoHjAQm zcc;w)Q!9$S75{G~%iOQ0VR4$1`&WAF0t5KXgUCc1+{`gu_V2&3)e+NqLnu`>4m`_QZSkTwk-$k+3fvLM%+_(|47!bNo_1`+jYneG>S;x3^e_Ef%|# z#&g>?#P@){|N8+ToP5%h%7FVCaGn}`j0y7gv+w(5DuQS^)GDi`=c`=<8ZF#sTZEVS zKLe%`?c^nFx9=(>e1<=~62x*WnW@N?o_32GI4o1#`Xg+G2-6BM?UnDP!7u7!x!tBF zzw@3vrmft6!0ctr6L1Ukyinu4B4@o9H#@H)n9R}7a=_{wc0Kc=b&&ov*<&o=Mz_9F zvK^RJ7vp>vns?5})TC+5`s#}rvStlOzaS|2ht*&PFa z6bp<3J2p`;&>c!}9=qBDH&;9Ys@S^{)e0<~jsE!6eXi+|k=ZCyN#>6qE36aW*V1w~ zAUyC=`oD}W+x3Zr&l*V;B+K4VR(iJ?qq2Hv&jSEpXoCZHW(2*0FJ?^J(mT9T-spV9 zl~4DHXh=VGdlejarrtMZ2?{a{e`Zn>th-Ka*`d(|fj>+yMig+s+CDbL@~=&2KHs`v z7g(xh&5@-ow79uUUEZuQZgq_mcAf^jPw^s={5R-`y9pb0XMijhAftv0LjZ=h7SrEk zoeLudV>Pzznij)Jusl98pm{snh*pr`Im^b0M1uE$b(_)}Dz-R)D(E;(u*IG;k%tL) z%{$GXh6;_SJSAuDdxFi4H`r&rC5fa%8{1GXj*7&9uP~|X@7E2{nPLrS$ffBxukpNd z*bcyOMMpSN(I;CGMsDzFN8dVrMSHNin`rdraI8Tk^*@L4>E->_2mY>OZq}n5HvI4*y~ccNCAO@Q<{$A%Ru_$UB%HI~Dh_ z5jWD>CvEN*-ESn&z1l0sOvt%h5wXN&AYoab&i52?f9#x$-0PvfSM*x<`-<7%OPH6* zfU#q^7p0V${KiC}?c5_Z4%b>>viW5u{0kU^t9k9>4O3|qvX$8kN*s3bl4*tHC!a+w zKo$BpNP&{tKt@kYR8(}&P^Cl*{G=7t@>hg!dRYh^^2@Fk^eS5j^LFezRqC{C2vd^tfLO|2z3-=|?H zj>a0KV8ck=(paqOl}m`ka!qA-(@C0s(526>U1A|JxFAR=LHnoAGRJfclSf)0hmR*I zDkWKkPTuW(u%Ke}5dTI}g68B;$+;f)q!b@1i6Q;<2@_oWqHy)|Pe_Ea!Qs82l2x`! zptxzp5w^9G^iHy1S7xKBwOK)Fb&x-8ft~X#F_3q=ET_N@W>1Qvwk*7|Sd|2la$D=Z zO57B*gf2S@S_-xWU;1f#q$MJd{iFN(3S>2T)<<~*GEb~IwCsZV8&5c*DX)#iz_l~I zj^WOgN5G?pX z?U3A-6A{`%QB3RHmNs_CbjqT^04{VD;=?_Cet{}Q%a>mU^0xL(Nzz&%GL7*o5J$uo zGoB!)%*|Iy0$Dq+lrzBkk(oUdRH)RO_7VY=B#qluA;pjbUTO3{$Y6USeWm+j`t0r*eJ&AExR+ErKdfkX9HmS6-B zph??`3^l{Z2&V8rCbb;vt2?M>Hun%DHDY^M-r7Y$Yr!sHz%X_EV?A17&HM$@(@^Jl zE{R)SIDJy-c`o(mfkXphHIh>-L%TtmdtDcsu~?Qq-MH#0cHB&^di}-8>OTrJT2unG zK+$r0JRVAOZ4ITOw#ax4@ytrHP4nq4_5%l}5gc~FuV??^PRn~#)*4rySnIq>Xfmf9 zB-=KaOXz>qzckk#F4@(!o&jjX=Qos3>X5Bj!2rk;Rwf!av^bMKa`NqoC?{3LKt`YzIQcaPXp z+X{qpCk%>ab#@pon^Uty5MUuzIx41(-`TS#t3$_qAI`7Fm0k{IJkE*3EqHj}p0SqM;xKrgU*zTa*+19Qyp3?dK}muR5Sj$jN=0ASpmcTYA>3m(DfhSx zw+-(vbrKC`MU8Ld{=dtcBnVAufAh`fT1~%WHu&|6;RhbSE{TBAZC!lg+t-S-Nq&ed zPNQR2YZpTm_(h`ndT>~=*R8E`4UQ#=EMwVL+A2%V3Yxtjh-^1vsEl7~JN?yO;_}N? zV~P#s$;rv;I|}z%OJMQ1wr|(hvq=qQO)ct>Psk~s`z>-wss8EZ!woO15m>S3G!oXe z`P-opkKx)`SeRybc)G_lLIkApyPs|J38K1wHp9H<*kJIf1_8diJ1i-QE~}N+AC^9! z@!!AtM)WqX-+;S+0H8}1Gu!$oJ>40OB+H(K1a5t?1sW$vDrYE*1T5gO0ZaZ50&Eu&|bt zzPM^#{OPHA;}2->3PKl@^P(KoqJC<|m6`0*r)KE^XS7q?zo2+v;f~Mmd%oqr81MxNOWS??l-cl zi+7yu$dvEO>&^j@h^Xuk6(>6TQn;@1=54BL=Q(ZB07-b>PAkJ6S}26_z88z=0h8r8 zP(ff5nJiI_cJa(sSPm&R)a}cMWhF*wa{@DgbPg%b2t^-?*Q5A9d5OY`gohTLSTggZ ziQcjxutz&nRu7etpwr+RYV?W3s>(XqPGotIMa*2SFL8bNuzqsAHF{+FMa=iE`*U0x zR@8@V{(4$Yeivjbmg$9o0oS%_QZ|JA0*S!)i%kQ@o7fUpTl21m7v$%s)3#M_TcRM~ z)2SE~$zH+Bmve-fj>tM|Q}U?27nZB61Tr7;m(zBqJ`@)9e{Ld8OU0NOcj&+GAaQeX zHo;c=6q0y(dLD$!D)ZspYcRAg>GNEy3tnWem1{}87Ew#4*c3pq+p_=y3?IS3veO#! zQUvxSm#hd}@Hq=P&at&od7qk4Z@+>;qSNMG=VWZCk7xm*;z)t89QH5D=sZVg>3M5(O39fZX0~9`g%)vGO9Ex zYiGRR+U3)g8QVR%OyApc@LM73=7WsONHh>9zcuNL-QDO+lAxhAnv$5aHQ5+cQusjD ze!r?rQMEvr(^eLy^R8BL6Wt_Ju-cq@)fTF5|o>q>aE-2YefBYFK0L4zfyPh&NlPe$n zb~YcI#+n+0PWXnA^r_Ma*RGTd_)`+cnjO~tGRpnzgPG~*RVLsT-iTi!4@5^dW0B}K zUNodD6t7jC6htc5#iP*(ySW~F2vtR#cv12cZ_}Q`MO*(N}(?2t}Abey57Ljq^EtrS3zHWL-n_IOk&hvLaBXT#^E;A={`T*3%oB zWGO-<3wycn>!8+D0xW56m^7roV;H$uE@E?WLsNz9`h1AKa^aN{L4$c#S^72{o=3F7 zXMpJnt}5L3Kz^~3W??N!Fj=ZfWBTr7*BKxAcBX0I)c21P(PKk46$Jjn|2x`GsLZSH zoA41exDj+mDB~}N6*h%3oM12!3vRD}G*e)7?k^{+T*x!|aAUpyj#OY(j@m={jzOeH zI$)vB2Gw#No?4*2IE&wg7R?&nD8y_O=MfF=-Yn4W z&*Wxw|J&O4tv=deog+f*OqMx#{^q7lPMd^RccSuBbcbr(0E9EJC3C1Wo(Wh?QZsM- zwhQqALNNbfr`zvo>5(q7-3=1K`d#bZ%%ZX(nG_^UEpR7|`7x;V?D5e0)Cw1US^O*W9i#xGNfvmY zj&%~|Suv)^6@Gf!N~l>2EE8Vs-G>|UEy~6-J$9r05_`yfSnAIZMkJdfleuQr>xm$Xve=$eSxICrj?$I51N3=d2+XA3psB}e?s6Ds$$bA7eG=wQU0@23nbF17-*# ziJb7zm-<6}H*s-s7nh4MBLk)W$i)M9dvP$whv0-S*zxay9)$lCm3TH>p+bhSqGBlg z(m5PH%Mt6qtw*^1h1Plz`Q5-@^s{XD$1Ko~mLghQZ)5|+9+Y_I^Q|^h$bW`FWHon; zvI4gY+OMZj2`XPFIn$y+Oo6ihuS7W962v0c>8PXO3f|XP8@tR zN`xHJ7(qU+NU%cb*~Bv+W6ZOch=}qsqni1Zd*v9ESW^a!OD%1AQbUA?q7K!ZD>XrQ z5glYtIsl&~$Fn#XU3>tS5Blig$%X`_%6#(QYznU=u3X*Y!r z*;!h+^v2l^jPwKy0V`{GNgA`3bdO09U}Y4vIYH4=f^go$5vE82!JYm#M-YZ?H{CfS zNdy;6MtN#M>P#jOPJ}L%5sQl;L}v5rD{O`#s$RXTjj3;(<6C4VnPL7agO&m-D&hSI zezpQK#m+PSAasB;lK zmEy%g<7zIpDIz?L&81jb2|FhjFP%wG0d@k#Q`11leCwlydxE@S`xC;60C`RToD+3U z!p~uYW(zd*dmrOc-&6kaT|6r^Qb-^1l@AEF68u(&FD)hIyxnelTjTbzKb)W9()twP zfwY2;HN;h-f@pQ6I^9PwVj}J3oQDyH%?p@t(ea+mDckAjYk$Z4<_Jad204*C{btbZ zeBu4%EBykwKnD$XS$S=GL2epgW!;%xMbJeS zky}Ppj}T?zr=Sxaw|J#qbodd}=GyF+D9!32i)B+*qxp&8a_naS9Vi$OAN#PW^8Vc< z&=l_woc8u^vAnvb!^8|%V-A(ETg7t~^OQ*XWH^{1E$PJBsQ~b>4aR@3hA(RJE&SED z)jn`#qG!|LVyvjc71^1*4${4{oN(Kufu5u*suCcK-8-T>&?m9DpRDMF(Kq-BgX%$_ z0@#1gD#oH$xHP_upC58P_(P47Uv|z%9r8c$&DFl9ub}aH#Y8*HRlj?(jP#k$t2u}4 zZWJY1KfUqQNoiBsbt)tfzhH5vGX8o?Mc@n?S9CC6|CH5ite~9iBHM$GAS6m%L{i@{>iFkv6n5{hS5TfOa+mJFwCdR5PsS|Znz{Fu{Pu+g`-emkPvh=+`fMW>#Ot;h^<41zQ+bGDK1g@TzgLW+g;tn^*~C zC=vRSqdw5KWyZve&UFjF*%BbaRr?&IRc37~Dflg|7 zU0X>>!LMm0tKY-CAV8AT!79~|JOqL*_NsdP}?p~(ey#5-N@rabvzus-;2Y)D@i~$ z!im`CnuZV;gU}K2dc5=xcj^l(f4#LM12#qz?s%-J&5t2IMe*B~R@8Si@sbYq=U2w- zMz{BA71_DXfM^-s+Fc1cQp&!%U@o?m&G$+$;r3^pj>u{%=0~M2qW0~|qxu~FD_Wsf zR!z4$f(_mpRW^v|8x3*9ORNubEtU^AG&AwIOYD~5uCvB|s@_Nfgvk-9h; zv*M(zOtjp(16dx^(H~v`xv0z6d^)$->=S(xS*`%jl|`uqugd+qJzAW9Ga#nxTdHaz z3Cd=vI$qz{h1Hjp;1;2r(Z*O$2S1P0Z26b+NCy4M5}TqD(UR3#m=5(Yv~Pm}ChfnW zwX$fok7@O_l1T6zPBE>@9?+rRqF`AinMh>IYsRnnz7?cmYRiwpw2+YZ3U^bM!Jh~m zBWaBb_{&QF3?AOzxi=AreQD2-UvS?9KUklptYGV-$xWZ zsr8Qw_i#mu7`TJ~AXBkEASwz7CCwvPX3oNDM^%cxuwTE1^!A>}tgm5O<3$TQo32Es zSIFp0Fz0EE4R;vDmdPI=1xy-PAv=A_HLIRNg2%a_~OWjo6gb0t-0NcxiD(3 zW`H7TQMgu3%7E`J1>K>+gjIjb!L)CUp#pg$*N3AD`&nDf#@}D8u+YmzUrFisH2zWv zQ|l3Zau>i+*+=E4MU&HXW~FAQdYueI6+E9IuKJjj-Q$E7WxX@xqg5%aLwHMzM%j$ zZ9*0qSF|HzvvVeXdpbX3DLyVHJX~EZ`;U6KKl#c@Tce$79VcC}pg0hqc1-0nnm3wU z*(Lp>f>nNmlas~M6%e95&_MwTmm0SY1W>QOQ%0OCx6$`ldPsaX5He+tXlMXeA#+5W z%&;(EzMS^?UoOkL@rv+UB517HtZ)7|rT^%!eDjn+1H7IA#lw@|I^fE@ zwe+{f=rYDX^$5@2$ftWUJtfz_tNc@Ua2WXg{)xK=dWOz_U(n3NGS4GHGM9<*WTFdi zEGrpx=JBpa<^Q?E)0yM{i|_NJ8VC41-u&_BGr+p}pM~o0A09b}C&P2#k)QtXtm$7T zoPX6;{Qtv#`u{%0V;uSKOMe1G9^b|PeJPKv@QBGgwMGRSBLo5 zHz%0a_xz#Z|G4|s;&?u{<7WyDRwP${2F}eFqA3&!$kF;>+N$l$o{;#Wie-9ZY&8*K zOVk$DcVOe_tJ$;U;~iE!YdzT6R+ZC^D@4D8of*4f&4wrY*~d3>BL>DTV8nLZI$O(~ zKpNok(C;p2t}`u-tg1R3Su-mCnpa1*UV|d?<|Mvm$5L$Q{TzH?h!2e&AqUCIxP5V3 zc*%Pfn}WxzC6%3qjm^$#w*kI1`u#n%;4kO1^B}&-$@Z4($n$zQft8#5@hCEvCvVsR zXTYQU=2e$}f?;%{#r+*krvpv;I(W zGfQHo0Mp9klj5DrPx7A25cLNy(UV6vt$UI0n$`&pzd-XW6A`Cxa7zv)EwtY2C%Oo$ z2ji3xcCfe*CW1gV;GWHW8Yzb^?dU`D9Ymo6u5|Iw~uJ~YrlHM0;(3{ z{IB3a2lBU6hgTx&2uD~L$1{#oZ&(FDGyr1gz8-n>OeX8%FN%WR_-26IBsZ7+Z4hmv zr~8#l7XOsPRb0g9>E`^B{Zdx)&ywn?${7%SZS>J9UXZ)o8vwv1Cwn&A)HWa-B@oKz z!l1A#G_?jmHM##Z$40OOSa2v+`JUkB%aa@$J7wor=Nw#G)MS`3z*Z4=&BDsi)ZA3ZWWjTo zsAYx;tN$2>#i_Ik45o?~BtwB7X$a3yM>jze0Z=5Ty#2Qb9v&JOmglLWz#<8iL}=o+ zB+1)1#sbjdH51WI(AH8tv5})YB{VjCiDrXQTF42-UK6{#LDWy?h!MaVcT7Lj;c*NZ z4f~0;WOKS_SNj0K%*+ULz>?o?Ec4}QNhuvOoNe^-T7ULK*_gAPXw7C&z3q0YD*&iKZcC;|+}af#?p(4SKQMWX zhuYR3WAXG)^`52cSLeR#(JU-IsKlY&dcbYLdo zcm)}j0KV9IJpRV(jfW5mcx0{1RQgGa*K=>*zsFoO98=MzK~k-!FqhKjq=u^Tz0O5_ z(BHH^*?KwER&kJ0t32#dk*9>It6W`;xi&(tg^1GP@DbCQx-9E_0KO3DT;DGMu)RZu zyL@qGugLL^`+=M0SJ(7odWFkvH7Z6i&(-?<{f>oBP*URPxjTT}h@EFr2l@=d3%0j1 z@ffX@vOJhlU~cH^V=7K<)7Fo!Ekz?#mH$oPz!#&&zK6``Q$A&w$ln?d4hoY+tnUqv zDS^tuh}c%z9hVr>q%}RWYVinbfL+2CnL}Uxh_p{7@gFX?_E7G|wmax=(hvTcJi+3u z=QGwwp4kn?(%`d~^69Z*2-b0w2zt56{#yKTm}Yg$WEIk1rf2h=2CyhYrBR4A-Y_sB z)``NWkDb;xCsNg7hV<{aF>Abi+)>#T`YI6f32jW-&IbkUd&zLo)VqJP^UROlh0Arl zI75>s7FzK+nWpc;M)hM|^%^u(UMXp&coepWMG~?v0Pc0SmRz}vgGeo2&20lw#V~3W-|G@Z2m5@yV)ACuP(ig37 z=hNrGwt!XScIj{nrN~16IvX(@K|r_8c{a)@it`AH6y9;Fp7-SYhg&&=y3#5$QtQ84 z$gN@^aJ1pp<>_wjpJPeAg#pDxKKsnJ94YJZFbc`IomQcFfPh7$Tfl1HLumfcJU0;Pnk=Fz_AKeUJ|YjR1Fap8GIA zaMerILO6f_EwZz5N#%Q6k4QJFcX0dS;=1~q(Wf02OTDzeg|%9o$i^4qB)=usUtVc% z*;%ZXybg@JjNA$mah||Mb_=to?~`inhLsSPHe8RLVksz;F*6g8;^q)~go-M@(9rY@ zinn31utY1h9xT^~i+8nJGb6P2(4L^=9H^|ZDX)J#AT!0E5?c+EIiKjP3zd&3RTGnz z7MkQwtH&HYu8^0g<@XoVP`~;4L$Z*Q2upr2bgWb@V+<$0@Pxy|+tPO%O-_Itkv1K= znXi%=2-Yyypzo|9YrDy(Q5MdqtPkh!FIg@ilnDSUy;SYbs-}?3H6gK7dIXPHk+`Td z6?T=#Ru-lk!X$~lghEL)>sG{9+6nUBZN?{BQsBpbHPKyWy*$YTf!W1Upmi4T!N%Jh z*JKr#)T-7Nz35rI0LwIInAMp5&5Sy`NO{&+C?O_DU6saa1~TJppV77AAW!Ts_@zMB zE+Iguo_$!AJYOb0JVYW6Af3|esI%>iS-ac~S*me$QEP}Uqin)L*FR?p5hh5)Gu9t|f(laRC z9N3S!;CFPHWoPDFf6kf^D_gW8JNoi=w;N?)-(MM4WsieA+4d$vFviRajpkG3lgPAB@?g!-dldY?L4Sza}BY&7wLYC3@hj(Ro?0Bz)R zB{sTF@z)`ci9+6$VvkmdNlUpGT42qrFGyiE;y`5Amx{n;l&pIR!tko=wtkDVE;Ut3 z3hnQJNe*H63nf;6U@|N1g^QuN4t0e@3-7UYAH zDa#3yVS^!}8FBy4#F*1%q9mJ~-Kd>)(7L8wxP#=syvrGE!tODp?9~Vp zf&-8t{6zn4z@15jF?y4zA1IjA{t2&&`)fo)VDOLU^=~_x2QASBLONB5;pm||m7lWt z8brxR0SHXy(M|p9X-u$Xj-lGHpbAk50IYh z7}DvmP-CB3z$7R^g24V4fHrrmQ=dj=amNf74BKC3yY)Q9LT^Z{;4@9n(n9A5uiApU z#R4~!nNGl(OZ{qs-TJm|L;71T>Rf`L?DR;tlEtwhdP@Rojn(?RST!@=He)1ya?{kl zr&l!|Em?5g)TNW`Yl;}skcxLLa%xiUhQ28t%Do8hb;O8@Fd8m zIUQ-a*p?W1ihB;Rvq`AWT%UQ*DZ9GXMi|icdW?_vw3HusDSbrgw(0I(gQi9Fb;!+x7CG7>#O3? z=TOBdDq9uJK8OJBT}gp39$p54xzOT3Q-RTF*m*k$*$kP(;x~O}s>s%bCN5z4k{^a_ zCb}(NVNybn&tQk!1Of-|`8_2zACw7yOLi25sOlG8DJyual=+pwnf67Zs7W)pzH@8s0JLowQPK!`UV(jKFqK zSnKJz+jE^vjsLt?qSmzyi(N;_6J8X&|ANJ)ts!!CILWX}r|hc*87#q6o_d|Ao*2gS zT;+Se$S({MLSuCwL*kR}l7gaw;^NNDKmkLbLNl7w8qe0|J1n1eoz+O)tg+ujV{B|} zuYcN4^rU9g`v~hZrq`<8OxW9R5sp@dwOpJ$7Trq2JJSb^e~Coh*yJUu6Vf&mL&2p! zAb4+LA?XnBalWr{1fa1wXo4bf^Wi z`9mWAP~&$tj5}my`YOR|+akwSkyd>mojb^3-fRz84*oAzc)gg2NXZor>(B4wL(b>d z@2~6f$NoE08zP6r@{N0FB3PKs(b^^v|I3$Jx4R~FX069thnrOP88i+FS9L%?zInSr znf6l9Ye+06_j#d`nvBVQW>bQghx{zm%ik-bwzh5a_Z_u|`S3{TiRdGgzwmb%z1T1p z`rtU#j_^>)<5yan_gix^;VOCPvyOi===B_})c*ycUu><-$!&|QG|hsa=yyN$6kXEQ z)#~*hDBI>eO&;S#zFZ)0#|%oDl!oS@Z6A_WOM951G1>%8Q*K;TnNFv{CVm}#yDn}# z3$w@G#QB0$X?7KCGjBMvG(k*snt5GO-&mOB=^SJ9|5E7B_&S!n01ADaQh~^Hq#KLr z23MUD?98&=_B9%z_=HHA+ObgpI-J9JLkHilo&6M0QgF1shcT4W$F-}4;7o;;1^AdS z_=&5U4tz9OO3)#4o6c%E`w#ndZ=dCE<=3=4lHi!3z?saY_9Zl=Cd1yGjV{Bpwjj9@ zaE$;$;!Dp8`F&rP@m<|n{S+K zI1dXAJIiNY2slp*xRS&;(Jj0|p1nO}u~E}ZQFQ`YZLN<1OF!aFd6H#M zDwtct>PYRA3)5i#i>kA-?5qRKb--Q1y1!_?sQj`mFyDvrBu_!6M()cpqlI(?(c6Sj zb5xJAQgESU{M%>^k{(lxnXz6ley(mUM{Yt%yk63U@};E=C{V&%3#i=Hx<=V?ENaa; z4L0(Z+CyGBtxJ-TqK>(Dn9XtTUfdrg8yoBj!vEdf#TNYL#Y&91koTpDxr`?^Gd|B}b^~~8xToEa4 zoRCineC!`lkO9BIqn=2&PJPWJWY-caIbg)cjTxSEsUj6K)7=+M<{V4zy( z15HKUEwCSg99TG>=^iyrKUEzyfpk2MntyXeC2Dd6(+xK{c;4sC&c3961ol?ZJo;{s zt(KXYgv%~IIffd3k_Ar(Li#7ht*h34gLcNDsIyWxcU$H0fe&!9WV~g9ZDKCIAAoJM zNedV}xnKxBfg(eD-J^enq$9%4t0OU|L}o8xee=>+{Vbu=qd>TgIQbvYcEL<>ifz^1 z<%PECrC-vXOKvka5DWAVz|INb{r|%NUno5Q=1s`ow4c)$M^y~AystXLjkZ#yK;F*+;*kwX#e$D4F4hy#gy z8Z<$K!jCQ^p)&nNn=`~$7}ItNqkfH3t~l4W5sy!mgS4a#ht1yEP{@U{f4G*~7=*1$ z;;!#nL!TeLRunV;lR~ZoudVW|m;UN6oGp=#OBMejO84J6-eMZqB-Ix~?QZh&gF9E1 zjnfs;2u~4C3<6#pUJ`|o4bSUUjHuB&p^F6*rg}j3z&pHVu!Qu`lg;4?U$fX3&dKH#r8z7cfLCwI#;!j93~rf$XGs)^GU0c#Y_K#LDe0 za_fHmcxbjU3yMrki4edrEbL79He52NRU(>~z(a}iAgAlHn>cUc_iF&Mr}Dm!4ql9m zD^?-g-3pgl#c@p2h42>ZPq9dT^PQ?YT~p&yo~zxKD0nKTVHXJ2<1eMP+1O~Gk1%^S{7c=ww-XpE56Y% zyrxLO;}V}M_%DRJ=H$N+?v(*L-MO4$mGY;g>4Y_PIJKw)lFCufzqA3PgO-AVRz9aK z*3rGB6iW1Fm&cDn#LW7s>8?-)~CAm=! zq?2*{3^*;jmP;~nCpm%!o{lfWt^%Oj0syWA`iFSE-f=R4Y$o{`8`B+=BV=|R038qTpDK=9%1>GMj{w9tzX<<*>U0(?=D~ybe-<^Ci zGD66Vg1Q&&-KtNhTX}NvC-o2!)g0tzjT4P@;G)-cn)+ZROr_+ubu_4G*UtC2Rq$SJ zwi|7u+;oDbV1(!JX}hCfEc{POJs%kH3may0_yRf?&ExY%$Xo?}@#y#gBe~adLx-+f zM)Me<>rLkM?6El+d4%WHe(k%^%KHa*jQe^ca{H`yh1%t4~SpNxCdbCJhae|eIt8JIbyZ|8ZWx)x*>6t zWUCE7#aYR>butaWwM&qoo;zzIH2=eE&w8myeKTvWYey-Jye^~D56E59DOKddH#MO$ z_>ycaWZe8Q{{*3G#)&EpVGV@csG4m=+_&(OfLo%%A)8Pnt-)mbGjpIrE`qc;P0iZY z6aGnWfN0w11Ab$324A!zptSxi2?+Rz#o|)158%1B8Hb|NHv4!1i^To!x(4hXQj2<) zLuyQct|+HaQ*1^-qO~)j=w7jKq zdLnk*X*v@mrwmt{OZj#h1>=DR2>X_o_`->hq{V2O)e8=eYYLCQXXG<3bb3umn9s9F zjOrkrdPvA-^RoAWtDwAFT{o4ekgeT^dV>FR7HbvVuu zO21)0m@#Tti}<7xR-mrfTbTIg8mH}avGt3^X^;Q9Q=~3=hx;u4)T%`>M5v#Gsjn~N z!b$cBO-{mr5`L~-byRv7@yn<`O7M$8v2cGQGDoU7K?CHg8r@R-zcL5v_VHZ_KR@KV zj?LO|9h?8X(EkLn)-4zl74p>TRxu8^ik=7AmPQZ&x=|=!LrCT!G}m}pCCOyE+bgX{ zIvLJ=kr{{51$+4+AR#q6ie*dHVAiH6?WJ~$c&AlaRe?~zVQ~};B*(m{^lI*`za)G; z8?Cevg{*dhcy(9vOK6tXb?poennkUCZMITwi~ZAWLHg4;%>-9Yd4|5&XqfBnui<`j zTBIqV=4kvY@s+P~4oxBR7b1i%Zck{Htj)Nq!By89EMqmow+3;sp{cwHbuC3{aMB-Y zDF{wqs5M@iSQ>8Cny9Wqx$bAb(J9ds{-rva;IBG3FStam*0x8zhFYx4Tm(41NH9!- zwpjOoS#E&RTkC-9DAI8g3C$X1gMW)SAAYGbYYZ~s-xK=l@&KR@PVusxVCfO4@}8&d zf%V;6s_e1ei3d=@dNE)0AkYK(h4`=TGs9Up1ss50wpr6&FSS-IO5kKvRHHi0G(_ zG2p3I6JHHEs_42-!L%?<_6QYk)2~1XcNX@UV{lKk$|ysFJ{X_?+u*zN_JW1?o2{RE z_Na`MX_2>&-<#kC?(K{@4y$tJok>&qg?ZVNZ%h_ue{{5XbzjxwI}><08OL!%l@f}F z<*?*PFSA!xY|bTonwF9TYk(xJ@NxJ`@N*M%(-~1_U+k#}S+z_)HT!1?9j!8p#xIYn zy;zd`CvU$d_%J%$!aDDp1X&(kHHK(fYv*^K6YClpO)b~{SOF`nYc13Z4AA7@kWtBP zW$v#gk8~0p=g~MT^r`-PEkh#h)o?5}wbKD53eJ+4UTUz2$#93huQX4Y!*FS2f`}2yv!*D z1Q+9w)K!Hm*HRCY%uw#)VjtTpLa|xCPK;MO%p-6uE!EWfX#m|_&NXwEf|tE18#@18 zIvmdjF*kf#8SpUQ{JB)&rf_NjYIn%ZRq7L6nEjy$>w!YGNqf8wVE9%`eESOaJXo%L zzh?R79+$r6H}PUYGroq0daIHu2llHqa-yqaWX7&yAZiu9Eg)0ZCq^7VcP^x6BtwA@ zqn%CdccpAjrgJ6+01`RIvYP9s`T;49x%98NBg9LDa^SjjDTL51P3M#_5x#am#9m8= z#JcO@uG~4;sx+xPJ@IO~f`P}YW$FAij4%y{Jj6uaW~fs9RA7ENmHoc-pqclTWYNTY zTlFJKV#;ia>p{2posQoyC8POEW8&29X()VK&jV#EsuY+G43ZOwH@dm=B8Id3hAqsh zQiJ|Q*9h+h=V3)HU(4tegIGu9o6X0>hZkm0YA@Z5vzLXr-UJL;ex5+)2UhkP+h5PH zy9><2DCEBycQg&OPrf(+c9p+Y-Yvx4@dH*Z95|lMsbJ%)@Hf%}*6T}VI$EcYu_0JsHU}P*A>@C^E32<7pPMJe z9I_VHdy3t$Ls8~-iCPOPgLVeD_O%$0keCM!j z&D<>TMHg8$;e^v9%UwUz6??`~>g-=bN`Vc=&;;Y*9_ZW!4Kk-!HyMEcCgw5o6j1_c z=E@ZGu2}j%n#1$M{U{~qcAOCL%JVcHoMv)~9u_xh;wn;?1%5!tKI zHIP$*_#^0h^B)&U(-ZNwbIlnBxni!EEpXj+V8nhS6fSRc7Omr4F8KeQ8F1oCb$x8L zM#z%2GLCxz8?mJRDZkc|@F{79k4ZCgM zto8~?!oA^{L{lN&#pD37cy+ps*{4%hD=R;bx4++6LtZ1!!-m-wxl9dPLow4)N~lBP z%~qORAv5r;P`m#1d0-@hXHkJL)K5n>Z9tqG73FkiQqu`YK{)H{*mKHj&DL)bs#Dx+z&_f1-^X}`d`nM; z6sRvKOO?jW9=8H}eJqy;|FA20+NCqAff)levf#J6Fue6q7>m zQ<93lLL~+!G~g$E z#dpgVT4Zm%+dzl@ZTs1^ZDIp>4v9B=QP!4lysUktWUAH)V)%-0uvn*H8r|6h= z>I7P;9RFZUm=)uK<4(=$=KT}-CMT&7E0}A7y$I`Iy`5{-HH4n1j!m>0&l%1E@~%3T5^qWMPF1; zn=>zKP$B8hI%(WcAWWts>g{rwr+{J$jVBi$Q-q8{)49Ber~Ss4N&kD=<{(V+`1>Y6)|hRYToMpEhK6eGb+1ZL z4)?b`oL03&xp?hWBS}GUdP1 z5omiR$CF@Zay@ri}l{CcnUEcn^=tFwSo|)!!k~|OE zI&n(SbIUYThKzy$H1YJuI#Rg^?kYQRAru07q5+7p@AM4BHf-iUwZ=$IF5=H2l;p% zdC)cu(v!ZM2v#IIhkgr;_%JQn-PEEV2?*u?uYiWUD+rs1*B)XD5->bEW#8Xf51SPt zs#DdT+Gip*X;=y2t1|v6NXrXceJv4FUg0Es-1z4DqKY8;SYe_v%HfBLsRxh#?lxlH zXRiF#!F>%XKT9q?C*06 zhBo)Kpexz4!*!bZKDXw==klO+ni&7ROjM|*a}BeLNWJc^Gg03c*WtXdj7P&BX#VLR zp6RuF3!Y_9*J8}%U5(_06v}JPqZ+VpJUmz(*NK6$A;0WmWDn=MMK)FS>3np)&HDA| zaYZhdVeLg%mDjv$&w;w=?Nb@N3d-z#s;PS5kvNmn34x5SDc)v zNVanV!bQTNm*~`0$y;@N32-T;UB@K|lHectExP0Lq5*7dxKh!d0KSETU)LqR{Qnph zQv^&g6@>rEkU)s~Cqp9RA_L^w8oC(9_8f|$>s#8NG={DT#1`Z*c~%1-_Zq(+t)2H_ zrpf<=BwS=_(*QvRhcRC2XTqeB6jo!4_H+TI*cb%Bk34A`A4=DWc0kNA204}l(wP%E zsuLdCOEdTlNRNzxei}CN1VU*6&uESlPSj%Ya`@*dmk(~fy)ojFTiS#gz@qljmLdjJ zayhVcenk1&RT{lkD@=CRJcASyu6RX&%E$?*mZM3x!a^er?ZC>JRXg8_ z5wYCv$C6p+6HT8ir%Ac5V-H+`kcav}P7{!3DZdHrPFD;iw}pm6vKvo_uOw5Q+HDt4 z?d+5v0@;rFkGzK8gJONzuEJlI-lC-NBYqYf@7*V>O&u~jc-VJC&`W*1xiR%!u{2y5 zU6E7Jk_KyB{0^cKGjH&`ifuB^G0t26i{IQZht9fk?Mo1|S<##DT zXU-yUEi3`Qj4FG0p47sMQ!NuVQ^-3{HA7wLETC8V5LCzYy%u1Ps0U{BzW3aZH*GQXncb z{o7bMH$}+~9L_|P&iuk1J!DuVVa#wZ?V1(|z;{SSgtx=jDF*hlYlq88 zKN0_@SJJJxjBM-C3nR2r41Yb-y{>~cEZt0BlECe>C02tP73RTxK{wZxYWnf{;AUs* zIOvbj)u)`7VtbaD83P7GV)10wvE^G zU4GdzO>xP#b))zaf52iPrFe6l(=LB5WB++&Sme~B!_yhs3^Wc-)MXjf;C!o1T^QEm zIovkMvjhkGMzc#l-|@0<*(x>K_qfhND#@>H4q4TtOktM)VXB2M)HKu$lV?kJ>+8xx zs1=Hsf2n9e3v!$P8b@u<@_oPmbiuVB}_^*!Q~!M0orp^ySQFYxtzx!)3i3IIi* zI%muG|G;>|<6QYQJ;c0z)W^E7tEY%-m%Jvg56qwMCc9MeW~MKrl*Qr$hIXb=(HX+i z8$-12$K|Eh(ClamD)nWfBLbd zO{t&%#x%J&KRYqeyPU#iFqkfCKd4KW_2(sL)ugRQt`)7ETOqU}lv#_DKJRrRITxt|DK`Tdrm^rizlzZW-u?_Am zJQF`T&0qcRKY~+S+uS#>-ngQ=1>@yGR5@n3vD$7hFD;|+{K``Lcjy~((2DT}QMHGZYRNfXt7QPEAxIC_NVc7PvuygcRmhQm<6|&812IZq-Yl_E`8^4wKmsoXbd|Ph4kONx)=vDGF4rZ7&2h_&Ai}h zE+5h61^G{by-JE=Vq#}l%)7(sd~QB_83HQtyS)ZP1FJUj-3v<38yHzlOMIpI-v%I~ z3x}-R$NT%W2)(EJzH-XKXt1yKK=Q$0pfT#bJgOtXpn@>kYyZcv-Rs#AJ1)1EtoO%A z%*w8mwg$wo!>U6nVz9T%yYmv8yg<>xgnas9nKz{CYWL1#Vf(kg@cZbXq2V7#j$#&Y zX?&dnFR6DBbB_p7xq{+C*j)3=zjcp8fjASbiKY56{0)h0f)Bh8PeTXpEx& zH&Yt9H^V}9PL|ILvt~33*x!t=uKpdb5(nVOn{t8wl?A931ySb_jarv_cPU2pdhB-F zqcDXy)(+K3VIuV=S>6HjW(n~{H2J`ORUl*TNviZ(-zR#0jBj7xWQPsL;;*%n#ah=# zdva!dMbKRCw>?v(IW36}g@uVlTUZ;3}hB3${iY(@x2 zB}SC7Ipfn3WY4>W88^0-MO`D;KU-6&Ljo~h*3Ib;W4`q+2M|%c2MXF#{dHLfFo1XH zB)>x#yAi-xo&IfM-jNijr3S*?&|5k?F}{Z2F9j&*aXzT`K;`3L{?{SrL`Yq>;z(Y$ zhNVFdIAULjjiCw~t>X5`%F!a?o=|2H%lhiB>?%7l5He@&94;{M(eUZ;Ano*)m=8hg zk@pg9at*B^h|iO8{+Bs_h3y6Gyw4r&=~?K5^U35LV7P&iQeczDmpqiIyi03znY&{w zLRcLwH#apw+gl6OU>F@ONzk>Ln$WIh(+{)g2?nR7ImXWlwFeCemrwA|KK}srsv}^p zVwlV!Gdv;atWg{KK%VH(DVPI$!5$^5q?YDF=7>#b=$|+MHPSU^#ZZ}&dEH@n0O}Kh zo?=s{``TF<et^HWj2)KutX51YEjP^15-6;fdyb1g7myE2*#>^{7!6@3ZIzPLU>r zCx5wlM0||nXS54y>h2hA2o)<29+3`-P-8B{zs)Z3emBwMAt*o3D=O=-)CG-bvDZ|O znGivj$m%C4LPj1rpajUYEk2IzQb#=fZ8L`{E_-XE?_XP5i1JIxB>s17Ng0MRPxxoh z_K|K44i-*k&N=n!R^k zlmftG_(=hMK4W#MxqH;9lkK5O(BAOvH)7L|8Hrmd7EgM`!Jgy`zh`FlvgO!3uPh*l zeb=T{z@3XlF;AUj2sTF{rQA`5T)GoYF(w=sXmXuE#>a)&oHUkR#K`zhV=nW~K@ak& zD!MH44WOCzA5Q(KD|mZemOB``uJB$y+V6VllLrhu>=(Ao)s3y$udH=FsCizrAd{4bC>)j$omt8q1`R<$1*CQ zu_6d9IT`LzZCKUJqk;)#P!s~RKQr%Zo~PHMrbK|NbZ>LYi}o`(`FVvvmZZ7iM%|}P z+oDPx%ebIoygx=i%$A$e03=CYdI`S>I*|qw%4_Kc2nsX|?bGGrinI4&*1WD}$0FtYv5GdK{ldfmBr`Oe`+ ztE&(yPkH6aA1R_h(`mx^*wOr7EEA0w7Gn8HGJUl)6c1O;k(n>!gk7ILiElj%GW`hY z7?lWFZR)MYpS8lol-F8*@y$l5s%}%o_AS}IoCs7We$u@GU(=qpz3LjFRH3w~E`S_T zU&L%Pv40kapK zDf#2XwF+r9>kHzQW`lkB*ReR>E@(F( zK0B2u601@^`4q|-gDvcpfsy9^Jum$6^RyBt5hG(zoU(j5uR=&?Bb^SBVM29u%)~)V zG-l%mWun@5!QEkF>ibW_Ol8lzkU^0kANPTkZFBg!6UlCe9hbxdiT!~6>yN`VKCoq& zIFGVuvdMm^QfQAYi+c~!+v&sPq*cMDdKiWqtiNL8 zwSJ;&ZC$xvuMLx5+BhX8JIhU&pi+ydqqGx!ek7CO=Ux)e7)MRStkw4%3Z-}Q6ef2AGQ*JZ(HPglQ*H#xKHM*BUvu4 znR*u}AlEde)bJtyPnM3zRc}Gz1RL>4L|ibMs2;Mf@=uxo$TitB2BztDMIt0V)p>>J zU&BUdiyy-=04hb6TuV%nVlFpK8{;7LhX9tJRhlh7h&%-R?Oo2i`QB^#B zH$_nUv!+);T)p7sK98#fG0AjGDX{%fwlyv*jyiimBXM-J#o6JM@%{qm6oSK{g}u6< z!{1B^PO}^k9fgPrme`BOp^wyqM9a_f9r9U0F%SJD}^Ta z1X0eLtdj$!>WR$w9(Z%~I)3rwu|YZoO-Rr8Pc~GuRwQIhYU;}Uw*;2mk5sOXSiF1y zDgH}2eU8-tRVlJ$_n{kg*wc^PGF+w5lVx3ef%wjYuFOQn7~0BYC^Yp?mr3ZLhIIp&+n=}`K)OAzg=@@!KQSY-o_;=j zC*C~G4ukZL4}tXWS`}Al9>aH>9|rswIQ$uCZ>0_0b*W!c^r-xl>g`<*Zn&iS^s1Gr z2%r+b6(4gj;sFW5f&nfm86GHF2RG!tOAah1c4B01ntk zHS900BE1y6a2x6zCaiP(WZdp!zvs<9lm?NOO7fvvUuwXW#XX}0$RagTKi5BP zkpIHkX-t{*5xf34*I7>5vnsX=nxw)ZXpat(mTSih8BrKe7sX@pdbVV{<`DlNcsi9l z!5*1tu)`x}NCaoY(wf_VX))>_pwlcqCPYSIWof*_@PIa4ZS;#=mceeQv41%>+Yq=C z$yoZEk#YDB=qve#>GtV3)Ku&b!E2q=WlJG*)JzJ@5-$B2IQJ*U-(au)Ae;wox(HR( zL|e-}MCRz3CHz!ZCEs@PkAFYNTd6?kAJ6g%+#e!F2P+(2AO5{TZ`MLJ`TW8!g<*3x zyk^Dx*Ln0mTN^!0jv($oWW;^#zaJ;dmX!|FEFSZ*71Kj;4SUw|IZd~T``bJLYK zSMNupqGY_Os7z@$Rro0BM1(_XX4i$R3n$URvmfHie?1%6A=(Vz`{U6lYDQpOW==}5=WijJ$u`^qiVD>8cpHY8|HZ%P9;<)L?#iB zBoOfF#(^4ujRI~!!T?8FkRnSE|J(rX+JyHt0RMf?pSxC}#Z?0TJ|~jk!e5|D@SleR zN30-8sD=M|c%*X|!T&xpWDq+eqd624TazkO7s$$qr z)iob42|v*D`X-SnlV)U%M6NTXBiJluOka#1bPL zLX=Z*zjPrE0lG?V`dZ7f&1A+qGBUFCQeGt?WTB+2!sGiUaMwrA^@dZH&u_uP5m}l0 zqZ2=KnQ8rfkc6!7Jy(Y-x5%N=8Z^mceBR(DG#u#-H=JWWi*lxp64Dl%we(aAN#T(n zGozqfF&1;oOwxdc+da&EZ|*BCac)uBH`i`H^_$cf@&E5f7{ng>rmRxHX;U5aE=(}f zePlE8x~F(k#Oxt;N~$;U(AWeNTARjhHG6#%V2UkKYZ{oxbQ@v+vf7mH{H*QkC6cvA z;F?tDup#UL+hf0u*>vS)Q7T=i6o?oLQ#Rb>RhpK4qoR{kb{q9Y@&hr&Uswf=qseM0x9*pXI5k^{Fcu zjua}m6<0Fzc9i7`M1?&=tzWv42RwpEww4#sHXI%K^x~-b8%x=uavrh8(Jo%lb-31E z+~`P^BrV&MzSwp&Jv;f7TXl-=?m)C5CaLVm)YfM{*H()^cp%khTBCJ4KQB@X$>VWEq_fbBOdX1Az0qP-s{y($zt7@A}}lr z`j~CNv^joM0XnYqpNH9AW#>Oi>T8#6!nt|Yngpjt7mJ2(|ThTi7r%%DZ&IWXm0=btC z*kx<~ie1=pEX78AV;XE^|6cN$>&0=;B37RExx7jc{s(0n+=-}ciVb(^PtBLI(Aju0 z%tymYjrOxi&ay*|Bn0jU=6KVLHSDka{<5cq-!AneG9EZNDE)31r+V zMiTPrR@^R2su=Ei-=&woTD8ph>nA+CJ=O|hR|o>$jJh_Mx2@D}sbK^_88p+yxpBmX zN~9vLnczw^?)Y3#j=6*fcX8H)LBFVxjB`{J7l?0*eS*~@Re~5nO{r@n@-$9~>IVB^ zXNNL&fESf>i8>nO!>is7A&e{$EZhlGUu_^y!KStYD{on>OhFj}QRrTpFivT2RW9xr zM6xln9r=ECXULp0wRN17Dw*CdPnpB^2SjYdazyOg0Q)=G1nKDR_n zP6Z14^nIFr8r7Z>LT2r7e=_ZhnNQ(4h_qu{qVW|66NFOy>7sPsmg$~u$|1@lyL9C@ zc_{rkf6WL_Es#bPvCMq%LsQS7qZ?Wk|6K3-VIMQed9Xm$?&mF4lJp>8**4!%WI^*CJ|kz3Cw$!3`AD{T7J4Dyp(ij?xuD zfogXY=Ed2An%=T@V9?R*Rrs~{>CzFSiKAy?u=~jU;}Ahfzt1)wJ83x9z={o7v*a|a z&ResW&Tk-&nUGpG7{03VBAs((#E3_2VpS?JN>f|q8y+55DHP(vwW{Ja$cpN9c+2Ih2P=BQ%K`9eUuFMEVOooMusm=yD|$ zS-lc-op@QM0{#fZv-CBKrvnAD2HV#itC1TDhOu0%c?;R@b{8!IL$EfzM)GOuC1bX{ zbekb1JqFRlduK5BJ^6i{QjZ1F=mI8~cv?fhB^%7x40-x~LJu92I9V=gREUUO zq+wxaI@NnDJhP#dUVlMdwM`dn+aU_oO}qqY!g^daRs@Ij|4j zaz`omW3Rr=5%Z>xSd_|V*iB|YF{tK}2~dE-q>dfYZiq~Uccc@0gr?5W;7!=k%MlY( zwHA06Hb?ryud82>Qzo;zw0Xsxr90UO%s?Itlgo?=r-^Ar_e~XeH+D5q-s1A9oh;tg z7|2hzw9rHlhHO;v_^{NlQuCqDTfRsn&LI<5 z*{6lfqX0@5^~{97fa1tG)tOz5@HadRJ)7kfItFtD{@$r{L9AwReBk(u)rU$;tdb}$ zM~j>Q1BNWv^>6sR^tC^$%~T53mls2=o5R+IYgz1UlIkziz~@Tf3K$*UN7r-5DnWhT zoL`AI>1cYp$T-1i3K=z=ux;x*WWqgV+Q@CkA*65=YqX3H51U+Fusx^wcS~Qrw(E+= zaHdG2ITxf>Mqz8Y0|fT=gqe*r9)RfS_E4ESi61(y(kv9I@AbigPV(p}6${R_z~6Md zIG}}suu4HQr3^$i^b<~9tt23MUc#^Qi94&&Kvx`&*pW!P*>`1&MpO8_4$&FBDHTBf zL<9Zw;3l;O`Lu5K5JtqHzaSPJzqb%u;QZZsCiy~PhscU=`3m#1y^MXyPl#TW;HgR3iR^SaFbIvN3Ky&tKkws zEeaPmjb9_sw^sNo!(?kbS3`1j5E-F&a0~7s?L&P8&~ z>5PiMe1vF9s75y=;hCtL#d)LcGk7$AYERn1JU$N3*~1bS z*d3Aj!@eEbwAiQ=F#X1W3=9f^w1W>4sSA|6X1;KHKO4e{Gyv-WL$mJ!_Stc}Zpdna zA))r;M^Py#47B6?zT-}<=&>!20;{a!72A4M)wOr#@N7?i<>tvoej1Q_C3ABVl{L+) zQfKE8u~LE10I zVt5Twcq<{WHWe&0vswK#-tS=Epr3WYr85-R@NrRDeAefF55>>KidT?TLD|x-I+0Eh z2i1DV8Q$_5pkz+H>zW9eENv09+a<)k5ic;{vX)1io@K0MuQwpQKRo=^i?F)jNS`}^g@ zI%5#3hlk>m%h2bw{*OHM>6FBuJsu;DnRd`nC)Xn5ewrvN#UwN>jV&#l>U$_TAN-Wn9X5*-{k7WsZV)ka6w5?X7xbpXm>2qF;a2{ z|3|I08&SDLqA343*p-VBry`j*yKm%%FIJhfL$RFA#>G_gJYp!-oL2f{269&34wa&4 zb!M!fQmp;gbBsB474$A+je(^k7n!i2b)_c`; zY-!@*x4vdoa?)EmRU}V^dgr~5JYwLT)?LR4T_I;K+J+LxP3{|_=$wvg99pvc0{_s* z(fETotG8vk!GRh*6xTQy)o%ie(Y4H}f2SpBOhhH-@jRj>Y4c=1HZ&|xDUA+?fS_<^ZpW?1!7C@r)(Rr4Kj z|033PsiV#STB|&9u%sNjB7ZaC##KT}7K8np<^$bU>UXfl*{NCUA)5U?qJ!4u9+LWf zJ!TQT#9(;ZvfcayZ|Bg{GjR}Pw8bX5FI@&5wUVQURB*bi!MgoZpx9M-+&K<50r}ol zlw5TIT9TzuygI){q?$5u^Vmi~Y1!`FB@W?$$klQ<1grDAFOg7A2A!8mf+|0DhzZ+K z{|{5&*d7TRq&vX`9cyCSPA0Z(+s?$s#I|kQwrx#p+dBR3?uYXWI(>DXs=8H0AG+gC z%R;TB`;(dkxwj;md>czIv@s+(?(jKmt`G1kaCdi!QS*bRCSX!3j7Xy0OWg*oxEX*# zmmT`(z z=R9gx`YUuj$2$)~xUJqzmwH13$B+=!M%5CQSLQ{2@1(t7mCy@ID&bXI)skjnEBla} zp1UkJUTf+&EKo46_N%VHNRe)lFdj-cp3e8TLIj!zGBG6=9>eBL+F4VY`>AC`V1)cj zsFR=%tCz9DKt+JdZh(detC^W|=kc2k7e)51QZrc|mI!^m%7EA+)RT@50vQchC4}?~ z+aKm)B7gBfFJrilV94$K$1zY*NfKMzUP(#+kH>@M>sRYH5fN2!A;w;YUT%GcU8QaC zB#KWbNvOi4dFGyj5RT#DoEs_N0*MsZX`d_(r^{FJ>@XsCRVb>#PW9O>yX?QdW6n6| z4h`1sofr@zB1rXuxU_8S5xX()GeWe8=XZ`4QK^z~p0mhVr-)YQT&@rc20|v&KlKva z$bWG`zg;22z)^%V#}X$8At}Ll(Hqk72jR(i%MbfGI%yDt@7Oxh$tQZ^`l35P>MlnS)1qCO@Ih7i4oG^pWvx4_LKCD-#JvW2fgE|=z& z_QM>wZ~O2J^Z>L2t{DR-Jsz9z?$eK6=9yV(7~gU{^W$B{4b%A-%!tl_fMrikZ>G%k z4)n**HEMY6HW&Nq#~XoP%qbp_wpu-t(3fS?3>8&oj_b#+b+vmj`p+?tm}k$pj22Il zqUQFoH5CKq%sf;!p;eyNqCd&dvp?Y*?=^bHp9<WqBqQ#*+ib+8 z#LrSyO>=xcVb6hIn47~jHr=fq^;Eiv?rq9uV=HhfTW|crZ?g-hJ6~OtNjlm{qKY72 zah3U$-_EUB8w`tB&RyPPaQ`h*k#d!~=E;E@=<1o$V*QxI@#jH3B8*yL!@;?U@qAk= zqul7cov}cWN{ow|Ww)b?YdIR1$!)xF4OY}#KDGvo)1Jj!X{9%H96~#PIlX_N=XXy{ zfsv(Yoq3t-Xta&LRgXg>CbNNty4kgcQ=Tqn!>h)ybuvdJ8%RSQ=ElcpHNVv__T`VO z*SPNLzFdKXZU-aq`oCVu9I!0&0uwki$HXQq*pig_nKk^tw zGS~)pOAhi~ToqY$iCDecP?Y&P&%dWia#eVo?AdJq@FI5K_Or3HVWZ*4>30>_s?yAC zvzKN}=5NyM*Zj+DJ&)7T%MhH4y1@Y#Dd5{l8b2zdr`VUi?mbhL6}+V@(QBXuP@PXc zE-QK{8U$@*G|XImI44sj7g!r=)ekOlJ8d#b8WMsez7@W8ep{iE^wtal+CFY7S|*g0 zy1IvR=lq3Cy<%zw|CYGAR@Y+Bw$zN}N-)pu>h??;-1&8PIYn0Ku$!swb<{KqMsl{= z_P=u~AApA3t&?q%)^DpIH?rRHO1&o^e6zLZ~ z%R(p9;_`4raz05+8wzYG=h03rqM{&}w;IRv%c{dxv(*cnB_xlC)BA-!!&SvKyA8tH zi79h?44ciM8DFmChWEi@5TMSqGS;KIvS+%#RxP@PbY;$pq60#1K8~d z$VxcB6ANj=U!@Wwq!#Cx*Gw1`2xsmo|DM5Yj6~|Er$&x|{v9JHBcp3}{97b@0(D_AjEB=iOurQShqDyYHCB|R! zqOe?yVg8o~=QuH20)620UJO=Djlb+~$tZy_U}GebujntI(1$2l@ddI6>#Mh zViP1O<$3C9u{oIMj8x-8!o!x*m8NuoE-fWc;FKEzV6x4`GO*4MkIs~w!Khh($jBy< zjGFaIfBEq(N|fiuPcGS%e3p@y zyJ@0B;0q2WXig-3yX3yQK=Zw;5so{Mbte4%o^Wp!!c=qqQZy>v@?&zU#ty$B$fCc~ z9_qBEq|z4-*I>^RtIgtrC)(}QQ4n}RtOB_^_U=aMf zN7Q8a1ufhVOD7khOMeGa$MTh?AXjfAx4 z&4Xh3P>WQa*0!@BV4jtOdBte?8;ZclO3~=OBMW0Zm`)pp1A_G;D~w{d|K~OmaUq$$ z;a;mLdZL()2CXvbTN17-ul>u9tfX^n9oVSRb&ZnVz1_Oer`9=;zf$r=9!MEE&>o}h z!P1bn)w^OJA!3X&l_SK#T@bkRbXeU?1IJNVyihfuM-b1X44yP_P{bO9&gyyfjR_4S z=iThaf4}>vNm-pi4IHJU68zMVaU0E3Wv>O8ecN@Y_{9+;(emXz&JjLLdARm(8$|PJ zMOM|*QZ711Coh=7r!~)hJD4h%IBN_~QU8>qzN-$Ad*>I+;B>40?!!?YO#WrAA+MU+ytcHS zTD_~af*i%+kq%m4S6Zwy2J5}`5?8vPeiV^aoOtT_o zOFScY;k3y)YHF&#*o+jN-3@jr513H-=nMIkT+N#jL3M^5m(4q|@5U8V^tAkGd@As< ziClN{#8~quptKm}2(KglK9Stq(!UryDagWKPvg|;G5u~}uB5bJ53^pC9*miK8!Sc2 z>O632idN>4v`j3E&!;CPxo)DEuUuJ1K5lqXckvecdor=R zsz&f$B@kBhORpp4{bhLTrKA|5rk(eA&#)t}tLc66g|Jh(-6y|mqTQRe)*mGoj2!W1 zK0lyR49n^f>tWNs(BmSh{HaK8y|J&Lq?*g+@Kye5aEplVlkkUsJtu&z8{A=R=?OIKqhJls|GrSbF{;7FcvN?1Xp8-&J$$L#W8zHthI zq!v+8F@gV`;6U7@tL_sPbj?6Pjhxtx1JlwXs^hr8$z(a%CP64_31U zK1#f+!LjE?)jvyugalm?#WhzKzi9}hJ+L(eWFxnGx`=mYzPD;)kYn4j9ZPJNSiTETt;`8Jqj+)e*cvbyOvqRR}WTh&um`SnA@Vkx>$o`P* zSUO)RNI-8qlLv;b#o%iqh_3zdX>c;h<_HqR53@_6MQ%2B&AsXEh^DBPUa_dU>E5D-2#?MjNwfF?An|LntZ*L+?jq5a^CfvC(pWG zqk=~T0(K1nXGQ}_;83v=(a}VmAk`LfzwWG2+YXaqEYCk3$++M2#vyZS7fZxqM4XL( zAmeIVa)jqo^k_`bMV_!FYT;Pj2S;)&2fz8G}1lFNmL*@^E3(mImAtgdP=#+fCx)Y z&d!#Bmv4@p9$F_mL;rV3zX3fGC+wp4vhYat;gSSB_#=H16Q7uI@YqfqQ(Y6 zrq6oeL`3{+3yOu*s9^G|icDP2knk2VXu75ucr0OSGcncF6ub-pOp9QQW-d-$i&A<= zjVDnLM11>HE)D?-t(^w+IyfLPJ_cxlb}#WZ0Dr*!yLbDc9X_0HeH|u>>Ro}Ga-Xpa zm$carm3;&1Xd5}gaJZ~tUnj#{~Y!vlVqgz2Por}yI@mcal zTL|}3;oj?7Ew5|f;p47D#^~D6JR|!3t>1fX5k?>)_u?eRB^E-RW?exs=ZFVDsMG7=Tbyd-q=!>EfV8}e*m92RrC=qS`s_MA@%4_5f z5!F!O_Uf?NyVN5=4M&J>tkd=hp~lMpa5l|ji4A-71@HKXs*#H3_%G?h^5yaEJKu}i z54e!K(*iLdS>X(vQCP`4$^XLJc+1}2;9qj#0y&g4C{o{_(SLQR*1fodP1IcEFp6vJ zIC)9v5OA3_ST;GDhqZHx?G8OSdVX067-ghv*l_wb5K)t`T5lY(1JI`Ek713#@5Z+( zY6U|F-bIU8CY-vDR0AKOg!UQX?wA zM7F^EBdktjlmZFn`%z@-$%@^<@DA9Yy4;RPuhFiAD-x5yjm>}0X}Crx$__U%(bHsK zm_K=Vx~KMgLKLe8n6HxgAUI&?K9YCpb{6S%dFOC?FsAiNb@LcyRYm3+AjI!1$J@?S z)s8lRx@;6lS!PjFX?|v;HY>&;1@1T)oY0nt6 z(HOZYX{)Pljc{c4FKUT!OR&l*rXkm%P;oTbAuQUTQK^D`ki$}~ogu>~;UIK?1*bRk32!MK{-H3b6kaT0wuepyV9q8_4vE>;s$k$=|BRTEI znPlG=R z2VVvf5EGXxrEwKTLMRS>%0KtakacN#ew(H($)Y#JI<`n6)(qPDo#O~RaukpKh8UXM zA|7NSaiP7^3#HdHxx01Wyfan?ZQ6&B<$K()t)*rBxu9&oN@p)fEJ90*!2y>pOZh(cc~( zf~Jv4jx&uv>ruKw&kMs1kH-N6mZ+#OLVciYoCT+4+V7C(27cvW@Td7J4NUe= zORhY{?qVZ~0S5J={11@!ojV1+b5h=g6vlxsaFDOT_8{zyU%^E++fK!cKWcs4{qd50 z^bsUe>sjfJKw(is2A&|eKHL{nnPURm+{EMJ*RzO^OO@7#eRh!qD(C^Oo5|QF7hZlg zeCtj75o@wsjE`H3p=cgyp*&`zBR&_YQFWQEgOCh}ucs?+n7f&!SZ@0Jn!XnS19GOt@`FyBn7$4+v?YP0By^M3T)YFQ103~YIx9w&qWkA|3X5fvn=t} zIs4+XG~q|tURzH2#y0g`_r-l>?p^si1DNFZ*zO7pRAq~dy?4%teAjp6M`WD;rPp7c zQ_FMdm-I*BufEpHwE#G}?~)>;mu+139XV~-%i9eU{87yILMFp8lFcp6{hmAD8|mtb zq_KB$xa)-#!|}R~*r!k!JG|`m5W|iQy!Zob(e6_)QmF_rd;q9+ZuN zG7&%*1>d!uA%B6)D_h$S)_FDKp!IM;92$#u(;1@uX5V+!y({H)Z4!E2+rDv^~q zNQ?JwtTDDVdd6kyKm|21zY0yGYL;T>-d!bT+V%^1zB6yTxd(IQ)XidNV%)rfXV;`g ziuKP!bR~hd!(IN9Vd#cF)#bijGqc^548 zqO!N$gxYtB5O)1v=P)q_P95R7r`}R{>W8-@NqI8fVW!f<3A>;#J^*l}nasuRZLvi{UTKt_fE zoxmg6raDLwY4a=PtD_fc(!n>YuC*n43^de=Usi2f`o)MNF*a0b&Zp4kDie;P&q-43;?VDe~<(}4F{mOx(RFnV87uE)GQEIp5qn9Q#} z14L*N%JFPaS88`s4*?H}b`p8hwy1tmdC2y3=mm&&Zopi^9TU+3^1y5$QjB}JgE6sj zP;E1ED%rijjAuauzlctIJ!)38!~5Is*UjR(W+G2~E@EJuoNjyE5CFV;;Hnvqf$Z5bflk98Q zPTniLIUR0%Vz=!*30L%Oz%I2p+R1r^-MvuZem;N7KuQbXsoU!%DU@~Th|`PkC5_3C z$QVJGXTxP@-bH$2e=3xEab$1yEn)HP9l~HaAKX-Q@9C`<{?yr`?u)*@bl9qO|SnqOvcNabCjSBx41$&bfwxQGqeDUQ<|HypBajh{y z*Qitl@j5}HH;l2S^!Z0sE@*dTS+_X`omGaOZFM2BN-!W zYBPX763L?$c)!jh<}imQe^W#|=*(^9WWAlsmwiHN);z)S<)o^-2v;#XDmMsPro#Q; z$fL}dkci~ywzJA@8Ht}MmV0sY>xNfph6Rn%$U7R(hqTCaWDI$>-E15l=redD7lM2c z+KP-HgYLLNZSvB%O#E{Qk9aZr)~nTt_F=w$(1$`io2d-%RYf6pUcsT#q}I zk@CA+7Y%h`8xR?HvuQ?fP#?=NTvUB#w+(TVoyQa|_5*xIOtaF#d5E0uFZ^;n)d`)o zi&ahzB}@C6JX4{TnbWS$ zSLo8da)#JYTe^-N_ub+llgy+4*m7W;+kTbLHUeJ{}Sz`U$0584nnC#7? z4M0&VsBucbKVP;T@UPPq60dbSf#hCO6E7zPb)?el>k4>#b!W24aP+&wG)VGQ@FjU< z^V)kequXSKwB9eKx$s(bFgt=y_ESxy5`_LqC_#$`0a?1MQtUuc2n)~K|%{)#O>C+jSarg@CC-2F=K+*v{bj;aQ3AYxmlwUxR_yf*IJo(2o zHcCd`T9GkjMRpt!q_g#R9m69_`9PHPktW%K)omlCY_4t(4+B4WoL&!$K~VNqqH$pH zkS%KqbbaPjyXrbPs6L_OdW{sL?8AxOuTO`v#dpqYB>eLfz7vD0LnitD^ul_G3&QF< z(1#%0){$Xur?I^R{m``=lE12jph4v5W`XG;_*)Q?FcQh0(PamszsQ;P*TmIUK5JJu zgX_JL!)At3%z{|LSEo@neP=3TD3kRKgkE-F2Y1gQeS=F`=RUnmyFZ zT~@@$KggAvbKUg*xsfX{1}e( zw=14^X4@BaouCZs$`cd1tVnx7Q4y>CPOU;gu{W=s|K>s8U6}=Xc78HFb%B(E0x3l| z5jof)NoU4?!_OwrlKKx%6sq>m%9#nL3t2TUsn>DSt)x%FIL706W$Y0UC5xg;s0hs4 z<`n7gDg%PnM`m5F?l#Ho)C|Z)%#k0U=DHfd{;HV;Ejsf6t%k#$t+BVo-ZCRJq3z`F zKFJUYsO@>Y{|z|f2TevT=}P;0LmkKy1@RHxnRM>u8n(Rh^Ip zgibc{fZ+sP;-KdQp zT1eE9MbjOy{$0U`W0#HUGqqbFFzJ#j z9$w0q3;X4VA=CKBIjXyFxDBF{xkg~<xH9vB!$x2tvY0s zUwPP{$`iW*-3|r_a(}$popbODJD)D7rB>%0$;TZ;mVPE6v zG5ZNJI>36!-=V4{gIc<;Uh(jZ0C*%*Ii{68XJ4k!BWghbrBgk-Y-#Hy*9Sr`SmIIY zdClY+$Nxq!drG#q|FnIFIc7dQbfl&I96D5KyFEYj$g7|5GefBMvXMANEPzohy%f;? z;Z$LisLOWD~qefX`Ljb>>z`5T3)sYiC3upk8@FsCQe>00;b^L?nuWXMeD zNI+dV1Z}=IC8_Uy14a0f&t)J7;nogSJ_EneEk8MW_rhi+Or11!pX#{-Apq9ZMwxSX z!ikx>aK1Lf4Uct&&*h-G542^H7|WX; zuEI3RX9yDhrv48Em=(tML*M)5V<7s5PYyqs!F$-X)dd@(?t#-D{IOanF-t7kG7Urm zhC%Ho_43{;3z2B$K5m~On8V(Y!Hn>mNi&Qrq50``f;BePUbp#e63|mqRKc&lkk{bU z%AU?fhhaZE)*#8Qy<4f^xfTS%lQ)oehXQj$mp<8;vZ4k1`&9OiO^6yx`l!?iYmE&C z_~y_?w5LTFCIy))UAC*nxF9V2fTfTkq%%LgVZq`F-NnTP_7^r&g;L7=`ZL;JIio`` z@npIjK={`A?S8oXXf(RZ!sSKf?)S(;Nz8@VHpa$O6qTA91Li&f&R$X`tY?-f24HtNt!>I-Q6^d*nIqAUxGX04XUcmg)bMV=glvdusvW(zjP!G~gd9A9la< zM}7eOW6P!TujI!-jR0KA{E}%z72>CRt`PjIEH8uamQsU+N<@%FgP=3&8hT7iam<_3-9_YnR&ZST95hfH$CwSR z2WHIA*VBvPe&)!&;I{?UYs!P&iQg<9SI39L(<}=mu&MRW9)x|tgYvQuqOVUHH=++L;9)j zOOn#2Kte6~ZBQq|Vm;9y!WEUf>fEhHn23_ArBD5v54=+T`xJ>%M6!4(-kaB$MMX5y zMfGI=uxxxBRV`ch`|y38semQ`7*qmhRXKjLt7j>mlMc3(5q1T=hOGe>9{lXjy?uWm zW#Y?oFNfmu3lY>9J6dF4Hy!Qo279~gNs-ac&3VqF46V)O8E8<*bc&qJ|4_#onDpVz zQ+PE6CLbofrYh=SNQkrx#m1iV^QO^!O+3)H!ih)he=M7<* zxYRq?;Y9h@Avl%zcb1*PEFi#f4bYhriAys!XNpIvg(A;*L$Wd z0xX-*wgxY00a<=2o`&sly5#AQO55D^6U?LXhz)}2R=Sw!<^^CjHhX5I?(aQ%549p#OPEi4unTX<1nN`YJW06a;QxREonfv% zK-v0T0hKw?3K;jABeSEFQ2bJ zPM_1mMzh4HM7X24z?OJHkrE`XlhTofrs#T4fJUI5M38`j#e}?vc@Io=gefb#;i1Zh zpjpm*@L-^NP_&;En5h$5z{lvs+ad5X> z?C71f3PGY?$`>;lqC5hMlrZpsU#5mCSaKBm$7Ds8zy5tL5Wno2X;NO;i9lH=hPhlS zY^5LT0ZH_e6dItGX^B6s7Ph*28a~2Cbx{-qLZxhi{r&4dnoV1+-YD*8P`=&s{v4CP zmu&728FfOpfB&AVifp%c`9!r>uWfCNpM3j{IhlS%Wxp38E0WQ`(W{JVlF+}9Qf@I% zz0bmGyOQiH0xL=&{-WRlyPo4kbiV9C-k)G=mhorhUj`o4KZ??C!Lnlu(!0OB3C`JZ=@bQ!wuUx_H)ZV|%WyBM`T)0U9W;vT}qJMBRTBIy37s2G8;^kUN0+yYx00BP^09uec|`x{@;JijE9&! z#zUvtqp9Z|Beq7;;4K&Qct@KNz zGd5nyMoy{7&|JRu@-0}%>Ga6T3#lOQ4ftfeN+|c}f0kV+j&8ZMAZ5^()^HY#Ge0cH zKrh=nMu>?y`;ud8({N)?&6Ud8&wUuep10G8I#G{@7`{j72|J!lrTd!}_ZXs!5=c>n z6;eoD|BT+BSfo|2{pp@!N3^gFDKm_8xP==HzoucnJ2X?N;}xN8h+XoX2)-AQV>GcK&-wq|PPi01}Qc$3g*#$S4jKek}+N`teIIKWdZ^V;h zF4@?Q5D1VB6Gv5w{_S;MVub&)Z&#_UU~N&t)gRbC@3x&MEr;9Vm??;1eOk`k$}S@BZSbDDD~(dXnBY5K5K_hCL)+7I zVVfL`_QVZzr-@SJ1&^P>d@bGTI(8zQ(nj7z@u~qm@>vffoaM*E0^PSo&d~j;DhphU z)ZhW}UMCShN{xGbK^N_{7R#_LdI5)e$%(izPtXp<9@X{RSrqZw=uKu{H+l-rXLfBg z?=bJ&Ma>`{mk^A~c~zoBlBnDqmt0P%CDD0k-K<%lu)77!RI?#@e}#)I6X&RofpQUWa+Ot!TmmDfB?{CI!lT!$e?di zT5YcnkVLfvw00f$o{Lt;BRjo}uLsB_=G_`EyirlNX~FYN?<%z}wx4!Izwxr_zv#J@ z^ErDO7U<>@kbQQF)bmEvNXO3Ozg9u35bnCPHOb@ixE3#fGco^0dV}C|jFe*PhF}0J zu10etMm2vTCE^%wo4$Nw)PWFz%j_4J@{I8N=4t4!o4=u)!eQCi0|=w_f}|rXVXMNn zy8mk@Cvi;oR{!cGj++gU=vSAj7o^h2L$8uay9L?zv{H%^YX{Gq zq}yd>ZE9>}VP^xlu_lQ~u%pnCs2Q9OvKj`F#OFKqz%tFYxO{niq#^{%y|R_%8^OUro>&T7r{ zfd`(mtA{DJDeS9_Lgn74x_at$T~14-bZSPkntI z(y5LTPY(gB$JGh%HzU^5xd_y7Rsr*4xfxr2XM+jrEI5 zxB$J)5Q*evo^{0-%*Q(N#prrkk`7hxNCnGr?zf;L50$yd|5i`I&;7!p1qdsvQ!To? zb~p6kin>i}#qV(G>1y=bdv)rP$AY=wRl479ySC0Y#7tlMKRQd+)S9Qh#9LZ!Lk~Ua zTIeHBY*oeYep}2W0zsPhf`~3;E9p$2;(dqrr0?>J02C$31V93z{Je_YOJTKW-b1+p zRM%oUiBxu(MYv3-UJw~62YZJ>R}H)U!sn*{)2u0K$~@)#%xy+8Tq#DRgj+N?x2lNu zwAVGj!{QWHK)Ne&h4C*VNW?J0qQ5k-36xfU?EM9SKwS@{J)XA;qU|3Rt)x%4%>H3% zSaFjX2L+6N3W&3f_C}@2U?H}Kf%tZ~~B-QUP5G?OQf@P9$!O5wvPUp^F zL-r?X$ABFEwc;C&M}yYq)Hg%?F-AhAbv>v(G`n(eq!+2 zZ5EqAj3{{`QThK{S{V+(Z<8!La+D_rodQ+esg+x8?nU;muph`5>42gn zB_e-{G5q?z8Q#~Ra`alFM6j&R7}Z=xD2=>kF$R{PlomnG&#b((Q}n#xXoHf5@p~=O znYcy`;ExlDV3`;?@47+mq1dC-AxKYPGJTyjz6vb@%Gi{o=5|?*&boZ=-QWi!F9E2g z1h-eySp1kYih%q^t=Uh5B7_~*GL`(>6ZrQ`T7Z?^V+w($-BEqDY~Q4cv4yp=_E>`u zBN5f~@#i<=K&A{Vt}kz&i3yBSwrZ0kUXoc>Xzj|{Im632aoT;sxPvmcE>f+a{yo7? z!Tr`kUVP3Y_mIv%lCJFpsIk{T%@%mb zWk#=yLhHShY7NT&6b|uOT1gXH$zHyV?1|M4%`sZ@Ctq4ZFR$2d@o7gEoIP@8MEqN= zB6PV5AXb79ImYh!9ZO4w-GJDdNL1R5!|CPYhv)r#I$8U%%r%oojPsDoh)dtq7twD5 zdB~VZe~|gNf6{=?({6?T^={Zx5*2!`Td+TT`J*;{qvHtfYhBmu>!}qd7A{2)PsO*2 zp6l$Si#2u6dC3;IZC9Dd^qXDT>jj3I4|m)nCdDww&6PBUs9x4Oco`SM*Oepz0aV;Z zX3D3DnTdV~=yV{k_4(`DnX*MzV<9@3sIc*^s#{-Zj*T!KusX65yng=TeQpnq1uCNd zY>fX!G$d!X<`LuK`opI1C)_-NAxfM3MnOcr@XSOArtr^4ZE#n>Ux-UR-dbsMcuXg`^DW)&p9Xl{u*wu7D8mY`dWtbk{afV z1-s}i?^UE|&sa3j(1_}v9n!eQs};|l5IO2xHF`Z!LjdjOiwbBI2+Xv|Z&o@O&-!@+ zq2!wxNNF$6PBzh#ifai6Wzi9!kjyIT4i`{yo z!=7+Nx5wi1$m;8eV>wr z<7e{@|Fy_I&7>313~4YeW-Bg+N&C^~*&aZqL4U74V_1h_YnuQ8H_Oh@s8#pbedZm+ zsZ^70x}e&x`?&pF*5#oTvhmwJ*cL|gV%F>87~Xc8IcbYvL7(D0{;3AHKx!c$LrcBm z?I#5BKC8inm{PaK{4KCVQ>O2jW1brj;+34x0#n^*7Gy35VVmi-69*~%sfDE zSoePWIVw_YhJUexhsEjeV(lon9Rf_O4RVA#fp@P0^FcXR%Pi#R;`h1=Kg)Bv0GA zqBVh7xGUy=d0aCX0a$=H@f))0JICH?2ZBJJZmiIr zR#dag)FL7X6KGK+ObSo}Eo)=NUe77y_ z1S1p%_iYArqSH@)`f{w%jRBz?OKCDtHFDnsQ;A~~x zm_94Q^8kavv=L7`1n=?0r~~SR2VD(6d6~K+8^{4AL#}S&DcNzvQZDkfQi0^Hu2TSi z9m-+2{OEly(h!KTNC(fJo0A`s1J&mJ00V#Vg@n_N7&JluuACvmQG925Fp-Uu4;j%z z{>5rIXJWRz45ONL+zlwC`BBnvYDegZkb|)YpaspZxW15CKq~7}`tfm>10%Pl#_qLl z({;<|Pnr9R|29^=;9l{1s~@JkPEI%51uVy-)z?1+^Y#=c(?>Qet>S_Lu`eW9kfy28_JL@hu0*1j2GqxuXI%FL!jSpk%1wXBQ zWv4nkN59Yi6ug@g)5=RjM(flX>V)8e0=EX#e?7Qlu^NKwidy-du42M`xQZRAxPBo= zp$?v@Y*=GaU0vR48b)jo%4{#XoFeRIa;*hQBti(SDZ6~h=iV0*nrqOef32oDe#+^M zb=9MA+)3!DLghx&y8;HSUEXWzQ_|t0M6pdwI_9ZUl|m2WZT_zJ3w3;E@#69zvi=B9 zPVNpGqFFgKC{eO9ZV{gwJz6pf`e7)rG$izOUlN4}RmN-RQ*2a1f5Ycgmz!E)4}lq+ z-swq*ttx}TgrPze%IN|O`X>F$%sR^y2+pf2YQEXC^+ay8j704FZ7d}wK=wl({?jHZrR1CICsN)eN9HaZY#cT9Wev&s?z7UIIo+8 zCiv9!c_$>5=550#;)>Svb$47PC79om)dlHJ+=3%aWLxpz4nm^;vu^ADm;mTuO+7oY z?IIauWw>()idB00c)k3gTORZLZ|xy&xq&PX8-#1R;oV|CQl+O=&PAIit@}M+I{MEa zeDC_0g@>FL$f-4K!xnQ8-GZ#gczPYSU}5wtUah-Ev@xQ=@k;rOR-3S#EwMgt`E;0~uLyyA-uJF`3?GieGGiN9*^DO?a%p>##Ki zF!D<4N{J#=QrkC2lDj<$n+h&;WNlr#q5s>y<;T;MN95mrALg*r_k6J*pNG z^gPrtk>W9Ah@nF@{29b2xr$|CQ{UAsPfHNdjk;P)^IK(Js|++EX<+V|qW%9l1Jw2p>=5GiXypX5m)KYcc1z+G5f# zoAhzFrxj%#{(a0nxF)7kk^C*P6b4dX8QTgEZcZZ^u&mTlQ(wg8_d`)jsX=eE7r@Fx z4=&}I>J&Rv`>$@QaR9+RPr;zA#{;QePOH)%*_iLYXO-NMu_@>zc(a_zZvJIyPO)ecOzC1r<2 zCf&6q?N?>Aq+SOi4+=9*-BrT##As+bbEYL^cX>sz`i8_Oe3l8mI5=4Tajyz5loOefiDDH&C=^Q1oSd4eAzQUAwwj_AP*#dhh;AI0 zknB#;(uTxUxeB78BtV9d0xU2-78d=HqE1Q&W;SA(M}?!7IM&Ld{nE4qh^FL}_Vjk*iV>2ayS_k=d5^j!;u_u$FX6 zu9E#)Ng@>Wpnitd6~~o3oljB8R~fdBPe`~vMqe4z;F8Xak_)eA1lu7YEiyGrSpg)z z7x_=23?>f~UE#u$KN_UXlZoXImjtc3?T@{*!cf(;BQWQh$82Z6@aNSH2d6`xo|Y;K zEM`)HyqGYTE6ZM?NC&0%pfm*)$Sl5eGH}7PL6(tGGBbB{0)iFmWxJ@NyW2&Hu;SJ%-2G zu8+cRoJ?%AvC*V)W81c!HnurIW7}?QCymqCwr%sB_F4b6*51c{_s9Kh<_PYYx#qrj zp1;#6s4mwG@gTxdMB!7k_f9sN!`FKz`)XV9e5y~YylNf8f3zu#1)FlZN9KeCITas} zhd9k#MLGN#hF@St6|Uh&povXj$4+R^N{JEkjH&^xbJDFir*;?MhBjs;fSbPG1C^ce)w`Rq`2&B{pF8Prk4L;%b^^9CvHKV5afDQu# zy~1b!I*?{j1ZNT8n)+WknyVLYP(+qpRT!1|Uol0mXweCCkNU93PHr_m7;^o7NQ%q} zEjroa_1r|L$-Cg>sf0}=jVGiwQZ!8rq%8s+^j6iJE=On$Mb`RTQ60+%3tk2?(bJnE z)QO^eAoKwOE-##Ng}Z;N=mRIVTx~<{Sr`L3ce6!1Tl_G)eGyICC`BXy!bo3ifF{BZ z08$`zUmvhbf8mSqN)FH1H?(TFBuF$#^Rpdcvs&zj6JTUqt4!%1D0H%2zFIl(!&Mo| z8#x@>Q4W*SIGGUs5$yg$89+uH?GGI)4|EB|^zY64T77chzUJxSNF*ro!H~- zqG=wjIVNU>O9RsuQD-3!&(IM&+|YU_N0=fmVxB%&D2a)*nVSR8zxcCm4>JLK4c+bi z=QM~*E-(*S&`)3(b_M)e*e2mmD)J0sY@ujTS^{uWn#ivz!(u4WNJ(w>)ok5j0lH8a z9?*g!AP%muP;Y5O#yIG--`e+?aq^%Q+EF;OT9~kW!VQ255FaxfVO%(H z(xSMq;w_;b1GO90jLn~AR&y+@c$niUGN&j1c4VNG6 zlEwMa=*X;tTm-q)#XAf$ds){*L|ybv9mhv`kqZ42(ynky%4aH7@9Qbj7L~F>da{|^ zJ-ecXR7?G!r3rX18d?roI9p7L<26I{siJO*a1iFx>qX92>m4xM_oW)E`99A@0GE2s zZ4mFIS|tCY4iiN^X*ePS>bPxU>BEa#VE*n8YtjDj{y}y+Q2Oi;CPPaifi?T z?YpPAEsCZC3@EVW+2R8YeF@Zes`D%}8VSEau)TKLk}{1wGhtm~m?2tO>LNK%`g;w! z$-lnP2_zrD1>x?~xp9B*it4pP;CFV=9-{g&ymS4LSl`nty4z2X24aUHd;z z-*rKcL(ibp<8^$tJ48j}D7oBSAE2P!86GX40tFy$oQmBGw^sw+i{)L+sQ=z?@c#mM zd655jyMjodr(5grpvRN#=EY4e`aMU@wPitwJ&{Ja<`#(j0i`t?*3mDc+l@Z^6r1sV0VH)uQBk`e-L4Tt%!gBA#tL(>(*YXpe(Ux<}92W zTIi4(Txxb()fp}ZeTxb>a8t;dRbtBr#AE#rG)#0U`rm*q!hfLQXjjsIeX9RYb>kZZ zS~AO@KB_u8qu(rhIv?0`RA!XJB-gKO;yWDbLetz>$6aqLo#b^xfZ!7u{0mp$?|V-C z+Q?SQ^DHbb=cq9}q@GdRBHti7v7Y*D4r=uNLnVXTIS3)UyEzd;onnTmF3i{>?BSfOv`eL*0@7O9~3o4DZoR)=j;)ZxjEG6>n~? zzcOUk)15w~hmxLRx#!2XHwuv9H#~xS;=%L@WTZ59G_%C@E+=00{9;xE(RQGmPFw2(g{8o`Q?}0s>SS) zCAHk0jy_j^Kk=1pOgx&^@9jV@Q$s^uQ`Vvut&zgz(<(6pEyZiKkO46YAzrPfR-E@j ztqJDtQg{*wP(uo{{})DWgTvDc_^VZd^sbldN@JkxOWGMfGTb_A>OXoKo0IRii)PJS za?aeM#g1!Hg*qqR)Q{e4{ z&>g0BM_N_qnpa=xwH!Jz+O`{;9N$g(xmx74m>NRJFjw+>JxtQN_uGVYF z{bjuw-Apj}^_pU^yHC62%6O89V~l&^!}S!Qr8n+#UYhGEvtKyw@TrjRJHeNT)o5>_rqL(9Q`0O!Ng&<_dhGBd7;xV?B0H#N7X-z_V(OFwVnOA zVn5*ng#1LFm;N!}>)`hyTUpizakr=+K_Y2ZAs;GvYD$6=_w_3xpsKsB_kH^~HzR$) z-mVI`nDQJR^!diuD}u#GlHNr}JV=>yvT5Pgu_`@Ji8OL5F8GE3_4VA%=!b^P{my=3 z_RTBVbqy?jDlB2GMpnK}^tZy z!hAjxRdqE`;@ZiQ7GwNKJp39A4}^rckFRxN$-jRsdQa4xSyC>f041L#ZnaKW@ATph zOat=A!BLlnETNxavhAj-u?++Pj-On`$=;H22RUTlL zLBPcT1oRo$l7%ufpP>DuDH;4>I!#UI@q=I_;OYw~Q+p_dx{|@gzs)ypFkD|AhuC@Z zQz)4T=I{r#4Nl4xddMNMFX%bkEAIf`L2YO}@r!zB#IMcGN;sdm#IaNa$%QE~DKH(JkI5gEznOQ3S7PyxLdtzR z%4P!F3BR!i=b&@}f!U#w2XyTAd}*>~?>ocvF~SMA2(*w<%b-XN_Mtx5n>I4C)G_+d zox6V;dXVK3LM>t!!~ZR8(+BMV8{Q5@2wl_@)XWBdn)#!PuBMfS{|-g9nJT5e2<^>W#01FJA@+ss(&N4K0m9$Kry3N+g2PD8YA zw&Bsv%qhBFN9n23Yugjyz86B+%&PJZ{ZFIz0xkg@eW4>W(>c&jY(SAzV{x3jTu?yP47 zXu)aYrmZLUXosv$uEEFKE&gbS<%;|lQ^t^`+Q;dShQQu>w6)uyDL(e{hI{8)jm@^z zQR=v?7x_2LnU&_Id`osTg5%HA(Ky^4p<*2^z^FLH8S7#P9?%rVrr{j z=N??Xk2Ni26I$B|mH425e9X6C4Pug+d^bk09qQaO)C4G`F5xw@5Q=y&^lzH@Xcsu9Qe5&;hr?Lv7Q*UvjGF z_>hABOLvg3seU5|>U$8V#=$ww8nG(u)hDEYZhHamZ?lt^H#ai|+0^s2pj@N(o#j{8 zG<9MJ2LOH8t^r|fAxf* z*^&+4+r0)caV3@c9T5P?<{%_36Sva4@(^G9z0U9M7eia;du|r}sNq@5Nzv#7E5?@p zHBw?g{mrP)*W@3zx1diP@t>KMBQogIDBeQ)NKk2%JlKJNgv8~eQ;OZ4T}BBalR*O7 z4OH6N`0e&PGjpEYBLgX!(BPBU0+A}WX`PHb%?NCXw5fM%w^vszdF}p*>%4kS7Reah zR|VW_xq%j-wJ}gL6I+?$VNdvZtS;4vC$=Lz<0x*Z^+vt64rZ87$mIpW-nvaQ%;y>U z!c?7jMcBsb&3WJrig?p|j#h9)dm*RD$Sw9GPfGxNI4cNPg~ov+I6q$yoI7fA;)|+7 zdN&@sH10qVOj$vJ8|q4h!X5A#M!9={me$!aQO{}oMXSfP_JNk{uf{7SyG0~EPVc$2 z5LyraQ|kJ>h@6si*Lqcw;pYZ>JvCv$Dg}n}uCW;fc@Ab_kr_6s3KfuNyh7(zuqE|(!p4#vE?2F@Rec6En z%`VZZHYUpKbu6gNnW^+~(VJ+0qZ^HzI_Fr9^L;$fri;CF{%11VwIc+m)1PyaG4)eaB>6|#rsyc68 zi>8RoX1L(;*p(=4qWa?U{e^_r!24rkwA3ea%l!WO$;sVX%e^YQeI@2ej2_nHRr|6N ziat*BYAk?0%|qVAe`*y){m5-o|DNIes1cA^h_S3e z>xOmSYd$3^MiFx`vG7ivX|*xgSG~}R7vrakt{#!~n4|{9$61$r9v>f*wni40vot2d znzQfXW9WN1;jTs={bkuFTZbvD=}u4hd8YZovNb?GIw>=ejHkMyq5%!w{P*vYUW%W9 zA!wq6FYVd7Gk`ah^tcG;TP)!l_J#(gx)OpUP2MeCRRiPsfoeV!iak}c(elvaKbUfIPii=KCtYJbq&5}V zN2yaK#B(VxkOhR-XaDTp9eY?n|EU zLfEB{SJd({x-VxNvwCAycm;AoW503^j?gpx{ z&&Z#6_Me-iHS9M;jGS~=tly!g2T~0qEbj>!pQd-;f(ex2b_hVQ#@8a3@^ro)Wj#WR zSV`9U8l8^U#^a>OpT7aK7(FNQf}4bhM%|HhR;Tv;OT~Nv1H%>GlCOUVXds~FlJzU zM@RlS3WlDXtt+eDRarwWiML|{uD0ifvmSj}g3S-m!UR33s2}RRY327^x8nzAE~nlD zi;B14n*8mG++mZD45!3LBP`65Jr<+v!w)xDRy0n@38&iqXK}bH_6ETF@$-gPM}bYs zH~JQDPR}!Gt&!}m%+vkPe4YUpy)&?^*ZzkD2bu zDW^P>A%cG)n(u^^lh+Pi6%bBu*FFy5m;J`-IsR>+;1f(E7(`*NoK>@%re>z6l1kZ^ zrCwjblwVsr5{-N3@tBJ1Rl5Sp29#)qq)pspM*`*DT8=eDi70J{Hx*9TW}amXx7M!; zs_>1JSE5T==Ji!RIve`<|&sb^biXXW!5#f>sTI-cvL|AlOZ<$;#Mp2;ef4 zcTVtQjF`{G!Z|GaNPT@Q>+QPD;DLl__mxL_)vT12OabxO%#d5j_#;^} zsbi|^`@_PWP;XPBQoN(#?1-JX#f|e!t_Z7JN$YD{#%X>)SdgU0enIOvSxzLKND}kp zS<_F=z5#G2gjQO(-HD}Mu3aN|OzNzYIYqtErzPP#MVC=(JkSjr4B86e=>Z7nLRkSe zrdNniLLswHEphqRpa`k)pTV^;dH-m;JMujNx#AX|)cpf%1gG!qg#9sMHsEwIpgO?- zQa*~HP@#IjBy{QK^{38e=p8|k<8X^uBVfa47hUWx@4V}3Wpk9=Im7+_U95*$VbjVWe z%+DM3p;`le<4oe=J=R~SeAb0PVrA9qDeaNmlCSIr5x*g`@+l5o^JHsrXul#a!z&}- zU~n-qv;8&{O?g5_Y%qugvrh;4byN=|!nGFd_7A-~71}G97%&BRtSk>u0{xK9itu4; zzYS=jn0||Gt44Kc?h#y?P{3km-wvP>_qANV7Ljp1Z<-`^Ep~K3GZhQ#YVTAJlFTVF)DkgpTFnX&99joIvvqBwLyO(H> zZyiP1H$mx0u?Y>gc?hCi#u!-A4;VpFH}_T`D_*zVJmTw;a5lOEy7i4B5vPSYmJnn0 z5-}8Wz{$g{K6Iy5GPvo6M@~zzW{5jlazQcNv3>Ayj{JP*2H&8UE4F;Wr7MaVr*DE9 z)Fgf=)#b~cyj;ekch*yYK`*aD0A@GYca*EgZfK}?l8(R^Y$dgF7NV`_uwOd3TBSHG zVK?enFO>Rg$nPBsyS;vh!F#%)AEwE2_82+7#iVVFiAL9cgSvxtkH<{CSY5;aHh_f7 zZ8G&8nv{iVaK7s=#hZGGGCx|KfQXOhX74pWgM5qllq!?nWIkHBvB57F{JV!*v)yrE zWNp~O$I;xweS555IaU3Qttdr+kidWMlVhv z&a{OQTtnbEi9?!TqA@A5y8d`?MA8%2qO>^G!FDz9-l>=q8VjAWVx^Ay>z9eye)ofk z%?1Z-S-cr?+MC=0s^3OukPts3oBMhbI?@_~p`R-3(=V%c+pOj4yA4nHow*`Wp zyu_qa+hbAjKJ6SIeOZ!@lKg0ROpvB9S>b;a?DE?Ac;khS&!Y@SBx{~sR61IW41>5B zt6t7XYh0(lkNR!_AtR4-kAIp!0$~0BwSZmipP%KR`H?mo^cW*zIy#JlKUo8PDB*W^ zH1I{*%`FD`FkWWGAa0#*o@J9+Ja8eP+07RXg9QeE9Y&=e-N7`1-!nr(f(~e__gu!K zZk!OI5mRq4InQ{9KSARi%A5DI@ezQ)-BtO?UH5$F?vc*&!k42U%;|7M$LAD;RNm=P zuITzvoA%ngdOxK4q)nn{@-CMwrxES1v@8>2X0J5MQT?*X)#ggJ(OE^;R1Ww*oX_vA zI(Rcm_7r=u{bQA*6yAqx$O*)WGe@YaXh_IqZ;a8mI+8h;sl-h0=a*|fW+ z%Cba&6qRUg-FoD?eSP|)0i)gKkW5ZjPDiP>SQJ~H0w^r~ge|Luwib$okv6`;Y%RK@ zWZauy#`-=+37aN* zlUTVj=*-uS-n|FQ>wVaNoH8XU?GPUar^S15<~Kxfd)?YcQ%s!usPOY*e*nY;;d{jW zz4P9-m9`o*q|J?EeZ!YR^GU~nm%3}i6#?Yqm>w}{?VXP(7zc;nBT}C}EZb}?Zx<8Lhi5_SQ5$CRhLsS;I~F)t^Pk5J|t z=!m(^<0efm`0(HWiK*6BeW#t;Rcu33?qixli?WsGd(;ZMNK$>L+~TfuzReLH4k;IU ziNyj9xpLrAnY_!`e@2C0fUfO_bu>_UZ`sxqijhIq5m4x^`U2BVs5l_%k3&0nR!)`u zgNc}rdCo{VJ}eZ(@gjhif_^ogarr&b6pE=Vnmiz`JG^s)%dl6z?aMDa#CSc|7hX*q z>%%}y|Cz17QPdp6OMSh@Xx_C6p>Php$*0&qp=>{L22*|b)E0or*%pi&llF`As zM~s6|wNnqQx6oKAAMjRQA!jQQW|$jP4UY3j%O4HC%~ze`N1bt`fT^gs6bQ+C4c##k zMV$`5`+j+9c?UCa?En4oqd-#ElxI$?(1Yt{9ztG~3FP$?RPWg7N&mJX%mC94D= zj`SRffj*?HHs^knEe~Y0%Qijg zm0^+nAX9O14nyN%2L>NL6ny>Em0pa$I5AWoZ4~l*RM_1;2Y&vT1l)HObTZaN+^r7U zEMPjquYGMPQ@dgopw#do66G83HIA+mo%o%qBO!m%u|!P%%ue|wK!y3X3t=N5x$C({ zW)B#kk?HlpH06qN&Sd2_I+9p^9Dl<5che)WFmh%llB)vFAgYlkgR;;gTCQyX>2noX zAH%@}G5$DYa7M`y6JBy)aGthyE;zFpD!hb~UZh zFazXuMaKr0=os6|uQn?$=bv{b$@y>IxRt#*g4e-5uSh$NBG&fR8R%v7wRcaGpoCIm zu>dhS9hZ}#?V`5A!o)pO11powlFQ(I}BOc*e`x5~ZA`CEBFf8%FQ)wCRPZs5_)8dSw}((o@sl6s}{@r04QB35Pp0$a%-*v?SZm<8YjmEpj3CH^5> zWi*KKM(vkIh^Mih^v39ZmeCJ4xfN_!XjBNkEzUtRHFC@7@*eiA6>fu%ar3`@w?GZ; zW6*q1b7?(Pq6#pD!MrqH74>`%yeC?{7yVj3>?)Y7O+`L#N&UmeZTt$gzuifiQh!b{ z%KT@ug1pE39<|FdF^knITqKzGNy10afQ7Q77W|q%f5H`~byG+1@qXzF-h*4_mbwLk zm&5a!T2WjiDP~wWrSpHMWtG-pc~Ahy$Fy;z?2A6d%TmKLCew$Khg*p0m{Uh4`lh=c z8}=4f8CA`=Bh6&D#n%Jp_ft&Hi#K9UFroQqPEif?wIEeEV*@LwO&uthjQ@Iw6W5i9 zv=86AVV=VHku4ZbNH+1v$`w3s4w z7GciKvimc1q0C%b0;KSkF8l;Zf5C7r&2%}uBJah|%)osa#)!u(v~sRzE3~+M|HVPk z2%ufXrH%hDq?de$oFMtDc2q9U#WSe|_$2)AFl@t^V&MD1#t}ob7cd!HAxy{@AXu!6 zxC*wdO%=cP1ktH6KIZyThMJpFRn5e(=n_LNlXmCh_S1MfBxA~5 zSV6{r>I5R}b7#zsP78>hsHw_=G^elB z>yJ9WJ+;;5LzJliZ zqbk0T;qXHgE%v}5x=en&N-$bT;t-h9b_V zK|qKGF%l{7+B6DUi1Wf=CKdxj5I8NFiz6p=h}zF6{vZ}`d!%$s!*gWAB-=aPj=}6& z2<=?^$8NMbN~&z5=%s$aR_~zjURPmdsi<~IP_^-PCLzyfk3sCYO79B0&9nDA(EEQ4q$7 z3AxLc2xs|Qsyn(b!v|$y97#of^7pU?#k`e<8~ zWJAx`T?KQh+%*Qz2isf36O8$;{X)~9w0kSUPl;;|ot)Z=Les6j`ng4E zwxb0DM$bW^ME0D->?PcU*#n^NI@;NWC&_8wWZfGq1gft!Y56YaNJiJL>{am(-I}#t zO$07-SB)v^uFU)tbzjv8ZmcVGa56uZs)ag7iV!jIRd}df2^wYX$Aevy-Qg47y1@DAj*C`6rIf;n_ z&CP%yV!Hiql>gwdTl5g|%svW>39INqhsSA=$f3hZLuF}apR|lBzfE;I?nIvExzwg*eF~|U8UE*C5D#OyH9q6zKv=PN==)|8>b$VZE zQ()@3$>n$!oS*{q*^c~-zw;8c9TORL?Hv&+F=5)CQ%&<(oCVO0FWe)b_01RqXV|}! zpe*Jrp`i(sbl+i;WSl#%6M#|t6@YOf*#sUxpQr3`at1jBREnQdngTO<-FuUCYLIEn z%Q!Z9P%Rs7Ir_dueO8Bob52v83)(yLb)aXtPFbTSuTfA=_o08t15?gZP?9r2Jr)3? zLEv|5Dj3*N7%_V+;9h^h$7F-G@lU9|9C9pV2cuM4`_1FI$%G;C%EiPQ>iNR(}fDfx2 zMdoD0p#-49(!Y5*zX4q70;HJ|WzHL;)_k@cTR{=sY}2Rmoqi`WTcJSCE83WG%DD z_f(swy_Fe60v{n?4QyGsrrn;rq~eETnipRl&Kbl+3N&eVgT&eMbkgYPlk`>RyS;G z6cuY|hALFz$xig%YAbJJ5i^&wgCNYR@G9)T8f52|)2HDicEB{~fP1ZZYt#JJpIuwB zXf-_^oGpWx+^^2{)$(y5Mx@&eC7Ye+H$tVI`T3_;oqII)m&?g*pNbTlR>j*?G|;20PV6vL{568M6CG|cuSSlAkzXb0bc*q1B2wIqiJL7b(;rDgfk zdL4m|MEJS!>#NYchd$f4?m(`_H1yWXr1Qkc6S1sEsMLC1EI3+LtZlP)h4pG#KOSN7 z`~aRE3?7IGo}{ctTjjN&oKCOHjltRKI4_1Bc;Rg8>W!d4Y!A-(Q$wt7bw}`Y#68YK zq0QmuOhw4()ChJjw)p#NxPYsD0PJc`fN!(`5WtUiHVF|D)l>%aZDp-OXbj>a=7ou1 zhFqR29|PO23!wsE6WSEzzyQj0gCNm<(;6yyx3<3%h&Cpop;|0MHr0!7J#YBRIlzJo z5;pE(!FbAeez-3_QdLF6w|3NDal(t*Z*DqNq3ni$R<$kFSH1oj!FO_N&$cSs1O7<- zr>7yH+Sa!3ed@5#p0X}CKgKR)is_mNE8##}Ets2=f#dLJ{w+0CpGi6Ne@`YcWWcH) zA>wf*yr8(pQ~rVm4ldM86J4$F`aq66@5^;OQlH3GU8vJ}>imGb=0$148d<&)qIM|X z8MfLo#R;QtyDDJm95F*4Z2nAvxzh%+q*E*0xx8}%O4-A#JNsB3zemhvWV zf{v}<#0cTT7$9YVK-Imc;-#%Kou|~Vzf6f)^rI3?1hPb6F}2&I^4)UkVn1h4*nPfX z0Byw>+=IRJvzDpVsMDn%lJbv++o(@oS*kuFu)7xXwiB4vUtbdpOooaI^v?icOe&bQ}v_9>DRw zG0pj+D+HBC{qFs)I%IDC&Q5fe@_p1wgcvE2MThx5Bk4i%_E%F zKejvG7RT8h1CF?=0Ye;&j@2pHlDHuL84-6}Ge!!*GXfe^Eux&{w`nV#Fil6g3K;kX zGStE3*legbg?A`ZXT&hLA=!>9D0A;>`2kLx1qb7XB4zz$@|H*gTVqgkM$F++4I;h; zVV6@XAc~Rd#z~YOHDgCMTbPh2ReNI*J93a%H*`J3<)~@W zN7fK_CWRrf63+-RcM1>pvDk8#1XX2l$308lQ)vnSrwy#Xwbx>Bu~f)7VJpv%P|Xo% zcKP*$ISz^(A4~mBAJv^J)6E(8h>UorTNIgbA zFm0h2DJ6kYp<*G53xx;ABV+p|4^WeW5dksPoA6D7{LEvb^aeGX@Op%ecq6SwJVyIi zKZj`bB(LE;a|Oo4>2v(o$=pFfJ?y*t2)XM=Vf5AneB#TFD2#+x}2HihV5J3b*xhRIO;R}>6itEYCYr_1}&6Rs(7?&iG5R}2Z_Zp9QW4WRT|eq-bY z-W1or3gB32@@YeI98A@D9N%4skHpNpy}l}kt$BTJi+o#60a^|L4*xj2dHl_&CfmNU z)UkW5ogQiT)A+BC3=hX3M2r2d{Doi7>`1K)Z8shPM&PQfFgK|AyfVIDz^$#R!>S=C za;~>eU}}@Z6c}CWQPZ5>o4ozp0PXHU2P&)>7zJ~1EKdzsYU$(3R0xf47(>Yc+`Eio-R5|pbq@%S$T})0Yc{y`prn+^Jd?Vf7P;D#XjZEBsfDj zA&8z!Tl+|)xopn&6|%g1u1$RE9*u;UfJ|Gi=3^F>K&cQY{%zDEYd#;PSr+{iB!fW0 zrK}}Lf}*0XR(Ee!^v0=d`R+GY>eVw&X^P1k!(%IH0?D6^k;iESOr;GY$hRBo`?S{T zG>wN06MUG3fIoq}NV%}{ZEm9$$MNMOH6S#r3)kfgrnqf3OdOs;Pet%y5f@SWXUxK5vE_ ze*v1$#a8b>B)CVsCr6P&!<@sm6KBxD))1UbwLI4+r|V9-*Z6X>NEWKQL0U@;UK6E-au^l#L~`&9EGQa_1VtR<|(itknNz) zu~DP7_l+-%l-k;E-yuuDW;Y9-c#ft<(Clm#gHh;y42(5uU$b0RKq5`7tX;qg zT91EQ%o6t|0gj{^CuI$8@v%YO0NR4?4Dj%cer zEBzU6PXuJL_JRI|n5IOn!5tE+<^yY>cfyx9*R$b$;{)$~0q=Xc>Kk#MO8%u|xZ@cB zJ^%0w4|E!x_@(3jqO@c}sa9-!_mUvrGp>&KcAT;<6D-O5;>@62^EM)q85q~c0m$1Z z5OaxogF#^0=ipq<5lXQ$<-_6dn#!EnkC1l}>VhkFmb<{3*x`;cDlQVgV8@{8x-yc5 ze%msZb;*i~#qX2priF$&aj=9qS$KyMAVR_=Gg?T< z9+qLuYI)Q4dLq1!@=`xECuajM>f__QL`eGx;u?Xj?4B-tTso3zJ2&WJFpgcJW_d^c zgJ-+@wU%oK3fa|&lxMyz*1UaxW__7!kfZs1)=;DBW2QQBh*-DWgueG_aKld{n909QayzZ6hNhR*uM@{o~C|@pX;*wZ(BCg_4%IgVlz0dXf%~Q zi&rza@N=3-V<-^VDEGvW#kEw0j4{j3>Y{t(KvD9+211Ic-aREU<8TSC<9f-Jyc2GC zoGTWKqj(qq_7f26{7hHR%3h#IHNzX!;E;6A>(&Zbe(xyA?0Ld#nfBO-chmEZU}r#X z+$}{W<2g;wKk)5um7$gAgAIu_{fbirdp?W~Rk^`dh3jTC@Bc8IWN^zJZo{wrP>OH!wqI047tiwP2z)vGP9x1=y zys(+DB&Qbo~-=9^qR4vXtZA3_JwP2MBQJ7QaarpIu07dy#dQz!u7JHa( zZv)>Tu2wSS+ZMXAL4W7kMR@F*+ML5AW8ekrx0+?TP1`P)Q(`=f6J3=}_#eg0b{jU>w*X{e8XD<4CKD)@cOmBAP+U%w_ z8g}n?I03BHxxvaoNg03{WBKQilBM=%x#Zy%)j(|vI>h^zwsD`EqNiTo%0o!*or&(F zQep_ua_G19Cw~_=O{w$Dbe&KvCKtlK>+361YDWC&h zqAb8*D8vCzfHmVNK~o}HPhxU0_Qx3JtYTK3Sv3}r$?^A^BrqLLY2t9kB0Jbt^K*#tw0W7Q|a*73G%WnuLH2;W~La^+fO++ zk-?5PakL7?h$VsZ)A$x z@LjdTZlp~hKeSP`;23fw(?lqIAYV5BzvH}JFSk==(fwx^3}!&hqv1v`3zB2u3?{rN zG}G=8M)Q}wF!Nt(f>v*cjlXAjy(kI0?Ew*{Br*ukyXrY2%at_Mf^sfRgVlno%>Q0l zIHg3C`lce^M4N$IyiI!6`8V*cES z{g2Nb$0{)CEBdzkFnYA+7=C3g$~#$l3qpti177~?RADMG*|8Vj)M&`l9qTo6elEA_ zd$I?fLdaPD0<_2C1fu-9U1@TvrjNIEq|7ieNSAs@6oHks))}$Sfqc_HMjO_0j-=EP zy&0+q#_qkeFN>DMAL0*)_Q&uk)yPTDi>-^u@#ubT?j18-^IhHuKn$e=Ne(}0!6NJ! z0s~q+JM<8aY6NDXs-8CZva1VVT0n)~Re%gsf;EDWpyBF|0xQ>bze`-f-TpRwUvH6! zL@Yu@9o_VeQ6`P)`(>nmk<)`FKZeOZ8_w~2Q7v6deSHB7*X;b}_Px7>Mza-lu^*Qk zHhU{#Y==x9c-sp4bi@r61TRmzCW)f-y;jY*4Z-3ruJM)mH*`MQ-^=f>x%U=JuasjF zg8_S5|6y*+%OEw{sFv6~+9DG#lfa6&xH5j8omEp~c|9X!VbIGc7MP2}-M`4+-&P5t zN%W2COq?V$K-g!_6}{bU^Pln#BiSBtp`wYHm7ySki`2833|Q6iW9+8hBp+}nX;+(F z3gaK?H%5omKj>3~1eRd4&Ii}*JN;q3@t5hDshAv+)+su?`>Qhf>*-=Ahv!Mh&)7B$ z*1a9ELP{n-_sN6+PFHUqACvo>xM-F2Qd&lG8AQI_1jU)LkK#(_L@r|bqLSx7N`iU(7=(`6uA7%nZ(taa)8qGJ&*m~H-1U-P35<;@hM?ZfT(6Gh6sI&n5| z3{)=>G}LXbcLQ#5TMX}2fEiIAZh>a$Fvq_+6^g>4?*t3}TEU@ng`{TVGUsxPID6jp zX!X*6?@%ozRjRRf<}aae-y-K(hJLU1ZdYWisAXbyUrIXs2>R#vYGQc+;MCCvjm$GG zX*y3(z%4U9gYivjc29tYzZak)_-^97{uQfxud1DN>i{8=A#tK^pIN6`5V!aORGKkl ziblh+LN~&JGO*VI#u;w85Rwlx+eWcvsi*=4w%-AG?sDNXwhZ|-S?9DiU7KH&08PT_ z#OS*2AtmfAus>&gG2O`-Vf{EzTZB-;9nFZ=xDOC(1!jvu)nH54v_!10T(OV$Ole1J^4UmAnXL_V0}~{ayz{Hj${hm*&MopE0);E z{2gEAFd{Vdfbf%}hegR)ZrJz(-toIws`rM?G!BxGER$lF4$GXeha5|;{EZo8@2sSr zdf$Zi*BB6;6I58Hq$Gwbp=bLmN-p;>t&+o8j8Q92=zmpX4XcMMKiA>qu9`hWp*9+q ztM@Xjw6CZVa;)snsuSlabQFQ2+50g~IFAn^q|!doZ4la5QlMtTtHMI$+{P=NWHDiY@$&eH8fmbFp78sKIb@*zp@k% zXq&w0GAR8izIR!h^#{x1o3=cPC7*t}$q7$&A$~3aj|&CeINw-Za;}q6pCH~D9zJF2 zY#*4aihK1?K*r#A$g08y{DbD6GC;7+C!DAogK1_|v9u}MNsPgJOZ>Q(zUG|*?Ltqo zRV5|FuhV}A>AB!?#Kyq4Jigic@V0(Vl}hNd3mXF<)xTie>8cxbMqJ9H^vPeyS3&^n z?V`2Dy!uCp_;WhgAbd(GOD1#+7Y)_h82|aO7+nOvpaZPjCYh|$9zDRfOW>RDfnUm&Pu@XP}fS}Sf#RPABQ4r0b?M~ z$5@3QyhqGA3}tplN9HC!U9a>P;M7Q-JD{){EwDTZSU!b|{YLv!mM3#KR}VpJ+p}%t zb73G6>n>j`S!HQQi`~SM>rb<8y+>|?Z~M=&RNxqSplG?CB*C`;oJQb4#$g$ccbRMA zeAid8&iLEl$!P${Ew8D`9ggH0IMagjNBk?L9vOdJ9h-%>Du5Dz>4g1?l<+`_Aqb+U zs)d!6Kb^wUaDpl`7Y{O213LY4pEPYX;)f~bFDZgJ^UC<{r7<2U<^Zv*6;)>HIiLvA znYlj^q&}`~NtyRKd|09hB3WS&7I7e!b?WB~G1AtHQUa0**c7_iU|`Y}1I(|7C&*XH zTj{#>jK~8d284H-#1MNWpXHvKqVwzc8bRtxdT3N(7qZ;m>ohgDBOLDnu_hS;Pm2YY z8A{GfI3X^_2m1=_54-n|d+pC2aP1OH{)5cHF=cxpB(Fu zwQBFiUsQjS!aAD&o||F@MIwpa6Vw#d@)VRsgNR5L(?(8&nO(0fg5pv@3ZyVeSKM(2 zMRqm4Mh+*pXF2#a!H&mkC_fo1vN-t9t~RN2-4EBM9G!HuGghfSVSjFaV4)eC+gaE3 zVgjhZ@J>i(%hguva*`}_zGCpm#V^?fw@GamlV?FIfXV++UnMQhBMqw<=lQktJg_RQ zn~@F0aVe&*rsO{5(m-E74>=!!oJnj%y5#`zssGq=I%uJVu+8>e!wN)e%ugw+4S1+3 zrn}Q|LcKn={}(!1jR4!KJS0Se0f1sH;P}TLJuH|7h1O_09V)vn0Kb{A)(Z;nVS!a1 z$>y))pdbB;>iqhQLX5JcNh1eC$1;0V@SO8H4ihIua|{&B$H(zcE!tf)8>2Ag?vG7+ z8jz4GLY$kMYSi9wy0nIqn+O?JQi^?2Gq!i;@qW{^`FUtYKzWu(gbDZYahxE_pptNo z(2eRl0+*ChN)s$rv_Hb>2!RmN}l#;CDIH06sF#kWg-Z{v!UR!R7c(JIwe?V11e{bT)T{bMc9i+MdJM1Y)>8NZ1 zYhKK+RqyJO0fiM)oILde4u{QJV7sempYI)c(Gt8Z6;O1dCQQIM1h95)Y&_Tue|`M* z@HsXnwh)(g_6k}$>m>gC8a-R1Pv56P>@mBR;g!m2WN%k?3&rmet!?PRaqcGE;N45dXn>(mjL2izXh0YUzd7eOmsd#bwkDF@Z!t z%gPElOY>Wy6RRyCts+Ll{rG^4yM3B%*bx#EqUYQssG*@$ECAgDw?+F-=J(L6=hpnX zS<}B*qW0QchJg4s}JjW)y@K3O;~PN)qY^Hb6FbLfx%e?tvr? z3EqT$9w5FgDr+>Dqq2rU3vl3k?yE*oNmPDOVnpT@i@1+7cz*WiuXU5pW(+)=AS9QP z4L3Nw5J=cuJ;MYhYW67c{;FuQJ;=Aa?_t1}(A~yKA`p$oG|x`c{WwCL`#`~h$ry+l zCyw~>(0LE$XH(7W=cOa3f>~!!>G?Z2L6h*{UCm%JpP25|;6WZxM2&eNz1H%tdY<_< zE(@(vIx1C}Y=|}OJ_j<06UN78tPJ0Xn6tm*@mWwV4JR1xLsl0Gm1a8~m}N_FH0j18 z`-Xd97nDkakuFKei40{C7miKdkQ!n4sjsz5hZzjFz%aduxq{N8Pg4=<6AbkL^?`sY z`bP-7)7Romtc$;P9IdsFRwCS-Y39mCBAf%lL3WvQ$!|Gk<34HDL%+V4uP(9`z2R%^ z5MqYF9KHpS9`|SoB_OtHjVkd%0NxcqxE9*YS4R(kSPdbi^c4(&J98i6zBt$cw-^K9 zk6paACh!13@BFY|R~S|O$xfZ43SaFW=Q%vc$yqbjS;7VYid-q&vcH_pMJj>D1u~GK zM2Vn;;20pFs}V{x?G@din*l-O$0?~tLs$=4b|LPhDJS03`_v4nWsA5qnLb3U#8MTi zW-fVY+){aRN_uC>l?M_{QclqX~5qDzU;UsB%5vb+|PaR(u)X^m5J=i^-`CFY? zj7$2_Hc^ktmXj5LZ14Db{hgYsp~3A{wT*^z(rKO%lu8$A$usdf5*ebTZRwFQ=89oh zAv=p{zFV`#PQjAE==GG)+s}Xh=^OheYhn#bg4TNIft9)5!5J0?26nZfncdvW{A6skei9ZC ztRCeEALT(NYd0Xe?5|q{$8@py&Kn?Kk-1#GJ!A+Od3hj7t#z* zSAz|}yYl|ugj0|I5l)?`9KY5EcCVEiywX#A>L$#1sb|)0iUw~av;CU;Jly@p0KPP& zuh$%U+3oX1ubUgrEMLK&-C*^|#yo|O7N!yLppjDfvk_vIfA`p2ZUd5#YV)%4v_yjt z`CB3|eyzOoc7`oY;g#fVY?#7f8P7FW-!`CPS0xcwLrCQ|R4ZshdM)~G7eAfJ;@a*X zV7Ae&tb4@0F|x7dU4PXzHJT2O zNfypplL_S%8CXrUE}&lCInU%;D*tM8u!n{Da+x1nMIM67dWfukN6)cOK;3gY{?EFW z8L+MmMLoNquoV^9@umfYpE7TRzKWeAQA9j7x79oVa{{Frl=MIm(sx(jS-_4)ORJ=^ zuny9V;%RRB3Uu*M2VPX;92p+S6we6f)$S+FLbZXhh>Sq}fqFGjq?>_0kKK7i!T#v5 zc_0J0Aq-IgQGmHlk4^A}WZrdX?vV^RzRtj1`Cfyvyf;Jp|5m#8qVq+0^W%Mh80{(PQRA> zOi!-k1Djpe#LVs0+m>BRAHOtQDE~CNF0I?K-$JfPr*3XZN!#6_x%<3fmbk>cJcb$` z+mz9&%Iep^X$#YBX-dQnBcKb4_MD&&OV8-b4HY-82Dk>i++sdp;EF z(bBFl96Z&`CtD3T&IC*-HI+5s1DFj!n**7ROnPco%YXgvlvMdSos$1jpOvZ z%DMjnV5#yIYIEG59oP9#E)9@%s(*22QT+>lrY;lJaJfCOU2bh64mQ{az>8TMUA1<) zx#_Cg6tg0f41;peQJ@3?KLhPq9t%c-raFS+a} zywEg?2chjg!zAhlqDC=SYMM}f%UYpnki+HxIJXECR!BhlET zh#UN?-{zo9pb&1qFXU7q*|pwCuqtwJ&O9uVz|hnqTx(ou~mc@+5T|e{AN?==C6>hu1SBp)_Z=L zT!zv8PRK7y&8duFLp+erTkES}$fj93qd(>pLMI!w=KSQ`oTcUh_f)*mS@j@915`?) z*GdmWEzUv5PG-_2d%sw7V@)IY_)d^tgJR>#> z{#7mUHJJ&jUFB-mVA4?j=rgkAJu+71u|g3{TP>3cfhZu;3Sz_pc`c^G-P3T{p;B?A zq{kK$1pXJDsFLotdt#CeYCwJT`>NvR?cxFh`$Fi6PUjPL~|Rz0}iVA})t;n(h1N(QMzB7E7k0Cie>7J9<7+uiRw zesEe*=>OkK$DumS7iVxG-h%`ONr6JosRB_o<*zdT!f874nBV#xdmBWutwx7<0XAC!kW<*jNtq zE%T5oEbB;DoB$~#e->l&9G?(iaj&9M2e#o|@4_-%*YnfYWZ#3907qABSN^!q8eai9 z`W&A~_6(4jA1RW$w?p*wNA;XtQ_!{l+b=muV=1;2pmtzfZ1_Irbj@2r#Fr`Yj{=$% zmGEB*C^?#RS~hy_Gml6VtnlpG05#QE7pN*QfIxb6tiFWEcPo@X4P9S9Pzm6RuAZ9vNRF1S4ypnC^&#na&XQG>_Grn<$yWl*E^$vI^DSs@2h~(Q5@B|$}fJ&owzfn z+1vX0?x{i64m%HBTT{gFj#id+z+&rQlc_<3hPEYtOj2x*Kkk;+GA`05O^C$G_ftFe ziHMcEy(1|HJ@1WNBDUee3^qK8(rns>_7I*~Ntp@tfCx+rqb)Hb2`;U_J3%zPrHTeS z_T1Dmt8US-nS4`bx?HJ4Q;&b|=vaal=PJI<71Y_5Ee)dyCY0(w;U#JmNBs1YV}1Q{ zbGo*2jJbq_UW&{2)Q%4If*VxF4wQUH3$NZW95N1hTb%`hkU)zl7s+0 zDGWpg0r@i{RW#IN*(Ds2udOE*hPYzlo*Fj-Zi~4yMLDV(`8Cewvrl{Cdw2r7cM>3} zJf~L&t}^cpsDRxsiEZ!2;{dSRvs7>HdK&- z=~17+J-mk+#OOR*l+L8-ye5qoFDB;!+9^VFkZvp!tCYB!@?*q>rq08#tI73c0_vIh z_%lerR8;I@E+9-ut?M&^rM3PZ(MDqrT87IkXl?cpa^AeQYF&scSYQ%Lv4n{YbTXa0 zkzV7+BvP$VCRX~K>j)FU6*^F9*xtDg#ND*3^VZ?$3*uKOE8sXN7yU*QpD+HljiKd5 z0mGV{-EN?&X0vELxu+uz14Lob1oM}4Ez%O^WONT8o8Rk>sS5q<0PN7`pq<8!E%0il z6t2)p9))c@m>=^BD+Hwws?-z3%ldJ35DAi8ED3dP1)x|K4-4h~RR1wt#YP0xkI^*1 zM9i&~b#=&P#&B*{SXg3MMsD2O530C~dxBaRn)wfyN024>-SIfU-(N!ro1Eb~wp{V{3g7CuJSYERT%#Dpf;uaK@C7DeysQK9+>hNS76cq=>jX! zn0(M8oQB%fk0ZD(x&`cv4GlK;tq1{Jr-Te4ciSN+LKqt&NPc9bP^++w5s9nJ3aA!| zmcSpAtnRSWj;*m13)`vbz^Q<+Vkd^Uaqf6sYRe#<{1oiexDlC-amv8qTc{4OT9DOE z;aw$WZ{mt}KUxxw*wKwh^&wLxWVee@=|IP2H&Q-Ju-a^PRiRO#Dcys1UPv8VW6QJa zbd!T$!%jIXxE+jrO*Pa)qx;`x*D^b49Bcep@aAbm$q=e23t9sKZ&ID%;b=A%0gXF~ zqJM<|_}0qMpOyY#h`E-7(1?+ZP+6dr;A$!n1c(qv(6Sc!9 z0rh8-;RX0=#2t8^nOv8wK*uMzKcDN z79hhs-0AH2tsfWUX}(u423eExp$SeU;td6p-mAfTzNE-QAK|oodV4XCUPbKd^2l{V zEm!G{_>fEm_7hiC^N*M>q{Pz$AYBW-_9_M{cr}Fzg~eB!hWjkSv7EwYAcC~{Ihqb9>qgEn<4cqQ#byy&5Fn5BT}B=;0`f) z{r}S$pyM{o|2*Npn>a)NZxnNr|7!$Mp#2;0JpUa5Kz@K8|9#&C0{pB0`R>g8zefM} z&=CN|u05E`VpQfvj#Y2Z1C>5{+JhTPqx1*MZ4+4b!M7|5g!q!jE6b3>Z-K8_;<$dn z&{cOS`s2HETUb<8mx6&-mfBhN!n?raPO}rzP9L)Gev8a7aWqJX0L26e6c{iP#3UbH zdit_Ldr0(@cvVg#NgDAwqJMSY#YUoMX+OJ$Ec|CS0c8GfD8yw7PLgAzc0;gEDaWZg zcXC~vq2W<8Xe$wT=QOdJxHSJ^Ap>}x|l_g(&A zA1i)wYjrea_j+{AU6^J1n-lAgAA9_KyiO}2rr9(f@ycIofw@K2rZ2~)ru`YsCU-$E zwSKVfyOm;9rjFmZ*VzA)?A&Arq-sfN6lPP52$5pMMANX-ZNN1OXELr>Dll|}OTO9t zjnOqj$2Kqj;Cr(+X$L|)9q=1KCl6(TmP%iX#tM`Au zr>~#L-bkd+QXAryOQC}P*qRz%zfX57p$b9S88 z3G4wuP()QFJT$KyKNDQm9hmiTp!@Du5WnbM<>FCH?7-UnH|?5)nuFAsB@*9!{! zOV}ZK6|r0^=dd^`6$E;txfJrIAL5t$Sd&$VKanXr^KR}1faubQ?S09ThykjmLl!Xg zA#z)@ruT2#TTpPT(_M0phj4a;5iec}Q=Iw3^ZY#!93E~1S z6RM6_E`svm3uU1k32b|J{quV=d9j?!QM$e&2^eTM%%(nIqp~aWy%RN&5nMfpWU`Kk z0m@7qH>`MmpPp$S+8BQ9_WTPtVS7u%e(UvjH~8YJ*KVGG!eFKsk`opw!4tn%4@GD( zzjvrgD(pllVTxznWU}QUkKGuN9hVPoW>-*@101UX-am17sg}iTuvdM*NhdT<(_Lr# zbev*axck_vRTX>9ELBC`#RzK{7{DuQ<-T2i<`b{*w2^zie3v zb&Ed^HD#t3?OgQc&Cb8$>9A?jRRP9N4^(Ugt+Xn5HE~IOEb5dojc%;cldKOgzDu`7 zD!IuynklYB%W)!1+89qs%{`6u7I z*8>ap7w}ryKiT-jw)&IhJewGHlx!BumoewWQq?>CkTAHxL!zZNe)()j3EvSeWb*A(C0w<-e{Tk|_Eb?QVNX;%K`$=&{8dau+?atER4N3H zC|LZL&AVJBS8cmSTZUB8rz8J2H03&EZ9;@(z869K=$b4ubtnCKBIpw7Vn<_y5t5^Y)F793?fKM*#}Pw^&oa|o%P z=mKVgF8F_DL@tz#v4SkyI($<@K~#fFAvqu)^KUpP6*7OiXk^A`-b2jq$?{`5y^D{_ zBsW=9sLf8_tI}}V=Ca#-it7$4kPi_Ot0Q$Xu%zvqPmisk)+S#;FQh#xX`SQR+qEwAu*hcjr z5Q1xT`S?Aa1YML0PR@Bx$NqS<%1&&Va94xZr^mU4;+$BtQxX{k| zbz!>myXrWdR;QcCE!1(Dm~_`Ry#Ok)d(u%-@={lKNLu`aE6rizCk=c3of-Y{w55@r zm=$3fuT4Ib-}YNOQ5+!uB!;PM`yF-jZ^|@Bv$VPN_A0-B#;B<=@PC`fV4&-Cs zupm2yT4N$F$S6{ahB!RLi2=bmwcO7TG)y^i!06{bJw>G5mC{M z86BGFk(t~%*pC%~l(aDs#Cj)813Qq`a5q$7KIW0Ktgkl&KivpU1K|yvGvCHnuQoyf z@^UtejEZGh;+vK<+Mf&r6D#Zj&ggDqiod5oJkPSE4Q4Cc(6*!wuiaXy+7#sXi3@Hr zem^6i7=ld|QPPe{B(o!v+j2_ua>c9NHr|EI(&vao9lV>#OmL1CMzJxjD_RTBSPCs5 z>u8=`RhCyoMWO})N5JJc>uJ0s(?8;j6fFfiQKz2s0S%Ppu_Lg|9L!64$9*!lZN}JT-JNB6@x;z=1{;=TURZd zw^7-E-{K`mban4$5S5ccMEC&*VTbRqjl$alU(bG8*%F3&Y*y0%u$T24HW9hY=s~a1 zh1u(6yPDoM*9}S$gKq;Ip$L9GV81@2%7#bMZ zNnD+z%htFeDoqHFRlkePhQ2|AmR!QLBx`eyk9)hW``e5^fVV5D%WN)i#7TJ58=>IF zi~Y5Q!`sk26b*mUzHNN26CEiL1^HEeIA`Ly-YNh2O}?>lc5(J6`a^R~>b>$vqqW|- zdrAr1JV986+P?&>wPbhSA)q`4xD zIy6f3g(<&R6>KXS*w*gBglpe$(?T4*vQ(;t9@)Q<54udty-PUE@TnWnELUkh%VTR; z>U{BiGiTyrQWjXu-j7ONP9Ene(GHqtUZjc^=;2ESi>C|z{1v#v24K=A< zW8Vr|A zTSz`}`fYQv0pH*)Ta|oP9KKiaDkhCWoQW1dHNwMfyj+@!nV(b6p3!!UJF`0>ttHQ% zA2zVq*Bd>*O=nsfRsCJeyPiSJrhVqW6Ujx}1EZsMy$)}ke*@gg5mXhIXJN}~dwy(c zdsd)19OlCy=`*D_fsLE~&EuO`f%np;gzaQk(t)c!SgR)Ot%cifZd-?u;i^58USt!< zC4B^c({xn>eo3&sc*D@k?m(4VTFzXVXv;A@-u@`WBg))vU~ThwI%15B5^4BE58CF9 zxP7Wot++tTRyC-lmyW^^ceUNH%*L-Gb>vfACUw7?y{V3sQ78oQ9Tr_La_mPI=<$uF=tD__5K`AmS18G-yQza}g^M;jYiBVqOTeoS8hYOYct+aO~v4ZmQ!7 zNqYi+1yrQu0?}z)iz;cxPiF^;b`_MT;YJY~jTahPu7OcBSu082__X-4 zS7yydaqi@0Bp;Q0y6=M~HGV&d68MLz&e8v@90``$R8q3J{Vr7dKfHTm?bx}gZ`WQ)o z9z<#`P#T;5r`z&%l0l%Z$u6!S%@m>x;aAAg zc}cG+R8BrG@?t?&iVY&CuH8H4QIYX#CDBI)RpV)~bkuZ5uLd_SkJ(eL8IK|}MX(Mk zR1s5L*ES|DubF8>yS9duD2BKSl(+a*h^`7CIm2W$y`}jyU`ZEH6Z@Sy1U`;MwQfMu z;M5N{jg#E7H!g*omFU;^)HVlT=Y0@4e_0kY33ClQ&X0dLE8=FSr4h4jU5wZX>ns_3 zo(ph5q=|N`wESGlv&_xoLHQ7P(Kg{;lxJwWSa!?H1b^vta}bjkm^ znTph-b5-*+t~+Ij#%1Jj&Vy^gWE-kU-DxBrFmlJQ=QI7yhwmHJahJ5Y#r#SvoWGT{ zKQyV|&dR|tGj7p`5GM!!8O!{{oah_0!{>AIy=jJja*CM~)@%z42m9cd&hnAp<>R-4 z1qy|Bc8|-XUUD7C>PxtjZD4>HHa#{w431343i!tPYdLb&~NeUP)tKZFWyFQi;vE zgzOVes|rNT=`qg@sqV^lA>dE7$&9D4%Zp4%cQs3iRd%mmc0TcZOADCP?7?8*udP0J zv6Pa@Of#p&1s_^Gu|C8w;la zvJy_R`4~JNEz2u#IyotH>>J|g#rSuv!FBGwSw%rE>@iE<+;167^J~QTs8;=Tcd{LU znD$MD`7H_f6Xp@u&)bAHu&rx7eC#u9SPTZ=KisqoG$U@Q%HMpRB;lt8`0&X~BhvKO zHQ5tuHT`Z|_T#-#QCENd7+|y0)u+!yZwL=Nr));0h}%TYsj8OnakF}Vf7J-sfkV${ zy(Q_l*@?E#eL=g;pU1d~8LCR$eC$?J z5?he<_#WI_Bt~WmjAKRw*Xk61?4ODpEPsFT5Hv4Y2NV(;%)5QPIqW$Uk(leq z9gTDC&MHneI~R-#%Bv!3TgYsMFh4@g+vNdTQp&gH=IssSmj7pVO~Q|H&xKa@kyG3s z-FstOVY=pd<(4^VR;b_KKZ({6>$k>){fhB3|H>iMYQC%mgM0A%Ty^oc9m?EQsK;k?W3`INJGS^b1XAf{F(C^y}0%~?a4kWuo*cIT97&fvf;vw6cz z4go)T!xf6KQ*+Nfs?FaiSA<&ZE$7{^Ed9xjj(q<1-)4U}L)oN#gj}y-beex16~r1P z2Q~ZNkR~qFes7$z+yy+tf@wsjM-O2fc+4hm2!H3Fu761o!!g1(;_^SD1oVq|*h7fm zdz~1ap9h5f8VJrYuqO~wMMVk_zq||kr09%+D=cxbTzJ${&E<3Q<2~XpU2&lA|nLBNZT!HDc#^R3K6mQRoS}57-SO(son5 zD>6HZ4(QF~;21hv?~!g9Bj3R#Y8yqo|JkyOvX=|}vX=qa|EB9laZy$w1Lgcs{aExy zmnh00V?)k+M?QV3SQbdDtL&Sfc9Eu4?b7-XX$mzO8!B%zc30vk#Pg!qQM^=TWi|+` zY+->es1+rX@o%S?T0Us0D#2YHdqyzI^R?MBcpV4F`_bWJts7>~sm;{sX@KCw_Kjuw zqbYtKyfnf18oK*6q7Xq|7cbd&!o0_TXH#F-mGJ3@5l^*v9wIwlpfFK$!=K#@oOEw; zV!RZphyD2@?{6vBwvJRaj#33Hhakkp1_u7e4S$R`^^DMMS|H1!w{=F2(X-&RcqS4y z0(d;fv!iR|bG1WMNp!~;xXp$pC&su2PkXCRc*t(&C7yce8xAMFS@5G5AH$x$YxOdFJ6TAgE3;9->W&3h!Cul zVH7MBXQv9|BS#Z_k(2e^V+PC1fkhEn7f|`S+FWBZYqP4z?s45)DbG8Pf->c4XpbRl zhG-{Oc3)fZT90!^spDd*?Q5J%s6>cjDe+}=>L4-do0@WK5m)M}Vo)31-^35_z?9WP z_OsmshS}IEfQU=Bmg+y?&47d<5riRQv_Mv2nHNtPe~so2aIt2eut0m%{$c)e4wr(M zFs=SEDBj1lV_Wq670RhScQ-!W(Lq%(-#_9Qv7L)OxY$Tkz?Z`{tjqVB6B1Q=zQiAM zT}P7lPTnC7OOPI&>9S{fdQb>LhhbDQZ?p$LoSomTF*eNHKkR3D%OCPeZtE!3 zI(?5!|6qBc%3q-^R7W7@2oASN`5H0W10T$;a#Y&8b$<1h+nKd~@J2 zY|B%&w-_cOOQa|)`m|Yz_w%l1&J(*n`is|s(20?55|rTch{iBDyzTFa>TZ)GF$LloPFVrypHg-bt zDETgJpBCH|Eb1XXe+dfuXan188rm_@bIZOnkk^fuya%?;!v)cSy3kR*JJGsWonR`E zZLBv45rmhIm@DMxTDGOAbQ1faiRg&-)89k+ zA5gZEZ=30@g+cJFK1Js4^pUEB7lfjO>ArjZpezmfp=W1Qad}O0-xA#+QLX1oPN;X_ zg5Zh``Gl=t9e>LZ@?$VZTN@3w9Iz65mEMRTKj@WvB8$^)@?y;y4Okeso*|$}*HZaF zNJ3RMd^&7!_Y72!Aa&(2esoAXIJw0nVai8?EZbr>rS;|n2PwkB2soBqufmAsM(Bq6 zUOO$Js2Ul0PL7T^%K?Rjd!UW|l(~uC~ zd(eg<9T{>iL$y?0U4^h9(80N$lLg6z|4gy=_>`bL1pzz;o>$WV3G<&j-^96@s=$bA z;TED?giuDR+{v~jlF@s5X5ktL>-vxwYSD##9uu$A>#;8FFk5en3vF;GQ-iTrpgUXp z=Fn0Es%Hpe!V~BihizC z!!@O}q>O9~YCqNvI4)D(IZQhvvStG6dil%7Hg^&;eJwE!v+rtcxT?o!DLMPGVveZ-@4$n=w!4y6T! z+~+OzJ>J_Af5zd?vBM1#miBaa*q06^{&dV%^V=CiIgE55p@k*Y*qG%qT%Ho!NNaId z*zxuEPRK!caPI3#%*usp5n|HD$JUbnh809f`^RNNc^N|R+G8Rlzz2!sDjX>*&Lv8y z??g$|hW@&bK-?K^26_x}sJ7^sx`kG|bEL&$n5WZ0CWSiesD6Ys;?(KR&J-^@aTs)XJsV&ane#IqL0%^iKT7|SK%`JLSa2>H zuQ>mWzQn;H;~LR)8R@0B-F~#5VMC>Nq~7~*G+dJZz9L_5?II*Mnqo>#f!sHOAGF4N zdY^6*HVsZyz+^1(R7y+#F*l6A4uRzNwpnz;{|$7yKl`wp?+bPsu*~T{fIoVea`zrf z;4_g5%+F{GlHD3aHem3vhb2}Y$$^O%OV?iU(Amu-i&_`1+$f))2isIg7rk-S_3mVdhPS3=r4}#Tzc>oq8;WZ=RS9*wi@qAB z!auDtT93x{=ikl`5#3up;IGYX&qfxv)%C*)4`3}|LprS!1 zqM{img5|@clr@fo!_Z1aHWo;%0re<9$|mm9CnG2l!nVnCmje{nDX&l8jO$bR6b~(n zVtzCz1Qomz$~B?*NJr~eFH@-F=Zfl#aJ^~r$K@6p$)IWdXhn?R*Ys!>vcQ>})9~Uo zW^-4?eemIE4o*h7?I#Gp!}s2Eju|Yqw7fb|{exk_d>8K+kW&<_|9Ua^WOtjvIBum8 zu@-Jcc!g#>M!tPXq4WtUty4E`Q=#S+lWRkav_#lFq+XciieXY^WzfD)|N4T7&3v9R zxoY1eG?)V0@z7}0TmG>Vd5mu`hqfit*59PROA*if9JY#l7IdLZ<(USUe zJ8I!_(Q7KJ-4VK3r9QtH{(An|Pd~$t#?qIxEG89D@yEAaJ#>!x%W=A5tli7mkv{Hr z*w*h$Iq&7H2VPI@aq=&WKR;mRe zV{to-t>e#K<&JrfvRF`psa7X@pj2a)tM@>myeo1#XgBRbCI#?vu>8%_-NjW2`oIXP+t=LC{yEZ+ z5Q7n95-|JdX=MxAf;SChbRA)3FoL$9SuV6=vFRHHmi_`6RVp-6bXXp;N(p<-_&Bg0 zB9%wiBrJuY>tDeV=&y?k!n6&*Ymy<5&I+#L2pKL+In7cDzm_gHt~E3>CyFR#0q>_8R2B^sZmdw zD#aPKHSKpb{nbOJy|2)USUOeAdY|?WP%PPYRz(#uPpVG*LM9FjuS%55XX@ihF9iJ; z|0D<4i3Zkd)f}=>iovb#$NH6d@gI@3%fCn@ix8b-rtaaBH_r}3q)u@GJarFBHz|EX z7`&C_RbSZnE)@P(lFrXZhsxqlA+|c)c2)78HG;q}G32J@UCN)&X`@TLUfN#x-{~iy zNaE0{5VSn2eQY2;k*Y!2qsr#Zf4BV0u`Ny{}D(@w-4T{FcP zoIx8zZS_Z9F_NPGV-pDl*vWEukkA_~*0&p_Mj^15pL+7TaeEMe7aLpa6Jb>8bre0J z-0*u(kR)y@&nHZS^u`qHX0bG6unhj>DT%y@&EQ!|I{Yh?-uLKNbHdUlXU&~3a{uX8 zx4Pu-OuZl~5tedLeP4{1mH4@Z6Bi#ru{IRsjq}8r;*+NZ_S^6=5cSbv<^cA=f@b|0 z4CmiPYd~=6n0{XefAoQTc+ma$TrS8zVID_pd=O^V43e2@Fj2-DHnuqXHRR1U@^Wyz zNAuYWp%&2zr@$^|l<{?a#2}TCjU3@|h0EomzbBJf7fEm*@hoj6*cj@vItflTRME(r z=V^~$qVxH$%jK~?Tx2{gz&9nhv0btL^D2|jaCX_6+SPpxEGmNJ!p+bOY?#&z_d@NJ zURb8Z<@oJ7ES}95(wJl;Bo%y0G+L*VFJiHiRmqd5>BRflyr2ARJIcq|&oTgC5V^3W zMT=LNr7hXC3_;Dk z5uVZ?TzpvZ!Ngr$H5Zw4akbVK^f(hZO3y8trUj5eX@9-uui_f>zKL7T{-Ju|l%DP7 z)h$*QQzN5>pc#+HH_vE3SCEr30L0LszPbtn9B=etQ6R}5{S0Gx-_Ozb67tqsY?JNMnX3`~M|jg|Rlj4?xb`_DuA(nO8pQ_+eF)AvLuY%>Ic1JaA)>2zx&h%J8?=eK8k9`Ba~dedo_lwY|i^+kge2fxu& z-dx2X0SX?ClAV~*_>~4*Sr`{-bY{kWr)L)VqC1OseQO~_rUVM{3Y6GlhfysO1k?)E zoC`zkr)Bo0Hs4^)~%#%IRadP=?UN z4)42s#^SPGQz!o!={CVg+-bgr>6 z1!YlSQjcvM1}yw@vE=u!bfusg``mc|7!t9%2}-)7c|)X|Ha4_Ov(`&}GR;s>P|dBT zCbePg8$sG4KL4rYdcmdx2)m0*6{0n$&HKll@7j}Q3Doz;l||lmy^k`|L$#X0V7)Ge zayeA#5NyI+Ag>X);)FQo$ayiDp_}yXVoOO(vd?Zz_c#fO=~)~lanZ!xHg-DswkX_n zaj=@c&wjX9F4WIrJc!!IH5JAGnpTL8F)p7;nTZ(I9ULG->4YaW;n}?NQT22+Rm%pC zB6C-OJtb_oIm1^1VeAN?c#G@EFH>;Nl~4(#14eO;lrj<<3}Ey%X!W)P@6vRa3KT0t z*p1p5_*I5bSM`6fc2`kxL|wb6ksxU_K;!Nj+}#3%;4Z=4-JRf0aCdii3-0dj?yjek z@0Y#DIhW^(F%syei>g|y)_mu)WP^o2HKFeYoHQRDwiA;GA|i_9gvCD+PkCHphkv+k1Aw=^@4YGb-4d;~xD#|HZ;w|(BBFQLkndo z?R49hI`I^<>uH4#4o8#w*^rBeQ(d0P`5SS+Wh~+8z*{(?-!I2^_#Aqs0=@A#A*QBL z`21ffzfv{*lHRl)QTwBZ#*3)VA}u!I(m%c;;-5hs2+cjie#MauM}A9u;>k6mZ+%-I z7Z-PXTefO!7=LQwp4yR8DkSBY&)vyN67yUUCav`B_alN@@osltNJBn#Z;t4z@cqI9 zP8BI>hcfw)1P@O&hN%zp8{@O7;7PFFdxgfZK9_99LF-TL0O~lk*UQ~yFH-r;WI-7~ z<__XUq#0iWZT#|8c;2z5&xy|WiSC9>%VqC(bY?2LGh1aRTebB!go=-uZ@^g1^-~>@ zsgE9-9N3Ti3#nouguX9Y+P7{KHZ|6xaBa)fm*zkbIYv-K9Oz9pXkG94(P2=tE_+Zv zs_6(7Z5;S9E)&pb!q7nx(VtU28A?YP&&)8@RUHxrKrd&=vix8kv$t0eNGi=YvUYT*D&hP?B0?8|U zL$w|hS`y=THH|fBXGGH3Zo`k{EChT+IGz)Clxbf;#trT&wcya5s$i&`+Qr}XZJ6K-8cB{p>%NHwtYcYMrtBSOGC@!M129jwzqwW?35!YNW6>f%nt*T z>9~THI5M=)=0_YX|3O!R{FoS=i0W<0dNfgQ#IJp!2&ATs3&HQVgg%n7oRS7UclY&7 z&+8tldi*32MSl`|>{Ak1A24=B0neDBg0Rv%oFvouq3Qi`A_1?RQ2Zc;g7swlr4GPVNM5pl}a8vbj@u` zvzP5`o-nN{C-+~?CWU|{5`~_8r@WA1WV#Ex8v0azr?$-X^g||91LXj4H-TCeiI=3%(tG|hFhK+S{&RY6Ty0=q5%uHR zi+OIwv;Nv24R(OJaPQTV1!;5bT!CbTCC=&r@AczF1wVD4^M+syPcuWjEby4sq;FlL zWW{k|@25>Q17QpWZrgAFcqr?F4h53mH%eY5*4vt&u>_T?+SJvVCMp|QJgj#c!ISgn zRD?7K4fN^zf1bkJ84>Z%f7t6pRGZ6O#|?N1@wu=4THl-$2_#84?rXZ*-^ziPgvsz7q zCWu3i3k|JESw*&NcPy-crG<%cY+dQ;vt}C^Axo02MOkGPTlXtM{n+!ttkUFPnGp`% zft7N=p0aF7)0c*7yfGo^Q*`rQ%T<)H;C|cKYtOL$qZp->>-Zv}Oj_gO=aRhb)qZRK z$^1pGfZZK*Wz_1{{LA!Wcse?H@XG7!?(&8Lw9ut2?QO|!!Bxv=Pp3GgA}c;wu_E{5 z_P|YnPg;hg<0`vpYsXhHe0^Pdr}W{!-10dKQ=Hoql>?5cSvx?}JlUNa5d8Lo^0^_* zsopZJ$fwG0k9A%3svBG>TcsQj&k~j*+11U_nHlXb$OlhOLi)|r2&Q7zp#YGtW4F7?$6p3s!yQ`7Dfm;VD zfVxEnS0*~eflQ77+9J7ES=<#nQBb1dK+ANX1^Egy*HI{F_yM-9mY?J3VN!0=`PT!I zhjoq&8$tc$u)-dY9oV(85H!*8+9co1Q$k|k(TQpQvgZs~#^`9Srd__E5k?uZx~tYJ z(@E*zLTxJpFpvMhUoV`goKrlQW}mb5ON*w{0Y!n2&0?f<-Hx!4UepacF&P_f;EI`* zU|&!~Y;ic^0>$LsNu+$~loW|jmdq0PVV0tWzdUJKca6I~O53|I$G{gt^(xbNqfgP& z@--|Y&gP6=9~aYfbUKuM9(pa+Z>)U&acs%ae`Yif=K)5Eo`-w&DgHFKCQ;3H+KQXO z&K;^m7T915#JsBDy%K0A`Z60~>_QbTQx31>A*`O^WsAPGAd?rltmrz@tdb3~3(uX& zg_~Q8ON3(6M!E?eKx-S}7N_|Y)+oflIZZ?d2+OH%3<)X6zAuu3;1c>BpFMjhREvbn zah%kE#8rXRD3j<7=Cec>){1kgT{Mu(B#!4ujrEEfI6)Pin;THqQsFRk~=}P47)v!;N`A`=0_I zR1gW^7w0U{Q!A8#&j-P@roxlm{)9oMx(|YgfLyO=kx|3+Q9!O1oc4)bP4AmWat@{J zNV6=;nOn$vb8_{1R=0mb8qG~8#sQfl*`IUS0JHAu&;dq@pM#xrxR*1cb(a88A4i93 z8nFM3+v1+5-$4ZUTqvs?>oAXz$6sZ}C4TCxQC0+yXrhgN-d!}Le>;f| zhoNgqQz19AK$+jtcvCh?cg8X(5N1rTvU#}+B7^WPDlV2FH7hFKivPHg=}DH1y1Ebw z9>AoFsAqQ`n<0yVUZm~x>QscSu|m0~3A4&rd|jI4+cZ=Z1jfz*$-buRWtZxkaBsXU z{}JlQ0&h?B8K5zE1IG6X9xG|MSz7UvpctM;jug-3kjn}Cd*n$l2zkZ0>mM1w{mi@M zTOdH6-wqICYO^(|j!3Rp4^kkuI@rcCc|6usvU~d>@;LVkMXMgRSo*h*_7kDmj5xF1 zhfGJ?ZQSEe_2CgjO_S0Y;f-;!a0S|~Fu63>MemGw@S4}q`x03N;cf((7bN%CyMFG< z_UEdq3h-HJMHPj3$DPL#Q-WmT5^;(WSyPWmFcLtYgPE%0a~Rj_wHUjXeY%NnoP-i^ zdW!6!I_bjmP**n|%yO9P{pJP3>2EF1_#%7cVa;Ui1c5-=cb8xZ`jdS;5Va!Bc3dtZ(Dgipv+_ zpBo)PLBCd9l{zs}EVNDge82`OZ9Sz<0O3H>&0kWgFQD57lPv;wmuX$cSHrCKfvwW0 z(h?l(FB=&1^Vg*SI8};q^4y#6$6?9Yx?;Zpa3{wCQZeUhSEpW+7Ur>E4W}|(hy{V7 z%W;`#jFz$!8E%lqP`?T>u1|h7We-b!G&|l2srx0co%&Jd&0~wOpq*;GC4UaE;9Gy1 zoC}&L6|@#0!TI1kcn>fy%W)IDtB0g1hxb|eq2>Juu))c5Cbs%B;_c8qP)v}IA*av* zPzn}dtV&}zxdcj!rpx}am{- zP4HC|nFv_Zmz53~rl+&!EVz3@Tem_7Le?Z0ZRLi6=ei%qN(D7Tr|qL%f2kDo5bioq z+ND^JXiZTpzK5)c%y6sZ;XuwV1AxPnx!8HM!!-v*9x=3@9T0@>?N}nT;$QlJhT0U+ zjV!PPnbN~)ahQr6EqZJ9j|zd^RB+%!Tq-wcFZzuc#iM`YZ3SRRWULD&Rr2F@>~mp- zJ(iV@1;g|f&V@_0cj<6eGIiWnYU}aO2WuP5D|%ZF?VPQ8%!2#4+ZTRwr9yiu1{1_G z6&gr(HtEtZoV{`N#~irPm-F}0V320Px!Nw$H`T^tp(z5AwU~0m8MVzA?MxHpI3k_p zjZ~Z=z_kGQR$(B-TeF&CMg}V1+xvSmx`q{Dz=Sn30e@67u8z&!!8^eyJc$C<0rN1x zaO|nL)Bl#j*%Ju`Y59s>MG&33r5-O2=>ZD{C3WP1aHMnlhSu)6@eFRW9%Yh zs!v>?0>!qU(HDw67f=q8Gu4P|G+82re`8cbcOUI<7wMpPs<$sSsd>d{OWWYQVq@XD zm~`!%U(aiMqt>t>fvVIT64DC?JS*96sy8~Zrsk)B!1Lu6$MWAZO@aw;{oLjHJ8Gpk z`Yga|Ole3dM+vvL@^s}FsDQv}qtPT2#$EeP)|&|U%LQ|u@*lUi?_14?!c-TX)&`t< zu`4BAlbhulDv>zGYu=kdM2Ew@LSD*)xHtfb#tF<;LmXj9Pd0psQPGXI&)){c13w2H zM1EuX6p(qej}eT9KUCES{^TEn_>PgRx%+^IhM=8JlgT*m^(II#^JOOO_0`WQAh05h z@z1d8M$v~&)aH$n8BA<_2+TsnY~f+_kMgrsHmICCZ1bC|-V0@SkELh%NYdFy1pGEq z-q0mo_EAMKP%?5q^Q%S!BQ5RZ+M4a=rtgfhP8le9cC+`x(*g?Tbw@9 zAHnULoj|9-;B@N4XO!F6XQWd}XEwk*E!1C9$xrxjD1py3v_#`zTopCpVNR1upSJoF z_j9LL4t&PxHq%`$ctR!@-3lfe`r+BR31?S$&Vu>r0ge^=HJVqIJExMkvOU?M#?6EK zZ5`%y#6m%qk7ai_hl3;*gc7V`F3(o*OK*0d8*lhCyp5eYIvN@}c8l#g&oP6!!pN76 zw0*)Ad?MvDb2Ao?rV)tBbZ%#u=SL28jpRc)Xzzws>cSsSh5b&78$9h^*8`sJvbSzX znY-KdRtHwIvhxWfF;jruOeFVTi8&mZ9l zxZ)663$){5uicI&{5u&JIN`PSS0ZcBx0T?Kqizpu={0&cZmaKc(|YG5Prr z<~$p;z&z{^`33Yb1oVgg{L3``+}Tp_3NaiphBuwP6L8eh0#1XT%u9sCWvH6=c7kuw za{2aW(h|VAcX;y~JFa}9Fg_8;dDsXj9Xb{X9ezF?!84|rTuf*f)+RMA0}y3$RR8(; z(j+S}8$Iq^Kp`K%a3?Ynu^VsFc*uI9h{1GNij+8_}uY z;r>d_WcX{5P*(k?8UwDXTK_Xmhh%GrG0}6mb5fKs<>q*9*?_JgWekLD=`48(=7WFz z>utiXIEqAZ5pVTmxs4NDnk};U~`1L^zUS%ZjrD>M5&;ANvfB+_s$0Tc& z*Qy63awP8|MgD#;PHpa*;~P12&zLkvhnE%UpVjPKbT>KEC-t}z5^Uy`A0c6?SzOqTh`CF|iRp_853E88lyXGOw1<~|5{d&!-Vb8w*aFF!M;L*jS#r#QO2qM>cJBb_vS6{y4H zLKDUrPm; z$z`JinZdELQElxZd;_})G^K*{^;WlpH_Xu!u(#*r6&d??Mi+XT)Ua}txo($&4j#+Q z2fdfAz{5FEwD={TUxa}mi~Aj!20J{wZm~;A0XoON!NI|y+_K>7gLP|STB2fr!JXkL z9=`qPR70NZXvYKp4X!DMkP_@w!f~6q``cPUIA&;bSY+h*X7{}Im>pbrFCLgdllzz- zqyFVS^x4|SZ&Mn!*PdZ=RZ0mcUAJwhW%)$LrtD~`D?VGBC1eN8I{$mNS!JNSF@mEw z)SRoF``dvBTMj?^k`JrTOY@t{S4JcafpQ5&*RxwK_DSBWchPB9_D1`RlTLQF)RnB+ z*h*<2Q?>TQu$N1(_g2xD_NvsBhsNYqJz-iJ4Ojht8P1x84YhRzfylu5dF^K3Ao8%nwiY%} zvuh&t?Co|-(QEG!Z>uK7<1;OP@Aini`JS6^AP8%qMU4+DyJ$JDbaurVBUCfKx3fZAGsg z(er$t{29-KMJX2!hZhguxbp>(sv~qFz(q6m2hv!}p=J z-ha=!KSbXQw%Y;Bpa7VdqIvs10E43=Vc} zloqm0Oe+rd{YcBip3eBWqraO;B9E+&Pz%3PS-EH>_~Vc;G9G;?%#xq9I>8jmi+#3h z!wiuq8=d|hqnMM%EO4WzBTmM;=ZZz!i`|89Dib;th?;2VdrfA0O|zn0MEGsFi*7e> zC$W&f*yK|pyUh}k>W_JUl+}jN64~$miaj(3gBn5c3bIRi@~(Zl@v6ksqmrVjaHf^p z0I0;7PoojZ$C{G!vJ>vHDWTY`F?~a2Xu+hh-)5yp%a~5JK6MaP&{$z61}K(+uKmQ^4O@`{`?wC(psimpG1f9g+9t2shx`|;HT_Q8lpr0 z?|90Z6C;0Gf9Ro5)PgC($;?9wwv$HCPnOW2`%`l0)QO9>*^QD2DuC)5xpY)p`@BY9 za5Sl{Tw(@>1kQcXXs@P7q)o}1zMq59fzo}UWwdS0g6@TTI*7$so7XAVw5zh4$8l-I zvqV$&pxtS)da?>(t68}|{qpnR`AR$wcCJEa#tJP!9p47FhI*krO3L=Kbo1RWp*Mwz zimbC{4Pc_GDfL5QOc~x6%v9lR=GHyLS#4=iR?Kym-fGjxPIXag$yA2=^K#ZsaKz<4 zK<4!|cD9Xje6Y(r<}o^5O~A!@(yAxr+QZdDY?Yk5ut@owJzd~-)_t$r7gW0{v3(ci z!x^C{Ed%iXnp9i(UC%OSKXdWL$(}Bg3Iry3ip%+{uF8^MP!Wou2PvpaT~3}dgm$1^ zv`~}&iAyO`#g6|nZ-pKLdXP$JvPAzJ%vSF6QGk^?MQ;a1NY)9d1e;5UzuN_G-&d)u z6C30wpF7nq%Q7k}Er#mHV6M~Jno2p=do)OP#VI=u3eKt_XneNGa%@2u%(bLD&?R>P z`0Q2bvOxdgPGg*bGUc@}cI)WDp3|L?I5dOg_@8L&{2XX!gYB8%WgOvZOcO4t!z?XS z4`181+{Mj~v+EOCpipI~H7HaFAl0s4}DfF~Dl-2JDKX9t{{I@I%yD>bU@h2-N9J3I;Qnkl1Ktoq{T z1T^HOI#$grf?FURO|UWfdcIgS(oP{MT@7(`23|a_OqBQFC{6UxaCI+AOc^D3UKCeN z;(EUo7q8brMsM1;&*D_Q=Y1Zq6;gUUU}9aDKPA9-4}5XIzej?OnvZP^mNucg&)Sb% z_iU4->@yH5offm6PorFbbY2hG(n7v!s(d$X1dp z_}ab?Q^Gu0CTe?HL1g0H`MeQ^j&(}AFw1ccHc+3S58mI7^DcmPmlAFhSdmxE0IwKp z$=4I@>X-q1rM8Tj^J&>9?nuEiCBULg7d9(Z^xw+>HDWl;Uo*xeD-m;$>?2l4;)t=>c^ zF+XTc$||?0V}|x>tO*JO##j*5pPNDaiSZAte}vMmHaO_(hg&bJS}~Q#3jCLuZgRf= zoK}1a$b;N}KiP*+D2l<5gV7@sGug8b|L;m=Y!~gY8vW3GwV+@xjO7adEZXQqN zo3OY+|NWW@I;Q_#3|ahtUwG}`ar^fs|9%|wu|ZnZzvJ@PS^EDQn);ay!pRC!M)u}s z+3Poh2tTayV!!cKhH6v9ZNm`y?7Q(r4OE)lZFK#Gy|OC^X?0)4Sx<{UiVrS$UXgb20U9_OycSos5!8?}3y!34K*juSn?~lS2MWU;lIPLuiX406^m#DlJ z56jM9P8Z4Oo^k&t`ecQMRaf_#nn#t2#g-t#1j1o9N&r_iM^>AdL;pobr3wyy3@ohw z5~;c6{eACLEX0r}z_O1gA3(h*ck~7E;0W>i zuXEG|Y})@s8-mJ33k+^GN)wWHvy%i<)oyK1x+X5zj36@&23xN$K^Qc{e5o)7kyCR_ z;FL*4Y)`vwYF`i$zZ@)eS^c#5-H2SQ+AkHY)GJzH`(SUQy1NNg(v)*^Zze`D4!w$C z!2Rcmom>UX4jTFlF!vzHiAww`$f?pE3*RcvT4Z6>lh485*#sG53#`G3XPQcN8TM1j z0N4s!30>mq9NSUNktMY|@*bCI-kat`o;;D)Wv8E_ zpNFgxjr`-b81u1Y?AtykJP!Mr!S@R23kYj}YSL!ZhAe*31-|#2eZ)miSRTY46gTS2^@~2)g4Td z%col}C>UzhpashW7L+t6rT)Vm`V;n>craNq#JOloG9$>n3SjhI19i+;6O9q8Nz|1^ zZyB?Pe;7(2uOb#dBbZ1_`e3vlMPr3-RWwEg{qLluD( zMneDZhOfH=lyRboZCFaMZ6au)W{Xo5o<8XqL23C+fZRpvhGSS&=U`A95X4W`z+{+H zZLoJ4=yw|UBf@^8x-iX2vFmk{sVb8lU$o77F}5+}cu41R-Js@sMlgIhtpPN!j~wh< zTLk?Dun#KlTI-;6@DzmGJ)B_o3422uE}E^CX&P;A(7g&aWOMwY(}h-};h^9;_e+V; zhv52pyrvewRAGIM-%E?r`YN0BH5gqy_4rY#?f6>=xw0#cVzzO1WCPmIFwqry6;|iE zUWEVAwah5s+d+xzgaq#)<#_induyAsi_4-;`$Aj<;q{c2>{lm_D5^v3tV zJKk9YNDY%)Lg75o8|aq#9`H>?XYZK|pCzgb)wpYso=9aRfAcc&Wdy!t4*WQnQ>$Zq z-64fPgIUL!gQPNfL+Ul4WC0WH`rUElrTH|XrXH=l$2;0 z-3lt_g3(ax<5U1x{h(3i_@rS!M}pifHPm#%5kCMJ?8kd-NTTh zNRML&+@+pAmIa;coGQ4G!Z6-Jc~3gcvUbAF+Sqv+Vj|wR(|t0x!a&J4aMFoE)61QN z@&Mc$Np?IS3__68`CMYuG|nfdLk-xTsz@YJAMV}S@i9xD5k4Vp+dzv`% zuRvlSh?bT(?Mn&6&utKvqp2$rbJ0>)P9 zu=B^sE#<`9*+E8K1|a0f!A%iVZla!`G>~1=RdiVXH1}WuEuMA8l9+gcSczxPbq6mYstw>p-)_AQYW`#ZO@K1c_p0ukYqvKRgi>y==CWw^*9p}|nhr6pHe zTj0Zm%Fci+Qxtch1>@(n+Rr6I%QGba&!Mc8CeLerNy+2hN>ievoGNdTyV!eXqkKO- zIX7`pl(!ckzC8wg#?{z4i1~V^y6#z303LjprZ!#zl(Gvjnn4m?vhf@4fQLSNcuRQq zwc%AIhADe87>;+~xfarJ^In3yjBBk!6!ovx!}ha{3qB5ZQoY}6p~#Xd-wvBGJ5I-O zes)9Eu_^}4f~)&Yd~lP~TR5Hu-u*cx=6l;WkdJ`<#gtEu5(i<8o|pMb_w%+NL+3cI zqDaVEu+rnKO+u-tx}kfdw9Dmum0 zy;6rPoFQ3EtYjfWZqWl|%V!1u@F?ax+kq2v@lXF0t=QP;9EOYh0zTJqg>i(DgZ~qj zl1h$yuR~ix5my76S(JIkW(1P!)Nmy4A$*!~65I>R%*$4SnUk(jWR(pj_xFcV9JwT`VY%+H{z3(kNdfvnw%DBnUuE_VMNl3S_nj5- zi7h?`OKed~c*Hv7s$wwP*AsA!dP~tcG9=Zkr7MNdyI64%D7EAypwE}M6nV&~9^|=% z>KJ(&EtX+ku_f%#^0e-uQd4X0Pn%mZ(~}lH6b3fK=Gb{P{jXxQI*FQAoFB z6X+GjPOsG4SGvlP>ZxDpSm(Dr87)~WzllyalKLiS3AbO_``Jb zozxfr5e!1Z%TD zS%km+8_wGmr8Tmk&$QH{bJb_=#YN(wk}X!xU;zaZs{N<-jMEd}GKH|;=Q2ONTf5!=v;ll=>F^c6ebNM?L_%$+SAALvo*M zF$D*k*jzSdsJ(x2LcR7vU9G*x`VPQs4yatIW=&}uI;dMZprjiNDN(&f8}>LO5HjKY%6CTx9;77zTVPVEu&4WkcktZO`g z$@fP;ljMpN%N0!rXq6kUI7J*h2jnB^;OG!G5e=QPD4hQE+gG z_IS})uZy5KZy*hplpsZM=^1s3r(*w2{ zzxh+g%)?3i9-9^)Gmnm8DkA~{9k~b4feMaa3jV@*LgvmrrFDv)e?oGxc6teS6_VKq zu%kdD+>;(|_jN`rd4!!)zG&g?boH?PUBS}QL5>EDWb}z@SDg)sJ|7xCpnwGXq{P(l z|8UimC%=P2^JR+&H2cf9>|&>2Ji3R$YJ5cOHK+@wJZACVUCQiZ_*=$ms`1PGmBmyV z|Kn+GxRX?>+kP6J>6Kmh%I))ECL>cS!>cfvdC-TTseHN)v@g74zX(bL2jct(+4{ap zcHDFYHx@3QSFJm0k&neHgnzS|5pQ2m?__ktct7I&=JfJx3o1~Qt2|z--OmT2%_>#n zH=d>BRF;V5B8HW6o(X#VFs1hMXe@K8OK4UCa@{$w84LFNRoRM#p+p-c(q=xXGc{#Z`1W$m3Hx@-~^+gZCmpc@fG~ZP6jAix_uW&sn@6MU8HUI0G z`8TJx>4;_2@tv}K9=R@GQgkUac5go^kzFFYFpil)!sF(+aT)6Gq`t~c$$1*##Z(D_ z(gc4rFT)7#gV3?8fY4cmdfyGD4wmU6=myJ#dym_^5|k%pMPw5YQpzrdNzxOnQI!p( z5G^i-3EAUUbSeU{hE3wwb#K7E>fuvjsIxeJN2N4KrLMDY9trf}lu&@*>hhoHmPj2>}>#I5~S)>uxce02q)jMFa%G>By zw-^Y_gZ8g>6Yu^k0BuZ;QfQiGu@3zAEHYh6v#EpgR2a^CH zQ-cGVW<~@pX_X#aOa3jJet1b&!3<#Rv+KkcQ#InCEs;=hjX2my@-0(9T1==v~O-! z>H9Sz>~259!>=`2T>tXg#pk*}!bin?iBi;ba_BR7%P?pqBbqR~Iy(}D2BS$ZmKKjHInu%3F|PHvf#Iu zLEMf%gQ?szROJLT4wjdW=@|z>d23==dOUv9#y=pf?fTKA+sJPr137BTbM!e0{MqBN zSzU?JaO2ds{Z8sxRl&Gy6%!kG_uzg=tNXv@(*h`P4(CD-c)U9@c__~YTNK|=mvv(hvQV)H%PWaQSv zA6hBRr{bTopI0TR$%wyeiuclR4uF0xPvJa6U0LErtwJ;FQX*O)Xn1OpW@A6J1RO7W zZ`QG@mkRY~Hd(Kn^7Zx@1+ENFZqk*mk*nRGNf4hbwM;Qn0Re%yJ;)g{tcrHDAp zm&AI0LMlSK;C0$JA`n%Y9p=bt1w z!BUIDX|y|;-|P}-lyLHgMySqYwSM)vFNqdWd>5-4pnwcVa7V)9*C#``Q!4zD0BtZV z;2xE9dyQC@;~E51{t|L(URVr_kh#FMmpjw;d_i=ct@1W?qZfs#O62Y$r%&AK0(WrtVldrm z7Mt@scu`F%S3FzWSa!Mr+%_bdau~vqeHWCUWQ`G$94vh6iRwZ1|ln|I3NlsI{_dq3KkBnzRr3+(3TWVm_vI z;&1-e%!%SJzV?Tu$XT$fTv4u^U0vLR(=Xpg10OYT`pY;33Ybiqs6Wvr({8S>v)aKh zOwG9mY)0DY$NBq#g36b;e4pZ^tiqGCEFy2D{S3TEdi9`g&L31!@y@W3!KPafvCgrs zilD=BXe6zCevH4JLPv6Kb8ecLJTXSz2-N)a9tkRo$2J_CfV9+enwzk&A&9NUm)Mw; zomd?831tZ-;Z56|OD{HoL#N#eVC?3g(sq_Hw) z`&1ya&WZwR_E>b!VhDV`@a;K_kauG9qlT2ZflS8jUV*bVoCI(OPFrh>zOHubvScXF z1!9VR2IYbjnz@r){dlCmUf+_)2Gmh~n?(LV{bJQcaEjdNbhqdRzWcjN^u|;Mp{b5% z=UoEhLgD;#RYDjvZN_rLmvq}bH+qUf@#ic5prti2yz`Cpj zo_U){{Qi!1XrtVA3zmIaYB#Wpq&rBxN5-ki2+;?y7Bx;X#Nzj=JJCH)V^~ey)MCP$ z(3?oM{z!pIW07E1u1BA3Mt1qDsds)N6=V7tt$~*(3bFJ1Eq0HLe3k)V+Z~E`mTE?K zL{qMA+C&b=vP0o<<{SVIZfPVzJ&!b7Qzj}4hdxekVVjEf%yu2S&~G$4U)fy+L@-%q zM=z+W7J1u((>XPy@olWnl{#a-cWfc9uB<;SM84FhcD=RIw4)S4ju5Ohe2SYvXdaw< zPt}o%uV0u*l?(X4j4y1F2q|J+(|*K>iMv5w7%8ooUtSfz3WPTtB=Rx>-#S+Y#pz4T zkV8^L5P(Y(UN@FhEpZ=mZ=48p`OaST=WCMAyNxQ$&6d_fI;64qZ%e^Q&+wV}V-;4w z6f~3Zc09&CVcwrLeYBv>Gy>YxL80}}2K1Cel1t}C#^0xoUb07?XhD166r-h?xn`4$zvr%jwmFrPQ=(ITXaOkC?n}Jg!k6=f{h$^u^@&3NAvNH|7g7_!m0>N)cMk|xBbO=tnZj$trBfX&|PlegkMR*eRJFWmOZiU)s2`|ZcN z&9>2$J)ivaH#x`u%eVUE3COS4;+2Ay$#6dH&!yJFn}!faU0plYt(3|3Fu8Ee1xpVi zEC0U*w_vQ=gn{y5I-;+&xIchQc&5yHzusnj1~s5GtxTu*hn!UdKwNp2)}PZfEOus^ zlTVxHLg4&+Wt|aEFI>D9emfb2%&sigl+o>OO0brDGR7}jiH%I!>%-&;%+<>1=;SWa zcv+Hc88r?IfBdGG0|URwCbdwH$N#A%SH&je?{a1{i=SOxZ1gBHmEpaqR%Mqkb`$VJ|BUtWP1*_ z41)$khmT(mMc@WE)wR;AqaI%$=0e-zx}fyo9o>GsZav!PH=>Hx9aS*}Aex)h?+>nF z?`~xMY4||-_CNC9yZ(Ml>n+qaCs>)SjhsMXP{v+TUyv1=%0ehMj-Up5ZDgy*wICAS z3`htg+Q@Tk*P=^KWK+YEQ~aayln$BcWn#i+*Wc`2Vje;pRV;)SdWJUOtFZsH;S#6a zO(!AK5~HL@Ek84?UMz$ifCg&Y^-=W0fGo@=KN>vNHEI#&bME{dCS5bL7%2Xc!WLb& z+!>2Fk&>hPF@395j;Le6*)P)#4%kE7Y`Kd%aBN%bN+x82|0mvgL_}91Hl-f5^XrW# zgdebq1j-W};853xf-QezL#7V$+H%_xw8fha`Q@iKp8bRf&FlE00nbRF!%DI#OJ1oA zn;{)sO7J$ktk}4aHMiw_sV0zfOj0+&&oKYeYxpNZOtg&)`25@|KfN^7OS262-iZq7$HqbfT`6tk=dFW|VHy0Fx=$EzQ?Dy|C znC|I`a~gD3S`NcAm}=m?XF%ma@XMzQ>Hm}qp{Eoq(dsfaf(cKko}AaD(PqcETrBim zqfp-maqbFzknq%(5vBsbhzQLHNPe-_%$36eub5I}%@L|2r_9pRF~Na6ZyicP_x?gv zQhwkSpMDg=mrS(op$>A=s#UYKvd7Qiq30Gb)NGqAwU34R%G2W~C$AIE8n%^}Y1BXW z!9TfX<>ZBF4T7~I)X7=IoINN>t8qf6E!5(2Cf{Af@6 z^@|e>)J@9N4$z$}6Tu?Z7Txywh!jOFgQO}1W_^qmfl8I<7OY|lu;jzS3*WT26mA~C zwC`FreAb~dSH@jese-8ogA|Z@gq7;**s|j#7LkKr_Un-%WcWX00{&8!O&yO(V`Axg? zMJl_w_1F4YH~fr<7h5x%A;p`?jucY`Ey^k%tlHq{KW1bXZ$R}T&3aGub64y6`Fim; zZjQ`}t5r=w5DRcT<5H1o+KVI~Ok~VaN+UwEnQf+DW5H0HT(}2DMMUpb9<}fyXtHa{ zJ;y=kVW6GV9@RR{2HeT!^lE_hmyKh(c2T7y0M}jtD6I-`eVH+y5@DsH8RdSy*D2OUZ7&L$ zD|Fao3=`oPnJ?V<^$oMTYid^3(u+T`ipa`HBK;%oo;`6rIAQEHr4XRH%(80`ZBG)J z@MufRN&xjv#I17!q46gqUz7)+e?X4sf|e=J3f~{&U6DLb2*&NINbE@SPZhM2e}|VJ zY$)D@i7arRj#RQqF})7cx0K0M`~6?!n`^S0BW8!&k}HD`B=WIs61B+m5#y{au=HoR z!hhehK(-;7dWs}LnmxXuH2yZG1Hwm}qCQTC$H#OJ601Gf7pHi^Oj`;Lz?)JM>f_kQ zIx{|i*Z{IRd$!NDoW!RgMymdtXFSB#6JB6P-E(h%`nL>)fIy~{!FAl8J7Ch!pQ3(E zR(~c&S}tlCDCIzZJwWu$jbH-st)py)hqiGUtAZ`!x}rn~CFb->f}u-wt9Hq$qH^P+ zQPl%W>;x#${RcXnR3B6EH{@)`P5~Eut$h;99QYnL3=IDRYm5%8Tdq89Z z4X^51Hqw69ZKj%nx$=|IOG6#;A9tKqM_3pxR5;gUVUxD z1{o2YSm)deGaG*>zBWSdzUF+!NpbVHNc7^sGvK~TT)a`S&N{*Z$!V1*DoyIk6-m_) z;Tc{#!BBcYrJ^G!Ocj=0ZN&BPLs;YSe&4X_yYnQKcb&kgin9l2p8GB~;x}u*J9WY6 zo_^^h2-`ThL4Ml@qtRns@5jXe{>{MrkR7`gq9|+JjFXY;OJnqPz$UZlJ%~i= z!aT}Hq8D4FLUHfd| zoyo#+F}qf!D$mE=ySAI5Dw;mQ7S*SZSj8kx*UpuWABkl<|I*M%w}Nz{i&v-Uexx3k zA@7yDGH!D=GkG-pI;fex%e+EQQ=~ghN>b_Y@~J1ZY4-)Ao8SAM6aD2tJIfQb>NFdeo=pkRv13|>B64*v7 zrawo7s0+a^(GrjT?peU=q#ywrmlLE+%q}oQ*GJ-I9b<1OX)lIDvCZ9F4=aQDV1XGn zr45)R^3%`Pwdt+44UHFS`voBXuBzwf`bhZF^-XO4pC3h$+Bv!N#MMPYCwgVs02 z@Rvb{O^TaH$xljMdh~JHVm8$0{so=hXO~rTjHs^_`>?%Tt0>)gSp55%lz--!ezAR^ z9a?O1l6%`Zm7f%gfHki?{y)6EWmH^U*RF|6;qFdw0>LG?ySo!ygS)#!2<{GrySuvt z39iB2ovu93dC&Kr?jEE6_1_w!cI~}ut-02k^PbnOXzqWT;oUFvJl-0-o+sz8s2CFO za=Sc?Lgq8zLUB2ySIJ?*5AH)*5{z<}Um=iXNEn}WvRSP53H>i=>*GYAeb?7^8&+c0N++o5wLF_;HYpe@Cn z*=D2G!g_S^9(j^_5~nv>eCZ6!P-=ds6_(_RFGEx)g=fYjLXc0t(GUB3Re#*J=k$F* z5fcZ6RG%pIbfQ34L!R5dBT$NFepyFpg8qb)}rYC zh2r@^0u|{Ql_PM|7*sUI57hpP6sIfMzv=9Sq}_Dk+OE(ukoHBz_Srb1h}>8Aa)OwL z()uCj8l};sukIFUN@SC>CRcByKej96*7wR~ybn)I4^*nZU1cu%*Ru{V>= zKIYXCaSUFH*Wb%?6(}@T8*)Lt9+~#$0xIzQ7g8=3k-RXlFq{Mi@Ah#Eqa=tyUQMNb zXmCiCEX#=1=l37!X&75IvRwuBjY>s);%2r*eU!9yGbqsNLZMcAqdtY=P*-%Q33^o;J$M2}q?G&s)%j%yZ`Ci=_VzTv(8v#eEr znk~?hb%rN{N@apIazrf#CkzKj2vlCJB=x%Y^hJhFHuY<6d2DBw3tX zPB~LFSL{oTS0e^=4XBndf{jS4Ukj}a2KI3)B`TzvMP=lb8XkeK zB3OREFLK9L%)+y+-X=egDmd2lv3N#k7);iBm?HOSGq;SxNGz$9$a2$>*xP?M(<70h%u9C^~A2`+nC5~u#*Jw!fJB|FvE)A7`* zlql1()gHv3B(HT{2QOdxtGFtyDB8KDVOSaX2Nj&TS7A)5TpaWUUZb)BaPk^~@hSd> z98Vm@l~D|gfBlKx!xoZ{FW>N0JrKY4NwWZzn}9!n9!hhlD9*aY__6O`xDw`kog+u7 zGt70KzTM=hwaZ+HyWn>)%=uq}BPA9*9jnR@J6#?RN`~*db%RbNu|ymV4_+Wkna4&s zrz1nfl%UU9QPg(6@0SyZ*3u_o+FO$RC!AsLZEpfsZ3VCVD}Wpy6X6T}J@|7s$8gT1 z@$M#{TQCqgIM!kMlEU4iVI_@NX9}Aj+aYnC+8Zj=&xDV{_noWIAK*~s;-_QAjNoUEEhg3DvA`A7X!u`&*3HahJU*Uk35L1i8#Qzv-AEQ1PO= zGmb({Lr_O8+>qVw$*Q;ojqQ%+4j6A%Dce+oBm^UVHfwQkYG!10+tx)nXBZcRbv;up z>owlp0cyDgO7R@?&9BAV7@F{T3C*;YGsxSuPwuKVMj-Q|eb#9x6TbFLaHgedS)$KV zm^~}A-@!_X(BH_ea{CQxZx1h4+@_xiayU(#ODV%)_7O53P*n-MG(Fn;C_G3(NIBR2?@EZ9Sl0!* zz0waK8VcW2)yaP@;E1{V1TgGvfXIK)QvV0}&;Cq3E9{RtuZSAlpDdM-V5aMyRO$om zo~Z)Z!-NFhe2gQd({7eAAuh}OJk@f@c{HaE@2t)vHb0&*ejYxn&Fzz| z!3-68JG)-}UpT)c6Faak?!%ejd=+C&NYTb3b@!(SfKp&((-1#y1Kk1u@GE zKlwILKxCjFsO3^Z0%6pFgf*-^w}1(>%e`QxygxIc(Yp;pVoN-=<*svc zWFR4_KM4t~BK}G!k#_?Mw?E(%hrQ!QU##6Pv3!oO0nWg^dIPnhV)FR<2H1K!P=I|u zwGq2Z4T>a!7FG&f9L&X=hU?Hme9iM8vB%sNFu@d+Z=1Tz#MEMD1r`?9R$}m(oW^Fd z(Hf7&B|z6J(2sS6d49eh>V6~F) zQHB#(^f{P?E1$U)D@md74DnX+jNl`;qdst3-1c+40=(K| z-S{$RLDO_qu+ZeGrywFXGlFQX?yt$MV${!!1l&6Bfe5RUQL~4 zU$ow@BlC|ks$`Y3FittdH*=>WF-9sL|HXfc{K#9~$hf{^S_$g>wQJudiW=Qu0P?aL zll?+uDzGYtR4!6*qwl{F8-qRX7dVSd#$+VmvtdFYf-WT?QR4T}+aIRzWPGn129GT* z(t@o2OGz5zKAK3>vYNE?gNETR36KTvL>y$4R6QZLcG5n-F_tMyp5TSII<4LHaQi0x z$7f8n2ehAf%Y(}hoLVghGKe@LRT@ek-k`%-Gu~csU5mDc*7w*-;az3s>B2DRi+94X|vkpWp zxime7w!rBslykue%Eau~fCa|ajgcOJTH=vJA{T**BCa+g7B?IF6bIrZwBDg*|2y_o z0Jc|0@sQF`Jy4#^MLgO*80abbw*&kFIPnER7m3Vki2IuYTu@vNIQpqd#;|yF%iQcR z5L48Le!_9vDJ|AM+FNyE2Vp)X2fFZcfBL4-Ql>{vWoh3fr!{N zG!5}myadG^!7=1i{g?+Ag{83q3ok|l7~ZqR(TqR8Xayr|qSE0LF``1A77y9#197d6 z44GWzKA{`Zogzvf=%FZt7o2kBE?E=Jw%h=spPe2EvEmkznT z07Z5G5})e^Z#Pwo-;PecJ_Pg9iv)E_8>O|1u|~un>N3%Iyjkt&)dM1L}kPa_EEfK5cWlN z&+x`s{06{5xuK&t6rvPlX*tkQ_f`EhiL`rR@$KcusHaHQ5{uInv;&-KUM!E2(^bEU z0qwaEm8HA8qpbjX+4Mv%b;z_sn7sshH}(s;cnD~Nuv7^!#qO5vL@f;D-7bg4+u1JP z=5|_!qqv4U(B!!9UntiI*}rI8n5s`d&c1L>DilkXTjyog+s`n&{{T^oe_v#M!^2*m~05TY!)vWojV}F`x<31d4wD2Muve zlkRf1(+_0ZrnW(*R+?bYH~nqD9@ns;A1>`q&7B2TwFW+Ue3lT&;JnvekN|{p749n8 zGF#&X*`{5qHKx82IjPVeD?< zxY6Ti9Tl9NA%NfNfpSEt^yT4|p!GQlyV3nFqWyHw(f7G=6D4foZms!hsRf`VoF?dv zLo^K{vHkfo6j4)D;6t@A-P_Acb4@*jG*q-I`_v}v zp&I~2|Ef~~SSYsJt@rlf$j<#78w0nh(Oam;)qts0xH#vU&)0RVMlf}r>u>-?y~hzQ zq($P){Qm05Gtz53U-B3dS-}Iv5+T{5MfR=Ossf<4u?e~2=JW_|D8&deex`#VBZauE zH|88@`9VIDcSO_up?s+3AkdkO2cg!^7M?)}7;pK|W$E}U6aCQP)V2+k-B z`0-k)9>NkguG|!S9>weslP1&+`5Dp=7}S-b7Gi}EF!)=8!oSsfi2-6iJvbeKdB6X` ze=wQ&SQN|ZoW?tVQW1-M3#nB2(^3=C`3WZlvoV%gXYvwHE zbL`^|VM$(~OV8AV#m+-}_Vr5VXmjs$q(cK62(bL<>y)gAj= z;-88Gx(mG@kxm5NZ-N?mW7nQBe_?{Q{|ysNKPI+UE-M5wzig#HktjO9#J*5{*13CD zp9cyzqA18VoUdDtJcc&~@QeF^QU(&wjUT^3$Ie?3iB^&06{@BH%nqA>Y&SLrzc3&10CUkM4C_sPmf8T4R75 zz0*AGjd9>*o8}T)A#_gH>0BC3C@L#K6|^a>eh|vlNe^o4)vRqBMh4AvKi^(Wk3)LR zb29C0jYC7LI}q3qzV*|VKm576O79R>qXFR-XNZQX_(rXDR`7*J%&RkI2r{*Chbm}) zaTQt=0N8Kp`_;XROYBd#yc!DM(gpEfhQ=S5Y+n@-)Fc;wc=&b}ZF^C4BaJXrcA@VG zQxSN5IUhS{0tGxv67Y>oI?7#x)pLITe1S#24wrgGV^FKoKQlAv2ux3`KgH`iwXG`I zos5kkMi!>}nG#-!B`@3H`NHgu5E0mORV1A%_;Gd3^H2mTOyV{Mo=nk~w;FJ{6Zc|P zH5wwu*X6ft(SACy`3#MdS`6}?hQO@8WZK?`X=4DCY$dCAB2dvfH2Y;XLcaDu$dWzP zKIB*9RSDtuNcUh__hVYKjTzGTN^Iba3|0_o1x6k{R6w#i?A4CYdIiA6LIk=2j&`KC zSsSZQl<-24E@EHG#3MRIIbmhhQJfst-pJWG4=>;ZIli8o4apUqJJb zP>d;-Cqb_US18^jeZ;pnJW@XF_kE7DR@}{3N#=xu=39z5COryt?~9L|QC(bt8dGG# z>Um+4&bL2DtZNstq1WNktes$+P2&GSCjK3|e`TCNQw1N4>CKN`lsvY7D2D(bP#Ciy zuL0pqojc*evq00dLZ4D^*T|sUhLhs+e|gkU#z!*;SKNk!e}>b$o$z z(P`#Rq^KHQZC~4nr^Mmi0P$hFOyd?9{6O;0)Ij^3`Q=iq&H3mG`|G!Wm$PwrhH0K1 zuK9V**=u}!fd9e{U;n5tj;f=&FdeX!@DNIN=@~By$U(L#F#cUz(5BJ*F>1EWG&PVe zcqz)*qVawpDE6XCdWpAU2pC_cVki`&oM=e}Q0^dyLNXivKn)>pAr&HF6s&shR6%1A%LLlJK> zwkbKI1#N^a9#6;P=y|tu6BjzMwSqPmpis(b)45*;*mYiJQLoHSv?}*2W5p;ksCz#+m`Q zw^IGHi_{7vVgV4;2Njf`PJOU`kmZ~gdbWz``eowf`{{(-C_!94FB&Mio0?=Yavz~P z8GfSq4c1LC*l5f?ehB1bYSEBJE!|21rxv1mckm#Eb}AVo1!*+qT>{D_a*fZ>;TPsP!5 zymw@vvE3oz6}04SAVa=-tfwHL%XbA$FuDVAFbjjtTw9as$0IKlwAJm1UO%jn0j-M7 z`w+Pj;>#c9!lO(Eh~xt(COePxs~R3hcudTsy6-52Z0CHhDty%~Lbe>I+DiyvM<_Ot zkVhBIN%{-6bwb8+s${K5%|AMKibK|6p($)OvHz|``k;u^{w}7;gct}%Do}*TDWr~0 zR8Q-i9q@2G{a{dmrdNp;;5$>bai*5%_x>}9P@wYyx z5VdQ3JyA$FEpAu+UTDI33qKU#<}4?6?hn^;z9nG^_Rcy~Bt zUxmRK|3|hB#F2|ce~9K}t#wL!TNptjiP6C{DC`mwO0ltly7=Q81}Xrti8Xtdm9j?E2X#(-=HG z&tKyoBqLTEco>il)K#o0pX%}mD9M+n5x&O(GBUciSRY}2t8+|p068UxjMm!g=d|$4a`;ajR%nt7^ORc}{NXEXbJ1%biA+pSezV#tT6L;^cuBi7}3P-Xbc9 zY6&ub{II$OGnrW#Emfnk1$Ma_79|Oxyv0#f3wRgRMYQ=%49_S1H0m+_2@Sk7x1ONRNnvNJ>O$%k+3b z`u$H1EH2(ktM?bry)Y3_{#|op(G-NToo}eC_>a{~HjK!A&^=IORi=k&s-yMyGP0gL zAdCK1cQ-yikB&0wXZ=SiUsd(?)|XzKoLnOXcte6o+efYg0=ONS_pInhIwM` zliW(FaAVQZ{yi(X($INJrgn^IHB18{qg;|DZ|B$jc3A2?w@av}>MOfa;Uvx;!5!I& z5blPkTR1A*J!f+Gq(T4N+nfSDy@EJ{Eq^khc8^-ep8kCh5|Q=~-lt)6e&dM?k#^bZ zE*IWr{KpbZEkQQ!IJ_>YxQ5ZS=;DT|85Vpg`@5Q>e_*OV7q)hVktO}Cy(Im?*#~Bs zzLq@wW=-&>XA3b7A2XdMw^n|bZqnq^v!AN^J#mO`(yKiQ#;L3p62Ci1zES_JihFy0 zS{#L$nIpByD$K3pu?KSg5WigbX`#%pA=&o_GGO1NcJFrqz9L6H(a(hp95&N!ctxR{ zG8rMN6OK$+ZptlN_^M|DUH9lVK&r(*8FBu)B`WJa1zI%`K`sWGP->{=D)tb#e=6F>nX0)>!M=Lr8X;+{46Y$EIY@*y{Ta zq=QO01XYk64j>jKbQCQGYN)7oFeYVZF=z>ttkC-)ufTy3f{M>k7N>*Z*Gh8C#NfC& zEdDf9H7oM<8}UN8Af@u{2?*SZC$s2%!sFASpHzt=Qj!!C>l z*jKQ)3bAH?FV=n^f3FA5i(_Jw>WOQ6v@NCgHnqIA>vjQod?B(U{Ir;yPMdF ztacG^?|mH|opjt|r1#VIU6dTUu;X-kq0RK}&4QA_c>4|xXlNS*vjH-@f?9o2YoM?D z?_r}-+BDfCd+xr;NhUVurNv6?tjr;#x>L>#OCo}9(3%9t<+9W3LUBjSL#blT+bkE* ztJ7RX$ho+`8?jk=|EO#UN9`w9g7`6Zck-c?uC?0gZo7s@c*yGav$2Rj#D?ehpWj3w zbh~%|pJ>GItU&|T-S4?^N8y(8zP>{3!Xg?|sYa$1_Va!%5|6*q za1AciT$1*uWZauG6#BV^R~rTIWAF#o=hFI)7@(q)kJyB3b3iesUR}Z++yH)FUIQKo zDT(rGQR^4~LOqlfs|`N6(=kG#8+Oln{?ygW#fvi?!&{rpV(71Ru~Dp|Zqubk*Zeim zEL7NHZ(wfNM{xGYl&9DBF4;Cu2NI?5YIfG%K&4>2Uk}^;Y^{}dW_WmZWlS`V<+1*c z2Dj<&nD7R8t#2OB94KBUt5ni{?NW9DEiXt!x1;9ezV}Xt)rA0X$|v~Vszg}ahr_3? z*%H^!1hbxuI!%VBzrlSb#OmVJec-ZylZ z{*X=sCdC3$%5fmzqR$sQUAzvDk25CT{}k_NID*;|thDj+IQ-&L5{b1^pjO658JXQz z7n4|rRy3nOrlxmgz9ZN)T7r@oX2AGT%0aIoi|ZFp?E5JK5kDkrg~zN{fJ0OBqY=>lQWKIVrAZOfU|`AFw_bZd;dk2UaHTSN3Yk#*S+OOQ9{B(7z^z1A3qkR*!49c9}bZ8pQb zB_0e!Wj2zNYM?I-S!bS^mP)*QYnqK>Qx5^~{9e(5zuUL9mA2*hVIQ{xtOajw(Hd@? zyo@OmCd~nD9*0=5)M1zAL%9Za6&g8g!dB2&uF8=4p^pvCpFtT3w5)3VXj69xwv)fr z(H5lI_afURk)|9sw|jAc<6dcnLk`jPJPHEzv-4^&sssycMg zMOpKT#p9E|Qf)qyMFD|LrI%Ho_R>FuhtYyY+eR+hLLqJTALqW+UzEe~fpoe5vF$W; zw`=At!xdP8?`s%9C{JmN#XQ;R={fsdaOo_`=Bs1y74v zfAKc`7539FT`Y+If>RbeKt3skqLAF2MUvdV_wH@q%}Zkm1HS)}%pHFWuxNFr3FU~b zf1O^RXnQK3%V_Sie)d$q@27Z2kcc@9;Q$})=$>4|A~4okMv8Q?E61UrIMdz&T0+hq z>GJTjEpn)&yj+-?I;}1eCcw=ZKlmJct@ZPpkLBU{*}HgOpB$Fc-kVqoCHe`(@ijqL zdRzbXV#d9KLKPIiFvr6YdvoYVx#nm6Kq`^|M^{aBmBVT(>en#O)3(o{a_~&jnyk~K z&Uvd`^e;BCS?gZpDqHx!xrsA&!mZ+=eW=N=tx+7Fq;+XOW05`TFc^cvxbDx{5r(3_ z*q=ea38Xa{_cK+THcdmqtC9JGPQHgtYQJn5P%lK*P%Iz9tu3F*O3EU=;z!Z`L!M04 zf1H&34|-B_xgdPDxZes0*xon+kwDE3$@8Y<0yL3Kh$*fu?z&eTUM4bgBt$&J6otb!gqzOKP)ygW`A~(zJ!Q7zImkT z!0ndgidc6&?aQ$7l@_19e#)>k!h4z847#GMb|hm4Sq2Tu6%dBmsJe8 z0?5ew31uDmaA3@nKZNWA;X>Z(8LPoT87n>EDMm5M993a>KM=MI?u>Im+>%d%I?Wkr zbVPgsG`QAFbY8&3K#xvBLUQ$rcEsc9gor`lov=Oh7`P*tU#qzvcp6ldKA7Vpt^o(O zi3!5Hy3JQ4S3#xc}JE!erZ zhT2d+4?KY(mvb9nQ6&f{3oRgeRxU_AWp=S+C4-RBLc8HG2}gGB*Uo)r2s~aJqX$+HBpX?*eZk2s${}5?nn+t@GQ+ z&+(>KZ1#?e-Hyr-LjoOdAsiJZ6;Nu|aBA1tLlwG%o-BBKFhUIO_Ns9;5?P5!D!=Bm zay9M1KY+JH-Rn&g6h64!Lme%_GKyhfv>_?EDcbj657hTi%@SZkW<+O(??(#4`cS4` zfw6sy#U_KU{Jzh#yL;6>z-egWd9{a!m(|#jGNqZho%9)Qz+PM;x{UE`B~a zYK(Pk?sE>3mN$#V?9!&UW!OetQrW!y8Fm;~#hM#clwX1F08UVfjqj`r%y`O}=6y(h zUh;d(V+muqUNVeaE=w24S#HP72ok%?j2F^rvTpFl6!d=j`?6WJ{Vi%#*10T}a69qG z5z*F0%Hnj^`(#QFp}UD*9Yo6m!;1RWh5)bY5dw=Xg^onBUlgduh#J@spfe(+Agqz7 zAmyh#`zOvc89swv0cO zM_DPTg@^V@UtOo(a&@c+--B=sSL$>E!X(I7Xpk|kSDbQvwtXkZVkbBEoN4Tav`%tyi^; z-PRu`WwgIB*7_m2*wgNrZ(nbbB58D%QCUjQLmwNV8}DXY@2rc z4UKcpJpb++%dffm8pJ^t)9^H9F15R}jPffn{vSWzFxTzjcZ-e}j)$c6!-P#d);fR@ zI%F26+(>sF)MXZ4pQu0#k)&K!8T{GUz6rYin_o1AsP~v@!5I&!g9H6I?o!+P#&3c| zv`=c4FNYR3BKhwN3{@ibMX5%x&b~~HM1sVh_FOdlXB4xBJ>)3-lN03FRb36++Ugkg zps2g`Ez{h}TDHZAsUaD0E(-=E;<$>EwgPAr3OqE2;-yj3KN7%%Kx??{nm|6B({wQ-0SN#wFt`n*F>mmaxKBBEL8FmWNTx z^A8I|b2pNK>Y9aOosymo)h}>|rDFg?mD(MS+cb;_7g(EfDUCM$(t2LWi*j94(`K?$ zWGh>m9IrXMTANFS^sq%Tu}>m(;FdfbFQ?jh(H{CrSaWT>sEg&lRIGXr1ViL5L@>RD z(pKdt$eo+utEyD-V~&X$k)E&5QmSND-ATtVeqdh}tL7~U*Vix`FPF3x>W?E+)7jTR3LR|?>j?9t5zW3}c+R0%LTzbRl1H`k$ zJ)v?pF~v^C8rS-6Rw*J6iBU=3gLUI=ch<0yYbil6E6t-lt?xmFobx~BqR;1dsNeD7 zbZE?jA?%GY4(^ZFImnD&BwZ?aW4_epBk5eY-0{~u89dTfjJ3j(H484YfMgSO0lRQ9 z-tjH>S4r_(q#d$w;p}~QD1vq9X;6A(Au}D0^SnLW>cq@w{J7_@`qwVQ>=USB^r?Y|O!}k88D`+ot8GJQA;!jmLpheGm@Q`{0>y$=uDhvf{ zT|D-gj->S+&g6&EJ7EJvHzmT|%z$|ey5X0nc7amVD_Uk7m~VF#IuchM%u{+L!}SUV zEwPUa3nx9*T#eUaGX_9hC}&kuX#A&7q|3i_+NZw`w29E+ntcN*&OF-Io|dwXRpzhV z{Z!5Kp?3?qE%{kqamo?AE>wwxwopylwRfTUl_}Gy$DYZGNLiHy5m1!l4Yqcze$##adVQFrzm;Xm{dF9!q#d((6zmSTth13;C#9<^C7kp8 zu22^~DFkBWSTLti>qdf9>)}}Xr7GyZqmo5(BcUEGCEfwQ<)N#^WT5lg=bG|?o__e9 z^8Ys^NJ#?hHSv) z8}CQd6dX-wUp=`XA%Un{c~!9=Uq5EyKRif|R7N2AuXwYN`7r+yK!N{qAse9o(oX63 zL6=r5IoEF;n{>Hvsa5yfBPN;F^rhB-l2{u6f%;>5J`UW%x{5nrZqt~Jic1cPdjxX^ z5sG7pW~LS6Yz+BVC?4Y+1OLICf|#KHfI%((l0@S*Cb|`{`tJ3GTp7RQ)Ehh5Xk+;j z<^%rT?cE>CFplc%yM@%=>#QJW=jS|vx;I?B@g2*WcaFbg(G9tOyp2d#K$SAMJ*=Ax zm5`cF4NN!2fYO2>IU~3u!zD&ZiCixNEc2pqH)Ls9@5k_)3S}_!+P`nJkmCRG?Y{(4 z&~@K2{*Q-;0lk8Mv8d}1|FAtpb)Z=AKE(93h*_)S^&;)eH^7yhNxu8iwxbsM=?9*g zBUgb~sgeI)83Gc5jC>*^^zI?4@5J^OH9(FZg}f+%2HP3_wbep_xRY2yR%#=s&Z6LOiC#GsGFOp z7hcXP;bg|1=`t}zI+?gqIX<3?-;iP9&LI6eLg5Y!s1PKUxtYGZBm^-ON`jTSitZ9MthGURL#q|XgPVhfP;Zw)T2Ta!y?sBs=M%acbR``hSdeP zunRzR&Wv0OmXXZmLWPGIjFC<&#p?!B?2U!!e0;uQ&rO-NS6!sZ7D4+-zW(*D^rjY8 zcjm;vg(>Vc<-h)n%UDoyVV+!$}dvw&=`=Sz!js z<;-r~tH9VeNfIIf%Sx~bf>((oaG0~7q=AY;Ux{vaFmz4@nVe!iE2)J%dPs6g^uyrX zK5MLxlYN-}XMloOy&V)lRNQ0Cy)R5dzmBf95t&1!84{!lA6qpBKq|N%e*j_|OJac_ zJVvAmIlS*{(a{gO`A1!K)KRaA@9Dj%Y_!+X&rZzYKMkOyhf?NoDD8>-R)@!2pX`2k zoem)=^elUR1;?c)XDyNUX{MaFn(Go2Hwie6t3X$5AHL!Z+I8yT;U*c#Mhhm18iYm}ctPVzM%SI^+&@7JqAYKa z_GG19-AZn4kX4&2tF7vG43g2kAyD)6fr}!dr0)cif|6-jh9**9h3e>m@zK-CSS&1d zqz4DB;!akgxvHdu&W-?xSrESPZ{+(Mau5_jH}(3Unx~z{Al4&?NYrK*HF{hR&%GpC zM`%+Oph}8S6h&uumSc}0+?Xk;_e~0E`O!7#V?NVAHQ+OZ7~&P)L9dK*1cvX- zat?30wToW{GWC-SLstbh62c_bX#Q>dyo}NOVC{`>_;{H$gva(3*#GOplHF-UjG2Z+ z$At#{tFU4k7&#y5Kt|*Fx(Y zBvtgY;5oKV*V0I?$$YcFs5oxiy?#R$VR_PzG8VrQ86YZPdq>FI74y)a6IY;2#}N+V z2=~9<_(eFV^V!;1sZy~A3(i_>L?AxMaAuAHxE2w0OKK_00&R_O3pH$8ABKGO%5_f+G66gv(4oF6X&9`zU#hm;6C^j4F#og z>!S793U0f)s|?!Fa+6tfJBBQ7~WC%@FtCoS3rT+OMrJ}pHG6c_sG$kED+?Wa+gHu;oZ(I?V^yu(4l<7=O7B3-5D6;s#ur4>&YhEbpz>xEeu zJmW$DMfcqjoK=QLi)|4JxTjtS z>Tv_^7k6Iq?MU~zx=_4Ec^7_Faq)y2uS%Yw7Gv<-$!g(|tj_VU3A$l^Bkj!y+-8ss z0k57anIJiungEw56I@;;|4$RQLIyfmPC&P0dXspM>Dt((@G2HI1pF&H zne1TTSf^4UWO1n6AaQv3-XOm6gdC<}_%MZ20V6Sq1ZK-eE%S zAC^|q>g#4$sUt#W26&?yx<-n6YC5tj(9nQ`@)X4DTJASNyL8RT_Jg5_3lhQF;^?0MhsBwkKGVaX_4+#-fmlS>d>&L`^8kI{sIuXzK~v z0JuzyQv|Gcz1c3nLeF^r8dcV4KOfk&Ku@7?~D_5{Tb+Wd(cB~^FA`GD))N&vF zi|LkDEd9T6Vd(kw;cI-vgO(A+l6hamC z1_I;PswUn>3BF7)&>(&e&JETVJjb^d(;t}O%$GG+vB)gV1i)QC9+wN1DB^y;wl5b# zROo0kH4>)+pAc8UC8UT$T~{NMJtb}G&>NL1bdaV9U%eDLftK>U?SHy7A~!FZE7!5Q zP<~mAI4$BvfYFWakE;xOMqg-B_A2F=P5QljG~-Sv0vIGZ-TGrXy*=|aNsa8T6LDSE zA%&N;n-W}mAjW9aE%Nk^5T%9lx7t->*O>cZZ1|xje$YwGQcdM(^7VQJC^nJ8#*Qp7`v1N1L2lF&ZmJRR+&=Y4>X(Dxe?Xz`nffanW2@T1d z7Rh0il}&TFX8(DDiLu5_%6GIB%>Mh}inH?fEx0)IXSnu^RnHM_u!!{jb#`8VM=i`! z<5liA<1gG3j6IN8!zcbnrwlYa)V$a?NGLj`bC}opJl4+s`FSJwR-w3}b-#9GuvE!j zJEscpe$PZ1uo~Lo>h}YT8)p#8gf)?Nmr|#Y`VUHPij?hcWju3`uZH|p$^M=NNm0Xz zx8>AAwDAW)C&>EcDFU}>*KgHpKGF0PjJp6)qf6=?y$}l)Zuh9>qC_SiM*7Hh#`G6A zmW0UuKXoWiuwNKDAa(mlA>=C1qbPx(F6MzpbO&28WSsXZeX4W5;XmSogz#5&Zg(zM z(M*^V&Ml_L^lRuf{7-nr9WeI=46+my^#7+iP*;TYU&Uj*ZHLS+^ zDA{~Yxh*BRcvxs*r00&v4ntQM??4LY*+XeGwbw&WXMCfOq1oG! zo^1X_YlgkapgS449U6#~tA{fc!jL{voZ&&te}HfBw3IchtR(j5jCI?&UI53pV;4Uz ziIEWtJ>-wb$+Z(Qjxt-*RNqAG)ubHCtK@>Z%U-W1RJ z-E%Ty)(~7ap2nf#y03Fr9g>UGc6=ZQoufm60Oy)jBgl^Dsapv zWnO#*VFKScIcVge9SS-$={bIh*RN-O%f08`2^}5{Fq|XW9_}q{FJRh9>bG$6p9wyh znX%TGPYx-HUb!NeXEYqNDNQvuE)u*&^ltrnqKTH`V~7?cpVuyb8%&HMH4SPE7z^nB zc2mDxfMTa}G_=psoA70>MfdVO|5_W(ov&801TvleLY26&8)y601f4*7TgLh2dJ`L}O-(6O9x-absW0`}^%P{~3* zSsENY!3Zo!_=cJZ)BrLMA(S|VkMuh1b=NM3u|V42;12gVcFE3+yX^SoYpWf3Fn=m)fo{ zZRf7D*?KmThPLL?j)Lh5Tk7xlX!QEg-rHt-eLDeNy-8)lk5<@E?ABvveHj&t*T>Un zDGxNC)JFPV0aR-8F-=tQEw=7)|&X~C(%89;q% z4vdRutbx{*mPsCYzlO_K!mWB_R=|KKF0FFzw`9enhpC3qu+`F(?z^r_;i{}6GZcC0;UG5jT z;voVLages!o!jah&TjS(M=jF->^zHh)cKokBjX&sbg0X%o&}j;wvo;KDK8jDrA1aB za-jT~n#<=j89&xm=RZ!gD8t%x{}kO(6pg<;)lErO8V)e(iO%L4x=GG<*GfN&Hlvl1 zq)?%iS=~jE$X}$a#?ink!w;IGhOSGiqZ#EU_jueVyV9GBw|v?|F!@V8iCb13cSg2k z4v@cwFkPQuTFn5jU0ZJ1k3=c9l>{*x=ODwByJusRu5fy<;s(>Wdb0Tg(W|30APfWZ z^`%K$zqzE(Z8>#Py;+)NrE{QnXD#p7HV6RQel@uCAM!Uqv;8zrarn*ZrU|L^nr6wZ zD>1RX5VI80NO_X&F7{cDOnZHqrGb4a1+Bx1Ihr{z=_RDp$tyh?&C}rA#1yz4iFi9d zm}c1?)EE_|JKG|ucNF_nsokNwvZ^}^^qcY%m(AqMtE4VRdrQYDUM=a6k*gVLbI4{v z;(9Yx3Ji;y2u1@DuTtLG= zvt$7m-#{EvKRi0*>)W{Xbrh|P6=mqrf6h!GPw)?hrh;kqq{^NGEfE#JsV^)ZvE(1sRb!n3uEkVckd$duG(6ey zJvj^rbE)EB&jmaIZt7Z3n@?HfSF+E6OdwkVbHrWM_5hj-1sfgA){4#8ko*Afm>LI( zl6q!MyRWLw)Jb}dmS0lhk-f9{cb{g6Zm$zDQgb%6AZb|BzPCW%jygx@x>3+&%wXk? zJoy3c@9-n5)HpKe#BTbyC7cR0)9Xfn3Qe-`+Z~vq9SiK~8p>h?)cgCaVGoJtN5nHvE$yeYj z(pS@z2@rES`KB1n1mbpdt;mm4M~KSwUaA;&(k*apWCG;fH)u}pO22jimaLDI%xu`H#uRFoeFo10cp6NjF{)j@({$`F$Zaj2N3h6Slpk86WcA-M)cD99OqTj7? zb+NaqgvsdvmsH<;q-iuN00e36HaRt^5P*;JqFA1_po&}j%cs$9SQ2Nkl*wJHcU`|T0hn@U5|sSjQt?r4X?BHcM$`g!@L5E8cYYVDI|ZE`Yn))R z+(}Gtb~B)uHaaT@zhAqel#^Dbw-wg5=&n#g<)eW#EWRf~>Yzxw9;|}=3bRcW!eS~0&VHx#r!TwdOV<1^q4hkp;K{Hgr?pN8T4w_H(IMGzC}yXdbYE_t1$SpM@< zmmiH|@^L@uIYEjSYEAF?cyG)MJ38kiag#~Z$T3i=ffKmZq<9L>*_1*87fC3FV_UXs zYHF!SS2K6EwH$DW)VisUiAg8nN#Ne>CYqXYD#i328_ zHCRm{Ver@=lIIDY4E!mI{g*24(LZ*%3$)(}U7C8L|IA*))gqMV{5CES=_9FbXlK!H zR{gt&6yyU}xFA+DsK~n^s3&y0Kzuc8Bnm{RZvqzo6=*;!lgIj~q)z-!cd%GU z8q^nrsA;=X5U>jpM{_90RhzTaCytPcD7NS zR7m{cLJD|7=^XL|qGzVTS_eS^uHPW4Fso_BeWW!&S`!5`v$aIta~RGq7ufGpWFZA? zA^S8KYAy*vZhLh_mmByIWde@{v&;l^6uQGFEH4+LAG9Ip;$epA0(xRXJAQI@ysN9H z-|LMwYb;I0Fs=LAL=U(Ew2K1w@$V4Db)U2(#K3IC=|0HThe%m;H$G0u1nqad+H-k8 zLJ|F!rGyR%J(59k&-3o0ttBIi2GsEDs6lQ;+-PC@8ildJ;$L<5;?ui8w|Z`5VdevB zI8~6D$~hXQzA?!t%=(epu|qWuLnr~z1nCHF7|&LPxPE`NhiF1_@+cE9>Az8)x$M~# z+j_=+GpEu-C5a7#?LN(I?^t4P^M8%PrHCh8yZj2;e+KY?V{hf}mO3g@iih$;rE$1h{9I8XC)=OS5GMS&PWGbcHZ<2&4d!gUd&9*(3 zSsflL9wMpZ2e~iQ0Pb)N5*zG9vpwXd{_&!o?L$chcs~ZQKt-Ys`2Tk+?Y0QPeNEaE zN28nMx$HmD8~-7geODhLcI;nGROXXz&7RDg87it}^;Lm(FSb5(-$ck@;tGKx2FLxU z0*^m+9bwT~^@P=A`_~AjAJO>;ygGD0uy)Ff%WxlqG0g&{Otwmq`il^S{IItjf`X*kw3=z0tqs*3 ztzX@i^$9NBr$Ze1@{HPKerXa`^7sddeaAldHkT^3g4G4kA@jn37KaX$`<((Lmbuy* zsIYa;GC8Dw^iau_7VDAUp=FfBtk9RTH*Y7}8ZZ)eScCUcL0rw~MHO&ybk}10JV2(u znUQwvYl#&^?_V1fW@CX$JuQd%y0zWzCpYBTI8g~t<(0x4-k4dhcle2??AH(_m6uNW zO|X#J6G6#!rPoSsn`Nd&P7}`#{-PD{n~tbv<5&nZ2XIGHk?vO~S7OB~Yz35W~c^2#A=g2}GW!XHaE&B4`guo+UaT7;G< z_#%&*f(G$HhZwaI287)jlm|b+mpbVke6c;~yLD?l^ z6J!4O#UEG;L}4em*$FO)_7rkJ_=xPqi=ZXmGZ>ZCLX*G|Z&=ihGhAaI3;u#Q=<`E) z^&ViwX6N|mqy>!C)H7&#CIVw~E&pa`S=WEm;}az)NPyp}0LcO^j;G~f)cuQ&B5v!VUSbv%Oi{I&MC8{l65B!cmS}M)A zL(i2Uk@!4kvPIzRNCw$9{Q1i)6(c@iWz%);m!wr-F<}uqQ`|YL`)aLSeX5dVF=guZ zlu~Ka?G1g%73x@EE;A^qAJW|C`YcU{dVgx`+8B3bAVW)sP+OAHp&sSJ@Fa)iG+v=M z>_Zh-uSUn`G^z+06-gIqH20Zmc${Hz6%p>5@i^+-QmF>gO7=UYnTNDQLZvtY6$n!9 zyelh9ksLYsE`{Xa)-BW5#V{-sO7RD$)NdOM;WBA^yJN;oRFN-wQYAPId#O-LMa<@z=R4@t; zWVNPT$xDw#^g-#2yC6L(e1wXw&$}Eflk~EutXVODfFl*?=YL+TkB~Q%l)rNw;Y2$D zCd-39C+N)(V{AiGVk!>mZK=>3s8sfx(+6+1VBGAa6j33wxa{x~^o>PKesSW1gotve zy@*B~SqrS9%_kP&xM>qT&jvj4(-?G?FvzfjO-Rk(B6&&@;{{)Xo&Zpq$Lq2cxkVYJbna zh0+F9Q3kG(WJf}>4TmBBTq^LN30>rx0&^9AJg9o_m&&ca;5xC)7s(Yi(PfVPRZ}Ti zh>2YMI=8I8<+1&dG-_1h!fHj3bnLd|2Tm@CS5`%z(jXUTYp8j)N+shSQ_oD*3;u?` z=?TPqUWP0Y2)TeL5%?cW6B17^b}kHmv4TQ>M{2i}*shj8Mnk#q{0lv1Zfgj5Tgthm z2_tIbg%pjcxi9lx6gyH?5^;idG)eq$Pw1{dglC1H*dpNoD;(uWm{_oawSD-{U>Hl; z6cqXMOhXl2uy_ipQ1AlFO}z9k#|qA*+@^j~S;&DS$pEB&Zu>~gSf{pJG=1LK1M@T9 z2eyDf^a}$j2#o=Fzg4oI8(cWGf$eaXn-fyQFfXqw4S7SggoL#)lt04~7A@*?JCSyV zGrH)6=!x_nfxmI=EedW{*~TdGrwm2DS@AhlNWhty?ly zm)-3qD=|`d244e7&X?Iy`;BmmvDz@jyWvT>Zwol8sPqSxTUh;#IZXi9^{MvYN^fGE zLZ?TS2osw_{UtPk&X%ywTf;%+H!?x%muuw9J(Kttr#^(5f~;yYwkl^uXJCmaKUXP3 z0Oxc_%|!ou9Lj_Z!#%?*2HJbd(U8VZ!*%hci0o-a3zQJZGjKf`#SVF5cI8ou92Yp@X%Y6+xEm)_nFAFrIYj9%?Pr z_mhP*_kknyxu3j{2!F2?)XCff-CIAW~46%uyxRS_Rm z_TJz>vWc;EK@z2`=XkCJrEl70zUR zhR?^upL{dE$;POlk$yWVdgG+&Xu>wLs@&zPs5CQw-gIfj`=y`?udTkm6nZ^vE9Wn? zrsglZJW;iF%vIC?(dksv8Thg=60IbJ_XStkX#_o_MxyWr*GrBGf)2`ylDI%f1NZ6LeGjo4vH*@iv*6b&rN2FvRN|J~J>-JxrI zpVn4B$9L2^zb6e zrF;Z8XNNSP3+ANw^?5`xuO_0-&v>ov(xlSIdCjdoK)Uc9j{L`{tmVb0Glqg!_Axs& z7NaTH{kUXP)nvj)hhD_>>W{GN_VdsN=_(EHvR#rl!|@d8fp zc1M^=IWjoETrv*E%g3wvn|6LVdj`UB3tyfE{TPOE_iuxP{(R5<&OLtJ)l0c)$z8Rw z=vdF6uIi6Pa^vk$ntDGfHdagRh6xu=|zFi8gL_v^%Dwu?c%Dcvob{zEHq;J#lz_ND9eME0S(eX=@qqA~l`I-^>e_?SAY z>##a$^KJ^}@=E2#NFJj7;qQVp-fiD{D~4pL!be9>(}B_WcR)5BL}jtrweJXX^SKzU z<`pmt$ps!@J#XnU=vg zJ=)4`CVm>UgGm391|&o8s9s?oCa|pe>*U4mH^qN;7GN5_12&M9zk`*|mVZY?h}>Zb zjOiCIbQPXqFF;n;#wN2>H4~QkVK|m0!!S#BYuPvMH@YQ}dQ3;>?AQD|y&KLz4ujg9 zT$NJ#Qq1T#m2D=rgc1J>y)oE-_EAd8SU1@9Mw0GVO%rq&f5|}I8o_=69nQIgu|H}{ z9`dF*(IMpu1)?O1KuhX3{_U=E=QOloI5QSIhrA>%d5O;N1J>7f%qp6MV&4yqqdP$Y^Zbzmuf z$0L*w_A3{A`BGhndMZpBjP8qp04=46k5S67Mp*3w{g(aX105UtCuv~>J6=R=uBrx$ zexqFv<<+bS>p7D0?>3m)e{c|6HCNr_P;cS?sZCLSe=4=>^q@FmN9+rYci}rVI09{b{&t;sea~;eWF$QQ_d5%-yNbQ3x_-FD0#|FYXExpd>3uw z(WTG9n1LrPk@lSYj)(oKyPMd$<`0+Gc`pyxH?OJsH@#&7AXe$MeN#f*d}7vG?MWGl zw`u~A-wVF6-3&Rg;Oy0I=gK=MsBh?Vk&OE~J8ZN_mSCr}Y}a4j^>eKiqu=%;rS<27 z^YSS(JxFw<)rsBoV)TUG&~O7q}hcXPLf zhVD)o(&{s6qj6a}Hm&r>K%!$lAy)ZiMF?>RK2320$#0g@G zWBDiE_s3}e1hTT@A7#Hotz&gZR>4Zt8b)Xu6ueao+!$Ba3A>j)(<-t#BI{z60@Hq; z0TwpIjUhVNuRDddmg~;SCB^H{DVqSyn$ZK2f`38@GAynPAFB(F^-d<^ zz8PzHtD8t)^e_K)`#8`$9eX;(0cV#N}qPDA?G=nrg*lw^~3S|C?66gN$tl$yk#`U{RI&{!C(g*PJf%NzJ`S}53 ziN^5)V(CIVqkpFTxCysfxOEPPWt)Oulef9|B~VhfAQ{RR4fta;BvA6{ z^@jr$PtYc>!hib4j2YSoR(Z-R7dbK}CAwOP>`NArDH9OxiIm2${!~8Nzy1^hn0vtKt(-YUaMj!5GsphCB48*o|JfzyW@LyJ_${JE~!E*1nT@= zR00rAgoEg8p=_oVa>Bw!&W-gkYmbm%nOaX*N8F-G%L$pCP=1%<2KXq+^`ie-9E)5S zud$qam$yAWW8?agPowHu;WLmWJG(ly%44Xj?2iW zp7AC7!3lO9s7@=H9uqzJr*$u&57KXtm9t5)%*)cq%4Lyjq3SvpF-HEd6u>*q8a4< z@E*(T`@N7ckQOD$pAEJy`Yo2meIJ|NDa;y(Q#DcSd3+Z^DU=a=x43aRgt&0ZG_PlM z1aU^66~QIU{anGfB11by=`G?-99>L$ssYKitAQ-*d?qa^c^)69sm@k2-n>>{fA*Fe zW}G&Dwlb!}6*T@z|5AW(5nHLk#_clo5bj|Qosf>&AVfZB_Z)`>+rfA%A zQ?QOeUf<<6qw~D&V9o?D7F(j>eo;GYg+`lHLs2M-pm39Berdefi)zbce@ltAht9Bg z02B{K8B3TNvni>FJ8eG8$c6Dm3ny%7D=T@JS=a0jl^vy>;ct7wWmR8MP;{pAAL~d` zUfW2f>3wBmRGeeHOoaU@ZY51(H?5?h5v0Kfy1>Ve4VEt`SRbZCVQykx;2Y5X7~E~8 z^@I`&WBT}m@b{F>8TnDX&%yhz&75e574taFUYuO#)!&2Coi%21qE7}D5k%;Bgn> zS!&X15AmEZLVa;o$M}5L^NE{w+`|(HKALjr9P}AjV8Q1jeMf()kv6&}0A}T*79*Yo zmE^oHVQm-qD|a3bcc>O65tASrkum=c6Wf+i@^!JyF*7fqT@=EFaqdc|#eN^MK3Bd4 zAU)93qj#ON2wD|yI&hS+mxM28o{wl7lJxct_Eg{C?^j9%PJ+N?Bps~8dot@A)7EJ! zt*2AuhqRXo%Ufeplk8~9tU7H3l@x<~05QpFBm4nen&C%!A1s!oZE+K2HfSd+i5jwr zlm;!wv6ZDU&YQq3oTVnR4IFU`No6;2NNb(kP34Xz_})nI+fJKfbhONfL?Sk93pN~1 z`l{NgZELtmjj{{a#3O5KYxUJiD;fa~n{AyIyWPsPONoiY)W#6=%k2-Uw)vK+F4BJ> zry?Ox7uEEn{d}2Lp?NS0f!~!)Nz{H0rw-~)uf3_xvKQP9Gx|y($x<7S94N309&?1UH8gMvxqgQ^TK}YYK`;N9^)I;JYUM zf@&|dXc`<28`BP}mgh!y8-5$r^zuVlk3Vm>!`$2=KJSb>tHEN;8D(JB$D!=vhnGhg zPdvFEYC|@E(GURH=y^pJn@_9?T_tYgm1xMjW$Cedol^adhHOWx1BlTw=8`tx+M%Pi z(<3-Er9Hyw)75&;pstnSZrcX}7E0r=tbLL7E2zNY4%0}0k@ykWPeQE$ zj~BOqd$niW`qRJ12q4&1yS>GxeM?OjZH6Qcb3xT66czKEeW0i5yxIg$jl=O;)o@?& z-940ay-xdkbi!D0TYKkLi<+xlGLfOlzL#G#gnJ}9xJfz&mW(4Db#W|RYe(1U7)XHb zK8?%!yID3bQH2TJhS!;Sho|!Xin4b&_DN%QwrnEBqm5??a+vZ^{ znLPQsl#j#~ML)unrsjo7#&@mlr-dhZ{H+aHcH-SFw{kLU*Cu@c0_bSAcs@Q4xgs`Z zS{DkW$H-TQa`yZ(vL^5}NRBSTy+<{;;imU8*kzbIN4wxm40EZ0(;lpaiS)5~+ITwG z@$b~M+l}R%;Roj&mtT0?b%tntzgp;L7=(1K!oWt%U7=ZVdr0ymGA#2Zt%<)4Q;eof zXZU*B+vt?G6ZDE%W0ABJjUSP@7!48okW%NzG!E^*BJ+y~{aANWccOhR3}iU~;_&?11al zw75g^vxwnZ@~81!wJ3qey;tRK{)0aP*Yz_fJ*xx!)I>e4hQ`0S2u}Kb$#y*M(Yo>b zYx-#$ok+3=yvU{kKNuDyO#K9HbW8OL%+cJMdkNx4PxAgTE?*TApY5?G@SFannL4_uJ>FuDTlbq2<* z(RyM>?vLNDE3xf?5EyD^xho>$`%mUrW$brfsCnc`8koKi2k|XW{g_?^;r4Ugu5rXQ z26R#Fh>q_V>C@-g8h+KHRTTZ`g}2}R>xcbTV@=uY`^cfgAR7=(Y%6I;G_&`R6P$Pc z3E#WRld(_duT}N%RV1?RDe+Hq+YPlDiPfd9~ZAY=WLMc)a->aF0iZhK#PT0Z4?5ju$ySwo(;6jiai*mm~ORS8D+Z zGnF`%kHB+SUeBQ`rb8Y8O~t~#_-T?SLp5;oqfoGL!uDaUd*h_;@8n=@cFu<;sbC=& z#D?bzZ)*D=N@7oY5LVy>>ax><)9?n)WDwH1dqtS3$n)w#GYFgpmuI`)n1Q%?zUtFWzEWOb;SUDhj?4FK z`crsnt1p#mF3cj7`8?-1AEIYfHTu)`Xnv#)BjV5RFPEuIL!B1+CiGW=L(&Y1_f|Ru zyfSm8HL(yC-%;`j^R>97<^;9O#{H_C)3h8D1Y3o4$}iQ zMIxTCo?m5v44Ai{?kw*7l3s(^7D0$-P`GS;gKps1oRjyW=@bT?_UA|M$Q2jnUMXIq z?_=BV5t~fdECyMJLERM=>*v%H@b~vnQO?UaiZpH;{B2o#E=zkL!>YXP+oVtH&k4g@ zXeMqp%kLU(N4FICM_mi2ncJvr{U3ttHTj)qRaO_f8%*yu|(L z9HR1Lg!o`bd4RdQ`>IPJrmzq7sU@x62AS%kEbF-iz4_nkblH_dY;_+mMvn<&x?l$5 zK9h0VjcVTx=W{~I_EPX**)<%8Hm^??^)@uux(rJ`d?Qx#4eqJ#?uv^GXM=HgkK_A~ z;gg~GrWGzp59Q*97T)7uTj-y7Ym3va!!aY1lW?pTG1>5#ru((X?zIp6gEw@W=ZjO0 z^Tn8zu81Eu?|V%ir^j7v&c{8HYVewA_$E5Pqo8lzFo9ngj9S=uldA<4@s+luRmxyk z*4x~k4(Woiu^w>sS z^}UR0uu=@HKbD{=k_b&1TJJKBJ5j@9?R9TVGEi^2q*DN3N!@F-jlXQ}l6kS%coi1XoQtUb?7Yj}cB4v*j9ek|JK8w)M&{q=3p(EpL(hju>?h=YZ!dtk?E zEG;mb7ApC0G{+97005ILgmt4>9khZ(&1_SEAsLO3{|Z1|LvX@n0y`mP3WA@v3hF}^ zbJnIr8%t$dGIBE{UY|moofVC+gYTgE-CR>jjm*e#-A3fe=|Ao(BsnIVvHfMFQ9C)X zTv@|tn9h%vf#=YQ)AP$ff6VOS($aMQd`OVfD4cOfnq+os$}CYAqEt{D{_aDfAeTve z2r(jpIE;Ww)s9pXNBgT9tKq=uc#!VPoz?Ci-oJU9L8BOtUf7fd?EEv!^URps6WEL# zzaG$+$EIP^MHv+*^}J;Yyrl}28wh&(49z&>%h++GvK=iB3b4nYv_F%u%Pe{rN1 zIY}xYs$~tXyx@=%(>-(i%NARVH`#H>f3jMJ+mMxHEPkTjs&0Hne9GJuh>1x!hHP1D zZbC`imUo{J_Zm#o+*6A=xCMC?+|uJgBy||zr}^Q8zQ*{@JY#5oqzB(OZOy)Q9*2DZ zMbFjTHbopSAR2{p=oJNZEV&@fM%)5baLoG^3IU^aXlgAsry`es{z{iP6Ysc)xpQ7C zPOSRWD0KX?TPvy-8rfh;O!3k|w}#3Pz~#{BM`&xa!EtE^)42_IVRhb+w_8Jvc2ntM zq!j0<`|OX6{)-2 zS(#M08sB?fr_DW<5YQ(V#pf2vl>lTf=J5Oa-h(tKd#OUa{k^)iQht7o*u1#K=ec-y zk3Z-gl8(z2a2wZ%Z+s6YqPb#Ed!W1ko#PuR;BB06`NV&D=WgMt`=+hG?cIAZF!|A= z>LB^-sb|1sNYKKk#0T@5nDaB^(^zW5W@oKCMfU&>O8 zD{IO1-`9L06TAhDGbw_$|A^3;mXBXOc_In>EGU?x2@H~2d{t^JemU<#V9 zx3U-QYw>xlkV60HCqB-#AF5*D zwZC82J(>RQ)B%Ana}_uGUQQoVTYonEZf~mLwDFJRC|J~F^}T*NA=pt=_qo5|dvk!& zAJ%0VD0O%12zLU4`}?T3ktPlQZ5&=Hu({fphu}rG;VZAOGBr21wk)Tb2(eB3i2cwM znOhSGvl#hWT0uF#qUGrQIv)!T|Kh#3h3(z;B(9Bn@d3|L;1VaBDP2~csDf_%ad6Qc zB|}qHjE2IamQ}ZWZz1@;(Z>sn3+nm;1;o|uC{2f|k#pObLU*9Ljxx74BUvc}aZISC zo!?Icy*hZ~52}0*zS|!Dez0r^c!ej0qvHDN>RNhQ~m!_lp~jf%Pt9&`m6 zkyrg7+!*WIa4{omDo=Wn=YQoW-MZ8c?`SumeOJ_$X3e9$eDgf1-f;Kod||nZwUiI1 z7QkbAuFLt%nS||1(VX;9a3mu-&GzKggZGN3L$hvESI}9V{(X4E%x3j@MmHW&?S$Q0 zCQ#v2;*lJAWI}J;D(Y_5fMkqi8Sz);HVZ9@Vif$waVfF2Q~(kZ4LJUE1q-#=zdDfE zUVAo%4m&1kW4@fYB9pkJ_MzXLlXarTdtkz#&{k8v`-olwbMIc3y)1O;6&h`BF1%zK z(Bryv5&yVx!V=T@k>A=x@|EK@%?sVG17i?d%FJm%oD&YzRK4bhmFr_q_~mO)(l5ZJ z0_4V%eKyQn9OfOwHeEzkDo4Dj`z@d71bNbxEg6IB*rply(o07lmK^*E-}r|&+? z!iTEJE+>^RCD(57gx1m5q-6p~i|t#dO7yMuN`ZT$_IkE0aIEPFb^O?lfptp+;Sakt zqW(k;ddB>Ewgi-NRWNp#c6Jw}NWbd!NPINf4@e~wqGZT^KbP(j#pvk=rT8lavU`BD z7p!gd-@;)HMdPK?Atmn6^!NtxgPi2|UsC8%cB)G?njy(t`{E6LY-ICRf{S2(z+yx?94+CEwnR(@a1vGr2G6z#Ra0_8OFW9m zE?nj*(g@7OI^&Aj{}c0vQzMr|v&-> z(@u6ZTjVknWEW_zLXRWT^v%01BQ~ z(s(n8)c~Rw%nuLepN)P%H1W>+sOQ>u%$o{}Qkr#Mn;))Yx9(H4NI-jy=BfIgAOaID(KuU=5to*V;0-J z2yjdzdmu{%3q)uXYUCy>-jNp!HlWmHd^bNGsZ()2xP4JM$I>Em%FWbIj+_SyapsX3km4C zrM8QLtkGmKXNH#Em}HFGu;XcSjKlSnm5Ujy+6?%>c^W3n(2{U<_#t*9(waKz(Gc;R zFvmuJWaP+T1sOgjxo+&@J#+f8^V|&%TsKP;=wQE6#ur8P<$&Lo<`i(B9=Z6Fi-7aO zPbJnF8uSERe%>~YTn)6*sw~E_W(aI1s#YnTtLQxgrZ5kJf=KJY=}<_HLDA;r&0;7$ zA4b`jUnmwZk+1J5SnwiWLd{AB?pLX4aUWUrg$j+wuUbYrEuPyDD+7c_MdZdpr;)Pq5>k zaqUjCgioKHnm%yskv0b_%hUv*#k?N$ft-eoU;+nq|JK4C`%D5C#*|vVD`P5A4j++wQPAg{VGU z2#(HQK1-wGDp$3_JRjUZcS;h2(Q3(p(9@*=Qty-a5A-IPChEBh({z33ysnB7F0|wv zaO#u!zR;LK_dDjsUA`qvvgo#%1HcBG-2)yI<}JmZ9#uO1aWp&nbXR6~HMPluIFR*$ z{er$Z58r-_ba(0fpmMZk24#b`M=anKRgw8UQO|WUc+?fI1>wG3;Vr@PCdzi$aO%Qz z_-k5NtYa*8Z-CTM4s?w8a0AsetnixGG%TLikktL|Z^4V`J}zo=DE8-#-+-+>RBqJU zZ-hrH2We$7RyUJhY+zp-9Jt$an|Wu}x3th9RkivS_XnG|TyvIX-BCJOY zq`3Tm)U-}V5GWOBMc_%q{B^*ZRj(eiF+}xkHk(3;3kM_)y2SgU9{i|h5YUO%Zl{?J z-{PVd@gs&Qy-`s@+zzdoA0#}m1&OUi=7-%Jke}VA{?+=qe!Ep{lm}!7-Vip>3Kv|) zBGfiXFHQCvx3I0Y8=(wwH}A}n*mbxivrFpk2{vPItpfyVHYeLlBmNxCd*DJi%S7?C zN!|JSl|{9Wa<@a!>kw6u{tA9#kce`MtF!h>CWE$g+5x&SFEk6V@y%f$X%*MLCq54Z zHNMw8f=1)Yaz@l}1d2I^ahi-x1f(9GEDLUJba_48j>gPwZ8P-WIT3)Zc>uS}ZEeD% z4M!VB)vQ5a>3kT_W?PW1lx=_ zd~aDH%~Eq}a-w*5u4ZzYW3CPNp@d^5pfeeL6Wr!5)T`i3TVk+Ljj4ifjCFB7-9r`;pIX0G!l zZJIb13HeXfc7FC!G$8v#GkZf@^i!5jF#glJ>)WT&0_?CV9314NP8VBQsfOFGKD?v1 z>S-RX11S~;LXJ&{o1A!KO=JKr-@~N^{eT-P>nV8J3WRBUzB=H9$#Ul6#~V$ZbH5wI z++bG~+r0kmCQ0uoaq{*%`K2thG(`g9F@08e_*`FM$0o>*u;8vYBNYFngU$Oql*>MI zdUTBIv5&oj_cCh5t|WsQwFKrk`gN8`bs}cl&O3Fj$))Sl{p~p=B`?I;%oV;ghtmTP zK{tBUFw+!zU64sR|H97o*E!#N^YIhg?vUa`T$J0!3fVxiBffnN z?bJLE2HD2xp2cC=j{gr97aw}EG0xi!cv#JHM2crSY%61uky0TCD9f)N zz52XVI=?{s%Y5p+ky}d3peqqzHV3AGFgE79d=ue1CM#3jx+ipI`Qc5%!|tE=;a-%$ zIfM!V&$yZ=)aEi+i@>X7pU4gO%lK3eCi`qw$%MTigdxm8AG)1G< z7-LgTAD}E`VD3c^zFHxWbyL?V@m?8LOPPOad(_>2V!FMqEsKwcI=z;eY{YxjPD*9} zlJfO3^7Eu0S6-C$n?@johgL9V2hWRz2zU|!hUUrmFPiM!bmxCrE);@LH<9>( zzx?@oY~o%g@S8j*-B=ru@3%eqVTCo3YvZ5I5y#fQMxU{AVE0E z4XgPxi!$eHWbcA?4|RqZ=nJ`N;F8()MG$GwjU;7AZSQ-|5Y#kLU5I(i7!G$&oQwo4 zTFCuR+R1bOVkKhAg%&J45pc^T^({n>lQ)sCPJd(I37yIe_6Cz_1!avOeSI3si+@-keMg*;`qC01P9|wRN4(U%8R)B6z^1q}MDiIGyCQKww=Th^|P@H5$ zYIP5QjV;0d2_BXO?y<#UH@m#Li%j6H%oLx+?Voq#{>egCH-}$~Z~rKj+nw`iH%XDd z8-&OhBl3>6DIZtUGb^>ZfjG36mwfM&d$f7Mx=SCCP{4L&UQ~wUg3pt4pV-V?SqPDY zlt*)QyX;&-g9w8=v&sEbp)*0;>fH>pDzm(Y(u5PIQ-)s}+fNDM!)?@h zC!UU{&hcVD@cU3pSjx^NZO?DkE@VmpJ-z3K1n(fFQ;^_SlSX@J&bAWB;zcgVHW%HFhD$a-m;0R|@A_1b zz1ba%SZm&-^6ut(NG3{SG<-<^Mr=J_)gef^HAR2?IFy7aUG<4UPM!q$C^|Ur*%)lj zVL#3ENBYF^F~+?CK6cUj{>*epgK(5(5%QGDNRJVreib4Wdm%)^}{pq;TQ7u$SR5#ESJW(bW{dMXs}D=ott zs6SrP8L5jR*uQ$R)Mrw&9C z#MX7>S91yyWZD$O=2~1I`|A%Xh3iZ%j2VfXFT1`VZnQM$k2vfwtcUW~*t@J;#L1z! zR)CHDDUg4m*U~`wf5g3GcwSxCu-i6v(%4NJqp{UEO&jNmZQE>Y+qN3pwr$(?UcK+< z`HuJf_K*E@{|}C9UTcjp=Nx04XPwR%EA@3|$7;f6Qakjx%F+@s?N2{gTY~eiZ z9;{(?v(eH0U#Tq&x60CWH!?gZ1&;!CCA1j)btSUHM}tL(IC3`o3;sr`*O9`AW0fzv z`{{G6>U||d1+XxL;?+JTQ=j-!ZhRUW%W_Hzpfo;fWI|2%n$%9;)bEQ*r|ORH@%hbB zd1!Z0C@A8^4#s-e z2Obi1n=j?R4=;K6#bw^tj95 z<>a8O)6Tp_{(`Ub0{d^ze0S|n5B%@tU!NS~P;bt&A@~IL5!F1(3+rHD8;Z!@Vp$gF zP#BX~94U7$aHD+ARrb7%BL_v>!3D`orPB6)Hgc?V1N%!6=7d7e4x;Py&2B>eDV8*1Nx04Z*9_H3*->5K}x3ED9$UZ6vo zcCrV8gHqF1f)ixX1AhsrOrlv1Cl4Jbe-h1ozpm49p@gCo^iDpaBdA@g|DQY6) z9m4ynGn1Y?=qzjCes|&lI~+%8W78AGv-bP4SXCt_N8;hdqmz+Vg+?nR5&^Hl2;b=DRMyFNar3@pK|8|oL|EL}$)OAC!v>xVGasJgEDxMY z^xK{pIXUNHa$=gH(fhPEz>hifmgTMBf@waze`FTt!&f_Mq7o9axU#$-m=p#DI^n`i zqp)P(ceWd55OLP~ymkFp=b7*Mqxej5V3k_OEN>eh=JRQ(FQKj&`D`5L7Hz|snvOiK z*6HrStFIL(Jn3#D@x3?&-+JzkR1z3vuiJy5&*AbgCw64gOErYhqvOx56Bk6K2+64Z zbT`n9%eN~%|MFNZ8a#QYRxOq`>Tfpg?$_Tpaw78GE>}|<0VxWk%hg<@@BpkJQjVZ$ z3jjWqN6$aIQZX{;h4wG>AVfW03~|J7R>?byv~h0wi7va)6a0O+oMv>^ruf9avh?|0 zk*x$c#Qg2Z@apqss(ydvZ%2{qD%TQ5jsfv)GvL1Yi}F>C;g|(x&71?*om9N|~SxU40lxqwXD10?^f~GxY$v`X3;QFNLwgfjZO{+FzyKC$Ekj8A01p zqaF)mXml;qy1+ded@b&JA&8lC=?mmZey6!cAr8*r291L`>1TR$YlwpDEKxEN89Q7o z761UkXV?^D>Sj zhSv2Cl;OL4o%6#PH1Lu4nuM&u(lSbuTII?=HWkCbq@{xB+Luqb#9L20{!Pyq7c*QX@gAyUAm|p<^+OJ4q#SV9FxNo*wqeW1B!c z9eQDt-MpN7{mG~3j+bdv=N7^#%kjB2c%)jpKffAoVQ?p6WUf*A(gbIY3!~`7Aib&rcGc7HB zWU7hF<6_pWsf=X(I8$;|2=`O1ljtw-x9`m{o(XumTdlYEPM7^icR`QVrV{A0AHz^= z0_Kc%4BuI6kBgB>lH@?!%dSE2@ ztG!1@?+Y1gCdIo|#8eo}S!`+QleBi+SodzB$VV7W5x<3oRvrAY^Agt;cSYklh|!$*pqNbJd8v?=H;^x%_#y96sAI(j@?5inF6Do}wT zpvfDEACXkK{_h__(1q?DDq6-XmILR8!Kzf>I6UtvJS9@E9j%$}uvTwKY(`JsAl+&A zEKRwXf28*f!QT&(p}kVN(xD?GTE9OOe-wElbldi*c30H+wDxhI()~}y0t;YhetVP{ z6NG<~v_T}&?3?s;*c8>jH23WPVTpa0(s*g7p0jetK57rcZwvTVGib(~vae=lWSw3f4mIjl*lo%1(qllA)0()be(>E)?8%@{mK>hm4=z%%+boC@HUBgwwazmQ4yKTrQ=e@{%)<>3D*i};YwVQU87q*>J9+8b1Y4WSc)9jl-W|2sv>aZQ zn+6i%XFaAi0zgVQ0daDDgu(n1Xs1rRZ!1}d6zm?tA; z9YP!+c@R7|cb#>gdt?iDFE%)#@YwtJD56}1#-;_IA$ajW$4_U~^;1|YHd%?V)sovN&%1+~dy1WJ}8i9xAiJllPRvxVKm zV+5W_cL++(M=n^ezjSa?r5{0qvBmOPQFVHIIep!8rrGjclU+PwJvxAmxZRnsNMLnv zSiw*4;6}HZQH6J<`(jcUoj4Z9Ue)a4lBsOR;Z!DQ+73Y?sETumyAVtZtppJEPIxq~ zvUMrred}kUiSOHRLESSCG31o42?PD-oN&Z$P((Z0ogOqdZJFri!hI)aP#Veu#vwpE&CMgX4JE#S+6 zu|(lIcVPhNzi-yvrfC^03URn7a#)uY$k5sQZy**3O6GtS)bB8{W9|CL{7W+uyhy<0 zcf}R(4h6D5?y3W`ECMlK-TGVkI;Q--x}K0CIUO<0=*;&r#`Q1tg}x4ttULdF^Gz#I zybJZHM-o1pA@T033JH(#Kkk&v6#)fO3{U8>J1oQ}iypAn!0{36X+l&Nw((A=CE(Jd zav_U?&>0WdqOGZrq-OhU`6u&w=X`G9pExX}V$kz(3XIjAC6HfPv_kJM@%)yXrO-dA z2zxW(8VD>ek84hUifazsc7h)@bkd+a|Ajd<^X>a~9*}(yW*gHp5HqDi+pj{(qJZQ- z;gB08SsWRdacX}1P4A%LI9r;Om6W0ti+!jk^2Ry4ox+7I=e@+HCpwWE#rS~)OJWCH zye1^ul6RS{Ufg&}-qt(Lp;)@)54f$0d$*(Knw89{(bu`*!WNY&D_n!$UXXxKiotel zMTV0=RTw=Qf7W-lQD~8kL?YsAYdcdsALyu8K5NckGp?I@B#iRO|Gi2T)xBM1k>vvj zB$mQ)WWn)h5j7-M6#isyuwL&1ynayu+zvC1bmg!p%zJq6ZX>@DH57;^7UFgX5mEVO zV)*cpL}@6NY8P;tN}uJkAc4GghBeIj-@JAJ-1Xp?OgIM6sVgCAn)|eIS#P7rC@ddZ z#$fpK0#v7Qh`hserjh3X&)V6z6SWt=wl1#}tZ~w?1jI&!t~TN*su^>;5-JjmZq1*j z)NU069Gp&ZLa~*CXy*i08^5!pp6a1&^%aFK$dR=?C3H>_6-duxvv#|A&`S90q#X|x zB(g{bw+FHP54jP0_bvtj*0UD4Qg82nAyw2x0yfy^Pb>N6`pDgB zwKd8>S*fXoRbL$#T;m0L{hi2pi_uLNL=>x?vr0!k7;V&hh<-s`e;^*<2L?wHgT%92 zI)$DQ&%jV0N#vsxt(*qE^rLQW!wFN8vBE1~`gr(H(xkusn&#+M1V%*bnE5Sk1 zM0=dEoC(+uk(Dv*$uLY(Tx^(T>I8A43nKu(bQU+xSH0Q<*w3$-o~@r)kDAGUt=ofD z<0oOgDF(@>W?c4L+}SM=I3`iWzHQA)2RtOpr&>8oGdc>!5QaU)q&!f5AWUxI+G7&D zf6zW?QJtxGf%Ca?gV*&C^A!P}x2A60^Ng$_pMPd%Wo2bxpKq|W!G5m&`Hq0y=JKqk z4oqPHwUnX{b=6VR{Xu>P_$ejD+lxDe3J$_Vtz}yy1;5Nvn)W2Z`&pkVwY!Yw>ze$J zXZ}?trjJrTe=>IEOc8EHh%EUL#^t@6Jq%{gtGd&kE;L5?Mn;K|lzPP0ug`bl@ret9 z(6h0yk|dH^-_0!a)pMY^s!HoxcJ}K0G!qYwJs;vsZH!fwO}3c-mb!Iw^`jkf(qYI*aF?@%W7)M%TY`{1O<0}N|)boESEPvR~*xB}6HFo8fkZa~_0unyZrTWc&-J8hrmhokx zi*BdutA}g5==12a(;p(=>#Ha|>UMUw>1gcgldlz&v{7H2yH*)7bnZK6_~ge(Ou*dM z%&RCLTCO!L(tb<(QMmY%#aAn)H7f^4V9DsJ+rQPyg%o&bWm;Z6c9ory6Qi6Sx;BO+}^Z_ZUE2_s=(oF}Gz9#wN!)s5$%8CYT;;ydm2yb$*el5A} ziG)Gh!XyP}6~q3>Kqve5;#NqohntRR5kD8*MpRnnaM^IyG9$9xlKPdZF{sL??>)n;AG#P6ZS-7a*RAG7x~LrGTE~Nrv}L8qOUFkvfI4 zfU>&;2s1puKlSIglJZU_GmNW}a^Z(irdh(5!Ftctn8#pFW{13o%TCga`_nSM1Jn5& zwx7oxs#@%P?oPqg4iC=@4tT2tuq>t=pd-%s+3e$cMaL2WPQ-w3MFLtBXBq|kt)Zv! zZ&yW^TEh@raQdgt-;9T(^gLN=>fbt|?Ajw&WO;du*jSin6u4WQCywDz1$!%4x15@J zUHrQXkH_|S&3pEC{g;kXf}Y!+^bS;A#L$leW=IgBzHS`G4?mu+OlxIsh0+L@EPUx$eteP+djP2h=ndk`xmwfT8m_D)Ukj9)RQ}ZyO%O@X~yV za}3Ba^{)^?-@>#eDzR<*>c4ExT&YbsN;Qi9BVB&=_tGBT>P!;CkC~nf{6%S)FqEpL zpR>CKS)T7|=oX6okcWl$l&oiQ-7qwJfeC>aUab9CLr+&@#z`yrmXVxcu*N+;I$X%3nsg2sY(vnlg>!|lomz!ryc^v1xs{u$uaNLb9JVqa6y{W*pq36~z()H# zJZUib;)RzlwvCV0X19ULQ8qlD{^3D2k=5%{UWO#j`*{&xbEDfbMz)sYAR{x@HU4Y+ zI|CEGzVUvWgXsq3xHGCq(k;sbA^XbNM4qdSh|KeGt3%v;;D%WTlFyoR$^8V%dh;{* zgE{<8kFL)Fggg|thuwOU{WGN0ICjp+GcFGNyUk_eO8=3k&%{;vUUJGa zPtjMXqhnlnR@~!*1AMd^^VcU3lc5La$cfJ&lcHhmJV@~0cn|$HD<9Q5+1pg%rD5sQ z8LtqIJK#acaS}t9@OmbJUyA&Lw>9PBn*7Oq)F8c~kcF8DGos%=ednPoA81@Y?- zUHh9RY)G`BNM+u~JP0RGZ20$;F^eTp!4ck+MkDhNu08?R@YO{5kpAvu?yY+|#`evZ zgANF5FT5H(_BVtE^U~)v=2x6<|#=sz1oP@+V~-GFeHHnn?>Lep-RMq z*YwOuj9V*vH@lV}mwTQ-jJ9VMoCR>FooZZpJV%J)v|J-T_=n}(LyoY;dpsQ$I)>e> zSxm&FAnfXH&oa>nNNU}cJ%(s;c$n#5{+bKpfUfqig@ zgwN~J9fZ5nr=c<`Gm6B-&cugTD9V7xZIYkj_<{FO0-tls^nCaFX)~xs#*gGSjv)n) z4-Xo2z-Dst%aSo;(1-VBV34ij5j6&2?9r2#KApRQL59D=4qK^8PfRISk4OMW2<|>o z`X^)2Y-uR<$Cj6=PASnA(aB?Tle9Z&HT_QM(kX+*kRcX{EW} z7VDa;<*Nq2btv;I@VnoH|Vn8@PWRvXL2xb0fO-uC-zSoLx! z%zv}NSiDUmDJkg%#jhiX(_nwn01+5iX}66zJG6R6`X-HFD)7r+3JWVAO}8jR>*|{V zFTl7yC242p!fMmCH-y#sZUhi0lfg*@{k#%YsK<}2D1_C1rVf~ZT9~9@RzR~}VNB=W zuUVA-f&K{@TR08;2{JVh%M6agGjN@MVd+tq$f` zzz(!?5rD3V)-(4$UJX6CifZAOwV)6`t97azFxN@df z^9Qpq;m>&HW3lNxi~1$=MT?O|*nlgb!<-UVvd(Q9{mA94pJ7A8rmB7{!cY#6OCB5! z7tae7%dr}*p`u|=W7gIKL7^sbs}jO2pr~fI_Eh>icOII`wam_G51WV zsIE1``xauaQ8iEZI^&rk!9^O6wi#iI)lg>V_Gv1KQ}>H z8)x5W9&vb?=yc*NtnN%?K=o9*Ixde25aQVJk(W^+qHtqi(@bvCm!O8AI{AYqKol7=cw)%5Pk-Qf=-@ zmpaYBs%4`J*pH*x#XY*s7~^#W9H|$gLr^}Dp8Cfv)X~GJtct5V=g-rjl{=){MBDo= z47%ri_oOup_9<3~M*Bju-u`r$ZpVjU*W>QQ*PF12)Vx6AiPFV}PzJ2C4bfd76{oC*J6}mpeIr1xPW{>37bFXVZQsoDA zpn4-+xvfqw__A?;+I^LWR20?RY>&@#N^P;tG#^BKvb6AvKDjZSP z`#GTYW7UryZ5L|N-YzCtx2xFeP>b<2JGHH1>FUzZDu9kP@9|pW;bMqn{hDGdKz;;d zKhE)a>W7Ep#O+D$;a{W0Ykk}QU+bNo z{ugc)*+!nFh?2S)1b-RRkWWG0LmhB>*Num3)TP%*ThN}h=p?kuPYs(<Pd{psxU6D?e#x%Cgu|sp2cmlUU62Q=M0fW+q5W#=k$? zR^Eewmi#awZhzx#RM4Bi=~Z=}iVke9@6=UBMnSyLD!an}LW{XX`*l;=gh%{m=|&x~ z+VFD_JufgN!M$pX)EwxUnJZE%=ie~O8R?;t0{+4j^1xvC%)!hASM2wyQtbG0^`}Iu zmujWW#%{}O&cO~2(zRI1=q4^;B{jGJK?jnx}J_Of@<{^vU-a8yYH(zuhjz$ZP2?aMN zU5b7kmtD->>)s}p&-=~UI>XIdzdEl9PTD@2s&j%Pg7~ESf%A74O;ts)chwF7?n;$< z88$rT3RVh)3uEj)QuRJ<&zHbcNRa9+rX~- z6sh7^8{J(1%K8~U;BSe}&gusOZ7q6saB6@3m{4VEI8anOzhCb%`?fznV_ZW>lcqG2 z*Br5bjY=)#W=)HBdGU$7JETwfCafh3qufg6@Z6xDUJEwt8V+bTjAmvZf>0znhHytpQGw7x%$dOY2)dvgpV*>`@nI$sRE1sWyC52kSS zn#RoVmETylfKjuu(cAl~irhR+XNvX}ewu;ys6mNgn(`wzQLW6UjBd@_^Af(hfa=Dh z48$Hl1k~HeX0f3&x|$D_k3j|KhJOze|_o(-V~kf*t)D#c3d^( znCkl4GB-~fvmq&|9+sfUIP5d$3aLe*2hBB1q3u!{7etFn936h`DY3NYk2Ghli+xCq zxmtLOzS^qfyPar%lM98vq2Bgqaff0rM8ciqWC0eE4ZEU0pKd*~8t=i9sO3d4ALESw zt`7fW*a$N%@LgLeANOwCHm=d9x6;UaZ}GTK@6#s&s@ zQ?yulmJ)b+mR1^b^x1fRqC>^2*-}Rna};^BT|HFy!B!Zb%OB=&${}-*8phw8DVd%v z^iglBICXVu>Mq1X7_Bk}Mn;NBDp=7B)qSjOD}Id*UW83R>`Zho#ek$cP>Z?kj~U~+ zgjc>esl|T179An7Ty4CLELd}{P08t*&2!d6%3mF#>-;r;Q;PNMIM-Uo1VOshBtR49 zRzN{);Up^*AD0{-r|6ybg|3;p`k`p6l5MCE9}z){0JCPa&$u22i5vj3J(c$unVT0; z&<>G_co^)hiY_4HAhZy#e670h%`GXhW(7t$my2XqmB>o0Ikp|3&S3{~cJC7!&KTCn z8>Nop+(EVLpu-J^GJip+z0=73Fn!O`p4z-VUM%8I%S^otiJP4 zVl*9w#6awxjb7RVFg>(y=7PKic4yZW2$ud-LT}j?KXat>H@Y-&<>aLZ=atcew45{yGKIDI<}F3ED|#PBHC=t&dloC6s5+4 zhH+R(7t%m1XCfb7I>&}XpO)tLzEFNNgagXDt7?g0G)gsc#x<#cMLArS{2|BAMOf_* z(byqWO*JF3PyTCrkdqG16w5yzd&{ooi`d}RUY$7{Mn@IUni)2hUxijW8+^k3c+v3tUKC!0lus(e+yYxX-3%uNzBG)I@2PsHgRE&N3;?${`!(r|Av; zM`y=?7g$TKj_txQxF} zi&*~tXJ=>riM<1rrHyh{GxHNe|IG5h*`9}EBt_eq%bS=#&IbZF#`aLzJDHDQ2y01A zTCN{8hZjD1J!A+>C0+(RKhs~1u2^A41dxQi49v>ih%WURn7U<18geQv=V9Q_-vA6( z-_PD%u@Lb-2+v`wUG4%NzLA#(g#x#J$jCb{?thuR1M(Xke#uv=SLDmzd%OG&}ItHzOHwbRTw^X;_o0fKp2Q2Im;;^h^JPkpRl`SZ)+|_vUu#$?=+CCCYz_`v)t1P0aDp1GnHhHalATJM#4ai`DQlI>d&EY5aHIo}Ik8MZ{Egl&DB#>m$Z9)1C=aXGuv)s1CI%1#>7{ z^EJ1-m&XqyIy*}KJNO(aPdGN=UasfiQvEAjd-8K~3{DMAwn{&mSgC63UQB!5gQz}`+DFq!j2(y&pUN8fuWP9p=1=71U#Rn*@RGk$4j^d(lp9nf^eXs*z!m190SN5 zhr9A!+<}y=zbs-QNAEH**#*4<^UY8k0CIjiyoemgmOih7?(z)<&@u>mfHs3}`PwWm z#ys0D$1qGVu8{-hGv@ZDs3$#7BB-dSQK5Z_W#n|fI$(f|&xG5Z706oGj-D@97HDLH zG0^%(pL?F>-HYs3>tvz-B8|7=z8IIHc3?JSKDf+8ygO^ITYX|;g)mElkxGeiZe~`H&{OXsxCyghPfWB-;XxlA& zlS*MW>1aN`nRB&V87V8MK3Y;BtY^J;=JtAlaiK%}OJVLAE;xImlyXhT@JQwua*Ooh zUr$Phf=$n&vts$*|30}yKjo`ht=qHw$xuB&dYt$f6&F3S487nInt0wkN2Mm?`T;>BZ%n##XUFu#rI~XIG2Hl zwyda6LQ#5kvycPd&Hq$~1uu_hi%a}$b}z_mse6ojiCpVUvNoB#Ed36MK0gdxk2S2Q zEjNSksA7QJ+kQm{)q_b|9@WfRMgxa=iBsAay|ykV`oWrZC;S( zYpmw{g1E=;e;h_zp1A-0bbnFWxwzQ@P*{B7?+?=mqNt{-1LGPn(N!Z~*F8Ctk2aDu z{L|b1S)zyc5C8pee+k}GVctwL0QV7Xh(vVn)#R#Lk>3_S;T1L3bYk32?o-4I@;}C; zo_9vTE-n8xP62}~pwCtA{*f-r-(dMIY8W+mFa(E!yPA_LwkfVQ{s_OF`@|$qUWL>= zO6*)LZ_!YJ4kk}l5R4;haf-=L@97OT)#pjjIleUHo0Kn|aO4wY5vvt}W`kAdu{2iN@D;5gz$HW$n+* z`!x|^>qXpvrK-zt;uon(o~#pZc?(V*p6rtaA~>6B*&0VjT-9*(H$PcHq@_3OFy@NX zkZ)hj^8&f-`lDwJzgU;c7cV-h=2mnGXI)nb*RqAP<9REn4N(QCfFcuI@Uq*>b;q{H z0R!ys_d*B7e=x^TSR0~r`d&fhlrtJx)DeCq)kGY!;m&e`j-|ZGw4-e@DINpbtOnOc zv+$ac^Cs+Hkm=xZVGl+AC$o2Bw-nGJ8e5cZ&j+K~TAF*f(Ry33j4iFPl(j_tuf+$q zb~0A*g$fY4tg6qXZvaHxk|3f$tVa0YkZM}LzRH_$x;XLST%90hb*f!|Sz0V$tK>Jh zAx`w^u&v;eS^Ae^7F7wXom;I?+Io_nz+p!XLQ7Y-@2_s>~$u@2^8&^jqplb8GA!KCH!^gjEO=`WyT#Xs5xr>Nl-;w{l2pz!*45 ztgKV@*5&(+BJmzKqMc;=6@i-XprpG{%~aC(uJ)8ijWY6f0x+X2+f~5t~bsG z)ybMSpDb~7u^7AUOU10!_b(b4z#|>CPfJV`(T^IOoDq{@M_o25oFMhqHq&XWiSzh_ zE84}wo~0deRPa9mV`Eg#uMKD`g*}j3PM0Mf+4^}5A~Z?=nOoZkfM_53I6jW;@h!aT zNN$gig0e7zZisr?l~JHRCyw~Cf9vsBZKB8wC=ydv{cPUcKksL7d^!DsFws-SB?p(R z@}m%GN>mj~5+MPb8P@>jmpN@NIhMSgpk7kx#Xi6ytQ>UpcU8+V#vj$5m;XwgjQ?}=&!ZPL^fo3zIkVU-lbv^K|dzXA^Zq-B+TC0^>X^cHbx zC;4Rj8ZN8)Mo^;9^WbOWAKIsBBnn>)u0x59WCF4a%3CD6KYBSC0|eFE?0<;rW)l%j zlwL33{|O>;Yuq3sanJv_J7fvJiIWl=E9ch4ZnsVa`ELgG>-bXn`n|nJ5XFl^fICmH z=dE4BMsZqG(v(iuk^_r}`@^xrd!Yx9-X?ww^18YM+lJBG7~VgOtGhcgiyulx z-fyIGm&X7@o*t7)y}03985l@RH|9|pB@a&}7PAcX++7%Gam%e0Jq%VTj+Cc~&1cF} zgN#EL)V4~3v6;0@`A8$GyH^Kd!ppp~q5}r=uY>hzi8TfJn3RSF~hUhb_}mT4Q2Pk=~qW?f{Jf|FUN_ zpUPo|yr4($bziYS^pKsEzv>Uw6Xh(s_KC2sY03sSUtt_|AEvndb|uY=C+as0zR3lI z)?x9?-jUZ|z*cOdOW~4gVJ4N>18kzTc4_SMw1#Izfcc88aI^lI&{_W?MDw(h$>yb9 z+Rp;=2h*#0lFaMsm?f|3haUs00eVayw%g^5>6O__^D3*bqx>R2yalqc_$DO2U_Iqe ztQwS_IE!lD&FKK2vIV6@2k018QkAtLr=<-GvEJ5yepG9WR#lt)VoY>4)DlG}?Y4^f`5z*yc*(& zh9>^Qu#KmJ-lQsG6%`@UM`s}uu~H?$$?j599 zH+jIYwjaP2@ghi~M)rCiP%EP@M)oQshN6l=XLamIc7pX8KApRdwcGRr^iZ0g14&nK zqag6X-G6Hm8UBuYvslpE#Phum>Vm(RqN>0EGW;5}MixMn8{ui(oF|p0PWm!KIzvCgGep!^!Vk~M0v|wVg?2>mOp%iNr-4RDRq1#tkP{( zo4fDwT=pb3V623QYxP%D-5&G*Bwup7*Vf4c;7ip_cGs7}&DM+3+nY5)j=SOBw&u?v zCds>b=|{ij$46XoQz|y}_H1-L)!7{*85C^YUwKi>3|#{>%cYmLaQ+P{!#iPees?3! z=Q!<+@cGs17qlsn-Y2j$Ezzel(Bm{ZL4k_MM~UNgFdQv|`&J7t>xhyC)+@`p0t|H{ zzsY^u^Ybwt0#>?Hq2VZ;xgT8nz83CX`d$RA`s8)IQ5T#0y5gD~2@!vM*&KwBhIxn) z>xuMfs0@FQC*XHS-66hD1h4Ib^=ZdZ)&`F(eRa=MFlX{5>m+o9Vi`-TvVAtWXJ3n# z=iPzuH2G$2nmOcD2GVE52l5C??5cc)64&O}^gkOz8J#9wT9wFeCXZT59KOU4s4(CQ znlV_i!OQ8qT<5Wf9ZUBoOOxKnDZ`?3Pq{ynC|l6>{@4);w(AC+!E9Y4?GV}!Ri;v* zHTcJ1G_qVxsNvRC>lzv8yO%?&e)F9Mx^;@KBmuzVvgZqPptZ>QSIWjfq#yEk*u5(G z2icL}rf{3|SMt}U=y;H9iawc;va^vt!~*rIG_7Wf1*{O%8f0qGE?67dPrsy$@rb*# zEV+i23Io4{v}6CNQ`aipb$(no{sd42;?dG_ZPhdOgkx0g4}^URs=*t_9FfP7^h6f9 z)^T2Xd|aemfQM0VP4fpw(u&-QZ)x0LCP8}jfnqKF5#ztxVSdV*FpG>sZDDLe%!jrO z_5)FW81;Y?ujaU7E}pDw50*4KMlc8X+W4}Uz{|EE=>=@%d}!R8ukDzZf$dcvfSx4L zAz&Lz;5=(xJI4ycyDjRTy5;xcUmM2j4`*STm?vb9ZaRFBXjG5=0Wx|)yHBG@U;z6C zmG}wl?Y4HF@5O(wSk>zr6BKsq?0oL~j&d~?KmW(IHKzUueCE69^S9?-X><_9{}(QC zP>2yUu!FiEcAP2-kIy%3Z7iMHo{|%{_}mI~Sz?5bq!yEL7gbS_c%<5IMQGI#<0dSI zpP6P_vUeUw$ZyFMU7K8pOTIZrj$S#|;Vg@eYwgUpZ*iP*+P$bju!fX?{LC|!L9@4V~U=J_0Bt>9rOHtk?FP zBCBGJqQ95G6REYdnX7S5&$!$yllh}gZj6yd}h2Z%Lq=#`VlcKm6GON2LIF*q65XH_MzQlFu64I9TvLW;N=R}u0V!>JH`Sb_!Pq`z%Tgo*6|7Ka&gY%SYDd{y= z|M4~kh)=$@1cBlCulVQMcF_zg94~c(dddWk6u>B#7*%m3ny>siY|{1i<{@hU>bo=X zek(X~PDvAmo%p}VKX~@gU9lrU4R?a;Wm}L-JL< zKw0%;tZbC+=V0hGT~2|?<&FeAD@(a^GjW2ve4OrI60KR=h-#F67=tD<;A0(J`#csT zYH`}z@MF5CwP4kHP{qh(=iHIvu#&E2h*^t%enNkZqFWYUF<=?N4vbBWHWSADcJ>2K zRv=&m6rT9K5Bfhxf#bS(R;YU{7(8XUd;0T40_6Bqwz{xocve2qxeFpUr5+xz3^Rhk zUmX3vqzq+?2xH>pYq`D3yZM{nfHtSj4a$^$b4i&rJj4l!B)C5FpRu@zfLsiy*DLCR zUE+xQ>YN(jf^YRYkrqeh(v#kVcw!$NBBh-+^HtO|DNvYLSYWU~4+k@{ai}0NAKbpR zpJZQaUy*+SWqE;-yI(zCK(rIKz5em;ceRR3k)4%}YcQRJj;Vk0V0J$)Dv^44>D${Q zi#jkip5u*h7KA!DzLiz*`|LpHaEH{EtU9z0ciGeR4D-y3uPro*+wuY&phBr%7(s#A zhV)BQ@wN;V#gfo0W@uMTId1((E(Psr7p=aZ@YZ~|) z_&34pQILBE(tmQ~rUZb`%3JxflFNb^fXyr^A}LHsu)Rgm*JK8nFl+?_E$hh01NYgN z0rd+OnI>Tr#ffytISV`m{u!ciBg_bW!@Oq=Zh)X}wXulEf`6TcOoNMTu%%h3B_(&7 zz$7_S=O0;iofe7TM(YcS-yc^TbqaRI7=6E|vF9y+az%^N_Q&6}>7x)me%Np3LFVzLHq(lfMX>BWvz`m1Eb` zdD!opow*JbdvPda3)ImphH#f{(XJ3b9SK!5pljQSCEVaQl+4yVd?GHHXZkB#k-!8V z|2I(sb?0-^--Z?-Oj1r#>S*2%cm{T!Q^>!sJQjAmj_b6(h4|0Xm# z50t$C7~XtdnBo{g`mnA<)1lA=T*NC&3C3ws0fxz)v40Ly0dt!nk~+XsTIoiA?9`>pwLXCpQT$ zwsAL1Ij(QF5x)A1&l1vBu{8dNo;B0Ibj;q4(oQ1hx8~CCw)h7Bn3`hpvwj>GBFNB! z{cDFF5jsc=rgB3ecfEn=l`r=juV*_?kizT-<}+5neKJ@&xg6NGS1PWrGQ@~Df@Pue z(Af?)jut5b=rq8tvC|LpJ~g6O&_Wn~dVlqL`^}I+I4)B~{ZFb1Oz6cegmtzNe+)Q_ zPrs-Mx5jOKe*pndBUo#@`aghTytuW>d~=D!wIXyxPW3^pZ)prfMD)TJwJ{WRp5U*- zX}LGn{y9nC-?5td1x~T*|a-ji_ucx_ds}V#LmRicp|HQ4XJ$<3wnRN_-+0oea;oQ^g*?Fi$51w z3+>7L*yTm=)>F;w#mF~{(D!pVjPNt5luKFyNItX>su&{o#9t`-HrhwD5P+Q5bG6Z7?(eFwLgaVzV7zZpE^#DDiJMDXNu~pB6P>pRB2o&8gsM< zs;7_MRcRcvy6E?;Lrh#ecPW+wEC7B%lk$^48nqC32AXJxX&rIL${VzKZk4eCDUO4d z8}!F3_1@hlrc88f;CKdb?mX-xZDp95Fp8#`zd-ol>370g{srh9E20}SB#}R7I`NlV zPSnBX&L$4bd_{NTf}94khaO(Jx;leh9Yh5y_%E@3U^Wu{I$(D(`gEfrCXO>xN56^8 z-ffxj+QPWQ{2=)2Q~H$vID2%;=9JGvF%#fdmVn8WMy2+G=X<5 zPDus0lv*#NZAhElev6ph+l_%3a&OJ;cr2v4B?fPJfbj<$Lb}z0uoCCv~Q<2xe}H2uLk_z{eQ>N(xT6Gm?aTn;v5Tco$cehNx594 zV^oL9T7`YL3sTI4g`tj7^S{q&;Ui_vleYJWtAmxhYd~ajalM%jHT!spQUse6{z$wP z|FVg;<^9vO;6M&Q=l`@R3U-=QNvJU${KGp`92u$rQzuZsPl0?+}!KZ$LE^F!!M+ zLNJy5mgRuYRbmHKXOJcf_7=O&$Wc6Pi^-Rr&S2@`{?=c`>@8*H9p#_TFkD0+5CQK+Wz6Y%mJNGsMT zZuH;r{$eP`m)syv^*QcyiAU;})&kMzAw=V4lx>W=2ZpVOJlWABn92@tP4>w_|4|c3 zLdE9K0UwIXOJN5Uq9`8w0P8NNxy^Gn75a6Z;Q_1!G%+2@sq7U0Om?NZ33qWBPA<%{ z<8O;|{jU8ST_R;kG&mDew%-KAbgz-a<|}Ba5@A$A0`gzK1hRX)rJFQs6@K@|!f2}@ zmmqP=R1vJ5`{I&>;Iq0q(KEqQzIr8u(EU0~8{x9KnOWYhQ(Y-BWXpkwn0iNh7X-l{ zM1!NnlyHVZ_Zt%967=*lWf9Wr08zt>s%M;&es`7kNiLNRodU0FQRMPbf)HsEmswln z1#AmU0R4!^qi!-g|GM zcS46i63E@?`ObIByYHRfZ;UtY9q(QK$k4slT6?WI=bCHIxn^-1Gp`q44z*FW!ClvR zP5o}Xr!rwtm>bVp(ZHAmSgPVX10@7`pBy_bfz8zWX zKRS~-vjE^C^2?{1JfI|1;=|h#&wtxjfKqiJ_?B-hzA)rLZ>bL{kC1;veC5#}Otefu4+(YO3_0o6)PVX+oLrZ#oA{4(Tr4Oe`}CTtb=E3C^3DO2u0QH| zAKRQ^g3dTwZIl8nQ-m2QhH}E%mYNqxu;JK}8*xozt1W8cX({ViBu%L^zgh=R zS~9m4ZEDiykAaCc)9v)Rt6GHlI?ucOpB3oSFRgB2&Q>Z?w}qrC&h~WBR&kZ>8*=Nl zH(YxA_?~ZRQl7;a$ED$mFi@#8*j1U6;UY02%h-SZ<=`P+4h6(AXj?;grORT779 zU{8vCxl-RBh8{+r?*rR3+?%iS4=ZQk+A4l65gj)!T+K|&Gzos$;oTF@lorqOM|(ex{^BiX&}f3CC*xjwqJ~ub2{&DlvsYAGQ}R3n5yh4 z>dLAAhh_c8R5fboqA+72Mmei{cc=NwNIAILwzp6^mQ0K!;%=k-6%f)&gxNM z0wMG2F5B#|{RyKzth&GIC;f8x3f@Ur8Oq+B`(7ViAkrhs20r;B_fVoVPY5@>NhzcQ z)vG+By9sg(KX<7M#!Vs^4Y)tygc-7DDpMA_3Uw4G&(D#Is6Z*}4Y9n*71GCZUzNUM zDX1Waf<{d(;w8gvqMrmj+?t9nSa^Gro>R{_-AV_#IRB*CBeq`iM8&(Ed=KWHKQ(CU zM%jxt_8)a@cAYuXbw($WC*Yx5$ik9Dr+;F_t*cDZyA=BqadlDY8iGFv#SCq$7NyT` zSNZ{*c>9__%mE*7N^UtQ-S#y(i@IU6`{meY5f87;BPB=ZO&Uo5c>LkzOhmRTAjSs| zw${q|cQ-SrvekI*-xPH}jDBR`#n+rDY`QF~1Vwb`!5Q{_fUD=J62~KK@sGR#AF^T!kGUZm_-rcxI_d z7GCWR7f?<+6UKf#*z0@V#j!)oMWm}G#ZEe=3zitHaxW)r+2XRx;BB0=Wdivk|7m6W zjkdS_q+wN>&oiW~713wdhLt)!!`j^K?4xVqYs!nWv{a?gDX#gX&# zB5iWpzWTctFS0K@PJXMYq@!vk?BlD>(8C>3n4?9lvL$uk(V=wYzvA;s<6vnovVO^R$ZW8rIR`t{6VqK%Iw+*aEoeyYUshdbn zUc392{t0DV^j<;2w@)swW6c@PD%RPHXea*rPZqAx*u zw}m$kmiG`JPzLWWVyLqusdx;l0yy0c(pAJX>~vdSQ-~_q{&Y+l{sVMnvgbiPPzo~h9mGeCQjmUT}9TG!@ZJhHKv=4Co#G|d~2Qu%(T0V(-H z)Tn)dRvj99sN$n+(`yPOr`fZ;;LK>&ucWeh_wwNs#jNWMqR&BSIi0L=p-z{TEy%@fWKr7q z*yWy>j`ODTe3l_ty_}UpBrd|iDXPC~?I34e$7B1hPsd72xUE9r^SJ)+hKbSx+7TnI z)+txq?q1QGr_Pil5TfbLn!Zt`U&y#|b;W@4?e(d)xs~Kxtg`j0~(T~>!o#s|5n-+&k2StA6YN*nnMs!t86B@VB zo1q5PJj#~Vt4f!jMG3Yz8XwEhzvsWD%8URrS!Iog5mlv*;axeq{L=70Z>L;lu4yo1cTJ0z!|;@nV!)W-vMHF)XdC;Lyb%K9Vp z(wL014hC+ZPoK2Ke9!&>+!_a!onP6lFy~#nV5JWIq5U)MOh{H!N~P z)ZhoQBM%jxpWzPG_u4Z{3Mo4weTV_|svrFsWy~7on#PT9KOB6t0BbI`@Ont2&hp^R?~H#$vu%i$xU4b)^`qn!zIP4+|;Zeu&^CqA?*$eqk2 z8|Rz)7e8JAqR>C*o&4|15ka+*ObB9;?;g z+&8v`PqU?m-ceWF)A2a9oOcB?Hk-XXF`5hCC_k!HK=cf@iI~c)+Y-0?zelj{PtFm! zr=@s##%pCh9~`P`QR9~0Ke3VjiLME&*I3UE^NYVr^17iq=-!d_*ijhBRi-UIg}FUj zvZNvdFseZwp#=CJ-4gH`@x2~8dA;FW;4Cd0p zbmwjCcRqz;M;tr+>NHbIfI_$kYH|wb_Fi~y1IKXsAYFO+_iANxD!IGu*h8yzrCkW$Wt+cSq>yWtW>N_7%> z-y`)SUfG(G%3jn*=k{5rPg`K}ZX9d5YI3x8reqAGT1vuLJexf%TCDviJgq`w!3VlQds4v11eO$1*()Z;T~F(p)l(P`f}6?_bGjjxB{GO=TCzNRDJH^ zv*9&B&7)L2bUt!t?PeVCck|{u4kond@;>x4{KVg&qKz>%?KO3sx-G0+el2Af@AtYG zo7CwYVES=E)knk!Z1t zbylT-Yg}U*=PbNw%1)ZGVEPcEt5nDpK2_tCi^Q8C5HvNnlYa@z$uH=cy(yDKEG1f7 zn(FyoY)9thRURHZ?2cik+k156H8bRIqgogV9J$6_qmz^a6;@OeIbR0Je;F>N%TDje zrRjJcN?<@&Bz0^An_3zyZta6Z|0uKzh}QM^p1}T%>zDo9VDhQ?vSR<`CELJGzYeEu z4Mnw{95PURgg6i@j}vV9Af9mPX@jWk_4AH*jQ%+kSX!UQo%^b+^x4*MPW^Z=`tx9Y z^h2O}izWRRy_VCxk-LylYYWLEi??0gZSRmW3|O-nY7x6Hj~)MEQusw2({Jexi3nIF zr+khZG~m5+4C{Otc0&0@lk=NCmG9ne5`J->v%a&>Imu4& z<;}|G+|bt9tUEEyfq^?aE`ssxw>z`TadOY8&+?jIkBYysP()R%G18G>CFN2C=Ut3> zJXfL$1ilpa#iZZSA7T+$zZwG1irBBX`&kKaCudP}P~N%rI=lSLt#lx^SV-z9N>a|nr#5$@t@dLr*u-Kc)XzQsnD|;kTIT{~vA6smLLFH$-QO=hV4Oe5O)>Si zQGk^zi++{!R!zESRPZY4dKXPWOLN#PUkM)&@%uFrW|av$+ihk0p3j7N^g@>*pS9Cn z#fvs9Ram2ILgxe!yHS zT&3H7Ir2gc+c_C6VVw0vU6jvCMtBnuyxMKcJ>?qCKA_^nPXOYr*t{<&zgKYhQB5H`bIn0{B!BMzCE#c4ZV$ z-LQ@)6DfZ$P`g9}x|QoCwR~>f;>OMF-SCycEJ;1#SNdntI`7uQgPyPoz(KV^ zR@1ty7qMyn@a!+r`+9dLjt&1{dxr{0kcMmB8(p1Ry-TrhTC_c3LtwJ^%u&D5M&u#ytKxyB}(6O%TAUNwfO*6dn@X8pvtB6mscu*%riGI+Sb7fxgU_nxkQ40z77Ayo9zmA#$JRw zuA*A``naTSlX=5V<=+8-yUngoyMO>dT?0ib4mG=;+p;>~DZN6h$Hz8qDG^YnmZq!w z`N8P7qEMz-jZlH#-YBzxbs}4`vzz-9dtE4I;$_n8LWR4*1q06%8lB+}@HF-T_Q(MC z2L2aM@900ZE@NIC2`WuhU~v;nlu3hi6&?GvUzgl^aQ~i(3qom^uO$@-lydx}JNL)a zptv{lBy!0rT#H6cKu3e216T!-cP>3dAuJsb?0~!HS)~U z;zE-kU#8E8FrQXAnO7(q5vCq>=bndjm_he+P4BE9X@xk2tp@8z`ngwU#bC^FJlJ9f z5y?+My9(Apa4eOcf>S`QvjqMR+IPZg&@FxLSEETS$r#Hz#7AO7w z><6?>=DReSyd!&zUw+%`4NVVKv5ufPw%bd|b&ktpzr*Lgj-E;CJm(J=!JM&ss-$v{ z#%Pf%Xzc9b*!00YwdpB!=}OCKuB|c?%p?2g=%9>g-tO4J<=fDbQQmL1NteFIX%P5%%Mb z_cl>b_OFvwhL?out(!dUVN>Q7yBFw%-e=y$bX(J4wqlv_{hGvB+IY2xZ8Wc;sor;P zTm{kIPjXv>yj=;qDj*)VxD_lD_Wf)8!%8XYyIxYwGv8exMrq=9S+vLXG^WLb6MR(- zeLX}~lEUDPbp(1$tyyBOG1MWh#9r)&?cj{Fh2EV6 z8t{jFg!mQjr0yjjGX;qR)qL}EG}yBXgNaEz=uZTmVVuW=yJBh`-pMk)vnnygUC}AI zJw!UEgmKrFUt{a@?+H=Q{gHh8TJ1-TSH2%?BqeW;Ub^)9;>WN8k5<__so?YLNaA`; z?R!z_Y)H}WvCmLO3z}FnBw=Oq?Rag>3Nuxeo8sc(;<8w`;^KnIlE*7-@!&PEwpuzG zdNoDcB|H*9y2kty?wkxG4>SHjm*9kP>@oK-UM!F$D6*AYx2()_s`H7&+wGT#qB9f2;zvo0mWE#;@b=M!Ex*l4QymiT>d&+~*MP3JFSRZl6v43-zmqE^s%td$yhER!M$`igg zbwuPU&Paon8{7h^{2l9#SjD*({)if3;`f+F3%wwX5ru!BhS_U|RC8M|)RFVVhk5k- z^WTDSqc2Se}n#X6oly4w#{W&Lt~86@HJm5#cq3 z#luJ3^u$Cb83jsXvl46ab0KPps_Vgmy3ogp@hi;!f?m~+^+l-H=2<6#k4z6&niTCQ zB=j~q@l8aVb9S8~T2Qol{>J9Xg4@Z4#7Qrt+TE)cJz-2jVxA8~A?s5l>6Vt{SjUUk zI2d^xN{?1V%n}7&) z(hpFFNP~~wJH@j@jHFcllaA{|ays$c112v^C#T+;;C^!E_-~^lByLmKVpjEyi%F|x zm^Fyrp&_&QB{wzkSg>$*W_3ZbgPFt8TIg`#TGYpFQ$ENS2KouG-AuAM8AsyL_L6PQ zre6y4@#}5AniWI`{T0?x<>QdJrf2@RgS1FF3Oqc$hGX4d)$3_`8OK#vu0GCQQ_;c7 z&dhu-&p@SD0u#YyG`3dMFEsRp*<+}%nFCM5MgEIc_)1a>lFe7QWfu19LU$|6mN{yS zSl6v|c()U)oUGPpDNP&wnro;?nHG$x2Pr2Q@;}P&VRTR?Z%s$ufQL5 zkjVx1&qwNI^l3{UyQ~fbbi|40z~4FHlw6H7++`BHZlbvDD8VA*JCvw$j`h~glKze3 zGUkOu%JeP@yF`O;Lwn57r;Wi?l(2K#m405;6VJ0e7ESEdH9Q6VjVIMzr^FQVD2!vv zFaVL6qyR(~venXu&laE{sCw*VbnS)KGl=Wc=QGJ|+9+TJxIH)@)f6PJek9_w%kL7L zO}WPF)*S87f+uzi?p8agWXC64O|kS*UR&`*`z{$DwbDn}+ay1=tUm#@-$y=og|v#D z|2fUug6QE8d6(pw=|1x{cie4b9NV|)gRP3vA1lK`^*SR$b-iauiHAh@VbXj~>v0!? z;I}g*U6P0^ev`EtuA-A=m~9c63BgsxO~O&Cw4U%}BAD!btx*^V9wkUTh=dS$mIz5i z4C*-a%e{QmZWr^EW4nepQG?lM3gX#ab#gdKv^l)on61)m@Q9RTIwzIvQ8{Bxao>3j zdC`-vY$O!d{Bp<`g?oN150`o4ixj;GD3gsP>gu(4C-I$a6l!M(oL;@5Zw72A9?+-S zy97r3^oInI`klJ2VNsN&_pa2GMZBnELvVOEBmdk%@?z)8UdV(j3Eiy=K!p^ytu%D5 zl_Pd{6*Z@>r>C=&p1@ijK@WgQj{2>VP_)8uMn6BQW<9xXw+m13I9CH10XI>CyAPAp za~_V44nUb5SpcUuj zBPDakb6tCSIo;MaRzV~k9X-NNg z#Bvs!b$$$!>%dpF%1xyW2a=u8({51q1}#KJGVdd}VV5*3=*+yt@9BOj{>J_XuXE<< zax*34)70*~hfAH#|1BE`u0fSfg=O^eAff@ZIyQVLs6K3i`>pJ~Cm;Se#VA^^`%F{c zWBX^VA8B1z>*a1C`vM7-Tb}!a&bX}^KOQV*l0I_X?;NljYU{nh^+jcy_L@c6m~pJ5 zCZ-*a!$JBbR!eMZsv!mjQ|RN0O9!ZA;tPL#-A*4`Yz8h?fmym0^U}EnI*%@Q%C|XbK<#-+U$DFwjrg$pg(`7__z8%}B$9P@BqzL|T)x5o?4^}0*q3gJL zBV_%iZpI};UX@cU)4c&%*g1Lb21Sla+;TyCL?yYQA!0mM9Ue>6Xh#T0UU)K+!HqW| zPcg&F2R!<%ZkH@$N<~vu^>Es6coAkEbhN)y7wbH@ShKRXXv0-(9wfZEZ3o%gXcVdU zW56y9UE8y<8WlAjh@~Ia6EyD3q>me3e+3)ljyZJK#PFbYq(|O*#FH32(H@(`9vM3wA$u5bh;clUpg>}!pt7_Fp{V8LP}8Om3jF-nd{OOiv~Ee+ zQPv~oOA^!PncGBnSF*bq_~*#6oR`KYJfBct+>a@yAZU*=XavFYsA%xr8hT4$;m-cY~5}iYChg+O7BXfTM`&uMckx{cRP|Y>fasuVXI)52TYnbjhU%R zBxI6-gn|VDY~veJKqX9pbU_81nEjfo=g-s9-XJ(UAIkLgy#%D8zW*2-+Q|h*C z^g{JpMba8?73jR0E3UJ@!8IpAPVkS7>$6$nA-(g`p2iF4rskKI$t9-!iBEPrNO?Hu z9_{;%zY#nrOS}iNz^|DfZut5#)V*Qx=i0MdxiP+qMH+ARqgLU8*RGRY=n%V=i@l*M z`qbJ}y&Vy}5-gh$N~MZJ7go)U)SUTgn0(5~9z8+yBvP+n(qtD!UB)|AStoY~W~J|P z%3h;aWqrV+SiTEq?Sfbgx-I5+2Z?J##YN!L-WooOvAe8Y^!q)8liG-d&!qYCa!mZQ zL(OQx^gWr~vC<5Dshu7A;4m}9a+t8tt%0OJ z#5aJv<0zlN1`|`s_U+bS?RltotFxOD`?_~~RaEz9nhXyW56$A9?g;RsjGT&-YQ$uN13!t5{0b$s@YSQ-|PY;(H{APh!^Tk?^Vw z;$4DbA!|I%-Q@lH<*wKRXWX;A0RlS(6OmbBXILWsW|M@j%2gPT*WOYw(yg&!(+fig zv_08dvP~ciOk@RKPm`@HH5U`!PTveZ1d_$SRMd~~DPNfWkSkjk;yu3<>d%PZM7ayE z5AqiKM0B$-aZ-r54oFcOHH()!9<`Q6MDOqNmXU5CAIh!s*y>Fn%Xm64P_Ez_z0VI& zNY|ZAU*_PWcIEKv8WNhtycJx%MK&7k9Y|0(KY<}w6fAe&7LS?GFB`CPRKdtHn4hFbg^jglWZfcyIji0&EdH%G%(~-Sy9)LWc9Dcvi_UR2Mq@P<>`$IjAZI3*ka*bFl<-ZP zc%;MXr;ewfa|&9k-TVv;e5@-3N4dp;#8u=uhR1x>6~qj$+f{4^24X=81itVgVbW! zoQWY+q7+YtYG?+SsbXa(N&m1Gzj4%91RTi29Nqph`WA7xBiRgn_nCX->S9yj3fKde z3~*GQVi(F~Z?bHP*JCs?iUHh@r%XsbC3#X~=IW|K?6ylxaWEw+-WG2feK3p?+xDYH zALmo4Ljj1k>aqz(C}7o&r_(cd7#xT-s&;x~_-v3)o#*2vvSTUD!I7jWm}QhnyR0jW z3w1(Z#b=0FEu`~?ZYiY?h|*jLg>-+)HqWJ;8+Sw9f?;zXZg`vR`5NdO*aMK)7d{%5 zA8kd^`Q-37PC?9^YmLiH-^dTPld7AVxsM9gh1Be|8`p;%N3H80*J8<0$8JW=Cs@1V z$Lk}Tv^=ZwtlA1ca-HoSci4co&l$bFCw>$-Hpv66fO4H@&6CvQ!&5DYT^Dzs8Kl+o z-rQ?KCok6UK<{1nX_)>u7Nm6WN4PP!np2K3ca+nXecpgc9*1*)EagICTVkryys!A@ zjtJ+XVP1r{W5dUW%(~bb83pG{_Y@uU;KrpcgcX69VxN$bn!VCsRT)v<{SO`VFRc`L zgC~Ao@8s2hJ|4zB%`bSn^kK^|{mwo%`efH_QI29KJR&kxdOuyc7= zoU0YRd7M-R`55{?k6pK2o9`ELpuTB;Ipr!d@-|^Q#mu^EV(Rky=fC8)Q~8GhrMZRN z?LO*Z<@T(xJDE-%e}lre1YlP7x`w-`J^et-&kmE$iD)PsjqqQe5?uWp!0+VQAH2o^ zwnAx?ZLw;|>AH0Cj2{3V7Hi&#>Tn>Dnd>?cPn*<*>G+UG1dS9@ae26cg?qP1vm|3= zr6Y*5_%c1`-jDg-_{FS1h>&q>v22ovryhKr{uK!Y_n!x3O>batJnwP*VwNAN>(GtF zsAwf#2L)n60h7nP^ox52**&f1?hUPFF6khP_v>8fo2&++>te@(-<+r(zps`3CEi)6 z!3R+a8dE;lb5w-w%V`h^j~7!jdk;~Ldo0;X$KK4DM>F7!#0q<_#t)=SgtCC`%^2^^ zPs~H9o7s?JQ0B%4FQ)rs>oYHg`I{^BDOI_Tg63RpqE?xU9Mg8T3}nBNRbWcFkUM87 zAy0BJBYNhUoh-GdX>)8R-%EZ8=OY=k+lB|g7s$hDrj#7)doK*rou%{oB~8O#QjeA1 zu9^A5dU9mI?SqYy(bE+&cJk~RQvC=IPft=6b1C06T#_OcVVM$Gkh! z<3|+Eo-?f6o&JJPNKmF0o`^ypxTVo=w5cUNjJmeRx|hbvNW>u{y?&5beZW=-MDMy1TO(?j`o)6tdSL5 zN<3${1&IHEba)fQ=Jt73N9IOQ`Ks@Dx~*LI2w+;4tYBzWL^?Hmyp$p{C1}(z(AqqC zo+y{y6Ia1^ETRJ~a!Z$}r3l@11;Ksnrn6m1;urp0I&N~qd8*U~RIJSs8s~rqF(apw zLr+{b-nD2M5Knk)IVMk90>ol^?GS*TsZ?p_QfW6B#C$T>z=3vacVpFkN zVbDss?8X9G#`@RC*BAK=r2?o5#%J(iBv8B}Q>d!t;n+-o<(O*;}siPIYwpswcK+W?gKGu@Dv3fonzztd_sr@JY{J!-V2t5 zL+2DQrwbksr_HsYAy4%oghby!R@$Iw;k9iMK^B%E2{WBdZnkpxcf-1QV;>We3)fF| zodCER)U&Ejj5=;D>7iGGK?i3XdPE1g@yu)j?tIFCpD5&KvE{sCsr2kyv58?-I2y=a z*+Ulu@5?e-#p`S8i`zqGY^d@vZ|>JyWoP73z=SR-8v=t^ ze(kn!w~fO{%o{(%6QfD5K8P+6$yt5n@pMLYrZo}W$vE>R4Xa_}zM$mJ>!yKS4_VFR z&RMQNz1!t53X$1!ec;JXCW6R-VE_(2wK>m6aPe>&q2d}(lvpWM5D8x2uEZnjSk-A1 z?5y=8mN8juB4#>R8X9hP&YVoKMVSkRyvl!5TrQFb0Ra}jR6CMqCcoGR@N*^Rw?_B} ziS#cX{g=WEsDb}Uvs1k|_Mi1)@tD8#VxhR~p6Gvm-2~(pA_-giMdMwI?9Q?7m%c%4G|2q*^$SOkF941A|Z(D;P} zzwczh<$L5t0I}UR_(f$DzU+IW-Fi1^fc>@;aY|&3w=*TDs^2+l{?+XicM30SFVh2q z%yazOnZ*@krcPlZ{pbE>SfTr4>UR4-Oys|AX!+k5s~4VA-=sY;pV0g#AQ|AA_yvQi z^r_Fj_e%REI9){a$cP_dHT1FpgrI+$BK`m^*FX+viHC|)>VH8U#=eKf9`C0a0D|zJ zm%d zTrLE>VMxNtfEMrBfW_eUUKo@wdY-Q4@BNdGW+j5@GyXntd%gcn5OPYx9FPB696*e1 zi{E{F|CJb(YRmq;mDN8G|KB=3`uC3Izc}A->IV#lMNc!QVgLT9>E9nM{_CSx0G>nv zAOea!Knz^}`l+zLv(Ufz-@k0xQ{Fmy3$SYbw=I_cOYs))TnQ?^h2*IFizoeGu!3K$ z_B9MH1^%5?)eWYf`7fGg|CcWG|G{khf9CezGq?WVJA_{zaju%&{#BxmD3!$tOlK&-Lr9 z1Ew+&!$h(Z_lwsWW=axyXZv`7bTofw-M;M3#)~Yc(%SFikxV1*!v9>n`9=M^p;3?p zhN*uVWWH;UBy8$WE?s%}_H^aHCBHR*r~JO*09Nsz2z>vi*>7V89pKSxaJYs#GWZKS z09gNTZhZbE!T<6OKP9s`)KTc^haUY&IZZxCn;<{{GX|bMy8#Gb-j;{NQ>=&nUH%$| z05?U?#DCkwZh@BVP7k}&>HcaTTzL>@aM}U#XNM;~gu#FKhB6cfy!o5Z4RrlauC>ta z)MG`a?UgQTfLRPWv8ia=9Ks0vRk>o?j!)zP`Oq-)m$K|W2g*!IF&-^49WS%n#9%tb zobOh-Z7QUxe3pLO9?4bVkG=sc6?O`&+W~wCN#HTiI3XdS!e1dZE9+qpFxGp)U()ET zT((kAPmg_F{#R3!P^s6^&N?s9&0Xpj#iOOE$@Gb!q7;K$BB#yKSAGpCr~&nzL%wm{ z3pADimid$6mx*<|DZ3|9Tv;hBdP4eI@&mB{rJ%oAI@Nw- zA&};XgpU39`gEz=#tMw2T$-4-ey@dB4cMe4%GD94Dd$#0JUP5My3Zj-mh>uef1Ib9Ey^;ya7O9-oFeWNfLLb3#Qa#NN@0A)jg6h z!8*u<6EQ~OItGKO7(Pd0zbIfcwuf82HoO8{_X2-Mr?*js( zv72C*M+T)`RDX^nCrY-QHU>!2&|-Ocx#h31fm@gak+O=4ieOQYfdO;Kj!urG(SwS? zFK*h}+KZiWSek4ldHK#aI~p!7B>;v=j#zY{b)4rJ~zZS&~vfgl$%qWc;ZXd^G*%s6LnU)Og$ zHY3sw{R}Hp)sRt@(ZmrS?ke5z(1YHrQvni1XsQnl=jYgEQc+2V#WV%rP9Ci1cWjc< z{#u*T2~hR3h;%hQh%nd*5n10qnHe*h3nV%?n%Y_@sIr4J4t{#8z6^Og*c&)q3jKz_-d25F37gKO9CIbWD(`xAG6>QHS1@6^}$DJXwhC zrr=={+Mo-q&bE+Ke&=apJFS(^AHlwA5i9O95^PM?B&w^XcLQxxk%6{60*I4ii8`V) zR$b*WL|qG0-NpuD`y$7!_XPaB^~cv2fsvf@EZL5Vmv8=}Mz|M3lFNyeg_!}LvN?6Q z-EN1kD~Eu;XD-(!C&#?V_n2lao8Vte5u9)yJ&*mSw^Q6GgX?;ot+WqZhgU7l5f4!L zm4s5#rehONWf!Z~or4b93o)XZl45#Rab`X|x2CdD_H*Z%Q46bu*hvGmz3hn(okyMb z_?S)_jmg=s&3r1I*LM>Dl7gJM+*;XYGC2z+U+VNoFP~otfbvCgJHKpLIdYhy!5A6cCsb~XLSHp=^mL90IS(8knQf}E|=sZo&R6B{$4rzuel zKdWZ7Qg3XB+crlMCK*mJZ4cAR#J^ljsu-^iuXui}ot>1K;M3WWWPp$1Q7k7Qn7`#{ zs*c63F8kmVeF6SlA36j*H&9}>ZI^f0 z@720~?}=Dv^9JzTqi8tj42re`{51fomKEuKG1t!R6c6|#L4dOX{PIv$># zw+R$p6J9mQmelYD_a(0at~cUae)$si;|m7mctK`V#=3c0aD@hywqF&QOa7Y@@rmsT z6y*3GQFy1OjF|53A%x5jy+4_yWgmx{ zduiEv?Z2M^wZE&IHf^sjm@a1@C}OFx>O>F3nu0Lxh{$}4Oueg%vGmb{N(KgHoScI( zTthOIQ6~<+kEJ6eXr-`95#w?E_k(P>XMO;uZp+eek4`DJCm6=iliu>tvM$X;Fya1Kq?j0Zf>|E5O%yLBo8-4Vgkp7Fw-ek# zkoyOA#|BZy1igFd1VlBQJE*(H_6oxQ$YO34VQ(KEYCue~OQa9kWXP1nWU1-ReU-@w zy5-uv1UrThJv5stjGiv_Yn-%}^q(9w?+Sxe62xS(dpeEDUQT%&jmTt79r`hQ^NVt3eFWv$V%)gxlBGrqo}>LDX1rGJ@TL)wqWMa)nc?1R6$s@40Uy;b`!{!w9CMm z)ED8XL8eYL-)K6swW`uKj-rNht-x>}+oc_IW`hZ_>>{gi7>H-@2{Mn2y4yS1-C=>y zmbRM&Y);ms_@e<;KJ!jbN3-7k{y+}%F1@0=Ipu{8iGC9>~Ro5QJsW$V_tKDf__r;3qkL$o|LWZ8Oy(Z>Q>QpY={{DEem z2=U{2Uj!=+XSSa5R5hXy5~uuI7~J_zw(ndzNW@32`nYZ{yohMUgAWsgAA$zQlojl@N4RN0XmBS#G>tyL9KuY21S4jq)qo%Z7 z=tkPN)-22%Mh-G#p?SmO(N8UAynAm%-b=K3$L_t8D6&!Q-jFaHoTL)vS&qyuX4Qdq zF{^Ink&7QGE=>p>7fZwpOOzthEywodLqm|$3=%%WpB~Qnl$3Kvyjzth$tX`*X%#ua zo6dFDq;8$eR>{VhX_ya9=HKJgi@6@=`CE?S-9GserBHcfz@#%Vpf)=2ts}&9H7{MJ zIS9X<>eNIFadjjPf#7BB0b?d_(E(}XW?i|S$>o(U?Tei}*mQxsmDk*s*$7UbyN^(r zm0-Z1mR2CA%M@-+t*!PLvpu`QXMR66G1FGQ)KmURi}}1C%IY~(Qno%8raM*oI7U~$%-YhUHz&aS4ZF4*&&CMKYCK)4O2Arw zDl*3W$!}qakSRF|j)YkC?ahS0%lMYKsQa}Gw!`bbohloeD>*E8Q=j+1_}E~_WB6(P zONp^3>1-~zVwDS@YxSWaV)_XctX&;z8&5O-sq$8Deb_1ZdL1?VH8kxVE92;Z@l1(}%=p_;F{6?>R)r4h>{ryD z47r)|++13PCg`Aw!TvYz#!79`LuKZw@8sPaS5^@Z9`v)*cF0+eAjL~Esum8}pX9pZ zf|{>qXMpl8S4Ys3HRj!kOZ_VY=p`LQhJ1G7w#ojg%b-=Ih5(m@3N*blabJ#(VA46} zqE}Uah(vN35t=~V`=OBZ`xN>^$P*WkMfVswaU+dHvSxX?)Z?qEf_siK>s6h44A zywX&*-K>*6PE}>Ju*}hWDv?pA4_sMhYth}ock{P|&!h$qUK@7qy48PlC`gwqEhfp^#UJV`OGZm6FQF>XzqcV@-jYiZ!eQld}^KZmL*_6P0MerVD$o*d^r z>q{X3LHIL27T#2 zLti){1UmFfJ=TUgQR7vXR&HP?#}`taPJ!kUpr>vMm?o|g9oN!aTb(Gm(nUm1@q_-w zuDFU!SMX*)4G(7Q*lVgwUPQnpPiMHV6p?3!&M_qqq%E=58L0$Mj^T3GA_X`flF!j{ zA1<-8*G=yXF)|E;{I_KTNY&upSsT>duH5;YF?u3k zbxf>_jgD)cPF0?`R#`bqp?g@v)U2P_v_nhO_Rb^>AawZCD9+za)q~(glSa*Zq zZC@<|7rPPG82n_cGcN6TJOqhA=B1Zf9~1?6?8dr9dmGZv||TvhC)bh>1E9qBp$l4XgNWM>lFa z_@Rc+Q9wTNG!r*!>GNuMzP&x&1YqFgzBREpDpgRLQprhA*__p;WaWZz_1vG3 zX;v)vp5VIva>{*|f3A7z+tHy%XB1EQ&h_&t$U`$kk1t48oB7Cb@SFi&QBd>*hUn?k zp!S+=!$KD0Vz`*Ix2BpEAJ$+$d*o&%Vhm$~ChUrf zNW&NH>~G$zmUUaY-zm9M0Z|3X5-VN=vbRO~*IF5PZ$pEv>JJYhPr^MPgEHBaD}*Q# zr^=nMO=G+#6&2Ly5IvC_CKy}EFG0cVCD9Swo)#< z!ANhJxv@DOwrB#L2UJzy0=t&VXW6eFbsB*2Od61c^{ccFx$4QAahQLR^adpql7N=(D9GGai z_8PNizaFrGN;5o61!Bn_+N@Fd6%XGeo6A_;_~COqYTbYBuf}Tx!M|uyj-U&#k}?>^bY6i@o(066)lLyNO^>?>xp1HKUHk zlY%%72|QiLtM%Qb`BbFk93?Cf@APn6<^D1>guO9ARp_E1*K2Vvj|D#i2r)uJ%x(TS z)GUu19Xyiqi=v5drZRw9q2GBA_8O2%g)fDrgxK855kS^# zJUkrC7Rnw+6FZH8iTVS=**|Jhy!Us-I@g8<7;Ex+2wG|TJl3+v@@yyhQnEqTa1Qk$ z@u+A)t5$;f;*gkuF0pPXF;H1jCwy5Dm({Xjp_KfGkNM z31JB&ED4#H>b_>W|ARi?&Zl$U^*s0UyPxxdT8y}*n?_AL!} zByD!bZ}{i<`wvi%w={B6W4MI?gOS}daYJ!ZSGaQn@9kXGimU7f8XBMB5$(vZQO{md zrubEJK#rj8yRY`_aS&ZFKKo2wrJvVv;MS%{ehHb+R{JVU{K_B?@jK6faL;`R9S~mC z%=`Y1lMg#Y4SUjTo0X3g6v(nC8(auXc_q9L+{7)a9?izMW z8Eh}?xSl?zlI0yW#!y{xDN?c60U$s2yqUgv_L_eNBH}0fWe<^5V906mjE_iy<#USVd z{q@N*%6V-w1WAwl&di#JzJM8yHEa*o4eH^G6p;L<{&i{*Z^-&@`~#{{B5bE z@lizc`WtGM7&g%@^yJ;nfRH}qARZ(FBgvk>+B_wBi{`RzE#2jUV4aXrD%374oeSU( z`;874#q^M3FgBHV-8wEfLD2%mr;lyS7)?0n8sM*@#GGMI#u_WMZQZ(kN%OAJsH7>m zq%k@7lL6Dd$O<00V_~J&sRk-*F+P*V#6_HL8x-%0JKZ(CaUx4DDez>b^$fG(Y^xk+ zs;shSQJ`p&_Q{J}OB{Sq_G$Q()@7Dvrlj6=kZ_1L4Q&o^ml}%PI#{Q>{NS8qW@!?p z9N-bG$&Ru(OcX}?pB|}!IwUD7!fdn4bCz4@^R(63fc3JLsOW+?1h6AeNc13|Y652e z2k-h9Ay@B=%v>rMjQ#~aNq@dnJUL~ha6R?m=X?9sTQh&eqdsz_of79$&6I2FwR(H& z?kud5=#QhkiuzJ9K|}mBG7BQB7^MV!q(4i4pVuS3nAZJ=M6p}rH?QNC5-0G3SWH%$ zj6NE!&)r}oigVxA*r67W%i1?OjPKjGCHO>{apHsi%YeFgrViViXTNh89(gArZIk=n zslHd*YkCf$?z_wE2~Qs6+|p_OVgV@+9{U>yKL3Yc<_XO%V*`7-Uk=k%zye2FNrXrc znBcOv3nlv?CMAE`@dcHLnwj-dAu3(@r{Zbl_M^iGerW(gZ$y=JqH24Hykx#(J!Q7z zK4@_UsI{H=KqML^*7x}7dl2e=V=k;ar~ZKBuCS$vRu=J@I%Qo*sR1Nq!PBV3^Cpk+ zYsgiEq@ku@%6SVV$rPa^noq(fG?22MUFK-lo_zc=G%m{*e(aoZs7!im#Ceg>bcLp^ zD9E1o8n8&Yk&0a3R)(~9=*I6Uo`8y?pwY=8rL{s-&5@CtRCQ zN4UMzV_RTKPh9K6YsTrk8Do}-vs^AWIY-?j}C`i=S_3m10bYE&h$J)V@RjC-2=5fzJ4jhHt4&tY^U^BdC zmC+^6=UAs7Kr8FN0kWZ?E^@RmMDw6; zf_ZG{RIDEXEr*4EcjgKod8D5ehkU*5nZJJS!Y^C_+2GB0)@}|FAp7K!3?ffo zlm&4{UfeZRfxN?69t<5g=)CihkZ#sgWIOjOBmU=+zJE$l?PTB-zlnlh;2UcZ6;&>wKB%GAVzLAVLtj?# zhKC6KsiYTSQEF~D1ZSQZ<;4UY>-c~cEX+o4@y^tQEUyw6L+I9&SlP>K`$ICHMR}NM zxYOD}8p@;tnkK#oKgKxM$4tob86O%l@v|*sC1@XmzvpkM!rH!7@kQk4+wF*IEIMn~ zjQh=3zLD(I)ORr2Tb`lv@!uzib?(fm#EXH78MIVD=Q>i4NbT;_+za4+M zAEZKidn6{sE(f4deL;!o@%a0;VBuPOLmX;pWNJCCwp`fe#sdPcXQR1VM z7c?`%yzQK9Y8D|ZO&9$GQ6cY2?hgsbz>g_b@>`8QNOuj!;pZ0au$x3wewj_nb_+L$6~G)T}PhM z5%a_ol@zF|AvxAyX-lE78+6xcRKP2+u3A*!iMY-!m;eAVjK7N=o?6S%D=ziVc}v+& zzv;?-+Bi(`6mT~zSgPC=R?5=vf5Ks-u-Ks2%&7Ny@A2bY0H`i3StZZe6TE5M@vo5>LbPCC-pv{EnlUz;zu!K-V*;1&DR)4O|` z$}1O2ETF2`X!p7r3S+_c&*!!O!YM&tlSm{G#{0FkIQle88KQ^D_vy@c&(OW?q1H_= z(l40>B9S9?F*~bhQ-j*`u!^Rbo27hSeVWV%>5L5+YN>{e^VXO)NvU3#cJawlt}dt)=)NTslJ18dg1PX&Rm%bkP2=5B@E z4oZmXmZNP5{iIuT%mh$o3K*-o(Ym?e$RNS@Hy*9lO zp2zXh6>Cdql`|#G$5+i$z$RRAgzYAF3(Hz5qSuSg4h8;8Ux0NEtS|Ql`t*0d%yqF7 z^n*@LiTGgK3t`+aNTD$M$bm$kmCIpcb~JY`UkD<zNSLg0j2wWOQX#pH2+uC3RlQKhoP`_r=y|0yQv?UT;>1V5 zk45T1v6vv1=*=`JBAH?{-76>S(X!mS++@ZV=)ZI4|HJx87egJ#g=1s9CaRsS9l5;x zn4mkpt%^`nL6^ylOarw7!1kmBH zT3S*aHp#WMatfll?y*qXqwZ}ZN3*`M?^ zFemI1?Qr0c@-#3cBWR$nycBOZA;1Y07Z*1`xtpohC*A#gdMgPD5 z7^U0Mj++;e&&QWA#5^@>{*izod<~d7C*DY*5b&+<3_Dmkk} z&Y|S)8pOk`(XonxR*L~Z^*P!Ra@(@ebGLN_VrTPXarS(Vmv#i9o32MZJOmT7u<8BS zeB8dY5TS8!Kl|a-R`CAI+1h!M+cG0M!RS9O6xbx0u)>8dQ0>;M*Nmx3yUFT6;&}rU zI>UHNfupu=R7?$MbDMjgK(j>ig3rG*MQJC5?JrL)U%;lM0l3p?kU8y+R}zHnByYOh`Z;di%y88vN!fzUoaNEBTwH$f>?qLbzF_L7xXVMw^uesybM?}Vi`4T!-u+)g C?S&Ko literal 149078 zcmb@t1d>p+Vu%FBPBJ1NeC2^OcqLV|KN$BVh;L)j;OiU=} zHUGcyVDam#d+btR=lKm;@;_FK>$Bzxf4kuNx(a{~h}?kdV_^Z-1o9s2=PLx(I`@ zB%AMWLF*R6=2!UyT}g*+uiMMSWX2~rO~;6zFot)30zi9ze;3R9pKL?i2VlVK?m&7f z@U>Vmw_hEpCx znZUIqEhApcY9uuYKS$ebOZ(WHKN6lJ#qEzSht8bcwL>XAf9u0&CzQCyNwmE>e#w&K z*lw{G)PqjLvx1kk5&u#U;W$6+fyh!e*^N&A60Wd$L$1Egx8!$U4!5HI-mj>@%io=3 z%v;W=LvetB(s7CY7{oR8b=f!i8;gYQ4RWy4o9er9&mFDDy?q#eV#c4t*a28eeXcQ9 z_LY5R;h2i}S59zI&h_dmzJR&GyGXxev)hkbLo}K7=4I3E>zt2R!AEqG_#X+PJ~q!E z)~4`6sy$K9=97H^-Q80#>9a4bZ;!f3p0!VB6v8N|O6IN~-KpykF>-Y6`?H7zn`loZ%1`>s|%|7=z|3lP~=5tR*gsyXLWVnzIJ}u_-*Dm3uz9pmRIC5bE zOi?XE%7y*yzEHPUj!btHt;~UhXJ1+bUd+L10_f{Iy-{{p11m0GoOJnd#-RdSj4wxu zqhpy#$*B8;N-oPjft4?DG8#3MD#?U~3L`zzRaMTi*dHwfyRizL|}^-G)LejArXay9HJ9&xVM)J#_SK;Wbf2j4EZ7)?uJPOAf9v1#g4!6C>BmuDGup5KZ0bZ|Bqi=1aB4 z-VZA_0eof4jaI0o%0EK7{Wv_^E|n)~fi=L+zetNdSmfp6p=Ovc@@mJto{Yx$j4aH9 zH}lN<`zuMAN8(Poh(1s3%VZRG4g!{E6g!+5TK!H9`NhT0UC5-Hft0bHna>mOdatiW z)ok?=mCK1kTip>?CIJKk!hm2}`96-VfH-Ybz~DDp-IGJ=bYnyCvA=^X|6_h8uLHfMY^*S=;HYQH}hM4V=fvS_D? zfpyNA7s?|#+dHiQ>4K@$II#Q8$~t&6*+`DK=i?!O^+%Vw=YeVBs4{;9}l^# z9|h!;vK=U8AcyWb_r)SFXx`GJ!f#6el9f6;EPyc0ANR0>gjQy z=Fz2${A{xW`|TM#@?8+{JUKt?VL`w7;R&r+71?|K)%&PV0dK00$ZL*#*`P0j*xPxy znMlAJ3qdUqu4=aWwj@Yo2G^O@C^nCRJl15Yrr59$5A{$i(HQ>r>kq(YJ25OG`an`( zfXh_n>5UI&OP3&OtcK#vWLoYqzb!%Fn1K7lLdFMo&pR{blyg?12`{ro88YmQ$SURV zI&ap?t3^jqSK6gX7-Va6yDIU8t5cT}jhv4t)VeE{Z0mQu*^&jT-V1Hd4^Q%8wKs}v zk(1ucHlJ5t$y&=bX;%cq8g-F%O7yml{Iw`A8^90OW1p{FE7Nv$oz zo1QvtN_Z(Znb?9XJMJIIMN9f%FVj*C0;o=kdXljkjedIASKjx(l+4Cb>MGVvH7g|c z=+nI2zUX}2dF7xlY8X4xbY$l5X5;O#OYvx1-uumzA$AN1GQ6XRulVS8{ygKSlS(yCaI zA>lG5=N~tBiNaoMHEyE6w^(8+C{+R-2_Mr`-GlGxkdZY@ z99W3Q6P48do^aGCiPHT2IxXwFKV`%OKH?~D4P2+fZ?`g4vv@AdEAFuAoYIQdf8MD@ zo_$0NN@?S1>E;qY<-4=|YU){=2JlKLw!5j&Qhi8|6iXJ$2ik`s_FYP?P;w_BO6*{KK13meKr~M z?4fRZDfIy4snqcWVqzTXc2a~`rqKFVlPv0% zb7WQVnyzLy&4UOIl>|12sEBi7T5h{cM;%jfM&8k%BMksCdvl;!^lPX0#rSOf*H)#I zPkh=6&ML?3=sgh2uP-;av!~8ZnLQf}3X=en!+HCXF}hRwY3`1-EQH z_6<>=G>?ICfV|%=)1D%RVylWBTfkLSqhaplC*Jdir2CO*OAUil=C9&ic^*q+C{OEN z1B{nDxFs@?cO`jOXH*4eQnO!Wn8|&dv*-P=W30#7R>0On*Ml2r;n@&=6}9Dg_9&B%2sL zm!);s6x~mFR|frcO4b-xO^m1O=7O0OW$6NO(7kJDM|e!-q!zc^toPRntpiw>)aMox zi!TG}GECmAYSPB^wL26#eD4=#&w|dA8XADxXYoDnItM3n}i&`!?aYP9e==9yp;K;9w=VLkut0J+NY=Wd~3dcE6Y<9 z7NiNzH`MSJk^npMob{>f@gET>=J8`$x&NIlD6H<8jLns>J{`*uH|SJ7t- zQVQx>S0TAks9b7HcmciHY}!bzjCIn19-(I|<2;zYy+LLlJ>PMjd)V?)WB3-61A8d{ z{rIP&{NdQD`|VD>^!jW0!t?9?X!5KQM>pLs!5+Vd^W-2?_G*-VFM;{%DNt3$h^^yrdMqx-wpay?O`x4)m0dZCGi*vv0g6 z#FhEHN%}I@w<8-}l-7T{NVpt7Wi9(sE@ugxBOJ!i$@xVRTttjNtHMjc3QBqv)2NJzp zfBg1(^FAZ=Qq1$1wwtAb3l3DqFpaKPacmRc>N5WtjhaY_vjA-l!L#cimP8~c`XGeu z)VfQ_vVFSwU-uYd?ZY98!k|6jkh2cwUbR^ZWrt~`c#?PN38wHl&^IMAcF!W3Jvp*9WZJc?wZ{ulS4jQTGfdUZKHH!?a@s zVK9a+AKeFSXUX>1J8qJKHwwzX*F&6{P9@lW(%@m+;$}wKNI;)Rf2eN9XRZ0w0Dw9y9JoBoV6jA)UykPLclJBB_7 z9WnXP>Fjw@?f+2mc6Afxkw1=DN_a<^x_8x+JG$pBeP`4*IQB5G^$@?AB)pyrmhJ*S zD|{?hd8-B~Q!%CDM+@^oNpl$a|=BpH^WYWXVH6wCF!%=*j& zq5Pn)F5Ub3j~VOwEe-;|T}bhMu-^SasC>|az1EC=I4aTI5N6i22ttwR3zk&NMdq2a z%DOBIS;ThgQ{!%~w9jRthLK;E0K@Yc-O+a*OB#D{3oZ0Dp zmHC>dd@e&px`@lekC-JJu#83_hA=_3%o;VvUO|;FO}jCN$isfnbjOeA^*<(yl0^)V zo?uZ3{2-+rdB|Lbr2#6umRpw;=X-jMha~(78sw!udGfK&=c0 zFyembn&1W~%{NG;sCn6uXHE}Do9WH};bmr2_r*ssoVM`tIZ5T{UJD=Bx;xAefkzVQ z?eNJ|2z^Uh6%RiwU%in6y#u4SncF(QXcwyV{+V3uZvYgsDnrHgiFfG@qIW?8(}L4) z;s&qo5JC+9xTS;O-GDa86IIvyBTz5SQywMvPy_PD@z)#Uet#(B==1e2n38Fg#RWR z3J)Kh8kh6r6IHBIWK2)ACb7@V^=B#1(%GxM(yR!vB#Cad>V_adH@VwvCSa@($*C*O>o!Cj$ zeuuz6F~auzH)Iw{#RaPZsdr&X)@-~0t?i@(ZEY`W#-CQ_g1hL;oUfJ&MW}dFpHd#* z@HjcC#jGg6(iB4}8?`Su?p2a#uYw*>9|9*XCf4&pvd(j1txV!WI)<EO5s#iOyg5K z_vDG`-&;UVnrYr(mnnVqPYAKt^P^_9n7rg$6=wYiL})WF&2Vp2ye`;fn4zdbl?{}8 z81BE3VwWLHBa}2Ryrxn>6Rz1|!SLBIp&+Fq8ns<`X*<0Fm(zTh$0+FN_p(P#-j5riSo7j zFg2&Dz}b41O*7)?1x*raiuYkfw+L7%-=dC~6j;V#7^lA{x3hYp$#oK(SY9vED5^H~ z6$^i-3MBibRJ&iFBMkks;s+;O*szq))GH%F`B5zB)feE?=7mxDI#J%6g4j8OjPvJP z`w=k~g>R2bu7(`0$5Ea@2O+@ek<7hxE9zJ6uMomOX30G#QHc#`oGiP+h;gye>>4pn zc3&eNz+0eox-!^ecy1&4_8jUy=be1U2C`F{htcYuu?3*)l98ex2DE@Zt%Fh*%_-Na20a zyyV{!gnooqj?s#q{vHjKZ4K5SM3SSt>Q(hCm*89$AeTeS8`E*FKLukUMF>(l3*vx%l7?gcQjEGSpVd0XZ(%qM=Q;{=)$3|Lon~;04Yt%M&FmjnwY`LM0NtG4wud^f&-jSByp;(x z;@*)o;s*Nj0!J!&?dv_?3|ODfRXi*mHRkHXVf)Dx+Wa=|0#PnKoC@x zLoN4sB;+qWrZ-;m;pt`NuH|iD2hcb!s9C?k7M{dZluW(lvzC@lFK7pfZm`&VkHR@~ zNcEX!>-d+Pd|M(}ub86%vM-8G!C=EKNz9*S(s3q`e&W(XtA(&sH&U1e!+BbwGJ8+< z9hnZ@W+<$^uK7tv9cQB>Cz+~gsrm{_w`r>Yd|pgqWFDI#1zU}*z79O?P+}EHuqgJ>iv^%%gw&< zfhM<<$C3+lCtcZR{`7bn&d2oPOfYh#_Zv*nv@IWG>c{b*ow_6t8dUtOr;>@Wc4Ma-c*#^*&6+#y;n5)#{PnM1Yx*?;^a zn*4k7!xahQ)xR?;r{C^u`?H?(?hn@#kEr4EOYhYL;?IA|>#Nmu_S~9Nr;5o8=qjRphlcsrFzd z#jdZ{$^MrQUHF7a5uu9ky5Qev24SPbQ)>=zj$eb*KA1=mkX(Sc7r2SPu(Lt?C66e>cr9;byG}a zcrV+V$FVa`Ps>>@nge(h%w3hQsS83Bc?CMd8OE3kU*P9S-vA%~NtQhnu7Og?z6(WJ zt5I>um}auCkwjknAPeyA0&U)lH2r~a`NU&cHb`fE$z}J?>&DZY+On<#EC^e)$X|Y1 z3m#(_F}2llpKYy+!NGnS{O<8+zcO-2cy8*bvpvr1czqv1)v~(st5E7+*$n-=5i<3V*I8 zS2>k&xP&+2qN8=#6Ez!ObEmqX#2`#)CNCtZKCnNEJOAqt0 z6GN%eE;kBdqHK34r0A`FtmCv&1uKedZ~VZdd7aevkOLwn$J}W(r!hk8H@Qt<3=@ZP zU`2^2g3wh}9HPDtn@0}qd0{f8C)1Of!2@qIuMwKuATZ!I@a-l#(RDascHw}{bRG+` zSvsPdS0f&ak#jJ2dsLv`oqO>fbSvnV9=7J>vGa$x?s@Xd-a8?PrbGq1lxH#LJ+!9_ z2MI0&L_r~7x6#2X_I9u7bDyT)_yzglYRmNK^j&Eu8|IsH2P}QK)iq|ktnE=WP=-Hb z)j*YI9!AZDmQ0nYZ^p8sy!vyIYw9AAs2xr14-Z=MCClY{?AvQUV@3}N`Kb6$H|iU1 zj9ljf;77U(E=Ih-wzEV!5g|*GLSt3$Gz96vLCLGw3dsxI@#@=HaU&xl)p$1VuR&V~ z@@IQkwbz#ni+*Q}U*3c?#ma6m<+QvxD?=fui8SsTrd=_l0;H*(p2O1;8{6HIp_2o3 zlAz*CqUHB_d$n&s*3-zR+Vb%a&Tf&@hto}CqyRpXgw)+lf#LukbPti0B%+&|F!EH> z;8nsSLlURHzOvKH`tOW4P42~2 zztmS#i}GO%T3^eTVd&$LrAV~Utt{bbe{c7c?^>BvXLbBggYn)dOh7^&YtY1hVUObk~`h{h`RDoaV~c3lS-r2S5uXU1Kh zclqLMPvX-|^#TSFeBC=HUp|`D=NR+?mMZdiq!}EaJZ4Gv6=ti?wkS=~7?S(+G6Z>rvXoM+c4^_dtcyxh+V) z?Gm+^JZ9n|rWHGW6NPZKr!aG+!{|l}k*MKPXx}zNq6Qs3eSvW&#_r2Y2ulRy6C=<& zFU+Q!yvyLcO*dXnXu07uqGMAS^_@^qH{c&x4GD_ryy`LBRMNUI=JG>$&1knAN$@_a zY4zvR#ZVIkF}O>shG=&)Tlr6CSG@frwgDG>456p z3mLKtZm%ZN=wok^j|tN$f}PUWWY#A7{DmVA* z`H;RGP*q;{VJh%{!}+K8^!dOuPsy;bR!AG@Pe-W<<0^Y%+h zQZYRaRZ8ZjnsE~OqlWxTBJVa^$|a&%T8o@pz#&`?SneD#Xx8v^{{!`?67xTxx9zh) zo%sJCVx)Hkz5JL0)&GIZ_~BUP|E0kpEGX1K`2QNZc#`=j|0S!njA8%#ypcLmF!O(~ z^nV-|V!>$tUq&4)?(&Z$CnRK`pr8QN)pvgX`>6guNAEt8l9E`sxU{nWpKAgXjS7vx zKrv<(mH?gqt_RZxP;+tNw6L@sLaO{PU)~;*MAG{IKTvA8|6L%aP&K$xgE3#7`5-jV z1j|3ipdvqX{qg*Nk#g)ooLY`zN|e5R)sU=@YxsX zBEqA){u4?P_#Tk0k3rF9jMp;d;VF=_?o;r&GyiOA$~4_cb*^OpWd#WIaVz<9g~xom zcDFP?0}{$LsT>a<)8bQdnG*$jEzq}590%5ozbGkeoq%UvL>_<91oZ*^%lH05dX7G$ zn5dF&nSOhcm_lj)nM2PpH3WF-!g}=@n1b(1mr`M)E>{7UsoEoJIgw4MGEf+`60H4p z+bKjmG|Y*h8ODO*7loTjkR)hOyE2W0`9;iuej0gsbK?Spb^qifz^2WqpR-?<(!Xz= z=3tES7!F4(E?0OJBL&@Bg2$&#_3B~p+2>2cZaHhP6d_8t0d=Af%Z|8J1?(ynx`;Kc zk%3|&z&I!vU%epBtfm^qBXHVw;qk>yGKEyRtep(s8u7e(__l6<1eUL+zOqs^Xib|PmAKi2^R9gH$DqF_RGz$AJ!SqbiejFpRqUbb7J zT>N$va4Zt!%Z|B334cD!+;*~(Uo=sE@iA0-HSx^YZafVyLp7=Q~t1j*=ZnFchaPyn*NnZI0k@pmB+Wv-FY3f zZ)*TGwi|ap?_nfuk9{APE}F@1o_GgomWf*>TX_g^`uv&VykM3NF^=79-2M3M3vd43lzhNSzQMr`T{CNbV-M0$k&48s&zy zdVxYDRQj>JqiHMFE4)^38xA(qk~jAdl#e&zpktJng6PpCJXy232|97CEp`VRj5T1E3NbXVxw__pcu%+Z@wy{f>g(^k@ixUMaU+|hQ^g6t)%$1u!`ITO3)}@-9p)9w zp+nr1eedra+wZ8glt`)bg%N?0Y8@OfHhT57wXO!`*~GdRD;=^)dU+BjGz!Yy+{W!c^zgmld}zBT0ib z`>wf$BPK8?B^k4g6tP!+gd+xjd#is8VAXjUxwLa{KIg=fQ;L1pZ>O!luVAtzLs}M; zFk&#WJ~#EJeE%(k(+YToir_^neBTOBoB#K|3c$x^|115;DwkrC-LFN{+oz+WqvGVO zpG<&_og0Y6EUKLZF4cFZ z@)Lqywq5yx2}tmrSrP5X{O`4utAs0X)-==t$!`-eD139GRQ?pjEywHkYV%t;tlid5zDsFU;hdJtZI8E6zm?cwovC|e-fsn;cmw0zjQ~E^TL5oBuH8Lqib+;f!Jc6ss2{0S zL+z&UcqUwtcPQ`OEubbhw@|A>t-G{T#7q5o!;>~4$dC6hQY_X_7A#x5i4gf$c7u~` z6g5WpXoh}K4P)FfxCvtD(R0Xo`2wa!`-&3`)d6bq+Z>LZ{Y$j|8G)@|#Kq0ms?6l0 z@`{_HTO{2R#c-0)beZ?=*KWb#vp9`b3G-0Dy-mS+%Mw?yG0mwxlSz-QYoIULdSAhP zPTf0q+0qCfSY7Snd+|-^1KH)b;J(MZA-?7GSF#8&scH@a>Nojgliio-yV%p}UqXM# zoS!I??~>=_A&8_^Z}+|iRbtlwb~%N@`fSfJVSLfOatEfjg#*7z*5!|%-~~fMq8^6q zMUQH~ckA_QRj$hyNAyxpD+#q6&U64PgV@kGW!=bd4)|uD!7JZu&V@01lb^?pgfS)a zp{rcAb7{pCJ~pSRiAR78!?xLAEDt0A)hE;U|=u3lFqV#H4PaJ~|Hd~6E` zuZ}36wgN)gk{U^*lpD`r!zLk7gg~}7YF@934Du^sU|@1PKHgsr6elrF5Umzp_v9L8 zOu`t8P+He{pk~0K*f=|pzR2cLCA92Za5W@$GmQlpDyeVN)vj2wXlGGfaVY*(EaF!! z@zZoX%DFTypYE|3c8X_+%^0^rFg4E1UCzEVMWYs`a2M2%qS!6u7i1VR{ZQ9ZF4V0F z%Yf6eY9aQtVM2+Guh*2aWNDlkSdMz_m)t)j7_IYs^RUC%!F#QL&;#aXMy_|k;ALhG zRD2e%qvcYLH}kQ^=dH$ba)owtzb&{%Es;$o2~N$u#>AZWWqDv#mWUN|#HJ{hJji%j z#>zsni2(d;ijoN!OAXyxN4Kx4I9{lxKufo7YoY^cV`QOB+ym>W>ZmZ`WlCJC?x$x4 za!5(SyUBcfo;>ghwN4}_D^-$ydP%#v!SwU)f8vFO50}9MSqL-*Bjw)<#`$mxr2*{~ zSlg?BI%Wkt75Q_THieZ~+Uz)`2IwLO`tnngQm$VGt5I;Kh1k*?_!Sh>(dB}k$!jlZ zXQ~6?`oVT^bPyS(0lwSQS_O8>&lU-b zsEA!N$*(5t2hL)OEb=e^`7UC1-5Ngq`Bw2?~BNIjErH$vjw zfg$DQ!5N}uqCPI4wpA+0LdTrvzW8zKL&tEohvMxUFA<9{6Lovkp}0F?{M)~BLz4`Q zz{pC!+;|V0ea#aYWD8><$@G`AfG+cr;nd@ZP;i@)K%8bix{{1LyY}-wfmR3u_Og=W z7gMhQP7QBWIYGDEv7Lg?ZaNx~(YMm}z=7;M*&9abKnZLI#h|B)lvztz{lCwZOB&DR zM-qQh!>h-`;^I$`R6VKHw($R+g;TL-oz|K}&&%Y|>QY9NX^MKB&5af^5=h1(8s=b$A}T$XtRmNNARvVJ7DoU*j=ld5iypd2%{&oP)9ImC(_-N< z{>j!?CwS}{DG%nkA8@nTAdhBCk@$)3dvj^L_r;s#^pJGEi31W$)!znldHM2QHGZ~! zianCodIt_>sdRzcd*A&E$adA!9p^_ZhYL?WOGm0{;6glo;-`)i^B{lP!|r#A%@1F( zj2gpe8oJbcWoiE}pANUWpct4RcGpT!Zx;Nn@)-jeNe07H&F&Ib$ACS(Qb zZYBy>2DaXH= z0%8caJ}5x7tKWC?Gi>MD#9kK`iY)1n0*w$1M>oqgMpJo3cT3|=XeI?g>T=aX~u5xa$XeN%4 zb+w%zjkD4W6tA?S>@fir`5OSA7?tbKU+^J-7lOmLCbBbBau=I@+I&mOCN<99>>hYP z*V{YsJ6m1{QD=Nr!*%N$x&1+Ddt%u!Hg{HI(*aDpK*gO zybgzWuQ$teqp27>Ick8RetM9_jVpstt79nRg=@9{r59Pr?bDZc-7G*5vd$Nl%+uc3@^95Pj5CcBhs^P%p$H}+H z<8k;bkO%x>38IzA%LNBrY5mSyqOjI|< zKu7G7sR3E$kI zu1&l_`So2aWH+^r&8duf^7nr8dAs1T!lAR59MI9_;5sc4(6nTlbDv$w!Sql!Cu7=UkE64Kb(# z=3MnicY+?gs_ zU&odrb_1L(x*J4gHwEyQJQKgaZIgO?+C%xqfl%`RJTT)yYu`f;=Ij3qgzc9oq8c9B z`QOb_GTI4HsQC*J)`l77#87j~oa9s9(ghPp$s}BkX6ov>F$rKqg@*ei3c){7nbx#X0V^Is?#;D@u_YXe- z6V5G_uJ>b5;y@ShU2g7(WGjAHhQDJ9emf6#PB}@rjQ{aId`sl2D?=a0Aa<>uKzCfw z5fQziJ&yd_7jV@Ti@6Cxe0L7|jxT&`?os8+QwF0mYi)(7L)C1-yI4YOUJ`M={nJBB z{Yp8fnFQ0utGCH!b7bVIE5Q(fPbw-x`dAPpg0Qq4y$@-BxXc1I*ZZAnb?ceV7`0MZM)wBYn%H=3$!Xs*n#|!V5UspH%c<_r90%67{GMtnF zgj0@H`eLN6ZCx-K{f>{@75GS(f~0jlPt3U&PQA5hZeMtME)JRy|wBRI~CF=(av0s$;A8{cdVN} zJJx6`N){eI%wy!*qu}(Znf|BB?VUuHKLp%QP^hev4xboQ^tCDI3we_g-@ z2JRDP32nsL0K74slYT*~3{dMY9D5F=K2B9pZto?U^v)M9EdR0zEtvCI=V>C2*tmtt zZL>lWTGT8$*P~$0Vb*J0+CEdN&RZ|oU;3jBzk*an8Tyz6b(*A~{QELsqRSe~pw%`) zxMwwf5B`90j3qqUlw8x7E)v^EkUouoFs*~ggUpLR*ZYmu|7Js&=*I`cXH9PPW4A)( zo-HA>`FQ@_XM%R`ug@?%#6Fa{zEAl6({iy}7(~hTyXw%jqGHQIiTLzK)gOrU^hHry zbuVOGD39=^I|IV9=F+W`$Ma90x;k?&S^h+2&uv`MLcaP$Q9QyqQDj6#YnJWZ2s0E! zZs~Nr$WRwXZp7#w1x5@dKJBEYN7f6oAr3b=-)uxjWCcv2#a-bc`HkteJwdT^8i@I?{@GbTx>wj-l6!wrK*pWICzX#o+PrTjJPLNE)jfL=LwHA8@7)yb_ zF>EA?%wB|_B_fX1S50#r+mnrng@~k5RKBseb_E3ueoAV)2QsLXgvMX4ai0yKRAS0) zH#+opPA%MYF_s*Ke-+O4zl0K+Z!_I8X+ix_;_34O_@|;iIv2HwryFu0L(^%zwAe;- zSt9H`2+rN~S0!5XwQlXkV)pcMw{FH%(8`(5f+6O&aW*%%kySfR-7sfvHidKFtse_D zxjn8i!|tk!%4|aWORs$zB1JM|)hqV}o!6n2b%X@igXjdNW&**xyJX+agSKs z*Voz#IgvSSW<*w^;8u=8GsGP&uApkvR|If)P%dD?uJX#RdG2u?BCuhkmuT)8gm33Z zx81F}67kl<;?(7Y+z7iBjIl%}lT2y;kV0ppFIzf3SvFC`~6>0@Y05?<$aVB-W8wiqCd=`$nNmrIgEfs2Xz>ns?&;? z!$wxrX27pt1I8?7FIsJq@3LITQL0hmOT5mO@53;7OtkXKnxV(zi@ytiU#Z$z=`3=9 zhq=91RVIC4%Sbcv4~b*ZI~lT%Z=@5!U~CfnxZ_8-CV8X~W_!%QrvocxkU8D+x3d^? zNKY&nbS3-akF2CGS#E{C*xH>rbB(xyK3~Q+@(_i+=X~8YK3i@x)=M(1M1%sx&61h4fi)Rh(-t(0CA6p~;$r`#~}x3$^!Dz0zVgjtM$ab+E! zRaAHyO6K?oAr%b0#LM0hwvNJ&w!q_sQsSR{u~J!pX#H|?!7d`mrmtuRge-A{fUWmX zi^a&70v%mkT2hLq)D3yYzTEEa)es-~R;eye1d#lOgqA4b8;pHGkkUi~i-Wio=^V5c z40~k?pEC@5c~zlMJ`TYziERC(afe6pe%3PJ;Xr(uBTAejl+Yg=3+i7jns2YKC@=a0 zS%bR2{25i=xcAtxQE&^R+h26f*J_U6t>AlZ(%9OvY|qYLqH#2FS)D5Rhh^n8s@3FfX3B{vgj8194bR0 zGHT|lDn(rRy3QV1H=i-;0OAM7!NvjjwIE*sAuq+^4qW9zM>vz}A~B-BbZKvq7U!eX z$7`Kj{b(e%{&!{@V3PckO3Vhk0WQ4CLM+@FZNit z#0f3v{WBd_?jC2W7y-UbL(}g$GaxlWkE>OJcv5L<4q;M)-}+9)>?jn6I;l|g8ljgo zN6c(yt^JB)(`@{fWE|+ctoNye=xsjG-w}lDM7-B%g?Ur#7FkjxO`z1{*NIZ|JUdA- zI)+uy8{-Sh(h0GWbyEx|PJrHBEF(`P_|CuSawvjOG*9`EXcsSKR&Uc8(H10*)Z`p! zc{tem9<-IFJGIGZU|?PBZW17MavG9qA-xx#$u9ry5_+!lWTxXwer-xw!r3P*c0y%l zqIUCDC_g*L(`7(~qG0mqweXOtD&VC3Rp@0aG^_bO*syOR@4yeY@tZsOZUA%iWEKs& zp$tpUsQt&va$-`aa085(~My28d~RH zW(3*D_tUR$IbtH?350-uFu9 z!cFLR)?w5}S4m#Kw;PXqce+8UPnG#_U)hTSeHqbL>z|MPt{FYa#v}!e3uZ~Mu*hPP zpeUeA(f0g$t&8sc;Mua%WMeSpCo&xKVn=ioi5`x11yX#8oQ-rT(FfZ71#7br@eqs+ z4NPFH@Hc+pp$5v(3$m6Minwcvba7RnIt!guelQD8?azrZieMTaQHJ$yV}(V)kFT}f z(A&6AnYf6i?a`8+BauHKZDxURgexYUw!FwX#X5*}c~Q$cMky(G8cRQC+}%2WgI`Oo zz1Ktt!;dmVKQW@E22plB?zYT9&X0Y{FP)9YfcxQ z`nw?eP26uz)xr2(um^)U+yqPuR8w-jg&)B0nmocU0TqUf0ZJM;o*9(4tz z@;@7WR{-NC5s^hNhalOB^VYW?_sL624%8_(8`yp`(033Z4VU znwE)1F;SdO``YGu!pT9%`Wn`8aHfUpEkjX}gVm9E%TLUw(8*qy{4~ZtR^?roQf4@* zNf{cIqcBjV>H!DZdbmwm)_Zyp0E;48g(ROn+B&=p;~79g+0=w<$^ezQwe13W4rZ?S zdo)irX^I zMHgzr>#K)b=vaKv#jSaIr6jQX({YA&81BiB(a|ZX$$|^LmOMfwbwWBGg1?hHrWdyb z^KIGn))f5_vPCWRwKk0%Rb1iQvhvq0clt^^Zs+hrJ; ztG`G0b7qtlO%zGyOCScJr|(gql36=%EReu#^JEm{Pe?*=o(4{+KIW-2H33ij$jjw? zZO?Xq*B*a-K5}^}Cv|8Px6jE+h2vBIE@A}l$X8Ab?+g(ClUC(c8)yYAc={!Ba4mh< z6`91K=c&%?!=5vvchKinH_J5eKNy-w=LPeF($I81C21$zQB5nDF!!;#xXZT z`_>@5LnGLFGcG}@uXhV=jEuq52+#;6tQH3z+++lif1~N>j|;E+Nx_3)DZd?C1#IOG zm!^F`$d`Z;&h{RS%|^pIN|PWxd3%o;dDREA0X2|BjN|uuGgzx;h*>U99TQ+MtV`%~o_(-k!6ElBxi8YY& z5$EpY9AA5}5}*VAO{i(;erN^BrF=&YlTM#;ddJP>;9hLv zjPK62h%j*+`lGlni;o@c*WqTclcQlFWcr65`2qzjVvC$W_GU!ipZ-Y8eS8dxjyqL8 zAOm&qX`DoC56YJpUI_XKnnmW(`{m8J;9}ay^%w$H^8JuFy@+A!1@ii$p-ebj=04 z0vG5H#?qbb$P8(8zd$fi{BG>U$cp{jsa4X83uo~+f7m#pRPwSR9D;6pycIdR*Q9?* zZNv~y*Yx7OOy7DTohOAod|=97X%HWAx1;P=(w2NKP(KlQu{-{;3-2d^Pjo@_jKCfB zCs-lSzDK`mui$fCu}suHQ!nVqWIFd=vHQ6$)Ku#}=5VbP^XWA`48P8Pa9%&X3vC+e zTwnn$M}QSYaHT=2?T*;tme4xRJ^@tlg)*}l;;P`K-O~o1%ZHsXOQ%U9^p_ypS#%MP z%5Ff!jBdFP?KpF2#M;e3{iTMF*Ey}r;S8a;&QlLNW^j#X2PI zNtYER=YA;))Kro4SC^w1eP8|W<6X8(F1xI?ay%2nQwxt2#Zl*h*@49-o+hMU4mXIp zDSfalqo8-3*7#azT2VoJV^3R~PL$~6gNETh3g0}8G{nK`RQbb|4n(heKa36AVSlSW zN~GlnE&~EV_;KBii0HRD&ue!j4o=G@lMh^-{Dc(ePk5aqj3JTi(?``}laKDaw~24` zNXnK1c3cK0@iBwH2!kfhN(K1c#Y#}2fPXk7B14#_+>;;?b8>c6x?R(+!K?qQrG*tEb>0A-RFYm8{0ARnjS@%L))dEMMzdUtKR%g?E?SyRx3@K#Qfvnl^T*~xsaEI*Woh$ zqB}evX9t98>q20T|1rnGr{IH1RPkdVsx6zP2wV`Ael%V0#3krq^636VXE&qNuY3Ao zFjs&AT}l0C;9Szql^Y)&T^cRN3MfEiV)k=ztCt<($dyx^rU~r1iN}@DL!|Q3NPKd9 zz|LTd=Z<0)6^XpCx5s+z9myD79nnE1<8IQGo4MJ+>v<>Y`rul8;JBe+$dUb+v|Nz{ zF?kA_9dIt~!Fc3gDPA4oQ|IMnYqLnRbJHBWXr`M{L3YBl0^{4$aB_v(X8+MZ6b#}tgnkWsOl#;=gTp5?c zgQVbv)2+jq8pKTSy}HR1vqPH|^-LB^K8Fo)c^RK_isNGTio|B`ss~9pi&&UhzE_af z+{69GGRkrZjqBJmo4AaFgr2%B`!je3` zSYK!KHrsJL%|Z;}0=8}3<*pWZUp}Y;fugnXth1K1;1$8Usmg)t51xfTVc;@2UE0O+ zLve~0Cwe}g!1+Z4hW6$?93?TUr5$zCB6=d|ypz=yJUC7!gKE`z^DYaB@|{!@f3Pdx zs}El86DEvVL`IXw?rOlaiz;3wKSQ&h4(t>PkY7>>yBuvU-imsy-(+qNT^3x(cU?1qtw@i}Ur1O1=Sa zeJ^GSjhGB0J)2HNyXO24xhWBRHE@frZ=OUi=T*l!9*=Q5HA2P(gPf8sJRtKb>eh9aT_aJpuefCQ@oS|%K zTS59VMXz6|E`oba!>Jqe>ywEDgiNn{HVHDjt2QVY>3k7{gQ8RiMWe?&$r~{a;G3lqvM2edv_= zuz#B-(X2mw+av|1&W=O2y1kZor#1y&?S*G@!ObggkhBPl_Q+2ndfFR2mE?P@3^Dm> zhX_`*30<^{Ml*$XB6=FAZB)7NkN$b1_pnm;@_HKnt~42>vfEg|UIqVWzkQm47h2Ag zz|DsF2lW7%aL(afGb7fBhy-;%#ZY>1ln>@_>z9;mmVm41d!~s=HqqbpOi!G#!5YdT zQH)(iETW}>*^3?DsOKF*2Q(7=Rpg1bdywXSwHVRerJuxWkNe8`hFMR;ugvVwGS;bl zf3@BobDg%RBWGi~%zV!M^ScdqZozOt2nZ-!WL{-^x$GelxPOJ<@HC=Z&ssp}CSXv1 z-0^51_NmwMp=qrT6N6vWFFRa6fE0{;kVpHi3Tn{1T}8`Y?`zqtRVTj<&8XqoMPK8p zAncjrYWc1Vysak6jzu+`5Wm?K#pBII$5IEwatvwHIb}ukGP5ZpJDz&TxJlX&LVa7| ztdSRuXR6V|)UixAFsdHY^Lo)rN)GCND@^jOFaFG~@kvxMd%z!VLWrHvY>GGg+>-&v z3QsTIT5uTaUcKqG=^e&z$D~sq=We+9L;>Cp6auc-Rze7mH9sY#B&$Nn?O~k8HU|~s z@q2yra$O1H_QzQ__IoYw9s{)j^)g3K}x=S9naL>UG-#2i;brL-flcum}mss~lFnDbIl z8;`5!C@?wH`MEqtFIC3Evv>1q*CQV7u9d>ro4pgtcWh4QY=TE&x+>jRh?}I#~v2&4|cHh zqVrpp_B)-S)h{q|P zzW;tjJndR@b8NJevf>(c`2Cd_DlQz5EjxRKD9n4p_O^%H2lz$HdoEoHVxxBV9e@MR z?yFEt+Rr?O9--*jqvNwadNFcXML8l~{>$D>Z4IktdHY%X;|hm-f0p9>-{;w9yZ0u= z`t9meH-d9KiDGa&I*D6FIAT8KeqeejO=US7AO-x<=^n$g}b@k zW#2+=tIokl3#3Dx0|n=l17K)k$l8`5Bcmsjy@)8?cu^I;gE>2$OWE7~S&ZC!>bI*Q z1j;X|n;_M0v^fY>QV=GDbkmlI8~PU)RHwnu!?$rHurIOqn9P&I5+j$GGV%-o(+V|B zDP-lD{k#oV1gKHk!N7VR<5GGt<5F}<-es9d2I=IitAulGjA#;F{29X8YfcWVc$ag@ zAa{`}JK3;^LhmoN%7QZDE8$o~{01K|!+p!y5GDJ;^OkW59XsBU5swXv9NxB|p2l92 z!UJe`b`Ax#eYGwYf2p}ZLaCI)*RQ~ z8PD{sJh$iM{JkKL+_~5LRX(74t3(79XlsU~@;-Vo!G33b(32b~Ab9ghS8w}w-Ms;o%|0?yxa zt-CiTliMBXI&Yb7XUmiG)m8W+#K!YZEbr%4g)8Uo2Uq8Fyj&hN*tz4(kd^=k@`3 zXY72Q5-jXS`XtR2Am%PyGb50ePP}MXVljcNV8Xwx3~Nu}*z)jE9ui@o3SvrHqz36O3o3P&DuU4a z8z?E(VI$n(@dtTK_ljTRB_2`#K%wgw?&WKOyjB|%@oHoNy50+nuWkz_VPmnevmF{= zqnpWwbeqy9X~3?V#S6PN!VLYrX?Fza7E*)U~fd@H_|~2 zoCz{b!?^qUWNa_>!Hs0m=)m|Ge?|YQ+}?jvPSp4H&jxhCMk_j$j+E$UWSQHYAJRe` zZ|oVLKqr92KOa>5K5V~xYN6JuMhQ7TClpuhkkEV`DO!Ld zIL#amU8WmA&w-%-geuzExOG*Jt^sGULW0pP26ckW~jxurVL%11K zwjRMpG~8d3Y6TjHGYy2Tu6BXNmv3QT?7}DX+j8~m@E(+fpgAHW!(z;;+W|1YMEa;* z#j5t%rb>}1Td}5OlZRLu#n2bvv%FCIhPbw_=1?^quzCVyEw9UeFyz&$7&IG;oUhsi zZ@d&OHSl6nCBVKce=XV#sPy3Oc%VkE!L%RzY~TK4&$IrAwD9tAOj z-H=`O^*tVMdo2ZTeFYu|u05_Bm3*pg5ILBNO?x)o@c1671-MMnVD(*bAAb{w554T# zn#K`rN_bk4yT+U<9jy%sTnGyNHkVFibKe?$e%^|mU#+GoK?BU%fjACuIY^usNW89O zK`X>RJ8ei&k}q@>e=T-^6&{syrPQ8;Dcdt9p!e=k9v>I%iekv)taPJd!p>6%0s`pd zd`TbX^g*0Fd}18uqL&fp^K2|N<;n9X=4_FRs%}(FL9ydda;5X{zr6ugV%V_I{f-pH zyl0u4eu>WWaNULhjDEeg}=FF#F#F><#Wkd3bg=7~maJc6u<+CEToZUD}ADDC& zq?^m3OQlCQ*|d!3t~6U;WR_IE21%2AugZFi4i8zoe6g);Ct7Y<=5acOjv*BcsE7PS zWY;m^4Xoeg0+I9Gp9guEW0#eEx!^gwX@Y+I_FUt6d;Z`!i=ZWE6BdTzuTdU2j|p)1 zq;_(ORMOiD&__pc*T$)>0~ptP<+5KG4ATQSjV)&yVfZ+w3;GnqDry0()ntdBRw70p zbvVLB$?imD&wy%cYfZOA|jCrBQbrPzd#I^wh0pMIpLNlctVF?xJ<&~ zMSD63y%-Q=+bTV;*&4Ek_qFHicroEsQ7|((3vqWCjmBhk8{^S)z1QWrTt)c_g^5Oh z9|UZEvP{7fHJ^=pLAgm!%-^cg7zwllRn<`PqNA~5G)0j{Z@mH&oqApITKGwi*HqN@ zNC)rrrA*f1?C_@YIMZ(kW4+<}$VNnnu`kCS27&4)p1?G3P#*c5Gcw{=#0rC3#EzFI zPM?SM$e;H^_H)lQn?+VU@!kZ7V{^j@z5=~*)H-K4zs8XoJs%vefW z8M^`nA$=3}aQ!QqR1{texp=6tOea?uN^D|D++JD|kiJQrR3<>(SS+m{B|{gb@3}Pt zp!|(3zsDvx_yF!IQ>_gW0@R+KFz!QTII$;h_rTP_jKmhbT3`!=>0cgiXiCCz2BIo;CHhL*A%^%3J};TmWzIE=*1TQM{RMh8Eyg4gU#=D-$19M`@)36M z>K_rKHvgZw2C@2nc8Qv|qu0}}Z%Xd1=v5Q1_|}WR`bUH{j8{|L^ZWuJP|VRx#Cy@o zYkKxB&Z0IQhuc=vst|aR)iB~4oz&8897>Vkk-#BmA4w#l4f2Res+n&iDi()v@Go}5 z;7aro+dFeTB9-IGg&pDmL0_-0>f7k`=o`$`tB4`(b+#_xnsIR3x0{M4#^xJjwqu4CF6VP4A6DVmfM1( z;k==O@f;c+6VIEb_X|mHAc*a{44_{BE^@{?96*+FFEKGLrJ#VK0^a39g8$J1{9sWI zK)?N%S9p?1`KBd4Bx-p(wJfKkrX9{+p2$ZGR-t(eVnA{D!XBi-F~oZyjUCkUX0!rM z1AKPPRQ2dO@Oi0N>w0dN_OfubzLX_dVWe_-HoQ^zC+>WA)Led*Q zW}-cXJG{ECY!|#B-ZX|}mdbBTepyEId;5G65nXoEy52!m2q&3f52X3cr8W)MWLPW* zg?HnzgwgDKPvUI9uo^uchHk;)v<=blkQiUd-i6zXOWepnH)0RS4#rRTD~Nj&UCm&9 zquN-Ul7^;0xj@Q=L#kjPdb(MbqHl1Jf;>+M0~7NQ7#lJydv)I2%+uE=nJ4dp6;Q8p zE-v$z7WBQ!NN@mI@UwEpGLmz$?E3cD@WElBrlHq+)m$i<0Q8VRBPoBQ-C*`_Z%0}x zO`H_gAQ98C&{?#oY6q&aD3DxEKXF^q=5z=-JJyiw=k7eHP{$h?K!xuuIxZ=6vRG&w z8p2WA-DX!_?+`7``;bEK@q$W3=8fr+J0*4+FAj#ZSD!@458?7N;+J{IeMqw+qW()v zx*Zkmj3W(M=OSg4y~xF?w)Xtj@fL&m2Y(noZS!~9mzma=A^EYI$|_xat? zP!^1AxnDySEH@lkvpe}AHUvB=LT-=3JH9`gjKC2pZ%^g=iZPs~y~F-Wf8=sYZAJT? zi+oq>xv;uqFqB0(V%y~2m!i6x!Vh3n82<9jsZCvJ;HFocJL6&^vz*QB!t&<*^h3f& z*RYGW89t=<)wvb8zlFX5b=_5;C!0{|W4%2D=q0$m!P^@1jg;9`%gSA#04hFUk9?5e z1Oz8(2AS~Dl&W7G_D&c2V!hnnWMKU$p(ibEDXMP0fsc(94;l%pSToU**`pu+UVqww z*H2A|h7}B3gAUJrQQY#Ql!Mr_Kbdt^k5z(O^fl}Q^kH(fW;z`sCg6Hh`4~lFC&;q) zpsGPVkCB1&(Is2>(|Gy3Cx1~~pIILqVOQG@eG$D`$$swKc0j(AhrrW5?WDK@Sec=w zY?(-eTsas9su0+16Q6D+Pots;x1@NXn@C9_!n4&0;zr<4_Ep~;zDY{ARSKP#7IUEu zc#*3@f6rIQ}h!AM$-p2#5qXu6x%~8s*8^uD1qQADIlNuS3*X zXO9aKI`^}wV1F*2QIZb2r_fLmRKm|yE!(wy9K*Ia&OOXkDc^&!QZJ^zO6^pUwb;ni zZDG{YSULsWbHz44cjp#d04IQ(zdyG<6%fd+mt?p*XZbHj$x+D#;NEe0Z{eSI%>70FLODxE1AniQI1y&w+em<=kI}5r%S(KiFwEc z5cNieo|D(09=DXP!>RwHu+~F6zy%si_t|eJ5pYtL+<$hu8lo#DJm)O}xtB|bb@RLR z=d08C@${TPydF3Xdxu{&$a(gFmO<=oe7l38}jGK2`l<0&x(u9Y&ndO8pKIEk9!XN0*EIngu~bT zR8p}D$T;{sQghey_^1d_!A5dQ<9AWXCN*t|Q88iPAU72}rcHnx@9&#NoE!+O) zQAHC;;QO%2*JV5+DZZFPfportnd7hhFrn=p&q^8niNy$g{D}UK5FWQb7+$To5&kM7(#k5!bZZL}G0I1w z(G(=Mjb-3x)mE~@XlHFO`hLH%7&57en5k-~*kYPGzny;hbo8pvFHrS9|Lf=MxT{L9 zc+rS|!q`VGEz9`!!F^G)Hakn4f`E1)UcVGSrM6{Oz|KW1;@rEZfErHA!%p|&#dr;o z)*N3m!_M?|o-QjG;-Q3+-KjU}j|M!D{`ZWraOss`a1lR~psq3d1yMR2A@2dcCv{<)!@n1=Xp4{l5~O-0T_| zxqs;N!UzbYvM|XjF=YXIW<`Y`Id6GlNWO^PY4??G+Dpt(R4AKrSkD8PbQ{Uo@FPED zS30I`t2sFSOA+YqjJmh>O!JvmK?2^|{j1@a$3zoAtv(Aer!^hhs*}erK#d5{~^B zQlJNM;j_ety5ZUFC#;tpfGGZ-S2ll*_gKaAmbIh8BmNMvLn{1pl&<$(F-%hBZ%_f5 zhrhIr4#5}d+2H|=i}RknxTGYP2}u<=6e1CA?KF^d>E=f0c>%M2YnY_p>LEBc$$1Ik%6$;~EtRZ86E5$NxQwH1B77JURH2X1} z$FI$JH5h?Lz!KIQ>mf(2Qac9Nj6kc=2A}%N&&@jYzljq{R_nnu3b)N%4j&eSLswBy&9Ci|;N%DGuMopbR z$~kWtrV#(K-cHZ)lgc$;zpSvem)2^>(-+(O4xTAjl2mN`&fl?$+(e?ux`^0qrDs|H zypx^qsiRb}z8dQ4`ZL{jY0mBXAR~VrCM2ybzAOc>B=vDqhTTWu!Z4yo65Ci<^v zzw7l14)($}v7jW(0!)bFWt520C6wA9=|Z_|H*6opMx>&xtY$ zOV{pOb()&J3(f@Dp3m|E_c=$F&8Em2=VL+IwfP)=pZ5Q#8gJXOY`>wKKR92WFIhJO zP&=+627rE&QgQ?UCX5Pg;qB)N9;D_c4G`Dp5Br=KG^)z4#sj@zoLal>k~;{#|48=| zynSie7BwiSC>*;g#dmp-SFn_$kK#Qsx!XYkYw!t<^yRAniv3DpJw3Nc+wY)ZsC1*D zIsVIwaj5CMY*Ib9lBR2lzd5^;T$6o))ZXvR;ccQ zaqpeY&xW$PQP~K%a+e|%nE4~z;R69BLif$yBTZ9>ray<=W_Tp;zBD65t)HrdSzgl9 zURT5K?MWhQ#0|R_t$hc3LhZUwu2J*HN`-jko|_7kx@|{$@2Z3ct8`=XRc7=aGNTZK z`+16J$S9Foq!>=k9Ie)A_n5-fzkZ|E2;!8?Q5I({G!(u$Y2J{zK}EB{V-TmFeJ~tSB_S|LMuzIS-_Uf_<<~nXoax%nVN#4gR|B3 zBvP~;uE6gzHzPB*4gT}xvwhB1+5zcc0jf|CjnE5#!FM$xlO3_bGB&&y&ZO_+?U45y z(UaYzh-5PHh!@i|BRSTsuA5lNzO0Pp9AVQ0eqanjw^H+a*0kzB0G`wd-rE?R%7J(a z>0NaV3h9_6n9`h_97etJ>62TaVW&{Bd0gb}g0`7>srq0qFl;no-aICw>$#(qY6oFH%gj=I-+)K zIEAk->>((RBr_Gh|j?hYpTukhCkOYk{tML zd9JPzmlk~agmhj$6r&KuSR1?|-RrLsljeCbUt?k{^YFP+_-g4~rFU;cQ zFE1my(vQsf&s|S{ye?XLbjKnV=R?XxV%xR8+52x7lx^T;?b~+wg8)g^98)uS(`Do> zzpso-P-JprWtPefeR7rYFmGSQ z4DXZivs5Q(rjoP&!Wh6=7$^JFiO3_H&J{Tq-;LiOs|ks4v7+aR>Dkfdt@q~=JrT3_ zlI%TK5l+0oM)LNK6aQ9WOp-uVFh~^$g@%m@@FVtoXhP!u$LxoPkkfU$$O*i5=zRG0 za;*sFgX9|bh6t^;ZVg4@e}ZjuJA<73Cde5QnW?z;fWDG;Cl)To z``(}YB}OYlD3nS0XgNticH(gP7uoP|cqRLN`$;M@zp;v(KB8`P31VF%yG`niOEnU6Gt-B>#q+M z{mK;&hmr!1;3%GL8q`-1PmgT#&AYnDmvMWAntWv^pjY-|7<8iCIgKI}E&mH#hxaAI z+NTq)G0-0Dn0|J^sT`_Ws~%(9f$mGkjjq7^m7l{Plj_Bc{h$$LURpzNkFGB?gK+T$ zj(tydRIk?S9O{xsJr;8?_MUgjb}$Vo<-1+??;Mt{1AD)a6XNo{W@ z%iK*}Z-(oIKCLkKLQh;MO@AWe+Y`5{)I!6v|&L-#@l`u-VYRDhp&l zLqp$mo-Bt;zMyyqo@E*r+&*!O{M>!~+9q-5GRlB?;;o;#zt988;zpnSk#WT2Uca=4L_eLC@ z+vwwKd=VoE?gpnw{D&S)aBFWbEmuXOZO=(1hkg`Ws<04OMf;IP#Lu#NUCBfdX9tiSOXrf9++#ohf&cYo}RL})ma?5MiiaQ32MO$M?)O=+$KJVv4vfJDDWS!#rx z@8go!$g>krhxBYnK)U+UCCCVH%hej)w!0fU&zA4;CiN2TZB;hKq_b65vGWP0X^=6di{%DZ zIGgCyTja-Neh;6-M$74*uYadL;41gUBB_a>l1}8&T~rhT?9;Y;lnXM_FPI+cR16KS z=r)RzWITsQ!@;3mWvdW0^n1N^j?HC1b=2Q(U|w>*dzd?UUGd1o38IeaFH9SLczp0B zVq_B&-xk|)6HRl5cg{c^IGlcE&Hw7|a_mCRvc}$nRA8fSExf^ z`Yl$lG$idu6i;k7HLWvFsWGgpawqd+u9pR4JiZu$p!jyaJk#g2=KTSBqN*_oi##ai zZ+Ij>*>QHHZ^Z|P7dKmNd4UzxA`x~0A&%W)wllD{7$4E{OL$ZS=BVnx86t+f1)yTTxNJ}OL5d2qb9W0J$k7zeRAj?KrrOM8c?Oql zuk{j7(1Pe!>xm?hUM+E2DO`1}>mGT2etfp7}h>g;wI$xbGz~XYmp}7$mqZc^#?U!m!EvPjC+})sQ6C0R;m+a zUhYOdSQr!_5dqQ)mn52Gpxo+p#{Eqa400F}w}?S}9==8`=Y*Toof`!2hG&I3co+gA zasyIu`Qw>u)Z?dITJrKwJV{kiS#q~7vH<5Mv{(HUkK{`^&{TTW@y#5~l(e)fc7RxJ zFZZ0x>qF$&9W8@Q)RO)IXN+BR6Cnk=x?$s08#C#}GL9d;Qg2S_Ek>ZN$8V47f^G3e z$LxsCemc>@+;)Afl>&_#PCOYY0-Zz^h#eUt2>E88G+HSX{8Y_DVX!utN8{mh6 zlP5sM!OW~+7pjdaB_%a-c30tbe zN>ZwAPl~!%-*GQGesO$1X{09a`JrF!&_^b^QCSQytY13&z2L+nUeQv8p?-u>YCW98 zEG3!zybGs-PcHyO-%491bbLT6wQz}4xQ9jlb;B-`EZ!<#%v6-oPvA#CL7F~T1QVYf z@QUqlUin;O-}2Dp=)HFMjJX7U>Tj#o+K0Fgoi}j8MZIH zr4YnyI!}CYg;<9;f})lp=v9Qh<6+VjZ>F5a%O&Rrwk?gZ)*v+HLwVd%J!#{2R=Az> zoX9=t&%5)>0>{Mw$~^ZS{pP06FzcCu7{6QZx~Jk}jU>}x%LW#A@~mB#F8bT?mI?@0 zxCq0(>kky@PI86K^2q-1-gLTveV`Q5=4l zFtNf>yD)l=kPq^c`&rbl-)*K>gnnHF+>n^wn$H^m3S5hB@o$v}(su9N@&B?(0}v(G z#S$gHan66dwV4%~9P|`+9m&4teN&ms7WCeYe)LRA61EU5@?d=Blp~}ErBYtNh`9tEO!?((@1!AIyP2r3Bh}+5cyljWdQQALhPily zemHnL0b>dK4IYWT%h21(m%M6Uvqhek_SX+p5`FbvVGb{C+kfZyL zTKE1^Q6+bjti{0PfDUC)eAB# z!wX$9L2$=IeuyI@WkwCWc}Rc)t>)b6qg_eMOx%EXl)e&$e_AC&;A_nyKH&&YGE^_y zT&1XHaNA2+SnLnmU(!%f4Hs1ST&xAAQU9lWHhH9Sp0e&Nf0EsWe1lAw5v600!mFqLUg0A-VwVcrphD`&iB4Usmr$=a4YD z63fU}oV-&AmTa)Jp?m*bxGI~9HpxHCZk^z)&0W07PH?K!RG{yZFFP( z0QL2{yIPR+zklA#4+{^Ezq-Cw*493%D$E9%%?<~r;<%zo2<2Iu+4pneTv#rIr`W#k%diyFd*5A4nGm7QQlu`KFVs` z1DzB7cX)h%<;ha``K9D2T{&n2cdAyW9I+lYyIa?-fSo6l(aKj^_Xo| z>Ji{jN&3_^^{FCfeP5sQz|iW$nIgo27~;tCsty7O2na2Z2U}TLnN_43MueTTklRE% z+@j&UrW?Q61Fb-V5$*^P!5p5NAPb-fR^ghw!ov<>!G6?Vzo3lV5qk>G!f5(z!*plD z=BITQKOz8o?M~qI;Sb_V<1J4VM*pDuKXaeI+=m?$1dBDw_qG$s!j7(i58OZJ3WNd59g{k&;Xy(6{%)y!O+Mp+Y>^ z%B!(OFLu3z*1*V?^KAVPs;OE{pF|HFQm8C;b`i@{N-(6x%Au7=n}!J1fI`kvts%Wp zgh2$L9u$CPU}HzDODO%?eJ@^?tzz5n2%>T5gE0p{dRUt2TYQ~`|3P2BjAyFmT5%9O z&ijgqL8fzBhk&^u+m8o1gAv#ayPiNsJwvY}Dxc@GrfQwatHa|MV*V~?9c_o~pyWKU z*r6xn>1tU_j&Eytw>^-#8oWmI?A>^b#-xBiIElT zpE5}zz}`e9Qpm(Mw9G@|8g9&2^o;AyH;P5d@egK>Wt7S%652vplM~dPqeiZByDX1q zwfXh5q}pltLzUINlK!R3(NiV=e)8Y>4v0nNWo1Rbe2EhH*5H**r)XvlF;aEqsX!OG zl$lB7@@H+CfjwFZ!<%zHTOxlN>a!#Qn8$rcD_S&7oseG9xae=(I+$Lc-t`{(7tB#(jBJwP@VU!AV}^2P7ZAQPAhv%3C>&R_eb zmi87#T5JJ9@zKENu}{3&{toP}_N@QnQ;$W0(TMGxy4_Dh+I5p*KOneKG5AM-bQ3Gj1!u^)ABy< z5gJFxS5WHi9Bj|?JNjO;I6>`(%zQP~!#)w6DRivMyN+)&)jXq`q794L`~v|>dbs!d zHCDEd5v)}Dow24BIb#AL%A$r(bpzo0;D-O;IbjHnH_rC`p0_fzulYH$qWMaAs)6ti zi^X++xExO`mM_R%aMmakx102gPiBaEw;|i>2ZsIn$Z`&}?MQ2wPKmwkwZ^+zh zWRue1?PPDQ%ksDCYSt(`Hb_}n@J_xn4S4Biuf4L2`?6|aXMs$hgPefVI-*#fkc_YI z1B^#GP$cN-BoD&=y3k*^R3ds7K=g(om^0dS+JtK~f1GnUoW+EWyZK{u98w!XI9g}@ z^Ze0W7ZekRnFhTU(lsma{$2gI#daN)pV8||gI0qhYRuakJV8DZN+dBLS}sO7QpLC3 zkF5>izf^f4a6I&+SU@4>8-nB%6eK=dX-Jf`DpANnLr3=quO)rS7QhE{kwXot{#u6H zlYf5HWAdlJBvRuZ!=|DgV-YbnCYOumN+|J(kjR(*7(d*b3i9l9hgvL)5GZVR35!LN zHp_)JEkjI^drMDF+-`u=y(bcp(x7{6BIIA>M?c36M-xUyFb1STmoPA*{HC3d#6d3X zatI2BCTElh9V*nY%rc02!Neb;uM&Cl2dCaZ=oV^nm4EU2zn~}h16IJpG-z1Zk?ln8 z(@ya4;^Jmjai<_wsE7X?6i8?fQYKN~3swPrC^H{Txe6#thg2t_yCv#`}Aie2#A_f>L81q>jihdzL(*L!=sZToVWB9RUF)g9c!Amj!$VB9sM z|C}no>g-@c{?1=N*i6d4rACLgbKqZoms|C3A+c$=3CiKygHZ-`(p7C9NUE3)M2SA% zo$a+NdIq_I4ee@q_L84L#(uNK@{=CzlP5()>QuD!+@l}k4l1o6DU?{`P(OEIM|=>x zdD8(Vqu^cJD#7AylIDjn@uT)@!0APNfQD_!y^EB{RS0PBfe4-nnW4wbWbP6c0Brd~ zOaUu^W2X1JhPe>F+4N?+DP0qWSqTDDK?~wGVWb=+6o3eNqeh-wq-Zf#y{V^1(W*t! ztqffTG(F~R)xV?bgW+z@!`u*SM?R zhb&7U%J?%{{yyBbsI;p`;(J>a=jWYu0sCZQAuK~Qs;lj(x#ullbDmQ2f%cH#t%P!N ziT@4lgCZu+-ul7D@T+|L`5&sL&nSs!>SmLFmK8hZC_;xj!3H$2|72a@bPk(B2|ot9 zYX9J|fT;BNtoY$p7_P^!T=N0k>Hp7zhX2a>mcHIabu#u}%X`)*;ex5rrQp10`IA)G zzY`nC?mZ{vnN%2B20e|5c{r9rzV8#I|1JGW^;VWD{`1=f_y0O?``@}l{Lc$)C%}}6 z<;9`?Cz!t5AI}7*7GSby57yCd;wm{d?=Uct>6cqfSJSl$5L`G5bVH zMMVWHD{H09^Xe`G?*nZv)tEjU7Q|jmiK7~W+0MTU}|HneX&Haj@iQ zzvnM_D?$2{;00%rLE=DcGXxUYA-Eg!JtP%E%Ccrr<3N?KHb0@c&JxWV7^ zv2qFCTP#}<``?)Z|!G#}CeNz7H zIJ+bYHYkB7)-*n>KB(ashgbiBLvn4*=zXXGYItBB$s*8O>MDVJ>Ox{{v4-F}8}pYe zD9f`IR4V&a4KC{l z3_5+=iL}6J{`W@Lf_baG__?#yrqPkK;7wVrL%J8VtU07{a1m1OmNjKP5UF*e#kgO! z5+Qgb^$p z;-25)iR|Ks5pc6qYjfwz_Bv~Ss`D8$Gf07LQ~-eJ>UcOnM8S-?D9rNzVeXwDBkP`h z;b&%II}=PYv29Om+jb^4CllMYZQJUggNbe1Nhf)Gp6@yLockBt_qW}>wbt5IwF;lA z!dB2|6N68*y18t8uKVxtI}I2m-V@40SF!6;W3&Fo#lxeC$;^%cYq$V(qbMnJJe2+G@npqoJH;lYq zjo<=-p74=_iQb9Ti{30k`k`!ZmT_fDGIS~Antp2_e;^KreoPu6$bWsAT(c<$pY(po zkY+6kQl9TOk6jz0+vM}th=;ua!JTHCSE0_ky|-46VcNC3cV?5sj^+PpO_TC##OayF z?~s?f$JWjQUE*#=dsoQTc!vAJWNyNN&@DN@6x7_drkyOI8BdOfzbP~#kOb_ z@glz!cGsm<%NzuIuFWgC_C$8G3#R#*Ao{crPqrcSJa25*+~;)NUn|-)d`e-+TenM2 z11f58!@`V1a@}fHnGO$LO5-C(D{ABX;3!A^%op@PolmN3uCJ^*Zo3#0?jTIi^_%D3 zrCt=_DuVE)LxID<)u$siD>U*Jcp;sC2AqXiN09PA3ZTF%Y_ zHLfvI`)Y;kTCE=#MrdN#`-RZ>zC7pZW!f_F`ynrh;J>IP zup1N0J^Hu^AG;r{lE-Aa9!(2km3EfQw;2ewyPj+P^#q`zqBcQN!;2R|yDF0b#%UC^ z5+i(i_yWw?IR<=#$NO4cOtA53Cr0Wfj46{B-0 z><7=0^%eZ-@4V#UbzC(;NN4fkyf}(+o*n%rM)s-tP zG_jcV8=8BR`BB0yTvu{#;e5V;>!6i_?^mJ>t80Tj(MAp@t=9qh=6T=Wn@7TUy1p5Q z&IHTxDA~tgH`yP{|2A`6ARG#-_Fd`lFA&NP7TXd1U#G>@CImyic@;K3zPBWFhv`&P zx8z?8VqI-zW#ygbeDGn=O^Zqjy>2)dN;0Y~*<`(l1O}Dez|h#yG=Y67i76?@{eiGI ziN9Ea?VsUg_aR4V*a7-6MuoXwStF1s{Evgh>jzTJgNcbT-m{tauvPMBtw`eV!uQOW zt`9zaK~f^!~fyY!g|ip|*yPf96rdMF4C z=DC=mfpgt1oLfAKFViu`pagp zk7-M)`Z1LY20-0V(h%a0E+1f1Ch|TuiW%|RwmxBY+9>>xJS0WV@DTPTOLXk#v+vO8 zz46!x%sF53dl6_m)chpHwk)}Ex*RrgPHZT>SexT4x5LPZ5)|LBKDNkM@3s8pVX=iu zAc#Spb*smvQ1E-}*Qa+%I=ZU+ZMgqPBt3W1DeSl=?2kJS-b*A6!5 zQdwCc?0GN+`jCtvc83G;KWt$&pe%+6C0uon3)VH|gg-$7>57Fb)cSWF#yfDXVnXH`C36&Mvk zM2ufj0b8KU8ILn%&TL~M!$q`)!|o6-C^BJ&Ht$vcH+Tg|wX#Nq-z|_Nc^-nOak(n0 zM)M@VKF(voI~#%si>6mX>@r#faHv&X$7zy{;?WKL@4L2oz7aULtx?(VS^-{9Z_|sx zDSufu6kt5<(-z#puV!y_0{k90$q$?u`ltZZBf#KP0U~3e+n2!L(k+MEjrxt#eQwF5 zgh{xKjAUPX(S6~K@dw(&BhocC46}O}3T3BD%^IGKS2fs}D!33opRag#=uBq4D1&&F z_8#ueiBqp26F0q*4P9~!DOf8P94xu)p!(H~-f7pc(weGgms;Els^4fsWv)wii`eEK zq|1kLa{5i%pAG!mZI+pzzhHsNbFeY~i**rNfUMH zoPO$ z86gg24+$aH`${iGm(_}|f5<;wQ$SJ|VbkY$b>m zuGd!f3%zYeF`ian9F}USfs}smrC&pV;^oxQd^P`BS+g8y-oD4govyCC&bY9;?DxK`Z2m4^@cbvFv$YkNQht7uD-hMX7T6^ z_6KO%Lk8yp>A+x2>sR8zX2kLAb!h85!->@+A&qIILV}f;$Q#Nd?oIz^yUoDj*-sN* zCw$%==O`$yBxV9`--aKgg+xw>BinBI3NbYDa9IhAA8bYX6E1VzBHVL+>?*9}d@r>Vw9*t$mVbe0S9Z#8R{AxI`U~o49^J>!5amx3lOJ9h7G>Mlr;+B^ zeu19Ww!?|wm0NG!zIp0>Fm}Hk5Fuzh{nM?V_B$YieY>hG=X=4rbLY!`iu>y` z6-??Y8&;K!Xi^8p@@r2YXh5-bf1Bs(NSI-_`Z|lz^#H%~c1eXaoqgx@(g}rc`;+(e z>81NC7Pjwt-IoqmP;d#wl<4eH$o0;uouRFrLEn_)UOEQ2CV#b1RRGx=hd1bo*o0iZ zzd_$S#!bH!DL6=Adr|)}FMRN&ZnFDM#`klN01M3KTO(2i^Uan+%GSpc4}33m#e0mO zZDmIUZks_tM~5Jph)AIfg31}xkjM`Rj5s;Woyq>A=n0(17`9hK0$Dy7saP{q zrX-x5-5Ag1G>lev@NF2lCLcdVz=KC;WolFWqi7*_-fCim+_|;&!N4Mi!1;1I^=i70 zmybG8C|Dn-#>DTZi;oddH z8K?a{^OzrIRQ#O+P<{yr#M#wL%BY zs0Zu(NeNpsa>$_kA`e2*_4UkIi=VZs!7hpY!wU<{e+I(ii`m)P59)f@n_Vrc_V;3p zi5VzfyGIUNrbC01)s&51RH&tw&d)?Ov9CKw;D|{YciL|xrJt$zpo`|V7N1{(TB0a< zigt)CB9TWz+C=+8tqY?1eV(Av`;^Wjq)zU%>5il`{2MZSs88yiT zsdj{dz7R|arBdch1q~|)@X=9VM*;;AT#Td_4I8v5H+%0YBet5pdq<38UU(V+3*lk2U-v z-&#I9{tO(Q4zI->?4rigIhQf3QzRy*OUOh(auxFSudYQ25X1?fwpH4IK$XY5cxqiX zu255>uN|S&kCCF(Nf^d*Lxz42rG4HlRmix@Txy8>Hj>W-lV>u+BDC}selowRv6l({ zY)zXsl`*Vpq&gof|DpT)PF2Uxq)$;Od^6CC4QwZ3brMZYi;f0w%+Vqv1q+l>7>I3_ z981kEEM;6cHkx&@35yLgAjLT99cyX{~04xUVmaA|#2eW)r1J<8KDuzD|)>t$cVT!fAxOoQNf7$&gp|Lg7`x zPw_vHnrsknPC?e3s!Oychsh--PtY8;re;Y6m!8cp<CM1}MzX&X;(l%x>U9iw8)q&(IS2|USm0$J zDh=%?Hl>1V7gOn#5|0Z=0aq|-bAMXQb9u}LcU6p{r?XaOqmA@jrFSH2`q4@iD6#hG zfIw(j#qT7^#-b}>b zWQ1sSIX%+x#+DCMk=}8IGAr)zR~iFzn(>9?B^j#4D)wKt_1(?abZ&m01sTlkZ~Qpqd^d@ zM!;}F_nolqiB)HegcY&D&E6^1&FlTjAW~9t=F3-LYNx`W{9Y6q{H;BlE|h?LPJhhm zqr<%vEx4;sY-*w{eNGRSYLWW$-ioD+t{aq>Hs0y-YlH=f{r)VMZSg_4{YDNm6_`OE zznJQji7_ep`S;X`#e(dY)CqASjYG}mxAX8P4V2!<5!)eJ$cjuJuv#Vob{zO% zoE^81O&2BQ7j`N`C5YB+R9qaQ(}1;ld7LW?27VcNji=M803=U@lPPyykdRJ9??3^P zG%mt+o|<7`P|Nn)A$8r=iiLu8zN5=(8s>V zKZ&x^ayysRTO*&M2!jglqLVyCcA^?eo@g~D-N&hInsdB<^1TVLQl4S?RkHDt7)_*i zFlO-(y#UI%Ye)6I^^KQSR!nBX7i^q6Cc7;QfbdcNk%xNkd>PX-tT z9LY4$(O~}UET;>^L}Vk2O6pWg7QfxSKGfg6l^58*jS(o+AAvg9MsOvzjb4!dh?d*2 z^CGJf{W3O{&GNcneg4iz&1YNLI@|dLj-n0+ zRp!mE{)DkZ4SZ2U+E5jCa6EuZ!1AC@d` zB)a1xvSJc6V=dVr3w6d=2zgd;BxFWM<~Aog&;Af@x0qj7*gLrFHI#HDXg+FMkyo0a zS80OYf2aZ9<5M=@BDEh>k7vsG7l%MxYnz;|KR`Kxetdfok)uGc&{C`H$5sxB@;h#o%T(rm}$XF<^c0;P7_obQ3kZ zGu6<}N7&!zpQa2KlLHR@9peh+mq-VviT%8VEX(I%9leWhWBqOfMuJkppP6H(pUZ$a zOYNV5%|F9|S7n_7g>XQ2pYVmbo&xzGnGK&4cpdHF1Wy}iXyZAHl|$H#ukR=q(N@*? zn`4E?n@;Q(#TMTie?4iW^Ku7Mys+)B#L0RK_@Ro+>ywboMQ@PkoBSb})a2VoM6y_A zKEMC8#@UcC!ysRL*+F=1KL7{fJ;a;(N;5mn6okW);xs;-?JwWex4WJZUT?N+rY8Bg zHi40;)1}FGE9`n0a{HWWsI$Tq6H{Cbu1sr&wo^^UvrWqo<(rc%A7yIaflJx(r~Ib+ z`XIEWjA=)cz*Z%qQ|OBvy{)^~sYla*0bE9tSb}pVpE$#;)s_Y7WB1w1vGs<}p)URE zVu@XgYv;|%DYzj3%ljKFK93Wo@P2rt@3t^EB;NDUT#dusozd-$aOAryFO$F|#byaL zRm!8&kqvJgAHl(7+(6k$a(}Hqa96*FK4ek!x*z$n-fx1lJQ8=jwi7*LPm-PlpyORLXv*q@>(O zqwUf9ju8%%I_DSoAzB3mqT!+mSzy``?FDLJ21%G+iYn~m1_p&F&y2wP31H)&V;)-# zmPW2R-xVt*rT>WrH)ZZZ$&tD&m&EuX{7Gx^J2mtoDK9UAfWu^=O%^r%$sakD3cZMF zg`plTi1yWpe#>uw+t>aRE&E>%%*pE zrPHZq$1DCzA>~F6YlbU>yuk}LAv(dC$U0KM*FPO}KVOj!6FBsH=hO-Vc9JBJvldd2 zq5?Q;KRAPblQt7b?8S+DDvXbZrP3^ZzeO8SYWfp_fPS0=j5?Cu!$~UY3{35DO*|i& znz?Md_P*26cLjb#p9|R>&s8&9_8*o8XkXp`xja%@OlT-EVzRQSo2R&XI9ilwt{G^R z@7}3E4hGj1&@lViCK3e@#NTwom?7QPx`UM?T%C%G7|R9jsHh;g9v^y~j&mX4e()s- zct*6d`2^O{q8f&8J3BvO?ia>pf`o3lhN{hqhLltH{R=EOsf@E^*|jneap4?qCiwP~ z@!0Z-5(Yb|a;|S^7;cAoa%yQ#(iyYabvo=*ch%93cr6fE_z5SQEq9;x?TM?rkW2Je z8F3$c!;$rTqN$Onyss8Aj;tPxUNX5lXV@Zv0vTdT{$Uj*$PP!2{J_q8xO>o97?(%v z+er1?aUI9g$@xs-h1PJUs+V9O-NBNt-0&Xr*}h^U!u{b&(bsxsTu1tgt)dw7>m!Qf zr$zYdk-k*##Ty5r^}wj65*@I;aRD8!FgZ514F*}|Utj#J&cMto3!V4UWl)7vkz^t# zLUG~F+AmRAShx+>m^r08yw49RI0M$GJca+jv{DYm{uab-DwHrqTR8E7ekkin@&ft{ zR|QN))f8I7YSVm3x1T@jzE==jtB{FT^3Ch-la?x|rE| zbw_T76Al3}zR^&~B)e{d!p$G54>g>rJABjnGNYiwR@;&%OYC;OX`t%cfic1~ zXgYLXdGc!Q9@VRwP+#mBPF;t0&I}BI4^=vojOhXc;<}T=;-RC$c)mv0v#NvS`V@3* zm;qJL{@rr;oUP~u7Lko`6@e9Q|Ge|}GwAyXS*xK#38o>M3+h{ZuauOoFF>}}!+}!R zlFVq&gHXNN-$}EOBjoz$V*5|UG1aUxt4!dp`maPY{c2t_9h>Nlwz!g~7jKr@>q$>{ zHfS}OB#MXQqa``{avBiGywf@C_Z4u8739w#{(Pr$#)I`4R*d(?Gp1kI&}>G)lS!4I z%ebojmQ(8zJ8SzGp7-aI^U5V{9yD=J_?S(n?BvtR<5OAMOfQggwE0+Cs>>=YREX8g zkkVgOn{Lv&oL{KHg^ukLQq~?u)!CJXtSS0^W7gQGAHQ*FN(-$mux~Tye(ST?Uq{Ah7~$ZHUjm zbza@p(?t74v>TcXopo40bE0KY0%BO-z>@bp|L&Kkr>9b$5M-lPRokNqYMB(D7lQ;1 zS(|v`KG=hHc35(>M*Y>C$Sk}lN^%*uiF}}?Qz#={uk}buHzCz)&qm^~q^P27p_o4G zP~M)MJ!4pQO%pT#7b(Pw89_xr^np2ggDs9PN06WGac<3KW)U{1tb(px8^)KMjmaeQfT+YzbB<4v_XQ#a4RXy zdxPJWSpKeG7L(rgVkzSro6+tG6)sM8{&otDPE#O|@@6bgN!eG2w}Q@5E% zdO~-WziwUFGEm>v2LVlL2PjDYG3P@ z#W(L-H)oDB%I8W-OEcL)(>Tj90eGrAp8$h&enbQVziE_OTnP1ib`kYFOfkN6G!Icx z#DRp=wK!^G3Wk5!OdvM=nvm-W>+3?hl+El9dBd%>+0cRuYE|--Wnp0+od956q?~ZD z9$i=AN(H8{G$dCO=j%!nbt6E8i04yr0@pk!JaWy^iQ1jbb_)y46SBj?bw-$1~+PRj7?6Ge6Re(|4_|(!kxOP=a)58kYo5n@&@DDgej!sv4JLM zN>$gHXnnTnmpb?df2ROg?|CZ+vQisROoZ)1$s}(=X;(u|V#V%`PfHd_UMS#v*G{Ps z*3M%`Rh0&ej57#~{G$I>inB%EugPuu*MM16Bp0E|Z*2UkI(X7Gb&&E|^#;4v`?EUr zE01C|=45b6Vy@87iT$fM%Kmh>VQm-*QG7EKlYAsAsYNLNGXc-&U|FsBMi+iUKfbI% zn*>v=7B;$X_*u285sfYp26wx<8h0BFyeubV*}lH4n;(tHJ)^}>*1+oxX$B@sfVU$n z0cRU$zBCtbl>u?T&0K$bBtYGxR-a;~RskIgOAr)o8kxbEW)q+m${isP9@|joRw5<= z3D@M?2!oif03%LuN&N@8mQ4G29^s)8sRU))(WOsp%&h=UTpd-6XnMj(7KERfIb-y_ zR*mJw&3XhRX?J~+QNwI~Zu^;9ZCJBHd|xr=QS9FQb&-(ypvldBziCn8(PkjwjVIL$ zn?(D*pX{8NKoxh3Sj6{rfk-4vrqFV{*hE)gbmX#U&9TvzII?uK#z zam=gheN)40!e?qkkt1GihI4B`_v@mRw7PfR_29_d`VN$U1IMaRSw#A3F52{WE{3j~ za1_rPCZ91V<{(CAM>q5+*dz%Whn#6|b|gUEN@ulA15#I8lPw&f{7W>#B6lR-a@-gL z^7gU0D5rSOa3YuWnEGnE`O>Ndtu-{w68DP3{vLVv%a)Ix&%JIO)TBqDx;83C*QmJq z?KETr4A$|>Y16#9k zAX(4~t#8rDjprGpCbIWg2j-?vfe@VbH=~O6KXpo#OOT=u97>a2 z6l!!@e;4?XeeTo^TAHLdn6RuSFE(y;D0c1gglJv0zjb6SVbB{8Xoa$Mg}P(UR(Ys9 zoX+bqIVin`t^8pjfk@=6dgL_Ag^ejn{lNNjO(S$7{(1yZuZ$zP*y>J_PN&yCeW-S^bN1$V6_v9>R5(M7GO7}&os$*+bDU7OAhu2c0hn~LK%E_*n4icZ&F})Xe z8^V)EG1WJqG$Jf;{%2s;1=dJ`Tzt0WAjkL6SgrY5)T-yzkxaNT86%Kty+g57ZVZ<% zwa+K)0w79Cte`;?j8Mg^(JU4E1ID0>GLbq%=Dwp)`SX$m<2EXaOxGx25T7eZIVl~& zlRI^!VK_@5c!n-j>iuFV&5^6sn($dpPbAd&+EvZz;7V{O-f^0fs$T%Z51Ry=L4Sm% z7LK2|>PCs-W(H3m?O~dcm>01Ss}v@xGNdM>YxI;iKc9X}pALgT@%taGFNerE!(^Ng z0wqFnnY?mZ$4}OYW4Rk-!f=cZ&Z!vW_8sSeWdDk7yd#705>0Z zTOp6rTu?JdH9}F7MQyDhQ1Muh0WB2pCdE;K#vb7(C0_;L)s%&etrz^Q$(puHvc?Y7 zQQE0)RmUJsl2DcgmMnj3BGZw|lytE)K;JB)~7UEPI*4*t2H~_39oq! z``av$RlS;qFq2k2@#@3{>UNOP)X{K8gokWhbg;^!fIUQgEpjSzLG&W@M|f+Rn*_Sy zAL`wvL~pcfDw&Q!Xoi@QzR?!P)(KxqzRKjn?EF?q!Z;=`BnOakAr_d)bur}|#T^uv|G#Q1^# z@3Tby#%T88{@)z?!6r$Wz9$_#>6l!960?_lD+#8C6OxVQ=n3v<=93yU1-+1QfK z&d$8h%Kx3izgNAZd3I$lEouBMzhuF>*6A_lZNrLNNPpez16Wc+~3Ekr^3y9JXt{i;F4X+?V`$tN;6P zAhJX~CDB6a{Klga?~|UC4Q0sx^$Z-*NNT=fe}DgjFvUk|In4hx42}yIBNfa4`6H3$ ze;=#7zrPoQ(V)!C%#|giXk%}^3k%6$eE3X@o&K%R5CGTV-^qX&3L@#6T3RSLI3BaH zw$v4di#^@l?YH|O8+hg`)JF^$Q){Ry{(*pi0PCA^Al*c)QUDU(e->=d@0)1i%JOnt zO3GsjM0vegIe4+hdVUcrEY|1)g^~G8_(;GD4<@Y8)YPx__4R+p_b!=;b&xL_0S56} zUPn;;dwy^hz2b};Try3(N~`JLi>UrsHF?PI^f1eT^98`)?t>U$?rUo3CoeC5+avn# zP`*$StNuNQHn!g8GpX`FYqlRw>`&d{_MeaS|BeX%FX9jHfLBSvt;%Zf7&S+f^6;o-psrJ6%g_ObOqx{H(8eSx zkG5>xw}ih_78uVm(+X9FV{WZ`M)z#2lAcU&f~iuD!IhUabJJmGPv68Y6Z7E@@(i$F zPySu`MvKE1=rHGslEWZcE<*g=!Ial5X*`!|uIYWp4a*%Np*nb+q-uAwJX@97YS~#K zp;{)}ZzjrgnI~DfI-kx^H3Y97N#+IZVF zt@;Iu@B)54;_Bd!`5|1jRJsaLM6A>lUPYytHS{1+C)(T}O(ky;c&-?cF=%RtJ;c&~ zu(Y(Kbrw^#Q*AL35n;8RZ4~mCdL8|!XcXqP;B2!EL;MiaS!-lXtFpnlXE$)NOKL~M z!m4idw|iXlBUxtqr9+vkyh+VJPn7D!NSih^hS|DE6dPWzFA@>GuR$;;ci%=Hq`jV> z=btNAJ%YT=Ic$_USgvR2|CA}9>ND64UrLcLTZD8?l3^igj9%#T7y0$5L8z8bWsEb# zl{o%0AS);16Zy~-0D}}}Fj4t!EmUA)#EyZ8nhCE9Km#naTe=41ZXF>c;&O)Sg7MyZZ>|g?2l=YCS1WvwH|%FW>OcG<2rV8|!2j1=W_(}DQ#}9shkRXTQuLuwj!l@{~gDPAP9qI|^=_a601ycZI z0&KvP$WX04oJ=zY7I}iFEtC)T!Oe*|izfT2DHMLzL?k456<#2L2sYr9(9V%e`JDXb zj_5=uj@G2~7~>194V>=ZYf$ox4$rvFml@&5a}1gdCtqQyzZ_HW??l95lZ&d!E3zT5@(;H`uDI$jn}n|(lHt^KYD<9QxcUrQ^)wp(H=fM zWPzNQH}Yx))!EmDOPt<3z2~3hqMH4Hn(CePThVUK`oJi{<(uu1Ij36VZnPmpP0bX7tvyVr;Q)_Ac(`e4kVD zKj-UF#T2%o_D7Vpis;VIjE8pR_Q;h|xg|7KEib$R#b8h({xoisP~l&70hJu?w(IC> zNxBm>_3C}K;pNTvU@XR`5CYhEIB+N{)H8c~$VuaJgHkS$F`SK|X>(^yjy(J9tTt!P zY+2`qP@sLP=4{Piqg!ynJ6%Ss`QjX}a*uQGO@XWOC}JJUE&-PQ7Zj$DS%>eWN2C9l)Xx$1`lDnI`7_hbIa(YYO$!%J)c>+xhwV2oVaw zlP}1VQLC!i=u(wy*+i{6G$Vwsx&8Bvvm8X=QtsT*C~z*~uw1Dp9eXO8`sQ4xG+mE! zO);-*I^JBIPuA^~4veBN@a_f$mf};-RBF0->)6oU;)2$5CF$ z(W8PLH%Db)NduzT5TmJStac6GPr{>-+;^Yj`#sKLf%#*HOb&jeh!rrssz36~Du24!fpozi-E@?>UJJK0z= z>p{7FZtB2!?Q?X^k&QS0tETSpJ82`A6Es=?oW4F7 z;8_K-8{ToqHCCYub^*lb^<;>}qXofwVo{x|uhrSvbUI={lbiAqX3~NhYkE>$5!78j zfzL}Oo;JCFlax-)I%emo>2=_YpGr4C5J z6^!a(vT>%rn(Pfn?#<&P2N@}8Y+Rh8GoW)Xf$9EpN3;%c$B$68D6GfwdkZZZ6uhYD zwMfbXfmYbXl#{KK%KlViV#ZD;)TFMNbmt?M9WLL4&+0Ci7OT?1ne-f94!fsyct&(KCpchI7N2eRv2p-9k9N00tErFCY!6JkesQs@TyD$|B0F}9dPKD^@&vs zj=3Q9aSMuf7`enRqeMu9R(Q#bU+)1^5-b{UQb^f;N>TQ)@IS436QG zm?{AO{DY~*gE%boMQl5VIB{~MUmo4cX2LqBTtp#IKgbh73b{fpNU&zj&Q%J`jFqJd z@H_>~N0Y+A;WB|ni>%b9U*n#rDC`=

#h1cF3p=8&t@NEau#5!M)=%gCBSD-cdQR zDR&j%gSwP$vQ}&YCTt~1{*~!L#QrZ8UrG{zZ;;Q=2X)#WJDZ;y6lmLvNf`KAp3-lW zhoiAFEDBJHAtCo*x2;fySHEYoMJV60b+wwgsDqr%9Lf!Z7%o~u=afdI_KjSDH!{B6 zE(mFoX_;h0Wg^6Fc=?J|b7|*tmgsp)Y+V+#*sD>iXK|(oo%3d}+J$%J2c}v-b@PTc zFgXU9;PR+#Vp)a$sv?`u^8|nN#hIRhOmrqi(D#BO>hqc!fnaVF2)P*|54p4UDCN_! zcWFq-x&F(eb_Z@=3Vz>AnSb$R&x7m}c2vOXkU3MH64$osJTx+u+~11`_X!}%f5R5s zP|2)VgK0Zw*y^;f4y@qD`z3n)AHxl8Z1aCvagIU%=S2MfzmEZ%o12NTu|L2CGpLgQ zo?2i^0T7ZWjJ+(b$Fa+Rf4%eh0>wU1*VfixU|=XwOD!!ezeb6jnt}r~$@ zKUBF(&rcuWuW2ChjvtP=V8Oaj;8miL8~%~Hv%9O=YEQ&rw=p<8EQae2)}X5uD&`Mr zcw+?KIWI0Q+MY2|7tvEB|Cj9$LZuS9 zZ`7*gfqe$G8|2{a<%2(bE0f=cyQcf4eA#||QjCj-=N6phISbAhwE9zO$Q}zO3gYM2 zx|SC6sZ1{3m!kr3+M$AmhWiJ^i8!IpU@VdF#OJ^E82~Sw(`P4)0tNvAr0V|yF1we3 zXkuYedSChPlwkRvw!U~iUifT6SY6Zl?mK~Vw;BlExS;}O)>w%A_RlD&ZT1@u_1`2( z_mc!}#`N06JqZ6Q$2UO7o)A^c$J}T<9gVa=BI)tNvS@FA zKOrkC0I;^#+M*_{r$;cE&N{fUG36;nOeFx$-VCP5@xI~kQrPsmUQbBP<5^DQVg!P$?Bd0=rSE4=Xt^_`4_Qb)_b;t3{ z#nbsbG$JD5K3qh}H}*f%XL!`keLoI*VY6y#^OLKX$(;x2dpuEj?3|rZ`XWI}>-wQt?FT`jCoQv~bd^Nm8M*PDX;IY=H#Pksa5caN`+=1&wmes)JJH8*3cIrdvS zvZrZi&dVIBH^Uv3d??0zx0lAF(Z(PaySnE@r6~lF9KPZCjN{~p$BDP8951&TO5Y4Q z-G=OE643fSO`01a{#diM=EAODy1>Cl)lz~^Yn&0E5~IWJjb=4Pk!DO^YL4WeHVa2Y z ~>VHu&~djR1;V$SGZ3%|*D8s}-6A9j(`b`0DixYnwaYeuqqBGVv1hFe^GgvXbj zp8kNKcohhy*PXq+z_G&i%UyA>9QalcU8-U&D@GmfESkd zS03}e!^0kxQo~J^xfHlpbbnaFAlZAH6v$3A@OUk5chEe-o4u&^W+csq@8J;gZZku` zudgfr$<$0+el4q~!#l}kv$yQrt1a%{E=qjygXqKUjo06hL7sG6>mG|#ck9?U%j319 zi5LnizjKYNR*vL2pB|;>@uzetsos!I5LTSs;{cED2#(Gc&)K8@r)Xu0C^*`urdAD; z2bm-l6%|F-?CRRT`+Id(n{HMmLQJ{ciY1<;Ke>X22FsUE0DR}|D1iQ2T`;_)Hsv5B)jBCN(YP@jCml%O18C{lHdf-tubz7erECS)FUo<% zS&VC5#U5N zS5&Euc=`h3kXX`K%D~2t%|gT^T@`!{_6#7!l*#_eec>v!VvShtvLvMPhHUqT*{ACk zqv!VyJI!_*OvM&BOAMUoDzUEz)`~J&Ph=5(dSl^)Esk?XLg%r7B^bkY#}%2+9lSET zCrJH0i_;vobf5+z4!(3vWdVbmO8up#{qL`?Rog1X6qDB4$)8w<3HO6yO6D4M#WSUT zuGMRYPQaq~7+;sG?zIIfwX`Frl^v$OA0N`{fY1fbmqYZ27}4ZxjD{=QM23o#Q_}!V zsVtzIIW##PNfPzYdaXFY3GW9V=O|Iox$^VHfE`x~+IYC;X1&3(Bfa^G0!MywXh5j` zgd+dzoiP@J{&;t3MJ8u0beA;b?=NdrdG!Xgt$?SN4a1G!rnH+4csbNAWoK39eTT|R zUMIBLY7B<&zk_rDjRn3xBUWG4{l+QgO6m?u=FfO@gjN?2YpG;R&riBI+fOu^U%iq+ zHjn}S=j)%9mui#RI!$y0hW^y>n?K|yRcd!dojzCp zK{XXsc8`EWFMhLnNsc7~Y-aRmZonrn++0InHXN0xR%&*K(X`pJRw!!@GN=yPq4()_ zD1hw*X!gndal4YYfNhRiw>PEkoQB+`x9Rqz<%e~tJJrnPc6V|o?8)6xS(0yfq6RV% zrn6`I5Ej8~h4C7j9oDUwD4{2#;Xdbo>H=7ZzR;D=B zPR>p->ceDwo1)LW{+(;Oe0?Ip!na6v~XUP(!t5*sUta_US1hIJs6+LK^WV9 z&o`!>ot>pRZS|UVlz76=Pfu%26spf?yoUXOuYUrpM#;Fi_N(b2#sp%NJg`-_+Vc0C z!8wf$?y7KuH~ZsMEA;h8{QGWp!f9mjA4G|6{WpFzxQ-1woW9(_X6po|6Qj@?_hUSu zdImwAxjL_9?rKwlaG9t-ex^vk^_%O#EPhKnGtrLoT?21};-!=+WR-qM^2zvrPY z5*Z}3=UoKC(Pq?&FRpKDLts9CFCU&S(MdaM&g{>z#DY$mLCbL>29|?1Llt;e^eP~0 z_xql)5nCVckeTKUpjV;5~yf=W)VzHY=wx3#|!V(#ExcZ6nc=>ux ztJ>r!uztdLv;8uyZX2a5xO=dd-bIt!6paT+F4QN>|GcFepH;FgUiSugLT=k+Q}P( zyBVEk>b#wzF|kA6c~VF(oj;#h=j}gXOYyKcavD13bK1rEGZbYlJFz##+sW(+;bG2EXXKUGns0at!lBi432){j z+>e?W;Cgry_wG{KYp~zmiVvFraRn2^@bxW2LuwOFf8eAT^jtrf0nn~2tBa{hY7 zD*t%d3p5rmc*EqgGLA;kNqBxwiQv7zf&XLQIdsa<1-Rz{^@J~^PUd}i4U=!UTf=qH zB>qTr$OSAZ@!9ddVT9R&=@Z1_T$4P$S7YWtrHI2^I3$MW74mUPpY+ylbg23Narahj zZM9vv_S4ehh2lPim#8Qm+6@!$fns5p1K#7Ni{cuOD z#h%RHJ~8F6#VI75OV26t@~3m8_Uw$Y13DmB*c#4x5UMg)bM!CWwGLlxXPr)=qeA$} zI*@6?16rAL4Z=hd&~dE?cy`31Ak}J``CIK9a~c9my4)WqS8+cH9rd3v-&@JHiU% zh5Bh@zPHTyDxuqsuxn{ga6#B~r9;S9)?obkc9Dw33)*7{y$Pqj*L`xTm0AtjIy~B8 z8ENBkhflEA#ILp`zKU9$x8=wYk?kQ3#S%Wq1gzey3=m&&Kl^9u7*jN`U&SOs&LGwM zBVfZVa(faLBw{OROWUW8i-+l;!ktfDWdrZRY{S|fuUBN82;Z}GT1Kds_`9%zYHvxk z^Dl3gdQZroDzR_5GrPw@j!yXV!Hf|MoA5;B_YF4GekqT_Jdd9V7f?zDb7_zCdJWY2 ztk<*jg{j~17fzV~QoT*~M958{@_z?bt{#a=_mJ#t#UYur~Ejw{7x6RF#LPQ>?* zpysrwKi>`wOf3Nuv52N)ymrk z5#PEmH(jri1cNF+rx|*&B-&P%1&yLM$J!F5Hb~x^B798+9su8Vb<|6ht0=B5A3#nk zYWGsWJs-V~_bdi#D3A`yz%#oBJ;5%ZM7z;I$E}dNB*E!MAf2g?rfGLRvjtdRxO^j_ zE7gSQSoimn=BO`-uzO9YB`)|gH}rAen9EKt9<39e{jML8#=lFs0n~8tm_Fw1pp;Cg z{&s!U?(5pJO4`y%WZdFqyt znK9DglKGB;^Db#RG_g?aH54IN7>ntkE9iTx$?Hl*8SxoV<9RJQf2PPzXnC?w{o^blac@JQ|AIRKnctLUA?QY|^2R8!mj2=wSTb$oWy3Xs}G>O0Y))`QBk6-fAijc}fjG zI2_W&Xn2r}laI|_PRyu#!kAe`CtM_%ZSA?siZoXm3-Z2xMd~wOHJ({|=N_bb_)L8h z?IW2CP6l##%N@(A2aFuPXa{H@z`6&#hhDQ{5C+~CK*Ue}GxPy>5HKse1(0}VS_9&?wBj=e& z(J~k#kRwX;W>j*bo;_2ACuSYrUMaWnsyA)p<`7ACc|WcvY{V65kgK=_8YsdKFBWKv z1PUb51oXE|9%3#R@MgD({(At%KhM7?2!Ub`fdRq6&J5%cq$ReqGH3Qoo=Yt)+xw^X zZ@S(6vqYNY_(>H~yp9Y{Z8|K7YyN)D94Ie>DrG+k*V}@k#rcAYe7aRl@2__vQu&E% zxF2HN9ZUD>sMjyY0Le~+bTd3e2)gn4aXOq1)pD1u`}{bb#Wgw+$?eX~kS@1H?-`DI zXAe|NmgKE{yoi;K*7$zr*oBl1+i)-EJuuc={Y5l~Z3Es@{ht29Qsjd?JwAr9vaQa%Uzue{o?ype77rQ~HA(e=!4xB}`zo>+oE$Vd+uapefJ*d#*~%ZG+>FHiN)60*PV6{mq23v$RH>e|1cXw(c7a|B;@vcqYHF~7Q)Atfz1hG5+ z8v#p#SLyw$_Gn#|AnzFRa8(hjL^dhS($e3~HT(oGr48(KgCu8h|Js$cGtmu*QpQz1 zSHiFU87UX0EyX5P_~l6Eojz^1YI%M=T~fFEkA3YoV>H~k{aZR4zWOKiGKrsKA3Siz z7jTlLE%G8$dN+T)g3`Dg@yPEowk@lSqUnYv3&jfJ{CFRv2O7|}+UZ4i^r$7&etjXh zpWzEgMorw^ffv4t3Oi7 z!{6fa;YZEznU3$wJ2jj2YE~nxH&HT|swoJS$NJP_5#)&*dguh9TF!`Qv>a4PKuf`l3D!hcDkJpvz0MjQC4S>2xfexPwN`F0lR`rd{^hgD1?)|Go|0 zdAEO5i>B)P-h0*`9dWeQ?>7N9a9vZgOb1&58i^J;f$g(F^%soCCS2v$_YXScZuCa2b2mPy}rG6)jy4D!TU;ypD9kEhV_rKK4jFuy+ z!^S1iUwsG&2zm^(IMHFwDES=1^fw4bgu5MpRi@b_Wf?;F+S+{3WJL1E(V&( ztIQ1~1y7A;Gg!e#Z(INQ+yT173R3^k|3>5HOaq^M ziq+x9f;2Hf7w=~~f9S&ty&$Uc5EqE29(egkbL8rpiU4N9MbH`FJojE57juV(i#62_f3`;NHkcL9d zijx@9wYUIu&%>f)`D;YPZ|VPO5QdLbc?W6{Nx9o7ULpXBO&?e~c${06xd}nK&;|9c z*v&WfppezipClT(8;!6?R&Te5^DbSvl`MyeR5tgJgPJb~>x336z%rMl2e$!=$8^Kv zl+q!Byu8va`q77^_M=N5vX5V*zq1yCZAN|+hNzbmxdI7$f zS_wP?TDJfU`zx}CdV$a6*27P8Llmb^8PsOwBxrrfY5am+`A)YO7jz??Wv+4Q$&cRIFK~`E;U~c(#Dd_$kWgFc7d;qbPgl6Q$cx#+})3Cq|U9kP&esS^c z>Myx=_VH+mAx73wxJMk0^Z+`1Bk87&O}9S^;urUg;<#5<^%0&6-8N*&)A%B~-SzXH z`SOP3Ew!GzpATL|xk^ z=NLcBnvB@#mXg&uVGF;OkM{)W(vLV0UZZ3NAL0Y^;D$t)=HW^Lr&shU>MV%I0H_CLwky^)~BGG#_o-d<*xY}=pR>qGNP znUCsjyDxcI*h{`Ch0S@t81Z)H*087y1jH5mkm0KY?=mHJ%%09))P@vdcITj@pXLw; zB@>l`Mq-h>(1hkIDaS=JzcWtS?Qq_5*-d|nX5~G`gCZ(by(BOkr^+s@VyV=iO&lQC zeJeC1Chb;tZsvBPZd3F7OrJV|MFK=Lc;iB;k@VP6-+sX9u$9`Wk%c8KSYfBG^vh1+ zz>W|=(da0BQO6_vPr(NG15AHkpS6@O>LUrL;A{K-tA-o)p<}V}CDym~+KdGkyGWp~ zQ!O1phr_{OU*T4iBmf1x|MrEvqXFl1+Y&ff#2BeosWmMG-xSgQRAV&b41J-mran~e zbP!gPZLY=e-rsc?1~0h|O2AFZ^wKoquQ$NCi|CDU>X%2}3K<;u^E?~op#>DBuGjue z{rj)XmY%CxchyGQIy#@+N(y+|!0`1#y`Kin0^Al7oIBU?-jBW4ZdIy2 z`h(9AGaG8u5E;;f+sh-KRKvTy;H#4H+@UKYJ&q^%+nGeCug&U5gO@YQjU1swG;(TF z?suZS8;L};hF6Qv@jMLe9dQ)O0OZq2SKa1mk=)X@)R$)Zy{CPNj!z69ie#F%lWBL6@)Jau5Hl zND3`DlHHT!lmxCq$Q5y7p6nLJvielT!y#)}yV&*s39kuR|ZZqwcSH+n8 z>B6NAa0M!Cv~H84L_C-nkAAppEKb1oq)Y0*kEQb}ic=DZ@bEpCkY3p%YpCn73DN`vvA&p|)|HDA6+yvQ{T z5G?$0(PgeGxACEHa4P{d(2uQ?l<;4RlE`jj0!g5G^6z)|GjIPV?6weZ?Rfd!-a!!U z?9e-yz;$?iYUaHkkKlTVQt0Z6Y`~uYjb8|Dke!*=sN5;pOHk?SCnd(Q^R&rzs4WomR09*{dViY}BE^p6$k%s$U z+dPhA;(I&&Ii8=DcMTh9ssud><(nP2sx)JNiaWlWmX^-veh4D<9JM5};dT7&S!Nzc z_3r;t5k6aNN-N-bu23;x{4;CA@}hUOu!pr2xjX2+UrFG-oz7GgJE;6@B{ybRwFz5w z;3Afof2IT1W?ESC{mt?e8^!?q4;FA8I@kz|$yd6ULob67D)RKgC9@?;mM}ZC6<3BJ z?kVrPt-rzlu7oikn^MSg@A#4*8xi*%_c;TVmA{gbl7eCTb-v4~4F}@DIpgIob(wP# z@!FdlUaadWjW-!Qlf;BFWxWxeuiRO>-nyR-`wpf7dtQ)$wQtHXcVnH2e*1jVyG$s1 z?>MN-i;rimo=Yw|%RBS`LR|+V`B@$a_GnB zqA*;a^WIUkX07IBOczm(>Rl4q;d;KJ*V}F^Qz26*J$@jj*z>R$)%OO=rK8O1i^QJBeiRAUdnc3O*D^^CvQ6Xo!JHh82*tg51^Hq7in&_jh)N4-}&xdT*S$`-N zcg4T$rZ^QwmZ}GV=;@YiqK-;Uw}@nC5Ayi%zyK*1kn0d*W3+spyEnPGF$=%9ryO=- z{j-XLh(H0Mub?iM`9|aFI;To5NUakJ^~S%b|Fl--E}EdV`+-6sT+5rQ-$#Q>S&~w% zyL6ORclo>+yX~X=WqLinr=me5m*zmOt-YOuIT>LYgQ&s#m9CVVqw>g1<`9;{{z39> z*D-SF^KxsEL}Da&baDONlKRc&Naa22f&JDsZqZ^WclvDe?SwwE&ncR^Tw3ya#6?^r z4gmbG;fBVdW_2`gTz9GSj;dYLUwSqp1&SWJ(1Mp&D0w{Z;x3o5w?|*cRD6^!mSFjm z@224~feFpqGIFGaoJ*Qt!OB1>x>4_>=6JfJ^ zD_Epg#A`oUbE(lb)!W(j|Bhx|xi19X-U7hw!{9xjw05apI^zE6>2pZ{EXd*I>+4E? zfSk;z{!dXY7gN^T6lVA5vYPtO7&L-vN-wrtXaZXSFjuWl1k;zFY6p>Lei5zt$6p^? zD)c&Daz^}eyg?S>Y)U(AafR4%hnIdod^o0eg>{Nf(p@4)#UeZC<@;h52aF@HQvOl! zbf>bfZ+1cptarMeWLoM-w`p9(Jjxj!tK;MYx`ZZ!x=goO8C$Zf#n)H3>o6=h&LPfS zk2|Uh38uk<^#nFhE-X+gt2)9XEGc|oqoH;2r*@PkX?Sn1V*%y6JdNsR zcAvYxK(wWz<#zlipNpz=c-VHSn{{OtIH7#K4TGT2V!~3j#T+2f_{|d{@o1qyFgixf z_-MVM!O(0cH8Z{M$L>$a7)ms_3yHM*+I?IlpU&Ii|)_m z{;(J#%SR6g-k5gB-!HZvP6hvxhpwWmkQ24JtOcGYvMf(CikP%oBGQsjmi`sxwehpe=Aw_p1IsIstk=FY4^r4fB49gwODeP=*()ag6q zEUte`Z6uDDrLA$Aem}Y2jAs4R14+QDuuNeoI8K zQUlG+{QS(D&T}W7fljQ@ITD4R2vzA5{R@bFPP-|{*mW;{!5-a0fGyEZd3iots_X5L z0q4^u%?Cx%n7nJBN%CjFmM;M}Wo`D$V@tUiZagxIGHm}s{uv&vX;jSVwL1rQq2Kn+ z&oBFEz&NS38^xcWkveX#*ce2w2?~6ZHa=g{WM|&(_gmlax892HkYqx}f|>d1YzY`A zOCKTYDwWw!m^WzrSI`h%D;$;NX5g7zeIOtQ^PwMLIIu_rN`GCK@0hKF!=r46?1Ly} z1lkjvRe9JQ?#0>`ek}rt6*cyGP>*L5mUf9AcM^eK9xD`59!UFDv;v8kSKsPPR#0;=%u`@Wq>EELrT4mZVVYoc8}o*LdP>_OG!bb2`f%m)R>@`!gFGon+O zNg4%Sr%(g042SEBip!acDrn3xN#8%Yd6~;c8b_gNc>4wQ4Vcl-AG|toGY%nGc={}$ zn9*0@ZjV2IL(n7bKL+wYxmvio*K>6ooeChKZ}ItD^EAFaU|oOiS4zA!G^Z)8YW`@J zV|P6GNUH-Hz5Hy^v6Ou>-+1e8t7J%i52#2RxuKNKLp$#?)z`%Yxc;swe(jkxR5Ug6 zCz5J7AL`$__q#e{gRnU4-lP+GLr1l5t@VZpP5IjWJ}LzOCUe}e#s=xd`mzK7!QB%H zgvMV=_gs?OzDRR89+Faw`!n$#pU;E^grl)h^@Ry%HmhvygoA&ufV$GZ5B=ly&bMW& zVpJPweU%{%%q3cXmVjtnUhMJW|Et|#9`5J>;z|4WkD@f)sHOh(VP}1#V~x`vx^e7O zlAz{I2mB7C7InBN*#CFUw9*tNR}Ze#a{_z*eVP?aY_gljFEEJHd||~Tz+h< zi;c||)>OJUm}*rBi*@(~OP~GGAs^GL4{7m3Ae2(GeB~y}kc>dSKB3V#YwceGtZb95 z95!Zp_OYG+Xacr`b;_%g`rq17KWR1zS*GIqhq!jUXpq%u7Mwx6r zQRP^W4;fvUz!mgGkXahZ*cAv^c_3{}8h6e>VW*OD8!=yO$|lzFjeEsY%xxu%7mr_= zE8Xf3mBW}TH_%>7rkYup=vag{Vj;*(shRA^vno$(t7*j&{%hPF(`pC}iuK*y!5HgB z|5D`7>D*=gLy<&aq$sUIS?=qxWOjiD&L#dtqv|U3{uxFtG-pueTZ1 z)Yhz*LL4@kF#=NUQO&6a678A#1~%$R%g5pa=|wwU>$oiv+)x;jpNuG=m&z}sFDe~E zLRZ(6)gf zlkg$DpyxRz-jAhLl;<}+fMJMNo z+k(Q(v z7ipEI4zSud+%j!CGlZ`h%VWqzOJY94iK7~@Q|V2YpV781U2g_u5b>%O4uv1Zmjf*p z*>EL#GnJ%N%C{5T^)a5c6&CdN#?Q1`hkUg;!2W)E7S>$rk4#U0y=2R{r9R?FlvnHU zu59&lBtiB?6GL}E0d{cH2#83Pf#IWnD|X*4p|k%7E`3{6W=t-yA2#rel;*kKlLyYe zL!BECYh;v_=_b4GkX#SPEjKz^{oV#tKdnYTEw{CWLJSYLlqtk}39eU4#3oIV` z%uzT zhF)iu5iTh*O`c4BH0=Q0p#pvk!^a9Ws^b}Q50XxkRx=sX^&nTZ$Wn5L>FD+gJ;KZT zQo(Syy@VAX1N@uMiy(Q4#qk(3RJr(!6#{f}RCK+Dv7d|mIfoKI%fE^+umD9Or;7+p zH%TO;i?<8=X;n%=k0mpu(-C1Izm-A>#ohs1MwRXm6*+98_%*sNgOJQ-)_WQvP_BG* zGW5D;U)qMEl>%^v3MCeCNovTdPwb?6e@^nh`CqLA4l8|zKz8sSMvQzO&SXIc=L7-{ zG_kieFajKVQ!IIyLoV4TM2_l%N4YyVEssrKyA%G;uad!=KMs5GCBT*+@^qw z5m@K0NcADk@1>W=85nhTs{pA40h6l>vMQPCU0tpattI1e)xE7{q~S$Y!c$9FBzBJ? zy2ywc$Ya{ZJFhvL|I+qkCZ{tqod1miM^I)4QuXK2xL366PJWApuPV!r#G=@RVbdO2 zYXadI6r}nYTofZqzYoJa@H~&F+CDp5>{5{i9$~aK*bOe6!FLE&((fJoHAe$S6sagF zTHvk`x9$8=(5`N&aj^+uPT*@ZoisPVff^ zPsm>?ZCQB0d-r5#t$kb*U%eg^A5VMPGkOvdN;6mo(CFawxW4Klf^Wv&_H{MCE6=d7 z(#p433$qNQ@CKwQ$v`ZgnyjTB&`6Hv3gP4xmu7RzAxNv4mf_92=ikS@t)`3&a=QNL z)en#Js?ay^JXK^KEf$F?p?Zgp9{V7Vo2K2FS(yEC{9*Yc^j>JA6Mpi}wmTTk2hx`s z4bw5BHH%Z?f^xU6&lysIBsvg7&-bksYDlavZ*c3AZLCTchWSUh^3 zKju$nZRyCNHJ)&bWv0ZejN^$anRh(sug&g#_2&;7Nv<$*)b+^twzIElwgRtGAhtZO zu~VbhQ~a9<&_MDnIKFtMM>zTsl_XZDsc-oO>6Ye|0^zz3BB>@9ORnvxWcCW*LSKNW z0M!$4{XBUxf8D_O)s+XgE*85tbhciRPy0GGQoxe{nBjiCSe%e| zUmOMGh?|j^yCB(Xds61D$JKlQ_LZo>3E4BPI}TI$D;X#a^z;6SxKbugy1)<@VLz-% zdbH$lV&;KQjuyr7ldI7)>Mx`{*h6wCG&5Fi|2kdDvN1tz?RG!JvV$TK5V}Zps7Krt zd$LQ;Qli~UtX#lTz2b+=?VyHfEaJ-%_3IC!P?U%#%EKg3Xe^dVm^-;63eWhuEDkKa zyp2m#+}U^5H!$X%hr|n6FC(S8*#(ZEHySd(tQoDDW;+pagyXHWyB>&roUd5qc$kud z!PpN}^#2Q%55IqUU{QVtD-U7)Sed@h#1UF4HCrnP%@o3303J3w6zG2&Rz?^W{_7h_ z9=ve?y-b-Jx?E&1P6q_y)wLf&Af9;I^;?t|96xm-tj^&7tCoN@PLNRPqMsOXdb9CE zOBa*<+LB+mi7PnoJ4@=u->aBq%mZG8@m0LTIX%|oe`dW6Cj8&GKGxFB$(*bkGGk+@ zAG=6QHh)6cTfH3EP_1k;P9Qm1=@=X~77s??Ru?0}#PDl&OMXfHzhQ(otWre#wKQbX zlso=W6Y*?~@vFL2TgZ#+(90j0H{}1PK^VdL|J!F64N=&ay|vb8b~P_AAf{O8#=Go)YV)a5eD_*JFN;nYAeo#_-bjrHy zMz!E`0HmhAKxIcNTcG@mg``;!sifFU8qJ1l=6ujY4MBxx$q{)xoNeF2-HdyUAvvtk zReJH)6ZQOU+gx8Ijmz=3+VxtlXEP-n96GEuRCGjFO>3?-DMJ+q2vo?85=-~@g71BD z&y`KIXs}vMpmAi~Q;3@I=>{fs{u_aZ*6<=6QQQdcq#w#Ko%sS^`09|X7dYRU1Os1wCpaol5Blh(5%;3R-|zGS zc(760K!Ui}Betfpi{>Ds0n3L!8=+akZfPyI3a}i?Aa4z-@xlNn>;_Q^20Z0F&@xf2 z8VTQ_=d;S}m3-c;-JX)PP45isyT}@xyDO=ZerHk9#pCpyl|4<^+uV8hT+R-Bgp>ES zwPxC2Mu7ClvqElbzuz`$5Bs`mx==nhN0-S02lttQwQh$h4miJK{l6No`^>f(ORm{f z@yf!w%bN-i^663yY2{`1IQ_wD?a3%PO~|6yQ|`}LpLgC~eq&PGDX$GN(y7)tY6)Z~`%e6E>>5wGR@J<+ z1GXL5;>PSTUSOxFQ?`jkw@c}hdVfw~+lU2-`bHx8?m%A#$FtVzV%G(gK)(H`8FN>h zhKo4ZMoc(loqRk=CmFLSL7B8YdW4yMoXR^aZx&Cprv zw&6`Flf8^gvSN|CzT80Qn0ztCjl1|oM{+{jn0>aq{6(jEnU52ls54xrowI~JGxq%U zV-jX*CwEoqSgP+G{2uRE`;V(w8{Asx_Q@U`tZg_V8WxN>%IexF*f z&EnK8<&mfl45bhXTm7g;_5yM)9m?FbV5_$jSGi|i6Mpe54i{4)Je7FbxOgk~#?lIW zjDlYNmG@+Q_cZa}th@|Wbd1zAPKVf0@bcp6AAe+-iuM~B=f*=rc~a1Lmvz5l^hzLX>Vd1J&rlXw)$mkv%)u-nDqEz^)au55H zxhm=16GD&4jbE^L-6yDkk!9yQ8fvKCIuz#_S*#3TfMr?5X`o(?ada5fR2l;FNDN=r zTF=rDa#{VV)fS^#)6QI7S*ibD#sP(B|IiY{s0ixZDgPu1!)VV6%~Ikaobc{0vhvO*mrd1hCkC$Q7%`USngbLANfqeU0w~%x|JUTLissUD~(1o3R*O(#Gat`e*C6{L>iT}3_Q^h@ECgQ z%`r;g^zr`FhW5u=eqA-cAby#Pj0~xKGAgg}DoqGF7)T+3qhLmC9UX+?2yXUa~Du$(gAIvl2GbfK)j6icX>$5|? z5FW~Zl8kY8V}3XOGcPuoucFPq1OSEfzLa@gJ~wLJrPr0EeOflpjgJ%AB4dZ9C8}lO zon=RBqHpqCS74sED$3=Y6zUlV;L-L8*8E{A-q@!s*Q7s}I1~jPS*KZ%F#M zDJ7xi!s(m0WmRHvSWQAPPK2ehoLFEBrWDvjZ~RIgtJ6R^RrSm8fO(+VSxI04#p1x$ zG2x7ee5b->AZ;>op{UMy8-48EnIM(3kqgVa>W@EnR1J;aNRK)ZpZhiDG_48JkXqGJKF7}(R@d+mUsVgzp`fslfGH`VL$bA|CEXWWZwXCNc zhR;MYi9f3S zoZ$|i6a`9poOsg&Lg9QL91nkX(Z-5Pcw^yXDP29Kg31+#3e zfZw_l9xoNpd3$U$zTWxc8V26dPhV?3-rp?qNiUR?dl`nvZ2c<+LX9szDjJR!vayES zY`Z&;M4R@M>|QdxH>*7PueRNPy3c8{TWiaVS%UL>9A*--;m*r{W)65X`3S;gG2NXm z@X|oUa`relI%rjRd=p$?)*b8`O>eNq9UiU{W%s`~nK0~>bg&?tKjrG_Vhc;h>N4@T zzR5c{ly|*vdZ4D@_#{o;{SK%z9Yhlo6T7;;v$)(hmyPFaZTfELGGB>p*iq>6^)++UfhjIf)|3>V-rdCzxDZ{H5_lIeX)S514KHKxe) zwA?G`T;|?~E3Oh|t)}lRkyA=}bTk%d*KnkuQ72$b>*w7SHJdd5(n;zSQcZI5EdV|p z%Hwv#@y9s+j{JIvA;nQtwrFU93k5x2?tH+_aTQg1dneAEkq@uNFIVwkep|f7LN_!B zT~zJ?tr7axtEuh${kVVJa*$OOYO&9vbL$f`@r9B7p#tfQ&sSWJk(~YHKmI0nYlGRJ z2?uLYrlZBr~NY@FOAS<87}e%$p3k%FR>r9Nj;fw%YzXuw#bt#HGPxC@tqK ztf2kP(=VMmi9q~Zd3wA0uHvx|e6$zYs$HTE_pP_L7 zE&mOo!+d5!@bmV*K~tW|p?c8Ohy$@`!5+rhip$^oV5zUie`UA6x2b!E{AvU=&VmC}+#H0bLHrnD*imVk?nb!M|Qx6Ft? z=OHGsxpVWdi5*L5NlMHXp~xHz^*+F35_QAzRV5Vt@hpo3uZeDFHsEPkcQ5msZ^U@? zsdJBtcz1mgOw;iEH4ODAGJY}}h>ddN$bQ|4;dZ_e%aYwb)u~Hsfcud{JSll(1C1$7 zq+f56L2s??SC!@6V>?WOZ3z0{wPW6pPx;5PR9vA0j-WdEQkbmdQs zE^^IaYIrW2-3W}p9hb}^6de@LruZKTyy4e|o}69Z(!`q4Ld3s>*`G>@=iJ*&sRZjU zt6B(&?;v1lgWrUfd%O%bA9+|Sxs}^TooIwrfS*O}_a#hlwddN*L(DmF?C zXBoVlgW;Z8{${Dt!HkO(^u2kpL^2pSG33HIZo$mnv`Q{)PZ?9`I(kAMkM3mxecY|S zFMgmTSgZQb-h7U$MBwC(o?lYB*XC&@d86p>ZES_Y^WGq*$C-SKRywz|vTAH;DLs<@ zO3Viwajl6fvV3m3C7ept_;P}&L;KNGj)^GnDZR4<&554p1A->tWUf*s^kkc>rsQ_c zx~>j1s0b4VnqUd4!aW{UsWezG{@s9+X4{Um@w?l{tZnR`$omKfFCu@M^5aO<1)JnI zcUH9OoEj3mf6mvWrXF>aNK4+E;r7d`JxaK=Iu|gXX?$le3E>YF?p&USY8!634lXXc z#i*ASI-VMx{sdKDek_W5qP^O5r77=9*dp2a5n;;N==OGi{uTOFiS;Vl z+FD~!aH_-K^aO@a8DH)Mgk=s_lB+JXr(3=f;L4p%(@i_@O4S@3TO&wN&$W$C(;A7KHpnSw8=WicePq6{c3p z4b<^y1aj?9>eEp#VD~q^L&+Clz@7U_lbs?MW0IrN)qR0!^P9|Jw-*j61p|M)eYhj! zDSXn!WSyZNixneS(7yL~YqC$YT5!q%$HWG4ABDy06Br%;S51& zqlCMO!oRnzQ%3)lKE=L^;bQLke6BGD+xWJYH@EIf;c3L+@lrm$Fnr8by2Ey*Ry*)^ zY4=RTEmVU<@GJI~d?I`-olHyLG-y#$+u8hI8t?ID0rRUgSgb#K6}n$(rGk&C-ANf{ zJc&A}SRii8IHPb}&RZrkDMODI7+#Cqmo4J5c)Qf%Q-D~2fyW#8gzBF$2soED_behe z>E_HuCQtT5EY}7`Oxc)atqjCrzYC7M_p##X0&8KB(T6Ha@CH|WWmN1)qQPXR)O*f( zt!$*p`>>mjn?r03SoFuqA}#cmeZrtia(985ZB1zMDS4F7`-1JTrg(P?AXioXT@9^F z+RKXh=j6G?`|())Bv4=g$|z@AfEeBmX8jB9yF^wKq~)y-IT~f5Ti2=0ZM-Ya2cpNJ zDW*xtH)}^%3(d3(3Ihnc8PPTO_I?`hoFt-z4+<$uhb2{KVJzWh;zqh?<9)xdBDnW2owYE1@Hnt4(9VobGT-i$=j-uaFvQ^>2FJvfCs} z{cAVS{ZB$}KE73yb{l>sidre*7^pO#ag}sM6G8VvFoO4Us{zGr6p$uH47)sfm!dEK ztG*7A?(Ow+h_ZK*|DwJ1N)@d=(OjQ~Ep`AwXw_Zs~Lm|p=XLE;8n))^tF|_Mzvrcx}&AwLL+ar$tljuMcT&k?R63$1?FnVCe=xGgj zglPBh>qZm*ovzzXMf@NQwFd2f|GnSJN_2M#1DxlC)_5v=@I)oIt_2y~3kz9rWZo7p$a7}4JA{Wa<7 zhB|D0mhh7fW0qRHwhT}78DqQ2HW&-`^<`w+LT~g(!0htc+yx=+osJCG0XynJgkmUk zg+=Q-8f!>h*|$hFao)+!s)5BndublaSs~vRgDOQeWfCu5k7rsieNLCu_ix;$ebdtu z{047uPUdOZhSvS`$!RSRUN7#uWZp2rjLO-sZMh62eW{PqidvR(ut0m)J6W|lLlhj5 z%dDfzP79=UvuDImW0w@y0@uA+md$nlWEUXeV8JDbo}$nr&=H6(wfI$p-~rQKXP#15 ztt+&Mp-1R6B!$A&jx7xl8HtwDLvXbQTYX3XhDAmH(YOmeRx9qNOZHYlRPZE8j5b7R zTWmZ`tOL4Kd5w5}uwJ&d$YjFCMtkC7F{qE~xV4I-Ei|z$IhaX!rCMD)7}X4)u2zSG z%z&oo6MfWZ)O3mxyD>F9l~`T+TuWHBL^_KN1O~grr}5RA-LaMgc5|>MxA8|Y4WBBe zCD!G7rK<2fg>gVD^6)a<4b zpz@m6vNdD_UBcphrA%G(C(7b|#uI-fLp(2RMDUbrTE7ayQV&MF|0ngp$f%5iouK0~ zK{qpJrnb9(`dw@cX<|@2rChGvD~^)3Mw#qyFYmWKPbseUD9Gxc?u%YprwS7S#^nxa zQy!MI$l(pF_$YTP&GEi`An&fGu-;llfy=A|)1&tnQ=KO^cgW8hPV=wEQ^#^jOB|8) zrWlbU%kbx<1IJGeBH1lbxc-1{mDXM=2+a+lAUZwp_Va+-!iBJG=+uZ9pGK}nu!Ye3 z22~2vYXTrpZzN<9NKyH_WQcRxfN?sxfkYte_qpn$-L}RFm!0G<&`%!beGRCW5w>}~ z&CNysHju*^$)S6G2(0U)rm;cGO_Q*h!2wq!&ldSWJ1CG)ZDQ58J{oAN@+R-x{J^Zv zwG+dWpJyg~kAzw*=R{&a%Bzx81d!C$>6vpbr~^A^QHiBLzHv6#8pQ8q(wC0yt0ci) z8yslST0r5|J9nWqn}I|#;Y+zRU=1x}0#4W0aiAx*)X9jz#%gzMr&B;R}=UwXX zqt;2bBMC_gM(?kCe`s|!PPICQIZnUaG2f5L<^L@}h*Q*=W|+=%cj^=8Qk);*CGAgR z2+I}w%)n}>WT!9<^Aw)FvA}tDGH!@H6853!k)f7RXT~0dI&(#lt*(4hZhsEG4TOA# z=Vhyf93d&@Y>e{)YxcyV{*Q()imlf1P-AXmzEr)t*9Yx)#$9pH2`Y#;yMJ0`v@Vv@ zYkOGb)@nZ3lmLg|)=1hpRThyQXRvwfAU%)rc(w^g`i6-8|Bm2ql z#1I87FW%w_GyYly`)m&3*uOz(j;lIae#fgmFMr1PdxEi2j7w+s)>^N7xA}|&3IBJN z$qqs7mNeM_4I2Js?wEvuaXEO#V@3Uu5N;VoP+6Fz}qUD%Lb% zq_|caH{7<2tZ>3-a97&%)7m8dZ;Cs{Ir?SC(KbM5czlG6vH8DEc#@;}rBuA|XudeV znC6lR8r?bhrye~$x%~&q-khDF4LJT}EHh?NOq>PN(PM#{GQ-g%o!?V==L=vdn26C{BF={0w0mW zNX(VbjQ+(+~dg72|Bae(F&FGK=RHAYhzM0aK8PW=P_ zqgGa4>Xbm@kJ7UCM3kFAn=d6&Xj6z}$RGcwC>ij97vU_Q#|s^A;te7!1k{$m9gRSu z$5)>@%FC%D=&f23;Q#*ts6bc0d>!*SBEowsO^=sf6`C{%v));jtoT?CUP`2W>!!uM zFzInoMBUKRqFI=A3YUp9dk^9sT8|)4waCwd1c>nX+FG8td}0^c;O10v6JNabFeW`A%IDWi(pmrow$d|WDa zZa$*?)h58hfuz`z92J7LQdk7;h6M6F>QdcT#616TwY7(X_gk(y5Or zEtZ`JPjW$5jo$72$cf6pHaLI^0WPT0&$HveIpUJCG3W}ZBU&?|es(yh(mA{03LYK8 z@D?wY4VGh1(Gqgk$FcXoDXt}DVCPtm#_eiS%{xcDVCmFoP!$jPnO`FL&v9=8^>@g* z%9y9$rSUUk8PNRpNh@}9hThh55=r?X>*iVBeEv1+kNBA3UF(?788f08 z@%YCK96O#ak#{c3B$51G+;4&UhjpCFJDlGAA7#jpAq;+GAYIMkvQ4y!gW%m&CwIM?uW7voh)c04!srdq7 z57Z^VEKW;~{ax*`_pC{W?tK|LbU2R;s7Ey)C*h4RO&%A;@q!T?_mo&)CBb4>};)VAmlK)ligO*bU6zj>)$Tjcy zQEER1i9{kP*VwoO^2C@|XjNMolX*M#jGp*8?L*3LULui{2fQoQ?Um%kPh&v30jFiR6Ek`yfzN*tv!>VD8iOXc#0+xWBA1|q( zBC=&mDwkSiL?S6KcvP*&!+m>G$?LXSSM5lhM)mP^Ejvb1BKcqAz6ey6%9RQYtK#QW zG$2_bkw_#Gi9{l~H{@_li9{liNF)+Txk3t5iA3`M6cZPeZ7h?D)?vQi6fk+z%WSZ2 z<#h4XVXl|izx&T)EJ$U^H(#;k=oRakzX4ML=TDy`?$+OxF8?sb9G3p@AsyQf;6OsQ z_2mB=seC&0C3eUEKiEFgnqQqdJj}rxsa(5!mK(Rq?!o_0F@N0atUDHOJ(B#>{2_s= zzqyy0&pk@VhV|$?W+_`QXIQWN9tkWM(vSWvThg+1Yg#pHNS9Z|^Rd>#R(OCfhm2+Z z`e;(`vJuMNF;I|rh;Jva;^1Avk$+iPL>J(-B5`Y=H5 z5hf0p%I>Qf6z^qma1tYCZ(-~D#k?|XG7C>6VqGfxkCD5V$rIOeP=xL7OBLUL@=q?{ zwI}=2yhTe|w`xV3j$L?h##XNUfx74Bx@YLur#;V3+e}Q_AI_j(Cw3`MEjYlz`?N=~ z{_rG*ee?^PF5bS&*}W0FbTA7KUgb(!0oT?%PtVU65}W>~a`+BRx*SfedXvW{&f!Gj z{htkPDu`mmt549kX>*#lYDxQ!UHRyzBP9GyvlUM-eTtuV9pu`7qMp<-d+JB5*%xCy zF3Z*33;A}Fb%&{Y!o<-{o4Ig9Nvw3HfAR*KPTjOzx<^!|Le3sN%H{Y}>zVtHp&)^U zGrnNU>Fd@r<)70#eq`R3Q`V!hoZG&PrE4$q?z32Ck&vZMBJC z=iL&snnnckB)kpQ7^tu{mfa+`QU4Q6ygrs z%Cvl_9d&DZ^T($l7%}DD;V560XZoI7)so2hx0WvqS|HEOjp&bB|Y_sTWQ z^{z=z?&)pJ`e_M=Z{%Cf3F7w8L~nAyv0^>?3}|8A5a71$uYVhTJjah-BPl)4dgAX# zmm0${RVC_of0R+rj$+ur`lz?gVe}_I5}o>M#?B~|?Fr_7a-HC|{prv`S-#79>93Fx z&6emyZspvMKKuac9C>@@>!mJdK80u)lTtm>kc%l=6=DN z1F`1674)|)+oK$pc2(IuDNotYxfo?%dmHoK`pPnSUoG0o@Rk*Y2L|(sCwck#3iF?;xH@eai@{e=jVxM3e1};-p9uF$K6oMb%A)dN>I`{|Bl_G^wxWfdhrgJck(Kt zB)>YgZ;Y2qW!@O~Jx}y%RH{BVke4UYO!?EOH*ZR*aQm`arNghYZY`{Axn4R7c_O@b z#>ptoTk=YI*EHtsPfPI|^f?TTZLe%`~IG4xygYa zGHLkoUQ_*ad~ywkb%E5c(~!{c%J_LYa<>g4ehq!*Wp?b#qE?G~RP|DJ zQYk^7c9wl73fgUH{y(_ekOO1FY6Hs?wY;zbY*lW*tSG5pgP=~UGn`_h{<-z%vHm>KOymx#*L z@ct|7JqVMKdy;7zo#+`J%buL7R1Bz2u-l&$ledwycOn=3hl@1vCLo|1bt-!Q`FN`g z6kgfEhx_trUoV^r&NeuC1yeJ~4~P4ahQ;J_cIH!T$ZAjPA%hvvxdD-p5!7p}%t-gg z*WDibKl4)kL2e$J$qmmg)T&-Xyc5=w{}7utZK6Sg1_+xa4EUYKTB*FZZ{JSs+O_fX zvo5h?(y?>pTy|c_AtI!TxvXbjJIUnvE2ves7C*oLG0DEQsp^-*7hlXFC+z}LCd}ga zg>&rOx|UN{GcbrsqZ8*+40a=`VeZv3_$ZI>U(_%a}B41{+sy5YJ>& zDW)jf(VH($PV%iHIVrtwR)z!mH`D!Zbw(Vf&whjEeYCTSsYE#XpfUiIP zh=q%nv-aR2d@G6a^0XDpL0p0CG`FMi&y zN+dxZI)0imgTv7=>{$OZiXc%u&Ah=vyka>xyS?EI)kvHA{b4&D!O=NKv^FQX>eh%E;WeKj6rX z6!vcTkva3`6R&rtURbb5_e^Gtn@WNqhaYE7XVI$t_*AUSwLQ!D^1GRAIv7pW@H%)q z*^-?R!`!dGX7P{9SaI+$K9wS<;HhHf>tAp|pTVYuKd|8EUx>}NrAb6}j&J>$Z|5u~ zIxd;K>~yMxHNe%*QuY&0Y~b^+e&EEp7;dCw(V=Zq@)D!@;kzki!(USge>UHY|ALDN zSNZOXxj04CBUq$=5$E?VXYAC;Y+1dPBXQZ{eG9|En8va>3psuHGHX^YX6cVBIiF#m zUT7_BG)CrsG@jFGS!`UfkcA7Da6Z?Th7mQ;3LATF+cL&~KAm;jcaiTHNN5#5Yn@=^ z;Fe|lFn2zuuVrBnVzfp?1-5>>9Ce5<`{W)2r`q?oQB`e8D$!ma}Vn6rR;W2(V3O@)w`5WZ4=vtldF;fjbStL|H3LVvb1POBvT$JAWoi zR<7k*jxF`Vt8pu8BcDx}Y0j_sv>aMA3T64!@3>_bKyZK?S#hVBG~siWtlG@s%V}KN zwTevFaDx4^89#0sH5#`p^M0BdwxohFp6Lr$i)Rlr_S4yT)NDjWw`692HHle^ma+NR zaXf=U%yG)PrnvuwaDO!?Ze(&(q=SExJ~XQ7Wsaw^Yt_+hzwlkD@>V^vA)53H%=&gR z^Ome;^M*Yn>D>r5mnq9*7Bczzqc5?q)sz4iB_H(6diz7te8Z{c?<~s0&t=L(m?#hV znK2^mCyDoV8B4bBplVnP{O@;1$9-hSjveMj`n|oq%?+Jj%APi;uWaG&~VY_Xu2C`Y2C6*n|d+nla(07;=qvXw_;dt`swG;BuOPUBc~Bwn;V z?~X|)TK0LxIY4O7!93OeBGET*ntO+1SHH}N2O3c~B9gb)Tq5TG*gFfrDvq`N|KjfM zE+io#gy8P(?rsHI>RwvvKue(%3PnmO?(Xi85G*((#NGYKfA-`Ak`So>@4fx?MrSFV$Kk)OB z18kWyiT*7D>G0k@&L&jU1!un=$nZ{032Qi!9j8($){>qml^ZGhKn>-c|DKimf8qP# z!)WowdJ^($$VP?Zm)$-{jvyGp?MLH%B8AikNvcd%SyssX!?W2QwUgB&M+$#xMu#5r z*?U_UOW^kQX>32Wp5>D#)4hHW?Yb}L;GOcRB9g~wXlM#TA|rACo2)!>i+q*4WOH-X zbo#cbPm`AIn7t{IB%y3&n4Qoj7mj}qI(Wt_^ zimvhV9$Pw$>q?V=N{OPTJswULm>I;eW%NoeC+4a9UX1EEA~~NtMIn!NPG?}3Fv6R) zrSt1+IUO%O)i2}h_Y2tn%Up&J>&2U!V=2nI#LAb4(J+Bz0AijSt?ED9y zA^fc{onO{%B{8qO?_W5&lk?Z&G1t@K=*F!o5+G zqkW4;m}}**Y12;9pS=7i;K0g_+{+X{D2vG{(4cwiJ`5e$m4x%#*?B^G{ipN9r=;um zuiU_$v_h-}@oU?q3;hQV!6N4tSEKXscGBa^Hzsjg?#@t=1UI)X;QcRtq_`}HZ$A5g zdqu|d?mq-KqZ}?@z9V8o^<*rM&t9L*ol5t=_xTUv{xXhiS;ne^XYgy(i8l3IS-)rw zhp%VgXraYQVeeFR2{-mEW6!k`Y>bOJwrwx>(}iA2^VswAB7WT;P3x{*v6d(C)rW6$ zHC2~xz50vzdJyBmj-3>eU-J0&;w^5u#H;<_Rh&;5)mnTGToGKzYZGJcr*4Jl>0oLu`Y zi}#%;pjB^rGmSrpv+I< z>kr@I+B5B!o>a=&ymSF;_go{qLt8v-Ov(#Up-7Aad35YPl3@coaqr-2_Fj4@j9V=F z%Mw;^x`cmtXS%lx;nbQRSbgBCxJQ#cqP&&s&rzpAdq(u{#L)#Gvh3gk$`VfU>gP*n z+jk2!MqDgiBe2>I)<{N49B6e|Uy zXZ>&6@oP8-Hlu;R1FrsIbZFiH6aA;;^m+1VDhevuy9;(2*?j+XReLO&JCB&$N^!Y3 zm9IaU#o^nU3>Y|omQ8}uEqci7V@B}^NBZ>cFY5PU$wzOn^Pco%vWTOb7qW2MQ5tp{ zNULCbR?M5rv0G^(sS0>vuMTaRp)Jeg^xgy9dMw3n1s~3s%&ihj`u6WlJ+lP9{A>}o z5+wi1Vaw)S&-PC#fR<*nZ}mJDuf0r{etmG&&*iJxpKvM1jM1Y<5NuM&{DsTOk>&Hr zD^u0w4e3@XlYmKYZ_X(dIvr6x6bWaqn97Uhi|^kwQM5>3Hh6aIkD>7PuX!< z_(v5KvTw(3VzVor^vXCU;?J$5A{5EOA3m$(59$XvU%mS>7qiUhJ9Ic*JvDjf&5s57 zRh{}jf!`#kC4yXFcm??8M{ z9OJs^BuRH~vdz>An+_eQbNV6KG3lgVJwtj&9~{k%G01$#(HpVl`CrRedgLSX6`Y@y4_?x_~au3)3+0qmqdoVjQs1X81&_JLI+Lb?e}If zYmki3zT3uy_ z>SaXY-Z%I;u?{0>*` zdH10sf&HiR>BoJM-8xKBMz)GXrXG5e)isrO=Q3NqJICX?U3qDEb8Pgh55!8!N@CbO zr-Wb^Yi#_R&?Z1!pK_lxQKyE6g4CPGnKyAYk3zdK?Sq$T?{t7Ke%;7jq0scGJuLlr z4-b9YF=g%oTAM9p@phqikt69!um7ZsPh`nC507y*E}Oz)1^4%T#?OyUX*c!*K6v{z zx`nwSZO^UY-iGNj-{Zq~US?Xm$Ab7?A=f;d{@q*QDh7*@Ge^_R#gNk2Q(TXY7kx)$ znBPudORPC9N4+buZ@xqqqg|Ydh!i1RoBJ1*@!h!$>UN#Lgsw_9zw{P2WP$X5?NjCqmJxNR zkc2o5)H%lg1R8hfhD}m57or~v+h%j({B1!Hd!vg1+Pb>vs9yVOqETu{znSkaVn7!f zHKsoO9d-TXw3?byNDo9B5DTYavn zhU$7LHPtnDpn1FYGk7l=G}Pnai*tJ#qJNr*+3pq?|d#mi`o2=qm=kuI*YfVB*Vk3^3zn z^gUcUy-r9;6kCr1HgNI<^cMF@rAc zTF_&}`}B3m<5YACrY?1<C(16{RZ{Ix#%9pQ!SbO{tVi6XicBtllXe98{f=ZF9NNO=nGEt8#t9Vt(q}p;&j@$ zX>#*XBAB{Au~+-%^^rKWj_^f2eSMUPM>&;X!Uwb87l}w~`i^*=&LZI|Pe(LWPu;5b zPaWy?yol+#n$~ok`ld*VI-s9*oikBc^z7CiS9f<>G;T;nwD@iJubfLZ7v;Yv%5SSG zzik~`WKX8wl*7g&h&rC-{uUhQPv-3lJSes1HPLrk37;A~ZW_}%IBZ!WkzQ#XOg)iF59{5Nexs){vhf`rq$N{WCdj5}n}$TF zAD(3InxEOWZXKI8Y-G>2O{_crfaIL&&weE}1k$GQW$veC5`XIfZoc+dS+*xUaj zkBB^d5j$TyOr=3al&>S4Oy&DpdKh>$qIuf^^cR`WxPieu&Jlxnrjo=n3$SQ3f}@&AFTh+kyav24i7ujj2M9E0HM}iVVAD=TN+D4AmX=x1k{dr>s;9UHt-X9@@jk zpSSVr+D&ZUw1++WHgG`@5ZCYqxVSbH8Fo_wToj~SJkFZc2iPq1xOwYt_Uzxt!CP6# zH4SjA+kjSG`q88PAci$FCOapawERM@@4QDnksJ&dF@!Ec{%*~Jg+2Ae*qTA?#S{Gc zOHJh&;uu_?mVNs%IK)|yMs=f~Kt^d?B7w2V6uZY$$wDQ22i1G?j5_>l9N!36glz{tT} z=+L?wjRFlZH&UW_`nc!69(s1c4DRm6wu6_+xP6(MncB2#9WKsD^H3`wM`mhYWm=F- z3>pfBdT>%oe~W*gL`)5o!VX&6+7vuG%eWDf*?uvFM%{YTE$WTqTIB#r7b#)9@mUB2X+y2W;4f?{)}y5FSu%@xqL!y zZ3{abY^_y?S(#}%HnwQ1=Km=~;$ncY;nOFN7B+${s>Tilatmu*MM5P( z6*tXHFji;P7Iu~x8S9dlo5thlORQKho0q3gQ5tQW{5gR(j3tSIvWzqhn%;gJadH6A}s^o}ix~n8zPNSclHE ztnVvglW+*}|GF0TI6FMuwaLcD24mHnXSqm5tZ;ODx=Wd@iz`MYg_wA@;l$b>*!JZV z+V>yMw$stoEGq7}NU<1K z)h4O1mt>KOnLN@Q%Q-5 zVByyvGh_M;KKOPmjv*m}#O8{==JA~JD??Vr-?B5aFgCKs%TuxF5w&bKmC`(WfWA{1x79M518(|9NiJ ze-KZ5>2qLWZbOn#bgp`@YDHc)*^VaYi6Hl<)FjBs{c92U80%qfVkr89LO7o;I=-pqZ7R46+s;s+3Jsoj$)^f)vIq(hgttjE!W%ZA*@)S^(zbZ5>eGHmD97(z=hW#$>R6f} zg>=tG8YJZ0=J+;CLLBWdFc3PB3YUCL{HxT|M#D24f7kLU5Jnc>6ex8mE=%LlojAN) zZJ&N%8UFED)c7Ml@*_ zPH0FohQ9eWJsNpou9PNwm!kTBLta9Do(FY8!f4vG5e*x+W#H@YGPt2DhT0m~)D6JP zt~_9w+B->OAaYqe_b%8IEIO)*+EMiDhGJl-ud-pmbIVg;9pr+&@Q)fHFC+fSK5pM$ z#+R>7VAzlm%=qdshnAh^PKF46nj+!R)xxKF9o$rbMvk#<0IphMfRiGg20wf^^K{y554;IV@kiKc-ot(gQ_S;DH1m6PtnyS za;l}Fpe*+~n?Ksk9Zd&9n>C?HXnpkbb;N*Bg0`k3K`wR(t^hH&xMm-WzOZe%HT3Zf z(8tVN3Fty#+tBW$RY9Y~IX|U%o{>cSmwEZgKNo`LY{X4{mYp;$7jZRT;3o zPaQ$Js@}is%eV0~*DWV0s?l45G)O9+JYT5aY9QJV_A%?b9dzkCOy!s5q^|m`oW6V&Q#TiJpe1xBmH$-s@SC~s83x%aGj(}3lHqUFnySn`% zq0@TuA=OjdyL6Ux{knYn_ITR2Zb)g4NNA-Gti<(2SqVg3y;XjpB8L;_E@Gn6hYm&A zDO`)XR(?)kr%1-l1N?-*a;$>eu;buyrZsltmlc~xFR9w8s`#HuQi-HKy+-PTT3SjT zTz$U(Nkpo++7mztHOW&Z$)i!#-WIm*&)Va?m#FLf^jj4NS7(wRT;yET)2FINuAXGY zoZ!Ucig)fZHt#qohQRugV3H(HWs!X0Hv)>}A6AZDlw_XgQk;}(2;|)4;N?VNFG)8> zm_5@!v&!EBh@zFcn&_yjuy%0A!>c}TezB0vLY~c{uYCXU44MXq3f-N3wtNv6szXW~ z3e_J&Il4KM^57C@ud3x&=5XNRZQO#&`}R{9VIa%q{sZ-OId_Rl&J?$|=@cRKjd)4bxy2%i^rBN89HMISv%4))mFo%= z<3r)01)LWFD@RL5WSbsr-Wkc07lHX_n49K`g^d|bz6}V?&f>_<2Lv^-!KY&gMC@b1 zIxXtCnB!Qp9-8AU5WoOQIN!9bEzdID#RrBy1C){S^+@&u+#nZo3W6KUn9 zfxd=F7zFc^20;lb`IRCwR661r6hTBn2Bqpzy)KW6c$}qLGKu5?>Vb}5jRDqVEEjG@lIeqUQPrtzx0u|n1_2)78 zO?icvUzx_p<~kUQ3|!KeQj}AwZGf?b@K-@{g*L?hiGYlgAf!7u|L9>ksT4>!y_76- z8D>`H^_P`MvX`He%S1hr{?+<>3Mr!1<<*xA`R<*K9K8LsWtuv2)l=1yG7IeM?BY?y zYD6L_*8>Nvs$o zAFyXzF7fdiPo8%CufWv5J*`Zx^69F}bnV|=9r)xFJWt1QW z*5ZQvCttza`H1*#n8wD7iS+8yNcEdUjHI>}i+(75C0&r8r%IkAI0QCjX!me_m^_jZ z6JDZU?_pfavu8-}_TsFJyqp|Swz@8X;(}ZXRbPn<`Ex}%YT~4jm5`I0`^48}rA1_C z=U{77kKS#AnLBO}BPYH@{{j8@Y}sD&#r=gsmzBQ;FU%KZtK`rmEGU5UKYYl$v%es| z$_f@rN{b4~FDO#k);8dI?QbWpEfYRawT=q7)@_7Q)**WLpU7*|W^p|(i&9lJ8qynU zBKH5t%qcVI)utzxvmF_#(ue3#qN_$6T*0()lj+yK4VMZ-nKrg3nbG?gJ**ECCrx7A ziR(0K6pE>C)sFtu{}z!d^jMUaUse9R914m=RPlSh|9Se><=XODOrP}~DLGGH#ndEE ziFAvI-<9oc>(k&_d;GMAyt1clb*kTnab4^2?UXSL8#9sNqo;8Ve`bwt$veF}GkoMk z1`im(;cOq?8{JGayy&TaNs!2%@X_*q!V`N*!?;rTU!jn@P#j|;xIhOtULM?z5n~54 zW8QjPq;F$XW3B@ehc~U(Kh^#wO{o)Ql&XokLvS;OwDRGL3B!dCOlHvFfqeSIR&?Ck zGpu8!^5?F_!c2?e;_3sdUb(+5`jGcN`x*_;)=caks*-=Wu=Ak4Be_xL$&`LV)+#We zcena1e0vbX$ByIWZ&#qqmr*9(L!9kgrn8@tevl%*cC|+J(>QidSQ@OkPN8VU_oTU6Bl=WIMZR9uxHS$J3 zeuYc`V3f>iWt?1_2tX2wp>ruW3Q zv@kxwo1d*CIt2_}>d|BTBqrExVZ!)5JeG?=Il)fwMf2kahtY8sSyFV4 z2z-tNv>nYW?{&sGew}c(0>TD%qfbL!*1Yv9Yp=(WkuQQpK{kWF+|7VyE;v_T4o?a; z8u82<)`iQqQ<(P3IGVZXQJT4j`D5m=$Dl6@7SABWqLjQ#D`~gWkOk95Q2+iH^g8Xy zr6<|j0iO(2x-kZt2y3xz)F7Hfwov4QeWh(X727 zf=-DMn%PcxzdD_HW5ThJ=MlT^GddqNWzD?T2{p^+?7V?|_+T(U&6$jcQ4z8G-sQuk z7kH3wijIE>Q^rnZP?%e}ER~Rd>?68;dX)Hdnd$>C%Ipa4(3!r&`_a$Cq4UsHq7}LZ}ldm;Larf)~_{dN2;ka)(eAkMp zt3So&@^sFcPGHiIUJ&^W%RW2I$;Ua!43!krZN>D;_18Tuf@c8!B1w+=)RJw%ry1Nb zfI5{#eF9|?d*&@**_o>(X5?e2DMzcY9u3|Y&rAL4;e2o!jXu4JOpKD|P2DK?T9Xg& zd`V-w7&dRXod1N& zNkp7BZCVDaW0jI?C(d9I6po9PoYNZQT_f`5L!AACG1DnVrfZFli!Ikqp2i}e0WQ{BL>@ScbL*xQ zKDfg52PtT4Yn8t$)X*j%v=QEpmfSjjj0efNXc}1)Twf%RRw5-X&gDwPMdC6G@o&%= z-K=zUtXyzWzqNP@CDG@P^H6<%NLUz7V*HN2d`WfWbA$U9J5pnbaUM-qouA_lGKb7NG?$fe)Q`HJC`6-XM7AvQz zG{06+%sr79-APJEOV5_z2K8{V)E4?XgH!94qD|!nx*u^AZLb!%n~QdpOmyU^(EA{Jz3OkFG_WTK= zle5vcb)bRpM+-fnXSILX1O{MlEKONZaQFH(44nONu`sA=FOfLkjJ$(sh5w2KFY^3p z62y4kuw6Z7x9m=x4}RgLF2151x#*w!s`k&eEwCkzE4Low>+6S+zFH<_DR(0;a{F;6 zdS=!H1_$G8Z7hB+AmYLq67ppDH*AJ({2jENf^ez6er_dyYtf=P`W5oWXJ8^^4XsxX z3xj7Zswgew%Ei;f=gFzlup#o>_b{mwinDPMXGFcv_=7^UQ}q3NNtwvB%xEOylYNC< z{tNNZM<3CvS1;9<{L+$jfA%YWGcz*;H~k$1RYJ~vj-I{BBjJ2TVLfRdV2`zdsJJYS z%U8;9^mf4B(x8UNvH9HGb5Ql_HCGToMQI7{tq0M_(@X?=aatzbFT>Hx7K@U5>^**! zoDwbc9fE1mBmfuFJT7iK$iv)HN~}GoV<^K`1acdlJRUs|1E%647orP9ChI_u2>hW= zCMfbB6a7Gjg|h=rBDj|(T;N2+L*g?^L?Ts8-HyWu5Z68DAu4f~c9UXS7cX}=(V0Y> zWobMT1R%-8o3K!K3^WwTvtl@zq)mMvS4?tmb0*CQFGqVEh2xZ^-{O3_G2Tx0IEYFT zE^H;@VJ;aZ8U!?Hf-*-R4nO>KIZmXk4vjtS(Gx@@>)sI#U5cYXu7{piV>;CL!bY-5HONwLaysG;u_@9s zI|W+0?gY1LM4*$AdXO$5SHp&8jh(os z5P{0Y3Oi%1-&J09lnHsxWSik9^zC3=@tRXOS6(bzB1&l*YD41YQS8_3fxnI|B}yT; zXA?Sxd10-u!RfC==4(F_7Xvrsxew6@?L`N*KWE+CLXu@CK?;n-sC}IKI-vx)n4?QB zF~`nu_E8ct9X;H`+EL%%9^JUz>^zf3kz5CN4^I*dJn0^6E9{j+?9p=^zf($B@Ag<0 z3cuFz#M8wAJ&kN096L)?ObWRovo{Fs@uWXV^(R_%z}3c7<)2TEt;KPrc~Mo69WDB1 zw6Jf!2nI5=^+Rdgt`1((oaEvdcJ4k)rm(A~yXZd&hPd^pi-nPboExV&dL>p^-x)Vg zV|47j2=lTcH6n^qM=u=gErqX3<=;}5pNrhS8O@#Vft4UWHulf$L;n>1DnYG9E>l z|Gzk)K-60@;#v{7-5{Cfvz-2YSN zZ{1IOugV{^)#5*e{|rH`MJ@hUP?k^Rsv+z&p30QL(lROP-_=e zkm+Eqr6ls^9U2UHn@=XSsq}q7E&h}Ey9w&E4?Sy9i~nIrA4`;#_EoxDVTGZmd4z&ce7PY8FEoxDVTGXNz z|5d0ZsI{m?E&h)}$-U^yJWiGNCH^N+!uK=Y;NaEr)sFAqh*0hD^;e)&mh$NSO%l>7 zR?_{ukil24e#DK;zt+Crk7Aa-^$w?0`>6k?@K^2sSMJYb&bZe(lT^b*`RC%F@K*(? z2@i!oNqgN_KuP?Ao5V{SpHx7W$BjF8Daub{<>y~>Br;ZgqB6?c7nde2&Y%4U<&*!3 z{_$_ne=S~wKR{3u*fD+p%MUyzzG8ET=Rj7P#Fdq=Fsy3}TC{9MhtA#jaD61{)p!2- z9Vjcj$${BhIeIakXRD22^GoYEbuo_L^UcenjU!oqF_!oz7t1;M{UkOVx<$ivTW}o;{Lz~HS*#_F0EO`?(=u4vR?E*0y#(L4rffyRb_6Z_J=<2*K9PN=j9{hvi1=jMOGfmz4?|I!z=dDl z<+EQ7^7xO$j_07`%gA2*_y_&tx1dNq%1f@@2JG+6O z4o9nx{tT2{+_#_G@zQ{n&7#lVV85EI{t?{1aDeS6qf}leFG*qT%5T_n{*Ea9??ee_ zb{{0E;Kh;S?}L)a!+UvnBe-MZ{{wqVrzCn&clWV6>b1%Mp zlboth>*K7XPX%YU{BCcZh)>F^As}aSYkxEeBBS{|d6%<( zF+ZJt!2Q&U;r1HaS8W%;{~qaTGE@?Gi9H4RhOCHebj{Nq0dxvUInd(X;{c9l`0%a==bF|ALi>NlCJJhQ6U zV|)9GFW7$Wk?L;=a`pKNNXM1^Qz0*-xTJD$)IeKD2Te`sDs#SFca(80T%-#rDJ~Y* zmQW(DmzHCZcGQy~7rHO0ycd3HHhVU&V(-aF3dPUb`Yycp*>WcK2p6S4MQLgAlihzR z@T9#`yDE0=c`h_nZPk&sMG~Z?{I`sf|61ppRCf>oGK_q z*{YqUw9wPjLrb&fASvxnF6pN_iiO^uDN~?KwZ(9`{Ho0lDqW(ole%#gI+2&jD%roD z>bGsnKYwEHGEskZpD8P=KFa7-@gE8Dl46zas@+H9m4AelX2$~ap~pb;^R9vNJvZJ*uf*JW6?5B zpN+uAuRZpr(pIQC=m}quP@>-bsT}3{c&V4P#G6dzPnG49@I3p0E%Ph-hrsV^|Gz>1 zwRjPz4qE`oIH6_wRWJT<3K!SZNt1;?S&Mm!*Rp+{R`&bKi zeKEAmirKI|pWr|j{OpY&as|t;l#x~9O?a3W?$-L;KlnNKoZHZJ19= z`0=$bQG_XC%5z6s%0G5ae$j~1^5L8VyLZT#}7Z@&~XqAeT-N#^HY@JjnRm` z%%b@}u=nV3P8~bImR$!hcJVLpHj}jSINN9rq?j2suH_NwhKQ2{}h8!B# z_hZN6pGeoU$KBqH{G>aqSh|Rf+jp~b^I>xJ9SQKZ6LRLW;+=1~FVE%Rx)uDoWjnF? zIy8J{fA9+Av-PK)nETmrbo~m}ZrQ>0Oa(23j-*89+Q}W&IxPNjF87lkvrO39rg0D_=6*+pl@D2W zkMh%spSclVfM#hfcO#B*DN&m+f9LXMrC#TqZ&pyhX-f>BbOsqK-}{(M+dw?+jJR`R zD__i6!oK6DC^i&!aI>W#S=i^tn(R}^ra7yrGj=R>t#yTd0Ixt$zqeJ=Zy|x90mPl( z&R0LI;$A`yImJpEHu7TK2VanGT}RYsj4b;x-+wzt=xH|x_MRlU%$!hvN5RHYS^do~ zJj_WD1ZxEwcJ3viP@h0Q545Wepeh&}DcQC2ARb|@@O3of)c#Er7}^ti=Mmk;497w< zi(eP7!KdeNS_K$!Xu}@zw6%!1xQ9*a*K;Rdn-D)AbhPAZeFTg4X$tv%#(&Hhg2lKh z*{LS`Jw+aiXMT<%Oxmm_ht+d`{vGZAcj*7$gyYALtJXlZwzgI!ihp(;RDFGY5s&9p z<9jtgLrWKjkRA*g*@ni}hG@y8eZ_wdq>NmzS_O~U`SKRdY+AxgFAbz#y)af@$|g&d zVB`?7Xf)m1Hlca@uC)4Mx9ZiYp6Cc#qC(@iy^NpGmnN+`(`SJQaH=UY6~b5i8_idP zdeF65Tbi}}jH7YY=8D)irc?fP3bL|9ZK5@oZxK3j7>x{5iF=%&dMzG%RgS-f3HDa0 z?3%cmD=ES`OCE9Xy`4Nf`zr$mbfsV6tVkwXX*f&h{3bNyu(~eEy6%Y zvt0Jv)2w)96y2IMB`h?QrB@2cD3Oz}{|$aQeTM>(c*)bESUqzcC+}wo-O9+L76VJe{7JH4ccLiO)D9_<)3ye+P&X{6=|z2u(ar|Bc; z+O!FwVP6oDk;B#f@AK)ZOKf>(B;CF{&Gpn0QP2&38b5%xOE=6W3E)1V|pKW4|&okSj9!qh1PXxg|r;d73WCnc^W581D_&p=_HW^KFB=Ii}P zTgdCFvZC_;^hsp<%Nsd=HCg?{@Gf(P2!CnXnkG%&XY1V@%9IJ5STvboU7FIQK?8a% zkKjgfHpvIy;@!1bEP8Dequ*M_@wlsOpZp7v$@%Kn-?vyfX%KB2H=$kUo_xCZPI(>0 zw>a|oPOk1=#h5X@Xw|VN3-;e4vvN|c6b(&0#cOFkjG54i<_?t}$(q)|+tw7bvPc%p z+0FgT65%1j*m>p0(krTxvIH(IokIT(jcF=m@BQt5qBA7L#IwDUz89U(r}W`Am9I7x z?QArE3+aUlwT{Xmy)n75{cS#}>>p{8m2N*rzS|t0y^Vt_X49+tWY$GxkX_A3|D(_l zY%(u})oZtqsB#uKe`E(|uEb&{GK<4&H>pUdG(hfH{xv^szDh`|HneEk41X6(9Q_;8 zs%ZnvHM3d2emkn^bt)9FciB4bW{4k@MP%m62yfbz{=M4~b9yT~PhJ<-=#+b&hSVXX z>(_EStq>~*cUrV-Pp`iHFwVF^#MKOJ?afJu%b;b4LG3a0!O7iwxfv@3Kn1g=PvlaHHXS> zY2KUOom*mNp(~n{%aVDYb5XRZTfadB7#9k{zksCdL_U}@j>kH#^zPXWM`aq9@1~-y zRds|&e-Od!U3GFh7 zPHmcEWiF-FrF=B)dG@K)$CZWE^t*)}$FHl}66$S>vrjOs8-=PKb{tx}k?V0%P|W0= z38T4NYE9QJJ!#p{l|>)C&hGnCG%Dioh6Q}L#>rq%k8SEDcHOslewQ)v)_WH#EbFbDJuGth&A&3-`W0uhyH8vd{m7N zzkyP@;`fnL4LMr6w*=|xN%NNN>D28NemEpKa48WxzF^kQ1l(JV5ahs(r5lfM;=UAY zO>k>Il$Tz6n^y$^Y4PYNXQPwJQz|GbJINPEQweH4lGi3S!g}9g)^55e!i_Fkf}v|D zWoXLETO?*C zQ(P3uxq`NW{kveNkbKu z$%)>_`5UX)a4nbY!VIDhU*chWItH;j_&mWE-|ka*|Lr&F73T6go}$UnGP1;8p@m-d zAr>urh<^RvO#9$N<_yl`b3v@*j9bv7i3^Q-4q{9TAFPY6@XPmC&~7r2*WaDVxVEJ% zK6rr`Qib8#QOz}04qJ?FP+vw)n#h|z*=&!@CP^^vvb3wLSrk=cdC`04 zu~UrQjk@=tL!eF7{il;R@{KGQ16ya@TlXe(<8>aVW{crb8s>9(xZ_=B?93N_GLU!Q z?St#eH(7HyhSRa;a^rZicmwElQZiG1*qpe|yf1BZqpYawSe)b9hm$z~AP7?Bfp>zv3r$z6f z4C&UCI`*a95dM*nRX}dWC00*dLX_}X5o+I?FA#B}`-k!oA zU)xTuX){K>_70!;q_80>mpd66PcnNAEj=9Sb`ylgN$nrL*yLX3m&uEtBVQ_aPW;4* z(+XM-8b~8I6Ab=PRQc!8xIoou39pGpi9Wqw zeuvQ_X=&CtoFF$FTml*qR@V<*V?FgNX;qN|n&=zqmlG@vW9o?n(4;hjGyC>&A^HOM zW2(=k(?CyLFQu(|7LLNMooL}_!0A{Svw!%Gx^^}+?ASr{*%;0qIYQLU(?mVU#K<*_ z-~dlN0_xGRc_{i~T-6cn(9_pPnRtxjF?ziH$$NC})Q%p*CNi_X7n@dXRMn@UX~n?d z)9Bu@4SmLZL~rLjPOAn# zZxv^Z32oZ6ntY<1QY9%FDU_O6(@pqFr(jnSZk*%z`54;w>_uRJKOI`NLYDH7t*cgW zB*TU;KYpDq?K&`Y!Zcd=JFBKzREE5`fTYwE*#?9-T-TO1!&u8-HCtuRHOBV)D97_{lTQs$Fo)BLtIndSDLtE|OMkY3N8!?HA z<9cHuBDALTnpa!IYAaXjdf4F_(2x+(?pC8GViSFoU3aDAEQ75FZZk{}lB%33JGQ?1-iM1dI zr;Z(F#}45n$2W55Ru;uFk=cu^JG^llCJpON|6$XZ(#cX}Zh#*L;PU;O- z{JKhzl5K3+xq~go_i%L61yYO3s*q~`#`SrSSwza+2rjzRqmH!=p~1dfjL#-5;wb0r z{V*^yQxPW(9chnz5$H8U+N|wGXrnHS88V2WlZMjjemYqhd1NPEW1p@UE&B{(Y`^Xd z?$VOx-sYUm^i>TSwzVcX zuaLZg$HeA%;cX?zn{hFU8+XXl^`K#=K7_j&RSS?cK?9|{47tc$jnbo7zV>I9ZQ97@ z?OWM)d^0BwMN?$fknnoW)NMO}exY`PfZSl?)}Q%#&vv%$+|I5O`#5>NrMTG%_cWCRd}x&qJc&x zrsN5-Su73M8X^$dhtj3rSUS21`LnV}FOptiOHZdOf~uw%bj7iTmXJpWOH;Uf;W%5j z@8i<3ZJfK6Ora`(OZx7_!2Zo~D!IsJlW&e;>?TKTl5 zX|NMPl7G~*#j5x|zm~j6J}>Gv?kI?BTRbgv(R-rr{|@Ne*JDU`7q%XZAoKPmZlr6{ zzI7vUMw*9M0bxfo2LfEAI8_drOo2k7CQwSDBZW#mYKVR&>?RGsg)!$CGjswQPsb6~ zsXJ}L1JKicaVoDYe!!HzQ)vC_k8};TrX=Phy*u{fz^zh3+H{~rs4u$Gt0U1u)tpN8 zyx5AF4N^O@(jKF)>x(eq6F7Q$qE}cTk{GGIMp#-reT`~kuPuHRH|9QM$^2PNn?9Y_ z-}r>15fX71@(SWy$J0jjw**&jPYmTsvXdehTTMP)5wS6=!^WkHIJNk7n)DdRj*AJ% zO0tN(ae*J_e!!#&<9X}TA2IZ)ixK&lnELWmyLy<5Os4u&4ZFa$eE0choL%`LO}g~q z@Qn-#@-slp1>_37%5iz8vC!(+SJo}X6xBN#|$@UeH<}_!dq+n|1S4p4X?dL;Tru1%5y4MU_ ztBS|HIvAUZcvU&rRztJ)Ey;OwjNOM$BiC}p-&v2=y@!*xZz-EEMB`Sc0n)5ExzLZM zh7l&l>YYwxN|AW!R*JEeAxNO6@Sm&{lB?OzCLj=d2NAStgyg-yzy1FP{nw&q{4*+3 zir}rVr9tnpOc^tR5hJ?MNRSul396QsKMnm{MD{Ad7N2Yxdc`8xWuN8a?@yxP=tJH5 zjc61qoQE>uAlm3?`OqTJT?9n|xtR!Ju4o!-h_g=z4`pFK2|jfQYY;}mkop9-AH#Pq zb-=|$3d&DmSHBD1(b+sabcn}I-NnFeg1vJv2FXR7Klm%I!OqxNNo_56VX5CKl|oHQ zFS>=hstBS?*A$Ne(TNlq!ciZS?r4Lhje+WVxs@k%U4(NQidu8B$qw+v!n*vN1h)qI z6zj<-vu!}5^h<)Q-shUK4)t4g!u{SOGNL1R?COoRy%;F0+VIxM4*2IE=Hr(~@!i3P z(y;JiC}bqvK23p@CYB8z$-s3BkAHROSq8L_G%`ii!o1EGec~uq2uIJI%$H zppZ}+)T>W}4nz5JY)AZ!bcBQWRkN4KpoP8C1j&vI@WEEtK?QABT6*eZsx5+iX&LFR z&z4t5l!wv}4@V20ox+^T>1}tozjPKK<<_;geW!2FbrC`^7JFS*W{{sNW^j zkaXdbl56W~dDEhfn=0v%8Cl{gd`C~{=*hEviETJ}V7l)Hu~|jJs|D$E4x{gYL5%4Z zf}6FWY7AA1>y#qOscI2*OUaq0D5WIsBwwvMO`4$#^&2#yUXTVlqRlc>(bj_?Z+gN1wwiB+p1 zaWBpZpcCcf|b{2l{GVPm%kb3VVx78~b z$>XkY^lFOm)2jVXrYOOuNmn-RIKUU(?0NU~CFpzj;^otT_vS2NyC`$}_H8WrbS5nu zH>W7`OeOi1NULON7i1D6l4uF}k7KzNlZa9fRS6neqR%{MB48DJ3$z{o4)Rk!v2fi< zd_x*zZ(cz-DnojJA=yTTZD>1oA34qRM)s`yaXnfN0Vs0Mzra3{JrytXAC>JTo2gLV zZiUdjqi+D&F~>O-SMkBGoGrUVJ6ni>Q>jW%gzeRxT8dHPKh;zdWf9k}N0D7v`OTtm zZ_g$)G1Fqj`gK?bg(Fc%y*e$h(u!vN_6WS{_^QS}DGrJM74hP!U#XIe8auy8uEZE= z{o)OLt<2Qd)r4o;Uo-y4^e;G2^v&yJ6;%J=t`;?+=AQZ-2sKOp^Attr z`C-vft~|;X=BN(o36JhG6)2U0P?S}C{VEqELPIz~DVaBR^T{I{UV3!~ufH;y)&_QH zj?o$1r2GGkyP z91JCr^%Pn*-UKTjarwYy?A>k9H`7DY+J{cEd+a}wM3B2JcIK+CSngOVfh7kML_pnc zrEoyWWfe*}hF12to{J|(Juy@3{&BWmOyW+K=&{aDxb8ea%%h6AuqB*bo`YGLIcARj zbZ?eM?1j_BI{0B!ryt!p$(FSTC~*`7*GbAyZD~Gi9HU+u$%IDm)d4}As!j0I(9pra z*bGZ`oPW4w5}$02$Ei^`E+Ni%#T(GP>trTPoyN;AzrvU>)=Gt&Re7@)D>r)W6_B;QcASY zmdZ=4xjgAhNxA6!mEB1CkcE^p%+(vqfIPco6I>lqp&avA~QRg(Us0Z-o$_roW+ z@=)cW>iRQq6J%7XU#<|zfFOKQP0}DJSx}45pQ_9r`)tI+pxa^#o2T z%+nLk{ddT(@S&n3{B$9QyV*})@jr#QTar)wu4V9I`4l24dd8;zWiYGLo|eW}nZ4=~ zUHW%d#{`kU<>U&IE&8s|Q*LgaAYQ5yDugy{#rZi?`Ebq;q!w5)d3aOaAJc(xqA$I@ zWGz_=aj)PrPTqc$K0eHtf#Z2);w)~b6p3=mdyJ}l)fe;%@pqm`xJ!uG_6;9@wT8^t zDBgT+CNtmpkShfy7~~vhz>ulDIsIdvtQ(4r{r9E19{XUa>{Sby#w&6B{7(Q(3Y%ie9~& z-R=3Fm#cSQ(RkNYl(R0=Tjy+bLx$wOq=o&=N@F1 zpL+sxy0x%i@1{%CZxXKl&4z|9Wkfv4rH&w|5)>j973N8a>C>`{MWR}yT6scQ#ozO@ zb4621F!OK5pq5qb_rc6B84eJ$p7ohYrQd%S(OgSwzh?XG`!|hPDczj`WZ*dp*OaWHI37 z?sRMH^5pfitoQ+k-W$iP(*@}0i@kAz<`AEBDPs4a72I<#<6%)2nTZMbguKM4$wO)8cZbh> zHskf}5W01DA!Es>4Bs3FQ~OK4LI4UrD_S@6gaafz8dfVlsasLz=rn?j@GA-GTYSml)VU z#<_X(nRnzenI%dL!kb`sE19}u1Th;>m+N!ih|epo!AAOg4-)k`bwegH^=7E0FUPiwB1F@-P=;gWK^wta(3=GCZEs8W5 zd)1Ko{QO9l0(~1yl_g~RHfC`5L5yf0hMiFX=jOb}SI4FLOE4(SqsgnQ7}wGn`IZj+ zXfmJo2RFk;9>>FtD}+wYi;h%?k&*EW?6no2Z-=V%ee2`5c>7#5MG8S4L+WF)>pWe5 z{*~@^G?DH2k#TE(tGse3O7n@^IFxBw(^xUJBQ}*Ds%)FkfHNVlF>YKv4hMZo>;MyD z5)w#{jm6sIWj^_CEFQX%tnR#w*e2TCd~lC^K?I!q#xwoBv4ohMWM%)e7)~ve<8p(DzWazVq4h=5&6#5leD`0{x~lFRj_ZCPRVT@C*6eEFV{=WoXAufNX3i4$>jbX1Y<>M%Ao=EDy^ z6r^adYDJRj$hd!rOOLf^-?qLwRw=o1<9;@Z9q_Iet`-;U(+jfXh@>Rz&H?ws^mS*fW_-3CoCDT?J(WDH()gdQ~u(6IE!$KD8K zVFs7ao+D9VNcZ+FxOMR=Choqt*_(=Sy_9w=ZAfR#H0JdbWgwhvI4@5^hB)rw;ESxlEU!dLhU} zU$qWzg+rxD%cX^xT)c3Klq@;cc5bw47FK>jQ7q&>Pjp-+`li+dg@)p0D>^a}0`exODLxahXNr=LD*zhTq&v1(J`>jHn;A&dHi8H52&s5^%=0RxvVDzNvIKO3|4()KL z(SK}&|Jb7_%;w_B6J!|**;jJOD{$xZ5u%f`(YJ9RykR)j2BOi50;0}G zV_P=}M-yrAlXLrO6ozhrIBMr{@!EZSLmFXi^i=N>O49FhBqEL$?b=|X9?X;PUgBn& zu1G#YRBvIFvI1^gj>gp8uiXDcjJkL88XD&AcspBG@%M|nPd@d(=h^QGipBM(g+9df zdc{PYz4=W04V?XPv#K0n{PV2NQHvAFU)}Qr{IvdoAL3?%`Bg0Wxh@yu9-<^lD3> zWf@85Qji&^5^?__MMXMzH|sl&4erknP*gk|D^Lq!^2Oo#_(n zsQR$r36u&7lW%f5Mw8%rb+DI$qe4M$%rSO9u%ScCAZ+v`NwT@I=>e9V1F;Sm>jaXY%kw61w%haWU7UH2Dh0g+o40&OyXs@UKkR*`{J2SCu=!T2E3EG07?1>hGpRXhCq8@T@v1!jGas-*s)b^so zz^1r7UE@SRNzD0eTz!~BMzIttiZQ6)n@)8du&P*_DNEFUro4WotOVEQ{b}G~flkUP z?rDb-Ppbj_wQWRY~6&m)U&a204P@X?oTb6fYP3U_sD@PV|dK zc_QG{T%L<4&$Rq?yns?<5H#VF+VzQ!ev=~k&qTq zoLr1gry;a((MMJg$+C`nF?-!loGU?=uf(%y7h3pQqajPi=znWWobM*SAOg)jw@SJLP^|Nj$M98d`2mn z%2ISZ+R`fA16OG=-i!z~AG|@XNQ7)Wy)l&86V}{a^hH7NkDTSyqc~(bL3sLRW9Ak{ zT}MOi?t84ZU%9@E;?Hs7@&i$R3G#quv>^w54wRSma zX6;z?^()l)(76`1_=8YLn}%rW{A<@k{ksY3zf?`N_;*1fBV`n47gAhQNYx!sl_(W5 zigU})RZLm0MJ;Mki$4cxMHy!rwj07%v!>OO(^~v((A56-lGA?zwW_Mc{{W;H$KDLt zGKFS7mZ%pvQ9}b=V?X--IF8Qs9skmLh@>s0%iRs#)9bKINx;b@{Oj%rbhTGXNzwW!7aI%)}OEoxDVTGXNz zwWvic{;N<+P-{_(TKv1AEal#<8^mW+tVdjn7vjHIUrN!om&WE92(Isk}XR z8HXN90V9d^6GrpXh6}|1hrU*krJQ8tt5fLK^aD0WXYgB#hnFTEW94h(>D{^wZQ3-W zOZV^Cayg;e$2LOlya*P4y_4Ii1=7*q24&g_(cZE2Y}K09ZJW`x*CKXaOI3XqBq8DG zLOytP8Jn-AJ^4*hR!HpLH(7b&2029vG9uUU!`=(TsJ3^PQE+D;ug%-aiO1@WtrRVe z+sByY$9R0C?Pk;AOTQUs{|fG2KFqGu zR|O>jc}WUuewxFsv$y`yI{!M9Tt2Xid(wjc|HV+q3Wzv1Y(ITZ^>@OB&8$3nOZ7Kou;AmF?7dofKmY#}3i);6 zJhonrRUO??`|Gok*5Z%iHwmgjnNR%XgY2KXh`p7FlM0I4tUGX(Ge=^`$}AK=m{6y4 zH-i10F!?7JM0^2mADqYKGCjh3wW6V~6}NZ2!JZ3ONi0%dPz~~eIBq2y;M%YYLq?5e z(7PX;rEzri?*@pT6xDS ze0Y+*yBG25(!D&$eY!J6_WdJVd7P)(ouVl58WDFBC{!hrnrIoDV0-Tb(XlD0=%_56 zD_f3GEYm_?zozZ_YEg@SFSPYN`272IjBi`MmwLtapVE>q(#ACvC@U?g65pOIWu=f& zT2}Q*jabXsUX?mM*>1Fkaw&1$|2Iug3m%hX{l6~7J7PmXi1C3*8piprjnAX4+~!C zZxuF>OWP3FRIfNCD}9C(m8s>E?yu|*a<$`2+a+u3XsiB}@Z0h|>qiy-Emz+w;aT~l zdUVjymA)VlI;tdJg};q$<%3Mvsk}Yq=f3)J57YaEs{Y=(bT(VgJW~BF?Q-?qhU1KH z;i5h+M@fn3!_^G>y#7!blD}2np13CaJkOts(_@J*F{5*sw@_R@yDR*)X4kI8AApvL ziOHlX^k>9g3(GgjZJ58JV z;_YaKeLx^i_NM6nhY0H31D}!=GKCT2JK?4+ji5- zL7kdWFT@2~6A@U{=gT2_i!6p+yE16pH4F#S>gWFqO1QmZGJEpc(SG!3hII)iG^8Hk z^~}k?eTEA~<}|41f%4uyqO|PLjmyHlUMO|!P0&!3kruU%>xNxuQO6niQ zKQ@LMXc?LlAiu$WOLo4Sv~>K(n6h33E01?X090wfHZ@!Gi}03kyTUEHT(T zJKE^#>T>MZF@l1Eu(PvM|0-fwX)3F}UPZB^2QH>Ewyj>rt=Jg$ZT*$?yUt@~YfsF@ zef+dyIr}f&$19)#mWIWw{OU(il?815WjPzR?c!z@G^^`_A~%j@>-SNR5Xl#FS7YuS zhP`eYYnCk%{cIOU51uDoVMc(D0~#fnZ2xrw(J`^?+qIren|E_JUqL-TAJuX*#d$IO z^27J6-?)vR7w@2R3Zl%I?dN*t*um(V~F)^Vd+AbB~4d ze?{N54jy*pd%IQ9mzj*MOI8wj{}Cq-Y+?PTEhH2h5mLvU2j_M$=Z96?OUO}e9uXW= z7wxjgtp5J_@_ae>7ff9PDSCX01uK?vaOXjy;|uW#@WoIlq$EFv^{c*R^`>3y*?yVK z%xJc3-NW6-sU)T6(kRrAT}xMxu4gagHKQQ;Ezy3;!!h&EwH&slPXT~t+^Vw|JcbL10iQG7PnxMhssB0tb z!K8*L``Wo(EMB#O-CK4Noh+kHh(G$8qP<@&tbd*tvSJecMhf96YcTW1D2(pXdHeiIW$u!oCMK z?Z>7;Tf%(p_;uE&L_SA8WXUX<^EGQX>|lRH1orNAaWKedt?=)Ax1*T<)p8t~wjek9 z0EnG8MI*uIQxRP~ScRrP`ERB`I-%6aHZO`ftXOnH?OZMGk{Iqg4Hxmj( zJ4*2s<*a{y9%Uhoa5mDWq(J!i4?pnpx@{c2dKF72f1E4~i4y%`@ss}GtLhJxQQ6;i zY&eB$lW?+b9AweTXWPH>{rNTele|=hg_DQq6K>o-^fTYC*uwqzG!oOYXx20wo&Q5$ z?jApWT(t(OwY9Y>;rg@dpz7=EGjHC!-{vaPIG|(TOtbM_F^WheC#NDUNM_qR>C|!5 zCdWpLOjYucz>ZfpbK!aliPudba97%N8H87qmB zk&_+8`q#(OwRsCVbnCUM> zvukJ@W7(|<7Au4;t|oH*!dkNYeDQN}e6k&FEo$+91&ZP<4sG1Qom3Gel= zvK)4;{8|v0(==`09&2SXAHV$;7ZQ|o?b4ZGUsIONna!>%2_m)>v3KS7tXz8dD@fz; z!2>)>D~~nu(rixb+{4YsB4U=^<-Je8#xA@IUD`CpNLnIEk;{+sKI3e>lJ?#E;HjI# z_utGXEiH|m%fDvn#w!FgY9i`*x`kvFeJKjqyY2^;?LLOHAe-S{7Oej6D-K5`;piJm zkcTx6UV$_VtBZx9k~#1HhCFRsV{IfSCB2Z4uy*w9(wzIpH?r$=w5sm8?@ed#)k2!K zYERP;2aK&f1>tnU%_o2sjl$3@%i#Eq-Q0+gUI8olc*Z2o#VKgnrX%f}d9viwH`shZ z3Y=ve_~|Pa?mCHE{kF6YvE-|_-XlVgqMQfkn73*pwso7+zExvP1^2I7YCXeHR(v~irg-?_wa`|qm7%!?0 zvGTGaGBb(@3Tw;YkpsBD>wDH7y)VuPVz%Vds{Z!5|FFUzZ{j?^c0r5MJ)Yp0cq;v=zTx2?NT-tI>KM~9wb%umb1dXJGq@Al%ZAesHJ>F z*;#{p2X9GJ#ftdq?WsiOTG72%PlEMQdGCuKDJUvr=gI}F+7(Gi|_}Ni&&bv?jt$BSH@-j2Y$SSU( z{Wbg3#T3vpcc4jlh-!5iYu5n$EBv)#Xtfn*YVk+$n*>#2s7m21dd}VGX0(tK_v1;B z{5L)4>S@_ zvUb)cu2#POXX*OKP-hSw!tH6+t{sD$2NT$65N*QjXx^bCL%KJ`_sRaBPa$n5SrD<3 z_Xf44ZJTCve|r;0?xs+9b1fqm#pBau3?oMl!Y%y(k=c(Z6xSz3uH&^|lQC{OoC#xx zV4Jj&6}z@`w?vP$OUu~uP?zAY6M0W$e~lBq;B@3=lB-N=6@;}ghMRV+@U%93vL}5x z6lhz!;*?j0vRIBx=wG2Q#JbZ&M(8XQoh6F98A^1uUPMuaEp(glUbifc-#*UfBX%?n z4Z_z(eYzI4_&)>_O>O8hWE|6`kHpKyntDx})*zo2rTMya8a<*0`Sj7Ru|0x!h~Kq@Z=2hA5aMNz zTTl}k)ejW?Pfy$??i0F6zjlVx*K!yzpf~mE*QZ;%R-|6LMD*QQk~31D^oMTstL~Di zj6cSvQ&0VErc@M<%OwX=iiX}L0&3JtQ2sX|GE{^7KnGJP%4`uw2z6>2TO*m3E5%;6X&M!n6 zeUAb|Uz+zENFx^=6!8)4Dzzh^^7WxvT)r1gu~TC@gj&(4O$YilcgMn`C9Q(RaoY~` z?-GQS?z7Jil^R;;+6B<0a~}o`AIX3=LMBr!5-zVH&vy_LCyrtGkdgEggNvuRIT|HJ zq(<)n&z4M_I*CC8N6@E3O9HLUF&5=NIlr2BYt?LQoXlwF9jw&+N z;133)vtb1firjJb^r~INz81Am2!dl_g{`fH>QJenjfJ%hCWhs`!$=HfwpOCgiT{&Z zI1%XcbgF=dpAWi4MWP4=Sh*4CQcfJxQ_?UsamLd0>HKatCwtZIW)k$Q9C34XRQ)Z% z(ZL=QQASpJ5;3OFc8&is$ZRHYH6un zqbcR3f?d>Q)6(xbJbxMuyANd7(30CiVnX zd*%5IM17hX#+VwLs*klXGcy!FSIj$__ z#@g!XwjOp4+LV@*U>4AsHS<1V|H3zE-hUK3&fZmDQ4XnnqpGz}PY`1XT3SY!89z-J zY#sDP#4aN(DG77S0G?`7A4@|m(ca3>W+5x)65|F8XWhwId|LFTLw!#nlq8#w^Ev(| zozt{-rLNc0(w!Xa(5Xg#!CVl?CY;!}lelx6I8f>>5+x_(#ign$G}QB9HO0Trd-eLP zd{V!V3tcBskammNuTN(5sF93)?OQyXgkxbK^(P0MMSCQu-@`GRVcPckm;@G$+8az4`}p#6+AlpQde)yR=2ky}xVFMypU!Bl#h=CRl#s{RZLL{l$Oa=6QxC;RN=|- zb3Ue23OcRr7)GaI6PYw_5~Df=;A1Hx`B5T4zOI<4dX55Z_fS0b&C!x)h+veCtGyK> z?h42;a|y=H)D{tAMH{kl^YS7jq&|M$?zA8M6$4s@;bd6Zkwu{z&IFnqAUZaOoXUMp z1pa&xcuOq}FcKnaN}W^ur<5ki+rLUXkK63K63O+X;uJNBK-Tep+34eh+s>`?+6@i9%AoJ(GONS0kD9OsAxLA(8cU{V|&vEEh`4`+$ zY%LUlT(VDz`l}o*byhAB04tB6YS+V|eaA7a<1efyNW0K|g`Fix+(tt~I#%Ky-kGfj zPVh<-OBT=hiS(zJ)!4p@4`?J}{zMl7axwTRe(U`RORMARFCgD#-&-$BB^H9l!gxkb(HnM_9=d%C&HJk$kd8&r` ztp=iXe-E=3?4V2E;Yg#TQb!Nn%y@1kWvQ;oiI3w!QX29a$B*jrNqW-|w(-Z_&X3Q2 z+Q4pM+ugf%vF5v3_?YP-6NIFkT;OXBp!>#FOj$S3MkyT%J4@ruGHA6H3b3htrM zz{bHHPv1s-^zBc=zxS|9v~A_wcW~4!#-mx!C;j1@d27pWRm0A+y1zk0QH*kFMJb0j9*G?;e>pQctRGOi0 z?MRbh6BsjfIHN*K`FvjlNu@eCoxSwz^$Jr&Ur`0m%8<*;(A77Su`MpU1Js%waY zlQ%nWr=U>97frIy{mQBISW2~xF|~H)cuWojD(z{J5V?c%$#+HA05c08@~vCbefm^p z%zTZPr%s@66K^aHDm$`tqXPqGdh+w9OW1b4V#ci)aL)X|XJ1}J$Hoy`(Po7hFeQn~ zrP8Fy%k6QDImhYq_e4;Y$i5VGHPF^K78$(iqDs)i)Xf8TH%km^Ki;p!|4~Q-TS0C< z#nM;F(jZrm|KuxN>C5N*{5;CkPord|#T4Whh^QtAm9Y(%c74k$6Q(h&cTaXDdh_1s z=Ey}-otIbedOorHJG_84pAsNdqJi0D?`u1m6qWiEc|#PQ>M@0 z-S2-PJ+nkLP!}bgXXt>=On>MTldHstegmL>IYcV=cR$+%pE<5@e`*ppx-FYNFS-VyK?d8xlDflYqE;9 zC@v_VsIW*d;_yn>&tT-x0bI`aV&aG{qLxzfvU96^ZCz9#>?{VIl-q}SY2095d36Sx z&fKR}+r}7I8VPG^UzwVO7v$zqT%ikr;=)|vKZTeFc4u^3J4Wl@AuIB0ed%{7e2S_Ek`j z^Q?RYLf^VhEt%P?E;D*}Vd9jR88K!AA1&OjBB#>*(t{ug&zDb5nMk;ftofXo6Q&6H zdOek|sEGU;{jF+yWW8f_BwyIKJ4!O~#I`lDHDSlL&57-q*tTtV%!zH==-B9_lQ;k8 zdCxj)o%6BxhwiRgRl92M`?{~6aG$pQPKKrT%>>IV{J>?eAAE!qQ_WoB=ZW=aqZf1r9K)yFpYmXl2+W;wN7`J=rONPbL>#_onDpplOuh0t$n(^bvMq*g zS#DlTa|J6_V7Hw25i4AIdN-!u4_qW9q|yFzi^O`GU%;pD$*NhlT-v zBTtsToww6Hz0PHDJra!VZ~jFmfCLKQMS@t(zANLE+?FkgcN`%Xc_Cvdb-f2F^5(}T zSsF>86~8~>66n@kN!QF_%bXAV+5C)s$iF|Ep5)zd{)LA763h z2-IKf3=~Y!^3ufbw2%P=5aX=wDcn_Iyf8336dp2y}OJy0B0;$oYKn`@;Eu z)mmyjKZpyZTxMuNLBR=)meC{yS?w!k-h=>D=k|X;rB_^SZ zeIrLcIb+mt#^W`jZDdj&bgN}dD^`ZQ##d|TU{^_Tn0tTm90!AlvkNHum<4>6P#PGf#@BD5tI1 z3`UHtj6FS?wC7~bU|~>BZ?uVukYvWH79b|hReDY$ru%WP&n4n*hT^*uH7zC6GY>?v zbxp@#1_o5}+2C({)fEa69@$&B3QBWof4#221c!UN&XhF{70Ur~2HJ`RNS;kd z>$JW7zNXTxMg$N7x^DIqdA;D4Cwf8X`J@CU>X>2N!SojTy4M{L&|EkrlTexOaXcIJBHVi#js z_9%n(94aNx1F$;0IFeleX!<1Xr4qp1u7xH9Z+J$HG zM&jM$hzLCUNB78`=>Nye2)z1Hl{P*xpgTOKETuYdM%EO^kcgVt{11ZS`}$5%8g_Sc zI+hp!0O>r_WeSGQp22k7&xQobzlP>jc`tN-AUX@z-hK%O>t^draogUnI2(O@^ZyOM z`+Ue1tr#-E1q!3X-K|lal*sw2r%es#(_wipY{#1&BySvzCzT%uK~TFJ)e0=NhAb_1 zO*1!{@85yguA9~0l|C$nfk!VHO?9k{o$OiQ>?97f|8$ASxygzULkj}~B8e2e031$R zguOwzy>oRvQ~NREyEmPBh5ywbda_;4;85MGWC+3|+K>t3aSrxfi0NB?{5QrcP6lJ# zrqZ@F;s2^CpBum3#|VqSGtlX;x`O(KQOK}4Oo$%%ceHD>5QPRA$Qi?TTVHxTB2 z!Pd8C5=Kc<$G)1gZs(l!axduDudz->J?@l<$G={X2td_ecC3>rK8#)1;aOmh^6&z54msSh z@F*UsT%oQ`HZFp>#g*Q&MotWYe2ay@tZHY!{N{X zengAB*)z|+)hpVYVnlbe66TawN)^>YyAnilJ%Vp=6Sy>H9LSd=4TyGlaR@$HCko21 z{4-V}e@#pSfQ-GvgmUC;xTU^W%5!o(>x=FdomUF@YWt}4UN>sDraV(YkG!)!dA+`0 z{@b{1Uv|Gq2A5J6vc4DKoVAih@h&LJ^w*)S%QJ4RoYw4ag0f!Q?rAqd5PSMMPNL)L zP+pcD*>+)xxPZn~oP_UwXBB=Z-I59iHvn=B&mXI`jATQygQqimu33C?XYeK}wBe!c z?ir*<;&<3=fp48&v-4A!#sv3JexDpQS=^AfwiR`v!!cFFpqH9;DL9x@!V#zSzEM@l z_;NYqc+p_=owGN+wnWPUY?b5O(FMEyHAT|TMofIS+6ZgYJ4}83dr6)c?!8;^GvZH< zI7m={p)qwi;&H|mu1I%_1c87#S-iMJllO=>In%RpwWo-Z+LVHvFnwr|O+?EXc4%v6 z-%dlOB{9|5XnL5w_=@qz{A{E|^k($VP0CB_EfWwrNA0kD5-3FDaV3Jjg`7+azQlJ*temjt;7~=g0g=fccdD z2euMk^UC^mz4f<#R%s!7Gl?W2DQv6UH94HW31e5MXaiC8QN63(D8}6q`J$d`jVZan zNLv(?K8m*vc?RF50)G>+f)~|^B2LGoXcG8e{{5m{RjLYiOgyNyhA1@=wae6T)zDOB zR2BqOKgqka1#eW4^VRTulo}cu8dYD~Q$&QyTAFT(%Doo+q)V62FGt?M7%yqkJg)@z z6|R$L=L_@RZ&wrvu$?N_SGQ-1pDkgklq@+5q)LBpg>S@@4^!}}(uu4FKs-vz_&)%R z(5MokvKY3RnFTTRSE?Nk&)DRPG95dymqNdaW`Mu29_4GjmFDb4AZ_U##M`6d1sHhr zoDnz*R)x^rY2wUYV#unf+zAC)%H~oRJWO55P zZ<2E&y~1B6A9vHgS@hzA^{XPX%Tmflfa(r`Zd4q-@rM6|38B0 z1N|%x#@DTYX0uz%gf=8;;ny1&(ecyaKiM|YV*RQ-eB`k*&kv_ZGq(<$o? zRJzB#;R%1r|pzgIR)4-iP zW~zq=LkfGJgCw_5xLay%E5vT~UQFS6Dq8do7rb+N8Y*q@WAeewZ@3u4y~Bf=DpLIa z$`Kz(47uKg{<9-;-=1)00xbZSWdWcq+DxVyJKVr_Lz~m^#yWu$M42~n>K3Ycv=Th-bSv zFoP@ZEw9Har-tjx0@|xk9;eQXE;yxE+;-V0f{~uuR~6!k##SjJR%$JIwdHbpD&&lR z%VZ1Sv^cmUZdI+0LRy@aSm0oh@At-|efA?h-)i;ya@eg8Lxc%V!0vfuuX#_Lqsob9 zPR^IGnZ0W$`&N@+s2oQDwUFtyYKu{2&4+WoMVsZ3zrzw|>;Cpk)CQ2YD83f2C@3d& zLuJO)(h0oK7NR~-fcA2&2VNM3IBA%(vdx}Or*BR!=JI#`3ynsiDLDdIhdQ<9LVT#Q zM@`@jfWu~MEZYV^!{ppQ)hFH{w!HTO=T#}TH9+)8MMszDaC@eQ38~KvXh(A3&HJA7 zNf4pI@cfLiB|UzkRYY48=$eJ?Kwoxr+6$@@bUgkW&m?%?`wZfIw(psmw_dN567(tN z7nl1M`k=#I7jPi>-a8Q}%-lbEjpV$2wOe%z-TtHXNPW>}W&9l9CjFa7#V8Gf_c)kB z`pE;r5v|)DUF1Z7Kf$i?FyT#DOj+yrR)Y;aKQM6vx=?y#Jm0G*iU{KZqcaqO`X@5$|W8rl|{%I{?Modkzd&{n0 zrGGiyY8A?+=9+m897&6=2Z9-(1=6>2!@<<;KqbLE;(=2{GD zi}MruYPGGfxvJZiXI%Gq77)Ltc2Iup{emyC$It|DVLVdqvK}=hs;BeEI;)L5bE5}Y z+ShO@k8B^03vJu1_olg97<2sx6`75TSC=v5A|Riic|E*C{?}0SH*PIOYHx2yj9|Uu za2pjV9GiM{k%Vuzx%bFmq(30jz&(BKUU9Ki0ZM@8STnH>wDD&GeH1unj zWZM5pDMl{RJ=#Rjbd2;Wr)v36>FAYVCytbB_hQ>{`NU4O`%%Mlw2&!z#X~nSE7MCG z)NPX-9yScbE4+Sk@Tav7jiSwqF8WY9g3dC!k}E7*_mc_B+qafS2k^>H)E6Jq1U>)M z%3`fHK?1WLooJLP9X&x~ zRAP5xdtW+E!SP}-!v+{(|1{un^pv`*@0#1IwayPw`D0DxH1(HWz&WIH)Kw*%UhtW% zX265VRSHjwM}Xo}D%38We`nAuZN$;#o}pS;Zc?x1O@Yc#Oue+IT9)X3xH|S`0pfYv zgW=VqQLJhwP~Kn(&8K@}HsV=WwOyraRjvUzfy_HhtprDqq)s73Lr3cQ7~-utAV^NP zQKi`x-;V!cg#}Ra8_5042n2azuDmmV+@PdppC4{D&sq{?Pn&GMqka=fd;H@@6^#NB zib-Zz{c&P9(tO!9*%cCB33aAh7yE$;z}n5h1*}sKA`@O{WjOhcjr)68xc*K!gRM+g^x`ntET?wx@E z1=GYr!b#}+0*7Zo6&fCaic=ejja%L$U1QAUr`?dK8=3T|wXqE2YDYA#+qlQ?b}rDomdnXl=%l@Qa)&%0_-Z zvCbwlc^Ewp$pb<@x+VGlp=I>X=|rxC{i{@wNQh^tkB4~pJ{o_x z)95vt)K0=^b+~HNAXvMl{TonLwo``@ur1HuK7j4$MhP9_!xq%e=!LqBt2 zWnXPHo(41UrDLH(Wx61a979G2&ZmnwFq))W^co~!AEZ;P3DbpSrG8D$J!y+!t+}~P-a&O3Ax_CO_wN;NH|~8 z*9zYQtw^@y#M+Ph_{nUDxl**f@oN5HkK4{(Q>#oV@n6Vg*FcgAMVs^QAi28QTlnrh zGsnK6uI@ZWmL1WW6`k(at*YH7Y`Us*-8vxK;Ot67?X&?LVb0F2DIU|6h45)Dv9mMz z#yG}O4Z5qw-DQ0L$<41LB%5g(`6Ewf1dP$y-yWZ(yI)h4nJI*aybMIzzOQ$Y3UsTr zVR$%rKOLTCdMF7GArV~LPn(RC5Y>K!`%W_%|I; z>`R#MvOqoRHyQ+=!sLihXdL=gu$x)>3D1XaMV!q?B|wt(nu%3R5BNvH}iNOGu; z)cmz+AYHS7M_aE>{T zIG(OJK-Hd$F(zYt8D#_3+ddKAO({@IMM=jsd@7o6K!7Pz9ojv&YtIYCP!F|N8KCKY zELHEQV%n^EtBQ_E0CO|CuQ-0JG~C;X6*^WyXXM7m5aY=E04*stlBs9&r``CwtdDI% zW}1w{2iSkJYG`E?5adX!z9^28qDc?Ei%xj)lK5HL7G<`J6Y`}|jNCaAUNUJ|Nxlwr z%irsBQ?T`9c{k_T58?%_k12`dz|d#4rF*d;^K`QX)3EZ|+r7nz5~3hUiQ{|OQpVBo z&9Aq=aAP!P%5pl5(2Vb1!~xeMq(xY58FTtq4K~caCk#gA1=L_5nqA@L;bZ73SJJ6Y z4|7k}Coz|LxEbz8s(Z8pFySA!NaV;uAO2!KHD5~Q7{DOF+tq?fPJc`Xz|IY_lvU2Cy=%|c0+T_4_VC^havu2%N-p;Kv zkkh@)o+e$(G)EinHR4~G(?)#Omr}{ik51Fp)&i%ggF={$f?HEoxFAD=r|NOz=Y4{8 zXBq;3v)WM%iY6`xtKUs`YjU>dJHMDsy!`pw`EoT|O2U;WVB#0a122#XxD?>WVct;{ z!2Ug$U&9erDo%iiVXWnRD%)J$nR?@>-w+uYhRu?CLHZASwTK-y#V$NsExNi3D(fZ8 zHR_lK++#tBh+uFzm}PW_`PU^3x3jpTr!dZkX|!WB8*t+NWOtzcH#wT)#Hw5c9mA3A zkQsWi3jv?)LmsIY>+a70K*Qm4t^7`zaXWilhpr>oA9o5`i2o$L^BM?l-#Oe0yh54~ z)rR%TGnHw66A}9}_fawLlwy{(N-X?T}iqgsPzWp^ixYhz!2^n)=xDatGQ7_-kCu%+Q-0MaLN-KsQD7DVV&e~zAyQ6D`NL;ue>pUCwMUs(9!!zv1zkllWM&v7KlZ( zEoeYbIRg;;Ln3yn`CIT~=iFEv4l6fVd~9wl_@1uW;P<&yZ9BW%TW_n?ZcK1(U{KJ> z9U*^MPiGtJ?_C|nj38OpTgNv9J}4v}Ca)MyoWu*<3FNhAEaZ+v7|7xzYRl<{if zPD{p#>JfdO*jlJS>PUTy!y8}oMfT1h8uMg$bajEbuvZ>XgscsIWzs|gK*UU$h5o3L zUt#{%Az-&E=IZ--#^s)2x&2KU!_+iUdcNYG{|ms}iEUxN%qP4mviQnsp%6{je7ZS>6udAK}5-gLKGrdNF zCP=!@lEKNU9bL6Bx$=j-wWwna3RWh<5+Hs6aSiU2Bvp4kr)Y=fhP zzPa=4U@pfOlYBl-KC-9cz~r|EfDy2Tn+@cj32^hf(od|&w|>~%SMu>=3wlP@);#3X zB#w0Xh3y^XOdC%#X*GT?=>GmoYS#|M1^7@jpyBYIrK78t@yNp;WE+{r5#n$jsnL2t zjNLk;^9=#X_H&?{^~>)EmEPsSC^O$luIIqnBGp{30{{3nk`3sNekKy2K*1sFG}c8w zxw8A^ck3AT;~K!@ccP;h`s~-K>yThnP0i2pWP%2R_3#ZiObMGk)g9X)U-nUzM7(YE z_2} z;WzCx^rSEg&57hc#RRDWX4H%^Srd`f(ETM;a99O0)Ul=hm8gyTc&{zq+}4lh##4C# zXZ-CkUr#4vRW!8Z89IBvxW_6=+yq2qHY4D62KSV>QsM4{nigbLve5hRfSlFpf0dPfH=R+%@2V=Ob?VCywSU zhQNrc>H7Xi2hWWuG$LF{Si)zmQPV`e&VI0LH(PpkeG{+1ME@sTF{>xE70RLy(^t=LMg=7Jl7=#>>nMf{o2pnhyr#z#6tRfQjjmL=`ua&Uoao`@8jb&HqE2DzaJY0%=Liu~* zec3R;iq1Jn+)+!6+KJN2+QR~sysU$6SOJC5QI)jMf)o@a7|O=-zk_adM8uU?pa%u! zeSV#tAIUmc71vS;=Zsg`*H!xBQ)jxO(Mcl&y;2}dj5DD^E2NJsGO_f{G`hz4@VdF( zNlBH)sw&tTM0G2xlINhmtLz`W*d3~ieZ#T|~J0LV$JE2pDVFf#ldn(5BU zzWZLo#+zny+O)e;CHS`BtFJYye4}J{dvT|TK*$%mqbxWez=r)5F)g&DvJP0bswqty z5uVts=kms)s)$K2qiVWeOu-TF$NM{K0k^WRf|Tr;IX!)oYsn-0bbBXE%eLD7obI#{ zpvyv(xl{C)vCimS*L&5qST>Xsw_FueQF?4(VL<+_-P@}rGOT~nn%u!ZBN@rvE{VYs zquy+4p8;Mw?P}puy;PQn`DMLi31?G2J&xY!al3`~1D-iZRLSNi6;R~-c{S`22DCCMNcJ4Rf^Q%-OgqFi*N7kF)1 zqd@s5Hz|e%wqVT^4;1%t#P!K~u$Ir7myo-w3yP^JkvO((| zO+!5!w8I~6#BA2%!&Nhw8*>BGRx@pbJ04`2Nbj7o*k7E2t#Iw%x!9nSdH(48^dW4gSHnH24=K*Ie1b4AvaZhkA?Iqsm zXi~4dg$ALlhesj%yvIryUx#OS&8A;cPXIKF$0ljw@6Niq%0|_+UEi+`-DN`OMx0dI zc;WT82Yx9L^(qpl`qnCCNR9**KTF72O(k=J{FDQ_^3thGs0-%x2e{O_yP*vWZ$otY z-?6(h+AH%DpPZz*Uu%EpUcN0Vh>sj}m% zO}0nJT&XCAt6^FZpoTkfE7sHgi*X|M%I+=*@W-yTR&jRhn^kE=%bcF*mz%>frhl_b zpE39;cCyt3tudv@=*G!r1~7>17`@l|>@ArC<%it<$*DJHYiR}E^*_t~WCle4SX-6k zBJTPtTG~u7Mfs^(gHrOQRgX6;2x$v5a?(ee`3}@@50Lk4I-r9x3|a4n)$^ zdxBljXvUoY1PH^{DioBKCdS7bg^T$g?7q+b&a`)M8XB8GyG({W8HmF0IR}aq?#o8B zohRuA2V2zK?Yr;3el(w+69X3F9)4xiej?15-@q9Us5?7!m04}u8X-0N@1 z1hV=6G8-2IMX}!&N-h(~okf)v>TiDWK&={)PAS1QKM<;vCM&8b(M0os=GG+%H5AH1 zWMj!pM~iN-zKK>cWF?V77`U&vV=n9$h6tnsz^u%skH|NB4`Y1vto<7mP=vM~rRC`G zny>}>dYTlh&p?|IPf6gT@MHg+R09!ZvQ>CmEtnSf}|O;fh6} zq*8juyh4>ix&_t5?#jZ%ajf~87Ewtq?CO@ajK#Q{EqHidx_Cle(i5|Dyv8k#IB3bS>1up#r#MU5@#p6d7lR8K347K}&5mdY z43eY7w-dpRcU+-|c>W3@N}>j-(TZ6$#kgP_nws*CqAd#Z+`pwPzp{R;{Gb6+ z7goTgZd>SXf%Hdo(8$!9r@Nu)!GL*1lf(A55DM41c^@*-u5GDM>-YMTE@ILt{fh<( znE0P+2Q^z7ZgZ7%uV(VtL zM00aREy!-Pj8%$xeH^qm=)J;Z$#Oj-G3Pbyk|Vo!qZ=m~ad2RZHb%v(3`uNCPc$Bm zvQgGXZ+6T$$%vl4(HY&?2phgjn_}Po*RUf|MYlJeHrdyi7t{QjrP2D}_9OYYYJzcj zBAEifW0R3LeYq!&NMP1##NErD&KUj zU|}SMLnSCy;_A`lbi01wS2pVq$Y?&4&CiHqw}R@uRzM9fU4cc)^b73}EG2hvlE)Os z@H~z{qTt+B!WAD}=2t8^ZSm;fvF30x>mFQ3VW?Xy(}z}d;`}m71*y0N7SMyu5Kq#AGywOg3IYoVuFHv^0=PQF4_SVaF5JnN0evJMgOzusHFb{2f5MHVf?4*^iH--p> z|3+YHop{~oC2No0Sq|BciCVbV2OM# zd+;$jEEx^zPewW+5p67#x$l9>G$Zl|-lOTOT=={bQB(_)A$;#LXD*TZ&+6YpG(34V zs(E`!zk3mnDh}DGsiDbkB*$cI?E*1|S{05?xvfaac6E5g`$dSR2T!>6@9&>0}-+kfVEUeNbdkS_*?G(4D7 zLRR7vG+oLuCC&1EcRRw17wr~nl;&%65Pa`f@9Y9~C1Avzul6g-_R^SaDEFwQc9O%f zYLH<~H~)O6l=F?MBhxpst7ow5m=!NoLxJ*u%AY9TC-1DwO39JeY|LY1WXSuaLqI4MQvU`(+!R)8`aMwixrZK? zUuD>x(pZmhGzcFs*f|ereJG7+1maQD#mTr^(mIuR|EucvH?L?0SZiU2F2b04>@j1Gb4~!{PO(whQdkVoB~zC6Qb<#TjXb(a!ZEyS^vB zgscGVXDuivG8wjvUVs?w6a%@x+DhW2Ry;#;(_8{k3iS4>)UoW(C80^9v8Z9GDl(m3 zl5Y;rII$P4e;g^xVx!L}zEX1gA54L6`xSRgHn}zAw}b<{XR1zP;PGOqR`)d(RnBnu znNr;b?+iw*f$m--HH9fhY9p!*4ni9bXhUL3wRD{h?_YeVlgD(l7LE{XKp^X|hS%1b%F)%ik@D$G_I(o0ytXNXy8W^!P&| z;Bg>erO?)N1a|=8ac#lg{b`o;1%GBChS1iXZvf9id(cD9ed`3*I% z$&k94(~*BB<`-4PG$q^Hdrj;ozG3o3do*I%~9H+-^O(TIFd=vCKLmE#{$Va3BhxVFC_4p96N39T%El(60hK| zgBRTtU@54!QH*6o_ZWG7%P7eWP+Pss&-eO2*Ld~Vkbxr^SPl`j^qzwnm>H)kq%E8G zB)y+)77kgDE-5JPAckIiw3T^pR?i43=E}y-?|<{3>dsvwyK)9|r%~nn+EVT0wut53 z3AO$T9dAkW+KnUV;hps*#T;HeuTT}DrxcXjeKX&R!4}Blo#=E{h|nB=%9FRx;8eu^ z>Nbuv)%VVeV|*xM;!S7X5Rc4cwkY5Kf#_#j|J{i!du3w#9$@}e6r~#h&SXNFAl!vM zh)z|iEdbf44RI%_dZKn_Y_C7W?&hGi{MALu$@1aEQM{?4__vc+^0D7oyNI@-+FM}z zX)?3R5c{Yo%+kWlbJW8s?W#4`&Q6n#pA+G2jUak!dBOQ<$n4?VonG@_d&aycZC{h! z2dpAanZhH6*^2ynww#iT5M}`vmWmRWzK#c2Qf+Z)r=RXWjfbG@`ycrUk(o%C+0!bY zu}NVg(`^NBsAVDm4$Qrw2L`r+{*rd`#LHLT=)l=R){goldvF5ItAC_j zp3%B}bC_QWf<$utqv<0prH`gF8@+E{IJupgPkLu^?LpO~FucQD}s9OYMEy|Lm<<{GKWqsMVpMP%(AU4nT zd9zs3G~Y-m%p&%7I1;5px{P*2u}Ci2xqSKkv-1@Zh7E@*<}~k_;_i$n8Zw}au{~nU zjB;_;YiKwYPC{KYSvP89jo>%D{g zKk!5lQ8Esl4$fQ#_BF!g59lmj^o`Cy~B$;;kYOZcv#q z$wPT-pz-nh`uwdV%8d9NM^^b-L*VrUFWS{&@6lar2XWAF!cfjqGw!GpmpyfPmv_)t zSCcK*_|b+y)(h!s``=k!E`8#_(9#0+I?qL4jP(xp&jcl(GNY1Oyicsiz}vL%o}*AR zgvC8JqF$wro?|5VUe0zZdP!m{nF1bxfut@S>ru~!V9o}JLS(1m#f^2&wf6a(#5OFahnB`NlAS1U%IY`PHxLl8>; zR(H=FAA5SRJM3kdz<~!SQ@}CsH$Pr4FZ)qAHPAs}4C~kl@`gK4kKmS(t_Y4{_IvXt zB_-XryOGWjeF55C<6&bHd(UmTDU2o5pwUE{%Q#kh4+1DfbIo=D8H=A=aEct?ylI*) z7Bw=g1T)GKyP(pYA?QQZ{qau5!Zso35Cy>R zN|n&HrieY7=fn!`-IMH)Xl?UX*-;6uESXkY7R5)RuwgC4M-G0=L)+kFr3Hv5iJZ~& ztVq=zi8e+>1=s1OtbUC;jQHg$=|KXP)m7pBN#o!0VqF z&gAOYGr9ULsnP-|yQRnYI-|k0O!EEuNz*c)0ZZ-6QB#pI%3)w3qbgR8jpsG$78 zZ+htJOzp}okL*f+DHRo6kU%Bk!+m81Q>8hF)4d{xr5H<|K7|E4NWSJ5o{Uv;#r%jq zxT{EHt%uEtL+C@@@i;Gh-OMVix6wQFd&9whKGP_1VcrkenLWb0_XY1^ow!{TmSXAC zYAhZ8U9tvTngu2#?yfwxizwxJo2iax;<}Mtv@=?+WMf4#vL1_&kb=H(!+%5mEioBG zAyFj|Fr{u`ULz^igOTjI64OJkE+q{|GnTTm%9H7uZAP6`aQ4AKLUaa?kVL^t8ttnny# zbD-1+`(aC`d48(SUcu&JC;2BH z(%znvi>5?(ng28=n(Zgy-4?nHS)ES%&8Ex8)XY@2C|MSv5(_z|Mqa>Miosf_sRO?z zy=o(!_ywX4vY%4F=;`xo2$98((mT)u?oI3M6si0Rlpk{b z^YSa!$CD92rQT^iS+!r7a;R^pnX-ZH%bI2=J6fIR>$6&3` zqj=RV2elMKU@$Rg+F#bV9U|rwOUeBXn`kCzw3+B;$>J-}x5|+!`${x(bdztQ<^v() zoC{~3sn{PK7;16B9fheudRp@_-1m#>UKLVhOY!&n^r0*fcaTFF7zmnwZ>wrx>dK7Q zxz<)RTxjOTpnj^!?RkQ_wLDnecF6R9cSxM!WFG`ta={C_-xKX+N|k~%Sd4Dad-+c6 zOcV#+g9R$A(q^i?+_b)V8lG-X41;dnz3O|pAyoMmEKnapT9~0p1RdUBCi4R5Q~V@_ zITxzejFe-11J(N?7$~?mI%>4VD!gjUdv>LscOEIOXLj?m;~6gL)2MeL>N3!e*?OqS zKSVF;}Q!C{D>Jh{X3Ml{e_sjo&-nI+s6;k~eelHmgZS~6vj09JtfBgRQ z^Zhe^yXt-22Gyf&Y^M4PVy|F8C3yq^U9$a+__gBaM zfR;{{)M_t825gCiY%Or58{);QXZ+So#|;);b)`#_O&GixJB%QICF-nFiu28GteMKS zYkypJr78fQ*^zlU#y+#^6)TraI-jHT{NY@56liVwf>9L1#qI|UNsltSt&(90&#^z` zcUbqv@78OZd`r63Y&j&JRU7hyT~XI~{~#4zPefCyckT%8FuX3*{W^6K2x%1YJe+1x zk@(7U4A-kIf4AQx26jk=SJ&)h_^2Ofn~VwuzMBZ532u!{L>e*Et0y#sq~%xr9HfIL zg?blM8hy-}Fdn=1S{S;Q?5fXjp~8DVk5L>ct6FQN;Y3)W_q2vyDurF-x)1S zSdWse5V&4a){Fl)r9WXlrD{1g=m(8l@KASuw{b%Dao%4UuiBBUis(a@f$ht0J46A=-0-ZINe{&1;v%D7=AL1E1X}k{keA{Rn0d+_0g^_-}0~L7(KiY7LQ^Ed(f;jYh|Lbgxh3< ze_lA>Z$&sw2GOO;Z`!)_s!e0uGL>n)NEdQ;S4fhJ7PL zsxba-+TWyxo5`!*w4*EI>v?$BBu)!d7gP>j90EwTY`F(oI38|JN5@9@c~4Z&3mD$2 z5~xD-T;e`J~%-SLEa!X>V5=jF{Kt zwvvfBl9NAfnm3QqV-Tp5(|VC!E}M_$-8Hwa&f#8Ob(q%C-TQ`?8>f!1;quqgr&DvH zyTgw}(#Yn*{N=P{hINNVj-JsaWL~ck-b7^GpCjv#xeGQK$oGB)rOOR!*@zWx+8m*i7d5(VrG^O9Fly#3I7QiOu1|3z_}Ac zA+a->pR{-iC|Q5pPLnkewNv2l5v@%B^nAKzvgg;E#T1n%&H-^i81K>J?cS)7Tg1+N9hQr`Y0Z?w0*Q3pK@F)u@ZKSHw3m|lgtC4)7+MBEWt63LxEgpjc z)!|~<43F1s$}I-1Fx4@n)I`36rG>HOdMCyY{F6$4;s+-cyhgYhM8 zLff@ge!g#g5{6Dhoq^g3T%Kv4zf)wU%^62Dc3V5mkD4&uigJ*gX*=l+*7Dsy0De+-QQ#s!rZKF*XsHn$`@VG;Y8@L z8{UDZ{q&cc9yuy~q?tX74Ur0SD&o zh!-!c#X&9=;uRK4{>f?Pbq8-G^q0>WqGOFtA46b-td`W_i|p%}T71CIp>IW%hjK5< zmFLUjGgk5?QhdR}R~>^Aiks{e6g7Ktau1s~rFiKqv0pO1rtPl17e&cNp6;sTX)%|| zc4r$A4L)2t!wq&P#)R=Wf!D-Ovv4IUOTA?)Ka&E-o^9VfCiyBhN!~dW2hCO7RManb zUQ%EC310mYV%VFtQgYONg1-LvbfPR(jQa>Y0I|oXs2|LWiC+GDdyc=;Us7#1U|BgR zu}B_*DBwMgd^Tx#a1c_}g#38uiM8T|w!IftNgI$z!x3{k9=Kogo{qkrv^YKdS3+X6 zcO)P7Li>mP-88rBnAzR@zFwk2T$X<5S(8sk#&N<|1R1&;c%&kew#Q+^DW^9XS~b%$ zTA&%68S1<_-6T&E-(f|NfU;WbP*ZmMSWxrVv{AG?`u(X%Am*pc$Rvy61!CIn8pq4nAFR+tfwU7$$e8=Xcl))0`OOV=YZut~XA{gmy)4>Fc+fIZ)<4z+?AKX;n6o6G0{#9`cia zXSI=P`d1zB-imr^BBY?<)Y=5wJyRm6@xINTEYv=Oy5sSV-7jTu?(Y#38}c`mL-s4L zJ*=hZQ4)W1D_d@9HtytZvvm4znR$50W@o?SlwaVzl5l|uva;XMpILoaOyx9}hd7j& zLyq1(Ur=e&nT&5KpA)E|!a_b%<0P&N^uU50da8S$hP5S4Vt#l)J|^5uFGU-gS==Jf z>?r&mg|#+KmK)shz}n=w3WJIPgS^3DdchI9p-8!q^TI0sHr65BY$YN z_)|Ip*={7$NL^C4b@IkZ9)^%TPA+qmrQFW$uTg%BJq>}XixDxDys7?{ZbV9J41sAX zURR=jsTG=kd*%&{h3pxI0Ty+qM=9j2|9xuwA{+&&OeU;W2{NdCI9fg6MBUwOro&U* z+x*~6In5)gh>Xh*{M%Z_xRF?5lDVHb1a+UnoQRF4YjB?u)qMI_nz|5M6S_U^!T2$d z-aTo3Uq2UC_nSDA%{a`UOor&y9|ZdKNOB&EkT@Qu1RUrYn`entP74KW%z;K;<@Ph( ztL(|3H4Z8VbNMP$jQUG*1PyTx6brXpt5EC;ulwCXpkRs>D@=upGb1&n-z=0<>TG>| z5e5)LOyl)0tJVwJat+7ctNY&eTIwZTSri50^$;NNY;=^G5>%3>=@FS}Mq6`rgBoAl z)%z^zbIm^Uo9~XD!nM+1VWbZ)B4YnItnXaMBk;_^<6-HZ`Xnb){kN!tX24xuDr-ZH zYxSUz4x$T{c}aOecX!rJpLRZ`M>dUmEtP_5?9_5QmTH=edC12=0D$hgd#g{Zll8Zs z|EEd4jWG7+T-pRQL%h=`v3eZM$!bgDv#8dqhEW?eB}X;U^g#KG#+#NRm0lOM_&t}! zM!`Hf=qI1-GOR_Ug~QvA9SOv}p-hfz^98@fo-Fec{;u!21P3=VS0AXdMRbMoF(~pz z1hMhX@kdZL3gx<0wFTlo>wZ8xIqz(Nt zBA`%NP#zL%Fmd_Y5)1o8Ns)+7cgf_f*;M3mMbdDd+!d3PsSrf+D|xYq{yZWr3=zq7 z@wTr%fs~c)+`hgN_9W4vzD~GBA&sm;L{t^isBiUsvcj6JG^R?lqF}url|!2Z?4jy{ z?<^acU9rZ|#3Zh+9a%muLIB{NG_#W@&THCN@RbQ_fL1frN=P^}G|^Q?CM&m5p{kP8 z_RP>&8GdYn+#sKiZlUp1U=1pb4^o0<`#yFY3~e(FjcV~Tb?6usl5fTZ&?zO0>S{CA zL)=<+Ay#R@cUog+bd?0ajXh($4DY~?AmcV}16wtlQfh>nhovHkmKcP-#&O(b)Z*~~ zT6Y`Nu}M<}6(zw=?SQjy&Xh`Yc?!$xs5{n42??QRWk7l=P)>mc-co0RUO1ySaH%R5 zBU$wws}qL_t8fU=KO}_7rub%Pu~=J>B1DC#88)0>{@Co<(4}Ix&^(r*h$J>P9JBhb zE|#2wPh|j|oE&{KH|Os8mS2ss7pk$@zsZ7hwwxAt2c=lw%XE#)1hJl)UlW$G!+NB? z|Fdv*RiLSo|3|Uje%w%ep3IPW4CscTx>kfe$&ASBKfyHrDWFAJ{=3IFRj%U|#mO6Y zY{_nrDhHb1R7oJVO4>76#@Tg&dqbQ&V=k}uluY(?_4uIJo}}}|3P&=!B{MZ3IQ05b zuO+ayMnHf*Oa3X#rgV4$g~{%{-bx`(Ag#*y;YjZq!hm1>%~9_i+>qu3bb2?~VunPE zI6hAkv47sf=0+tMo2>8H$}FtBJ)4!kVVsTW3RQjm znzC;`w$IcoBGJ}EDX`q<749}$aRmdWw@Gx_(noF7llpiL05th|a!Kn}nJvo)(>9^0quN^|(fv2j2WPw;Cv#)$t8SmUFq!yN2%I8PNbNk`e z<#>FJf<(waK02jKF+3VLdVA~15HGnh&ziiSfuTCqo<|vS%=0u%qsCbdxq!xl1CYv$ zi>Rr3vXY>Zm+RkXyjX&n;)~W5ssrlg0YpV ziwgt05%!gaxBFfBaU%Dfco8Nq<|(VQp7Xy3WpVodX_CP>?~pM}#aTRJ5b*UWiGSbdfbvJlcm&!ts@sILJtey_7#e#Y|NqS=~ z*t%j2;Ov9zwACD#Sj-0{c6$3oWK>TV%0${<7q0JehY3kXjza$XKeO)tzJtmN!wmvF z$NGO3*d2v}>QcS!RdcpKp(DK8rlnqSt{8a4o4$1Hrys#J1^2G={ymUa7#$fKD=uIB z>=7vWp%`vfbKQn+{40&gR)Ntj8s2Ph-J|_=uBssMDD)q!@(dlSsBq)k66|&+n=do4 z9#fml4C5flt~md7Z}9lR17EnuXWhduGycN>x2?kmFd?d{`NV!!=Q!4M`U%SsTslV* zSkDfl$J1*STJ!d0zh^v+C-Dgg5El&EUtaJ%%|Ba=D&62a+xYBpFyjQ3f$bSK3K0b2N!#09$osLUiv{z3xkIp7a z;{di037rrLM1g~7eUA^Zwk+}JcbkOBNT)s4Lye$?_vZ=u1Pm@HQ3=mJ#sXVDClf>-c_U6GRQqSZU zMPLB<;&uTNS&iCZT2WoYKD2gBwbuCoam7~{Z!A`ndlpEc5n_(xlpk}{JPCC%`?1h; zV!8kZP7%*EeFd>D)!tLN>wlilH^0 zAEX*9w)&Ikv^6})k(2+`vvzT8_Bv)Q#n8Qde1q?dD1^L0g9IKhK3P<5ZXSqpL>XEe zoI$P%s@1M8M4a=4XnZ<&7Xw?s$`W<)NOmCIb)0U3qvPPhLS~Gsjswe#$kMEz>xLI9 z!D4VXd8fuo^R&u6ovbXP5RWTGo}1fSV4tx;d30nryrArx$V=LCYb(n7JZ|AEGr&I` z<@_Kpw+7a<$dt3~Wwyrc`z5jY!Yo_w3}0v#ACHkmfxN<8(rw3F!~Mj`vK!@2=Gykj zrGHJQnyTPI$?j5Re6wELoZ_b$85c}BbW zMk&vQKOmN%n-XNHe|9OTAAzIQrTOi1TJ1Zhc3x3Mn7D@3U?f3U zbYv%GKy`5(Z~FJp7qt~lG%E`4um07H^F50_Vcq)j&MJutv(tS8eaZTE>frJQh{#x} z%TH|I*v&zTAn)Zg@8WFlU?+7{X;ZU^S?laVMmkRT?W88DdwueYKx|`b6g9o>e`37z z%}f|Z@&EOW=Nulwmt`AJCWZ{uwBHu&ZfG<$HAhg<&@`*{zw`wo_K9N6x2mY^$GYzk z1d$_guBF4WqzuF#6FXN#GO;Zd(1M{Tj25ch9Qr5fQ;stoj)S-j=n#^$PQJ0*@Cs_l zrBar#;EOqTt1_gg7*UmYE*sccDX=L(cAM^+aNf`;{C8JDUT zR#wKtr)x`-=i@LGUWqALxVbJ_2BdUVW558Ss@VMnt&b?feN zVsfR}7a?NX28Cfsw261PPY!&1*^a7g_Lig7u3xa&9&O5MzgH6Q4g{q*Q>%!2SPLD` zGQoJ^JJ@X8a<1fp)GGc#AIaFPCX77%c3nLu%yI$86Ad7y>q0nL3rl&KZ8LKMn;D^2 zZX_lzjZ8+QtwBaSZ7g1o)`QW6(U5AG^=CE_b@gPoEuUl};o#u_oBxpluD6Un-oPRv zBEy;Uv$L}T7dbfpCvKucgoEv?KmQ{X`1yA+_%;Nr4&P_~uY~X)E#cFR5>Ms7io$|0xc?d$!>I{|dyw6?aKu;Rry3E%_#(bvjqa3j@zvL};Oi zoS`6(Ht|^YirK*)xz+7TPNd7vyZ(V2yFst&vo8U27iI64m>F=G#B3$0l ztyPh-6R-Iudebw!Mxi0kj=XTN+sDFgv@{+Vb*^}%_4^85GUTcG7G&BfEi;?&(lh}` zcecu^?_F*a8UZ^s?;Haz`Ymk0QTQ%irw*Z>LaYT zxx!O0p3WyCp><5HzJ^D6e``f9&pSr@C^Q|La`;aGoAzNtH(Uv7*m%FPTO=N0er>c;t# z)>T)YyhY-ay>*!ly!5cgA;~woz7o5x=2j@XwRwNJ5&eiHNosPyJ2%ypq(nf#Gn(1V z3U_)u>MJJjKf;%vzrZA9p^Z{6KD+t^!B)u{>@G8$761UO`pWwz}A7&ph}+6l_4;va)ce z$nl6~hAklm;9tR3rGJ`hqhPW#3;~5R_>quLulK?99kBq3%5ZSZ%`J0^%5FnO@2?d7 zilQhgUZM8vQq;v3rkm@E_4$f84`XRA zWwZEO{gdS-_rFTvn*(r5P_?mpIOpXL>h0VGW~%skQzl?EtmQv2(R4#0Xx z8pkGBjxC>uhYB>U zQk=vnM%Yod*+sfC)*^@kpNHYlRE?l1ihdsyxy03M&)w(SIh=`L@d2i{(!-VRBJjb! zy+tJ^G!A#7!t*rng8e(mWOL5wiHs$ZZP$dBtWLiwt$7^rTyZOxe}eDsMDeN)9I3as zs(rKGbz<2F*BPK^0Iq>HUa}ESr8FO<()H3GS}x5rx6&TM zXT2X9TZP#hO{aa`VU(|x4$6X)o#-MGh?<}(tfx)2vN~ik)kpSxARHYo6mMbhHO(IW z;J(%MX!%pS?BmUAhqsfL!IyMF2GR%?%REuk6lHRI@*Pf|IvMK2T)f&>f90zApn;5Q zlJT2rN5CAW)BoAoAS*m0*9Z5#eKUcLzH|SlkVH>d;Pq*@0t&`07Dxc~P~jIuxTNqkQb|_OS7Xe8(K# z|Kz8c-L3RU_a80c)A8M~M(@j=%f?C1ayE$}yB#T{d2Erh(P-{Fg^#sdFtRoF$Z!Rf z9GH2;DUxOklU`mt2MP)RddN!HF7QS*JI=5aM|ydr1cn|NTxrlWW=nlmQ@ z@YwD{4GuswEwN^j64Cq!1Upj?Pr$?FnOEbYb(5h95yzmAL|G@8!@C7(Uo-` z$GGDZg!mPU_Tw~^(tgpz=Xo*hFOIWhNtPWYDr#}SK7jvp@OTeMC{O z6!OMFSS_yXx~x5-g&2=Kyfb{>%FP%e_4+FF`GMg5^@zdA3=JEv_2x9mw4ZoJcwZ1%Uc0@8a7!o{ow%W$)Q$ig@?mVX{|Ix%eh zdd{)2jMNU<Pmv==rxj=D4{tPLgZw zYVlcr!^yZelTfBS6y;SwoJ@y!nE()!&UgJ z#bj#8lTK9JVgQxl!UsZl4>NrubEoxj*6a(Ds{h>wG=aX9ib`S|!+u2- zJacZpVNBfA96ow|X3L6lbpJ4;AG9uea^yQr5jbDWe@C{`ap**4lcn$$YGd>~A4B+j zLu`){i$_nFg0V5X4II(WQ!IPXZ6Gf0Iivs7~ray6bzfY?bNF`QaYZ%L_i zn|Vx1C~5LZ(N4&94$=veZqH&Rh~=}lmk-|0bv@$x{a>7%`6ql@lC#8T-{CXZ5C_-B z*Z7^`GYevecQ;qmWgxghHHd0aV~TwiMR@RhvX{~B z{O7%G@~1k42XAEQbXhyoU|o?%CAuNLqTpe&IHcW7;q{B{BZjHLd{Cp#C%tU9k4WZ# z0O1l-Eae1wX54HUDSq?NTIm-`ajn*zGU8M6 z51RUg*~L&u`!*gAFio4H(f;;Oc_)iHKbLHO12F6*gUoAuq*3@wq&T_gdU1ay0&70? zUm8T`c@v?=g%P-pn(H&!B}R%g$(NZ~B+xF;TY}}h`Fm|(c15mDh*_Qe;ly!xbW72+ zUs?VC9W%!WQ_d8`7G|?U1*;g1Mj5}(XIG!i>Rc8q@gCWHPsPfmt}tgZwp_rOhkduW zFrWoe3W^RyFK$Mqj55^svVagKc2S4h`jZ6+$i(Nc;I%Q=HwL&gu@BH8jIH}DRre3X zlO#Cd@~;^RGs%m;)RG0sh1F8T{o}vUM?G?Ctr%i2haihJ_K2ygdj9)@5FVq;xjAtp zxvyxr#%WMg71E%SV{aecjMef*S^!r@24Nsk)lJfuGL`3DE7W_yp{4bUt;eq0 zjf9$1xP^rg4S_qsnhd&-d%{&STPz^)#LpLRDp)$nYHdnN!$lh{X7*@7pcw;|g zo$`sazy|Z2U?9%p3g^bvHbpZnK$FMx$>y)mpdfz=Ut+d=|HsFeel48RWoCZ21T4wU z`9626KGFWJu|<&JG~?zOW@uFlT##ttZQ&PDp>YUft3+p0Q`0aoxr!9BP0-F)f@sSf zC%i8Wg1RVF1W0+_DjNo|SQJuxewoiW-Y*LBOS6v}xMGl!ht*p@mvILMNkA35ZSJ0| z%7fn~EM&5H)6t)%YA(lxclxC-%4IY?7&ihg7!!GZOS!w=7YG$b)W%6U><@ISO{$(H z&^%Nlx)jM2Ce+r#-Dp<~k-pP`Xepj{@abQ}ZgJ9`)6p%Nd? zNkJtlj;ocDB266$V43;otx<_{t}0KEk>>zJfac2P2NXH$N`HWFt=Lp}kB`+=8y)e{ zGHz*RXi*L-TeV0@{Asn#Sdll0*^4y_$|I75vHJ9|ClWqn?HlJ~860E6&WwAhl8%UP z)i8!e^NTZ;f?^J!)uLNn{IaT)T0*0S|mPtTAU~P zrK)E+QYuNw3QAfH&LXqX%rjXGWqJ-_sAZ# zvmA8Y-M?`XR0hnw5)->J$hrBOvd}bwuzqK22T*f)nIt47tMe5l1S_DEQPW6`bhgB| z%#e?JKG9)}`$l%Extjli8xoe}R5~c;^1g9c&=N>Aw!N4dtQNvNSwKv+|5-rAoSKW$ z81{0X%Af6F*D*3tWBqKw&^z;F7wgXNz= zSIr!ENCgtJ-T|t7HUT&((QiFRjS~~XMGCiA5oBtjr2cL4+{u(0*L>8GJy48l?jD6p z|27mF4)Vy*mYZMYy&rp+X?i4Tw_s*Uo^g-X; z+B$8pYK3JNy}udB8C!>gbLz!uPgM94FD;7qNrk8_EZoB1%jB97TIv{=z|zvp^i7-Y zTYbH1nR5Y>R9w87t>4oJ$+|4)N{tM#IT*~!^3wi7Z#U(WD2Fq6oCpIg2T-HOQ$)1M zb#p8Rq_tq)#vA9BMsAF-tVe)cxemZ)2E{g%Q(a1&{c#8ft;(8I$+@gnFSKSB!JD;+ zgiu??GiC9B^1CnuRg}1dFt4$D1ja6x_<3HJ*t+S8{#O74DpFpI+31C^H>S~W;M3Ml z2Ut0*x<*+39=|2Rxd3rX9-mdV8Mm&$|PVD)lj z#MN{-Kgw10?INEe+kiejUg<3WQRS-2sCU`m{**0HHptf5cJBK(2VX%sltPoygf!>< zA-~aaLUg$`+m7Rfd|b5TOrp9TrSItI(iv&VPG!TedOS1{WS>%VIE3Lw=TgW$gY!S* z%SyGR9K!>h{)O@!=^3WM0IMMO&i(-qM}@<|Ga;T&>0h}ocCh`PZ-DMd)+J`=LAKe^ zz|<7E_FS`e^<|1$g!Bupki_(1>_Ea){R6HgGrTx^n4}DKnm87JfzSm~PbZyK#6D=~? zOz}&)=_3U-;qC)20!y~y4qYX9Y=~~7mGq{E8btAzHqVlU@F)`-4zud$X(j=Zy`I7C zq@$=zDSD&ASkqiTSsIk!?nKwZc+ZmbCUOM?y2_`_<~-qjPK2Xv3G0p&VIf%DcipYw z;++fFtJg1Hv)OT_)EUw{>0mZkvonf#?2lEr$-*LK0Oct$F}iHX;W+Y=;f8?~zI!M`b zRo`4bNr6Bh z7Or&ku9f2K%>O`pShL|4~@gEO85p}(qPn~jKsCq)3^-`c4cBJaZVeNI6YW%-*as1 ztyd8!NQ}nuzQWj?1O_M3N68V@iR~m>l+~F*wcuXn**-mt zQdeMkvqt>+vBi>*z{XVH*w0kLhW`z322+5V$|A?g#Lvb4yUy1OrnoL}MO176K0UDw znvIU4Ei}OYf@wxcSW^@p4buV7Jft*>>+zBt3oFgg(lk>2wG+XXQ0VSoOhs}Mz*js* zM#jO>SttrG0Z&=aAO%c()v1@`sG1o!6+D=QF$_D%d6bGyO)o+7pf$7-vB}~fh_sa0Rc3&x%er+X7KC; z7{()Is$Yap7II`#TffMD)!sHQ2pX*`6=i&49U5IgrT{tS@yic+Iij75V&lkU4H)Dc)kx26Y&D<>UX_zuk1ex8>{S5{J)szo((^K5U~GIpf38B`R8 zndH#nSO#-)wQbL}LkFy~Q~bUcHDdANjg(d7;OH9x(cweY=c?Y3a~|Uwof<2PZwe8< zMa;1LWNvWn?-c!x)(VC8b3dxIlHHQcQC&%}um8uI*!`Z{nR;fwumAt+F`kl8?LP7`CYv3cC=juCZvs5xga1s)2TQdI$Hh zl)~r5zBd#-w7RNg`-YSE|A8WV8vp00^nCSyT$r4tg~ds>s{$ed!q3hVU*}$7i1-0> z^2MdadqmVh(I6oDX{;<6@Jo>x7+NWp+nrjk*JO+_*d~r3g9iFmdQq|ulxHM6`IDE&X`-&atI;v0C1w#M&lLEm8 zWHUFZ3ucy73{ob0O#+VO+_^8~U4vH}gs+Tg1>>K!<07wo9`4cm<)45~3)tvT$&pI_ zm%I5<21Ov=llt(PfW~Ls`maj8w!y+Pj!?;oQvTQMoIn>shJ8b+cW#O74KJLhnECRz zQx;#lM&G6wv?e7`^oM6-1vn;bZtL)TgZdr(nYrbnU;%lj8NcOdLH=N88@Den<`+#Sb=d)%GH&zuARO=WW&$Z-B*{c@%)Ix z4v>3$*J=CpMp8lt8%=Wy)W{>FLu#;^9_nHGa|Q8W7vU8zMswsYJm++Vb?GLxG& zTFWbUwJ|jz?(6;22Ni;uNV}C;>v}xAM_VKwn1`K(bG zrp^^p5E$zQ@9BIc*Y=oW6WdkZHG=$*1A-MD9P{#H0o8(YS8P`8Fn+ z>eSj@nZ(y;9uMA0Y@JmJF(ZodYPAIzg}9++riuA+7Mh?*q=e&}a({|PrZz-JNAJhl zVgJr)`#~-#?r!#kXiMH@PM#Y#Cop9)_P|T~l_%`+Tri!{2zAkW;IxAHpP#Z6G@WCq zCKRCzu6eR(zO2-j4y`ZEs?|JVhf&Wzxc02`A}w9Y;67F;N2o`}Msw>u1(s+q8S*c& z1_PPitEbCtOf(PfP!vo|OgjAPgaFD<8oMoawd}W%i>(qC>~imPW>&Ey9JHl^tFW@F zsS3eYV9B+^vNB2SUrQVph-WtlJ296UcXa7Uq9YeUwY7hn^$O@d5=-<55HTt^ z`$6A?%A$V=5hMzAGVK58TB30bZniKJS^xVn@}_w7+?_QZe+@ns{j-D+(S|PFO35?Cho-ZVm zZ7*l6s5|+CN2ZusZbjQ!Ia0#TpYjp3>2}`p!0Uh@bl^a|s+;A$jFU&K9>_}n_A?~d z48;ur|Hjq6TT49kwtOw4P1mm?8aInQ2%w=TamO*p?D?A_jUAS3o;H2?4!WhxSR75D zsSFYQG{(scQ{6G#BhFBGXz@eiOdWZetm)ani}&y#m9xnrJftorzy-$du?Xu!kL_@; zqMdLlsuWFpZcYbzcZubs1c{Cp&z{BB`0#9o`_NXpyR;9>G~!ZvtVkBd3MIng#RUmK zJ5VV3Z_+9<=esiZWSuv=v|9%x zy&oS?t>3ltv~LqC&eU(u4m&bE`f=!LrQQQMmLtE$`MMWS6~Wh4exzpo^(gvMe=KUFAn9c1#E@pIde?TI z0I1uP7T`r3hVjKZ{vS6LDVCMCSA@gI;EeS;zl&GmFdCJfr45wCTRbEiu24;L9-(zQ zDjFI6wKBcsS`*B+Jo??;neS+sTE%aZH4olxmORmD%#u@7MEzTlb39MV<)E>S^jPby z#>{0@#P&>lMb%2;k4(<3;6_EM)Q*EAzVix+s zK}%qp8H@!7(%oFy1Fy`ua06}hcmXH7-DdxLAYQ^~c#T8tPWKcpRc$rqW7#gpfojT2 zsOlKdcr43kU5c8N|MVX&t;yxoh0jNEIMQ9Ji=%# zSk-#1BfAfpUMa^mFuVhMR4UOLd`@F)vhQ%SjI?OCDwR|lX3lfw*+_f0gU$bL!BFLU zLsF56ST^O~=*JJGRi?5J>2taJ5xG{5lkogx!)%cfwtS8cy)Vq+`>e6ZATzSa^g zt|`_0+8jDf7D?6{Mo$-dbVSIJdvF|3;YuI?eCJAkA|zqwOT-O{-eYq|0Gg&PaKXif ze$<*RhVNKZ^>F(QPRj6 z7avnV%2oE~FWOR;n+*(dL}LNjNuiHhLjmWgsFfK#^%mb{H_pyH9b9?WMAKR8k)=#l z&e0#YMPIap-x`!@HEX0IE^5rNt@gHegKR~)LCK%PYD7o*v5Ll{1&yrv%nW{PJW)z< zp5axU@96kEdgl|M``6v9?9g^~xj!M9Z_SJ(No=_62HRMFYLuWrqFe6t9hmiQVVsSN zw1#Jk`2GBy6LD4QMvL`qYA)yE!XKx|51$_-z*JPrG>8vl3H`we*7#_imtW54>W#D= zk9CAaokaSwnZil`gP?LM*f0;AHN|38{ZyS&N|WWB{70!Gg(1ykle& z`p5o(SlwPgYD8$L{&ncgoA)gf8_0nElQnTk?2#l-o{)d*vzdD14cFSMYx1Gka6j6< zPQGgh6PK{&Bb@>3>A-;g0`dhL2WsE$f@IvS@ROBs)5TO#KZ;qcuG=Yh8{0=xa=&4- zzu7cqN)|{+ipbx}j=_hnbpD|t@nmvd4k=%$Pi=bAB_VIKoV*>`iB93*_s`mBy#vp< zE9pK5@`ke{S6n-o_l{lMa=8e^w$i}-g%7~GwzLDxu{*sP*1yHpSq2!68W-MP`7V}k zGud%P-jE1;q$KXy&Jy|4AeD&Q%|Q zKB_%3#j#i*#Pn%DK@>wqVJ3WJ&c6DabcF46jE_VB=-W+Y@o-u&fun{G-F)L`5q~7g zGjkLB^b8+jlP5OfU~(D%`GQCwmObTmqp>**USEFJ%{;S%=lYvgl(F3rwB}y#gQ6$% z8P^xWezTaz*I%jI-K$Ahb7{?sIDq4}ZA2|BK36IEPXn?9?F}wo)O$zzy1RE+Lltmf z(CG~P(&ymqb%IJ$44g0p-(c|zWQiPhki6MH|HYy$W97WsMcqsX!}$=uOoQ*<3)IcD z9Nbu($dO14x9!Ck_(p^+Jk@%(a4cL!m6yKbTCpI=(%CyT3b#aMgS2A@o5C@a@BU$U z+^@3c#0e;}rxoydg={X;#M1)*uxt=_0MuQxf*Xfw5~d` z13Z*4YqR3xUS}+|rzK@srF4s?P$?RJyT?~_5z?69?smCcUU;RTqL$&HJy$5;IU!{j z1VlzlaR-1X6c-4w{>Y=JzrFe0O&pgxQR%(ouEPiRa zi@zPI_K3cj_5_#)W|41kiJ60TX5x!|KGb`a-u@M-_ zZnD5r2YyIn)T-rmr3a@lbghNg#BbRR>ycM#PY#IBt}Z%abO~hI94SGl-N8kPNdGuu zf{n_#P66NH#dNL|Z7ri!^LJ71#1-$?9c{e!w_h9#zO+H~AI-;Tk7AM+`Qt@ZnAeH+ zwJL>~*!U{X#|=xIo?TKLR-tWPm~2iQX&x)X(RVEIEv{fx%pg7)w8si&fmm5>x40DD zhxN)@O5x*@VFAT7U3&5l$*+Tpm-Qz<2ZLO)>u!w8ODyR@U7FoZG$b=kF1-?v=)$7t zBY+{-$H!&@#pYpe$FKSQJu^BbU#@B(nmR#PV}dVS_+trK@2(sB2hC@3`!j z`EmLRTxPAPa{iwOnk9RN{KHme*N^%P>D$N2O1kLCZ^5f3)~~mG{9DzSvNZDRvf&<2 z3oU?n`ikL0o*7_UW#LS{1^uAO&BK_|A;(0i`+kL15LBkbPtYVA?m;bGBc(V$?kUQYckvuAQoW(S8`_l)H|Hm z8+1zeRGXI@qfS)8;KVw3PZ#nSsoPnN*D>ndGQyTkzNSQ**Q(sojDaBrsVdHvn@2f} zUaAq}zUb_`y%!@aEsb2|CC~@MboYkEcMDGq_nx$U`O$d*ZbX^VE=E!=3Q2oqY3N}=+1+Mo{f{Wd=_CK z_rSulb?s!w*z(0wHLR_0IwP)96+Q_AoldDN?FQ|`EmtY}<jDPnI-szJTL8atl1prPi`S}ZswaL523JB66rei9yy5e z_X=->!Nj@y?H-XFUs;Zf&OwveV_;vI&AE(iVG;~fmYYK1A7RO*B;5*DO~*_Aupq-g zHOZrSSY>V~tsFp(NbIz-hn4PIYDtRBY!F2n`U815gYh=TYS^QV_Kua+A9LBP486W5 zT=_W4yv4&@48WTSIc}A);qF{kR>y0uuL-|)v}l}C((nh@(TodXzU&f`^GzM3S6ytr zY-!oO;_~6D_TbqfZp<3?&ZWP51^P08H?nR6$YQl?!GLNM)6_?ZVgnHp7%)g5&5&eKN-D9p& z6o#H(7HeMp`-Tf`j@f4_rx`&13S9P(3`({(yT11*8O+)u*@;w~QDHLxYY^U~2 z$C7<8^68Xutg9D=i|wWlX;;kCrVT(P@uh#D~#498Jup_#9(~^EzmLSsu8xS)9-5!|$)nyBjiiO>li8 z+URUVMv&z507l>{6vouZ*`n}HPGOeG)`j8bn=uLlB2NEvX`RK1t>$}kheOsTw=kfb zxp6S9q>W>U5=;<_S@=^FKhaTk6%oH@Oc?5BG*GjhtvmH9P)_2De{d~<>?@K-?i=Xm zUQtYP(R4_yIJ8FVC+wB)BbkwSgz@P*Hmg&0fpB(@%j#1Gj5RZ(3p~lZd_+3pX%*G& zM5}KkJhCH}z?DxhB2IUG)0U~d6PoK4Kjm$Fu9dlD(=`gjei3aj$6uUoLx04u1)`Q? z6a7I}GF-2i#E}xgQ|xwq2x2*2;*LP4$o|{TdU{s>Ge-qkwdLOi^EnbcJ9vE5OED*b zN9w1`0hl0Van=6&%)ze7a|@E{(XO7uV`hGx`&jdEA{kE??p(Q~1UC0T-8sGag&;PD z;lsyxjdFi27Rzztmyi~9J=LHV7^v0nZF?y5e?y~WMYHnoMKnR9WQt^0Wu3)4EE=aP$Waq#qwRi2>kVs`mQA@3uj)$KO~@e9*PP1D|EImTii)F);(SR6BtU@R2^t`{yF-Em zcWIz;f@^@rB?L+E;NG~?c;k}buHCo0Xs8Uj|`Eo(ih1%t)XS{)G3G^Ku$qw9_2+l?B;f zK2K5C!YHe~GN(7I@qg3H=`{r{t)p{szmqJ;r)qQTAt&ZahJ}0T7QA6u}o3Pl=loNN3 zIZI~DwcASOYjv@&ckv?w!Tg&&OrqjsK{+cZTVX%F7h!l84kX_~Dmb&#xGU_9|D?fx z%m!>cS0{0L)8vOCTPZ=^W-D2N(<2QL4U#G5DdZ3RI~#3TV%3<(KHblxtFR#`RZ!1V< zCmqz@>Kq~_juRa{y|mPjtm^|!+U0tuJXR{1bbANyDyZg%MtQFLeOHy5zIVLTPBSzz`XuAk^p(4679T9yBlp5@x{&YuOujlf4__2Q3+lT+LhW}Y@&s< zsQ%{Ue69E(Y-y~c(&S9a9DL4B4Z+sd#@pnAyt~kv;29^jnbt*9FR#Iek+cf77E&hO-+msF@3=mLFaND~;|zuw*TD6x)AMu? zAw%jOGGE-vEFaauk@4rFC|HbWx_e$%5mqw#fIZvt6@!7wc(uSW#}n;hQ~fKekNa`l zlaA>cBY6+A2*WBF`8S2ai`k+xk4@uz&5iwH4-c z9||u2q}s?^+X(+PE25KNh%#o6j%M7HAFE{!UYhKJHM)C6K-vn&FA?F67FM5Z5q{u8 zIUY*|-d(X+zoOBTiEhge@~DydLo|v7d(fmwZ%g?iZ5XUXuBC^?%=f|4mGHB;gEhep zV+GM}M0M%#@1!@lcpF%2=3tXA#F20wZJytQYKu?b>yi9^A_aos`mA=dk=FL$U|fr* zg2p{#yVwnlGKR@C6*~2H(lA9F?WlVhuM4{&+JVB{P88riX`9ZUQI!N)!Sr_}r`^lK zqx+ghg;IAoufYf|1)cf?LORTsf`2_OnZ)SO)=B1GelkbsGYynKb7|2sZ0Md9e7!%Q zDww5=+8>ZcV@rP~;7UE)R-b7%UVoDB>H`?fjK~!{eSK#Z>FFiS$Rzpn+US>2h_j?j z?ijRz+|&-H?C_Ns@euGSbM28>@_piF3N$0|Flb%0$uB$#gWt^sDs61|dFgT~&RY(s zx+UH^A`{?Lj=gV19Uu0`cz}X~!PRSv?iTG!Q;Ug>Ufbv5&R2IP6qt!v{han)89(3H zPvTU4l+HlXY8jc?8OHKr_q8#ZSn+lflQcCnB-Jm?ckw4y6~lW@U2)8a5_6}@Zrv?! z613V>HwMb+?k}pGnoa*U8QF-r85%h3 z?9+X^-yj5fk49#!$eJjPqGnXYwF%MtPm4mL zd2ZDr_O7X3vPdrTJ2{?Lhs5_cBMam=YhsqHA_~Md305!p8{7GWdzcB4X$QRoL00nB zoP>N)dI}-;ji%-bH5#2GfFN^^b@|bf{hV+Fap752_X`4Qf`S^F90EGRmL^$#r^5EuPNQ7sTzGhpiZ1lx3U{nj!{nAyBAJG!SaWb%xD4T zd$yiZX>R1v?gw1rhOI$`exU=&;cxZQ;%{!40Y@;=B$kaEsE@9XP*_I@*Vq^hbpdlZ ztCGrE4kx0I1`17qsUOH^vKh$K+2c=E)42-6n5~XitB+A4q zKp#u3%YC_5dEe>@s%3xz_xY$e8U3X<62EA{=~#?mcJ~}X~wuJ0+2Udd{ev1Ufh*jZ6E91BO9N1zPIy&qEitKl}nI(vRr8F8^3o)|%v zT3ytXp#%KpQ*`~SWWG-2ZcBSe4^|S3Q2Y~Aoho!Igxly@TNsCy8#%EvFCVk7y>TV) z?Ny3CQ3sl@!0h{-^ulht=A=j)u6SD7&w_ue7(x%|ft4ApJo0A!mvBtp zn0oO>FRr3^u5t1e;m>m-4fL}+tr9&ZD>Dlj{R1z`nJ>Rwg5m`<)SVhXL(-T7it$$} zx&&R$p4Uo3Z*StY&sO$m+Jd$8r>=56N|QJ7sQ^nHie^ojU|Nr={O1EOyCKbx@pR$Z zEDfqy`W2;a&%>>mBo2T*vA37x#fW*Q`s1(qXOA0&S$;-YTKm{rDSCRmwp8}5nLR6U z;-Zz6e2*&;Rc`)9##fZ05t^<6co7&R+J^5|z4^XlLi9aojvuw#pEiK4w7u&e&bZy3 z{Y<@?C#AJ$4-NI$Wa-pbN(-W%{2q~CE6h+l@)P|D(*eFC^4K1}q&O)#SIX0u3U+AUa(eiXMVfmC|N^Q0klx zuXu&!bA!rrkwoZ!FoRC>1bZ7pX68Y)8Cd7XN<_Eot00!w{!4ttgSO}?`petlZ>>uy zX-Not5U+%6cFq2Be(KxEDF)PhDSCmn7$q$KStG80@rB_O%@^f6&h>|e)ThV0Rz4@3 zHYp0OVi7NvK`nQNxFN?(YrKsgm3eIZ^6Vp7|TcF6|P1oBE1ExdC`;+3Qb|71><{-1ySMmb|Sgz^~qLuWB zojtb&%cCv_B_y1&ER5epSow>afp#kC`sgR6<@OtvCIrzA*}VCR zFDp+`Orff))LMtcaDgWgj3U|@TD>3D{a#=5nlxXJ13SkRF}e1AyLwLq70Q=Y?RQ)- zPe+7CGIzTPFwo-ZnTEZBTJ;__yg7?yGPgVKi6yu$zS|_CBcgM|CTFbL>$y=~-dMU` z-p&-T>FY7{7{o5)D;NA8np^;^b`AD2~EuX^Pr;z6;hKX>K~ z{71#}#ZZBQC!3Ka!(MjcntjTvzJ)^Oh~U6bv=LPMo7Huj*2mEn-}mIu?u6$}eq|A0 zSrK|S=PfujYRX-2i;@orlj@-=p4-$X97}pm+JsGZr>L&5Rqllfam6QVVsi8Qe1V&j zk(kD$6ivP^`aMkpjo-^~s`KRxk5oZl)*{W3cMA=4YoEiVy?bb|>w?}+%theJ;#x%a zyADQT_?{0@ubOCC(8t|q#pq^dP!EOq*)NyXjmpk_vXgl}>x{geo;$xid&RQ9f7IEd9dTnjpi!d$ z!#HtEqzb5YL&KQcOd$NptvyDmc9)<{X0{qzY#xMIl@n*7og9rw$0MnlTu{K8^s zolM7tbmr9vk-XwHlUTg$5`rY$o7Ag5UsVK`ST()>pkc*oGG!n`b-KW~kumvg1eWw& z0!*6hJN~L0am2?C%K2%f04E&M1`nRbl~;wTDg7`mf;rD7!T?37aZt7*kD_>{M2JVQ z-`&X_yjyexzZno(0wqXnQg7w=r#~Kf`1Z1iTR~A#Mtf*rY%BmN{m5O%5R|^hr9XMy zuw7-cOMj+-#Rw62M#HP10|#3WDbO^w{0^>`3K?zfn`jx}B{J8QvZoOHY4k*N%wfd# z*+Q&S#Ow6ozIxbuoo)Ha7R@VF=4{SWp7@p~yNoHufWK){gcDlB#5~Mke8D4iOdR|& z?R+jWY}jvG%u*?_TKG}z2jm@p`KR^~maY6^ zlP+X~NJ}h~=d28#JmhytH3PjVUa{#!2!Xn^sCnE_AW!@uvI{ zxs_=XWIa8lLM zp4$)3G6<#s~Fc!gGH}L%e8aB&c!%2I*oNb^Q)lqFJaYOhJ*< z)RfD?P@A4SF{fJdE`9$85X%sFXOeD~fQ3M_hU2k+k_u3*0t59`kZq(kt!-J)nvm(B z1<(atvH9DG6@~;6JfjwWYf}<|()UKyNj`uzD`s4~PA#x7bg#+_*??U!t(?~b_5 zvTl8&*+*I(_$usR!8EdLn=cA-Chsk$>(?F;o2Mryot?TQJV3JVY3LCqs#&=jtAwRw zljVj0^sD1=qf8J|g-O3tow4-XhlE#KMl4N$RaKx|#>+tTzKZBdst=W8Y~GxT zi(N=iWR;2)nnmBMgEKZTw6vsY)NU!+JB^?@fj8t1jXUFe9R6wbqtY_R`6@UO7rP`? zrueF-r-1ix8W-0z-A-+KylZ(G4@gEqBamg`&L(P}o?)#DLgwAB|F#Ime`h({#Ud0l zu($0@QNLb!9}u}gqLuUEtaJjvqUgFhy!mR0i>A(y<1_aDJ+f}2&F(#W5@JVpZf$c- zqhQ5yKDSNTdRgrI$@EC~?Bb{rjI&>-!6&*C)rFY%|h+8m++{0*JJ{$5Eyf1RG| zfwCJT3Gw1+PqO==zNtgGYP`;2b=-ygSjLtZVyeiGK-ABVlc%_r_#Ex(&scAEv^ei_ z)?TiKN%#*Z6!7RIKw2wnSFvE6#HZs8y=r=7QAs~wmdDP=bgb22e6skIc`rLx>S}4- zfEo91*QquV-W5QqIHve0g9iP)Ai_C|B}GAjmmv6eb2T)_oz{!*Z>4{P@xb7qLQ+af z|93R3xBT{R*>flMHT1wkQ+6JVoFIJEs-`zU`j`rmY$x;Z)DmI~WI`ZmUT9uA59L;m z!OH!MHck@z!{Bo@ml&vB%&#;}cFaA6nOH;TnX$Er*biE*1r`q!Am>XqK?xb9S2{Xv4vF#9U_n@v{h-o8$ZGcLBx-4H+W4pJ!v(-1~u zMz*e?69Nz<&EywGD)F0uQ{mguXObnLETIbg7}ZLKp>m;$iqGBUO(E)8Cal#m-86jZ41(L-}8t$b=incd&{TmeJL zgMsGu)DLa?UJ>{%J{}*osXqMDRu5M>H@zU@t{orULJUGO2K$N5V7;}5RKf`Tu&aPa zg!rd=-SC=N|B#Wd^ua3pt-qxK=&SOG&3eAR_C>Zwpu*Cv2U6wZ&2EnPSKYQnX;-`j@-6yem_*NI|2GFy&;M{Z8ntLy8N$T~uI_V&(>T8_ED z^uO_{daz;~^6K0tC|nc15TloY3G-k+V#x9Q>6}{~VuT3%^RD^`;iFvxXV_^l%$yDbEV6CJ_Z94hZ zUP$~gKFprZk^r3CX(h$E`SUrAy_N5H40j^cLekJ!ZAteU5e-(O zc07cmyAt@y^Ow8PWleab!k;g^EO3yePt0OIw=)@<7*d5lpDmZgVt>*CmA?}Mz4pf` zgj*p~_EU6i#2}Kz>WD@P; zBD?dY`Q}RC+!Vu_Ik1IZ{f`7z*0kX}5esHbp z#=i=*|0%f8@&B8Mk0g=3N-d8JZj{Zpgx{tdW#z`*{P2)t^L)Gu`%g}xAGux1%>Q>Ue~*7>Ey*k7e%NMe;jc7(*z(H|_KFgng(kBLxUxoZ#%4*NVAIzN+mX+ z!2p^#Ws$4gL&Dec+j^(_`d7#Es!H|TU?Y`9k%lZ|9mtxy3saf`H~A7|_Tg4zuobm> zQpeBK@6GL@aZ8xUX;_9teFQ}0I?gC3rll79sj^MvSxl+ug~X#strd0PuNU~QM1rdr zX<9J#q55S2zs1HqxZT43lPv`P1c6NF66XIDk=Zx;YO_=fUnp(NQL{+&Gp6zB#Fvw- zpWAM?iet3?NQL3~a|L%yG}U#KGyXh|!FPLDZ*k=)AsFQ(iuXD(fA%|OwoJr~{fwBo zSvlBAgyw)XoG1lebGFIMuBjh?^o?iASO+!rd6sN7hx6C`GZ`%G& znxI!{@;f%NyaDPsXKPWnU+@RjXE&&?clS~ox`lSNd#tJi>n`D766~uqE}28yTjVlkTJ}Ti2Q%rni+rJRvx?v6@#|613$tyz+VE?B;;0-LWL1l{ z$|_VMFVY+GpzjDk5!888jG|x1HnhDvrLnuUvRpD$`4*Dy)FB1H#@?9&Sf(`W`4=Gc zck3c5CT711lsWY1`?b~^2;95pR*?FoK5moD?A1Lpl;{XPoFg&L3C!e%y6#)e>xjxm z%pApuQr>FL?_9Y0mrgwSmw07z2{SR|7m$rac(+>WeRMoepH80slx*w@9i^B6wxAwf z{O;1!n&sE*8WRWfk<_Wr^#tl8<#1?WgUc;-k%Fg2WM;^ zwoF`_Z5OQctBPmaaZ26UJQYPixkkQj?b9Q~)H(rZK*)-@(W=tyQq{UypwOg_OKpFxy!`Sp9XXLZ(w=$VBPp&%G)N2_|nl8}*r zp-0|Ug2lcSNwivPg$fkPhbgIhi=zB!AXcJ_4s#7Pcva=K}I-+h= zKFG~HnMKk^r)JA6FcXEPbXd_e)Hi>o_OUA+3AV`e8daNBVi24jUeRdmRBEV(C7>vR)F2gj>UT{lwepUfVnooy#;<8hAx zG$HdQ(oGEHzJ6b(iz*6Np$_y~QXpte$4LM5T=T}{L|RLMc>A;81A^gHzqwX{R6WNE z6TeN1ie-V7w)l>qLyuhlv)VF{Z{Kt{&Y-i@QKcJUNE$~`wdrY1NA(&X;PDW#8({mKC zq5z4_ItA_h#ppdBUn;s%#RMR)0Ry4C+WTL*-&TqOB^u=<$d_fSS>Xj0r^Ykzv51H(bvgV(B249`5HMQ0rHIJuPXhwvYYq&6PrWlWcB`Fv%9D2rUO zvTFF>)hjqx~F)}jB&Ci!c7T3*eCL32AEwu=UzCg)X2Xr73 zE84E~H@CML0&e~EyuF)`8rN~6D8+L@CTFFey@x#WCILgHP?s`Cx-rLCo9p;G!8o&*YSc<|uGw zqg@;`#gE-gDCEj7m{E97&}(>iHZ-+ znwz1|ItS>Stz%l7Br{hjpo<&jx4KmJa}?wT=?zd&1Th0KksDcRwPz?Oe;JVtQBcT3 zKBA$Ze9J@nL=+Tf!skTDO|<0yZS;RT;{OPXaE9q7!JUu){%8N>cpwlc{BvHGY{}53 z!f1pv&A@KZe=o!M!NFTdNy$VrXg}_gtttQju)ExYzm&Gq{I4Nzi!=?Axls2dl9+^~ zthLpEOu#XrZ#{NwTajJj?SG~+GKw<}gK1qJ%xV5H;e1z8k8~Uiw3llC>%>t&^%l^6 z;l+g;Xm^tC_EHU~>hRzD7oFmXOxl9zmsC}8zAL)AnECH|oV(|M${mhFHnjiK4qZNG z`^OU$Azx(_*~#rd+rE;8L&ucoC|0-hPT99&=qM}LcjQGQ1A{|DiU|n`)(5lI%#4g` zE$)Zy6QgA)&ULdBw`W5fcEc%L+#R)q5j~_yzJHcaACrKN>M@jJuqM}SdMZ>DYyT@D zBf4;ZuAYxw=R-bFL;rmD6*)JPT&nMF#Bksq0$r& zMQ|pk^L*h^@&yWc`_?SyN#aLHdAYsri+@hZFDh`*rV#n-e}|WHX7fk+7-5>4-bdFo zOfdxh4fues@qxW(WG1M3`0tzmxq+x7`stguU6nJixBNyCSxApq_sShJ*c_v+O}v=x z&Wv6wET~XgIW_tyxzyc;J#`gct2&sJ08mq9ms-m{@ave zp1UYjJ-t-K^>JlJMh0qqK7KLEH{u=~*q*awvNFp|IULmd*Rzt_S0^5MGN%LVoU5d% zcj@NyP=N})nQdEV@O5^euM58P{i`=O}N?W)2AS(M2DqgB5 z!JyW`_Wbf>F0lE_0RH9C(p`4op!z-X8cPPdZDrI-Uwy50x|76^+5JFH`~MlHtm%`6 z*eb^uI#!$<#cxHAHXgGs%Qsw-Q`IGg;)V`mXWE|3^*M*=8fI9GyJkHXD?+~tP7Vt$ zJmIj}|6)6@HP0F?^_m`h)N>QEjr@1?w7{WmN#`jBZ_r*>^ETMW?Kmg^mbGl0w?wVz zPat<{UBJ(gQkIzR&SLGgS#JydI=b(TSn^_qL_>GvK(~_{SdQZi9IEgH`Rg5AkEj`0 zGCOS|zSY^26k1x-HMh#7R!&*qbqJv&bV;|*I|TKYwAdgU(s$MQ_+*dWm*<*2^iSwW)h*2X*i zdfVjhNU5m8)%1VPNRXBN)*N`b3QL{;C8(18xYm#+xXK>Ya_;_sIEXFmV7wtR3B8muA4oFdi(l7@52P@e2rzXTei@b9)Dn@xgGln zmsyo^w{iKnW>9cw2y?Om|kAt-8iTzm;(1=IEWUDCuM!dr| zB{9PZJT{E`0x5S*1zcz$_H8HY!HZnY>)F&E(8Pu<&p!;4W-EVYmIKD|5TE_0mB5&x8tr;GJJRoI^mT#1h(;sKS z;efqBisPN0H6!8M1U%sqJ3G2uF1=-5(7P+DW^SumONee|c-2sFf|vcRt(e56p2O~= zW~Pu?N;C8;ooepN*{lpfe9M8Ra;kQ=og+dZ^Q(c#EiISK$c-DNbE^x`tIqXk<#Lfg z^Wr2=b#E6p$qopTWU@)r=Xb~nCmESoF%I~ID|V7?=~Su%8eUF@K?rAX{BAmV5a(S1 zlN$q0w!0OidX&ldP~gQb8OLszgm^v!7$MD~P)c-}cA~&PtIl3d+sS?U4p!O#D0|9| zCH1oTh~?ohRdH6VB$bxcBBp=7#eKMVQUVTmWD+y$y;$`~wsYza_O?%+Zfj9m01VI6 z*^KS2N{CeyNf_iD@>L_=^L54l1lTNObl4mz9151`r^+Oy3RZL&&;1M|-5yuTj%L@+?uzRfgadC5`dHFQ9S1H~^ z376478IaFYhnE|buDN=bDF0^35<|DNKZsxG8?Mn6Ee@yX(eH4K(y27a_Att-P!%|c zgWEPNKR$d=1|wA4T1>)pR05O;l&UINu?7idi=bnz#k*9)aE5adyMZ-j`roV}W#Uu0 zbBa*UQ)Y*oa$Oe7_5u>i%Bdt~0w-CY^A$X^fpW!L7cppi17f3~bPS`2xz40gVTd{5 zByAPPzc5C5I3^2GxWxu6y>)%e**@}-J7%BDGpW+$Q67IVy+$^|up&)dA~Sq+u~3`T)B+QKT~aYYcR-EoyKlh%A0xQmp>$~P#-8f3{T*g>=t0Y2m&7Q zKfB9+yuSbmxA{cpl3DJBkQCV+EeE@_T&TJC+WK+2f|DFewalKDP@}aiUlY*p4G|;h zH0$B8YCo$@5NY$tn^c+j*q-}u4r?6*^5 zm{7991qP*QSRd7R$|rS*Vaq2v?XTyq)&qw_I!_VofWba8sNJyk1eJjj*?CR&4e$mkW*L0Mf@|rlou(2hyVEP?ff<7$Oc%<#I{lK{OhRynjE|&xk7!hm^%~59sop2b=%G)kt>a6S zg2y!D4!bs}@$-b7lK=6?%=yand8DP3X;SjWWP7Ry$)* zR7Fcu+crpDZg^VYd1D0BRx=etEe1KXk&(=lL`f(cIW6AbJ4}W;v=Bvlj?`c#mSZq4 z)!_2Frhlz}>KX0;ln0HrF-fuL1QgO8JLqf&F2U#ol&96j!())syuX|w_Y6CWS=R|g z8-`++e;=B!AMY-Iqh9Z)K4lh#`_qCn#@sP=)nz29L%KlBL!yce52bSYkKvTQYiy9R z*8{fHck-0|kVcHNpR3tOs~KV#8_LRC7^eG%=fGNaI9fk*3CeA%@B`Bv#FP)Ps3*^6df zg=D7ea;dSw*JwmNW~ti({~>#Wmh=1=?^X>DY~sbo;lvzAT9t`!M~9oZi7ah9k`EiL zIeYQcA;5z`4Gg+mY6~2Syp@MO#!DNb$%?~*`DUSfqdfH8;3*FHrIhy|pjJv`$Q8c5 zHgwUYZkUMgm`6}aTG;8RcP5)huTsl5t8~4W#MaPK#!h;dMf!_O)7c|T!9%B*oivHT z>f7i|B^F5Im{ef+*C+Y#L-CyPH-NuSt1x4L(I&>SYr+Rw9YimH0@q@p2;AhG#wt&TDh}kz4R{Kh4 zhmyfT9@zE@k|EzEJg7M(xa<&TrT41gD5o6+gxP+yf{r*a1RPjzm)M+L9WF2+GoiHg z^yWCRP`;VR_&p9IC+m4diFR8x!hXJfrOiHWh^D$DG}aXZm|Yx~sVcls;z6QpB7(8$=AZ>)XAm7dDB@X$*6h|J`e_9QW{ zuARcimzdq4_)pMF7BMlg+h*gf^V>M{l&q}E^78VHcNA%|E+czL@(nn8p(s?l(L2Pb zb#`RRL5Sox*E! z&)vGBD$BNIl6U%O?@E+AMWGjDoeZ>^DS8flrGZMyK zQe?dnx1A$|MJsI^X@2r9Xe0POh6LfVW(eOPE0@;?b61VsM5^HVA)MP#3+(mj6G8>) zvO2%zGVildEA7c+UeMv3y2Ik--3zM!BKHxdcc_;Fz5}0n3;m7Gj9d`u*1lj4vBZgP zJKysnvCnhcOVEuo%d(vn^irT>X?ZcmWGGkF^)Bf49Cla!xVOwD<><4rT#1u`f0{km z0GXCuzyfvkNb%OWhK5Za)2Lz~V}ozz#+`9}GwQSzBAN_t4zy#B3~YRXd#4@~<7Kio zCMyPB%5MA>>)$iGYX7=Go0GgJruIG5(4f0k$MwqSFb&%oh;cMb?NpZyZQ2>Odv>_gu2t{hZ8T3Xt7_=3MEO49iqCi`P)ao-j5SPrYb zf1{?auOAiX}XLlzAH#-#D}tZD0>il3ss;H4LLH91MW;CY2x z$l`$AtUy6yqwXJ*DpSn6T2wy#u;SukIscB1fg87$CH-2*xk8dsKZ{R@zhs}~0H|5jY1 z|Ml$udlj}?*!>`7wi#sC^#Qrd$r2MIqZ~Mv)|7_NONHa#(npJ#F}c}7y#qp`Su?2% UUQObO{1-)DMn$?p(&YR90PBD@(*OVf From d5362ff3df37e3db1efc7f0468081500b71e3e29 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Thu, 10 Sep 2020 13:20:44 -0700 Subject: [PATCH 037/115] Update test-scenarios-md-app-guard.md Enterprise mode is now renamed to managed mode --- .../test-scenarios-md-app-guard.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md index 9fb1380e27..62a64b4adb 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md @@ -48,7 +48,7 @@ How to install, set up, turn on, and configure Application Guard for Enterprise- ### Install, set up, and turn on Application Guard -Before you can use Application Guard in enterprise mode, you must install Windows 10 Enterprise edition, version 1709, which includes the functionality. Then, you must use Group Policy to set up the required settings. +Before you can use Application Guard in managed mode, you must install Windows 10 Enterprise edition, version 1709, which includes the functionality. Then, you must use Group Policy to set up the required settings. 1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard#install-application-guard). @@ -70,7 +70,7 @@ Before you can use Application Guard in enterprise mode, you must install Window ![Group Policy editor with Neutral resources setting](images/appguard-gp-network-isolation-neutral.png) -4. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Turn on Microsoft Defender Application Guard in Enterprise Mode** setting. +4. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Turn on Microsoft Defender Application Guard in Managed Mode** setting. 5. Click **Enabled**, choose Option **1**, and click **OK**. From 62c377cc7be3a952fae462aab379d368b83278b6 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 10 Sep 2020 15:59:38 -0700 Subject: [PATCH 038/115] char --- .../microsoft-defender-atp/partner-applications.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index 3827f0fead..8d7ecfb297 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -38,7 +38,7 @@ Partner name | Description |Category |AzureSentinel | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel |Security information and analytics |Elastic Security | Elastic Security is a free and open solution for preventing, detecting, and responding to threats.|Security information and analytics |AttackIQ Platform | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets|Security information and analytics -|Skybox® Vulnerability Control | Skybox® Vulnerability Control cuts through the noise of vulnerability management, correlating business, network threat context to uncover your riskiest vulnerabilities.|Security information and analytics +|Skybox Vulnerability Control | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network threat context to uncover your riskiest vulnerabilities.|Security information and analytics | Splunk | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk |Security information and analytics |IBM QRadar | Configure IBM QRadar to collect detections from Microsoft Defender ATP |Security information and analytics |Cymulate | Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions |Security information and analytics From 3f8d9f84af9500016e7546658e31b76a79ee35e7 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 10 Sep 2020 16:49:45 -0700 Subject: [PATCH 039/115] Adding settings --- .../mdm/policy-csp-admx-mmcsnapins.md | 3732 ++++++++++++++++- 1 file changed, 3720 insertions(+), 12 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index f10ab007ff..f216f3b7f3 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -340,7 +340,7 @@ manager: dansimp

-**ADMX_AuditSettings/IncludeCmdLine** +**ADMX_MMCSnapins/MMC_ADMComputers_1** @@ -377,22 +377,25 @@ manager: dansimp [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] -> * Device +> * User
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled. +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events. +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -Default is Not configured. +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -> [!NOTE] -> When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information, such as passwords or user data. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] @@ -404,15 +407,3720 @@ Default is Not configured. ADMX Info: -- GP English name: *Include command line in process creation events* -- GP name: *IncludeCmdLine* -- GP path: *System/Audit Process Creation* -- GP ADMX file name: *AuditSettings.admx* +- GP English name: *Administrative Templates (Computers)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx*
+ +**ADMX_MMCSnapins/MMC_ADMComputers_2** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Administrative Templates (Computers)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ADMUsers_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Administrative Templates (Users)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ADMUsers_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Administrative Templates (Users)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ADSI** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *ADSI Edit* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ActiveDirDomTrusts** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Active Directory Domains and Trusts* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ActiveDirUsersComp** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Active Directory Users and Computers* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_AppleTalkRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *AppleTalk Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_AuthMan** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Authorization Manager* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_CertAuth** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Certification Authority* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_CertAuthPolSet** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Certification Authority Policy Settings* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_Certs** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Certificates* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_CertsTemplate** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Certificate Templates* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ComponentServices** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Component Services* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ComputerManagement** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Computer Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ConnectionSharingNAT** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Connection Sharing (NAT)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_DCOMCFG** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *DCOM Configuration Extension* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_DFS** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Distributed File System* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_DHCPRelayMgmt** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *DHCP Relay Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_DeviceManager_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Device Manager* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_DeviceManager_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Device Manager* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_DiskDefrag** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disk Defragmenter* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_DiskMgmt** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disk Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_EnterprisePKI** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enterprise PKI* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_EventViewer_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Event Viewer* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_EventViewer_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Event Viewer (Windows Vista)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_EventViewer_3** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Event Viewer* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_EventViewer_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Event Viewer (Windows Vista)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_FAXService** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *FAX Service* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_FailoverClusters** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Failover Clusters Manager* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_FolderRedirection_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Folder Redirection* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_FolderRedirection_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Folder Redirection* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_FrontPageExt** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *FrontPage Server Extensions* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_GroupPolicyManagementSnapIn** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Group Policy Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_GroupPolicySnapIn** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Group Policy Object Editor* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_GroupPolicyTab** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. + +If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab is not displayed in those snap-ins. + +If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this tab is displayed. + +- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users will not have access to the Group Policy tab. + +To explicitly permit use of the Group Policy tab, enable this setting. If this setting is not configured (or disabled), the Group Policy tab is inaccessible. + +- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users will have access to the Group Policy tab. + +To explicitly prohibit use of the Group Policy tab, disable this setting. If this setting is not configured (or enabled), the Group Policy tab is accessible. + +When the Group Policy tab is inaccessible, it does not appear in the site, domain, or organizational unit property sheets. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Group Policy tab for Active Directory Tools* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_HRA** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Health Registration Authority (HRA)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IAS** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Internet Authentication Service (IAS)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IASLogging** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IAS Logging* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IEMaintenance_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Internet Explorer Maintenance* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IEMaintenance_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Internet Explorer Maintenance* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IGMPRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IGMP Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IIS** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Internet Information Services* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IPRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IP Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IPSecManage_GP** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IP Security Policy Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IPXRIPRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IPX RIP Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IPXRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IPX Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IPXSAPRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IPX SAP Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IndexingService** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Indexing Service* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + Footnotes: - 1 - Available in Windows 10, version 1607. From 4ea8c399e5f42ddbc8e47839d9e14eb0f81c2fd1 Mon Sep 17 00:00:00 2001 From: alexey-zhel <42064018+alexey-zhel@users.noreply.github.com> Date: Fri, 11 Sep 2020 16:40:58 +0400 Subject: [PATCH 040/115] Update hello-planning-guide.md --- .../hello-for-business/hello-planning-guide.md | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 3fff407e34..765687d769 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -166,16 +166,13 @@ Choose the deployment model based on the resources your users access. Use the f If your organization does not have on-premises resources, write **Cloud Only** in box **1a** on your planning worksheet. -If your organization is federated with Azure or uses any online service, such as Office365 or OneDrive, or your users' access cloud and on-premises resources, write **Hybrid** in box **1a** on your planning worksheet. +If your organization is federated with Azure or uses any service, such as AD Connect, Office365 or OneDrive, or your users access cloud and on-premises resources, write **Hybrid** in box **1a** on your planning worksheet. If your organization does not have cloud resources, write **On-Premises** in box **1a** on your planning worksheet. > [!NOTE] -> If you're unsure if your organization is federated, run the following Active Directory Windows PowerShell command from an elevated Windows PowerShell prompt and evaluate the results. -> ```Get-AdObject "CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=corp,DC=[forest_root_CN_name],DC=com" -Properties keywords``` -> * If the command returns an error stating it could not find the object, then you have yet to configured AAD Connect or on-premises Device Registration Services using AD FS. Ensure the name is accurate and validate the object does not exist with another Active Directory Management tool such as **ADSIEdit.msc**. If the object truly does not exist, then your environment does not bind you to a specific deployment or require changes to accommodate the desired deployment type. -> * If the command returns a value, compare that value with the values below. The value indicates the deployment model you should implement -> * If the value begins with **azureADName:** – write **Hybrid** in box **1a**on your planning worksheet. -> * If the value begins with **enterpriseDrsName:** – write **On-Premises** in box **1a** on your planning worksheet. +> * Main use case of On-Premises deployment is for "Enhanced Security Administrative Environments" also known as "Red Forests". +> * Migration from on-premise to hybrid deployment will require redeployment. + ### Trust type From c5c9c8d1abfbf16bb1882c1434077aa231b0a4c9 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 11 Sep 2020 12:23:52 -0700 Subject: [PATCH 041/115] Update .acrolinx-config.edn --- .acrolinx-config.edn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.acrolinx-config.edn b/.acrolinx-config.edn index 5bd4162543..aa6134e38e 100644 --- a/.acrolinx-config.edn +++ b/.acrolinx-config.edn @@ -11,7 +11,7 @@ } :scores { ;;:terminology 100 - :min-score 20 ;; Confirmed with Hugo that you just comment out the single score and leave the structure in place + :qualityscore 65 ;; Confirmed with Hugo that you just comment out the single score and leave the structure in place ;;:spelling 40 } } From b902753d924dfacde83fdda2ebc248944438f655 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 11 Sep 2020 12:27:44 -0700 Subject: [PATCH 042/115] Update .acrolinx-config.edn --- .acrolinx-config.edn | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.acrolinx-config.edn b/.acrolinx-config.edn index aa6134e38e..2b301ca5e1 100644 --- a/.acrolinx-config.edn +++ b/.acrolinx-config.edn @@ -35,7 +35,15 @@ " ## Acrolinx Scorecards -**A minimum Acrolinx score of 20 is required.** +**The minimum Acrolinx topic score of 65 is required for all MARVEL content merged to the default branch** + +If you need a scoring exception for content in this PR, add the *Sign off* and the *Acrolinx exception* labels to the PR. The PubOps Team will review the exception request and may take one or more of the following actions: + +- Work with you to resolve the issues requiring the exception. +- Escalate the exception request to the Acrolinx Review Team for review. +- Approve the exception and work with the GitHub Admin Team to merge the PR to the default branch. + +For more information about the exception criteria and exception process, see [Minimum Acrolinx topic scores for publishing](https://review.docs.microsoft.com/en-us/office-authoring-guide/acrolinx-min-score?branch=master). Click the scorecard links for each article to review the Acrolinx feedback on grammar, spelling, punctuation, writing style, and terminology: @@ -51,6 +59,6 @@ Click the scorecard links for each article to review the Acrolinx feedback on gr " **More info about Acrolinx** -We have set the minimum score to 20. This is effectively *not* setting a minimum score. If you need to bypass this score, please contact MARVEL PubOps. +Use the Acrolinx extension, or sidebar, in Visual Studio Code to check spelling, grammar, style, tone, clarity, and key terminology when you're creating or updating content. For more information, see [Use the Visual Studio Code extension to run Acrolinx locally](https://review.docs.microsoft.com/en-us/office-authoring-guide/acrolinx-vscode?branch=master). " } From 4900abe797d55d1a8745766280e65d317f2bb37d Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 11 Sep 2020 14:52:39 -0700 Subject: [PATCH 043/115] Added policies --- .../mdm/policy-csp-admx-mmcsnapins.md | 4256 ++++++++++++++++- 1 file changed, 4207 insertions(+), 49 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index f216f3b7f3..fa89632886 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -399,7 +399,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -476,7 +476,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -554,7 +554,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -632,7 +632,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -710,7 +710,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -788,7 +788,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -866,7 +866,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -944,7 +944,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1022,7 +1022,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1100,7 +1100,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1177,7 +1177,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1254,7 +1254,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1331,7 +1331,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1408,7 +1408,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1485,7 +1485,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1562,7 +1562,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1639,7 +1639,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1716,7 +1716,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1793,7 +1793,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1870,7 +1870,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -1947,7 +1947,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2024,7 +2024,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2101,7 +2101,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2178,7 +2178,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2255,7 +2255,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2332,7 +2332,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2409,7 +2409,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2486,7 +2486,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2563,7 +2563,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2640,7 +2640,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2717,7 +2717,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2794,7 +2794,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2871,7 +2871,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -2948,7 +2948,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3025,7 +3025,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3104,7 +3104,7 @@ To explicitly prohibit use of the Group Policy tab, disable this setting. If thi When the Group Policy tab is inaccessible, it does not appear in the site, domain, or organizational unit property sheets. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3181,7 +3181,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3258,7 +3258,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3335,7 +3335,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3412,7 +3412,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3489,7 +3489,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3566,7 +3566,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3643,7 +3643,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3720,7 +3720,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3797,7 +3797,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3874,7 +3874,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -3951,7 +3951,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -4028,7 +4028,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -4105,7 +4105,7 @@ If this policy setting is not configured, the setting of the "Restrict users to When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). > > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). > @@ -4121,6 +4121,4164 @@ ADMX Info: +
+ + +**ADMX_MMCSnapins/MMC_IpSecManage** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IP Security Policy Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_IpSecMonitor** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *IP Security Monitor* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_LocalUsersGroups** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Local Users and Groups* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_LogicalMappedDrives** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Logical and Mapped Drives* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_NPSUI** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Network Policy Server (NPS)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_NapSnap** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *NAP Client Configuration* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_NapSnap_GP** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *NAP Client Configuration* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_Net_Framework** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *.Net Framework Configuration* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_OCSP** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Online Responder* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_OSPFRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *OSPF Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_PerfLogsAlerts** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Performance Logs and Alerts* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_PublicKey** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Public Key Policies* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_QoSAdmission** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *QoS Admission Control* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RAS_DialinUser** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *RAS Dialin - User Node* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RIPRouting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *RIP Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RIS** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remote Installation Services* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RRA** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Routing and Remote Access* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RSM** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Removable Storage Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RemStore** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Removable Storage* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RemoteAccess** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remote Access* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_RemoteDesktop** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remote Desktops* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ResultantSetOfPolicySnapIn** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Resultant Set of Policy snap-in* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_Routing** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Routing* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SCA** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Security Configuration and Analysis* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SMTPProtocol** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *SMTP Protocol* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SNMP** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *SNMP* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ScriptsMachine_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Scripts (Startup/Shutdown)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ScriptsMachine_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Scripts (Startup/Shutdown)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ScriptsUser_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Scripts (Logon/Logoff)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ScriptsUser_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Scripts (Logon/Logoff)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SecuritySettings_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Security Settings* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SecuritySettings_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Security Settings* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SecurityTemplates** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Security Templates* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SendConsoleMessage** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Send Console Message* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ServerManager** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Server Manager* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_ServiceDependencies** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Service Dependencies* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_Services** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Services* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SharedFolders** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Shared Folders* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SharedFolders_Ext** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Shared Folders Ext* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Software Installation (Computers)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Software Installation (Computers)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Software Installation (Users)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Software Installation (Users)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SysInfo** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *System Information* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_SysProp** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *System Properties* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_TPMManagement** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *TPM Management* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_Telephony** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Telephony* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_TerminalServices** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remote Desktop Services Configuration* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_WMI** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *WMI Control* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_WindowsFirewall** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Windows Firewall with Advanced Security* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_WindowsFirewall_GP** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Windows Firewall with Advanced Security* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_WiredNetworkPolicy** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Wired Network (IEEE 802.3) Policies* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_WirelessMon** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Wireless Monitor* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ + +**ADMX_MMCSnapins/MMC_WirelessNetworkPolicy** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Wireless Network (IEEE 802.11) Policies* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* +- GP ADMX file name: *MMCSnapins.admx* + + + + Footnotes: - 1 - Available in Windows 10, version 1607. From adc32fef84077aedcef5b7179889fe0d51142a7c Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 11 Sep 2020 15:08:33 -0700 Subject: [PATCH 044/115] Fixed warnings --- .../mdm/policy-csp-admx-mmcsnapins.md | 158 +++++++++++++++++- 1 file changed, 157 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index fa89632886..6b0df4c223 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -806,6 +806,84 @@ ADMX Info:
+ +**ADMX_MMCSnapins/MMC_ActiveDirSitesServices** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Active Directory Sites and Services* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
+ **ADMX_MMCSnapins/MMC_ActiveDirUsersComp** @@ -2425,6 +2503,84 @@ ADMX Info: +
+ + +**ADMX_MMCSnapins/MMC_EventViewer_4** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. + +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. + +If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. + +If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. + +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. + +When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Event Viewer (Windows Vista)* +- GP name: *Restrict_Run* +- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* +- GP ADMX file name: *MMCSnapins.admx* + + + + +
@@ -5356,7 +5512,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RRA** +**ADMX_MMCSnapins/MMC_RRA** From 87a5dcd2b30f1ef6a73ccf6f5149b867961d0b42 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 11 Sep 2020 15:09:50 -0700 Subject: [PATCH 045/115] Updated TOC --- windows/client-management/mdm/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 4fda5ba460..83d6bf4268 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -192,6 +192,7 @@ #### [ADMX_LanmanServer](policy-csp-admx-lanmanserver.md) #### [ADMX_LinkLayerTopologyDiscovery](policy-csp-admx-linklayertopologydiscovery.md) #### [ADMX_MMC](policy-csp-admx-mmc.md) +#### [ADMX_MMCSnapins](policy-csp-admx-mmcsnapins.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) From aaa5974d73545b5e369bee8dc0221448f65e4cd3 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 11 Sep 2020 15:37:46 -0700 Subject: [PATCH 046/115] update based on feeback --- .../microsoft-defender-atp/partner-applications.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index 8d7ecfb297..16bd018aee 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -31,7 +31,7 @@ The support for third-party solutions help to further streamline, integrate, and Microsoft Defender ATP seamlessly integrates with existing security solutions - providing out of the box integration with SIEM, ticketing and IT service management solutions, managed security service providers (MSSP), IoC indicators ingestions and matching, automated device investigation and remediation based on external alerts, and integration with Security orchestration and automation response (SOAR) systems. -## Supported partner applications +## Supported applications Partner name | Description |Category :---|:---|:--- @@ -85,4 +85,4 @@ Microsoft Defender ATP allows you to integrate with such solutions and act on Io Microsoft Defender ATP currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators. ## Support for non-Windows platforms -Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data giving you a unified experience. +Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. From 4088a10437006900f5fa7f9d88c1a4ec8df550f9 Mon Sep 17 00:00:00 2001 From: Andy Rivas <45184653+andyrivMSFT@users.noreply.github.com> Date: Fri, 11 Sep 2020 17:00:32 -0700 Subject: [PATCH 047/115] Update waas-delivery-optimization-reference.md Incorrectly stated that the DHCP option for group was 235. The option ID is 234 for DHCP group. --- .../deployment/update/waas-delivery-optimization-reference.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md index 515ad60203..b101477546 100644 --- a/windows/deployment/update/waas-delivery-optimization-reference.md +++ b/windows/deployment/update/waas-delivery-optimization-reference.md @@ -135,7 +135,7 @@ Starting in Windows 10, version 1803, set this policy to restrict peer selection - 0 = not set - 1 = AD Site - 2 = Authenticated domain SID -- 3 = DHCP Option ID (with this option, the client will query DHCP Option ID 235 and use the returned GUID value as the Group ID) +- 3 = DHCP Option ID (with this option, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID) - 4 = DNS Suffix - 5 = Starting with Windows 10, version 1903, you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5. From a5d32bbcf915719adde474eb62b91e7a71cfd948 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 11 Sep 2020 17:20:57 -0700 Subject: [PATCH 048/115] Update .acrolinx-config.edn --- .acrolinx-config.edn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.acrolinx-config.edn b/.acrolinx-config.edn index 2b301ca5e1..ca2b15930d 100644 --- a/.acrolinx-config.edn +++ b/.acrolinx-config.edn @@ -35,7 +35,7 @@ " ## Acrolinx Scorecards -**The minimum Acrolinx topic score of 65 is required for all MARVEL content merged to the default branch** +**The minimum Acrolinx topic score of 65 is required for all MARVEL content merged to the default branch.** If you need a scoring exception for content in this PR, add the *Sign off* and the *Acrolinx exception* labels to the PR. The PubOps Team will review the exception request and may take one or more of the following actions: From f9907d198704faaaee2baee699bb64581be7c7a9 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 11 Sep 2020 18:22:24 -0700 Subject: [PATCH 049/115] Update .acrolinx-config.edn --- .acrolinx-config.edn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.acrolinx-config.edn b/.acrolinx-config.edn index ca2b15930d..c0484dba9d 100644 --- a/.acrolinx-config.edn +++ b/.acrolinx-config.edn @@ -11,7 +11,7 @@ } :scores { ;;:terminology 100 - :qualityscore 65 ;; Confirmed with Hugo that you just comment out the single score and leave the structure in place + :qualityscore 85 ;; Confirmed with Hugo that you just comment out the single score and leave the structure in place ;;:spelling 40 } } From 7411e9cd2cf58d694a52dd84636ccdec7da90809 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 11 Sep 2020 18:33:34 -0700 Subject: [PATCH 050/115] Update .acrolinx-config.edn --- .acrolinx-config.edn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.acrolinx-config.edn b/.acrolinx-config.edn index c0484dba9d..ca2b15930d 100644 --- a/.acrolinx-config.edn +++ b/.acrolinx-config.edn @@ -11,7 +11,7 @@ } :scores { ;;:terminology 100 - :qualityscore 85 ;; Confirmed with Hugo that you just comment out the single score and leave the structure in place + :qualityscore 65 ;; Confirmed with Hugo that you just comment out the single score and leave the structure in place ;;:spelling 40 } } From b0e6671ccc3b523ce436b631830e781f70645ec5 Mon Sep 17 00:00:00 2001 From: Eddy Ng <57738387+WplusAzureAuto@users.noreply.github.com> Date: Mon, 14 Sep 2020 11:00:14 +0800 Subject: [PATCH 051/115] Update waas-delivery-optimization-setup.md Amended line 149 from Get-DeliveryOptimizationPerfSnap to Get-DeliveryOptimizationStatus, this command is validated from windows powershell to be the valid command that has -peerinfo switch --- windows/deployment/update/waas-delivery-optimization-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization-setup.md b/windows/deployment/update/waas-delivery-optimization-setup.md index a93a577f74..9cc82a5183 100644 --- a/windows/deployment/update/waas-delivery-optimization-setup.md +++ b/windows/deployment/update/waas-delivery-optimization-setup.md @@ -146,7 +146,7 @@ Using the `-Verbose` option returns additional information: - Bytes from CDN (the number of bytes received over HTTP) - Average number of peer connections per download  -**Starting in Windows 10, version 2004**, `Get-DeliveryOptimizationPerfSnap` has a new option `-PeerInfo` which returns a real-time list of the connected peers. +**Starting in Windows 10, version 2004**, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers. Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth` returns data similar to that from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month. From 54bdf1bc7eabf190784251ba43a3b72f9ec17a7a Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 14 Sep 2020 09:48:53 +0500 Subject: [PATCH 052/115] Update windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-hybrid-cert-whfb-settings-dir-sync.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index e8e64a202e..efeaaacd05 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -66,7 +66,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva > If your AD forest has multiple domains, make sure you add the ADConnect sync service account (ie. MSOL_12121212) into "Enterprise Key Admins" group to gain permission across the domains in the forest. > [!NOTE] -> Transfer the PDC emulator FSMO role to a domain controller running Windows Server 2016 (or later) to be able to search Key Admins and Enterprise Key Admins groups (domain controllers running previous versions of Windows Server cannot translate the security identifier to a name for these groups). +> Transfer the PDC emulator FSMO role to a domain controller running Windows Server 2016 (or later) to be able to search the Key Admins and Enterprise Key Admins groups (domain controllers running previous versions of Windows Server cannot translate the security identifier to a name for these groups). ### Section Review From b5ed97ba1d15db48f6943b000866ab7ecfd1b706 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 14 Sep 2020 17:24:16 +0500 Subject: [PATCH 053/115] Update indicator-ip-domain.md --- .../microsoft-defender-atp/indicator-ip-domain.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md index 90e188b28e..5f42abda95 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md @@ -46,6 +46,7 @@ It's important to understand the following prerequisites prior to creating indic > For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](network-protection.md) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement:
> NOTE: >- IP is supported for all three protocols +>- Only single IP addresses are supported (no CIDR blocks or IP ranges) >- Encrypted URLs (full path) can only be blocked on first party browsers >- Encrypted URLS (FQDN only) can be blocked outside of first party browsers >- Full URL path blocks can be applied on the domain level and all unencrypted URLs @@ -59,7 +60,7 @@ It's important to understand the following prerequisites prior to creating indic 2. Select the **IP addresses or URLs/Domains** tab. -3. Select **Add indicator**. +3. Select **Add item**. 4. Specify the following details: - Indicator - Specify the entity details and define the expiration of the indicator. @@ -72,4 +73,4 @@ It's important to understand the following prerequisites prior to creating indic - [Create indicators](manage-indicators.md) - [Create indicators for files](indicator-file.md) - [Create indicators based on certificates](indicator-certificates.md) -- [Manage indicators](indicator-manage.md) \ No newline at end of file +- [Manage indicators](indicator-manage.md) From af868bbcb9e19c5579a0547a1f05d8c28b332dee Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Mon, 14 Sep 2020 08:28:09 -0700 Subject: [PATCH 054/115] Update windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index b787eae223..95c1997b9c 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -173,7 +173,7 @@ For CSP (Intune) you can query the status node by using **Get**. This is describ For Group Policy you need to look at the registry. See **Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HVSIGP** Status. The meaning of each bit is the same as the CSP. -### I'm encountering TCP fragmentation issue, and cannot enable my VPN connection. How do I fix this? +### I'm encountering TCP fragmentation issues, and cannot enable my VPN connection. How do I fix this? WinNAT drops ICMP/UDP messages with packets greater than MTU when using Default Switch or Docker NAT network. Support for this has been added in [KB4571744](https://www.catalog.update.microsoft.com/Search.aspx?q=4571744). To fix the issue, install the update and enable the fix through these steps: From 2b99c17befd0b4efe24dd213baa2e83755237d05 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Mon, 14 Sep 2020 08:28:20 -0700 Subject: [PATCH 055/115] Update windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 95c1997b9c..cc0acd5f91 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -177,6 +177,6 @@ For Group Policy you need to look at the registry. See **Computer\HKEY_LOCAL_MAC WinNAT drops ICMP/UDP messages with packets greater than MTU when using Default Switch or Docker NAT network. Support for this has been added in [KB4571744](https://www.catalog.update.microsoft.com/Search.aspx?q=4571744). To fix the issue, install the update and enable the fix through these steps: -a. Ensure that the FragmentAware DWORD is set to 1 in this registry settings: "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Services\\Winnat" +1. Ensure that the FragmentAware DWORD is set to 1 in this registry setting: "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Services\\Winnat". b. Reboot. From 200423ad1c46fb62b08283398f64a367ccfa0786 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Mon, 14 Sep 2020 08:28:35 -0700 Subject: [PATCH 056/115] Update windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index cc0acd5f91..fb7538967c 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -179,4 +179,4 @@ WinNAT drops ICMP/UDP messages with packets greater than MTU when using Default 1. Ensure that the FragmentAware DWORD is set to 1 in this registry setting: "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Services\\Winnat". -b. Reboot. +2. Reboot. From 683626b0cc845bbb90ca1a49bd8c82d7d34d4226 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Mon, 14 Sep 2020 09:06:10 -0700 Subject: [PATCH 057/115] Update macro-malware.md Added en-us to URL --- .../security/threat-protection/intelligence/macro-malware.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/macro-malware.md b/windows/security/threat-protection/intelligence/macro-malware.md index f73ad0c4ca..e9f2edf273 100644 --- a/windows/security/threat-protection/intelligence/macro-malware.md +++ b/windows/security/threat-protection/intelligence/macro-malware.md @@ -27,7 +27,7 @@ Macro malware was fairly common several years ago because macros ran automatical We've seen macro malware download threats from the following families: -* [Ransom:MSIL/Swappa](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Ransom:MSIL/Swappa.A) +* [Ransom:MSIL/Swappa](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:MSIL/Swappa.A) * [Ransom:Win32/Teerac](Ransom:Win32/Teerac) * [TrojanDownloader:Win32/Chanitor](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Chanitor.A) * [TrojanSpy:Win32/Ursnif](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Ursnif) From 58ca9e9c4f420ae6b76bda9659bdaaa16199a18a Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Mon, 14 Sep 2020 09:55:32 -0700 Subject: [PATCH 058/115] updating to direct link this was a redirected link --- .../access-control/active-directory-security-groups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index cd200f6b8c..61198672fc 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -2189,7 +2189,7 @@ This security group was introduced in Windows Server 2012, and it has not chang IIS\_IUSRS is a built-in group that is used by Internet Information Services beginning with IIS 7.0. A built-in account and group are guaranteed by the operating system to always have a unique SID. IIS 7.0 replaces the IUSR\_MachineName account and the IIS\_WPG group with the IIS\_IUSRS group to ensure that the actual names that are used by the new account and group will never be localized. For example, regardless of the language of the Windows operating system that you install, the IIS account name will always be IUSR, and the group name will be IIS\_IUSRS. -For more information, see [Understanding Built-In User and Group Accounts in IIS 7](https://www.iis.net/learn/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis). +For more information, see [Understanding Built-In User and Group Accounts in IIS 7](https://docs.microsoft.com/iis/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis). This security group has not changed since Windows Server 2008. From 62509194d5b42c5cb3721211453e031157843db4 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Mon, 14 Sep 2020 10:06:45 -0700 Subject: [PATCH 059/115] fixing a dead file link --- windows/whats-new/ltsc/whats-new-windows-10-2019.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 7d1960a2b7..5b732c9387 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -128,7 +128,7 @@ This also means you’ll see more links to other security apps within **Windows You can read more about ransomware mitigations and detection capability at: - [Averting ransomware epidemics in corporate networks with Windows Defender ATP](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/) -- [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](https://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) +- [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](https://docs.microsoft.com/windows/security/threat-protection/intelligence/ransomware-malware) - [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/) Also see [New capabilities of Windows Defender ATP further maximizing the effectiveness and robustness of endpoint security](https://blogs.windows.com/business/2018/04/17/new-capabilities-of-windows-defender-atp-further-maximizing-the-effectiveness-and-robustness-of-endpoint-security/#62FUJ3LuMXLQidVE.97) From 77266ff9608fc6d84f3b8bf277a6ab24daa2a931 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Mon, 14 Sep 2020 10:07:57 -0700 Subject: [PATCH 060/115] Update whats-new-windows-10-version-1703.md --- windows/whats-new/whats-new-windows-10-version-1703.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index abeafe5f05..9d74b2f7b8 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -150,7 +150,7 @@ New features for Microsoft Defender AV in Windows 10, version 1703 include: In Windows 10, version 1607, we [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment in version 1703 with [updated behavior monitoring and always-on real-time protection](/windows/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). -You can read more about ransomware mitigations and detection capability in Microsoft Defender AV in the [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](https://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) and at the [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/). +You can read more about ransomware mitigations and detection capability in Microsoft Defender AV in the [ransomware information topic](https://docs.microsoft.com/windows/security/threat-protection/intelligence/ransomware-malware) and at the [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/). ### Device Guard and Credential Guard From fd6dc7b9e9b7610e0ff91731f4e3d7aa44565430 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Mon, 14 Sep 2020 10:09:16 -0700 Subject: [PATCH 061/115] Update whats-new-windows-10-2019.md --- windows/whats-new/ltsc/whats-new-windows-10-2019.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 5b732c9387..0c70d89c9d 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -128,7 +128,7 @@ This also means you’ll see more links to other security apps within **Windows You can read more about ransomware mitigations and detection capability at: - [Averting ransomware epidemics in corporate networks with Windows Defender ATP](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/) -- [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](https://docs.microsoft.com/windows/security/threat-protection/intelligence/ransomware-malware) +- [Ransomware security intelligence](https://docs.microsoft.com/windows/security/threat-protection/intelligence/ransomware-malware) - [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/) Also see [New capabilities of Windows Defender ATP further maximizing the effectiveness and robustness of endpoint security](https://blogs.windows.com/business/2018/04/17/new-capabilities-of-windows-defender-atp-further-maximizing-the-effectiveness-and-robustness-of-endpoint-security/#62FUJ3LuMXLQidVE.97) From 5323230175e3727a46039391198639abbcdd2a68 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 14 Sep 2020 10:30:51 -0700 Subject: [PATCH 062/115] Update indicator-ip-domain.md --- .../microsoft-defender-atp/indicator-ip-domain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md index 5f42abda95..50c42b1fe9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md @@ -1,4 +1,4 @@ ---- +--- title: Create indicators for IPs and URLs/domains ms.reviewer: description: Create indicators for IPs and URLs/domains that define the detection, prevention, and exclusion of entities. From c0c5225f7d50fd00004e88a62c119b40cc594cc3 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 14 Sep 2020 10:34:32 -0700 Subject: [PATCH 063/115] Update faq-md-app-guard.md --- .../faq-md-app-guard.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index fb7538967c..372d0b750f 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 08/17/2020 +ms.date: 09/14/2020 ms.reviewer: manager: dansimp ms.custom: asr @@ -175,8 +175,8 @@ For Group Policy you need to look at the registry. See **Computer\HKEY_LOCAL_MAC ### I'm encountering TCP fragmentation issues, and cannot enable my VPN connection. How do I fix this? -WinNAT drops ICMP/UDP messages with packets greater than MTU when using Default Switch or Docker NAT network. Support for this has been added in [KB4571744](https://www.catalog.update.microsoft.com/Search.aspx?q=4571744). To fix the issue, install the update and enable the fix through these steps: +WinNAT drops ICMP/UDP messages with packets greater than MTU when using Default Switch or Docker NAT network. Support for this has been added in [KB4571744](https://www.catalog.update.microsoft.com/Search.aspx?q=4571744). To fix the issue, install the update and enable the fix by following these steps: -1. Ensure that the FragmentAware DWORD is set to 1 in this registry setting: "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Services\\Winnat". +1. Ensure that the FragmentAware DWORD is set to 1 in this registry setting: `\Registry\Machine\SYSTEM\CurrentControlSet\Services\Winnat`. -2. Reboot. +2. Reboot the device. From 27e36e089fd224349a9e7d8105948536a58e8c65 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 14 Sep 2020 10:41:29 -0700 Subject: [PATCH 064/115] Update test-scenarios-md-app-guard.md --- .../test-scenarios-md-app-guard.md | 22 +++++++++++-------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md index 62a64b4adb..1b3e19b06b 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md @@ -10,6 +10,7 @@ author: denisebmsft ms.author: deniseb ms.reviewer: manager: dansimp +ms.date: 09/14/2020 ms.custom: asr --- @@ -29,7 +30,7 @@ You can see how an employee would use standalone mode with Application Guard. 1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard). -2. Restart the device, start Microsoft Edge, and then click **New Application Guard window** from the menu. +2. Restart the device, start Microsoft Edge, and then select **New Application Guard window** from the menu. ![New Application Guard window setting option](images/appguard-new-window.png) @@ -52,21 +53,21 @@ Before you can use Application Guard in managed mode, you must install Windows 1 1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard#install-application-guard). -2. Restart the device and then start Microsoft Edge. +2. Restart the device, and then start Microsoft Edge. 3. Set up the Network Isolation settings in Group Policy: - a. Click on the **Windows** icon, type _Group Policy_, and then click **Edit Group Policy**. + a. Click on the **Windows** icon, type `Group Policy`, and then click **Edit Group Policy**. b. Go to the **Administrative Templates\Network\Network Isolation\Enterprise resource domains hosted in the cloud** setting. - c. For the purposes of this scenario, type _.microsoft.com_ into the **Enterprise cloud resources** box. + c. For the purposes of this scenario, type `.microsoft.com` into the **Enterprise cloud resources** box. ![Group Policy editor with Enterprise cloud resources setting](images/appguard-gp-network-isolation.png) d. Go to the **Administrative Templates\Network\Network Isolation\Domains categorized as both work and personal** setting. - e. For the purposes of this scenario, type _bing.com_ into the **Neutral resources** box. + e. For the purposes of this scenario, type `bing.com` into the **Neutral resources** box. ![Group Policy editor with Neutral resources setting](images/appguard-gp-network-isolation-neutral.png) @@ -79,7 +80,7 @@ Before you can use Application Guard in managed mode, you must install Windows 1 >[!NOTE] >Enabling this setting verifies that all the necessary settings are properly configured on your employee devices, including the network isolation settings set earlier in this scenario. -6. Start Microsoft Edge and type *https://www.microsoft.com*. +6. Start Microsoft Edge and type `https://www.microsoft.com`. After you submit the URL, Application Guard determines the URL is trusted because it uses the domain you've marked as trusted and shows the site directly on the host PC instead of in Application Guard. @@ -254,9 +255,12 @@ The [Application Guard Extension](md-app-guard-browser-extension.md) available f Once a user has the extension and its companion app installed on their enterprise device, you can run through the following scenarios. 1. Open either Firefox or Chrome — whichever browser you have the extension installed on. -1. Navigate to an enterprise website, i.e. an internal website maintained by your organization. You might see this evaluation page for an instant before the site is fully loaded. + +2. Navigate to an enterprise website, i.e. an internal website maintained by your organization. You might see this evaluation page for an instant before the site is fully loaded. ![The evaluation page displayed while the page is being loaded, explaining that the user must wait](images/app-guard-chrome-extension-evaluation-page.png) -1. Navigate to a non-enterprise, external website site, such as [www.bing.com](https://www.bing.com). The site should be redirected to Microsoft Defender Application Guard Edge. + +3. Navigate to a non-enterprise, external website site, such as [www.bing.com](https://www.bing.com). The site should be redirected to Microsoft Defender Application Guard Edge. ![A non-enterprise website being redirected to an Application Guard container -- the text displayed explains that the page is being opened in Application Guard for Microsoft Edge](images/app-guard-chrome-extension-launchIng-edge.png) -1. Open a new Application Guard window, by select the Microsoft Defender Application Guard icon, then **New Application Guard Window** + +4. Open a new Application Guard window, by select the Microsoft Defender Application Guard icon, then **New Application Guard Window** ![The "New Application Guard Window" option is highlighted in red](images/app-guard-chrome-extension-new-app-guard-page.png) From 84501ad7938ec07add0d9947ba39520c2322a1f7 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 14 Sep 2020 14:18:43 -0700 Subject: [PATCH 065/115] added language tag to make links work --- .../threat-protection/intelligence/macro-malware.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/intelligence/macro-malware.md b/windows/security/threat-protection/intelligence/macro-malware.md index f73ad0c4ca..8c150f381f 100644 --- a/windows/security/threat-protection/intelligence/macro-malware.md +++ b/windows/security/threat-protection/intelligence/macro-malware.md @@ -27,12 +27,12 @@ Macro malware was fairly common several years ago because macros ran automatical We've seen macro malware download threats from the following families: -* [Ransom:MSIL/Swappa](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Ransom:MSIL/Swappa.A) +* [Ransom:MSIL/Swappa](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:MSIL/Swappa.A) * [Ransom:Win32/Teerac](Ransom:Win32/Teerac) -* [TrojanDownloader:Win32/Chanitor](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Chanitor.A) -* [TrojanSpy:Win32/Ursnif](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Ursnif) -* [Win32/Fynloski](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Win32/Fynloski) -* [Worm:Win32/Gamarue](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Win32/Gamarue) +* [TrojanDownloader:Win32/Chanitor](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Chanitor.A) +* [TrojanSpy:Win32/Ursnif](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Ursnif) +* [Win32/Fynloski](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Fynloski) +* [Worm:Win32/Gamarue](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Gamarue) ## How to protect against macro malware From 9de6d1f7874b5f36b6fa2ed009ed502855f93aa3 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 14 Sep 2020 14:39:06 -0700 Subject: [PATCH 066/115] updated link --- .../security/threat-protection/intelligence/macro-malware.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/macro-malware.md b/windows/security/threat-protection/intelligence/macro-malware.md index 8c150f381f..b6f4a2b873 100644 --- a/windows/security/threat-protection/intelligence/macro-malware.md +++ b/windows/security/threat-protection/intelligence/macro-malware.md @@ -28,7 +28,7 @@ Macro malware was fairly common several years ago because macros ran automatical We've seen macro malware download threats from the following families: * [Ransom:MSIL/Swappa](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:MSIL/Swappa.A) -* [Ransom:Win32/Teerac](Ransom:Win32/Teerac) +* [Ransom:Win32/Teerac](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/Teerac&threatId=-2147277789) * [TrojanDownloader:Win32/Chanitor](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Chanitor.A) * [TrojanSpy:Win32/Ursnif](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Ursnif) * [Win32/Fynloski](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Fynloski) From 399328ff49c31236a3deb0603209040dddf7eda2 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 14 Sep 2020 14:42:03 -0700 Subject: [PATCH 067/115] Combined paragraphs in notes by adding angle brackets --- .../mdm/policy-csp-admx-folderredirection.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md index 36a90041bd..268a4738fe 100644 --- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md +++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md @@ -99,10 +99,11 @@ If you disable or do not configure this policy setting, redirected shell folders > [!NOTE] > This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. - +> > Do not enable this policy setting if users will need access to their redirected files if the network or server holding the redirected files becomes unavailable. - +> > If one or more valid folder GUIDs are specified in the policy setting "Do not automatically make specific redirected folders available offline", that setting will override the configured value of "Do not automatically make all redirected folders available offline". + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -173,7 +174,7 @@ If you disable or do not configure this policy setting, all redirected shell fol > [!NOTE] > This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. - +> > The configuration of this policy for any folder will override the configured value of "Do not automatically make all redirected folders available offline". From 8a97875c82e4afb4d0baeed198949d75c9fbd426 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 14 Sep 2020 14:44:28 -0700 Subject: [PATCH 068/115] Combined paragraphs within notes by adding angle brackets --- windows/client-management/mdm/policy-csp-admx-help.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md index 6a2eab55fc..6e38d6f3fa 100644 --- a/windows/client-management/mdm/policy-csp-admx-help.md +++ b/windows/client-management/mdm/policy-csp-admx-help.md @@ -245,7 +245,7 @@ If you disable or do not configure this policy setting, users can run all applic > [!NOTE] > You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings. - +> > This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help. @@ -319,7 +319,7 @@ If you disable or do not configure this policy setting, users can run all applic > [!NOTE] > You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings. - +> > This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help. > [!TIP] From beb0000a9072aa270e0b36af50c0e41754bbe62d Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 14 Sep 2020 16:50:55 -0700 Subject: [PATCH 069/115] logos and partner descriptions --- .../images/arcsight-logo.png | Bin 0 -> 2800 bytes .../images/attackiq-logo.png | Bin 0 -> 1445 bytes .../images/cymulate-logo.png | Bin 0 -> 3519 bytes .../images/elastic-security-logo.png | Bin 0 -> 3567 bytes .../images/ibm-qradar-logo.png | Bin 0 -> 7354 bytes .../images/sentinel-logo.png | Bin 0 -> 4439 bytes .../partner-applications.md | 42 ++++++++++++++++++ 7 files changed, 42 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/arcsight-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/attackiq-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/cymulate-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/elastic-security-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/ibm-qradar-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/sentinel-logo.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/arcsight-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/arcsight-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..5ec3542ebea6b2581b468a90d8f60b339cb9e72d GIT binary patch literal 2800 zcmc&$XIB%55)Cbc5K3rClqMYorMPsZB?MNCgd$B86{HD*bm;-5H$^}M1W`&9K|);! z1cHHGx*$bDZ!QuNfozcG%bxcm_QTAanKLtA?%X*y)dqtW0G|Q_0003iOQbD32D0q| z2*~yq-H|-(z!zxg91H+RDE@04R<;TZc9A#4>MDwNl}`|+DV@snVGn|{t&pbn5yiBU zs6hKKQhi-s^nk&De6?~MpD<*}(=Ii2or6!ul=FIpy+FzY@0p6;Gn4tr@+mogO_zf| zgA2hfh%2s8kQ`h=4ky@Op`?}LJ)ep+pPv~@-`XZ_Oc`4?D>$2&OXv;%9NZe5CvF@K zw`~N+u}XuLgUKl=vQUY+rtSFEzj8Qv&|opim=T#QnM)7V56=ALLte`WjiD>ndvW~9 zM2&DiE3oO#{ePFLP2d}o{~{rsOS&lV#%Jn%j4I=IS+k)^T`Y5|X|(8NofYgunu)DL z^^i^uIcV);%IMfw0)=AXRIB41V|17bqS0veGxryZS+&|3-Sl#V_n$+iK|7Lq_;(j( zN|jsBa{4C=o{8J^m>?eO1oH6q=%d%OtdZzzq}HGoSp@~|wY9aFtQNUTQcFuq^)9tA zb#r9@zyR9Er^b~}7lOcj{B;Ba_EHuP#RrzE>%zZ`Uld?6nf?9!q|M*_jO504IrY(g z+m1Gd#ol_yzcn^DUrzSD?@ba7E+xIO`lxdLycrgI#v)5{rpgJ)ow+-3PX>B>sfTB} z{&wOaXNGCjl>FigukK8X=z>m3{CMggUtI=^m>`R6MBuiJzsISytz4Sz;^jmvCe6LJH77^KoN$)c+)>|5@sMM?D^SbJi%-1 z^XKKS*BzRo+L7LVe&(K@Z)amLRp2T+Vh9icsV)*ujEmmkyR)4_a3d}Jc0r931`I`_3*$Q2=FdE0ksT5HcS65Ty955+3tG5?9Sg6URs;UYA zy!?_@X!Xq9-xv2#fDyegptb`sC0?$ zkr5$-l41GfKN$CcB1>EO;kO|IkB9qs^QR5R>O=inwA;v&+^#3O)e9fR*IT*w=YnMl zG2KGnr^hwdGz#_;(1`jX(}%NoPgSH09m*O_Hhbc-1QsSnezkcdMH#`n^KqVdLN{1b;mtG+0J9Ok>^r1@= zt#QWC4P>!hRFLMHg@w(^$#Jj47xC<1jH2ROF;P+TlM{}{*yBgb#iGz$JU--*)-wLJ z$uBh+Gh*D8q?VuH(d6P5N+1w?CaTBm?d_38m18on^KZ({lWij-+umjFG-zr4+#g*c zC$nepc-!b`qqlG0=2rUHJ2_dFmzQ6RU(?2aAs2dqc(rEtP4<7uAn+0+K zA@Ieo(mK(4duh^P?Q^u-2ndk6N*8)ip_?&3UtL@KJ>N4!bMfqnJa0Cif&*%IOrC+z z2U18&vR4zASGa=rrM%S#6DMPbL(6(Y0tGmrjYYoHMY_=S}4> z`Ka-ty`v-RDO^+=8rCi~+d_}W;{y$f3k!r`dZES4n3b#Ak|Cevk3tg~RliYOtgN<$XKT1fs+iwsa zlJ}f^;>OcISA!q#j+*e+i`C<&;a=RmCWbQg@DK|zkjj!Wob>zk-kBf_WBCofGL~U4 zZPix+{fvxsYK(wJ$HW{)-^kD`v{ph|Sls#ZsiKOSipj%=T3N635>iqu2TNXZqUy@< zcyLi=#k_Senc)lj~5b>QOnLLjauBAmBwKJFG8il6VpWi@EEFyVI@ahq0+ zYp*QkhOOgww+Fy-Q&lxJP&{5vP3^s-Bnn#}#R}*+Iasi02scr0X0&3t?1mWh*-9u9}2{yz4dnUa-7F-hlna6f{}%F0TmuA0&BzUd%N?mXh` ziehjSpWT-*48PYi>G5f6CR_I6o=$Y^w;ZppG*$|rm7JQT?Zrr6xEvAd9tHWJc=nXk z&xLryEe&8cjzFx4LQpg!)~(@BgwVSiyx85ZE>2;+W>~Rey&tzac8Bk=K~TGOB4=xB zOM-LVg+QUXaLwg){vHj8ln#VWWJ#ZTS;YA2=a-w8mn0M(6Hg*R;f9YOO4fy-#G4DX zm>bbXM@L6Dg2+8&%^f*qz7&(<3g01L4I<1!%?(T}fZ-Aof1Dh;VjUfm6M2Q?Hon(E zVKNH~=CpE88~dV20}5k}kzGxb5^O1%`youmC9$5W*2eidT(XdI21LHpQ0#eqzE`cy>C zsUEndaI z?zT_PG2lDdMcn_2t^Z6$nREvozJ9fW&b~p5wLAdH?=Y^EC`zMln(=JJK^t{*`s`*y)HD~7-$+>*V zm#HbOHHDL;HQJQMXtHFRFGFUsX_KUKyXXFgp6C5~zh2Mlm-qX5UeEK&3&La9o7kEF z0I(kCj|tZEIX%e6M*8h63G~;~TC#tb-n82F9}IB8J2iR}Lcs<2LMGRmSz7~*J0%+d zzz~DOpbw{9eJc(0uT1`~d!gt+1=4TRfYFoEMD&c%m|}b^w{>jGhs>Q62kh4MJ z2~F+fb`O3be1a1GCm%&CBeZyx*0F^@gR5D!IMZGG4mD*Zj=iFo~#}>vz)))XjXmr;6>B8{j)e7$#^Q87IN$oQ7mH;sTh}`!!jhEJ-!?%tKRX4qQ3 z8~c!+A+7ds{RhE}ntzii4?334jSLM9ZGf0>h10qiLlQ~in+LLZHxN8OS>fpD*fUPH z>1#__sGC)(LS!=8EjHV^LD4Zu_89ExIY?Piif`OvFwkwX_^weEv+YOH%g83}neH7j z)GgQ*&dj6t&!!x66$4RElqHu(=3cz8@WW!q7g7jK!%#EYfLvZEm&*@3aab)a8^glF z;4UuRa`{$iyt_ak2s(1)Z{2Gi0jeK>td@HnyH7T7b92LSE?m9*s5d?#Au1)shR^3W z4#xtS4<3NmZ`@GK%i3`@wblA?oDhh*d-p7eO`ELp4J+z-s>PG3sh-Nk1B@UYDLL6X zIy&0HL!~Iym3q3mt|@tzGdmk|2#>Gha#5g_8LhaoGG8i{o-((LB9S1+Io3=j^QlOL z&B(|QuDt8-hk_tTa4om+_DfAo)fvET)}15}fZpETn;Z_7NF=`CcBN~#Wvn@k-G?td zelVu$`blr<2WUu0$c$2Hpqa>Pym=E2dLxlpJRX{olvJ;CSrO1TKNSiwzP^UQZ2IKp|p&`E|X9Pl!1{wlQ!v%A5u`ylGaXtob7Ol#=#gZU51U9DerPN7gGdZ-JIh z&l&Pp!hHU^ia{->=KWf~y}-dZ%A~U_`-iVBb4O!5Q7bcvRS>36MexB6Wl8PeSlp5S bJ89YcS{2*Vx5$pAuUG)*i^tsgiIDv- += literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/cymulate-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/cymulate-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..daa2aef8f818f1bb19535a1e2ca4a0c54f9c324f GIT binary patch literal 3519 zcmchac|4Te-^UfVEjvY$rNr2`NyA{Q*|)KW?EB78!b~G;wuG^Ci(*L2knC%bgcuBl z24mlEVnnv_T=(<*`TYI+{c*1IdR^yy&-J~|`F!5z^-Z-f(`RMoXQrW{VKp?+g#&%) zzm1U|cz&DPHwHSUPy>eu8k#G&{%scw;iA8QmkbC)Q$26s&VF-_hHAqidD~fen2Eogz-?JAP_fhg* zV(l`{rXNO>?6J#}veT{Gzvz!v(?-8;a^lgIy>a7VhMG2}k0z&A?NPT5fI@ z%)u1)K*t8% zJ!LKJ%8#I0yPF~|3|1mziy*Y1{{Kz1yr`bZwHB7EnN>#jNZ{7+e|Tt!$-L@Ml>t+x z)W_?*q6JAwIHm-M%`MPgm=T>SZpq?CcV#OZW&Yp^BdaVF`a`c%;uXZTG@yS0-y^{} zIq`A@Han#^Fpmf(+sQafPmlGZsMI@uTdu$^_ki|>cNFA{Bctb^sBdLennNZg+$hK5 zCk8&#)GK9cXym0pbI+p=8N-fbTO%ga4CxECyXt>OsE40Tu0T(2W(nkRn0uc%roU!5 zmXY^80@dulH0Ov%>v^NnEcZ1##TE1}6n`?8D*ezcwi&gPnk3eA`Zv5Qjst`(fA=oU zS~797<QY2= z364oxr>x=iV{(>2g5SPV`XU5@K-2`!sBX6(-uL(SfAjXO`)IkLv_oxzFSx&YzG@h5 z)ImKC@cvQog%r|hs!Td`6UjDsW*};|p)PLqQ2=#R5?QP7WY^+ctk~M<(Bga@u4>lU z?a-S?*5}^K8tBMF#h!I&rHG@WBX;uu z`JsfnH_X$@Du;#s$sRkZ$x$q)Poo{*5TxSyokQi}FW2VanXI}Hq3^4e=DU3vXL9R$ zsIH)y9Fq9crwY9;X<-GW#57Q@rXCE%IZftDG zo93*ncwdpW|I8p1t7&N1SAE0j%$h5e&e_=+k{QuoJ@Za;3Ry6As`9-%XpX90l9T+i zCcgu%Tzc_CEC(Z6Op|ajJ8YaU>oryDm5agDdJppZ2Lz1#zRCUi?OREHetzG8fSddo ziYRKVk&#h>q8D>dPY=ykcZK^8=l{BhrpY!)&`Z0LZ6f9u80guZ#2Pr$a#@5fBO}8J zF{1b0xfNsc&NjQxlTXo;5tteufAL_4jGu0fkdTsE9D?rXGNN;zXThiiSsKSF$H$Lw zZF~J~hpr@LDckq1l$AkIE+#+|W%^m(TazC}a|~ZbuU!2}A{kZ^+75mO1Wwf^N?28J zuq7Lc<@_jAO7;a8wXRlKRl@Jx`?;#TbvwcP!KqCYm8f1DF%cBqxI{Xa!3LEeAT>db zRLZ!WF#)_>=SL`ya5B(H+H6tGGwR#e@OQAc2X&tA4NP~aM64K?5|(}wUF6sWAi@Fu z{+{xDxp!s|IV^M+n`_h%YZlF+^V(P0k|R!}2cA<_@%dAMw%d~*b?BdHMQ=B+u4vaU zLc$NWrbbsOefomYq9Kff-k(;PhJywFy*uNYrea-t<8y9 zL{vDDqqd^ruJWBb0}TzzD#+7^enl1U-@nhTERHIY27#X4)X&Tv@dbxCE>Q@ZqIXqg zhbf}k4cm8B3p-Hmna|BCQ-w6r-T2b^Z!?Fw64%p}c*Bf)Y4b z_`xYa7MZ(?y-FV6SfmHs$sKVp$(lO|=gNi#j891%roZ24VHZNnz@|%#d_4l13dAUQ ze4C>j0d}GcL9<56^gSG|ytAvOcU}0J8oS%W3&=W;^XA<-2wO?)=wUMcP?eq;^-R#` zW>J#m1EvM>CI1RPINZrZ`NeWKJ8bFOwU8gAOUsshyc5KTp38PM;mbx7)h_t$nbr$U zi>NjuJ$~RUaY{0&6&aY)Zx?5(6YhK}J6IAmlMQP3`*mEgX-=jofz!mc|>pgfn%~)SwA4?g$(}WwCl)}yJ6U=><`||>)o3i)z!s%J~hIe?n!KNkz&z;$J;6eac zQr$^aHO5GoIpJ801SXH+g9Hn1jqvdfi#Jc zs!%AvuiU)6uwQdp2^_gRyh?G$i0#gEWUPh|yT%{a#@RzF2^kqIpk8y>S*}}m5+`$_ zZ%`1nrKRXPG)lmaR^&}p)t6dn+Yk5jM7idBcwNfhzI~c;?M^r;s4;A9Sfn9vYBb1% z7+IVwge(9YzIRH&e?qLoF|yA6?;So(wnZxi5OLU7uh2h#-fIXUo2dzk7n&%>9q((5 zJEKl_dxc;J?&Mi@>z9^!=O(5)e_|O2vgA!6{EfGsvjYEnl0PsxGIclEgHTvMRh&)< z+loOtsueudWRx+N8v$p8LQFh7ZeqOLNXi-|S(?I{Ha3?Rzhx}u+1+>hn!?E_!l4aN zJbLp(BP0EjHUPf%n7;&=8aF3Cc>J3C;uJYy|2Ve8m@#qcEqK+(P-A-!P& zLuwQg{%hB&-n=QrViN%YvpEx^*Ip&3^e$T4+A2oxd7dI+-O230MXOlIg2iG@iomHN zI!W?TTlP`g)4*woTuHOEwfzR{^pBYb5wxqYrZC5M)?Wb5u%3hpQiW<7gdsX@QDv3ZdF+`_lEsCIcq-lQoIV_FLRNDkq#s+y`_Nd zU#%n?pY57FKdZ_V>}{ou;)Oy&3)C0Y(gAnPF`s9!Cqi zOC<4x@5>pz5alBk6ei|SZq-!a+Tu?_?%0};9_XN29u-sikEmA zd8e|xoUW5h-s~TQah+|WTZU7tOR~hk_s@{r{|sf@B*44zxk^ZVj~@B-lA19LyBrF; z9}#ARtmYUq4SuUp@{XaTo8035xKzx(UlS$b&8||qFc#X640ZRTzl`R%jJDVjmomHR zFE;mID+B&t$+4PHX&q=!KI}b{L`Ju$f3TQWw`TnPZzXdCTQoWOy`;5V1QcI1hI(eY JIBnPX{{b&4%ZdO1 literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/elastic-security-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/elastic-security-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..30352fe3b7be6d63b6f261aa7c94ab88cbfc46f6 GIT binary patch literal 3567 zcmb_fc_0)1`=2Ok=3Fdyt_YhPCB~$QX=~;Pm3t$(b40G3g`BzODn|?w?;p?mdEU?SzW#VUujlZG5k9os3Q@L%CTS;%j&o!o&aj4}7(Nj}kYIwnqbA?*FBDC8BZkizw% zP(O)@qDOD3vjLvv8Q03rpmOl2N$2bR+!_}RTzF{`OMGkhy=nM*t9zDJ_^a#CDNYzm zes17b#Un2@XOzWR)nKQ@wzC&$5Z*o-tv~l2WV-R!nc3o|v_sc5j;Rx|HWw$$-bPtb zW+}g!``ckAf40LuG^zp%P-y~2N{+#bUW$C{&!kl;AOGQGcADV0DwBE&(G;zz4tLQN zD>35+&YkdHEzBLLXo_b3jjgO_9z?|ztIUBa?KiW<0mZ0-Q4`sW7xXcc!s;5$x_oPJ zb|)MG&0Q@dj4UOWRR64;EIj9}jbXfU?_V0)Q$+;Rl>}SRiLVJ}acY*bUPK}1!7QHJ z6-b(f!iOB?|3#>z=qMc(=V9csmK-(uon!dI=H6wpsRBhTsTARNshsj6GSzIE2CVrB zii+0=yMW$OmMYIo^mx}VQ*Qa9x)L#`!I7cwaBMMCnTsSw>Z>B0x^TqsCuRcYkmuVPz9=F8?yHF)g`h^ zmmi*2Y#tKS?^)%<#R=q{DLT3;`II-sEv(AODPJ+aVq7;uH(*d!DgQjP-1^xqH`Str zdHyxI98?)Zv6Gs*8lU0>d7%VpkEZ@ETPW@*DHph`LQNxn(FhtWJx6?@QiRleUtlKi zBl$c2XM1XdRBZQMP(7w!VgCP4*D z!q=OCK$WQ-%a{(cEE?Gt1+ncK`9H(<35ZrkB4233RG z?ZkMWwV+igNS-V06`A9!P=(8tC*usuKjU2?rsvLHNKk?rx9!{}U5XUP*&%-UjN{!b z{E)Nr6LLGB@yt`&m1ZM zBBJpdo?`rMaQOW6CtS}v5D(?!`603+*pPG{oD)7ZrC)=7NF)=p9s3d5S`;xQd=S-n zPV6axj=iJ~q7RPDUA`hl1PJC9_*zeXUW7S$W6#wi!&cCWsm;VKx$GhOkcw)Bw!mWM zU6?Q5HGh?Cq)LqeYsGkb_i?nBc0*Ao!GBE_BYA( z|1!kINYAjyepX`ThkS;qOP*qav$?%J%HRJ2H@{S=4y3%a^x)};x19)kDk~yh-W;^E z{C8w7;x}b>HnzGNT~k}p*}3-gvw`FaI-#XSpX=D(mr1MV*;)qt!si)n%MJ_QOd?}P zmtVeCfA`}DRm+4m;g{KC+ag1jP|J9^Von?BPX z1hIto9eQ8iu%cPA7u8K=i(hni=X9`^I;?E4#^{X@&1auBzI=7}@X5d7jnNLyyH60VRlZm3dR2C_6H$O+IYtEA$& zNL5PtKUy(^-|_fBFlJ)op}xEj>hlUXv>TpT1z$4c+6;pgI${htq}N#K{QMI5zNaUS_M}-kPOqN? z>JBHv>fNVXBxSe)+*)6+HC_jVEKP|{H3sReSS4K!aJ$dIP#N2rFaf^Dw!wQAbD{2f zdegxSrg%Mp9M(bW@`NSgGn1DbOyN@GWo9Yql>TfN-a^?SijMiaUq-6#8@}X-Rjg&~ zS3Z9!4_^4{Sy$L!%B}c@vs~$vtE=lP2L>2n$JCT^Je2Q|lWSvzTU#fR=@Rgeyy}5d z>;m&P?7o`byr(POv!3xdNSstvB~L_asOunKlXzMO*)UHp{U95>K1UWWXjRwI`54RE zQN@usQvKGZ)3lCv>|9Um@hmq z9aAs|_q=}V#$Eg^kvD}VK zCYU?0d=6{s$?f~NAFG}UhsN%%cHLSuQ=;$Tdzkwk|w)L_N@W4%{Km& z6zT;Hc%dgyZLrj30DSXs*D<8tTXc2Ocd>2Rv4TWOud9>V0&Z>YbuR8RNJ_9}Q=3cs zJ6%{;SN*7+VLcwMW82%?LWyyoemwN~hQmb_{0~-(buX?YslPi24Nz85AyCA9 zFX#q?)5s~ZVA%{IGc%)uakWchW40!~Sm|*Z;P4Pkh|o`1VqX8&o8dN=tXSRD>Wch8Sz_5#hdf*nktLJj*hrh z?c4JnM{cS_?yZs`QfFS)G$mUj+S301y){`s-w!+5r>@OM0dfbUdrH0qcZ>%e<{^Rg z)MuVI&R1qN`BU5+9){{u?ZZyj);1}_RC?*m*CFG*!gh;v^WR;6=EBZ)ECo6`!rm{K zLoFS5@zpYSER2i^morTBOm&bE5o!d2;3-ZHF|nU-{63^de)2>zso>^Sc*e)oAPU@7wlqbcTb?;g_Hy1gUpzlR(x zrXu=QhwHM}19kHrjNh4oiXM(DvG4KeV6F}oPZ-GyRdmiRT16p0kaOlnX6@;~j?QLCA^+Du zpJy~YXS9K5KXUP7xT+uiyj?4F3UK5Hr zM<(BFA=fGu|My?||F1{*h|<7@bJCU$7Mc#8hD}XsVT3k!-zb}VjlhI9kv?11!k<2Y zlVWt2=IS5za1Dr*i_@uUKW+4c#d)pb6NIzl3Xa{Z O0Z_&_kab2*G5-OX|IkGM literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ibm-qradar-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/ibm-qradar-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..47a6790a6fc8938c59d9faf565bf5b9a5d7431bf GIT binary patch literal 7354 zcma)BS2$c~{YxbTq_Oi>5aPv0*qXd~-uW zB4YS&y;A%_e~u`=aaUB8eY1msL(GBmjl`=M35nvHqKu@Lcjif!ue+g+-@b%z&b;5z zAEjjbp_(1*OulQ1IVXmiFn&Etw z%mh+W2?@mXG?CkaocJQuA6S#whra9Uw44nHS)bi+57!W``WCPXS;$-)DgzgV_mAgq zkJq1{{T~}+L+A8rqh8KTk&o9KZ()uDEJT4m4^%0}KG*t-G1@a-&wjq~P9Ah$s|CyP z>!qrcW-z;0G+0r~WMH`ezkT~-e zmnOEVRtz8F9B^H*kdOBqJ=fWT1lPqdv_x!MIKMt^G#cIQmvOcRkk7QmUax z13TKg4&lCv3iN*DL?zp?vL2yy={@`hfbP7-d`D^h+~e&@R%4Gyoc+^@FP#eD$7@y# zLc>0-wVvzsHUjKdGRSDEk|;hznwIL^hUY2vo;?kcq84m|`H(p%rg)m!Hse>MWEx%l zu=0P8H*?t<*9#7)Me9-nkn%{~CmtSK&}+Yly!>v zPdgfaWXo-V;$NPKSpj;dW!zlW%{Y$lqAq;0Ln2;gd6aC@&a-C;V$ak9qN=&aoXt2iEZdq_-`TlcYy^KpG2!7fuTQwa-hw5_W9>*SQ4C;lg(&s*vBhjFIA)@4 z9RLGz3`zxl`n+q2LT#ehQ2&OU<$ZBkT^-uk)>2(FOmCI%I9Ll9JvBjAZI|As=TIiV z3(RHIm_5JB2Nb#)X-Arp2eW=0u(ADBon7gZ_fdNq{1Ivb@52}+vnYt7RR5r=QNgY3 zpy|9@_{ZTgX>V~mn)6viSjyh^?YK`64)*@R2TnFUZA@xPf#&D7ySyWZAH|%j5}hL< z&82wYy|^JSiRyNmyvvF$&eOB~-7bUKBT0Q%_eV<^JHc3##DW&&0x>H$co9eOQei^T z{Zf99=(&>X`mrc*~;G|qu2%&LXKwu7Kx}H1f7j#e0uyxTqRNg)4a0VS& zYQJ>~Q&{n#1iFmjzS&&eY||QPBQc+Rbi>2BbM|4IgtAsZO>cZWNP73j!)ocX3Olz3 zHj^45@cV5zfxEzR=pW{kkKH=yT^1#ty`MT8ZcJ45job-ChVcCfJxYUq&>h-)mWo%_ zS$UVX(XW@b_R$DV!?n81*-iw?<4}^JMIIf_#o;YxdEZfvh*u7vJW$=QX)z3oUu5ao z_Iv=SS!3f;ss>e~x)bz7HZ~+Fq2YGkH!|T`9WANODnqharh2qs&Z%pD&Kv7Aj!b{NQ>BgDjUiCaB+)CrFcpq<62rf|*m&1{j}JbU%sTvL zc<<6dkK4;Ok!&582}O5LeoWq$HuvJoiwkkicXMa8HQv?z2Z^RrE7k z8`JY%xK;GVzV5}P0iJpUU&&bk8{Okv68HIUj~XuQ`DC;frwI(T>n{@u&dITaZTt#H z-NNd*!JKPzhOZpr0et(Gpp9sJ%?86FqH86KTWg}e3J2GKgwG9Luf%9;UI8No0I$*tV}-v4l*eN{zZ!=iC|jX~}k zbfT+n`@k5bVo?glz&ML{F3e8*X;ViQ*^ z@!}#;iL+m-cB|XDbLMYN-r7nB=BPXdJWq=az!j11`1ELrjGJH?8RN0@3?tY40sl6r zW81&#tE^lNeLx@%bop|VpaioiE=t6e)F@dF9T)q7fZ%TXAjB3bWNHy=l9lp8O@Lt{nK=+t^F{kfRtH&L14E zwa&6e##jDeL^>SLey`ng-vC&gB1*;n%7K<$Da4ar3HS^pKzP{9%ANwT-}eDb2++G= zj3#l+L6Xh<`Kn`zB7>PH4fY|eshC$q(1beh!aePI=!@zVQ(%l$M1|EG8W!%(`2n!@ zGNTLw#$NaMM@5yVeP0%{yd?p7&550WfO2kbjZ1=n@3$B@*gETb=(=d|e~TQWWI=23 zhdcq!`;+N!|HZ^`d4ZnVO05dp0#lKi9uq~Hoc%~>OlXfTBSm88u(r_HhKSdeRp(Fn zk=n$K$`=KM=on9ZYI{SESci?S2W1wgv90I6=Ao1phVny8TS<%R`ma64_SMyr6bRe? z90gU3mg>RnQWL{wXOB(D@@f>n?Z)p_byZaGM&>B#3|D;ZARue(;!=~A@q2h!GNU!Y z5TGXm%Pog*#5x|ArvXhA_6nGCqWST_@ZXKCRwT?eiou@O`>N9C7iIIV+xPW-GS;=c zN2&e6i~*1Fs#q#XWgVhN84hzfgwg8=dUrdJGq;qPZ5der)lcrqVo_*bHtV(sa+q4f8CrhpU9#`i~|k>^p#gm5Y^vbo`_*bs3l_#5VZN3 zV@YEoj*&(#e7A8r7e0KTBzQHbM_hY9{OD_iGGwY>(<&l-)^VDQWZcnSl-u6$9a0e$ zNf_8-)_s-Yo1BjrS*#S`ckE7u5Zpk>74K*MUl7N;i4XwL`uU+WAs0B)B!8%s6@AmF zNAUVjY6tN7fg$GSUW!K{vx(yKUorB#?F?Zd(R6G03nb&l;e#g;7QG)cK|pg_TW9?`lq4V9Xup#U;QvJ@$Du zKKy|-)a0Q|N4x!NA~OvtevncB66boHEi?IOqY+zr4fqWCk5) zC^h)|WEST~#O>LO7tW_6sk8O`)2vh2Wp)pWAobJfxiyLhz}55qLd(HYd3&{#Z=BnD zw$Vjo66{~t0Yw$5RngOlw=18b+>H0kXi!t7W>z@9*`-}mhyB9;EAi2z!oS%v%p|Fp zFxV|_wcWecW^g=I@uV7UKzl!dGdKXR(cKSrxMXXpvffD>G#d_bCqiZ3m! zD;JtPA+Xh@nkt80EgY2cGd$AuA4PuJei{o!&vh;H?$;N}u$0x5P1i6btEZ}M^7x|cU4C>OG7YxAXZ8~YadJUJXzW9aM@eAXeFUYheQc%l+eYas zE^*_9KpRZ^Pe0sVRH4R}Y*EZGKgO#F(oBDRI6Qw+!E`f~8$b6%=D2>r>irjzz)!%~ zgd9d4N^_O~NN|RXZ3@UIb9?B`!4Jc(^ua!bi#;l&NA0d)x`Ijit4eOJYr*VN(0#8! zUY$HA4W95j09Mo*Ux}IVZp)m4>6WgGp475p=s2DBfjQq5vL$Eq5iyC9STrsgu$y>n zyjy!_AXsKsi4IFeM*;uSpkqFh3vbM#OatGj_l+gyX~{R5SJruI$yihP9f2}7A4Tk%`mlcwFy$kqw=`%=_1WPGL4qBFTIf$~H#glk~;b*K_KL6L`OfqGIt5 zzbf4pd`xd&DLbqb_yw3_-~&07qC&JGPTQkKOt^Wr5sS+r&7!ptS53aN>xTVP4|k$c~|r23XsI+~b^L7eSN2#7IuRUb*88wuAe_CbdV6b2= z(YB(eV$>Aied*h_cU+X7IkaF|S6<)w@5Mj=Ed=Fxrd+~@X0)bdnrHVSKYv8JI)M!r#^_J z+!Q>4<)$|GJ_{B0H8jo!_Ib&&#W{0w^eR(9yt^>jt5%>T197)AOve||z?0yUoRHG3 zV_8#Ria_b_UdKw&nM{q6Ef+PXGlAFNMfEL4Ho9Kj8)D|&Da!WH zJdwW7e{81;UI{cFn>rkSk(-9+*D2FBMQh&oFdG)~*M!9X^{<p8C0nBDvrwk0k4a z85vZhL^9PSkmp?*2tc8y72yt5ojL5~>84N@AC$R48q0O~8A+^2_-KpiXh!RWt4>&L zK_ZQIuJvjjzR5}~y%cC=ae(UOfBlwOJHSgzNs*ptKcUQVYna@z4+nLfuO=IG;D{rB zOW$$k(zRT%(uoTBugvunY=6}; zie>E#MFjL}zFQC3=Q#1LV131JJ(KnccpZ(YsfA`3b?@^!iQP34SFR6a8~tfCS%`c; z!|$^ur;zyogU$pCv)=2FO58lh6{o8kaPvV8Fup&HUlJ&*>Bg%5ax5;|s6vynJ2N;WB$Gw-LFpc%EQ^c0 zjG<*j3y62^kklBK2ZWv7CqXQxb)DI#lyd8&?xS3rf6S3BLNOs^_ z1OXa~W-MK(V(*~|{Xe!Zx~V)rDh))niy=(*DvPP@#8R%$6(c^+LlGA%JWBUX)@dEC zC7nUmIXk=70poY))D`*|L21dVBk3LnPd7(Rf0r`2VZ11sEPFneT~sdTVeLD$04U$# z!P=-uz)26Y_CILueoNbBx8~DU+5ia^*)Ofqze9EQ_^=ZL_d|XI&(+rIETjUnpvT|0 zsyx$*DkFRS%i>Xx;GEURSge~5x%GZxId>~MrE{8z#Z~Pw20j!MDugk34f9h32Q-?( zikc>L4wG3s!}-0)tEjN#=8zxMCjCRn;X_ICHW&_Xun)J8Ov^q^PDo^m$@cI{+phdzVX;A?8p&@X*2o5Dzv_I~F{b=THE_GfsF(Z?IiE?Li<@U~ za06rQrCL1~6ubF6uc-FZY!OHLU%Tit{6&T%Q3_qdD;lP#rTHr(^7s{B`e8S>u$c~S z!!k)`q=2B6y{Fua)Pm7S13y*fMNT%diQkhQ#UG;K??)Eds z*QJS-ss5IVXe0{1T_2o(W>k8B?s$^<_WhpB-$y49uxz&fUvZafq zZ68d>gc1-Z`{qfV{JLC)sM5?Ky?vvmQ{z{3#R;W20Cpk(I{`gQzSE9IlPvFm(fX7- z673JXIO6R7jsNq;JL{t{1H!nJ1jT`U6%^9D$x25LX&xOGD<;zm#;&eMoU0c@vOQ z=$&^;dLX=?&$g7;N}?tfBF7E+p04YR(twwN_X<2VSvGhLgEb;#;zBEadnjU}I8ChN zZFTg+z@1wf-~I85v`x{Q*&6$`=KUUbr)Cq+$&RfDF$53Tll&D>diX93QdC%mHdAi5 zn@_*(GRvVo3|jLhz2auCX!3_=)|b^I?3^C0-yc-0~1=3qH>kP>=q4Y;?B$$G%hpI?#d zRN{je(uX0OqDNC!jh?FOx+ZDZGO&J9S@*|zGCvSQZrr{9)~}FhfO)6JJ9{KV;>j1v z*L*$&dJ1gVl5%$isw<2pa=)P(b0!Gh8?ere7U0lq0B6l@&#z4@H zJ~~=@SG^mj9p++>3KNxP`tEbG@%AUyO}wJ&*v$60e&d?%-s@HlCW1(gg#g_^W=*t1 z#Wt{c(P_^-$KoYdd(o+-@(7IAR{_kRy#3(wP~|{GJYCDigBRwjPc8P~Y^(Y_sz< zHn<(1k65E=xFzSk*Y&*q&1?DXDnLR=y!&0p^+$xiS{-4aO3P%VV+^E|kP3>!4YI@I z5|SHmh(yBQo}LT5ZaK7RiOQWZg4`fxJ0ZRsLxIK>r9sE6YnYv+trMfp7LAe-W`Q5H z$|m+W576YIfn9I^h6y)wTYgb35X{*cQ$*Q8KF^-0$dIO{W}-)=F8-G;;k|iaVS8=H zvj0`0Oa?wlxFSc!UWWY34wi=0XsPUkin`jbx^8dj2}U0~`>&?Rci98dUaMWbgVY^o zlWUV>*#XxW_`o?+612qk`JglM7Z{_)CvAy}z4o`O)S;64?o1!5N8-DsfH^fOdk4LS z6r{hw2&!62gj5dOoaEQXRt`hjv8KbszcZa~9`vpftO6i6EI{KOv$;MFe-(FR3n~E4~C7?Ym3tKL`=AtbkI(b5qd?y;ZhxTPkCKIDtzj3 z80Mj^TAV)~xW$Acp_FrR}8 zk*Z821jU?37${p`9tkcN(?2xSg3E7+F~@>|%r&O!KxZjVU@RAg3L}!^ z<>WFv=+Th{X?N>@Us_d^S}meN-29meWUY_w5P!Lp;ykV7?kW4ED4B5c5FFM_+(vL| zTB0>}Ti&?KC0K=tDV0PlGS1b?^I(zmVqA>M)MkUE50qRopo1Z6=Ixj^>W;tc z$vl26|4KJTT3P>1kzB;NU#ws3n)*8M4FaIhB1R#80WAzd4UOW8*0#mjxRdy9dW*)% zRS=3pJXn$VO)3Xv(Q$!BOI~5JtC9}-Hk*$g#=(-BvuAvz<%k2*C;BBB@eDciu9+Q@ za8u`5)iZND*Uai%|I219KY1LJRH9txQ02whgrW{psJ%KO~4h=)rs(#Z+{!4hy z>a8I{D26P*?9|xWFX#Fm;j{=iY%dN_bzZF~(XZDvZMOfG1=!wj)G$CQ^ zat;M^v?o8CM<_Bdaj7Kk^rDZk1G(7AmoZHAZp!&}XGqxhwc4gAJ6N_K7KgJFI5?x3 z=~aWW)BZ6dwDB*M2w!W@O0_9(_1>IMNBE^5+G9){TpRSuMl(1DJL8ptI@4jmKip>0 zmk|uqZ;c%hdvo?i_c6H1%6S<<({19MR@LrQ8xca6R zjgt#eFK<|o8zC#4g5roE$nYPiOQ{nPv+2a@loR~_GPVB`!*R8`)d#GvHP(D6(?xoD Zmsi{W&Z`cL2pN%(6lK+9Dx^$;{|9UBX0HGM literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/sentinel-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/sentinel-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..f48e0a6b9cff09dfab26d701404c345d0ce01a7e GIT binary patch literal 4439 zcmV-d5vcBoP)w4i^|S76?CY000p7NklRZEuI+L0Vvt}HnY+8S|-#Apj2KwBhEdL%%bI7Z>LNE{<5 zYS%!L#!8f=uq{`CFVQl6C{mhOibRPvb;UY)?ln8}`p4|-yqR5+d(7=Bhclj5$JN%2y{7W1iBmoD-0bNtdt%#@ z8!*YjTt84l^&r;(tC>)jqeh_1Q6tdhs1fLL)ChDrY6Q9*Sz&}*aVe(a@c9&uTvU)y zvKLq+o?yj%9;=&0)O$$Fph6*3SvX6Sg!7sgsLWR zTBi8&o74F3BXQHeiyY7r@`{3UQ^t#N zdQ!z_emaha`+WG~Edl#GWizUlzyoJwJhE>RXC{q@%X2_?gMhXW2SNZ!b+V9=3%S;b z1gn|_v_~k8UQ%$G8R6eP7{lOc8UOwVL9|Es3Os@QP<8Iti7N^o**A$DKN&ZX=NAcX zZV}NMdcipF?<&2Zuh9F_AFl$8WtK#kby%;;t?U_b!ug z`w~xCo=ZNc7=cGFrSRUl6ka`H5P}9#-yJ!#J30dTTbqhtDnN)Cc zOhuAO3jFMN0zW&RKu99kwAh2Kof3MR1hmvu&X74m;IvFJk)Rk)XkOpwgo=}63P#2h zoE%f|;l|%U)8fcF z55e{G1uTv5Xpivds^>A^&mrU?2ua$=b_%u<_;;^Q;gu7~qUH;Z0F8bQ3+p&Uyc_@u z3X=9BD|01;U~!m3Q-H(i2?d`_t4QVO+EkKa=&X#Pv)SffM@K!62YY?^vm3kxKbzTL z8-a(dK&np;h!g=aZ4%S^PsYTukA{X8R1EZ7o?B z0D7AQ1U+QNIfjBT-eCIbQrRZ}ev!-B&r5NNqs*M2Yo(+VIO4@DjA05HN|$?D zBy=|!q~!~p+}3&l10BeadF*@&zdn<2Okb8V_jsX9S}N_2l`Qux6tTY3i?B^aNRmL% z)g+>;NyPdN3HyiR_`kEVZTcFr0oRyNHRDRNX{qAm-bE5_?UZaIE*HW+4xhTgkM*4@ z-WpEeS7#Eo>2H26_Ui569GHFsN%7Z^mtaR<0L`KDt%!$x9Jb!z!@9*D{OI5`#^bc) zez0cK?qy-eUTKxmOeTgFA$K(icxWJ4R`OUhhj=_R5JY#AP?Y|x%);(D(6KlWAW$hX ze+rSeEcfBQz5u*A3YN+Vuc%poEz5lc>2H-?=fnV-7s|}%nGD5T@~3*c~;zbod=)p^&_ADu(HXCal;&_LuDrP+2q^0yja~@-Q?+5-Ri+@U0PX0zWrn2 z4krfeL{6cGf7;g z7`c?fk>AO<992L-a3!Xo-p7N2qQTE&#R3uS^8{PG+dF%F_}<%-bM{XQ>J8Y;pR<`5 zQ%y+@d7#6K_IahLFcwp>?`RAMPbFclu>n8`E>CNg+$zuC`W z<6;r37l>#JaR`V6QJLc72^9x_C*$>xWt@+yS^C6e;5+*#@rCt4EDRTxd-aI~Yuh|{ zZ!|e$f7z6bOPm;{6FH`YHEmK+t$zQ5X+&k3)t;9p_JiNxzs(@%;~`@z|zN!FsJ}lknbXa+WF3pv@H~)QE$Sb&dEqbQE!zz^g~& zI6JOnwYRK+$8+0)Gm>Y;&J_}#+ZM#K20lx_v*QY0JzCiI008KiFJwI0nfk56B?KCo z2rmLQf!^oMS=yZ1;8@jUlCuxJVM zIr|Hk&88~|q|nny`h-q0a!a`I(f97h$(-#yF%UplD$bJ)O9W301hVu~De%T{qTu#g z!hFvDS_!jyrKQ3)0)3X^BHjBkTxw13Xe^w-*N?}t+WTyeujF%GR?Zjj*&eS+KMG*z zqaw^`qnNY56y_1=;q6`Hw2ikHDP$W*BVnRVjh>UZbgOGh$o|4IhRtq_W!SYu0wp+JWW(hrVV$OV8m8 zv+p9d!YAhLuhopQ&&dwhNT8V*MP+h=Feda^feykuA0ix3zSFucj4b@6ulVu;cLXAaTwnk+4;b>kY#$<}uj>mEAf^7PIn&V#f=uS-f z9>0*nYscex>$>}JG-rRU+X3ye96D@!l^gvW8oV4X$F;dbRw#JE$jIn#=G!9)92ha) z?o38y4%v9Kwf*#Vf+Obk_4~beD2g8)isq%C4r_m9hQaHCoXJtAHN4=HNo z{frVjd*llRIv8`|LR7U?KUQWBMd({#|M_dS61av@Fr~7cGWH1AAs@X|T;h2q9KEF2 zsvj$-m^pCG0{b(Uwi39OQBYBl>3lCEEQa~cy#)e-#^)oea@t+Xd|WQFYnb~o@?#h8kOqOWNh`{nGC-xy8e z(S1_|XZTeLJi2cRZ;U2w)rXanjB!}AKqz>{BwskP8u8~h8pqe!SjzkD)* z?LQvF{!=rbQ^w-0Q!=*ycnq(c%+B!GC0otsUog+ZZaA_ce^-};r{0ZXWK79)#>1!g z3h4EcnT;T&%SSFMc^Tzb!#gKVp?Ux77$QVo?80+B)`~nb7nMVW6zvhTO zZ1Dc*I=>^%iw?)i3U{vX;<}*LJcTwVP)lc>l#>d@mAH0bYdP+x%Si>$xm*(Fv3;3y zqYrR+a|?UwyR1;C`qE0Kfcol^RS?LGNA;yLoOLDSj`-*sGBl#+;sKGtf}sA z5phR{^E<8_KkWHmHr8e40F~;wL1x7oxGH2>rI~Ps0Ql$I>g;}$IpH{g*UuO5K#vjJ z%PN~*)8`O(%c^R2T>kV1FS;Abb2vj;j$8lx^#LqlYGGst6W!&$s+2-z$XgQT@uh+C zeetC%1o{Mm|M*l0Qo16GQZ3C!DZrNExlvB3hSw?aT0gB7dQPHjA3W%8;PFozj5kxE z+J=AjjixS>^|BEiU;F()*-WR7vVO7Rf$P1vmx+tmw-*_Qz#TG$x!z^RatZgZEdN&V zvVU^q$xU_WX*4hVQfMwYd#p+|%M|8PiJnFQU*A|BuhWXM6X@Xyp5Ge6JfD%JQPK~C zQh=oA7E+}$KuqM#^Kp27YsmJB>wHm>kNz|TI6S}2*v6G1k)(rTJ=0NzGF#^<@dW?1 zErceUO9cx-#qPYSNx*+@4MBf#ts{{=<*!;~g_*N?0(|$5pd)1xg`lF}58S-OgQvFy zGqO%1(d#ss&61Ur^^wOqF;8y^VsjOIhOXitfV{g~!av?>gcqzi1%+{pafM_Mk~xK5 z#}{u2;O=f`R~hm}#R&v}&#m&|i2*Z-YQ~&W;~y&^tCo@X*iC*s+~?d1d!eWb0s-Lj zt9|(D2E!GnFoI<5V#HzPk+nFFCGUxW03N%kx;|506`x?$@nEkO2!HuaZ6%*Vdx)Iw z4Z<9kIVoEg@xQvEE~8&Hp=w5;jt6_a__r-Vuwj+C>df#CosrG=;|TE0P1Q*rP=y2n zz&*<(yl_|8loVDo=1eOfGM=%0GHbR0EzWyxYY4k4kRr<$RY@QK+}bMQC-;U;rTUZ_ ze+bNRTB$P9?dk|i1iQC~v2k(bLxtH;wFClMj`5|P5iFZ$Wcc-wVvW;Ek@YrpED7^? zWoN|JFKs%7swNNsTIx9b&yEN-Sw@0JB8-d)DNeRbf4F&(h?jRp&|0C-9TbYHClJsU zgrDCQ!r$DS?ZUIAeWXCyioaUx$BXxb5%g3hFu0xK1Bw7TJnFTI#`T57axd`LY~v z9f5#mQvY>x5KnHZgLjVl6GC$TzrbmQx8J)nyl2ck=GXD z@!~yUe4&bRn#ID^1Oi&I)Jyk8OlADD;o&|X-u@H!noKKPPoNH+nEsaB#B|m3*t;u# zqTPb4hCo0wjk~vp@y$(jrlY?;x5|hAy}usUmw38iHR9^)5rADQz1Z3*;pf8%^fim7 zOwQGYtCBzfsPmAD)M=I*SCt997EvS6<){(pa?}WPIcfyD99drI(1F29=utzFAatfQ deGRU_{{yAPG3*#neTM)5002ovPDHLkV1m|rkAVOH literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index 16bd018aee..64ef0b4db5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -33,6 +33,48 @@ Microsoft Defender ATP seamlessly integrates with existing security solutions - ## Supported applications + +### Security information and analytics + +Logo |Partner name | Description +:---|:---|:--- +![Image of AttackIQ logo](images/attackiq-logo.png)| AttackIQ Platform | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets +![Image of Azure Sentinel logo](images/sentinel-logo.png)|AzureSentinel | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel +![Image of Cymulate logo](images/cymulate-logo.png) | Cymulate| Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions +![Image of Elastic security logo](images/elastic-security-logo.png) | Elastic Security | Elastic Security is a free and open solution for preventing, detecting, and responding to threats +![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | IBM QRadar | Configure IBM QRadar to collect detections from Microsoft Defender ATP +![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | Micro Focus ArcSight | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections +![Image of logo](images/-logo.png) | +![Image of logo](images/-logo.png) | +![Image of logo](images/-logo.png) | + + + + + + + + + +![Image of logo](images/-logo.png) | + +![Image of logo](images/-logo.png) | + +![Image of logo](images/-logo.png) | + + +![Image of logo](images/-logo.png) | + + +![Image of logo](images/-logo.png) | + + + + + + + + Partner name | Description |Category :---|:---|:--- |AzureSentinel | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel |Security information and analytics From 2d6054ff774e71afe6c7887359e21ffadd5a6d44 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 14 Sep 2020 17:10:20 -0700 Subject: [PATCH 070/115] orchestration and automation --- .../images/rsa-netwitness-logo.png | Bin 0 -> 4706 bytes .../images/safebreach-logo.png | Bin 0 -> 7898 bytes .../images/skybox-logo.png | Bin 0 -> 4121 bytes .../images/splunk-logo.png | Bin 0 -> 4576 bytes .../images/xmcyber-logo.png | Bin 0 -> 7188 bytes .../partner-applications.md | 24 +++++++++++++----- 6 files changed, 18 insertions(+), 6 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/rsa-netwitness-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/safebreach-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/skybox-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/splunk-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/xmcyber-logo.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/rsa-netwitness-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/rsa-netwitness-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..b590724e540c28996c1a3be7caf5b3efb60153ee GIT binary patch literal 4706 zcmai2Wl$Sjv&N-pf#OmeinWAN3bdiP7k4O7ifco#VlP^X7m5W4S}4IaK(RuQV8Mzz zBm{RU(#t#dyZ6_fxj**o%$_~Z?#!N@-Faekv{fh`Fh9V-!J$x7Rn)uJp8pC7(f!%G za;kB!NIg|eK{z<{y#ETWnjX*Ly^+{kO-qS*gOrj%;-THE&?p=n8eBESHwJ#$d)fY; zEYm@Kz{iwfII4I&o%k!bp+$-@Elj4#?+4=cOlrUNYQQ?R+T%YD$aqM?dfreI&jKHdzzI~3>Z>Pi zZz3yjKLTE_O0 zObNa@JH>3U|2OFW>HR+u?=MZ$#Jt;%Bwwr^aG2D_&E@eA>V+b$l#@{Pn=?@*<& zs0>IADE^YTXSycPRc!7i(A#L|%MM{iyy79)Cr^j(PC9&1w5)G>R?W!k;gg(TC2&;~ zgv zB;=&8Y{PAwb-_76Q4Qs*qt3$P4~qF}9Pt8Q19Wxq};SCT6XVk@kS78FoU;kSl>0uvU5u6)T+u?Ygtq_Q(h}i~7%TimZQ*m!CVv;#_it{n z_7P_|R(UAUp8KKARxAO2gmRyw|GsenuguTU-?szP#B zhI%bn={o2l_ShNf7xq;l z+Su+~2rNy$>7!1$+`V)V1Z{cus;{z-o%VJNz)n@d{>fFhn_EhvUni(7sZ!d9-0h8x z-ph*FA@q7*dW0$ehNPWIA5emJ7+lR--K@&I_ONx z@6qD!dMM6MOx_5-lKF3u+()nssS>+NH=V)p&d4EfB>r;FXc zb;%(xKz<}BM>@yAJ%4`4%$OgJ)XRUCDIk+dJrjiGy35UNcyUQoR2+(fAg27f=ShP7 zUJ}yce)6R;@9E}GDQKj7U1aRJf$(m=rI<&cn5H={1G9v_rDdFia2sKR#es&WwcKF^ z-c|*oV4ZByewLCr0J0Z#wq0&imcT|ku5fn7vP3pvB&RCrXa)@l)(u%V_$0&Mac&r3 z<)68NLKU<CL(ZSX5$S5x@Yz)Q|*Fz||e zC5uEi|J$d4XI*i93Kv3Rb(=!(9+?)6S%)?*-$XGbMxz~|#aFWq176b4Qoq^cHl0aK zE%FL)SFH!G;A%dfR|E%L4!$G7YNn8eFLr$#Gj+S~UxJ;6lj3xNHp~()X0##cH=g{j zyylxpeYpiCqkyeyN3ti|CxuAK&m)lSZQC-KMm@QS>U|4IamaqLwIWGxYBrs`mgE4o z7u>dyH!x%HslHUUCYx)$P?A$Hb+Wb6U4RE3{S&U)*Z=@v39SzoeNnUJzjE^$tCQH4 zgHw_3`#hn*#GPH!G1eDQ&6Jn|bKo27ssiI~LQ$^l*n;MmTN9~2+H!#Gf@KN1sC^%q zpwjKr6)_QM^CC;_7|i6dYZ_3pr159+w=#iWZ`d0;p@kH4wM9URRY7pb__KJy1MbCV z9ZR{JBl%>ej4RDLP>5ti<#|+^d6PT-&O1RC|0*Z9NaORHa-TKb z=$UE+lr8y~&$d0fUu>?QMh^DqRJVT5k_RnGH~Oq6r-t5PssA1-11N&5I1ggy$*z!n zLMWF8SQ%)D;V}*5gDjnW?;cSMslX4;Qv}&7t|OeglP|H;S@el@jAwpKXMRU-qxIOu z1fRZtj;x*>d z@B(qI_qbWTc=hpqmt8?WmXYUL(OYa##i}XWF$ddzv&HHgT`ob~zdq2Mju4@<-hCH0 zcPkfA>~VIlCZ%!Kz*JeYxVX}KUV2;c4-DLs2U%EUneR12+}S10z1;fAWiD1g5Z9wh z!206b8&NoosCew_l$uUWy;eJp3Byl`P=|uFBSumcAACMi}yanENi=LW^Z2o~i#SqcZSG+WTYuT);8nTl{ zGt@lGfe@)69Uzt3pu*1^kgE?}Hcazdd|P6$a_q-M5*hh(07b4zJXUH*$F!ELvEJ2# zg6YEGFmchF5xiFydjj*QYZEaZ-j$V0o@L+|sa&5yL~cz_tvszp`3ar+^GJW?(>YB} zF=N=9;tARWMX%AGirI^(@Cfdhids)8(aUvTgOnUJXc>Huk-~3|J=P|}>fgrXfHZt; zDOoQN%hAoCK6>XkBBa*K-STRE3xiJLAW`YIqg)Im=A#ozL5k*sb>P?KrZ_y$78Tdw z?|`qh@~uB@T~3fF9xBUEo5iS%ZYuYtLOs}wU3{O+M%Kyfd+nik<3AQRm$z2BZ11iP zU~1F;$KGO1X_!@kOGi9|-(f`rfqqTj4kUO8E_>b9P`lkS**N5HHIKS!_Y5|71O^hQ z3i0&;vc77pv#oSM+1V~2$87Go!jB??o1w}FK4}{h5^J01NL%j{H2f-#uu$Uk?Kleh z=haxpRYv@$vI+?b|I1ciY5g=O*7IjiUnA0JOgq8FL#{Bwfa44{HOUS-cHHqgs>7OhR1=AVXkE}geP{-tMT zqEhm@3frwk+e|tvUiL`H)#5pWO?P23pXKwdyI>Wtg3b&r-0EV1+jPp4PiitsI&R3!hzI9ZLR5Yj!}9VudfK{Z4{(fW5(x! z{cs1oVj~Tu7(*!!k#Y^HQ(^`0>yoP#@4}TuswjI;f0}Ez9QyG3- zF&he%&zGw(uzj|LJ@V5X>8*y*YQ+wXj7^MdKc-vuV)Sf2@+)yX*nNns2YVNsYLQ~G zSf_*xR1S*Wtci_^o|Itka8>(w?hf+f2* z3!-I{8}pO(h`IJ?$e(MBQS!Yg8@>WuhITm}>+1BrsEPw3$Pgs)tC&hpcQ|#j?b!}T7G82f(4&N z;nv__hG*jHs7}FQFUS3uAsJ1De$DD(_!v|N>M@Av=f|M6aLBV;RnZH==aw>xZifi_ z%mjpEvmaCUKet;AX7XRi(IF>K0W>!HUbw|08=<45P^bw{Tm$^`S9w5!x>siZ%Hx&- zE_I=`tEnA2nGSc*ik)NBZG#LGBa4H#9YLsk{N)u%8Nlh~nA`-!1JrQG)6HF|b{0{n zYrtckmWD@W*?n}pv=rQEG?N+I>lq)ve*be~;i&0nA|D+lY9>7zad$n_3MCogbCrQ%Pn>`jPtEp)>0ru$T*8;dQdXSMdD*KR$=L7Q0~9mtJV9l#tQO)pOY`L z3ksVfu_mr#KIIYMhdTK>c}9W*0JL7+z`&-4)@f_+XM5rD;DqXm2-XtX$SLLXu+q8W zYO~mko$aDxUmQe_l(x%5gcAK9i}!v}Dgq)jA>u+`@U*0^K9tA~uZ1VPdDgeo_KD>B z##^F^I)jw|Tc%-IhKL|9+OuFPcD}>+orp}MTbFHrL31IbcOw2*O&ARe@%jGupYYF1 zF>1_zF<={Y6S5u22^L2=pH!C_Xn`Nr?$Dx;RdF;1BoVm515 zM-gupIiM#uKgD-no+nLTqR|2m3ZgcM?d3iZ?PmY?G}W z_^9Bche-Q`!x15ED<;b&8E*VmA`gDP9VYLQ7jVF?n_Agj3pW?8s>RbV7UR+e|O9?TQ#pB+$72bF@|^F2C- zM=KY^j?zJC?K;%RJ%Y9rlcqkme`Zx9D(m8Vh=}_a8d!!Sh`~`b#qN9iE#QZ!jN)Q% zmtUc%QbX7IR^kiU*b!Z8Wv1AN`cFvTK{_c+P1QJmf8#|s*8c#e?|Mt49PIUMH3FwU zjGi+W2u2`B0XFKZah0NiTwl4KcGUMo+2k5J3DrD<8M7q;pb&a) zu{v3II&QH~wmb>{A4TyWw!^`+^&uHsnK(9l0iXB(eWZrvmH}zd2uDpxTd`8!I_$pyP!&Sy literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/safebreach-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/safebreach-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..63a7f90e35afe24cd7f03e64d797091ddfbd76a6 GIT binary patch literal 7898 zcmZ{pWmr^Q)b|Cs0VM^b!J$!VC}|L+M!Gu&3F#U-r5OYyq(cWBO1cK5hme*Q20^;J zLwJwR*Y|looH^IE_slta)>?b5-}>)ZO?4%r$Fz?hJa|9^QI^*R?w-KqhK~z;^2}%` z1Gh(R%0|E-CELFX3!=?>2n^!EAZiMDtB;7OL?24A=B1`;w?O$sDZy1bs<{4BI-S`f3weCDRl<8q(Wx&Q2ROWPyy_g`VB`sQ_sQ9lqVTw ztpo-1tatC*HH@pM)ZyI@{`eFFGp!!KDtS8hlS99LWeuj2+tr-XM_@3gmgI1_UcXO;^H!YrK_T{rn4Two#-Y>N}O@q6HQR_A&sFXib} z%h7)H?k}H=>2uyWi7=QFbN31@0`%vIvk>=|TLtsukm+h(#+5y8KPRcGxT{CvRda>s zswNGKVtnVu_hTZG{BM6`?yed04|of{lsrWXX_*QnbDA5z$VSFOGu}0;3n7!YFZhF1 z`88y~`F;DX43&MkA3M_v$|Qyk?%I+=0_!pb?Hsj)iPBk_`jgM3+3_>jsgdt1=(>R+ zZXHw647`Ip^x){chW{Io{du?UC!ZM?tNxpOP4AYRihVF+V;Hy5Vj>9t0d-WY%VzOL z&v5^U^?K@~+nEEYq06xzgO(6hvZcw`x2f}BEJ(w30SG^AC9etaQ~Mnn^KJ3^KcxNg z8H$hEhd&Gif?y}JE^C=~d*uQi*A8w->s^0o?(ffE@_vDc>p?uv-tBh%*V~nq;W{ta zk~i0-nT16x0k(2j3@eb9DPhX~VQ}mk5DXc`MyffFD>4m61$cgD;amOdFi`mTQ#@9RET`k)NX0pEt0-95R#IkORZ*|>7ymt?b5BWDf=;a>(Zn$`?m zI|p1%IjV@kYP!Zwoa1Jv7}iBXj7EB$Etm(%;M^%cD1+dON_JJ*GmA#(X(_zi#Xpi` z83V`l*}eg1xXW2l2oza!A_DajmTTkq@^F7{G)8_Z!g;RYf;7aqA?>^Z^!(8WapWU7 z_mT(1X|5@MvE`1}tn=gEc|*_byAyS3Of|`Gu%>BExdmnotd=qvnmFKj#{Jjw;RbCM zdGlyL+#&d8V+|I~j9Ojb88E9+<)mM04Dm}`S<`#;yP%>vveCfxkE$0>3D&b%M#W6a zpmty{J>>Nw8OI#he2N*isSL%(N)NvU;XUz~WPqv-Al>yydSA2K{l+X%tNrWHk)N_ym+*P)0}voR8i`Gn)2FgcKL2L)r3oHGUqSlV*%%c zM|5ea>*-^@FN`R}4?A~H`i_VAC3B8HB^;X@v-z&Z%~(|O6@AVXqhqaASW+Ke>=2@d znSN5pMg68(4Z%sOqeq*K*)wz9Kp09ch;Tf|ewU>#SuyKkwJBbWdW_${pFtJVv$9Ft z!Xu>idg8P&k>Wv={oEaNmTY3j{Q{x^RI^_@T8u!1BX`p-XVr=9KG(RYJb$ndq0 zx%5O1uD$7calfOCh?#M8-I+*}3&*ova{r#PAVGu%NeRF5R?OOa314RRv82qZxQPAi zZpI-ZLC`pON5U=05`QWbk{>AJq5wVY;QnVN&)pbiY%D(ipp|@_{?ELjUn3Qw`9WGXTdNn%wSMx$zPve4Q z9z{FVROh@mkLrXxnSvq}m3C_WPO)>a`pXnoY9K8__Hvt{;3jL`$4Hb=S>xJ$tG=hPgz}zsAAekObay~HiD8a|Q2Di|Cah@hL zvu?pYiyaB|IG8t~&d6LUF6SPcHx_^Y<-exZIZP`x8l1!$%ip6gZzwSEFQ#7bW^OPV zz0xvQ*N!4XgI|H0g0AD|Jtl|}Faf_^_OqluC2REnuC6>2svZHUC=#vhi|HKsH6(kN0Lmoheb8t&*18A**BDSraGIH~NY%G!{cRzOE>d z$M%vjy8MSV=}T{vhO!%h?PtARB<~u#=~dC-S+1DX8H4324_&zdMo%*Qz;xBra(Zfo zRA=0{WR&9M&5ZQ4J4AC(CFN0qvO=XS_bv;OmwrdF3iBd9xbSej-LI+Y^n-(=k{wlH zo$`q42+9v*8E_=syjX2&dY<`*lyn276g@3-;`Yn_+6-iW)Sd-de94cRh`@Lsfe9h4 z6?Yt2px8c<2|8zDY_@AiQL>Bl*WmzE0nYEo+O z<@F`DpMbDJ4j9^>Wyr)Cs;>R3m_;u}zu42l2fcL zCN41R)%ut|;RVy9=dRo)Dr!M2duG3Z9l~mK_p-|`0EovK9+}UllN66VYJK;|0e4`cg!#u2s416Sm#| z!anw>XhF0klW59WomahGgr-#(kKVBq0hmG-+oQQci?nA}VFpU`%!=(hSze#vyn)v~ zqfpJX+D`~_bzR+Br(wmHP8byvC6T3fsTmH=3UEZIiPoXtZ|g!_)Z5-+$+kmcMH0SU z!GJ7diOase?5ow2-@22Nn$ggKgft!RTSDQpc%0Wz(`41@P$5Oa{vue{yQrsgi=taP z{CvI5*_m~(R~D=?--iA4p*vBpZu4MT5(z78GBzhzy3M(A?iAR-ye0W*Cv$pdn6eWS z%wNfJ-P4k=Np&KQuo(JZ1`78cL>6e3jtJ+B+J9cU@OwVQked2nI-) z)AvED&N>8T(!U21f|QCYoI%K5AWUT`-1-H!O0eE265HGjY1^vhPL>s*B1GnVo{9Dz zEE@O!ivtJyA}$KW&^Qm;P?t^48o+okc-*m}=mlk-v1B5a{qsk3fePESO9f|Db}~Zs zhH}``SY=+p%87!;4vz_k!p0$0e~5p0t~0!g2A}~To6&6|jF^s|ib?=SDXmg+A%RIx z6x7n{KM={lfaN&q$?akPO=j@Q6nZhGd8`dKzW| zfCPDR^$nJZdN;#E{O+D867wjpj-}hV(r^bo8{h&_;2K4h5t$|7=afWTvy1wZ>QQ$xs(Zn!y4f|S&c z%4X7l6cu=19l#)k8FTO+j$&vzZoDWdE6PnkX2D#1@Wp%VyJV)?w#`iY#LSY@SL%3{f9MtD;c^d`)e8)M~$Vf*+H2Jn=55f8`vYp??{Z-7e z4Vooh=3rooo&GC)vlQnQUtU+|EehYN3+IH(Blur9ZvPLG0lUgwO{Li&lk+hUieXH6 zVmr(3jymbLedeSP7k+n5z0gnu{+C`_>M`6%a>jaK~Abq|c@iXmL!7eY8-f@?- z-DbIv9{Obpc}M)Sl~^qdyXj$Va+b5ai0Z90$%@ibi4mq({IR2vRG@FTM%KgMoP$d)Shb=jCQuRV4E0)esnZjPoXea%=s=rpJ zmq9*Y=#ZO`*}>F2$dWA_D1Y-(cC;dCtZs9BaIic5P=-~j94pJ~NZM!`5p-d4#JN95 z0$rz6qZ<0)j8tdJoTyPM^05oG*ar@(-_Y;5&Sib^)Ln5J^L;JD93$ z7GxqJs(Q}{2AA+O0OXwnW1JcO;yi1%Bj%H;kLjA1l`kk=5fdV-b;$d-Xqmf_a0;;x zv-h+GQD{$%SI|7Rn2GB9C}n9@=8xw9s%l~?mYSQ)64Pu$V%kWYo5lWt*?+rT&>Va zaPU!z-I3pXV2hs!L#K;r%?FjV3eoiKW+>5cSO-x-^wDhr!Q}#)fL=!8%gMI`DGw5s zsMV8!SOstbqgp85lvg|q z_Mg@Y?YIGa(vT&4af3-hF#D(g?st`mmm$c*A5v%@*%{5E_3}WxLn+(G{Zx1A>KkqI zCn^mx_a;+{Rcp_|VUfc>X0khIo36ej?yI2rp!V>!Zx#3IZ z_8e~55_wkPWt4hsUeXZf7FQ+XMYEt-GlxF>!@L#b zQNfQLxAEKXcZTSD;P3OK{=YQVB73@ zPx~Ec(W`IKYEHk}($gAv!@hvWGQ47VW3d?S{4eOy})C>s$4{6cC<6gU(;k&8P_j<0A_R1}XcgFG_@psHP?Dw~sqP4(gJ zt@r#~GtMizHbhHqI9jP6*`9pqQ@9TlxI!UW2AKgK{HF|(V7SNz9k1;^kR&NArWCJEf#sI z(dVZ&BL+j{2u{`0^HnZ~{N1#Vl8`)dXSH>HP0${Arj`~`M}yOO9!-UVRf&mrp-yGs z+eojxW9V61zVmAo7dY2uuBHz04-jrQsR>&@C&ngDzW#11z?(kQ6lEKHf1wA&1y#Oj z#Helg09Uo`3UTn&Kz7bI@#wztU&QKZY-Q4_qGW5Wi6RAbxb1hd1PLA-V#dRFN4X@I zmS}Hzt&R=%w$DlOPxAYQw@PWvgFOGcAP$|Lxq=iw$ zIak))tR^h+<-ztRi^KN?MVF)Pt)sC6w1JN(Kc4whuxhQMN4<}uzdjRnaJ;e4_TIOf zY6j#PQ5UwOj38N3Kr7khl^95Vnm@k&dEvAN2>hdgY_4}s_B&qhX&RRifCgl+5SZV* zJ{_??HceyQKj5`H7lH!_vxgK`S!q&7s9wCC#%lMQ^ajivna%_ZVCl3{Pa@Q(g?6jc z$;^4wUls4YMuUbsD+K?iGt9ZR_o)!0!d5+9V(2HKf?Y$gorYjpR$9-%M81K9YA9xb zz)LnD4uJxCh-HnzX|hI|OUIoOn?7~V%T*djNN!=Mc4eQMf*OO#dFt%ThUm0&b^US- zZU)5j2N@2QEU95@Fx_zZd1>Xv=Phv)?{xQdC!PgX9)$eZ<2osiV?w+Hc7DQO%))C} zbQkBFTbWycHM_ceZQ0J*dl?1QG}2Kr@FAP%%~2x# zTq_}O?#x`veYb?NzN>2k#Fyi(HyXx18W)up5Ip-7uSR%`dfMkEliaU1>!q?X` z;)qlgR^yL#Q(-?QGtw*PQ4#7(cq8p`zZv)7YD>)d1Tvj9aAvo_-F3 zTUC~h&dDa3B_s>>*L>hs2}%}yO@TB2Ql^q864%!5GiOC1hviSA@YK-653n03437Ai zo0;IU8I%l@7bL6^oH!Kq{clj2=p)%7n{W;NH&HbOt%_!i0RDzz3Hd*B1c$DVlnNK}k<8K7ppg%do7QOkh~LFq}akNJ~xuzKLL zN8n-GFJ2~AY3kI2F-%uf-Y&`SOM7Wjg+ohHdc_7G;#iX?Zva|Vj68YVpEi1=Jy~pT z1^^1-HMpVLFPkEAc2#xp%KkXcvcQ>p6s}Y=MW^-YFpylvHap@idn|;O@bj{l z!WH~>+pL&OAzt=B7Xq%+6p!&p-psvwlDI>$PP|%Sq@zqETDdJz0F!J~%m0vt6M)lc z%vAIh*Vng`UciZxv#M3z%=d=SRy`9x?3HBR<^0bS`$DiQY2u=fQkRz2+h~%dqQxN6 z%9-%#K|XMWy|2_`8NYL;-uSxw*MF=4I~;chc>>(E<<*cz;wbrSTQ2Pem^(FaQnTPftI@W`2!_5PcK)ue!R&>)$EWc89- zyvf>g#^wNGjfD`q$`L_3joj{&L~aluj7U(p&zpDnC+e@z0>@Z?+FK7Z_RJp%ai9A0*rOZa`oy}jMV(?IkJPdoim zw*yC*R9~n&QR8X}s~dNWhGB|MPM%3GiEf^015vT@?0fn<)wTLYna>4+F$k1XQ(*=Y z!iu!Qu0^V@ZtzKuth$ekZ;LL7)|nK6M%%79shBhKRfg6c;56~&2fO{8ph9nW^VbCL*%rUd{gE`cx4M?gR^w&~$8DK4%6PPXKI zM303JS|&sDCsQ9xu*a|TaO}Um&9LfIoa+RuNzb8DE~FQRmQtS9dBev3K0S~u8=Kd@|$Z3Tev3pC0{g3ZZFky*{XJ3GXV*r*HrL9L6pPZRvOY@ar$-E{2 z{zeET$-Hn1*31vmX*)3@aq;lod7o6Ec)B-l)AKmzc6-HBi6nyZ=-T)4b8Dpk-kseyCfQ@1k|^TAP>25jd4`6w1vqqZImo4{W>N+ zqcxuqk+f+;BGtx>1mSbS#SMB{GC)Ll|8$3OG1ko81C3+`HqKhs{Bw7ff4Mu15 z(V~np3?f=YyUtqo^*-N+|NgDDU-n*m@AZA(f5-fzt3iL8{Wb{+2|Zj>_2~`W|E*h8 zH)HSek@gK}+%-+SNJv=t|1DDZQ_#yZjI>LbH*_ICy6_DHYz?+n(|nk>*BV$idWkM`^Zh{_ zBJRo7ZJB9&V5sB)@&V&L``#>g(u9YD@VYRK&23#&+35D1B7mvZ4&<1DGu=6KC~4lF zIX>h1@uTrq+e4w)!u$f$?si{tsWz@GrFTU%hR|_M-P1$79pV=6;IEBj+(nPhRl5{9jr$HPf`f#KThP(^h~o%C+_2cY2Y~qEYUfC;)hPmIaxYP+Zg6cPgx$J zxk|sUc)ibdEGUGrP4mvRN1!#NsI#`-T}EqWfFu{c0~w_Eis}!^WE>vZ3^)16ij81h zyHK(EOds>dmMd3OcOHy1d?=QjWDqLO+8z2j%CG;StESX8?Q8lNzH&2lJJ--(Ea2qOqy~cw4lV)g_wKo zAPmA})I5V80YQp|LN}~pp?!5Zg@CdrU^$3A`7%6%kXo@Kb2fM3{8W(3JipM**8+JOy(oqFz1JK^9gTHV$dFw}P-o1)w0C>8&+{8U1OZ1MZ2 zR-?9rJx4iYSSGRCd;{ic?>lG1e)%d7YN%)LFPbzwvbtoFR40pK+fQ#tn1u2wu*r6*G8dHrjR>_0i2qg;|ZF;PXP-Fw*v*>ug9kPdB?I%%bJg6H{>y zzqw8qpa3+QJueG0d^Q7d+Y@{A{v972u(NNhW3y_7Z8MhYrEc+^z~XvZp*@^(9+A&c z9HBgPIYr&~p3opSMzT6X{p;ZM$AN7H<(Wm8_T|a+%>(Mttz$r{V4}nEFMd$QFcEhR z{q*T&l}STd=0seie4Q7o7Ovqn_!|@|*6I)3OVoX$PTr$tupIjuLA&TR`uKFAL3ewb z*li_c(?E~-^hIv6r|cQ`3XMNpy0q4H;ZkhCva?@06LX5#NV0!9In_{iZOFCz*!ovW zow1BPO(=8clvz|~zTk}X`xmxIdh@#G>O@5QZ#j`l=RS9sI6J*&3NQ?WU6|_~N%EC^ z6fAboG{oVyk1vJx$WCxw{#qsCf}>yV?-g6E`b~==Vlflw;O{3?Ay#jpJrj4;?wY(m z`#mu_dvF!StOw?m8|)8mKL%bYk+cNTh4S#k@)m+t4=Mfj(H7C6ef8xL=0XqGSlfeQ z;?hNKmhT%F>TrSRKYc!eX;I`8l?;Qg9pY}zpA#AsDy`ZElVblp_%bc(kUNhtg z!V>OG?42whMB!>b$Lo#A9Hh>dL0)#5yN(bGM~uQOIbl9hQq5c2C+^qZQ8k|ZHoRD& zF_{EkUmvdvyh%zbAg0GgC{~4s5j3kfl_&3&C$sb_$;|Cr47GH%MvAu>qLvY*A?Mas z$5e*y{L@f*cCqDQiEB=fo2jxo>}@G;GEeBtcj*5_JL^3PD?}_BF#kOMeTD-g^1lu1 zI2g&y|F|U458uo?qhab@=YzvY%!eOd?48d0+hShJpC<*69$p{aX+7G09@MaI->RVK z0UgQSZ`IRZ0pNSB|W=)602tPLqjvkY)j>%fz#0Ie4elp5yLAGbu-zAmWA z!+h>?2UC%C+5nQRNe`>;I!t4&UY6UrpT3m(P5ZMbjiwS-w?dmNZ?IfNcn z_u|rY2zl5TbW+4CUJc4;HIft^gqwB&wdSck1rS|E*uLl0l5pu(xm_tKVR{+z6y}z zvRD+$kfBv(ycHQrLH1p>NJ3R#wQK^rc517q!!oO3AtFXEwvG-^^SW!Ade&>isNYMIw;5#iO6rTko!st$^X64tJ*CwMYA%-F z-tbSvo}puqC+3b__o9Ciu_7wv0$2V7E4S)TZlJOGLA?(_DU*2ogHzfF^u=lfYk9e| z)m$1`N@|MVc8o@boEKGWq5Ge~!`6#G*@jb-2WyzC$cxs62OrvZPTu9n`n)fRb5#~( zKr-3Z+!shqmV5qa?TQ{{as2oW5Z3$ND0sBV!xpXsx8A=BV`kNP@R$9UzykM-%MaZA zfCLE2S7H$e{_L_i(uv04S_!Ur<9MU5u4NU?i5lEORG8y5aH}7lqRuiR~=qERzjE1YPz_4 zv9UhWH{uRy@nerA6S^JB!+48QSXk8IB%YuNi*b~S)SY~Ai!78!-0kEEUCp&qsRGX1BB*Fw<1(Y+Uh4Dl0zSe>qCp;Pe8%^My3b5;i zZCJG%CtH1CFzY^JdgHCt@1JiBzry0F!_5xXfLE1OuZI^YSZ7-&0F3q8FWwj@=?CVoRU&BI|zjWP)S* zB?J;jG5IqHgK2mDkK!o^*Yb+04yU@6p+3%&{WhyK)>F$>grZ32PSTsgx4Evi$Mr5i zGt<7b8c16-YwDx88LjWF&z1%VNN~5^SWFdr`oJOWuO{KOZHDosCAb3$73@q(34-$q z$}tsnD#-#$8$RVqwd7J9PQg8sFxnQjOy6)OoD-KcvU?JGQ>3di2h+J2P2XYkT>*tswuXw-3a#xEANqsZ@QdT_9!H|-Y7B6(7vkpv3r!tcC zhvLZjSUct?!f3+8XcQTEK ztWFS3mz)oy4=D*m`DYk6RJy^$%4R?y>u6gr75caLLJANsD-ai=lS;hU^%j(z_>|#2 zb87ljpP7LZrY^?vH<$p|)ly-kc=am4&~Vxc!WLQD^(NI}^d=f{o=9}tKvIg)o3uYW zs~=aH)rH1Zu(K>kQCISZ_{ooC9`a94PTjm?q?0x2&F)Fe#VW1FyAQ}Gd~PnR`75xf zU$ay)P|3NBAVQ5TzF=qd+Y-g6q7aWG)0DXjsZmaOSi+i?OPq z8{s|k|F)%i_dCeq9%Yh%3_c>Km?=|oMA!N`WUv(GPw220@djjXZvH|G6Y#UuU~4%} zOT9b0T)D;o0F_-P9TgqbxZ##&q zyosE0a4oIzw{I2DnIlJq{l#TC?5TqZ$&HvtQg9Xuz0Jvpwgl4?q-cNKeF*ys}AH2t?KH5Y={!L^Pl^1{G@~TR4zhD z6h3grO@$8Iu=&k)S~0pMaaZzN_w~v%-{uqbP*qj}!^t`Jt%Ty0!3F0|he;|RfEr_X z2;oq)5PQGli&)B4{OmCsnY=HV~lxq6!jSYYp zRrT-s?0lI0od=81BL{YML&4IP%DBDi5$o4)dJzoz%pORjjT8e51ADSk!gY(||7u## ZxVPH(-aP=T{rd?(0$0;jtyZxL{SSY!^NRog literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/splunk-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/splunk-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..925f90b44bde9debad57f48c58890f97c10a5f47 GIT binary patch literal 4576 zcmc&&hf@>G(+)^Wq#LA3N1A{Li1beAO^Ng>UBF=IRhp3!B2h{t80iR7BO*lu2t>Mo z8oG2udhhVd`%iq|%CL_G3KxJ}P7K@mvTM@cFCatPS8^dk*IyfO79HjTqLtCd;jo#Qza=mVLmj*W08 z9L8++Z$S)7M|@SM^_4TV^;L3AMAp)86y?WJjN98Y>t2BrvRFI`^;0J4@@El|5T8{Pg^}PcK3l&AfgdRV0 zt8e}E#t#c~fVN%FN5_uzEm*QehK6M4_1JgPSu*y(<(|$gR zWL0b4D+vh=Dv|)OUU7XTQU}3w4HV+4Fp;A{0O?uEaL_kMRjC;9yEm27%hnYXObc-9 zzjqij7rllnmk{egQkRN>&d<-qQsVnPxu?h1@PP;*m|2g7nVAZhFgwswOQqHKNx@Q{ zKZWvM-CbK}XTJLS`b2Gkr9O;~t?igsz?aa64ABECtE)mB^uuFghW7R<+hJ#N+2M%# z*1>z%@zjI{X8ce*aUOzJkKA{*25yIGUg>bPp>%fthms@bz|p|CeZ!^0bk?u*B_ z@o$Hfpbo<(kIrLgXlYme{uSn+XI(+MC}6h3R6kDzoLx|wlx*vK4>F-F5PMfHkztVN zBBLvd>6opVKRm6m^Di7QEFQ+J>IwpK`bBnjcLSC4gjs>{YHE9(^W+oA>(65NqNDFL zH8lYdLb`>P^ys)K6oT9efY$;(Yez;z{6#`)C;S$cmfY&?5D03RqQ4354ky{zrQG<= zsBeq0XmhsFp|Ng0rwB|#D8W<_EX;*`ByYrlq>BP##T7+cOALae)V=umssa{+w)tGzbv!t?jkAhu?Gy=HEX(($xJox%Q)< zqE(2#sQan{twO86cUp&OYbMqK^xs+RSP`{3*aa?jK{}Bce7`_7r)|safm_urT}&}s zSM2QG0CMCTZ&Z_v;qYtAx1)5SP&Tyi(6u$!%ZtOZ3Kd{$QkMu97gt$zb!oHci^0`L z?_!_rGBAvp;PYoy$)x*W-;jmHVgp4x3dGPx#opfDGy9}J0C#2OrlWt>_mD~&5bMkgNq)=3AbdWKHuw!(?OIeZK(s))Lea0Jj;JG?4;`(Tx2;7h0zW^r+iVc zmo74izfPW5L7|R!^H~%7cJnQA*qzT9>>C1Z-T=wwi?zllU4`(dyi5x$@Mq$QM)rx> z^vG{&8%^T7>%%S=I-flT`T0DaUvCH*86Hj?^7dRzs2HtV6i*Q~D=I8Zt=f=Y>U(SG zE3|e-TS`Q{c9(J)^j|*u01v!+TNu z7#fP33Rw2C#|eS|X_@uP-)&$<9(YitiE9Q-1wJfD_CdjHMgH~7k9;nt=>5AVC+bq?ncM6~Huxpi@+Bzpq<^9N)$trVNv82*qRDH$hjgQn1-(a&mDAVoVruXMuj` zHcd%hug$N~XGcVhS(|lBtQq?%soJYIi@+PX~PslRJ^D8*14 zukRZtw`GjiSfnerS2H6s_dl(N!?=?}2RyYI)~4fwt(+ok2GG3#xO*3|vbrhCL0=nl zuAGvRQWX&pM|id}Qi5t8mw7U+N?CjptNwuYyF8Yl2{*o4d^66kE2QG{aDXu-MM;)9 z&u%1v0GNOc=a);=VIh{Xk3PMW($a)dr}L@}tc-Yt9ZntAj6Jp4O+p<1Zur{Whmot| zOt6%H@KyuGN-`-qzW!qrj@?y5d>O<8r$vFhRRd>31`cJ}t8XGf%*K$0V_Y|n&kQ4tPno|?~E?F)9p+p$nx zDVMkgN_qh)d=Y=-Wk1HQm$5CKnWaCuFHx2v>lTih4X_f-G=uLf7^1s{>#(hh5-uBR z@b_idn5jEC^w&iimu2oWpnbk3eT0}jARVhC+wAOwf`u2f91a90f45g;1)9duB*c+l zyBrhGmg%UF_3_Td-t~_k<+mq4t?yAq9!+dUAsXSET3~%qezaw~chgCpT-|{cl;@&p zfN&-PTYNLG7E4WG0aa(o27TwC7rZ9o9`Wu3?zOU-8aUSh9LQ56PKEx7)~V%S5D{52 z)qi+jo(7cw+SX0{(R!2heaz>s3Ll(u+Z_(!rNQcgcdh39%rn-63%31zhK|#S@M9(w zm@<6(xP{{;@Ecw7iWS;j_D%pMSr=_3k@*GhD9x^{ob0jaA**jT?>kb_1f1c zV~Y&Yagm#qp2J1mXMU^jkDnBFmvW!XhBR-7?EtB&HgDEgMZ7Ss-Tk=#w)pERKiM)? z(2_nmoX>R9sA<*Xx3P|LR$9#B;^MO_r42J7&BrUhE3wMq=(srb=?MbvE>m@vZ@rs5 zXCpeN!!26(x!kDv@Z_+z3|Qn@ow3cRLM`dYt6?ZbS>I3UlF%sk6Fy})H@sT!A18$v#`XCjQ|mo92sB9mY@~c zQnNhI?YYiJte7_m2=As*T?jwfU1j{o(9%|_4799JLJDhUfqu(X4BQEhETK>_8) z*Hd18cy@0cnulHT`c;Koh9Q1N>#r&N20_95HIIlDCV9%4zbdRfdZR-xW2Pfk{gqWz zp7r$%oEvA&JZ-c9drSs)d&_%f6;c7>$V$gto@VFBxC$~=*~M9+$w75FiQQ>op?icb z{tkC`jdaWwF8rg^6neys>HyP!}=qQZ^wfF55XKIVHs?>$dar-u1aY z4E$_6A)#nQT+{tv&6aFvRuIClblAZ*xzdKPu^77tvSi(1b zMxkDyDz64g<7={qF&{wI@zH^f)X%*w$G2VHuXB{^u?0Xq-S#Olqm-s5{MiEGBA3Y= z+v>usv^@(nBmH7QLJ&`?Ol-@`+qXa|1!862;J2VqBB{d3_VxED>(?j^cO6Ucuuu4r z7pI=31(@1Uwk~Sy{>8srsM_FFg@Pew{q!44`Wh$Z!rhv|!FN6JnCUjN^p7n)V*?uZ zXCzDe1hP++d+LQdo zKWFUhJdI%d<^BK$HMMk#VaI#+&n;Z$%{Biy=cSZ*?=GvNBy}sd>x9VbG2ev@Q+?}4 z9j%%U{Fa#mVWuJ{&i&5`QEAI3b06jJp-mWJdj<^psGk6u60_==i_^`*6}M|d6p4|j z^=U`rQzmC2@$t%-5TrxKcVCYKqgpW*LAiB$?l-;%9r%UwT7Ilz;f~qZkd}7d;JAYV zZ!MdM5Z7EE4#^r#;k)ri9HHv)Jo1H-JxLT7MTr|Es%)+aaIA^snF*!PkP9pij|WG? z*%$F1y;*LunCJMOTT@xuuC4;+YWu>KQvPQL4TSuPTO%G^$cHJZqIJH%jCf=I3V=XY z>qvXYEt1Y(>8nWyevlQkzjGEwPkc3a4fUieAhhQ4%i+q#Kkckn{Ldy9J*JxUZ9aNa z&@%BB6%~P*#U&+O?)v}>_-6teZ4O#l9m2!+AQA7Yss_Fq$*>~64V2Sbv(iz?VA8Ct zZ@15Wr+Bwh1>%hk;>mZRYo6-DD&h5Snz6BEsvdWE(igm#3h-F$VVjJ-j2;V=8JzR- z852pPxvF%1kfAy<9r1%3SdquW1Ew{qyTvR-j@snRJhiQ@%@6lPA-B6f7>&c>9IdAD zp-g{HrwQ<~CH{9iGyf3B-KbdIvDe}s8yc=5yDY4z3*9?rVKckoMEb2{-FO?xt{)bj zC$9B&!G0A;YX!@dhKANkqw%(h;BbSs9&V0V=KkrmO}D8nV{fq=l)bOZL*mYnqvvdB#O0 zcErU|kc$=>j7iv+<8P@en5+nV-9lIk>frao6k{WGwX5|uA6{o=O>gOeZACB!{3(KQ znlnuUcXIo~zDz&norfvbRX$b4nu(f~!uxh1g&AjOXXZ#Pv~ZOAABIddast^^WcaE} zHMXKe@g&ksK3&>keo{WJya)DaKd>hn(Neq%?>7Z2MsS*B5OJ?pCmjODCqO)mv}6vw z&?_t&@ewh7oA~SL>E(l-<-A;xnwAe~)f&6>`4)7xS>h5BRMA#G3YvWa7X=gRjWT~Nw8qgA+}(;3q(HF}tXOahR;#of7m z?}z&r+z-D!GiPS!?3~%z-DjU@Ee%C{92y)H6cl`AC3(od`1wBoFaC{#>ldp30`_Mm zLst|O3by}1Rfe#h{7YiFDXS}B{lO;ums~Fwl0`wGZBUk%(e=tb%!7KF3}hV#>h0u8 zt?)K^EY|ZJ;|`06ED)HD*-(U%lBS38GQFi>hh-_h9#LoaWEa)Uw0i9-*fs{sQloec z!?2K5!W-=MqVBP2!KeD%5!x|Y&tva&xw@mfLRj%DrLLpN>L4KhDR6pbf5s_K=UK<8 z^YWFRtbH}`r4!TS6+Rii5E)?1^*=HnrR}Pf*-2V!e4CFdf?z%Tcn;l+Oc*DqXr}Yl z_gB@K5y7d0hHbrQ34~>)bVJs2;SB=niEvABVQLC=hOg)BcH*Zx#b>|L8EEsTM?s^? zgXe@S^l+ji>U_*xOCshfkgq^1vCcc1{2Z#Vj1cnd9ZsUm{}=c*14b4jJ;fN|EerY*4wB*LZQvp+Fcq&wC;ZmptJyO%cC0w%ED} zqvFrU0v@lt^R-%Jh7BSpC~BIuGF#zkSG?61bO6Ce`wUVlJwKnbG>dUkr1!@W-!K-Y zxMCVax-ue(RUHL9**GVwn0*smxASTZ?Y0}^!)L(o0`j&*xF6^2L(z#S-u_>xf> z!Bb~XFZ|vllc`s&Sss%bYbSu(mIJ(=tNHn!zsF9LIMc0!^IP2bks#A=KFRREoTh0$ zQa)QzY>#4_9M>InP3bv_sHO|JF$^J&jCm_S5Yy~NXk;HY!P-a{$o(@gL_m6crVTN{mnGJuQ`i$S!hKsPOcl|y13QpN+TIY>MjW*%Zi*?I!OKFo z*S@iOm!i)!erb$3RgKM5na+w?=SoxlOde!_lVq28y2@f4MF%L*?aI-2c(?SU_s|?q zj_AU`B8Q1iR71jpth%$0fvLkr4V$J{=PzkT8&a%+umF7mi000vKAMtt;ow7P4rpYm zOVXuPC}g6T8VvDww4KQ5WcL&Ycq ze~autn+t%y$9w3eD=}e$sux;1f${l;0o&_FqEN#8S*X%+GJJB|gNJ(4~ z3h(wa!((GYpZ~RZOl(FI;;%^l+{moK?0=NxH9xs#VTbtO%UPRhTl|B#k|0#x#-Sh(EP=xa~ZD?2?Bs(qXfV6Ilio6+e8Xc?7| zs}%^u_#TND0AaDM_oU=xm~1tO3od&(uld@g6q{dju8L{-q!{pIs_H}ub&C(AeX0Jx zw2hd8&PFF~`!Xn){n-((Gan2Lv_aJ`4!Oc!Oi{Z7OpiUkpHG{XmiXr#u$rviY`xE3 zJp`+4NV?mk=n$l)=PX|?YLi8Fl=U@bM7G``EW(JstOmcrD4%lUSii5*IdGJeth!d) z_(u9g2fCEO!_whlx%LCbq$N(%UY-lTr!Y&$sP8^a!>W896uzmFTignrqk$@=mMmN! zpnAN54u3^l>kBn}G9-0W2_E~RP_2#gpb#?PInVF>vA_>W;kPm2GC21xpKIJCk?0*{ zX1V${G7ShPWmKWeBeKow8RmAHx*C41E0Mq-Cv`rlO~ocN=x5GU=E_cg-X0@nnRU~a zXojKg#EKIPW>J>`?bkhu9?zWFh%2^uoDK#GCG9&C+1Ny*th&hbE1Yw;`k9xBzP>LK zvO3A|OowP^XAufg#FL@%3e_IYNZciiE;2;gruFFR2p%TBQn-{S1`o~@2^&G{@W4D> znaKsMc;(FE;Ac003uEN>yu7earH?N_ zV4u9ixk8heig?S}&UvQ8-x)qRsIhx%ts%wE)|~U0Wew!t&}4@0&6k=zOQr!?(;-2S zY_0G_<1V4}`mew5#nk0avJ?hP-YiB!taA7A{YHbXTDOn$b?Bn;K6K~4nji>PnSQ+B z>YJ2`)TkgvoW#kZF6q7dwH0^wFa%Jea))RuxR;IHER`*61vDb^Ti695rKyIpf;v<+ zRmm?*e9o2j`FO=EAA)#q_CGOwtYWP}Q(udM$<|ftolntz4%ynF9x!C$e>&2K2VAp) zlI5u)=7DI95UO4j7U`y>82eWsYwxCcO^eOE85tkGpq($ohHYMqo!Wms4vzC|Wcz*; zh|@vh76yD9LC1~dtjARGb_pkP`&Wm#ejc0bbHtrfW)g)7nD~V zeI{ShPBrmBWjTTqnCIV#a3E6Eo^#rC$LXSnB~nC5e6ja+CetiKdG3D7^E_9MQp%o0 zkD~Fwha=~fSOi$sQi(KipPsB2R@`am1=Mb|uys!{4!eDFcdMMd24hma@~Wn5VkOHX zk_$Sq8zkJ8>hY0gN1^B6x%@d5nO?g{+BH^vM|*L8Oe=RdJA*43EV|==Uj9-?k-9aj zr+#k9_cp9t42`hs#l|0KECY#@E?UWCx7sy~dnzH8KQ2z(C=`-OZXI`*BM!{hDQI}W z!0s!ijmO;n6p~APM-Mn7@XPeriv*i} zT$2H%^C%2i7+!usE$Z<8dSGb)aXt^p-5N43>9|>Ur4#cD<2;qpbbEmyVl8=PAJ|+l z_jsC%Y%`A-*m>131)ytj3S;SY-@y92aVaMjEB(oj69ax|+W2_Sr+l=4IVJkK5iCy7 zyQfomH@nI7iT~oMwuK0}96y!9(2|p?LXe5x=~49eb4b&(e~=ZAXoEK3W~oW)RnB_6 ztY*%YkqVJ!|Mh(T1|bycyp8QfZmOC=>b*fenVx~j$$5RAFAPs7{?J9~yP27rW9MVe z*Ph`}qJ)KgD_iQ8J>iCxaC8~zql)|Q&Zt^Eg@`*=Cv-F5f~|_QzLR_4^Xw3?Ym-H6lu)$s`(x2%E0oe) zStXvRxiPv;dx^QalvG26hYbblqZ;k5nr-LDm+jh48K3U=8;4ZxW8*&UhSJ+!K9PPw z{D1AS&ecYniC1rwe&F2eSA6}q9xqk4J!XB2QpW=s-!@9fv3Pp?cW-h2-wupsF<{~NkozczK3_b6`zi0%v<2-xAzC3JpW|D7-wK%U6=7`mM)QWbzRwZfdNmM@^ zrjfc@!5n+O!o1=3vny*DtQezu)4qz+a8;SkB)QXV!jYvXK4rG=Kifjszt)ZS={u9K zvuv&aT7T91Lfi4BfIKASpa9qCmz&u8lgT&Iwzr2)3}(kEEuBr7z|LV%p-H&@=Ml+H!K)~Er-SSBM@DofU%AWQ-u-5T8_q({oF0Z>z0P|B6n6JX7v2G+f5)e@ z>np9to<2}oEco*!Q1iDwaKnI%w5*mW=*+a@jtj(=x1_wRByEb z+p2Xtc&$qj8E?yWeKw&Mw5w>qjvuUrE%ScAhqNv)`OM?1N86%Vs#;vE#yxtBDWc+P zAkgr+Y{L(oQHT+?p$A8Ke{6%tOL@(4kUv~QC7A4Fu*%fIq@bPalKLdH%1j;`UC|ue z(j7n)P>+r1r$c4XM`PjZ0$-o~TAiqmNH$gC9+I(FSd{c6$`$0cyiKIDgvg=P_8Bc+-eSaWxRx&9Kzt@E z9rlPp;9%%}Fd2=j9TTg}t$MPMD5(gSunjq5W|FllC8Ap>`15_O1u>m=Z;8r zfe$PJA3uL7HD&czn}<-u5fZ!UvyEzw$q&-cLrbLPol2S+GZepf%>($=X2@H z^sAPtufOV|I7+v(3o=TzV+C{y+n%EH3!yc!!_7(QyPxPCJ*kQ$5pGK|1Dk-t{aPtS zv!ie^QDW(ZpZS4?U@eVH`wtA_9a_O{d9;#Sw!^pguql%F1?L8nufnTMGL#)b3oEv*Cpx zz#Me9r}u{1WwEl3=bJXmcW^x2*Dt^O45<4IyzihC6=;D|h3sB7iPYJCXMb99o#zA_ zaH(i;Ft)`azR9|S)ZJG8zAW@*cv(tBbNbzK5w}RI0b%w8;{IsQC29bfvaVSeA}i(R5bD z+BG&vxCkV{LYIF$8NZqp#;!cW3N@zsg(~ZgTK>UAg;S6cjMQ;3o>$RnkXz2)8 zm+7mI%6S1qS}b|R8ds<`caUxzUh7;ag_cgrVyba*@s!7<@_?FWS#0regXz1y=_)$W z?H%Z^ykQM%Wgf>{yVnfNTbTNG@Z%>WQVOMde$x4t5{@|Jb z`f2cHTBws}{n5rFSt74&f^yych`&6u6mu}jMvyv>6)88q)}v8aVnA{Bq9B^vQR3;H z6QMIF*Dm&w8Tfe&EIIEPHYDg;k_KbWo26$Yy_r?I(-Pc6 zkK8r9rQ5n*lYF_H>hQ7b_SC&J!2@;_h3~Tf(~n6IriGe5QjC1T<$ zFcG$KUZ}@`^7oAuz`ZZV^IhOaZD7W`A4QHTzy>F3Oc@wPN-CSO3cBBm^9q^;#FkP{ zsE}G$fGtpexO9ft;iK@)3WL{;X{HI(}Q)gj!NgT;LwXPZIH_#=Yf{9*7$i?hHSF9CFwFH+PQWk@;&wrO3Yx zu{Gr_AUm(hyyDl4=T22cw^{r~09kjLa$bgTAxuF?jA|bNy|kkZ(mXOk_Q z+S+p^gf<${=_kxZ!SOIgvs}YJFmIw!xT;fS1Pp_k#Z$+-wuaYK=oi!Tb@F-FWzAK5 z0N?SJS`)ZoT+4mk+SVS6;S{q z`Sr@QlfZGMJoO37qsYqWe3GMsEcf{InzSaoA@VD&bjZbhf^UR5ybL{c&_K^e?V!=i zEy|vuD_1N~oV-6p*A$fS6W4xkd3vI#DZWrBQq-gFI8Fa27%S8FFJ~#+unptSE;qkw zCI)xqGV*e^FV!Lfc)=57QTfBIXX~c-y`yCBD-5vihv{)5;@_4uhSh7XL}--n-W@V( zC36;q8xUN1=5<5%=Ri>%Sk%f(qqWTGv#f~hF!brhjDUjA z>zmr|I|sA`zR?Dy@pJ{B)ThbMbwqvREP3b>Cw??>L6bmxkWz6nl%K3}nr`#sjlQDd z$|~JYw@(^CO$7xz5_hJ7D?Bt=wts0$wnUT|FNw7_N6XbVK_r{PptzEg$qdq7l(|*=;ETZ%zUI7QS!B4}XVX|nx@ZoUz|2I20SmHZkk6}1{q^Vo)P`fm zMEZSSx9X1igVR`h0q~1xT6TJY@fvhsv#_{Cb8&1kOO+sB;`YfC#wme%#$iA2WCuoQ zW3|wMgWAk*QM=igcSNspFbGXBVmSy`lJWc1%nlC6e~38teXH*MWY5uYhWYcTt7(m# z+T!)c#y^8qP~$s^y*WS{V~(bo1@FjJgacyQxo9Jm8Us8=ue>$JMbLrh9lmvs%lROz zm3yUhk#XO8vg%Bg{uUZFME-mQvk^H^KD(R4puFpV96Ik{8lLP;1GcN1g9J zqj{3dhd|OVPY;Kwyd7~di65ft)Q;VyP~DvJ;B>h?Zmj-e6X6IBU~O$r9sbwy470lg ze~0+D-0|khVPsShg{=!_N4Z4hng|9DZ9B63aHBvOVnJJsEcg6)Yy3@Z#Hx*V1BbDR zcm9Y$t&o6v?{D!!SE?2cY7sP+$!>YS8JmZhauOpq-m6<3CHgn=^MaGMwR=d`KHM>8 z487~M!7#?a*!5ZG&JQX0ri5r4EuCb2sp37@C`mXK-sh3Viw$tiZb+Ix{e5i{T4w=Z1nH`2gfR++`8{Aw6*`n>n3u~5j> z9`c{Q0(S4f%&6R?PVqDpMW<{%qX<)2uvWny^umA;ogs^`m?%bvfj#QXtEs0Qk*gYs zANP|YzuBevQ+&B4ut;+%kwg(=4*kEba}LEVOXgmhtt^g1HgUV& z50m5zo5Z86%@3LGu_c*l zV;>I*?itQAo!3sFkvV=WM*paZ#T$wEZ?F}9HIl>;x_xdg{lwpvrCksM zauXWdbI?GzaQ5CAv>P@TlZKfc00ea!HmjEjMa%4<>NCsRQ?o~ig`zhLmC)GGIkfQg zP-N_@Y@Svh9tZo&WoUmg3&@HE%$9QTFbOJMD}Tt>WPVtE`qkH5d2_HL@A=66@9R@; zi#|3f06Cf^h8m0z(nrz^ft!6XWU!j{~tnHLIcZa;zyLrjf#FmnE5Q{^LFW zBoGsu2E=-1~8eC>oLAf`53aiGG934Tr_i!&zBM8;F+IVbmAQ}*{<}ad zYaNx!JOlMvf!<@eTQx8xGFQ4LO3WZt&{v-*sD3)2+*Dh}GA9os8b z!3C0eijT;b(?9((pXqA!Uq53zmr&| z`bbqt8J-#=p%~or|H9BZ2EoQd1lq*Q7aLntXqU<)PPlJkhYwVi8PV$z9dd!>;>}J9 zKN|{s40_&j9u}wWBeAmx|Ac@1U&HIj5HwyF1nc|H@ajG;h4>dsT%%2RlYN`|zr_tb aV_~hmNAs4~5dG)qp(rb8$k)i4h5Qfajqid0 literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index 64ef0b4db5..efc63e9b1b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -44,9 +44,24 @@ Logo |Partner name | Description ![Image of Elastic security logo](images/elastic-security-logo.png) | Elastic Security | Elastic Security is a free and open solution for preventing, detecting, and responding to threats ![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | IBM QRadar | Configure IBM QRadar to collect detections from Microsoft Defender ATP ![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | Micro Focus ArcSight | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections -![Image of logo](images/-logo.png) | -![Image of logo](images/-logo.png) | -![Image of logo](images/-logo.png) | +![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | RSA NetWitness | Stream Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API +![Image of SafeBreach logo](images/safebreach-logo.png) |SafeBreach| Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations +![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | Skybox Vulnerability Control | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network and threat context to uncover your riskiest vulnerabilities +![Image of Splunk logo](images/splunk-logo.png) | Splunk | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk +![Image of XM Cyber logo](images/xmcyber-logo.png) | XM Cyber | Prioritize your response to an alert based on risk factors and high value assets. + +### Orchestration and automation + + +Logo |Partner name | Description +:---|:---|:--- +![Image of CyberSponse CyOps logo](images/-logo.png) | CyberSponse CyOps | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks +![Image of Delta Risk ActiveEye logo](images/-logo.png) | Delta Risk ActiveEye | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform. ActiveEye +![Image of Demisto, a Palo Alto Networks Company logo](images/-logo.png) | Demisto, a Palo Alto Networks Company | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response +![Image of Microsoft Flow & Azure Functions logo](images/-logo.png) | Microsoft Flow & Azure Functions | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures +![Image of Rapid7 InsightConnect logo](images/-logo.png) | Rapid7 InsightConnect | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes +![Image of ServiceNow logo](images/-logo.png) | ServiceNow | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration +![Image of Swimlane logo](images/-logo.png) | Swimlane | Maximize incident response capabilities utilizing Swimlane and Microsoft Defender ATP together @@ -56,9 +71,6 @@ Logo |Partner name | Description -![Image of logo](images/-logo.png) | - -![Image of logo](images/-logo.png) | ![Image of logo](images/-logo.png) | From 664365dd359f4e65b4f74adee7d3e1c98b57010f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 14 Sep 2020 17:16:16 -0700 Subject: [PATCH 071/115] logos --- .../images/cybersponse-logo.png | Bin 0 -> 3653 bytes .../images/delta-risk-activeeye-logo.png | Bin 0 -> 7490 bytes .../images/demisto-logo.png | Bin 0 -> 4462 bytes .../images/ms-flow-logo.png | Bin 0 -> 2655 bytes .../images/rapid7-logo.png | Bin 0 -> 3977 bytes .../images/servicenow-logo.png | Bin 0 -> 3799 bytes .../images/swimlane-logo.png | Bin 0 -> 3692 bytes .../partner-applications.md | 14 +++++++------- 8 files changed, 7 insertions(+), 7 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/cybersponse-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/delta-risk-activeeye-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/demisto-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/rapid7-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/servicenow-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/swimlane-logo.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/cybersponse-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/cybersponse-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe2849a0bcd0ccaaad439302dbb0e8c44bb1133 GIT binary patch literal 3653 zcmd5<_dgq47dK**su)EHRl60lRtc@36|;}=RBF~%QW2wets)dft;9_2hdfQ%Ms1af zM~zUF(xEYeC`HX0Z=N6DzugXOQObP!<*u`G18KW+(TPY2*rnS(|Y!oZ)BTmG4M;Qo+P8z)X!D zB1?ai1qQkJL?={ixGWiY<@85D2=giX(6#9hD?xLSyca!g=H@Ia9Ei3Cne+bb^$vF% zR&!34bMDtT*4+PH*Eo|9G3fKUNrc-6zC+?waAy64L=)IY`fNN6HusH4ew5G$?vIAv zp<&Z0zPzB7nCi`(t9~N~Bfn!e_TptNH@Gj?n0|MDr54SSAwk|>V5M%~h8--LaVOTg zzHj$olkERKKOd(@N*;AU#eaJGfvkS^`|I_pRD2{tnH36X4HMz2r3y^POdL@ytr)b6+{8d8s4IIH)AT!u5Rgc;pB^Xr;L zCG`)sxNO1Y&}TO)o&yd+@}qR6#Q%k>75C}OBoZ>PhRd9XnI04atoUfgWh)(74FT1- zB_eg$S(VqU=&34_b;>#3)kM^RGhEC1g@4SDvue5bC&Mt-f=ldoEJT9%r#gv60a}#; zA2|9vb7QL#lnqk=*5m2@IDmC%LtO2A+rrj?ovlO2ia1+h1H)8CfJFoq71Y1<`LPCg zwl-k$iq*KZRF<6+`01cpAwCX%=T?9CKXjgy-b;`vFV!M)zLfds<4T;2aZiV^tgQvA z6>`wmyTz5~A;x)rQ;(vJIp=0y$$*{PvHnT%5ScCTr_qKldEWm#Ro=TJcX~~otQ(A{ z{iRZ{3?02*IN!Rb+0@KqFRFX6VgC}WFNFbGPGteYcEhJoq1Gw%ukANZomdBI-n0oO zamLmVk_yhVx~*5p__Z!WrQavH+7k6IEcH+<+#+}6qisuj^NAop*{p8FW?AQ+3P-ee z(36XhV_6Z@flt|~%am+M`leqFWau+AyUxuhg|i7!?{}%l4;3LY7&0A0x6!|giQJu> zD#i?><`O%D)}8oo_@Xd%?y+b|tZqp4o{5n-sJB3{+H_ot6xKxVVc!$VN?|Q7FI&9$ zXv^M)KSx^CD4&H|@J{C5?vJm1lGru@8nI*-&Y|k0O6|Z_DNA~VYdV~hFo(adbeNVF z(c%_=d31~=3%eFk-UF}4hNj@=LxKa(*VS$v?S2OFM>yo$0DwK-Uzgmoy_Xwv#`1VV z?KMr!)qK#EVG^RF;l_^d=GMY;$#s68S_p;bLxfr&e<`9w)OKvQM-TNF*pGIOaM;1T zKXktKuwalVCz6G7_EUUJlfl$pQsQ`k414zIcR0U+&X=TY>7Zq;W;YWh58Ro0SdCuP z5;&QDvmW2nbLB4R2ZR26+yrvi{QF=xuKhAt7PlEC4KQxK%jl>_?2>T=qlJO9EQ#So;gKtrgp#DWBm5q$9K1sXtz!Ds}G0z%*;@&MI zeD(v$SGxr<-P7>>9z{Xn{mU-lH-v$KEy0d|rr+tcKYZZl6=U#dZz89dO5ZxZ2WFyQ|}w%WXdJ^FV`>>fV#TZkM^>rD%g% z-jRYPvM{%v7&or+t4zP|F&dTvjI_&3H;r23m-7BH^LolIG>(m<5^X1WBxjeTEZ?S3 zZwZLp%H}*-ElMuM!WX#OG1C)3E(^LpM*4yV%*?9#SyOu85lnNq`;nIQ*iL;$$pR=C zR#_EToSF*A$Oij#DAZ?_RC}^gM1#s>uA6+G*dH{IXs}G-=12xu3-yNsF*l~ddTSGZ zy!llI>1&URGbP_EKkZZd)OmdFzP;m{#oi7gsnGD@*8vJC{3ysjeS1FtmG10>gQGy! z%@;vf0vblCtE)GEx9{(tzOf#Yf{@Vt`FEPz;z|+!=6x#m33bRroHG|$4-rWOvbl}} z*<8qrL(5UwAcjw9jDfOUgWV@3-Y2QO%Xb3;9)k8Lft6LfY?!&ZS$fou$QQyMsy+j* z)&)VX`8~j-8K;DgGwLKocsK6V1*9Q*9+r`v29!Tzmy{~!97cfTRN@6Rc4}akfO`0a z+uwxM_N<9rI?$0V^)M!nChR4Zv%IW*5~hqWP-%23bglc58Vkv1^J3a*TGx18?lbY$ zG&Y4+sMKY{)xgGsS;dOVMjS1Jz5~gbSG3(6`m4M0^p|vVR+c|o{QgjAZ0wg8P@|EY-YLIosFYlp(&j4q{3l`6de3(+SSwrKLmjg)!Q^7FeA2Sg zu#&{FmT34 zA9FVc2Gf?)`db^Sx*$Rv(D4_LqFk#~oa2>?i8m6s)?2ZWTD?#s>W~Ww)V0NF8(rLH zEbVbJa(E}>yHB@<$E?nATxXN}H}nCzmX24>1-svTtaP3hc&P^5?G(YmtRQcMtuFr^ zc}lyu0!v}J45)~$&V);8sb=*RNZG%HyY%;MLzqvLI2y?J7zy%gVEle9hAn+ZM2L^C zF!WFF>){6%hR)VxW!#WKKPJ~iM_sV9fKZhum$n!v{1W}JJn6%Or^?WWaV`k;3KXsG ztMRj|8?@h#p@}Oi0aoP7+FHz<&+Fc82#S~2Kik9%VxunXsfw*pzfL_`1HabR7UtnN zOYR|pabrq_i05aFRf}Yc2CEqQOxL2MCwg-;r21KPV>>y=;>!1#FjIfO-2voQf-MaT`mE$qDn^!_*87j`*PaX}Y8o z=*pg4g0kkqDK?X)7Vkbt-+q#voo7?Gva)iig6ahqk(88tMIwEeogFMxaaI!M>DZ@b z`nP4{1J=HFVoy%ujrQl*#qa#>%RsbjzE}SHMc|a`;o;%(+FJD_WB z@NiuYJG?b6>Q<>=;7PbWS0;PQAMv1;KnS^v%$`?QSMM1e1vWGa=lTO!ORvQg7B2bX za=CA1gQ}dsA3n^yXNF&1Rw9$hT3TAjrk0|QAOBQPP!N-nTI!t^`+-1!uAx%6E=DFK z1ZWxwU6ILyRA&B} z4vy#P)C$F1^QUE4WtDrIddbPjDKY}l(b4`7?&DfpOAyX2%!6*IukX>aZfk3s9{qIY zM)abEAR1s0u{JmNHu-4mgwuryC3xwPRWv~d8ck&9!WdnG9?c>w_Sjk-H-HO zVGRolQ`gq+OWym&e?zmxd!yWtX#qEj)dmowwtb;hKq&X_#y4Atlp+(fKc8do>N-rL z$;`F{D_+&PIo9^d`D1w5;bHXMyLX@3p+W65x4UZ>10r5CG3BVDjpvAOBmA zpBO^xx@$cxlYT#bqB}qK|KacdUoA-KUpyUuW}5Vgk|#S{#vW{W{x-ep;TA%qW%iNE zYNTpK;R?686RQ}dM%R9}YDYM_T(^rBYwH>sCdOCYe&1sYvWrCnpd}$dUq!w4{X6jdXW6EUZh((hHIj(%taP z|HboScCKr7cV@2doO7SgeNU8@h7utj6&@NI8X;I&UI*B_|8K*227JO+&sBjPuDh}k z1PzUx<$oJGScmx-IEd{DR#(8@#3e!_;LD+XY(PV!UIWX^>iT9KWbZ<#cLP^smZbz+ zqe8K9lF-mGuy8=kZ;4j}AqGFa4HkZ|7?~NfaK;yMD7|LmO*+lIM=w(;+HYN-kLLct zS;y$WQsoW*8@S3SOFc-4F{rRKhZYJs+&yIDr9vb6vV_hT8XE34)0y@!2MS$Yxw$yI zA6J@sqdq;WyLRH6V3ST*>9W(VXm2kX>G7NiA;4;iV{OC=2_nz8u&Cf(dDi_*qa-<} zS|f}YEzOoFEFuB~0@XW)xb({Gv_JmxxlzX!t`$B}#1N^Ku9ICAAAT0RNBs(`8sbdc zI&N`$`+k<~_F07Qp9KYHH6d&P!9PZ9LlR1P#36Pr2lwj@E6Dk!{uJ&{0jGU0{`9y< z5Xaaw4dILa5yKc}WxeU?dCb~tIm+J^r^z;rU4$((dkOl9Mg9>}4=6cQ)YIcAck(mT zkFpdXp#p^rSz3H_PeWbBxQk|2a9j4CXpo2sOZOf4|JQ25!wk;2v(HepQKxaC$;KIU zjG@%(6vT4OP&Bn7)yy>h?L~u&iv~_Y>pLF7F*oTMo1Y*2he!1h_|4_{#o6A9xs9cx zqvDwvb+Qem-b|~3p`59eVEf~t{hEYqp5}$N(R-zL?_=@KPu zOpxuDko{=>M1O^+Iw|BLd)n*!@^&ZRHAzs@`Lf%jiTK%y}Y z9ibC7%RfteKC%qri_c0012??X3Zc`RS#=u8WNFF2p`2J;{DaGFGKbYJMf;B`)7~K{ zo)OWREsdGPyjCmG>eZ7_{iiz*@zS}{2_w^Z@%j|zqO13?Xt2%248{N#)ECFsv(5N+ z=FqEBnp7HNu$2_QhMLGK*waSh1#;(Px^C`PLyw8)Ti>48vLed~-2MDs2NiKt?C#n+qVWAPXI`@;$0jCug(DuN4t*H1mr0bam&Z zCeH~P;En7Zn)H(tvIUkpJ3IRYt&Oqp-HZHir<~sSaUML{6w6nyu26dgdl<>^!JN(I zFhee=Qvox0q+Sia;h{onz@@bRVjzQ63r800Al7uDsjU{hvRJZ5g=%)*nh3gneG^G! zA&`C_|L{6G#LN17`M=N3%}u#zO~ts*NBafs-6WC7sC^MXagwz)YJ|jSx|PxmQnP2c zxypFb>j{Ks_nw3<#Xw7^`?AS>3{<)&?sG_?t%v#opJ>y>2__CPl_0&|9N-L#jI0xR z6CQeZMM7mMdtDY@&n4*iswC*6ds_>MXQdIw9#!V+nsWZe3C#{oijdk#t@?)NwRS!r zH0{L10M8q#^%hr!Ij{Tl=X!cff=qEtV%Vt=e9n+Js;e8nI6f@q-nm@iG7z_GtXI!-| z(;bwA+l2-y^Ok|YpBIX<9nX~xUJ&Zpaa{Q$6#tiwm5Yl^-PjP{%ao0oIZV|~BRTNn zQ~jY;QSBB^WzeG9GSarwEO*5_x4e8%LFw!jkfG)SvaVc9q^4;Z{;&NYN6p6ulsL z{(&NEfIMW4k@V*Qc&iIycYmwy_{)_iTViahwN(rhPV5{VyV;-q{$~+z6LAe)F^@qv zA!|-oY2`s%+cZ@Kvjo9JDk^0z_Hr{qJ-~yQQJ(LPLr_fAS=|Zu4BxIkr~)TeoQoU! zhT34@-KG~aNM%F|t4t=j8;JU(5qw9oBb8TP?4=-mS>Luw9}N=j;olHon! zh{`z|H%AVNiR=&4z7nMCVqQYuTIcNpr0G8K|2C2Ik6w=I*vgjBp6Ts9a;5jAnOPgW zEKP#{gDJ#Os8!-(#L)iu{pWZ1>Rv^R?b>_2=3%$L`|!d+MI~NGNpMoD$1Zi`bL)^V z8#is#5=nw?GZh*r$~L1x-I@2+$+#?oAsudC@+*9Pn`gc=z^~BAb8!v{Nzzet5$@TR zHl5?oRNLIPJ$v+f+UlN5td+_UWQ$L%mq^@DichEwyz7LpI^|e$2E+8bi2Y#`{y|S-#%p?J(im{fw6$HP$yn6=Am(ncv+xMUH<2jNV=f&!(v`@ZfJmuw| z*f}9NTNTO3*d_mwX{7#7V!_ebrOZ*$+^eZ4M8)8iO`&`QuiyRKk9u$1=f(S%3qUX! z+rwr1PJ28f=l+B;n_K!gutcEi!(qCFj4Yv}w5n2qy*O-oFocj4joC=<>Nc&~&7!lw z)o247qe3ySdXG$or=+2Sf`Po+$s9*I_gBs`*rd%fr*(eb22KxFRLMVIET0qM53l+O zvNMo5-K+5e%L$~rUz{VKDk^-HoDoSDZH8|!I{fciz0aOE*Ws$gq}>6{%XSJ8^Z#e) zjzx-LY(ZH#WE0V$ZkA^e!dU1hsir$?$;m|&PYt!y!#OYGXu*%(rK3_zDN=ASSMdN1 zpF%=s1rSnvu^0Lb`t`8Z7;+w=Kg1HPSsQN_HZk zM^vC$%{R<+N}#&%VshgThx#Ri$L+N#t8=88&*pk&Z4~-uWaK9%g5vx?dT|6AWcAL* zYtS0#TC_;qLkaO1wAAo`n(}ae>IN=*jLI~0qX=dUav8=)v!(>kee%BK|DYAEwL*J9 z^i2Qz+f>w8R|rVa#R}?_LyV!P2Zt|C3^kP8n;mnJj~_x|DjdfjTt=dwtdvXHRumEF2--6Sd`utqu#XwZzg;Q$L%jx+5SoddNBYPtiiv_A}K@+kz}o+8-jp z)Dm-SsFaw(7r~6Urq+n)`TWJsR|p5xP01+-kX+6m=&u~z4L!Xlpbyw2xnh%*zHz-Q z!6&QqQAsOzkvkOx2@us2WW;whk?xIQ+gJZU_P=0ocMb?yG3go~*?D>DR7Jmn!*G0~ z8^86}eQor0&%@7{@WQ6#x^)4`LaPx3yJ<2RrPtzkuUm~(&@9PY+?Dt|(ozSinTxpZ zk~~Vt`#EWK97ZN4(Zryz@5}gX9NZM`b4pKkb7`fne2s2mZ?2NCFsNOYW0$zi__+zh zgOT16SNN*#;wCX1glDZ%)Dse;@It@7t!6>aorX1wBdQ}noSrt;?4`K*tx;;>=OqQYCn{Sz@RKBq7fV<;I@gyx#Q zGYwW*$%A1=Rx;f`!nk2b{A~xP4YgC~$2``%KYma{8Q1UVXyLb@RU@|H-A9eWu8m{@D3sKVxJ4WXFZcoT z-BP>xm+D^}iycc*bj1 z`z4Ex_e#mB5axsm6O5_Jp^^MsK~ep*n??ImnFHl-_4QtxEt|!nleFA`hR4C zQfenB4dQW4`SfqGl>8~=kQ8dVcvQ@|%(YVNHk}1j7?t7ZOzs|z8U0G%91eWDH-$%3 z!;2{wQ~lXvMq?ZOhP!69Bf4AT=7i&|&5Ra$C*@WK$$+{X{!Km)t4C+5Eh~zRL^xNWeR!J)}#CMi9bswFzLKe>de~1`(o-YNP1XM98f4uMq~(` zsZy!9Hufb5vPtiO7K%i_(HM9b{xBQI9; z(CGM4kbFPeO4_H)s)Eb#h}zdqbeZ+r2I#!l=uBEk%sNRRFj&Pzo5@W7yNIn%BzW@(Y2umT?4wx^?a>8Tq!niQ9l?JsLVLa92{GoxQiQO@ zvo!X-hqJoa__op#CKC+A740)%*PCSjGRfa0$y>`~F^~(sM|w+|@ml2P%PS~Y>X1p& z^1k=(sDsa7$WX|AtTX)jhb$a!J)gHhnmm%ErmH(BnY)8H_LWpqm(XgWm?M8#Mn^)j zCa>7})mGG$r?|Kz(I&if#Jyi`0IhJ!(Rw;!U{@Xohlt1uwI$l$AG^Vmn)&)psGVn? z>;>4@a6T*5aq;luqHC^`0NIPC#>N;HlKJz>AAqSn_Kl4Y$#AvKQczH=WfO~H5{pz` zY75ZZ- z2ndb&)71pQeN!era=8;q9y*Lc$G=}N7BT{k9=;K+Lbf1(*@p>`2JH>upVaCc=pn_A zk2FmT2#_3wpq>`1Wr0Xyvey^DJm3-$6}B~H*SIdTuzn_`n8;aQeN=n)EV9kmaI|68 zJ3`3?hhe^5EPnJ{=zk9kP1hNe(>buf9vw0!Jbuw}<>2aI1)#Hu z-;rdxwtuSJ&=k)8&cCgHRUM-H8cchtDJM4pzMW=_OpL7oC)7_jyiXXBh@sGRrN%}t z0EXV3EDV?JiIW5BJ(xW>1k<|S;Ro!kyI6MC$OH=yD^-P8Sbt;@Fsex{p%(Y!-aVJT zotszPNUy}O^zVkV?Zin~b|u&QXX0j*S0^PCR3;uDn|%?_~?7w^ES3ma`)2q-7Y z)nu~q0mHzsAKW;K+KpU|z-0 z@{0=eFqTSE zEHgZ9%=S6${BU$Q%Idp;--y_O-Q7Svd22la~m7RFnSvwMuvQb#^xsE z)GWI4PW$-kF&_~1Y}(p!@0+9&JpJTC?5k>8xjEvI$E4?ULjg(m1EM5Z@N1=So1G(L ziE;Y}TeHH|%bl1>^4_yh>COP$nUYTrm!?!1Iodk<@D}OTSY~h<*?&g-mW3I`z@a{h zIX6K`fnRsq8fU{RH)(^}68b4``E;(h$OTi!v$r(6uUvrE`)}ymb!N~t`_8C%o0c+PzcDsL1LV3O{Z^h|^*YnNE^VAv+#T_VWG2(*q>q z!{U688}HL!nFki~21MbjGrc6_HtKj{31b5owX!;Zn-5*okf!Q{u(f`e-)RGh}b$K>Lq=+mE!lagU?xJ_}z`C00y>l6O-+fj^^ha)WbQveOIwt+oDCB_E zE5Fcjk@Gp3QA*s6Vakbbm#3%q@5|1Zk+1GaAfFS1r;`;DN?IUXILwi@+I|VP^tJw8 z&-O-l?hS~vD~b+!OEaD=-Q76+1WGxG@)J7+SO6KH&i@dkWj*mx4ZQ5}yU&eRm{;7~!qL*xp z_RMXZOwKGj={Am6zV%@{l+$an86r025h2vf7Tk@i)BtywRpb z6}OgGH^Z1=++yp3jIJkKQ@T^l*;7c4Vx(SveVisNGMwMV{B!P);Cu^O14({z+;Z6Q zF%A-mOe3SLnL`ZJ<8|Ns2@l5=k{2fb@CC8kzj0B|!V`ZKv~4B*5E>NDg@8$oEu|DY zu-A|JZ%-usX!{o2XF-*bQC3-2*jAJs1qajW>3ZA_Y6nQKj2^|cyq}7vQB%_dy0m}B z*k?XDX)yl*5u?GC*_&$M>)I0O5Q(Xv&6mkN%5xn~4A95==@5kZP&p0tWniROf6{Dm z*fb;k_<_d9e*V{4jv3I{@0bejFIJwIrF2BshTUL&8N4T=8>1_N@)oF8wL-hHB z=UF@=OohUZ|6cjdF3QULilSQFGT|EJ^ug7;ty!+r8f?!aNh6W)=|-B4fnc8Vw(t)I#MY+}AJIN=E5=}`UZXO&$$1u{Kr=|$yLa3n* z8hyMs{NAOSf|KTHdwwJM^iC_A0v*Uk zKfr0QUDtm^lm`^@owee`{X1sv&Bwv zCHp4b_?DJFYjgpLt|{*hR{< zCNk9M?i$|nKti63Ys7ES6n{MTv`0q?e64*$I-V=uH_M%A-WIv=wXN6zfU0moHV0=Y z3~=)>U_|dv%>PdutPf30kzaA}2Q2xKD>7fbrePD0e+|BWr|fzs(ec?`lxEO*Q68|r z`l$IO6bpv{Mgx5GG1gOqZla{3BlQ->dPpI~DCRJigtFy{daI{*;wv?ut&t<`RFq#v zsgC5!90Ss^v)@0iM00WxgPY8>-zdJJLQw~>55nRV36L>=#{Pa~O;l*PW2+SHZDhpG z0bN?A>ar`Zv>uDtYZ7&&d)rcJMl{-oMRE4e*3RIZ#1s{?%a|}TrF9;l&8KFNN_y&2 z2NNCh^2yxHnlc*r}J`$8j&V#jp1J3C(zzsyOU-dqMUz~bh|*O&tX?DePXlJJpMjm7l0 z9~|+z0x=^PaudhXNpBjxyiZCilWJ?Vp4%S!7sVt`lu*5)a&b{K{@ZDy^FC>NYYyN6 z4kxO#w5&~KZ*m~#NK<2F1zu&;l;<~;q_zUF!gD%#q^HU+jwl==Cf+-Ge;sc@A?Kp% zy7ZLG?bz5@dN}9=)m+aj6&IR*2P|g%wyBh4S=I2G=O=(>fJWD{2A(H-Rq48sF*bQa z)cq3mrQP*5zLzL_*T``NPyqZJc$s%Rz2^}sxh)5JLLIt^w%Kqu3C+)mTEb2} z4(-wgL(HmfFU@!8ZK;Mhird<}FE1QSv@+~|mA1QnhoRS39@ht+pH8hDx(mFKiem;3 zI!9;3$bYer{+e#Cf*+f|tB8>%x$*aeE%(w3BXtY^2g~>WFeT5{YO*&B#FyR9L_<4-=b!@^4 z*NQ>|A!AXo@8ugJB6#AzLv?T}7X%Q#U>Rzr@l^+shm~#p`HwQ<)NBt8yt2tx)q;2F zg{tHQS?U9~8w4o%>I08UDN<^s31GBU8JCz*3Q*e!3}6jao#U#(^hu=Nn7164G?~di z^7=)cS*QQpj|!MQo^jlKGpCwPL8zub#?U_z=}Yp4ARyGZV5?c<4i2ksFhIP+0q;F6 z|9oJ=Rg_Jxc@&haUmaa+T~aFcq=R4mhGNrP{EnJ(E#zhz`kXRzLNXRgJ3jyG22R!V zC#NLgTJFi8!=j~K)~M*Et<#Sn&L!0UkyBe!lJ@Q(W47a2@t$#~I9NM!j^eZd=4Wgx zu9#=vRmhO!_>{1q`b75vD@%h<<6ZF)l}wL(BUS9=_TtWIEJd5M+o!;`r`!%vx}shN zEj#^K*;YdqZ}MGcx)s=)CslG9#Txe^hvW$6I_*z&-5+j7%NRpnqLa$(8Y}N=W_V8I zVtIM9;QYLa-(IKIx!z;7;GrI*4n)O8u{YU|kD9=;+b?s2fcnVAtPsCngVPOl%RfSG zW!D;86}Psuj<{VhR$XsN-b(h-n?K*gP{LaW1Jl&r{!p9Y*5MJF-pLOiRN`b+D=f-|LkGkUm>#tMJlfS-{2Myv9DJ1&87=!wW{`yF z>KaK)>ue0#sn_`V$CR6!_ky|5x0nXZ()Xc-$aTdH2L9&^Ahu?ubAi)s2#%9{lAC?l=nby zwjQZmLj*>o8sAf!p}g8?E|$KPp}YqRjQt!|z#g+}y?_4uH@fo)7v_z8j){ywGScu? zHcC*zSb)4Xr+Tf@^NPB90){?L?z`T$b1M3Hv;3tMTKk_xcRH`T`z6hj+}g~(+ks1% zjT?&WI|6VH*0|U-$g^ZasmNb^>t8>#-#2MWM;EL{ZF#aK+$LfU`%|=$V19$-Z*w zSIVne*yl5C(S(V%?4JRR%Ps32;hcyCRo+VUcHE7I?V*VEt{@2PftqI2?2$&DyD&B4 zx7W*_r89RMmVGq?mkwuD`FQc@(rV?rpIOjkGZ^LP@iH}X#n1V|IqXJ8;V zKo5WVkvZN|%6eS@g_NZ|@GUTezwGPQ0~-K!Bq3b<1c4_aL>~syvW>hmZ!V~c%0U<8 z>h=kF#_Ng>td4(7cWRcSDmuJ-mJze4hgh+*3h`Hy^+(^ABAjFV<@{B#7zr9F?AM)) zE0-_pQ->d_mg>HD#R6n32~=kpb;r||4vw6S7_g)z75b7H%ZJ@~{X zxHfJ?`n1+CqibOy@qU6_v~fJ={BApi*6mS;#UkeS9Rud)N~H@;FV(bu^EIS){n}eN zp~&5A9Vb7HwG`p)JX^lIyB|C^=vos!hFZc#1qkj4d{-@j%U+OAi?zF|O%UBO5A`b$ zsxI5iw}{H(n+bUl!OhEJPq?BFcc)()GI~P4-x|MkFD!XJlmGg54z%XD_22PFw5Kh< zhL3|Cq(;aX@>HbsM&q$4)VTV`kBpzYL`FYfHbiWJam2nPANc!#_V~|%()*y2H#;+8 zvwbMBQD(6hv8ebERD9>`Sv9i}VD+h7r7UP!wd@ZMl}mHBKBboWNLFPpQ-8W4`1CdB zhGc4SSjwzF{kB4}_eT;ltcSMxNR3y`d~`~r;aQD*AIy6zzw%>jxrmgPEj=;IsJ;UK&;4*T0dhaqfw08B_?n&sOpe9Z2 zZKtMz9{H7B2_opL=I-?UBLCR~di88@BkRxU!;7!quV#s${b?}Jv&O^pH>>0IVmjc) z<(p$cJxyQIVATHbxXGgC{msPyg3btznIaZnR4-@e16XkFbFUd%VjlK}NHCT%_v+;M z%)Z2ruAmY!tT$mVuN2M#p(cT=LNoP@C#NPaw(^ES2hEY!EhkRaE z`^_*R4No9u!#8h1sa=@{RZ1@~4ltTJels~^nvxQV{p4VaLRD2I^Yg}g9YJHu;4Q%v z!8B;r?*5)TT?i-XVt=j5rXWnJeL8fiH{`|4P1?i&uWQYQA@pldRu9s)=0|~Y(2SAQ zAT==XnL%!wySsd6FpHUxf`7Ey2_P@y@lUna@&rxyR$wu)&FZ}>3n_R zoYQqUm_$bX@0*&(DTt@&18&pj3G1s z#`dmzPOj)~R+?2TH{F&5g_Xw?U)xwpkD5wsK$zO$<2@S}nzlcg9vn@4b}9LT*UNg@ z+gayMho|69Jx^F}Bk+GTd9vL0BKZA*4Z(Wzyowlyg_){|RxmrqcbwfB21UF3gp!wemN@{Lx_Xjfd7=7MvlG8s zVw0aB9?j2%W@=c%>>;b1EyCMPim3?FGBSb>JoBVX1O~L;=gF+Cy=`cyJNcj^kPH;7 zd50^t)=NuIA11y%6)2laxb4jWXW^!NAWbD)R#DM6H%~KC)qUWfw*N78D5S{$nyHi1 z`MtdmgukEkIUBX`?GQFL_GLTL6YOZzRw0csh||$61+A^6hKJ8ar^K^5z&krTfx@+p zw9<8H|MC9_XD|M?w{*_H&^<`@W+NqSHM}UE;nC4Y_x7|l6n4kA#0y@CikPM&5qQ}* zAa-twhrfTC*|oYT1Q_1!jH?4Ns;>a&#^P;o2pgoSfh(x|+qW+?TB! z92@~j2IbfqyEs?TG*~t_56}GgHS&Us==ym5$(J!^S|#ag#8tz&d3iETDmc*hPu;w# zp&Puj8Ux$LbC^|FF+q5Rg}qa{`T6tbZbqJSiqLR3P{=z4QJO%IJ%g8JgstJ=f2yiV$z=SuZ?J2aDI?8dZx@%?xON?1 zKR^4?q4uqXzexUzJW$H{@Ci)`b|p|a&Pjw)eVS^{J~hnr%y%OuRabi`iQw8@81MWa z;wC2@ROF2`2qkT8>2?T1qFtwo`Dd4B!yXKwR2c_{f}xN*q?#3IwlQ<-rKK!%a*tPC zr`r{-c-E$xY@;-iOFL`FJczk^>c?)cx}>rs1dWMT#aueO=UI;j+Sj+^GM354gUFep z%Nd6G&!2x#k!Ny_NF;6-K0JZJ;>!NfFXta#R;l#lPc>xHB3GnXmzY!r*Y9xcqEeZG ziqy1#3h1Cv!^>FDKMwe4n8Kjy=B^nZsMkKZ%r3mdLaTq8OkDdR3H(4>Rb&4$*Pkm@ z7+(1vqHo6ce5RXL^=Z*e>yDbJJi9i7@KrZBt}E`9w=W}4x<<)bF5tJFIY{4Y1$Fx( zpSA|&xaz=sgIrCMluW71Sg-6Yh&B&kKUN)F_{DlNUGab7`bB_kttWA_OP>lK=5o=L z(H*00fZ!Tlejqm*m_ literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..c28a05a8ba9298f716619a11068403b831e64d4a GIT binary patch literal 2655 zcmbtW`#%#36xSNFmDkWjlJc5Yd6Tfb&Etw#+7^1480L{Xuj`I&$)j7OJ0Y*+6`DdK zv_yGrd2Z&i0eB52^Zb zAkCqsy7Fa;e&5NA(jigN?;*evJ#dMH$M5%e(wZ7{W#;PR`i$tFnJ%MsbGns)wwj~M znfbK2y*FnmuoNT;GApa0%MUAuVbZV8X8U$jj)stVF;X(BE{YS6AiBB8wuDXTNVO9U zAu!k_1s_qL@V{2oqgsx!Y>N%xk#gVPqklbhzSu}1XJzXCuLj-y)?*FetkN`$b%!?W zNU)R%QV#p5Ntf0|wr1&F9BAvg?8uvaBBs%|zQd}lJNFN3foa!u%c5C|6kl}HB4x{aDvNpuGnxM%_v*U9nzP7Y6(9x5PM-3itg^1EdSve zXCaztI^~%=V*QGBw`8=-g5;=rCvZoMzo*P_wpkMt>ol1yL+ef`0-a08BGOxu?YhFh z94#VwK?FG7?1dXK7?&(1Xd(2HQLN3R)Hmth2$pzseT=$vv-AzQA)R1dD6QXJLBM6p_&MQ%c2)NV0rSpD2q!&`-WlE@gxfXk`3*CBsQ>196i zp89cVa~R!Ak0$(h7S$enDpKE3X?Hm41ma@El^65Jmq^M=lsrh{>}BGnN8rxAl@Ems zkSrq_l&jY41|x`?tFpA#V%|+H@?RgAO~z6Dt?S!jFMa|J=|<9ekmae-dt+S=n*p{L zc>k0U=DmrZEg4HPvya1;$A2xsEMmOBP!R|1tQc8~VZgR!|JiBH+()(r>L$u>tQ)`O zRx`LNI`zMaw3@wrXssZW@$jFYMD&13B35x)F`RFjLB&^pC&n?4BHeS`n!ulK_ z+*fui$ZN7$moL_IaspL{iyJ?`DI)edOz^@hb=DU4_vh~2x}RB`q8IJ;m=||07@aK6 zPIoUjYyF;=-YKtP!YWKv`6}Dq;;Q8vHb-Mh;x}GOa$@Br3Mr`??@E=NGw|{1S&t-T-gP)Uh9HSNPo42bjd0HmKSySYQS{2pBTf z{BbvI7dx*%r{%y!yQt8tnbJQ)UrrBqzE^1T#RTz zXY-xt@$x@EXwOhP#Wgb4yRj}?LBVK!wfwIbkkCbkhqtLpThBIP~utTu(w z>|?PjyOFn&fkk{OLJ|7bDOD3fl`cYv{qjly)r~_($c0N)MV7Dl)dzrT7 zW0%~eNwtgoN7j~Wo7a)VxRIEb{edQtj>QIqZ|;odaQW?4!Rbm!lj+=u=qxh=uE|7y zf}DG9bhYQ6#Q2PWH>@!rxcnYWYLqjT5VvVL)ZU7Qn|wqp*4{J`En`IZdp`|2;ej_8 zLA(umbUI7hNQa%MNLlK-Yl7CDsMiiRHiV4VHM<9*d_8PhRaAGU~qUg;0Qw+rn$*>B|1Gh9iY(h><#)CcRL@!tB&B^8>hw zTADGXHJq&cF4iI#`zQ96)*L_7@>Hy(j?9^O$!?9Wu7eo?VZxSIP_=}EN&krP7tO%c zy&qlpiJxMO{i5u6n1)^Pjs$GnZW7u!-Bywh!!Pw8owx!@MKk%q0*t5}|h z3_B|0a`+9WhpqL}D!-O(z^7iZ9A5pP%#cXkKW2=Yo?Nf{p6mp0UgrYjLGSfLaar>Q z5Hl&I@Z(L)EV|d-%tOo$91U)Fu0p}(#TJv>4Cx>u*taCyP+XnU1xXTkYFi1&bOWwZ z2zyL);3QwVW0?s0OSUrWH`dZZgTK3}Mqop3D*Yy(lS&ZkuEy%#m`U7*5QfFjTVee} z4|BdSYo9EyYchsG4=SXzPUz1jDf$K~Rq8=eU1dyeo?{Lgrv-E1)XifPeyD@I=IQ16TsM6e_q zAMM-gT%XhjuS>uhhajTg-^)3M)T{E$m`>vqQs9FziwKiNELk`Vb=uPDM13v zc%Q-gsx^Rn9?KMlNm5)l4%~I;MBRy!?_z7Ag;WTtV-R)PJ?3UgCzuq8ALs3Dl@Mm` zox#!>4Tc^W6Z1+P!TJ4HMN6;WT)bUpKM?hqjF92R>}`MRjlPZVoxiT|NucdT7nV{u?&DEqEvZ?s@CGz)Qje>3|Rsd5H1kYa$DhkJJ{DGv$ zvcPx`>3NIu#e)AQ!eHyw0FJ4?tab$I_%$ZO53d=?1>`7kDeS{8tal9ob9Tkx_WdQnZYS*LxlSJylX0lOAM!d4Dab$a1LKS+a|F zX3JU{^(mlCOTz^2B-tTrc;q%q7|kiO5TxDt^26Roe&{7t5q3BFP`^WI+V#OWmb<9f i57quI;(w+61j)LQqaKRseBOT!MO+*_?CWd;QvL-+(f7Ro literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/rapid7-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/rapid7-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..9683cf58e0dd76710c8b251f7b66b8acccf74c6e GIT binary patch literal 3977 zcmcgvS6GwF+6|!^S|~ygsZs(P0VOB_1f_?L6hWlJmaq*~=@97x(l!dx5i~$VVgRG` zCMEQu6lqE?0gQks1UMg;|HXfK&c%H5JTvpmeDl8RU29FExv4%osRQVH3?a_zZ+@JBrC7+w2u}*kW1Y;cYj$S;Tm_SM=}W${Oa6ue|bL z5p&t`o~;Tk!qcvd9nUpxo3$JqH&0kABtf-A{Vs2$&4S3M95Tbp22t|*kcY_I#eErI zhg9A*|5rD&7m1iWpXs|qV;4X`#FY!L z6GADWj;40rUEUlA(;-YQ!TN#KClvN)Gs6Gy`gN$d;V{$KEGE?UQ(|LJ@#@+Bml*3W z{y#_m_owPg3nJwD#4mEV<*r;#dxJL=g^DUE1hOFSOCK;0@OhnVOn{ zC;3~t$x$Yip{*tfdb(fCuhPT6o(|v)gRG47^_laoVM-br1a&R+?xo}54AHlQLzcM4 z-`eY=P-M(zvX1zJxyBqGX;abIRuTpRflSt-c>-4Y>pTQH6oXd_f+ib+6cTm7)+Qo4 zyt-mgmLK0@IIF#9RSk`d#(KAB>M~~=f_PH&WMpL*mb0Dy21eHE2Z8;O{!1(*jM~0z zQgrv?%i`k4xw#i?2#zK;HhiFVguvm>4GDXWD3A7(gT*X+@?XVxc$<27jqs)2krq8F zvrkxBmqdjO;QiYL+=+*qu z(c2?4Gjg%eg`dlP3ojFd>oEl(AtA2oqpw{Lwr9oBxmqmt63s~2!wq5H>>@bOc`wyjNsE15;`9+ypT3t;mC%k!+Jdk%iV7d2s?M@sNaqU{Q z*B9C9ni~CQMiSiNM_V5T?-vc}J30#E@#3+fe92rXdRN$Dv=ca}Z=8;K8UnXUN=l-2 z#M{=#$_lDIJUn>$`RSpMxV80lzf?vr9XJYs8U^!GnSMuJZG)UL7MnH)vDM46xE9jG*Dj6(#ugg*WL=~ihppLtB%`C(F|>3AOf z)ZY1O&Qh{Mv#+a8WTb{Y>4D2ie@<#^YAT0g*p~8LdwVXe;m@Ce(}cx_71`#(cTMg# zpQwIeNn;jc$ntQRzQ)eZ9^3Jq3!H#;`>hwIE}W&{G}x6QNbc=zCt+08)IyH;C(vGA zS}bi-HTRK0+ZWHDKcBCOos)TkzK|(x7Wj31c)0cbKNFyy{{B~0RjJa2!C)XjK0XRN zEvFh`2iuauX#wk_k|ghAq1}}mJ^eXKRLy%vwA};Zv?aJniJ#lnBH`cX^zBj@b!!Br z2Xu&~36g6}Y-i`M?5%UCzaG0ix|8n5%9hZ9P*!%a;{)mH>Q>qk+e4!1RtECA^+h5+ z{hD!_RQGV5TS!P~CgNZgy}UqG zVdl69WRI>wuqphHf0mrxLVk^N8~E=q8#aH#d-C_ zl$Bqep_o8W*!tez*XMS)w~lUcu(J9zW=4>L8A}SqyA03FJav(1ThtwpXW->E(Iv~b z){n-`&d1DR&t(i_%X^If{k;JSJnh`PgpVF3WT>17ydYE84BYPBP|Ps!-CG-}{XH=; z(fx+d3}{Cu3FAtH4GatbxkN5!UAEWr_O9BsV`&4}KqZg@1KHWxJ(&5J0c7yG$U&dSpb=To{vv8EC?cIAi+IRb`=7b^}HaC zPFHDUUJSl5$>*h*R_R2eFZ?M`47ZJNkl?^RHeidwgTeh0o+#U$m392WXtYxwo@dTgqc=kqc<6|CAu>HGhTUX41qJw z(em(+q^GB!Bn|x8T}|wCMc?>X^CsC7u@RoCBi?xYYr2#aHdXCG>+^}!_V$(sAmHxo z3^M3!Nf3#AL7_Z&Fb$Nrk||-Zw-+Ga&`;{4B+TK_Q9Jic12MQm6wKmFCx3=8~Z@$|dg5&c3gj3K}gO>TB#<~DBGK8Bj)ZN+&ifoxjJ*ls+ zf1)F9{6dkgHBqgDYG%RP=%|p3LuUGe2opwVv`k;tI z-QK^D$RKT+?;GljLY>Q$GBNz8#lx;~f83rjRnv|18GVJC2|AVIZKX6k`4T4lfCpiQ z*O!45j#jwK)9PwATpwW*LaHQ{*Y6NmYcbE*GzE6EN}g69K2+=C^~{wzgM_ay)WE}2 zSy@^AU?u>xx3~B1(WXs&eEgH{MV-=-T4B23uU~t2u%}_tCJCQ;B5-dppXXEbO2cW? zZmTDdprOQdBuE^yH6fuc1+!aj{4+^O2X2EC-lHurn`l zC#vY>a+ytOESLT%LDSixiKdN1PZz_3%lg~YFejYLJCCn00q+_2Mp=9!L6u!n2m2e-Yq)eLX$BuXk}J@K1|=(sozb zVt^dFj=%*31oHp!F*9<;nHGfhC7!%h3EG}{QY|Sdi4GWaF)dK-tQpcs#-U;Hx8S^n ztRj&uMJa;Ue+CVmaHr{CnhIrGob0Z6<*xFb`&yFblb~Nit(hCvf15FPP3VgXn6W=^ zXX?`#P!OwG$u4he^mFJNcq*gF3mF+6{x(B#R(z4=ddJ$D7)*7QzxVMmX8NLv@8gaH zPD^|HWX$yEiHRCO4nL=bs8>2PWbr$NkK_cau~UO#Fqrf4;XVR^09DM*PEDaqz2&j$ z;gfYE!f6Swjk38}7`hs7jvd2m`ycRwA*km<}p!x*Fp(3w|0xI z2Swlc(+dRf%~NSZ=m}fty@LZwTiYj?>EI?uJ_Sc(3yX{Zbr@T`}z{Q7kT;kZd+Q$;LvOJrs5gSz0YJogYPsi zf&tkDv|;AagaZKI8bGtR>sAXtS36KHP_=j55<<wr&|LJ%1$4UeEz2yWh^&_|hJ6Fwnj!h-5yO&;eADGmI&z z#2iq-*mFFi)rc`fo$q%rAjhWS7B)6|S94yKmeTiCn_E8zU8q)HwTX-5;Tg^WGrz{4|~`3muz>+~VX@!&&LRQNPQ`ABkBIjr;#9aF)EaTjI`S9`k20cULkK)r>seFOTfv zh5zvrFe(newDZ4yS}n3P`k7rNJ8`&$P~k~hqlzCN5(S5f-dUzEo$`+%P>%DZ+cv>g z)*cI=P!&Q_-bDMDrEXo(7b6+?PX*oy#2YuX^SO5S3 literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/servicenow-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/servicenow-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..0c9f72b10a065bff94d6c873eede5b2bd665dd5a GIT binary patch literal 3799 zcmc&%_g9lm)21jY2&h!02oGqeQbeQ*QW63fYA^vrDMB7ZdY3AKbfifQ2uKSMsu+3+ zh@nM5gir+(2!tA{wD4e#0Q6se?&tx-C08A!2MrD9t-p;HYAn17OkVJWKGMGM>k=ys>-GK6d%QF>EZ$J9 zho-*SYt#Qar8wBMZ=Fr0t!??Lv?grDvc^`&#dT!Q>Eddj z8?lki7(&Ul)6;?f!3RuFz3Fxg6kbSPH-N*7ii$)k(_=_Z4E$H5`C}5(Q?$qw#RR*M z;jj|RmnD#>9tUiLi#kml_%78umH+cAi?3nac~eI*1`O=kmqiq=8@d8_+NpOCLS84+ zo(Iu0!u|^j>!Ek=os=5GQ}+g86URZ@wY8#K{zI#t39k?d*;TY}g|5~IR)yicK&9#M zUa8Z$N6m+a|F;IpH&SYHajR|OiXn7<+uU5>AGQ^AYTx;8YUR6*WOS#d!!m5V5z1*^*_*ab2kjfMUSu3dzY(y+`N< zqM@*ckAS+FzYrLql2!1fqCam=KuDhxZ|0i_SMR zF(TYGz%G*E;xbu}cq^0#Kt1tp!#*t9Mo6V#ejc+58+shP zEG$Yh@4hXhE>Tah)B0Kk&CPyyU*sT^sLg5ECkxZ8-dEzlekVOr^BXJk?OO{e#LVth zsgrc}CcfFiK3*laB(~Ptsb$JPs-uLOiSy+MMBny=IWK`=+3cR$@;1Tsn1XB!d$`EX zMeR>6BjLOyuVYPN0dDW7FR=csnuO}={M5k18^dVDboG#*e6JE8911HUGiXFGx)5C2 zp5c8o{X>QxNL7Xej*rYHX82)YJ%YXh5}qnkfH6%Yv3w2yDj>_JZkkeCg^Bjq z-94sC1#A1dz8kYTW}*ue3`koARGNzK7TNOuI?(@%(yfcmzW{T1m60ubXuY+ks9F%f}%4?e%Z7<+-M_svW+G zD6$9abbMG#tO}UZP-<#Y^gKS7T39GNxz^kisLWLoc%(c7d0rOajil^%Op zlgz{fe3H7b(nF6A$)`htccz?*WN+n;>T%YdQHhG)i*PZkF!e6|Rv8EI#^s@Fp6lM1m9bt{<$m@Pc5^t%p_F21t zeR7og(|1od#^V{7RXYU4u3X$5S=nbx5Ji15UrbG-CRDb8J2(3Ko*)d{qqRRB@8=`{ zK&nPr-2)Bg6pjXm?TSA(HnTieQW8yv`sP?ycc{GS<7F+)JznL0EBItMW_g!E%pt9& zq>(Xggiw)Vl{qmXb3HCLE}?dR*=R?JFK?3uT#&e~9#SSL`B8yaBwE88%%J9H&E%o0 zOM~NU8Yp}*b}{_I@+Af%UhtnU3^J>6-y8LiE22Fm_pdzWpm6d$2o{>FzWAg_di3}2 zzpu)gC6bxAaKpo|NvJNAw6vlkRMVF25J@^{YOF#?m=ZHI9d&zef_~0t-k9;-<*45v z^}Wpv=yY%xG@Res9;T|%uNgOiD9}>Ay5iywK+(_RdvPI@fn)v{d5@*As`7pHow@04bwBGB|lCWno`CJ?c z1Cy6Go{Mn`3CV=}HFR@ts1(Br3T69Z+S<~1=B$bgMICWAlel z=@#bEu(Denj=x7GElR}1HI3No%$bKuMR}p#*Vxz&cBn){_Hf)ah|#*$5B1^^nabwu z?RlG(tjzI4a`ENM%trH~AL=pJ!X6U4>~^q6!sag#`t~-}KwzP9yA=;pZlMQ|$<54A zZpP%_Ld#rLUKGJ4|KKgAWMnok`Zc&rP<6CBj|~(lE{4I(+^f&fc3!vaNim11J9!!zG>;GY4X z){GjXwwSAYZ}_$s4+ESn)T($1@?y+b`Eyd&Iq{P)db^@xYXf~dPp9m}EjN`zKZ(*( zL6CUNGvAPpABAOyEm62Lt(BSMfcO2m#I9e$p@xxPzh2aP;V2?5*6P9JwP+0I0HgpS zj_h9G#VU87@hfztE^-3AJ>&1gbGEn9wrFp_s+~iZZ}K@RHa;=s-B$p2y}G*Gx!G@& zl_yYgn;$r$Oa&x|qKqm*Dx7(?ANH|pEqFnV0!`G=vu}eYV zGLWeR0i$jbTdZ?HRqYC(j{lhx;IW(va>U7h&nSVfVHdbf|!Yw7Cqg67*+<+LhLLHgg#r(fb58(+ch<^2PB^07+5igGv;bS&jw>D zMr_MB8{zcFq(HVuZ^`wYx?M=)530yI&fkp#kBu+d6j9Vb`v7OS+HPs|0N%v78qP*F3G;wB)Y}kpM5V8vR&I-SfDF0$j+|mbIK+e ze|zC2g3&lby$RjAi1Y?Q7hMLgF*8F@DCgU1ARZssVE^tKAKy+mzWnnEN7 zgEKa^KgFIsJ-}NaVs{5Kir+GdsNUIUNICn)@xLosfU>B!#UyFk2P;y4sS#3JN?WV(RBO}>irOQ{ z)1pd=5PKG}-#nk*FYo8~!@19O-S>5!`#R_P-@p5uBx_5PE6f7SG&D3Dwa; zH!zU_LKCsi+O-cziaCe7I>s{`3WJ~<&Y52Q+4Sa?F-CCC26#q~$#{t+Eu-xHx;SoQ z>tZI<4^zz7kwpsJr!+Kh@Qe2p%E*ov0^#~XYyxMyWSWOT6c2MF&%FH2k}KqGOWC&D zbbWsh;f`W&Zk^5E*cLPfh@%{N_8&&*g$0^E=P_Zf)3Pn@9#c9%`U`w3dyw0S%Q(w$ zVZDScn}@epzplm47}MW*Z)1tkN}FD25fE}$0_^L|(tPungAdvn+&mXt;9*6HdIAYkcd4@_EH0;Z;D64Og_VKy1%=RH z=D5tS1RF{(di$XgAA>4)bCOGzo}Jzq;Ixa0QXx8OI#>YluwUHm1=0#w)v0pucd60y z2l28zlJ6V%6SixAt1Clgz?}I5_D0@Jxe}N3=nvxz-J*P~ts0ch0}O&ZE=D6H`a6G` zMMW{@<|bE%Je9h3&Fc?4+dLfP_+)K-?-+>5B{|y3H&@v>xxLT>`mOa86&XUGXluB( zkko|&LEYPZe1kj_M5R9Mt)EebNErNpxZmj1RtK-I@sP-n9G!(qs#-euFf~_&f=0Vt zxIZ~SeRf_v3ag3DNhLcloq}ocA_+YJ|48QA59RlejmrM{`NjV%mGlL*dt9unXtf-Q zkUqMKj!p3P0Hxim7}oA8`Od6@?$cp#)!~}#0W*E>aeLKMXRCtwl&Qhs>Zdaw!Dpl{ z61fx!FR6~tai2=+nxDI6b;jQwebTzNV!vHizgCj}beuEy~EKQgPuMu7%xrvh(n$T94-+$Bwjh;?lc%az*9RP#EO zExuW3K|P6KT9gxVd*m6thEZ`SFl0DD`4TtW{%dBTWIG^{GP5lv@9OquKj(8_R_N^c zhHESC&osuu5?Xsu@1y0)_7fB}S-S-^=N*2Jt$A(gT}TLYWlczw>%;qa!&1;6H&W7| zA-F}>4NNPEyogd|P19)LSQqp@$=;`^-cB)*;ZL{BG?h+*%H-z0RMFsB+>g*HE_;`f z!piH~@f6c#>1gUh}2M7>wu6GUngjSDm~M>VM-Xs>IHw{Msz+!J`*C*G3|CUpbNcd&;o6 z36KaY-LWJ&vt$;^Y=fwb%(Mwr!g|rXhrhmLziHE7nz##G=bsB%kgE@BL;lc{NtL0U z6b8{DuU-Dx>=e7kA(0Wn z8g>%dbxP&=Xtkz!=%IEt-_5O-GR8vh-=7}i%E~0t8oU+Hw=C>&M&V;IM&&A~KUk(1k{QN;W z6of7(8cj|#wdorg63esLJvltwS$Y0G_hHmYQ$=zo$v%Zz_~vNC%h8O>tDC*b7V8?* z-1{r5wbtA(+4L*o(JGjUaP{nL-yO%cqJ}QI5^0&wET&u(Cejixuc^|(!N(?0y)xLf z$K+)7sGsGNwUdoSBt$&o@78#z;15(zK{xTpL6QT~Ie+!|xT`Q|tutq3@!7u#KEUFvzeNsLT1=_7*&>6phEtS zJQ3b0!LeS94p~w|m5T2xWxhS$!r?m-9xmZ4=jJyGDBBBXr{w5pt;ta%tKT&F*y@@f zam5_;&Q6jx^3BFx&En>?|JM53Ta$R<$HDV$!)sdH%ehPkS)nB>T)sb%lYtsPLD8lq zwt&kYUU$e82|wt6@u<*}5hX%ftJ(_Q%^Ien;e+n4p@OYV={$?!hoh+Mz}gi=YY+@- zGBos-tv8-&uDkL2^TqnhZ6q--0`0HJXAnQF9;LLzDL0$$<4k6^!2xdx0$u)<_`N|o z7V*Bp;Rn6QLskBQvf9dYJiGcH@zd|O=OH)KZ^J}OrQ(0JVbd;-Jw%a)T}BcM0q5fa zSb6h`sv8{}u+L-yLuL|Jcl^<7o|8*UH%1iy(gQfEwI?&y2a(Rw5B8Rk&f`p-E-NkA z2Lv)(|9Qfl7p>wJoKKHd743~XO!@iBiqE%0;o!#japH@qg9LwD5}rJkSU<|k98P6p zKDEQpZeJFnR)R?X{q)Fdn#%t1sR|&;`=n}l1zE|}IQwZ2FPMB3YM861#gJTFHPpo( zG*~`czMbj1P;xsF76n4T8}Z1Oma+U&z1P}0RC#@&>Q?Z3+&@-+ApoFkvcZ6I2x$GE zANIg>ncQS3x+n+w#5fA-=<0OGDXGXXRbf(Hut1}V`mNsLL^YiR@JVB_As4M{AFeBT z>IX{EA;Z}*oSbMF!^yUHqYCu-JH2eYq4y25;*Ww3gvP^7buQ8(%A(YoJ3ir>%<|@y z>h^QK>4qR9jMHJ>!>CXk!t+XcOyo_a^VPtF1PNdI%(f1gYu5&h7zR?d;H1yZ%{7>? zcOloc^4*hCp8l|B;i~B4Ca8-Q{YJJvI$x!29xOcNl)JAo@>rA{;1VzAx3%trZ^Iu^ z(0FY`1yjq+o!|?x=Bnx#h(goUN@Ph5?&Ux-hh<%zjk8@x@*>M6StW&%`m#)~;qp)) zEvII05fS`QKJ=Lz5emMv0jp%H!eX5_*8NhQj&Z zap$1sGS6HFcuVT1r;8#Zus@^YKRbjg*C;&;?6%8zsVr3+F4-G>3*GLm!-=Az9$mun zmrP4pS-T{C_!{lwTQ*&cgMW*C!W}VY_H&iVjeDVKp)$0mYb@>h69hw91C(hAVl^qT z!nuC#nEA3b*W_I^#J?={2DCeGVa~+DUCfHE{=JO`dPNS~InZnjzL=4z(EVpvtN)#VKpGFaVBF?e6ETuUGH%_AoIRHoCHzy*eW;9glv22{sIN)GMs< z3nT&k*oiyM{UO?N@(L1p7AneWsx2s917LdjMD;z=!UK1uS1GK7-@hZK@N8;cy9&gZ z1QkJ9rS046V5H@k(1$2lu*GK?qw9H{3&S2yq1tJ>QQ-tpW&;0udEKOyQ&JrKWEt^# zq)JDKP0)e6v^H4ZHbLJx8ikO67&~3{THs7cOGW1txIHYqRZb;12pRj06OzolOS8Np zsI_%!004_<(nmJ2rlzQZKqEM;ZH&$q{RBZ^+55T%)Kgysi&X}S^el$iy4oabT(bcH zuCU$Y6Dey{W_OqXFfcZHtl#^pOs~!@<$X5RlrNZW<6wvE4Tqnovw+k38c>13G-~UPNcEIH=yMjnR~g;TMccOm*08FBKe6 zXZb^?`?Uwmm2DQOS@@VIH@%b2&vph%%%?XC)#T-m`~S=j|8rK!`P(+5szI*3eD5N@ z$;HLKxNODZ&U-aY;S=4B*Q5cU0qSKhzLLU{BMbM6wjTCQNC)~J&r4aC^esLH_O#eV>HV+`p4 literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index efc63e9b1b..eadee9a3b6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -55,13 +55,13 @@ Logo |Partner name | Description Logo |Partner name | Description :---|:---|:--- -![Image of CyberSponse CyOps logo](images/-logo.png) | CyberSponse CyOps | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks -![Image of Delta Risk ActiveEye logo](images/-logo.png) | Delta Risk ActiveEye | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform. ActiveEye -![Image of Demisto, a Palo Alto Networks Company logo](images/-logo.png) | Demisto, a Palo Alto Networks Company | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response -![Image of Microsoft Flow & Azure Functions logo](images/-logo.png) | Microsoft Flow & Azure Functions | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures -![Image of Rapid7 InsightConnect logo](images/-logo.png) | Rapid7 InsightConnect | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes -![Image of ServiceNow logo](images/-logo.png) | ServiceNow | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration -![Image of Swimlane logo](images/-logo.png) | Swimlane | Maximize incident response capabilities utilizing Swimlane and Microsoft Defender ATP together +![Image of CyberSponse CyOps logo](images/cybersponse-logo.png) | CyberSponse CyOps | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks +![Image of Delta Risk ActiveEye logo](images/delta-risk-activeeye-logo.png) | Delta Risk ActiveEye | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform. ActiveEye +![Image of Demisto, a Palo Alto Networks Company logo](images/demisto-logo.png) | Demisto, a Palo Alto Networks Company | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response +![Image of Microsoft Flow & Azure Functions logo](images/ms-flow-logo.png) | Microsoft Flow & Azure Functions | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures +![Image of Rapid7 InsightConnect logo](images/rapid7-logo.png) | Rapid7 InsightConnect | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes +![Image of ServiceNow logo](images/servicenow-logo.png) | ServiceNow | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration +![Image of Swimlane logo](images/swimlane-logo.png) | Swimlane | Maximize incident response capabilities utilizing Swimlane and Microsoft Defender ATP together From 59463d206e29a5ee8fb326e07451b2a8b02ac6c7 Mon Sep 17 00:00:00 2001 From: Caroline Gitonga Date: Tue, 15 Sep 2020 19:20:07 +0300 Subject: [PATCH 072/115] Update value for DODownloadMode(99) --- ...erating-system-components-to-microsoft-services-using-MDM.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index ba4a8aff28..d53f7dc795 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -152,7 +152,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt 1. [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate). Specifies whether automatic update of apps from Microsoft Store are allowed. **Set to 0 (zero)** 1. **Apps for websites** - [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers). This policy setting determines whether Windows supports web-to-app linking with app URI handlers. **Set to 0 (zero)** 1. **Windows Update Delivery Optimization** - The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). - 1. [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode). Let’s you choose where Delivery Optimization gets or sends updates and apps. **Set to 100 (one hundred)** + 1. [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode). Let’s you choose where Delivery Optimization gets or sends updates and apps. **Set to 99 (ninety-nine)** 1. **Windows Update** 1. [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate). Control automatic updates. **Set to 5 (five)** 1. Windows Update Allow Update Service - [Update/AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice). Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. **Set to 0 (zero)** From a10e369790611bac3a62edf44e2b6440d7be4af3 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 15 Sep 2020 10:49:22 -0700 Subject: [PATCH 073/115] add logos and links --- .../images/aruba-logo.png | Bin 0 -> 5836 bytes .../images/bettermobile-logo.png | Bin 0 -> 3610 bytes .../images/bitdefender-logo.png | Bin 0 -> 2512 bytes .../images/bluehexagon-logo.png | Bin 0 -> 3927 bytes .../images/corrata-logo.png | Bin 0 -> 5920 bytes .../images/cybermdx-logo.png | Bin 0 -> 5352 bytes .../images/cyren-logo.png | Bin 0 -> 2568 bytes .../images/lookout-logo.png | Bin 0 -> 6649 bytes .../images/misp-logo.png | Bin 0 -> 6911 bytes .../images/morphisec-logo.png | Bin 0 -> 4846 bytes .../images/nextron-thor-logo.png | Bin 0 -> 1390 bytes .../images/paloalto-logo.png | Bin 0 -> 1900 bytes .../images/symantec-logo.png | Bin 0 -> 2629 bytes .../images/threatconnect-logo.png | Bin 0 -> 1986 bytes .../images/vectra-logo.png | Bin 0 -> 4844 bytes .../images/zimperium-logo.png | Bin 0 -> 1888 bytes .../partner-applications.md | 121 ++++++++---------- 17 files changed, 55 insertions(+), 66 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/aruba-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/bettermobile-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/bitdefender-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/bluehexagon-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/corrata-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/cybermdx-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/cyren-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/lookout-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/misp-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/morphisec-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/nextron-thor-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/paloalto-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/symantec-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/threatconnect-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/vectra-logo.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/zimperium-logo.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/aruba-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/aruba-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..037ca3b833579383b59af0f32e406823ecf8623d GIT binary patch literal 5836 zcmcJTWmwd~x5oh$mSySgZV43x=~$)21*DNsVs~lj29*Zs?gphhmrm)DUQ#-xVOQ?{ z?{nYW_xHY--#pLEGryU0&i8!IJQJqzPKgjm2gJg{B2-ZZYhilF|1aX#(@QFzYfWStNFPJ$S6|lUvN5)a6w}y z`WVr&8M&@qiL!*I414|SXbtbU!lz_D=G^3_kfR%8}3slBkSC+4^L3- zJE*Y}lp800VM2FbHH^6)TacMZPcCE=xa;@CL9Td|GoDAXcEV|D)E%QBVr%%cnVcAno3;} z5Kz;da#=}&S|4X$8k0~3>&anJC=-azyxFZ^mAm?YDj`%&d)UGG$-Bxwqs+Y>L@j5) zoTz!e(L+!|!IQdnpoqFnHJaSsq7R^ycl!+?PF7`;Jm?G`u_q9N4XfKb^si2+1L3*2 zM%69*9}5^M85DM9z=kqxP+CKIN*aRgxguKdl~{fYy$1VA$)IcCdPv=CSj5jsr{pga z4$D@YnmtEgjwO@h=t5o>@Po*o-yf@yRKvu09651fl5>ndNIh+m= z;gPv5bQ-?QITh~tWh88zRph&t@`aa#(=C zSR4YUQ~P`N3rpg!_L2THN251`ufIg9z^H~BA}zlwJRVL` zfG~<>n-rX&K-56?Z?cl*UPkU_ifqi<61Ph5h|}pJ-4Q`x8Jr@b7#O8IBxh8EeWK_e zu59{P;jIn#BAq^I8SxeAt5fQdY8h<~7&G&A@&swSOI@DinG6aVdeL2g*N=K4qNsma zNh)(CFf$<<6IR?&(@jFhin>dlD9!3@I&tT6p8=91(F`#~7z;US&RAmeSG#MEsV8i*-gx-biVG9*gSXa9S-piu>EdQJB-fcAbZ4T#J7A5u zZ~D~kd`%)&Z&wDWsSG=9m+hKf4Rt?YUab8rc)m3L(YMO~@5sAe50S8i+}9m} zzDGAXiA9Kz8dK*Xtl3yaFAczjeiu%p`HO}Ms z1_Y~B6A{9;)RT_wSxsTfVtjW&$*jo#Ap!{cG}|6{=nzf^b)RWz!#nTHHkbOF9N+UT z&MasX@kD{e^C>HF-IpKjhBOfL=cPiSS-vL<@ie!j6S?54I3h$p=EE|vAO!h)Vdf_e8(GEKF+H3 z+&tv_chlaMrijz_9Zh!Q-VF3V`dv}TxP3zG*LELCB%a?Yl?K4O82~af@gRNX3VwqF zM&9CGaMEvQ1n~(c_;B%y)Ez#L#A^?4N3DmYRvpu7JBALn?>sv&`5u;!qnHBi2x)W_ zfH7GNc$P&tytAkUfDN(x6~{LX&Z@)Y+pcJ58g@b%ZU{zNlDj|)N8jDZk>{d5<0!FD zNnqhUQ0IP=S#nx`Pc(^#byj~X`k=w%?4$g3P9;jb9qI?@@4YKfV8`HQ^bow#`Tks_ zopDvcB60p5xdcq&lRQy>zfiz&rd#TMnbMQH_}#t)5@~V;mNtS@nKQ_4V)Ww2XBGaK zgg(jl4}zkF`bNEiT;aq{C4>pxWvgMpsNTh%)AjoW<_&|}&lA$qOWrpJ7!@4$8dh-p zyng<()=l?)Je7utq+JMM3Qgv<|EvkDIH&@)YoH&zb1W1P8f5}sIOqb|#3a>%%%>f` za9et5kr6`i<0&~ca}S2xEbT>zv%YskHNezew$GdJGJdJ%Efb0NuTzG5A3{mn)8gjk_CEe7{_tl+x-Xq!-%CltY`c|77b(m1 zBT~GEd?kq(b6<`${4CLIg{On>eiw*SY`hWsjZcEqmU8#?yK2Y(lB7wqlKduGgN~9TJcgugt5BHHja~TB06nKmi3U6g%)h3`GH19cwj1~ zEdV*=A(_v{A%7zg&dcgtBw_*~F(F$&gSfTDkuap8=?YoI2RVLxrvT?+lQXFwhka` zH|4^*_ujQuDSSSRvvcBm40fMgyQdO?AQpP!5qJoYh^>{Li=krAP35UCDI2GB1&mbQ z?L&(91Ft~YHv33%OjcWfn%E*Gah18Vl0fW>2U<06a@zdhC1Hp^)IN77Y*0{f*pSR! zC`{*pj!z`x28T12`B2Gic0iQvwCvVp<9m$=KJ%T8h5z};yT)$)la4P8wwy&d$9?+s zJ%aa%4(T)uQ*2Iml5W8g@j@dc+o>muHpmYO1F>xZn|(`X20Q{I=Bxd-^Y8&5{!h^i z@Wm&46^06xG7)r5&xO9l$I(p}+SDdmHdss)d@+73$H zcnJgHCP67l+n7ynoq4p5O}8o3J|_E}b(SsyJ-Dwr1*2TIIaBOU_HA2?Byh zkZ3#@CeNXL10=UPB)dIrZNv*s45Ev}gtBg_grna~ni-Eq{8?K4>B_gkRcXX z!zW5cZB&$WZ(cHXTT2qGKl{Y_YV=$2-829Kd{NOn)oU#kcxWvrv=piP4~vbHe!&&{ zU_;Po{w6%(xW{=%D8T;2`;wEMG{Q!se85gKL7^d=`=VPYFL5~ndaJlLF7GO4X0mK~ z&EAgSNY&$2uk@iYNAHAXpypI8nHSuW9G4cvq04vvuUV-q%x%4+CTu$JzrdXGo?b9j;lfJMV`i7tFVn}@S@(QfudaRXD|I}5kAAcEzp}Y-wg+R z#NUI#sB5l8`lBvu5605gGd$@~HYTJkUNz0D*TB<*?{IpK7)0@dQQ|cE^QD)yPrP{`s3exDj!zL8QY#<3!Cc z`GxG{w$i*`=D>@7PcNN-foS(7=bJ1PciqP2B-H7>J8H|{4m8(N=}is_id))i_qWNy$M<$%!+(cI0xJP0@eiMpx!<4L zvhFy}p|bIS-U%4G<|Nv7TgybYIZ=pu%nH`SnZVXWULOhXehqvo6-oQyxpPwUsb?{+PK| zv(SJ(rCD8g(C~7ao0~^QMw+E@<;M8ho0>A`YJ@gk9d6F-y@-s8`n$>8A#Y>DzwRh* z9TFB72a&mb-1j=@&<9PZur54TQU6RzDpCtLT(f(4SWsD+U0wYwI3y%i>$$LaC_K%@ z)pdGh<(s7eh>&o4c6M}PLKyS+q$FLh`#V6;_8IOnp_7p!OqizN$B)#aBC7^_M0R&~ zAC_|A?%rPC$u)Z+2Mvg=@ITh)d5u~lU-^BFiz~eGk$F39Ve1m;=9{7-1qB6IKr@h?^lMj+G>ZbOpm7_Rg=8yH z&;9QYh)mbsG*tgXQwoJCFeenu*4BI=@Jm&Vho3+H$B(emxkY^=XS`%tSntlc7Q%|K z)%_&5tu3LY1@{=?zA13MXP5p(l^5ez!0BC^i;K(KGWX8JB&z)b`jXO8ZiXmfVPRz` zlsZ>~rehT%?IQFnSg^d1Bvnwp+g)3vg4skE7#T^PMQ$j8_vAt5<5Jepqxd$zX+ z-`e?8U6zNF?XaP~b9F^@b-Xe#TRP`)SRMV*1EI`$=7kV>DLOelJ#2h%QqbZhYEqee zPHjCjG-NgVGx0GFc3@F;=Sgung3)+xp=}R}Mbj+P-QsGq(6laik>2c{@nwlCCm{}v zN2IB(t?X&AxAnY&WZ8Gli^pln*r7Xm~ejALGlJXBgjvPmQ`qYaM#~l0VaJaF1 zX|o-xHlS-UO;X%@n*nQ>KY1XkxUgvB+%x}O@bWUl^A|5X9hV+4$o>-~ptjO{|6X0* zkBRb+WkF$at^X>vlT!`c##AnRd|>~l4ukCHub3bkHP~{Aic)5eLmRV`Uh>kneMo16T@mDcEs3l|{pFRzf0`Eb%G!z-r*$+_}Bh;!-* z*Gv>jYHHdwki^2m!f{-h-s4P3X!HDbzG?l~=wvQki$Fc@jKgw2G6hcmY*wUD`;d;8 zv!wze0Y#mIkKU^96l%lLQe2K^1m5NyB-E6;o?T}yCWC$3QkPMNus8tg#O2_BvhswjzMlf;8&t9}K5oahWEltncV5{S0btpRJ3k>B1Vn{SI zJ6DU&#VaNZys4t|f6GT%S{B(@3SX?#kcb!9%vRx@+%SnuqYH)-42XR*5?s6Cy4Ul& zrN-!Rx8|<|)*#x27C`WNh_@xqIF@XS0gBVnfF=%=^Ms!^44a45%OuLc_^A z6LWJAcL;H*o?dKfth~87IU4;)Tc^CBu7F~=M%;J%Dec~#wyt1tadGnbj!;#R7vbxm z2=jN$3=9Pg6rg1cW;@JZx!e8(CeA<>}chX570} z^PPr~@sEO?w5#hS27^wAnVT1vm(%kzZ_Ulw)xsl&Mn*bMuFrpG`C?AFv(;J*!2QM` zc}0X-4vPM;GqKK2K~4GjwDV(daPTXSQ(?@we$v*|A2kM9zc@3NP`Duo1adrG`>0!P z*wytdlH?W%BH5W_gBo|X_2p8EDr6>=@k`B@3LPh>grNewzb4#1c~&! z=V8pu#88-fYkRxKc?Yt4e9TG~rlF}hwxkqA26(*C@xZdK5&8&^XmWOCv|`196!3Vy z)j{@4Cu&t(EqJL0_wGGPTRUO>-0SQfT~Jt5ZNFl;xVX4`bYSkPL+RJSJS_rmo>JhU zVIu*M0fTs-KE=c)Fly{wl1{>Vt(pW3#4+w35*jSd%gb0_Cl$%n)Txi7HuXuRAM)&BXJ1CF3;z10T3xV(z80$SLuX>5wt73}Zcv>USE!b(VbGk>a7Co5 zrUtXMef-4ccbU~f4N!8+-FeR};yjI1fBAI1EK!9+N0R)Oey z;@J53QH+Z$pit+HEftrQo{hc;5{0$%LNglNlXmYk3@vpl%C-h$%|S$;#yY& zqq4ZT+t-C)EuQKNCGX ZlCCZDx literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bettermobile-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/bettermobile-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..03c731e2d6f6019fb29ca1e40b05ae0d0e4393eb GIT binary patch literal 3610 zcmb7Hc{mjO7A7-{U5zzlk1uPDEm_7|c3;SnDP+kuVK8GGOMHqbB4w;0*=6k6YLe`U zXb>}&u{6UN3=;0#|L^nMd;d7UbDr~__rLT0p7TDov$@XAah`*TiHY0%hRIDv4*qw5 zSQ+nU!mcGFu?OF9K`=21%KbZ-&2P$58BMk@b8Az!Wp>`P0zzF>#S{j=-Q2{`0hLcF zhz{eQj*aiZ=SGynYUgdOl2A8DU;dF!6c6-=YS)qxfm{(cFlR#i-?yVEjX<34qA*|Mv5g$#;+V^UL8A3ktl_geGdQ{k>z%d zKX@QXqg@b*{r&fh;x$O>Yo-vmSTtK0M}fzWj+Ag_i%qzTW{Bx)zo2|=XWl%TVR^{O zMJWbjl5}2PFp|42q;RzZIxr5j$WXBh4NJ%>WiVjH%WG%;H)vEMskdrWa`soJLpbXL zq`g^zlvDYD&2>9!b)Jg;eOdzFpQ@>$d+UPTIRP>s-p*~3(m9Ydy~efr=o4@GbacX* zVx}s0q_I|tYpkx8ej$F~#q8W5W;FwhdfV5(8Kqh=d#u0;1n3q9d3(Icd0H2~GgJ*z zM*&ZriKKZG2q(5?*e26ySzPKXm`}`qowT5e{I+J#41CC(O1^k&Sx)WpJgB!dG-$3U zkXW$6Gum`?b%lobwjzV`bjKf{d@4S9XblLsmJ2vndZ$ zkx&>vh*^PebQx~Ef5@2Q2ioy-aTLcVe#E^B`D6Yj92$~og~)qFQb$ycjBTCo6l1;L zUV!zB*9tY4ZUCAZI(jNG%DFoC$+z(Kv*zXUy=g$6i}+H5+O$F@1D$Czm@kvvmnRS^ zg`Iua{3&P3(0(`B1hjW6f67|Ml$R?!e!hNZ)|%A<8$^Ct@VT)Q1>m^bbaZ%PE+nLv z@HQiQ985TphfRjFo>fp9O7ra}t20JpLt$^(J}-{3-;m<_ryFH!+pu%9goU~7*l;Sh zl~>e8kNJb5?`-hVLlB|dh|ShkShnZ!k8HL^5Z4|woLcRi7qrCagAQK*9Q#e9OYydM zcNTQiF@db___YL4H|~AE&4z@!cd1`vNalE)YR}b%u3rb)iZZB+1yS5r@@=eh1^LYOLHAQhZUN z&mO@G_rtoyOE@+<90vX0{|;2Fro66GjJE?W3_K0BsaWmB7(W+^Rk<|sF4Ip#I*DMQ zirmH1;W_fUf2od$=!em3Uj*q>BWBAar-|5wrIAVrh#pW=l^)|K!D# z!L2V+4XZPi#!rl7BGvl^=i{z7PjMR5tWWY(a9l`l+~2FzVimWLvQyjT_mm|2upq9~ zysaXbq-mbl8(%bb1oHYYwD6QXdENEYSt_~LjwZ5h`e%tt5%iWq#nykQPPS!^Q~xNx zT@rOKL|-8V+NAd8r{Cj~!sTTXNEIKbggUnB1}a%;Olf@0TU2ZspP97v&LkCsCq|c4 z5sWZJi%o6J`-me)`uFI=*jSEPW!hOBoZk1jgSidV773CS?FNVMd4O7;G1cLNioT3hjXN-fc zKl9z!P=ov&oLS@-^I<94wbCP*h4k!3NG3z$BipxU`W*PtVNI{bFr7@=N@llgElKa{ zWx1S3Jv4VkOm(Db&IuDAXGH$$47NSDmH%MLK&9ibrX)@7^!9bbtmKFy4kI;Hq!;+~ zoix3XCaGKKD}QZ1$qsm3v{|0rK3^~*+l%`WuY2mm6FzC(^WuR_%W9&|ddjbOPt{ZY zvay~UH&Znd@ao5)bX8lXJ|;aglk82KuxAQ_UheZFb){ej%!PFxB}Kbu@83k6vziH6 zN+%YIR%r=lS`hw(Y!8pTlZvOkfTIxuV8?a#@qG2u)ym3oVn3^-Mg3os9}*Vxe6_}wLlC`tsGvD zh5v`+I%z;pBfFKSGifo3N9+K#QmbEh(v|_s*`yNgR|9C!n+acKLJTz_6U~3G9FpLI zx!*$>UJ%wFJt24 zEYUlkOxWa*at(W(X)s5)e^gXnDoAm-8H18u_&}>Pm$l$mVOz`qgPz^L+z=YYp;%Et zJu%hVx*NE9-&hC&2~x_-{_@(Kw%7KdO$JE!8JF!Bms2{|zLdf^G$Q`fq0xT$IL26H zY~&Q^O;jD`S5;Waae85&&)R?I?(j#X45vWD_FbCGp_X^1s5(iB=omr89kV>R(-oww z1RMGXy;4X#FzDr#nS~soyN?&KO8NOr>FG6dTPxTy06n+t+rBcpY7r%9x!#Qxt?Mhs z35l7^hm)Ew8L%Z1)I^*$@dFThaVX~l@@_+|)B2<~ctO#^$D=TvRO;kHc)a>a7j>_K zE%oyb5;(mdq#u<7%suM4*r4v&LliE*b{QD>2PMu4NpNTL)v7NEi`8G%93Iz<^Hp}b z(^he}GI_Od{3P^`(A?gRTSkxl;2w}`!CizYoqT6oH@9eZph~19$QK26?yB8K>Zxa& zHuc+1$YY%8s~B?wYHJdF?8xm7y~W5cw7#(xK97K%{)nl`G+S|ij4&j*>?N8UsrlOVkw-Iayi}yj47(-y1P#)-Xs7<`!a-BwP$`-! z+I#utpR{F~9; zOT%N>uWr-kkq3^PLTu*&W28Pmk7ngwx#8hF;j?9-R=UDmcJsn6PjfB5>)YU!hR@@| z?MnHL6rHceT~;)f@YOZLWA^#by1zGFH#Z8{*w`y&ym8<9VrhhppldEUvpst25DR># z_f=D3?z6;6opUb!p&`XOP@)OgAqwyFXvw$o5+?pnon!@T)uhkbbFJ2buHhD}p2QQg zsSyilf%_RGK<6DnGFhMkE?Jg=<^jy?_l#tf-^NohD>Fi+vPxMA2=@hg)9I!oX>-s! z#?@=x#$2*xi+w|1m+m0yhvg&_{Cwn z)l(9{^9tLU#|V;LRApisuAcsWMOFosCE(PGJ#On+(Cq(tt1vhcf15(m%YFP{?q|SZ z=fo$#pO{-B+wTLKnR$e*`F%_-j3lk7h{{b#R!HN1DK85yLk+AYDCJ76$kFz6Va@~6 z;F*>`_99Nwt@wN;D_+|3C0KUF?91;*Kv`psp&hP3{n;-G7bW<5o#N7`M}N0zjoEng zq{g&W>)?NBgdz>vTQhDyV;Qk33^AzI)HBaKn_+k=_C=ETAjyOTRq)>LZ$GA6x>02n zHBVkDA6cTx$HazAJkVm`ycpfAqPcoE{}9$K3?`D|uBV9G>GeXZedlRnibWLTyxj2) z^5p}^2=^j4cD@QI(u46aNL8E#jd7 literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bitdefender-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/bitdefender-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..a04e552d0ee72fc2b17bf2dc1d9dc36d5d3fa139 GIT binary patch literal 2512 zcmcgu`#Teg8y~_rWNJw^$dh__kE)#MUDW08l#eFNwjOG#5oi>2SCMO!}*gg5th28wQa}qOeKodus%>TUc1?u(2G%we-w9Df);{R@ z{diQ{+_vP0wyCiDX_~QRWYT#Z($`sRQN^2u?%b=imif452y;2PHQ?mAvjywjac7NA z&nsNiPP2CZ711YUyOsfV40)QE9Cl|rs%3LtWA1@{D}U!FE2-}M)JfZb6wF?G{m03N zCBdrNW#hJDk{4vPOq?v<=7`H?|Cjhbc4gR@&qg$ne-NIup19W^hy+`5@Xwx~sW(J| zG5-E({4M4={AK{{t_JV{McebG5|&pooDGMw!P!&3v9T%uUyniNupJw0YHC{c(2BGA zLH6^xO;*beEb~QmwG-gH0UH|B!dLIAnGslc=Te!>-kH*LP586t&%uBJXqIag%Cl-< z4ciHwJ5I0?>x*G97X)$q3Wm=u4Tin?MQzAw2}q}5OBIf2GIf&p>lYyv6G09d; z$5dY?YBp?TD5yVis!Rl(jIfyV|1LgGL$ION$hzqm3Jir(PB#p%FHASd#tBw}vw?piju*7#rYPi)Q5)@ zQXKqux(=8SX0aF94|nth?-3P7bbaHPs)4_|;;`QX-9+`&G8jGEeZ9TA8%O68OS7K< zMIGsb20y*6eWM(BBkZy_H&P`(f54;Cg`$!;H8>Q*K#28Sum8vlRXSeO zo?G7%DT~b*WhV!=lrVs<#=(cNTu|gZfBB8pgqBM(hZ>q2tDX7lK}5~wQEG%4Yl@lU zoeC<{lyM-Y4qpGGWbArz4hdmt~#7(Zm)k*$I?=$zJbcFf$MmS5UCmHC+f3>tva6? zXBbj6xjOy=TN562>^Px~hY`!61cl@Af6_hmO74T&f^}s}_YF{WOYY0G4g2D2GiAC2 zFPtj-T&rMSFO?QDCb#xW)bNjMs3ghp*QEmv=%DZQJ(`$Jb3f*9dcS`MM(?;oB-3{5 zduh9?V3faqq$aiXXNq5)@l*Wc#wB)LzvZWofzsB-Xv5;weWcB)A!l$Q+4JRh@f?$E zOyN;8RthEP8uVbUYnn-R1HU`Z8MRNesD6Ga6}96}IWrgxCaHq9#7)$;E2NlRint{+ zD}ei+3hfazyg(mIE#qRB1O*0>s>i0wvApz|#=ll$PRF899g~w+DuZGa(2Q2J}0SlUF0?WGzEwiAN5L9X(HpSc5KLl7-)g72ma3P#i< z&mpMlB@gdPj*N}j(70bYLZKPj)t;^DmEh+m5mdNTfbmcQ_~LMiJpp@1Z|>L8(YaJa@4S>EhZvusSAyM@KJ;)>wtVxHKnKKTVRqA4paEp5bp z5D%&Mln*MrBI?j<6`11iobhE&@$=Ezdtt<>g$6vE4Q6Ro ziZ}MR+j&xALJdkP)^~ zC0)$Q_U1MR4_S>de_cJ(n5_Za!1^EdK%uOWyI9L_oKML~(1TMz#AVEE31qYbC)a)= z)Tor}v7%iv{T8R{(R~(W%-&j}Y;>kHd)YPum zlWQOO$`SxIs7JM!s>?+T`>UZUj8|8I@&DxD(wT*0b~^#Ys{m6z6J$#8a9sV z>wcQ_SILqB9&-2b=?x|>j5cM2P4|BLy{jp5Ve;oxr*Lf9Ec^^aIbDo{7o7u^X9Lu-qQ-iMpY72jc16XzF}0OKPXM zI4R!%O}SKJHnBdUCmrFG5Dr@`?$)Q=;waU7l_K5T%2eh z8X0*vJbcjA&25ur8aZ$8()sjNt1Sxk_zAaGeC!QQ;=Y=B8`&-&0Pyni+W57-)hF!E zc!x6^zc5shkE~GWkXTYbmoPrZd+i98Ja(yM*Q>1yPMz71_K}ehi)a*T^TUNTT8|d+ z(1-%z{ZN*$zkg4)4}&1un5pkQqz30WtFA=lESnT*`PozLP={ZyANqr=94lRX3y-2> zZvPVAr3JDk1*JlK>+KFj=EDbH73A61;^}ptSg<(mCpvaMO}x$nIXjtQ8mq?jBAp z2&70py!Zb`4F91M#C(g3=&&LkBW%}zJEhz`hBbulRnr&wX9zhx0t=+|P5L>xqA<_kx;&gMxs7fLcde%Mj1re*qxHuYJpBx_Bb@ z*0%5?AYc*vi+ehT0!R2wGJhQikZhftmY#x}{7rrv0Rhc_I$F<+gYx$C-Mp=)!#X3j z4xkgYrj`SiIyOTH3Fwy%)~^*ro9u)%9>Pq*5Mj?Af1}{Q z7+4uXsYe9PJCPNfl22t@yNDKqhJ(Jmo||!73Ow9B!-B-?-Z;AdLul60fxIbNXxJ+7 z3qQ|0Ro^<`Bo{61>H6C2++lCQk~}&3Py@gO6uq_<7?Y;bJA=m+-;b+eP=w2;PIT|T znQTGdM=95hSm!-OOv?WJrF;~mQV8PZ+I+6yKa!^w-B{fnDyaGI&;}nH#foo>+IY7j zT(->?d>9M_8e3+R1Ar|6tUA8Lk;C9GJ$HFHuSm+HCFn`Tp;3Sj^(Fu5e)!% za{WiW!!|nkrItYmOh<*A)@`=d+P}a2JG97idv5{53YmP_Al70<6W_Dp>r-?|AZ}W1 zclF;sAkAwEtc0a4yy4XkKi8?Osv6p=*xj3JAQKhj;^GoaQoF&Sn|57XTtonSs^hxy z=|CT5T8S*!3hl-3ogH7|EV~U_vYnm1PobQQ44^h?o6pQFf`XrKga#j&cnV~IftqIa` zc6J_jhN3)sS&w`!&tR5Nr~wlRFR@yom*=BdKZvM-Nz?XAHK2iutLNp9;GdZ!ILYTyygul%3woxy@n%<%JqsxD6$;s^?O>RgWd`1 zW{pix%hhq4(O{(sC~zDxUB#NQ+GU7~RyF)9+SIY8^hYioN_`+mObVuC(kR+hVq|3G zR16{JC62N8zBsZ6W7k*eR6kT!8k?FfzHHBOv~K8%rUR-vp`LmJQl-d7dTadQq63`GQWP6=f0RA zn&r|0kESERP9ydcvWc-Cld|N|8Y(w!<>ay0)0!*~^VCO6eAbT4Q&QPnIKTzl7g}z||huE*?7; z1aGnzTqFu_& z4GLc(9HjW`uTKE@Szn|YGI)HLVDpgJ8J`^tkGFdd}jxd_%LKL{|yZrSIDq)GyB=0ghWhH6y*&QO5m}&CF!uJm`-CZ&cA{x95 zXUBU7Y9XY;pc8NvsrqGM`UgS3i?-6xYBcP4zM$dy>R0&yyI)~v;Q;&fLhah#eIjS6lpGLJKvk*axaR;D}fZl5TGOgM4EHDPe43dXtot~}s&CmPC&;v4TC(-vni}zaN9E7zBMvu0_~~LMK9X1% zH-kkIQTcORxmhS~=Ek}@c_Z+hfOOiRkL!~zn*z)qFA(lWiqkuvmE9=Fa>o3$$3x!jvn;q?&0c74HE6YqG%WahURCjZK9JjDkiaYZipi>J+HeFZQ zsYj$xRW1qgQ3+cOW^N8QvA7tb>-|x+^@=*L;)m=BUim06S;CsHM*~g z4SL*9R{p#tP?K>uE#b?Oj+6i5#UHwJ5BJTla@0LC9IBCwzMw-j7EOYPmYa$$=A5DM_i{Tyc#?1CqM<;&1kHkXft} z`ctM&67gTJ-tA?1tbttmbiMR0l;3ga(~i*Sq4Lm-$)Bhycr$a?zT2n0pX!}IvpB97 z;Q_*iiaD-C7q#eQn2w%RT#2ht0wTqmnb*9dHLL!0GI*p&P4@hoy~XF^rmS>LAJ2W) zr}TDuz=1&j7k^bt4;(!fwl$B3(rY7W{WtITj9|zpcmbwC6-Q_`-SuY9Q5GAsRWU}L zq|$)Q=oYaW4)|RYqZQ{U!Zd&ZmZW9LpD8yMknS6}j^2=)BE3<;U}%j%Rv=tck)uxd z?JW=O!eUIQ*l^hWT=r(f=6CHcsd_RJ-3=iH_Lh4%@2JB4!>yJ!=eeecx5f2TJl{6K zaPC>TZ1%yaq&(B4Pq+mH14?)07NUy;!}io<^YrUd3oUD_GPj&=Ra4>1X|#7(U@?j= z_1pGTEMfF{z~t(xRt#oF{)@n#l!^zPQCDKWNr?Wwnyi-Qk5Pq=&j{zGJqJg>xXqud zKujf4<*H9dzH$1~Zx-k03_PdLW+40YHfrAQG9lAJ^AyZBtl2`-pX?X*4V&FOGW@w8bhQ!wO zNS?KAoKIQ*xp!%-xitxP4XL;V=3REVd!i4oz^vP!%2wr6&4nAuD4!Rsi2wTO>9S_` zkVPPlo^R=;DN?&vT6Zb;py@&Hx2Qq=CDndb1xZJvP-5QYv`{m93&dT>mOF30lX>eK z?>HzX>vJ%W3xC{iD~>Wh*hiD$X?ORk4SW-|24C>Sh{i|3=O>z?9(06-jJSoWQp7mg z>kSXvVnRtGPFEj2gg6bAEzSDH;~i~`oBEz#tPtvr+~@k5#h?xi*yVLf(eT%T5^D_G+R~$E%@RxPG$` zbFQl53Zb`j@5OyG1NE)=n2tU>Sqx7}i~T@3D+3QgY z|Cr)lsrqF}iFw$t8z$Fr-om0s1$mtH-F^V~r#qO^nCV%g&|AmMrR*~_^H={VX1<}f zqr*43uc%U-*>pFh!N|LZ1PHMXvf$tnO*Q&-3*0 zd!f3YRIE5;!FtlrQj)w)}4H1KKZf>vSqJ0RM@sd?$Fsc-8aR^Jn7+)L3dmfv2Rc%6k#ebC{2 zKw*>MtW!lw2rvsFH@h4>upL0&`sEK90FtZ;zIV%TmO z6my!5sJ1bMRM*Ph?1f}INFYnf216IHE{f`uCn{qr>BV`4z2}+(OVXV0Hb%`gB%!u~(k`MSMD=6mCc^;btl^t~XU1cu s7EvW((x;Y%w>oekdl;0qSYhYS_L1AI6%AwEzGB literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/corrata-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/corrata-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..be75af835c065c65d9ccc09e899d9ba774bd70c8 GIT binary patch literal 5920 zcmcJT=QkYC*2eYTdvrmRV05Al!ziPV5~D^iN_5d%lnfzJ#)wWx)QFzwU35kXB3jfT zYLL;n?w5DH|G@pQ&t7MrFK3^%*Ym9Ndt+pvMM=g=hJ%AcsiUm{z0cnN4HBaJwg302 z?tLQl)`t1v;4tz3H*j^Jd`I_1;+H!5VB!r@YFZ|)OroQJ`?F3R4K>rC-2J@ZFzcD{ z?M}?H;^%LZV!E@>Vek2^mgPiNDZP81lkv#7f^08^NKt&J>1RFbC)wXt+o^*aTvs<` z`gHI;)Imt35mU_WE8LjB2#??uKC3#W7j|0N;akh0%UrxeNZy>(?yk&>2$hc)+keKJ zG5LqenCo%LZz)g+U7zT%KwcC9S5j=3yjITM?~e9X;6WH)=EKM4vp5+v^0%=B1uFed zYc%LtF?^3p_rP;xW2h(xCFx1U5bR z_=RwX6Qn8KV|7cZJL8L2ND^u&^Y`i_hD7tU7R|W%NlJXrVc@T3z+B#d=S&Sux-z?; z*{$My3*iPuvWFqbs$HX|CL~x_)Fba6j3zxA?eHWK`tVA1U{5|VA`DnnvD@V2#8~|! zKkq2GSK2tX%l@lxM`TdX3R60xcTH6~ZgO(PR2Zbh$-X}9`g^cG84CI^H0k5qEyKsp zRP#&G6q%DL`l%ntj8ut;NIk9?$6wEk0>%WUU5n9Nth!oqda*R0ise)2G+RNWF4-Wz zKp=3%JdvuhLS!rHkMP!*2=~1G)z8bZ7rGx%+IGzS?@}l80d1}#PkK=-h&MAuv@=ZUNXN-RNWdET&X2~kRVswb_MY=@ zp;Tp-RS!N}MY*u(xrOINHml~~k@#gtr>5*Jm4tONw>)&6C6v_6R=(sFMeu~-EHZs- zW0uiR;FCc7EPPtr-rDe~gmPj+w4TC}Eh5JL6G0<@C4GnT14;M5KlGus3EpddQvcgX zu!66uu^8QeHa%Gx^QYn8;;G@)>kY6htL$WOvk_kc9pmcXxJS|jPSbwgzbbR(=b|JG zP$eW4@Qvxkc{Dc0pMvVD>QdRx1kYF+Re9m^LQV}z3t}XpWH3vLPfTEdoW92Eq2Os{ zGybGjw**1%gQ|+~P6B+EMe`^%j;oP(N6fI=$1f~uBV|hMO&^|nE zbvC6e{?hEl`d5A$RYAcj$p*H3&7aVZV;dHt43mN2q#r%0Tc!veIyEzb0DTT!h%p1G z#oz^+o90Wn?nr5U$T9_M%cU#Z>D#=V=k+xaK2L7cZI_j22j{EQBASAk4Lgpg#`12S z>aTqjpuve+%YNMwLSHs)vF~85uaQ0pHzO2JE#yup`dwp*Q&T~fr6Ws0s;oX)GO<}x z*HDQQDL%SDjHZzot$iF(*piU_gul(dA=N=tSzGAA5y5$5Bh}w_=SJU_=93ETHcdi2 z(1$I%IH)&0h|uX1wh(LwN@YecvS@b_n~|`8E9-K7AXJ%c5)EJ|L^BioZW(@lP+7ia zY6Z};YUvmI3OA6jgSDopJEQCOC$dP>aC>iQ_QTa<`#G)zn*#{(1eqFUl6ggBjf&R0 zCOZI@^kb>4F5Kasu{i#GmP2S?iP9j}um8Rf_{S8DntIw;8{DN7Fs~>k04sT;hOhN* z_xwg!j)~64TD4rbj`RjW#+qa+*B^Jw1;<;39eQ6_aet7nrzMoLj@K9f7k>oAlCE-> zpkn>;!6cGMb`8C>Mygo{V}i$z6Jb)FZ#f3gK26Q!q@#n7%>}j!p;6zzi`ZUv&jZ#( zNHJ=oME-msbk=X=7{V^QJJa0x8TqG_!ejG}eTV$x*jA=CIEh1@gkqYHWhyHxqkC>v z)Uk{0xBDE<=g*K}$907yS^uNO1>!d>kJ2x)uEz=%`=YZhu1{v$-4%a{7aHc~WsIkt zEsb+k!?cmp0sjv6D~hj$KssVLpYb1dq|UQwmP{9=mQ66k_C~pCgAfKf=1he1V)1&!*N8q2)lA_*f z4o(J=;t@Plh~a4#r@tmG+z{#Ymg5*ou&5p7P?F}K`MPyjN|D=gwcWXK6wiF2vLWJB_P01%~W z0>LX37eMMpgf9MabGWAIqXHzO`|fAlfv2yDH-eg;nyK&q;UO_ zjcVDdOiy6?&xN=T{ID_$jEQZ!dYXONw0A6Vx># zEu_;K{oplizM7{szfHbs!6A6XD0UUU{6BG#(Wnn3YA^!@v{FOrpWxz1ZwDxZ2oZkT ztc==l3jg$=fDZIQEC|QH8-JY&B2KC21?)*B%9v;2iEVN(kZpmoByCIkV^<*o$eh$m zTBqA%J)I8=7|g*yL=@^-W7+lJIU2VwQpBN0fl5>f>iYCMM*~GjZ5i2II@3|T)gHy6D(S0RyhG#!Q2$3TE?`;ULCCVQ1vX`4(Lem6nGDCVHq5sA{ zo2BFpfaVbmnM0$cPJpFxY$lX}tzOlOdoV5M?EdADV?Dfq)!^11pClC0h_7dym(u-L zTjCkIVU_gtr2d-{VMhh`#f~;4@j+AmFw!;6R!fcoTi~`;efJOeWO_1Lj6Xo12gsXF z>}fTWF$Z9qC!?ioItbo_B}oSs=FsJoNGkKDhk9D}wKvW_YlOvb6UCwPF~pq_X*ZM} z6hu85dT;RLMTE%{{Vry?W@-xID%e!UL>n!(^HuUg-^yn4Kyiw$A*{;n-kX&*_TU;b zv(@s>#X)`DVOr2{>em-b3tz8y56_HOp1cyMlj7CJ6P1npiIj`F*J|F%q z&*bh}_@76+(seOgElhM&c+@^bjp^`5W0L;IEa=*#KOS#PsJ?N0CUeQph|?ZL_g^j4 zhJp+>9d+-PGy0e%g8q5qhjLxgF5DjARzOaGHA)UlK_99J!6c?&?{KG8Mzkaa#nt)F zi_oCs^gI%trjDZcxP!KQGje!gxp40?PLAy1+I*wi4)*e5e7btA2G-QxLZ<&tWyUr# zB{C>j;7ho=ygSqF0EY|%ywo`KQpqY=_BW}fwtgMHHzu&4B>ZP`5s7E6NzYR+%buu9 zCRwgB0nvFKry*(86vxK808a^W2>JQ&rBf3$uPgy1&H&%NDh)bqmUDS;s6bNeilOXW^B=iAH_hWzi5q3zn&&buw*0AmSqrCA1>J1E2JDOZ@aj!_XC zQS~8kOv-9y0OdW>BguL5Cxq!eb5b#;!RmZ@PQ@@`dN|p3K^Y_I z!Pas|gdq97$q;j7#*kEU7-Oqh&P3hMFHEvkHnC#-cQ-q8Wgafhx*i-dC(h5my6BDg zre^PPFQn6rb&i2xYE+5C0$j3REael;$VZGBoj^e6M$7w4%1!)G9@HiNGjBULyt75M zmBDEHP0yi9^PRFM_pb}*V*Y{4TGCUB5cwZJ4GQE`ec-}@Rk@04whU3&!z9fQmPg6mM3`Sdl%@1uCw zT$dt`u92#B%E~gqPuz-m@t)kp8jNdo9PO^dwMxvJj(zO&4@z{n8F(0yo@LURK&}f( zsB&Z!mZ$xrR|kKPJ)?Wr5(Q*W_pN-0#@Dy zyh4OI7=~AZ<39XK$_cgiQP>?^-^&Cc~WbhpFQO;mv9(xEFdEE;y>?lrb<-C)* zWy#sjBozA+uW5!53ck~0vyF^*ELGkb{hSazLzibyvP*PpL@{&8hjw6 zL*F0G#m^D0u7q9O{SinFeV@^Nb~h3t`(t#VsKP;Q?889v4cX=GUw5Fz0AS?_=&+{1 zifMG?E-W0M@q4pFFYl{}#z4sWZsx}caDC#Sj^A^Lj^CYl^`W9nad=X82{P{wpW^o@ zVA1q1IgRA2Dg9bk$TDzAPxlOm&H}2E=RWtNXvN}BISQ%f_3Gwbo=ZZ{-nEFVDSDtn zpWQ%PNa8Ka6x-R!^JSGq)y9QH8t=P(85FZVig*&oO}I~FB7N`of*e4LFqbJG0!S`o|zLn+pCJ-hjjHDC*|1);dYn4`G;8g-m ztbd+ZW5!X_wjt!r!Y;;JUC~+LQY%?90=`&OF8_r!yJ%t)JGF_WnG{$yIaQ(r3li`W zg?j=n!MMigF7eJKA3g;&bgZs5QYc;9_I;wjL1&)V?FQqxKV?lbmcrko{dy?-^^eg4 z9e9GDdkwn;1tLssJom6$oZ`T?G1D>b-PaRHv&UbNd%wZVvuhEG ztRON6F^+2xNOiP*vY-iCY(^}bN`_XnEQIPTn>-;J5HOeK%6PZOKl@3zc?{| zflJNy8FReYs^vorqIl=N)5&h)nI>(viQs2M>7%zA7pUw0Y2$ku;&^duG|H)BYPi4} zIq40K#Dq`8;D%^TuHfe~X7>N0B_*NkN>^}EMMIf&>}BwcHa;|ZrYJS*y@tM%gq>|; zJR4I++WWoSlsNXMlA9M<_mF2_GOZm%0%vyQDdxM7%z067Go;ku!(nfOxtB|d3%s_r zLuuJW$UPiFi)M|r7g%YAYXO~GE{C*z-tOab6o)M9b^KcIM5>x;3GixWlj$;I^~&)fu_Ka9S}0Qk!C zlEe*Q7U4RD!FnHC3yj&|Q&5DG?r56kPmec@n!@!)iuizuC>;d*vTDlZd$A;$fQd<9 zti876bgn7GrevqP0?c(N4e>)@+6_`KV}~vv-kVCIH&m=o3fMb-czOS!b_&h zxbUBqOmOBcZyPhA2jx1d4KS~rKh7&dk60D1#3^*t%!NmU6Us%h5a4Nfi@DJnK>W0) z)Az+G;2X1sVM>R&;zckJJDuHwlStIH-E8xBe%S9}Pv*8A$k-GQU6*uM<70&Xk zFs**qdw+4`=gNC}Aj;Po-}xeDSREu3Xh~B!H9zy~CLHF`N16ho=+9WgRBo-_14{{} zQh||TY5+6!+;M|2J5j-@UP!g<2_plD{)bHY`rP}e7oRSI3`u2;dOYOJWL?D^fG5|a zyyS^FD+`usL!6&1bj;yP1mkJL1-3hRdZ+wC88#p^MKLLUR(+|V$_ z>=c#`fWP^>g781)lt(trE`KZDBQJ(}>JQHWhkAvpqUdF0Z%@q0fFw%u-4x-dSk#75 z&zhXcw7q=M#8(M*_if5HK?xh?@^zQwG$<+=4W^o&Ut8TQG1*@}|0B;SxC2jnPwO5@ z);+eEyD?qsd9}*gT(>a~SP0)HyS@;gqM|w3-GyO-&&Z!yebB~h^Rxy(xY*%gHMQQt z)QB1}UHCj@QnFVy3Te9uNgEt$GBe*X)Kjm1G(sbL$a&TfKeOg$+afVg4$;0?^4eJO z&su4cen6^rl83%?^}Ww7kkxNH&UQpF4f*6LsL34Sw7RYzer3W#7)qR&#Qa{X2xPAF z2=?s83k@@V5isVqwCOu=R^gmp1P5k_^OBMp3T8FP&^)t)sB64Vol{miJ$*nmgXB-< zk7W`5JN-|Kr889UJHxJ>8Aux%G6!b_NO1m8n2=D1C!!ngjOEE_ELXw$3?B)54Q~{) znmjRGT3XhH84qDZ41$y$Uzq&+{#D`?cC+-w%0vgh_S>^2z@0e$$MzVx2MAdGNUNXb zPDn+{n6daHNKq=r^V1baHQ%xcE7=oH!Lzdq8Cg08>g}kW$iX(Lz(iT0+70A4F7_ESSOE@Axl>Ah-p3=KAG)U#vEvR-18z=St(a(e&RoTyf z0+|hi&cK%HsbJVfzgOGF|)L?|O3Kk`nZKBbl%A^XaFi6g(De!8&cx zZL{`oV>Fqhq{|e%cjsus|4k|{oGkj`uI)L*O0w2cGwVrQ*we*E^J~6JZr%XEM*OAy zU=Jyd0t>bye_E{j4adzz?dT)5+}s|<16(J5u9g(eYr?Pz`CXw;%tV=*goGJegW*yo zGpDm#eAy^n`QW;wDlu_m*9*S}=Izpt%gelX#dBQ8=7N3LTc_8GKTc_CbiAqDiEZt| z^O4j3qcDZAml!~$Vnj|t9hEWkb^Q4>-tD8AhOy&T_FinAYMh&0d{X3!IoPQ6E^o_? zi&hPyvye|%(Olft);gIA!m_Y8^dM8j3Y#=+tlP75Mc!!e!L1o9cwN0=ap%PqPWH9sLcM`g7ok*Ae~qVtS)ss={YUkFMMdGzwJ8qA5C1WeUh8~sbVQYjU*56)UnQv zh7S7$om9J;L0BU0$pQ9uJl7Kz(S;oytksVU!^5dDDbwF#ySnb>a^l{NR@n#oh()R6 zZ!RZ)M#HcLeCRC!1(8mHN3d14OMCfKE1q#xzsN$}wr?`8%ZC^cj_4f^rQ{z4)9Sy9)ov3NJE|&Jz zpV)5o?s0_u$}iAsv4y>GN6fSpCpO8M;9%l}U8PZvu&TrbRW&)3{`)tlSX!&}ni+GV zl_sjK1Jc)Fkx!d)VJ`16Vql4gE*UwG%Fk<3+FzcF0&XTxH&&!PjqtnGsiwT{%A@ps z)C(>nA;TO;O|8YJ%y_I~+NYT`(z}Vf>R5{MG=o4Cw>#|;C!m6yiF7h0MVazGxR~sZ z0k%8;`d%KJAhL;8rDM2xUvd=?q;7rZNtC~63_mWqp7Bj~Rw_*3AqOb|O z+<^G^i`55b6}O30DY3mJ-x@Q_rNJXJ_VWxkH0J{ZpKI0p>&hrgl@v2EiMR*D^qf?pj?>^mdJwobJ-&f zX?bvq0D&<9X6+Rshx;CX68PQ57C>G^pMv>)5H)l4*X^pIL}2TZ>kqe>EnD1+A|x|I z;I|bIx$tUV5F(PvbN7fjtYA{pDw_h+KUOa3Hmc7ebUEnta@IV^iuZF zAATZ{#n68e-7nC!ix$K*~)MR%7Ddj^RbLL%fX{RS)){_btKs?AbCWH7D zr_v9<`SCRV{gCbt>8;ZjS}f7giQ5si6?)HcL!O?Nm72N>h{2r+2ZpiAPW zxNm$-GIz}C8xx&%5y>vt&@mcv8GZeE5gSbWFjOb0=e`7rWlV;)&g+@*YjyusoE8y% z2`FJp9Dj_1>Bg*f>1fsWS*h+HqK!EU(%z>Bb2w%!Yx{mkqh0|E!vPj*J=4&NRPYnr zy%6yK3F1XNnDXEWW{}vFW%}x!=MH-d>5oMlJJmiLh+}>YEPI+mxF?2lXqS`6B5!7S zgcl(HqQ0}SQzf)54A9G;sbpZTdr%t(L4Di`BysU}9@FL;_TfVte2Gnk*)GInTK92X zdiLjiWAudE3I<_d*`b`Fe$UV=DHnIaEEiTC$0AH%oGroS$2g%zr7$V<;@4ZuyXG{_ z3)%fk4#^o!VSTyBjb!{ERvvM;iBXcv5P!w8K|a1<(>Pspd~LdxJCgLz-v#t2c7@>f z-`U?rlK*+hEtbQ>ucG2UH(p+@@7mL+-=u6~5D`HF`Q)UVE?^E>UwTa^g|(V#DMJ#K zgx|W${%Y>n#=x>zsC`0K{hWw(4%+*E$8t%w&BvjQ9x&H$?=2S|ug)nwc@gZ~Dz4$P z1+&H>(!&#zLG}4%GpqOS2{B@v-Hf@vBDw%asFG07`7a&2Wq9TBgMYUz?Wc&9ufrT9 zlm6V+NA_+_X%jPAX>bR((S$BlK9Dg#&wi^@@!fYSbOEpXN9F-yX=lX(C^2z1~16mqPXE7cn%adabA0Q%Bl9F=c_3_ zIWbfWpio7k&LqmI1nX3^lJvX9iUi?%B#d+I*r={965>ItBYR7E)+KCQLRAy+_9~jN z^aKR{gW=}!6$oGl(t2CDzV4`_12U8Ic-xawRNSGemY+BF*M<=E&!*n8xg+P4rtajI zgAfs>t8+6NM0K#d9z4Nzms%>&^Om%0F)|g^y)`vaYt0hUc1cS|E_NNzgjoG+&%4r~ z+~g_u?3tYwP$tBQCAZ&^g5r(Gb#Cg;b&a!r$GHF&M`7OPFq%E4Z`U+qNC!KzB(UzaG77|r6w(Vlcy zlOK%RCfy2LQQNmKuO`*^}T=; zw!5@^Uo6L|88*u{#_!Yy7>KHc`f?K;XM84IVyVs*uf6=5Vpu+`E%y_`S~9Buv66%x>Ic&6PWGOUcJ*vMZyaNdV3R@*GEVjt;EWJT^{+IxtBsx z0a+tLAC3!+<589M>dum#;K?oHZ7g7VO`EkcT%2t(z8YlZjRmmNcb<_fgQD z@RHblHr~qG=k6SiHbyG&_BeiB94Ou@|KsQz{?~^Djjg){1M$1C}-|aUlG;+ZtHza`A`wo+PlQsyIqu+ zSw$??2&c#T&CQm~M7N#%R_}d1eeFmQ5b&v}DAT)jq-8#RI6^FgJ!5!eWoxJ93FT#n zgsjcBLQUt5dV!-qI5~$rAY)fv-`L_aB4DvC=wiz`Q*r;R3&Ze}N#(eB^hqcKLo|I< zq@p`F5ZcohH*6zlc52X(GL-u*sSK9YiNp7GC5ic-n6ie2U6t}L8sLfL*#rdRKc#nqO9UQb?~0p=Ik?!j`$|qt&0Jij z5{Qy6EGj^O%}E*d7wtsQb0^Yjf1gp>$qmOd#AT>|9#e%;>sCO@JzX1AjB9SyTFJFT zL4lLgg9m00^RQIkzl%r;8+x@0utKcZ%9ciBjeAVMu@~0QU4X5UYKjlQ_k?{7t1aKX zGiyA`mwNc{d%s;$Q!|1{tQfzITeX%|^AJ{I9k#W_DfhCf7yY6yA#2a0C3e@7r^NVh z)jwOuh~1*1yDar`Qu%4WNqEz%i;I)y4_JT7+vGAt5pReBDAl?Se$SD_t3n{`(;vUJ zPnsEd9Pq{J99N4vkA@Ym>coYHC;XS@RlX;DVMH6Q9lJBLD9qH9`I@_(7_n?BA6zPo zuS1 z5($kxK59JJ<|;V|TB%^lVI=M0<+7V-C5$Cw0ULJuQXjq{;9Nv3^;GQ zrXmY;Vu8YpWL;yA#tH5C@x&~b09mT>*BQQiM4jidG2OCvCH1570owc&;+XO#_rhOQ z+*4`r^&KTjcZO>3hYidtaWR~9o29u=*%l9O<9*O{`7|DI zCU$mu- z$5kCur=0FyQ49@?*477l2@?s~A0AYj$wFOHQsd$#CTy|3>TMg5m1Y`UMIRZDRwWh( zzt)TAY7T7;hACCOG9y8{BbfO`p1h+V6BkxT&M5j!Luz=tew?O&^aS_QF{lVpuND;c zXcD_G*?_X!gTn^-H3M0u`dUPM5_9qW9$secK4Nam`^<2EfW93RsIOmn+f&(@>iLHZ zf&asP*8lI6@!KNE`ULt!#3usK-a!|dCbv7}`8p8{cH(Si>e`PfZ@!sC%gbT^-g+hi zqLi`IP1nWq5Z{i^X`t8XHJw`;)jVwl(k}LM&avKp;WsU&3bPAhiJ)Vc}M`X0QbWHxHH_cRwi}2zzX0YT_7O!Yqvo z;oo8FZI6qJi)wLu;1vwc_Dj{_d@AA=GyXysqo|J7ShjgM@V8s`Rp6|U zhV)NT{bF)5|1O4$ask&-S|IV>xSC>MP6*1V-TGTPs-<_v=b-mCRwZsBqK~yJlu&m6 ztyKFoi>ZAuIeWDGrbI4N0zFnCfla)Pu@PHTP0Fua_6S*B;^Earv%DDF`VVKx;Mcc0 zNP^SC=ufE*TzrY{L#%G0+qDv&80(jd3NqKsN&tN z_0o|t^|&QpmdMXCB`K^VRHnWRU3Lv~h@F+h5|a@kpcdw3qH6nuc~xJ zSVn{Hb+Fx0_fy+`9$e+4nsh(+b-1#|A|J)q3#^`~F8Eh{w7@&0OZ%zY!C!=ir4tPN z=!-%`g0Iq;PmjsYP5Tsw_Q)xl1^iE}p6B&g5@SWB)4^+dj0e8HmNGY!wci~U(EILe zF~WU3Wn{3VaPu%!)HUg2%NGY=-lv|9L3gSnbf^mQ~v|k z1-u*LI)i{2)Q{R!=o)%pdT1ncy5?~^ve-~{yD-AvlQbzC<0-wn**?^1voO;GiAugAg8NY1?Fbav_qiGlgxE#trgjiaPYB{*{yAyr8fs+MJ&FT zE~}1B(d`b!b=-5V?Y~s&tL2RSq56;*fxEX6JJPb&C(Nad_vB_~^62pzpt}B~2UX=~H2t8fbdtQ;RQCLXDvjE>MmSECQ3I^(9Igl_RIf;$gh z7)M9pk~9{|oy*rO!aD47+XbKdOtK*Fb5mTCK;>o6b%K8s^obyj4T!1_`X_G{G0bRhJe3<40mWF zRdxj|2|Ln|+Nl}nsige~Tf$v{;M>>t9xYu7v~N9@Xo?y-mFGsZ{czB+(WXo)_zdn; zDHG27d2?VwGHU)R4{Hu$eXa#%=Z!lG^ow2oL^7H51`;`f9_O?E^}XNh6-* zNhZ=J#Si?xdT>W)3H+!nrA3w@DrRA}Ef}aU_g6-?1b>hLlKw`hC{$hVL3R40_ef$X zcHS4(^dS(Amrb^fT)rQTV z#5akU&;5+~n0zyXCt!xd=?MbJ33!2~h_g>o<+UZ7p7YRU;_lwPoL6_!v7iXmPVY^t zRK`=TN5q{X^Q03X>VKxG#O>RD)S zvT)VicG6mcUxQ1n#CuI7w*Y|j!=1R<5~Uimp3OQvlmT^6h{5O>w=N2?Z{qiecsJdq z=W2^v=k|U)`OTI>E0zBWzy*q*_qFKfkffE!rPe7!}lLtuL3Zr++v+oG}+F@p(0o`a+aGxIC-Dqd%LugwWpdoRVyYPX`Hu zIlsr1y!19X!CUx-vKl4kXQ7B}-T`*7TtPGG<%M@G|2i)>^X+!O=A!RXZP3P`y7g0! z0F*A*w&yw#=!O4!jmeih785?@VI$+_kRtk zn3X*!?(&e6&8*lTPxi661yGPNp(VHbZ^@eZ)FG~j8;B$Ji_YI_HOxhY$mD6393!*! zgKOy_O+u$hr9Ll*2+ib`qm{g;LMpGytzFi-GhxIpoBPh_o^ii7SUv+$B_fj>3Mk8? ze|Wu82P4THuK!^@|6?oxQI~SCte^30Y0j4?PGG|6TGU@;X6TqLZp)UcQXnq_usD#F M*;&(PXS|aC4H2%by8r+H literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/lookout-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/lookout-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..7d3c2f51e469bb1c98c7b1091303d72af8e0cdc6 GIT binary patch literal 6649 zcmaKRRa9I}&@B)`aA(j#2X`MV5Zpo_xCe(I!CiyPAOi#s!Gi>c4=1=ofZ#d|Ft`T~ z+{s$^;Xd5|f9TU|opZXos(RP1>aJK#4JABmDr^)K6g(AW`S-})^b#1HWmR9ISMY>crOYHWu}V!8y(-=<2*l4les*E z^rv!D=5*B(s5N)9jWHBLj%#*~hC8U{N|HMXDmG+!E6WO5F=f}Hq4aHcf26igs}}+ancWM|1319etOj@ zKcgqZfZoP;HuSggl>}I5@h7auKRf&f?oePq#8>rhWRC^|qpO9^e07R{11or=nIvOi zz{&0<&Sed3`E#TWcyw4;Ld$w*^b;7XI6bsTt~l(?yOxX>L9hI}14LP0aHBU8W*5A5 z2-=EL{8XH@u1rUFvvA?AhMzu}wW?E}XtQ2|6fR||_C=Xh%v)+yB}CJ@y>$1dwI1WV z(`oACKEgpyeLR$jUla*={1nt%@Gzq|r%0zvHxgq`5qOh-vUS#eCPSI-&uLn6(JjyD zfLpl*m-VCD7i+Mu@n2^NRW7ws$kd^6D*P7EiA-xU-S>PWETo2SzJPG$zTp5Tekne& z#2mUIrL!DgB#I$&yfUHa{U+fVXATTW@oD#Ns5`QC;V|sORpPf@k}Q#OTMpQi@l3vH zzo{*P1C7vr^egT*<1~davV(Ob?f~SGdITkj#Hz>4zRr;?Tz=rUVvD*Gwo9H-!dbcc z@F+zv5zDuil!&hPi z$koG#jQITUJW)$cf9e~XBj%ccxC2o{xgq(G1oi5r5hsK?pq0FKI0&!gn%I3pgDdW( zuAXMGnlKM~8zBf6l1bD@M=(Qquyyu<$t(O%E^gyy(yQsn;K{FKf|fLwz%t(DXx8V_gu7Ykiynmq|+S!wQXDtaSYKy9NMhbhGt?mL6Y;EyjUKI3Ex%|=H^ZsnKG z|KiGVGrlZqJS>b*rB6;)@ryMn z``yiW=%0bfnl@#^Uuaes6Kr~OvM|y%!ek6Iz)HuWj`65t6dy$lejz1R6*-K|K1xv& zho6+rl3rZir#K^Q7)9>fqBj=PjVaM(kF7q=Pz0vw+%nFC?M#dG4^o4*?Hp62<7ZmW zDy;Ip3GqY;*I^p0Fkr7IGo3+nzegg8IDp@qSy#q%uMvGEcAr1DG&jvrHm1%@gp_)> zr8{f6NBjVTYA+s-aHdxtLV?BPW~OA4LaJjpz+vo~c|>Z2V`x$vI&k8cnJPhz%KzNDmaToTlvk#{3JZht>zLGIilLBwBnf z6(3fP#F~=6y7KZ%MKSa<+kiX^iVns3r3PJBmF&Jp_sRX~VC(Kh`rl!k%Ll8ai8OHB z5ZXKx#1KKBi8(`K-^Z80-?zw>b7p`uDCMf3<3Oefg$8T;X|Q|GCBC~%GNq2g6C?x{ z|K@-3GVA--zyovVpzt**x~+xJ?32&wEzw0D`3$&>{%Isn0F8U2ThlS``HU*qbyg0$ zPnxB$p$aDCX%D5Vg?FH`u3Ti)LzTCiIAf&oMke&2!w)<$Ns9V6JHOhMpdn9iA97va z@YmEke_1WWlW?AgmQRXdJYkjqd3OB7T=3XEdEujMt)-N(GIZ$f%GP6h6ZUPKTV)VU)) zqpmG0LlnW$IC-ang9@z3d#{8w^vD_mg5q~F;I5x8g%eu#lYx`;+0f&vG(Sw1^%`nG zD&q{rc3QZ2+;t=X0|{L0dr=yzF(m2{lyUg8#7^+xGp*&%dANho(-3)ghu@~#!n(q((9l2${VnxHQg2g8$K$YS znvzQ*<6BFvY;DCxU9*8qibIi90+ief(^&nVkr?%@gcAe`xMp@OqGZ#)i}Q@4M|&f? z2WP|;`-m@GU2%>Y%TCXYuEQMZ*XnV;h)ofLm$&ek!5k~;L3?RBw<>7`RKo$l>c~tK zso2>Q;#9ll6uRaHdLQqulwRH1ZxWt*9dGTOxjht_$@Z7-YObJIVB;##y}_5tK+Nu~u~u;A7_)NMsaQ5vd(*&yDI) z3|?rG{VC?&?a?Z4K3Lqu4I-@zinpnyJ!BH*MEvha|kSoSSr6QX5*3%uJ~(0&DVH5^>~AGI>A&hjO31g)+J zG6XA{O3?HX+I@r6hd!pTx z?ibl>AZKTq;v6nySB4sy2Cg434se%<*0(+aI`jynU}k1c!Q49xQ06SkYfF*zH7KAx zeMUp3cpGiq&(EWEuru^TnHMJSd*p6ho2qZr+%VIgup!i~-uFwZu*hSFESb-9Sq}Kv zO~UJDf5vD2eRZ&F{RJ|292~`DsI341+7N=g|G6&*&=nVjGHqw)IdOHy-WMm!>^BNkkL}FFD-neWNi?9D#Zc*! zjY+AAk-b)+CsLoZf=0MdP}swn>>1h1ILa4wIPp_ol(9$CXyaEDCliYIq}=glViLWT zXH96wMn9LAq&#^o2WtOl)rt@Yv{cN>N-BGxzO9dSZfJflx+nub)ACG6d0gvZJlDDUUyl{++7+ZG%Y=rFjQ$23~Ua? z0%C{sWNc2Hs(CxURBMVN^OK3g<4?rDWf8c_0aY$1KkgaLjA6w=T_f~A82L#URERmT zYv6-h)U}n@SYs{RJY8OY;ek!NX10jQ{?bJraKDQ3qAqoMYs0P4M24U3ei4#dNG8jX zBn268G&pH}s^Hye(U~!mQ8p^cuj$BBxVz*ZgGck`d}LZk3uk1{$el@HrldqNCBEK( zIFF$t^eq=hOVpHpFhEyJaYlb%P7yPP3s&cU+nej0wlhw_`rfW32XPqOs}kZkn!-pf zC%XXN|Fjd5ggb3_ZDI&T2F{CtQD@&D`@)`yP$DGReXq|}-_=`H{3_B;a zYs6SdJrw2*B}D5}u9p6*0>=@$(@5YzlR~bz z@Z^++N@9;HAjWo8h^~VGXzR#T_VxQ=Flq{jt0MBD;?(x-^nuQpr?uaBtPIXOpzoK3 z<@FDIB4Cze!p}W>^firLle2U|8M`uLU^k~Yh_FH>bZexvZVtY$YV;6>=yRSxJY@%@ zfPA|Tllrfe<6<}HfZLHw-J9=%=q~f^HhLaAI1ZwdE-WuOf8)<5_3LX#)(!v5!FM_5 zeBjNyWlgR{)>Wa%nBGKou>p7_@G%ZM7F2pFK7;Giu$$G^}pwQr$rv4 zz|vajIxbmtU%R_@U*~?DZ1ED?R~^L0WO9_}ZVj}8nZuj>{v|(wc0b^xn8;Hk$%U2EmI1foQ9RwL5eWL3`Mk# zE4GjZ{61OPYg=y{QRmL{S{F^WUet&TM-3Zr@i#qWs3)wiWBr;1nc!q*7?0R-h`5{f z5Ia>w?t?S!>hFGIf#bMF7T1F>it=DC{^Fq=G@FO(B%Zop)pEL zb#@Uy$zftLjbTfhE~92qsE$Ep|L>iF;Eu;P3JE^1k1WN4vnu%_FEC1LUwQlZG#rK# z?Af2Td{4Nuo?cxYp9D%!P*G*q2T(*U&s@T#ofG@Jb=u8*FlO?ZzMK4r$lLzf@)F;Bjgwks1NvYUj%Lc#9&|%57`~f zdXLJx9goEj6VWFmB&2B^KoRj_q)9Ea`va=T%6`+=BFN6ootW<#Jp_WcSS6xYZ8UN; zs>=1H;k~S#aBlUXkcbFzydpa%@6h3&!b5T3@$u2he@S6asJ4^Y0~cgt=f09wr(_UC z2l4p`rlB_q3NKl-1yE??2ln>%=xOk^wX}NnW>C7PriSQ(654;hH8iAr`7$-+i~TbA zqL&ZseMB+!y!q;AsVT>Rs}(+MEl_t5MeTcaKJ>jxvXkk1bMu$ezz0M8g?XqlNCwkM zggSq%8S+W;k?`*Bj^y=uTXn-F1Sokw%*18Xk%C>cA3?+RGPC6UExcvT1qI{&;cj3083*#`kL3B)?DjV3 z9hanu@z_Gwy{_$4R^JPP*FT+&|I_eqFNqA5#mqJ~x`ka%%`W~LUb|WCTc%!MQWI!@ zeH)q)@?iXQU0&vQkX2TmD;Q0}s&UqDl|+P#em5vbP!~Ah&X|H((|OPF$!SAF5&$pn z4#LRc_Tp?VbvRn;%z6H^>Y=mn`z-G?h&*R)u>0xiW$;r&e%)2u;cai8&(?k!NSKQ+TW`XpQ$gL#7Y;Ct8eZXxx=Z^y%6zg@7=eu1>=4@mv+eNYUPa=mIG{f$dW%% zNMwtfYkRpw%}qSds;pmv2LEZRx_#J9yu7BesIv(Y)#k6Ns%p?>DTW_yRps>N4Qhz@ z!*M1zU_IyocqO=+KAEWT)%S>>Q~@?p_SMpR$0>p^7wnb`D_}V3xYR(79i&>e7U2K1 zE-B)&EbrkV*!OzFCaAgcFXS8Ylwv^<(QA?0+G_A)-fh9-(%o(GSl&u2Dhgw|5loxJ zI#5eFaO`a*lCyt!DDk(D(CPWFV=g#2cdk-jTQ|r*#2iHPMh(PP^PR%SJar^u;gFda zpCn$MLRfZSu||-vtQ-6K>fMa$lg@1zLQacx^(0W^&($XNHN@j8CntxJmX>AXxU{&D zv~o>DO%127udf^@057~qDTx>>T3a6N_QHI92$=ssv-003#7>5p?5q$-g>mC}&{Cwq z=QJ8lB~F8XIl`KsjBtkykGz30>*z8AAbC$+n5af3Of=XGV*+|Pc)G$CO$J!eeYpqw zt^RmJLYNc~`Ll<=w?SQXbP8GqP5#2?1_=vhL6Ob#&DJ2Mly411;rWk$lVS%fs|@O( zl!CUk4wo#S!%(_|&J~dIf1tpKmH%8?%3}67(T%iCs~3E5_JInA z5pr*5w$TM-K-bm1WUFCAN*_EH_V*!n2u=|dHifWScsTX=@EnXpqk7j0WbUKQ?s!(N zq#v}cO?>MdT;Lj0G?X~=`?oxD!^w8Ywh;(zZEZPyJJ#;|0bU1Z7s`eT)*N!ndLU!2Z=(l5(JvvKkw)O^+=XZQOp>&}*( zea?dm$;+aiInQPm0M7HDuvaaYYCi8ZHAA_^kXq|))KW!!ckU>pb&uns`>&Xl0dNCCh z!}aO~|0S0!a1U5E5o1SwFE6*4KUzwi|5|jfyhS5;gq--_Wxh&#L8(K(C4WEV<;ot! zS%kX6-=FUc@8Rq&2$Nyhrxi&KDK>s425JjlQPI)o4}aO>WW(A~+WTJHrppTW6UPs@ zf@!R72xSQ&^2&SSwhfdGVyzEsv`MoI3rdo-LoioOq(utZ;JD1D3s~rAxCD4iBg8xz zI0$9nl(i?0F=L9%mz}!d32VNJsWiL-mel=1=}^v%NX`wfbpdFa5St_|0c{c@cc)74 z5Im*_1vy=xuQYK3aBOUB$gA=T*;-6^Osa7fw6sV`cMkHla{zkwU&j8Y(!>8!nLxZ{ uJ^okbm_wF1+$SSkzKqjLMA(9#>8|%B=KwAGmdLUVii(1Ue6{R{&;JJ)fXo{J literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/misp-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/misp-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..39c75e6b09675ddb1b064711a86ffb5b16a7677f GIT binary patch literal 6911 zcmZ`;XEa=0xJF0_qL*k9M)??>(d%a-qZ7i2&O{%giy#D1q6aZrLJT9K8zpKa+C&?@ zmoY?i6TRK}*1A9MJ?reV*E;9j=bXLw`@GNd?j3Jzs6%^~<1Psa2`%KYwkfgp`L9sk zCSH4%|LPGdDxb$tKN1pFf&U6A#1ybkym`kTVgSCgMn%U!aXUZiK7fRTqX43Y)L1Sj)+L&Q~@8rS7}qB(127N4aFRC{r1 z(pxsdZ`EQNnqH$}4s)O{R+D@XY;k)pUr?7Ujd&2+$spxb(6$!XMBC)OBlWBA)z;$L zCcmzLizUD;nCf3n5#NYkQ)`uEtRaX0+_hY0rU3dRkg+O&NvZRSUQ-yFbdr?{+ebcO zuI~Il9uINjB4c7<-AB=nysd?tRL;%lq0D8p1G3poFA`J4W6#Yf6+TFx9Ze_{F6l~_ zK!2|nvl%l}=&CYG{CIWgrANiGsFTreyia!ABX_N{1t_#JO2>-vxLj-4nU)6WI`Nhe zhB+}Px)z>uIclrUm3Lhd%B!!&Gc@Wv=hOEsDe5ENI~+i~(db6-zO7~p`At(BGfRd|ENrmSsm+(DA_BkOT@app`awQ zoU|E$fj42n>i`wv{ue+~L5#eG&byJf~= zulUi6Q8lD*h5BG{j|Rfru+bA8&2s$X)u|0%>1}Kt$3Uu7g+T9$O!xgE8W`!cbxC!} zK;rvSwPO_XNUfJjZ6BRQY_LlJRS8f0XSm6F=IQ27D(qM$+!7?!@k{-y1WqIWK_O7G zpdnTJblHjwgJz&09ju+DN&tu1JEwQN8_SqS0= zVu*-(P$h5DnBq>8!fAX+&r@DK`8&Sn@)jGaldg{z6pdvqmiA)VHa#^d_ApPx&ia{S+Y z;re4J`F@gcSYcH1ns+%kJ% zp2dcU|_e)voC*}#uJSMZwG2Se| zrh-WqYHPNe@#J}^pYs3S7k}r>-Q819+S?bBr_w+cHTE6ISsNQ8tl+e8`G=LfG*Q+| z5{VIe&Xqt$iC*>(L*wgPg*uZ?%%~|1e@d8-k{Rk*53n|BLCn zRvMfx;U|E@GWeH|6u^_m9}zmg$s{;0~M5o%=k&} zj|r}^&RDIK%nEI^ZBf0{E>g=e$MYO(hcz$t$|XL7a4*y|fFJISUPiIe=Rr<)%Tl~1 z?&dRz5a(Bs)By8bx6aaTb0vR5U_0To><|)S6noel4IVxVw}?tC7Lnv`>)SFfWF&QI zQbPI4>}t;&VB(7`L>SdA@2@Ij$hPBzr_maASg3m1u%~un&U(Wjl;oLidx)r9F8pD%Eju!i_YTwQ6O+yZofb(Lj0i;T`)vOU z@ri1z3qUld^CbqeQPJNBsK}A^$Wag0pK1D~KB%Cq;V%MOiLYj#T_^BzGjYf>DGBgw zj^eXsQ^&=gW;LUZ@uhzXIY_~z_a-k;2mSBGYwA5BY)Be~4j$$3t_#XgoSJf*doV>pt8%s;=LOZqj`X#~-^!#mfm|ZL?4FRTaiiADqn;g1cpuNT> z1LGsE&Ta}=_m683NbL0VW8(iG9{PIDA&(q6)h}j-4_>x4`_6dA(sF`~EiBY^I{W(} zhJ|X~X~jCtzIcvw03YU%i-BlgOptD=GF;U$Iys2EAA2XmC~Iie{!3NAAt8*k+RsFbX4MoX zFlklq8wHG6US8f>af;eX->7<;t^n2Ty?JoU0?FNj;3%Ve57xg_wXcSHw{|tQAMuH2 zQ)gphmiD^QJKyd~Qjc59` zn9wh4FqE%sq~jt4Z@eft{z#vfAr9SL{h4@qMi}mQ#`;-p{R*J%w%m^ohh`nTR2hqq z2}$)To`^J-Td5mNq@LX^B#8J++5Lbokq2-t$B%#E@dBY(K{NT zTE!WsZ(#5O)t0Z#mptcYt0-&GjXN;5HA&{x;LFi4H?P=SaHZ+Czc}7exw-VCPR>t( zK|jmfXN)KBcV;v<--r{ZB;!eWySO!_7`_U~(HHa{4z61JI!GPWnZ((saM)Wcd%f1{ zis*T86CAy`xY+8wB%`9Dzjwsx*E5zQ<&Nt~Qu*c~q*nNSWJI#KxY+;XFLrF~U%`w| zZZp!ydvkhjn+qEeXfNE!#SA)t8qdP=AyzZUNJ1Vy-zhstv2dMj7yeUb*t67arnXgW z%XG~^!-RQMHi^I{?z6fEsa`RPxF-BN(;}2Vl&UYt_Ra$B^~9V7i9*F2L*l+ZYb2AD zlB(RXYQIgl_0n%f~e4O6b3o+Qh&4dRP8%eQ9dl&haZaZ$XIDk{Hz z{2*s8e@!Buo#?MLc(HeL@8=eH>ga84NESe^$$2VjSD&8Tus{WDVIiNHnK?euLunC% ziq}3J3bOrK3sgB#V7(=|fFBx}Z_V?XLu2QNu4u*uZMO+45-!?0gA#(&*UU9E>8rhR zySg+z=X&rhY=wnBOJ8NJ?+dafN+~EbePoo$p;1*;^$!R*n6MD61u`W~REOXmJ*~1e z0J8EkqT1!(=+d*k%gE7Z9jj;MQkUUTbLX+_%&Bp?{!nd}1C40&_K@VdR~LYJuB5CC z5zGiyDX@-7DEja%xff?0>gp4>w50H3v^e59et>0rrY?79u5qE^JB6mk6Z1;zW-X=BS zm;eeM`~2=s@d=%0Z_(siv8Jpa zbL}m})@nJHcFPqGUvJ!Nd+Wg7{8rW=!(OuQIxLhblU(t|p;@K$VPr4Pp?4_XbEYyLy+DGCDP7#Fy3=fU2uP3EL`3*sWko0y#K2_kz{QfRf*zTjjx^#K8>< zQ}u4W=8#K!Y+JAy9K8sQa89vKU7A#b(KgRk*^D>1p-{5xyUGcX^n>4z9r;t|Lj+ZZ6sJ zc)Tn~mOc^OUk+7LQZh03>YB#;_A7e-a+Jt+gGOsTT)gZ$fj0YYR*&NNst6ij6NS@N z(#oaQNV|iB*`SWx;W2)U^pht~S}%4(^Aui?LDK2TAF_Eic;(jANX5Q=TVn`Sr1nS7 z)0CHEvDohjIkC=sJ8{zWrmX_)L!O(m^78ea2iMAG<~G=+U^_~~RK6Vjw0>uwW}7l7 ziwU#eSoVygcq|P1yT!2Vb2J+r&*%1bct2*nZX=j|KKr!{)8Sm?U`&P&gwYKSZ{Ioy zIzOw#137Kv<9-%h4t7Mm{axtp>b>Xe=2i0MV_<${bvb33E(B zLV_Y00ts<*`$v2#BOl~H9JFy1Jl*Vf2kD0A!y(;PPtGXccI$ENG<5{-%qr?=*i50y zX_)TD_~IRF*h2&NdhqQ#IummFE$1zYOfX26n`>F=r%wgmZGRaX;YTkvO_dwr3;rr< zV@t>HVL6XKBWSm##>U6%f44Q%S3K&6ktp=bqG83STn>fK;@YJqBtkC_L`2hiYD1NzuH~W0M%E4OAsk?{$v`Bwf-V zBUe7u&m<6%UJaz~mQ2--$JUwxF-4`N*_J?EFE24kv2oSttmi`^>aK`KBAMTJ0&#@1 zT?Le3i75>&U4~%^2`O=?%*|QCI||d%7+$`7i7G4mSX1**!l4?C2KDszxtjah{2WP#^M1oCzKS?gyBm^( zRU&;=+I1L;WEQoyM*Vp#hlWY1sToRVY8||c?`5Kl(il60{YDIZeHI2_q+$j?H75)rQN zjU_1+2xHgRq|!MwE9H`i@*+2-fPjX?M=!7WNLj!Rdy5;SLR2UFE5np;MMLnJ*?zF| zJLffCxkSy=9Iz#rpIuc=9KP%I{2*Zo2^_(xS0Vfo(9j@7>@KQIc;l=5(&vVT%#2b) zMYt%$(Lj&7s{Pzcg-4>)Fl=z9Zi8Ms(o7l*hEaI89SL@6r0VT(zaH%DZ*o|d&|7sdGZ<81XJq6}cMzN& zah83f>jr^@ljjZUw{&qS_YqfVgrs>=dP7!XHW#ILO|1reK^mOO-)dewhE$^>%pT4?V)p4yPYEcQGrzB<|7M0fc=^BZ+N5!p# z{%o#3?zaEXQ@tlz+GPlDyHCw-PI=@cJ;X&_%I(NK?_NZIHn>YUgJv^Pa zvc!mA`h|L8CnF6?C@+@`n?F4zN4nK|FWKJXK97^=P#KE6x_}@}xvu}p05NNs7VSw$ z_dJD=bWhM0dqmLkCw*TahDzqEbxl;ZtxB9;R`bZLE?=59a~}RFPfD&qF6iKoXw^qI zj{NKh<*+)?RoJbv@`O2@LvV0(1wzx@yfPplLl*#Xk)cfQJ3UoM2ab-6yax1}#fnbX zg`O0>Xto6Qq%2-PoG>@H{uY=-j41cGm7?8#w-Sa@QUO%mlCJLVj!W%rMB-o19dlvl z<`l^2Uk+^Ee8B#(s_H@GT$0z^yA-2T!%|~r30`BS_sj6#j& zX4TN?Y6sPg;YOlIBp}`1B`2rrmbenRx4lh*H-S&cD1UW*FgNJyR%?mbubX@fo=-Nv zMLce7$twpf2E_F21a6#P=TOzdl)Vv4d&NY_ose*s2+=mxsk4cjGkG&}{Dg&_08inn zugeB7B{jzDnQQqYP_B(xXRu1L*Iet_`UwO5>3(s_*^zg6_wtC3IHgL)UjPK_4;;x^ zB!-vpi^Ypqgh4l3mEhM%Jmx+Z2Om!%S>A#c5c7SHAl7%w>UT)(esG>juA-Z8dL4i_ zQ&&n+F`k#QY-T&%q5RIh--xVux#3*z8Bmtn0{pz$cW9Wn`iyuAA8f+li$JXW%p#ia z0eo@{^WyRgv5~zykFsoB%VT?S$cl<+Gigmw?x4Wd`Bk{qCwh7B`PIJBV$Ye@co-&Y z5cTnkjm@jGpV`{QChqQhfBzmk&VVvmSc2PZ^~Zk5id8^&wfxTS``ZlvB-hi`OG7>p zHW+JePm&4B4htT)WK$&36ta6aoT+IP2q3;eXI6emR1lM)5=K)_*ism z*@zUFf{{!|X+WX>e6gtF;|kQ@z+$B*D{Kv5Fo7sudQ_$3!~n~C1LbdE6X)(&T77*( z?Ci_5rS=n^BHkk5yAnJq8nREjcU6adS1u{;J-B}Fqwq^cx!@D%X`&nAhojW--cs++ zM7IA_K0Mn)vs@eM_K$5Uwj>waq7zsJ2A99mq)4QD%s5FYF3Foc(SY zB4%Ua*&c?Eo`NzS7Cfe>B;P-K<%}E~y9!rVD@<{ghJbPf=qZ2sIw*Q?6Kyy3Z=2BX zpIt>qX*xp%^M@p*q>=&su*b32GiLe-KP&K4|>(X)+NnJSiE2&xt}ngBd(4Zo`*rk_JmVh^JZ%-Mi(! z<$gANvsrj>k#7zqs7lcR?9(nC*l%~7;;VlD`O|}YAtNOPAwyxH;4p3P=+<;a z5BF06@o(JJ0gYf^R@%CQ+h3|~e+@8HsLbDz^sN%#h97dJUGvg40WN!?YA*rG(O!leK0 zrC%VbM5Nj4j6&bWXe?g}ohGv%N<4_U`muvC*Kz`LNZw_HVMo32tx=wF;^q|z1Z=2X IsbwGaKdxPc>Hq)$ literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/morphisec-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/morphisec-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..a0a63ce9d6f6c863d4ff7309134efb601f7be3ee GIT binary patch literal 4846 zcmZXYbyQSQx4M`49zgoh=fQ;NI2rq-J*cx&^?6G4Kk#(pdcVIC=C+QC=JSh zbax|fTP832@m6D8!3;+O1bv0#eoOb;uBt*Ej8+-Hw zr$}AZjNAc$p68$7scUoZ;T{rus6SO9ULvKYWnqn7^&J6#TXE{jk92*qw{rp!%&R#) zt&RM@j~CM$77>YNO4e=+u_-KPOiN>;@O=U#UHlPJg0o&i`N964oJ{_<%-Q#fx1631-)1IRZ(jHTnmapNtAcGK3VQ z&jr2k8j)-C%bnlxem8%3Dce}im%HlA$ITCBbs+~&ym1I>?>Y?JuTtUwc?Eq;4KQcN zUa^92#hkOk-SXArIW3b5NzhB-toU?&|G>O+|EQYGy zh}x*z!3pnjvQ^h-`{hMb>2i_$&at zwVYBE+h;0F0&{Dx{Y@YO({hrT_@=AiRV&FiBZF-oz3n7@mLc43E<n;+8A^A;jD(_zY=ojT_E_O7k))da$xa>$Hl zsZ}Wx`rplQ0x5KLbr(lgkW)hB-FG3bDF)&D@j2x5C1DzqpfU%5#b;NF1|3)C%h|Nc zYdHV3s<1g680DAjD zrO~G;V$Mi#Nd7$%Q(x+>9)mWER?@#zs4t#*5+z|@_{qmEz=*qSKD*HUdk|n3Lc9qf z_CF48KOaQg)QXjC_n5W0j$Aw}3W8FX&7Z%_N3GH}90^^eU(hrhaDWQ`V0i=D1n~Ey zEq62tuLt2HSw4sl!tKv0AKs3l-x}nc3vy@Lc-LM3D;(^K2PPa3Ys~j^^)8M5Bl7YR z|B69~bL58OD)pt|%VSj|b;Kn}Aq_Q3P3(Iv!N2cXE4+{o`E)-~Z9nGQl+y~pnQOgIv) z`U057#Z!dR0U0Az8rk}MAO%ih!ETZ+R`re4?y|ca*ap0tJmxC_d`o`x)1cCNQOkNn zp5zb^!i>5Ziq87eL~Xf3NtL&lZvKrY4n4fJNet*cKszNU)Lpw2&Tu!|q+tAZobyVy=WmClo)HdjnZ$;Cr z&Gbg(>O^$lSQEdAKCfQs_$dS~ho6>2s1gk9oP?o$W&bYXk^WJHA?!EXFF<*^8Q6SK z@J~XoEv|vm-TEgnrF2E13knG&20lZ%_VHx)XD07Fv$v(%A5pdpySDFN$;;na1 z-?t5m<%vHSktQmwzvj{9kx9C6a@X~D(5NPbb@6@Hfyf@WpV{w~1Q@<*&(OUQJK*4+8B2^L?x^r^#0H%n=~i;~8Am>R!7 zNnUFUHH147MVqIg(zl~gv_&=OvsdFSayn#mHf*7Y4WlKH`-*pSzKK3xmH`+?vc%dP zCzR^0Aw`+q>=lcfTn-1Mj6`<@S?%=_I4d@^w7V|@(6ZM;D?^kVmaXw^szPV;?u#dt z{=kLr$X5!Hb7{3{H(_mWdDK|MF0n40CBfR0TbXHJZ>}VN%%MnLE9wZUD4TYPB&&h? zi+Zm-Baw1u7daBW!Y@Rh59~2AhTu@d!$$+fyvNv1Z zQ_wgA%&g+0$5EoP zkX^OwYWepf62H8|m5#{XU)j+Zb*rdzMzsF*L%{OWW`?08tEk5WyVxn-)qntQpDMA} zQTqv7M+Gbi??2v=*v^@wVAHw zTdG?>YaN++(i@Ph?ZhPhQl?h%_s&jJ1G#%^ zAW?tL?OfaTb1}RMJZu>jv>*%(NMHRXrY>!yYR3w0Q}6G3449WQB#UM6;1$gcx4ArH zNuZU)TlXXy>9%&Ayg-TH=W`&{0pSs}jD_9=Fk$UbHh=`*E%Jp5&Bd<`1ONeFezv2M zolJkk$)E7o>CqG@=%NPUlk7=HJh$8^_3OrWq--ymqvR-f1>9~Yn!h7|aN6#ZnRxUq zP)NLP#h2Ukd7|<+GX=k9+FC2sra?91MIm;eNOs>H!CVhekVlge+=1634lqgeb{8Ydz<1Pfu6c-sh8nu%ltct%bOdqQqq zUCTW~@i>VYiAHE!);1+ z#DzI@Qt%3E6Xn}eaH+m&Tt4J_Y42eqa(kt}@4_i8PeE{sS5{~r{d>EG{c;Dx|M#)} zFv^KO0H9?9TS*a`U2RhK!W46h+aPm5W$5RCznm-eo_7}iN(j`_s8<4e=yePo|n(OKFQt+>%Vi6fyt$l z$nep|O@D)*Iw@@U`*`7w0ww%(8IR^$nsa)==!^U*)9`Fl*|JTwPWR9CDn*xHvgxD@ zFaK0sRuH{1fmT=I`nyZ~mXCwbS93PDp*LvsxEMEww9PaXK_#7P=F~_^?-F}Tk9*gY*d0)MRA@de^3Q`RV zSf45uV|CUi3z?FuB-^vBRST)qbk$ z(avKd@*BSXH2%j|ryaP#BLWG8RtYZri5EOC6H`8_8l~Nd@6S)+^t9q>^y>Xa2dfm| z;gpeMOk+*$l#9OTQ*xDts+lo4(SLZwPd}z(;Y$L+BoGjWRvcWjoY0Qx$+7N>PTn6& zjH&IiR*C6~zI8|?E;0Fi>o#m;JEO{*$vKdSNx8yQTGmd31h-=b55br z?#+{=+>+5Utw{u(SCa)**%KG(7inK~McYWdlZ3lJ6e4iRQgV6F>x0oP@?J9J!uer; zJx<-jGy8GyE_>exjRmA;-(12nLj*&GQg4lB=Vk^Kb45@Z4ijT~kkC#!kdBpH-$xBm zM>d`wbMr5*Yl$lZoD(U+ZI%O%aVcjUCT&@FPK?8Y(np;X@|sp}l5MDk;plz^EUxrb zDaV3eL!P2?p-$m-1;c0n)`(*24Hl`H*DSc?g$uW;tHr%!S=EM(ckHy5MGGg!qif;s z-gr!@K5s6WG6j3B84f%F*u5~AYa;XE+HyId^tVOzVob`S@A>vp%<5&;p$R#iPUWns z;#FuzfSrefc1c?J&mVT8+3eT#kB&~sZ1Nw!fBeYGd}?hB2fCi^lySkjN97iCF4ZSR z+n~g8$yQC=1`*jv47H4_^74#j3Z&}2y_GeTO~Wff(e0SJbvL;VCVS#KfO!^+H5*dL zZ3{Yd)w-7@ zN9(S`xWzMCm>~UT=&r$}zA}#%L#Nle)ZDmRCcM+$(?NGq2x5o}xc232?lL|2!m8Us zwo?#ozT153erw=yYWY@iVdb7MYvAkhU@?gy|B|MdiE8~KCzY6(=G{XE|9OjA*5TB2 zmy2{8(K>t4m32BJYH=K~c_UV#+1pMzBWs_rp3gch$2$L<(|;k>Ozgt125 z#Co>idNJ@}lIym;heN8t+k$xsk_yeIj$<2Rd>?Q1nFxfc(rhB7p@?}z*gfb40)d7u z#huU^#Z}S(RW9T|wxeAQAu7z}uAQjY{Kv4F2~r$6n9S(y z4LvX&^8wk?R!Y8lFq~&f261(0sU9AqqUO-};H#Ci5ceT}hJ^=itVx8@oE?q{$!01` z1pi{(*A~|IVPFZgu_5)eBe)tqV3j_gG+DNAW(meoWs1+71ef&B3uY|GQry|iA7*-X zba59U6lW0DLW)Ld(y2|eZ+iEh+dG(5Luknj%^Dd5>G{7Ge{*a9bJAWVEe;uE6E+=E z$CV`>(9p{%InK-Y7rzdo%G=RT{hDi?_G|j3qYj8_1|aF~w}e)?Ga_P_;!*bg=6jmT zXWO}0u3H7^cSRWl8*=VDvUTBbz7XHk6&>2qWO+{Vg`G3Q%J>)#_cwXJrCF>0zI%_D zOTkrN-J^26?zUaEp_Rx+dWFtLa?@=NZ_x<=5g?Tyfd$H-poBd;=Ea13x|xl)IEZIt+PftD{!Z z5%7=as)F!#{(fC_LgCX2yFjP&(hE zUB9ww@<%_Y8{r%fG)wbPM=sR>ccP>ID?joqAm(LX#KjvXD}nO6Y2$ZxSZdjJ!QFd( zdnd0v9mLsu=m}>Jzn{WiD^ibr(jngU{7yTq7EWahGF5qsdb9h)!6tZMeY2#q-S1Wy#E@V%OeE2 W+vh(EkC!^gcHL literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/nextron-thor-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/nextron-thor-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..e0b5860da67b1a1ae56e51014bb89455f713ece1 GIT binary patch literal 1390 zcmeAS@N?(olHy`uVBq!ia0vp^1t8491|*L?_~H$uI14-?iy0WiR6&^0Gf3qFP>{XE z)7O>#2`9gxwB{or=|v0-th}Bsjv*Cu-rhZ%tz0T|{GtsYees9G`alJjXdh#1vctny>l)pCeSE$o$&|RL2pxR)F7Ncy3Kp*8 z4TlUD6!2)sFw>Z+Td)3XM_sjksQKHQ^Xm>=-CNDj@JW07t7q|lf66KK%a>JaENp9Q z6X-sgaJ$U^TluYBavv^suYYv%L&VuF`|r&-cDh@hnL#eDo_DJBR>Af4zdX0MUkuO@ zYtEci`|Ki#qtd~PW*GBqX-m19a+imM!M?^$4BuX4CT9$cj z?dvSrI&J^Q)**@m}F?ec40{Vn%C&yuXZj?irn0VHz53vmjT;T$ym`a2 z{x5%@|7DXUmtQVRei!ndiD|{19i8cQe?K0%ZRorCr67ll+n4)0YV7K@maqT3U^ye> zgZbI|b1I}~`Yd~BdSUr0t!2xXC*C#-S}DTS>J;y0^R=@gon>sqD4?TLMG;P{617l-h9r3cYx9;4@$^PHz!qn-qX!F7Hn=9F6 zYJRcY`^U(q7n@ftdwNrVhRCaB=|++})^&R=z4VF0XKBzuL34Y1e&5Riy>1UJ{0_gK zT`w-RE&u+vZ)GpOeEnL=&@QiVyfEvTWnZ(8+U1fxbFKacuXvuA^1S%ZzjyAr>mTjP z`;Zp)xp~UzrwOx`WtQ?kOHngQ{K6{>ocWFV)>o4x|(A2!pqgeb;K6FwtDoj;)U^?|LNCDn=h<;%~rnh?}GIE zt$j7cyWgg+?mw`&eD={t|IbhQSRpelRdM?1R=15h+B4qCOZL8tTl(r|?2D=KUKQ_t zumAY`^?R9Y+uPd~uF~?k+_Ff+l(GA$643Cof)Tdo=Rebbp1*#6iS2_8e^U=vDqC-F z{9FHeS+%%6V`zNZ?seTUdg6P+LQQvMZp{51aoxDS`mflz>t7o#20dPXTB%>|LDa*| z$@!b*=ilGe`d^Or85LX>T>q5rrZmw*|Cpm}mSjPB`F8Qg3-~^YXu*q#Qgg$jyUWid w$y`~;c>eRP-~BQ#VjgLRSg?seikpATIa7Lf_SPD&0G5>up00i_>zopr02b_!-2eap literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/paloalto-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/paloalto-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..fbd16e8c9c665a3316ee8b171c0849f074f2ff25 GIT binary patch literal 1900 zcmcJQYd8~%AICShVIrACZgnuXu$B#TjmR~3)`dl^!;stNHn+cuEQN}4$>o1gJjlv@ zjL=_foN|VQno!R+m+i2*|Ml*?I4{q6@%??D=kxnL&+py$o8#{0a70o`5&!@kalB~f zdFZi+iV_z)ob!GMKTYD+Mf4#&uK80yM^BBlLkNmn#mDYw;9rJv6W>EJDDOjT3e&uV|NA$^=hU;7Tll=VgPhI3F>=KGMSAsU52zztc z-ENKM<7X`)E$?--G7^fM@9AJCX$!|J*LFea@$zK9>x)U_;VmypYTQhOeR~wCGcT2ER6o*ogUH9nWGlC);Pr!687cKyozp)Kk&9gCtm{ z7MVIF)J#;XTlx>VBvoRdW`=X;w6%%o1h~)Q9kj1wTEL#ZEiwhn*`mIT4bdP|C%9YN zOp*w6=^}R*aXz0n({7L@CS`16&i(M*MB7d2CWM1cH)!~%g8CJ8BF|~F{9|?q;C0e` za3eoyMLo+4KOSgZN=bp8)Ko7O*({ne{h_coa_P*Bn{;ggj*;H03IwqrMtl97IGNv+ zoB7>s*PusSx|X-FRFRi}3V*CvM^> zpMP_V2PYuG%9DZ)^ujVX>|m!~r=mv~ay;XM8f1;J+RbQ)PG=j!WT$(^T8424C(PFi z@cg2iZJmQ$q(TD4;~Q?4=u&d~0!Ez5fpUbBr;|fxTKJ`W;OnQw3vkKYlu(nwzGLb| zD7eflDaxduy}Bf{miV~ri^`kXDdNSi(hO5@Sv0*o2{=WZ2*9r@V(ptuR7b{9kNh$& zIh*^@gb9cYfz+6BICYb)+G4AmpQ`qMy8GpgU=Dl#l|SUu}BseVWvDRXH|gOcNE7^FDFbRW>t z`=wT@)5eH+6eFgF8*PY$)c{F~_w%HFA06FxNF@xJ>Mp?d9I(qSJo>jAPv*h7)Sbl6 zAqsYn^{XBGHA_Amm!U#Qyo+dC-Ed3U9pBPlP}x3G2bAy~-P5dSS-JOY!KEQG`q3o8 zU+dYcDxp%J;d#NN-gSvu+?M-5=XtnxI$i<)at84VH$<0`bI?1VS=F`Z7MDXc+qg4zyuxlh}DMpv+N~=U6-s;3gDfuhcw26R^y0jc)O|h;F>=OmCWG z3O|3@$+VTgm7g&x2(lQd-=BPIDemi1$nZn3|A&J_;6zNeT}^wv+on2l5)DFhS&YZN zysMTPO9_-7TNzoJzwC%!`LxkMY}W(-T7kZiS)W-^j4#PE@0~!O>^zMv z{a`+(?9|XsLs)s07Fk){L9?Peu2s2GMxhY!)NPxICl!W*2=rnb!9?x);$wsLhH9J+ zR+Jk|Mzhjp!{3gPUv6QLTU|#>i|4E(@$oKa&poRFTSg4u@@S&&Lq&=JJ`7wzaJDPF zT*~3|wTG6dvm0f+kX)y9I2kS6N{(wPgWo!U_{DoOG2anzevy#tJh8BN`ODeLQ)UrJ zRKH`YrR5FMpHGZe;q{4)gzArxrbuVic%%fAtbZlo`c^3C^RRm}jEn}S;zdg}1X@oQ z*L&NP6I+`CDvETPnn&*|Y6aduE%zc#TG7z8z>hXFpue8m^~z&`2nyd!q_m2ItPenS z3XhFZBY@DBvM3X2M#d}9C@IQ9WIv!<5Yc63%UJN9hbc-yXOWg328l|8o5noFj{Q}5 z)4j13rEy0ulK&m&f~1T|K)^h4Ds{KpN#XMQ^|VT*3yn4pWOV#PXmhy}#&hQ$X7M?9 z`N_-J*x4)eEG76aT^(a!|C+kLrur__+A4tEQx%iCoBM-D*m(a(Wu))F8~2CJkzH=p yI-9bybe2^qLUphIBkWqd<|B+dQtxNi90=ic(ne~B>!F8D32?mNX4iNgllgyyQh{** literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/symantec-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/symantec-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..856c312fcda74b4f7cc6cadbaba91ef3315fd69d GIT binary patch literal 2629 zcmcgu`9IX_7atk>zPpx@(pa*kXXpoC>jf8A5X@;1wOUPE_ z4lxSJeyw3Lb{a0epML%R0r&Mf=Q-y*&v~8KdCvPhujeE?J6Q|x%J70fAOTw&3l~6! z{bFuTVEy>djy)iF!fdXGgFuq!eleS^i_!+L$rWMiXvwv}BP1erarAZIAmFxOYhmj8 zpkS@=YOokhJ}LH1CIL-bdI=Z8zO%7x_W4?`H8K{gwwnkxa3Pg<1?&@-U)t-;scP}iUG`+<2 z4l8Nv8po3uT&8th^)t;=9B8z1^c98v)BE0{FoX1513mYAn(4R|!47&iI505$jwZ-C z-X!lF>xG*VeSFUJh%dBbyuQWfV7r~S!@gwy~qpTYP~5+t~sqWxwmwPxW1QPg_ZSCydakx9@DmkS~KC zP^*OU$ZVh`h~DNry8x@U7Cg42hZt|0_I&l!RwV`Z;svCvJOyft8=iDW_`ZPA{6rr! zF^u>F`iV8k+b92J05r{;3H^Ghs0y&k69T^{TU}0_PlksTQ z7SqGxXuypP)LiKcKnI-q&d-y#g?%7s<4|ecCs9RJG2ufxG1ey(#-bC?x zruPg#pPjw+MqV(9_@=RB;8EOKNou%%9m>omSKIa}!A5CtDa^aE&tHG(UK60248iL4 z+0%2Tdnk&ku3V?_*IwNMrrDO&f**i!Ve4~al??U5 znRV+-rJ7C7zrEuAF#9J$f6PxAl73d0`*bF)*!F2LLw_$4I|t-oFP3caEit8Meh?;5 zUT%g&Ld$X;9TKgC8f#8jN`3V5t|G<03((J|`IUX|mU{gGQ(7o5Kg`&4PMUI(#~P#+ z8n@rp8*5RhK0+W6^}aJk+4NhDLrf+n?E^lWc$&js+jQt-Q}Dk;LxFG2qYR)1qD z|Cvkg79Njxwo`45Vd+fhUb=*=!AIyjUd-jMFyDX7PS(NiCke^>tl;&b%20 zVH#zD_W8M+dvSvm1KPT^Ofmr_2q)l7K^=j_eQ9Fv`hI@zBw{(J-*Ud@^Pycpa;^H= zOxkIgw7IOa)+iwrfqAB3^tYeW?$2G%@y$n{v$D3{UaLa^or{8q5*-k5mW2@dyXC%yCVI?q)r>}Nn}QEw7Yrz`^Xre2oLMx7TM;?vv*lKIHEA{ z-e8XGieQ>6uj5m2Lu+f^s+(V!H|TSqIH*{K7k;>o=H%jpH+A*8jM#1P*DYRmr4x=?{RuCR_Q%SV*vZ8-$m81(z>E&mYJS84CW#tQS zqk*V(s|z2y`J^P5k}Bc7H#?ziE#Dtqi_d zqE8z`3550b;(L7l?C~Mbmz0!HS~G0?rZS(Go0U-;*t0*v;k)$XZCEf>-rqhDz-JIf z4gM{7Max)QqjQ9&RkvnwhRtL2^XRA>*37gbb#)! zNYO!RkuIsM&u#9;|2X=x8(-!&ok(5SEJi{4Mb$lw|C}souY36Bs~|#%Kk389;nA;a zv}jB7XFK8m41uD?7!?K0nrQ4;`7T=B!Q4LNUwHq_LsLDv&@h}c!v>rn{4>TV;qdVD z=mg)`3asJ71Fs-2ZE>8DK_3)Zt8Sj{@7{tH_@L}mz4vwsvm*kcnmO#&c zrh}BYZdgf~T0cT+L^N)3t@wV#73m@t+ zkwj0uHqAdm1i2=zi7)16xh3Zr4~97ZLUCa-Szx}tT!7%}s2#}?rWBo=nz5_CsND$f21Y=Tt)-Ji IrI|PGf45WFVE_OC literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/threatconnect-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/threatconnect-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..f06fcc75896ea85084af68618bcbc31456b5f89f GIT binary patch literal 1986 zcmc&#hgZ{C8jX&Sk-C6{A}dN01*s7tQbeN?`T!zo#G#`@`LWahiGs)^OE8;>0YeQU z1|}mzS)!q3=t3yNFj5RXumK5)2$2%X{@nc|=A3)qcg{WUymQ|7-TNNF+w;1joVFYU z0#QV{Abr3JeC4;Y;MzUA;RcqYfXl6T2n1&Mm4{G12A@C?nt<}S3SBs=tRiy?f&aw| zRDw`QXTOx9)#4!h@%vhjN`=$a$+tw4ABiavcjS)#G6@i7HL24o=s!uu$h$RtBIUM~ z7x=pQ((>2ik9qXWw?zQpT!U7VA)o7Oi@x->pzN80jk=26wn`iF&FRp}=$8J`sTe-V zVnk%bHj1uo{p46JJ5j2yEDA!Dlh%TP%s3m@Ej+Vc=3+tH(W9cy?c{1#|e&0 z3t1)0R4IfTXB=!#c`ZfFyo`^|DNYX59gmGzJ#RP00;N#FZlAuqk5<3;;U1?Q0&wy3 zpVnBZFc85F+-qr4^m5n($Y-t$Z(_@!wB3(CAkB<rGDBbL3r1b??IKNgIvj^HRrwa0*f{LxA}=Z?#O+<$YLx$msd*2hx{@)w`Jd;x`XR>y13a zy)5H|D-I#<9v);D0|=l4h45I1fV&!FiEG%0&w*>fVPQ|AY~0N9zoB~@&mxpq(IJ|$ ztzzFQzxKVJtL4KdONZh`lNTTb1OF*kOZivJM=@J6x|#L?+WU=#f_^ihnn%R}oZ(1s zv-~xzE{|0kU6}4T)Zeera9fdES7VwJT#FZAkmcXiO_;8w6g_BgWus+Jo*+>M!f)MK zadf%x^s!jlKQzQg3_6xM>kLO8Tk?gGMR6y-Ha$@Q!(|8jdGWm@AY6gme$rCJ3Dq%SHu4A zJ1oF)M8(7$wy?E*BW}!S4z7Lo;e&Q<05QO{8{E_tY)LFfn}Izm_B`D@*Y?M()NwfS znM9I^9_xzJ866#UF;F#7J?ek+=9;~7Pn_{FIn8WmJ@RZH)dbQRYza{%9P#z_y)siz zmPy)g=vw9Mv74;-k0kGJkA3%}ri)EsSX^A~X{jj}9Fz=?)j>4N=SIcG@-Zh$1YiOQ zNIi6GIxP~e?QfY-Kgo)AA2~vwirH*wniRsiW} zp_}ySYV*1s<=(!i@=CS=1@)+e?euOiO*&=5o{FIi2|CW0S57}Z!q4M|<>iUGrz7F* zA-XIjC^c1#*_(eND$sRb``yEH1YYIOMCy?<#=bp^3Am;@9yi$D6l;a)3}ys|34cGm zJh}5|@Cy_otUf4mF=+4HO}?gO^9wNubklvTnbwYi`!@M_W9RQO7v#+#p8t{Fpa%dfMO~+PShhIXMA& zSF8M9cpGP3_9{ZCxSAZ33$>zI(8N7kH0y}LNnVYF#95zYY(}IDes&XR%+Tv6u*Uew zlu`oU#NBNF8NnP!sbx3~PE+L}!uPi0Qm(G%LH|0kWZC@HM3j|-gU4Cw;YQkOqgh^< zrGrDRSc+~*rLx%<&|`~B!{tGFPyuK_&~{W;aGD*K^gAkTp!qx3?URy|Q58Nfea_6U zAtb5A{>(0s$c&ACIx#T;2vb`IB`agJ;^M`vHU69=6Op-P%AN1dJ+9-Jjv$(E>GX!G zj=(z*3^a0iOI7h>_3;3%{LS;V*sTct?g4rpC>d@7Y-3QTk1w7r5s)jcD+r{ z?^c|ce(l2CN7y-c8)w!HBhPHlbWRs0_IOH8UeZm#oxFDCGifD-KZ-}T}|sHHEY zaj;ADXLG{`P`T?ee2Ap-4$`FvD4h~ZC`iXjN-T(^NGvTOT}w)rfGl;$MM|U=7FfC$ zkZ$gtKj412_ruIQlh4d=-k4{gul3XcB+Mi@I5+@J4HZLd>G@wGBEaSY%ct7dg4k2T z+#3gnp7+0mt7*t{gl#1B(bQEXTqmZWA|_N5b?n5!p^nv5Q8xC^!Q_54Gv4YLRNTrj z&#;jY7UbllqoeekEjF>Upaw*1)2dGLf&(VAQ7AsK9o@WA-R$O;3vmAV`HrpE%|f%x zM6r80v^92s*PsaZtEwc-mX;3B-f3(^ZtFfQAz`FkmOE2(d~oY_=o}d12Ht(p+ak9h zEpM`6GOIF4=V^H)&k7mglMn#+2J|cDKJ&iyXCjX(%3iDv#ewnINM;^X8p-=50<{h> z9s5xUi4*u_o<6vbSuMM9)EPv(|G(A2wNk#2R|a&g4*K?q6OzWduPD1Ymw;_BL0Mz` z6#M<=!$0W1F1QY=n_eyoybMC$!QWMB+bczlb^C3}Y;`Q;zfXkcoM&ymY0g_vFPF;@ zd;AAVx);^YxL$qJ@fl6xUs4@rb$DmBBqX3jsdVO*-U|D!@fop7)o7NQxsgoIGQ)s( zd2mx}_bpC`<9S%V?hS4@*J?+=_)_;%{3;ih<+I!n>yLj4Ih~_FM~C`>viFlTw`sKX zei_HXT?!&Agw&%Hbsa@>mu{<#u zyfkVPp~|TTS5$bol@mQh;ryacKBS^9SXt8$pHG?ava1;J9VcPVnL`aP2N zZLWLRr;-Gau|v2oXropOJT!P>Bb}ZEY!?#|>F6+zt`~nm8b3?s{BUF;=EU;!vM=f; z0!?f-JEP>V2p%CovsM{M(KXuJ?iNJ(iv|}@))W?&lT?(-yA6GXj_74anv2_}lI64+ zj{dA<2wEMy>p8@0lCyua4$1f3Vyk$m;+gM0VLCgHup+Ou4LK{*%MR@>4ztV1kfhIk zRk}E#TxNR$<+vd2qWPU(o)u#tDXwr;8OM>dlWa2mdUV|HA8b(c(jg*p;$P*y8;P-u z$hybqg=}d5Q}7Dp-%b5%b;OnIPki3ibb_M^8){_Zn^2&IWnY=p#+alsWrnP$Fb%c3 zP2-K<>A&e_-8I`1N83rzIJTsfWD{efv0rxCL{fxC?>@!&ZlEk-o}Ttxa{`IhQs%Eg zB`ubRR90_r=|H@~z*OGMxePLyF}WE(3kTmFllgUW9?hOY!F>hqjMZ4WvFD#TMIC;AfI!inN;_FAQKg39pgx<#q+Vqn3w55 zomf4`{ZO6#_ZLR>_kHOm-IOV5{k@I#j3auVf?2nv0U)$I~3 zr+3(+CCO&l+!0(f-zZ=sJ|#Ko;5uW}X2OEU&T%bTv}Q4W$zZ}}eKOQx*(f2SJ8Dj* z92ig-r<(@1fO#&2l0}~Bb~;%FJno`-P0bqzTgl_E1?lo4oo)UenVZGamvz)sf0Zgh zCDDCq5i12o1GBVNzQ1CH`}Fi5U`P;m1BdM_w3*#a>%^9OAqvGp0g?@dd=k5*+moTy z`51@sO#P(iI&p8~>B)nGQ%CtPF7Ix)MlW+i`Gz!1e(|XFm0Eiv6t3TbCW*u|hK6%g zqjv^^1miKL=2o3-*|rz06;DVWWtG;SObw=5zSsdV1<-WSP;wTbUpGX)_*2AQPzo+D zUoY0Pv3K1CJY&w*KUh)n731o0E8DJeB;_z=sK-p*heBU=(f;Pt8etWOeys=lEN!?( zM@DLje@)NS^?zMHximHRGI$Om&(<)Q7QGie3-d+|-5F1T7C+$zP<7E#TC3;?N<`_j zR|2PgdzO=U8zZM3VraToO^w15FLe z!OUtC2-wKr$8PG)CK=S5p{FRdsD+QS9hxg|q~JS!?0QqVe=Ep3!q6l{qVgiSJ3}-{ zAo$>OW@bqLzY8{#ZK~)Sx(L=6R*?gXs%YQOx+V}1oApKJt9S95pB{J7zox}&FyfOC zl#VB-@J`Mma14j4W}2(Kxsk=Vc@bhk15QDG4UqjtgJVED7idcXI@@X&=m{FE#m8fO z#u@%Soc*OqTT28prx0YbSl3QPr$T%F`WQnyor*iJ@DF)5FAaZf&W1%wCl{JK%dL8< zX-fX#Dan825EYdE@s{>|R%E}mqk*He!M_x;m|O_U)dtGB`3D#AMQ5$rv~dRsM!+Fm zzrNG9EY>aX){|Y2IkBp>IileeAHOe2ubrXA{+?j7k+IRlTJxa^p7K$^vo$QH@Kh$t z-P^k(N{97QfYDfS=|LbR=QnDASSn#d-7_K#^N4u?U$u6dGpT_zTOV;Z5)Tva@sWT?IftDWgIZhDjEv^!NIzn(5y!EokC2$VhLS+MRnlFfou8aJ1mUY2`jR~S0Ow6?P;gOfH7ve^m*(G`TK<_cfouEPxZI8V0|*`qjrI} zL`(9g>{w50Jlv-$<=6Mj^ur6Nzqx}Ua5nRA^~2)W=aG1( zXr@jyZ2Ppfx*7lvoOG978F=4O`kvEgg9e|fayn+n6;@OfJ~lR1W7*sCO>>fxm$-3G z=XKJSkN}-(VMz&o(S(MlXWgX8uy_O3^j5QpiE8m&!QhoNj{Bt2O5NL8k6_)v_N_gp zi$m1lp5ncjzQUawz3|9J$Wma+hDTR8kLDP~0$Y51e0$xgYUj;@w_Y|3Xq;+V=e9?$ zrLFy4-Zut;01{BJ>uetBGw4pw56u8M+C2_Kuj5nz{%1Va5_x;i02_}92NG7+n`b%Wcy<+M;3Q2f&vYqRUT4t7l7nG4PKY^_yG zAa=Qe*76KqtB~aFZRdT+vxr4;0F=pCn+|a^U$ID9`9diG%%yLqa$Dp{e zkp^U>d96i_4%`)J0ku?A+}_oOtW`S6DkujZ~E)$%uTb8#WYGW$dBR~cv-=$^5)Csb5a`8&zMfDP+I{9z(b z3Mwhp))vuPW`>46$1Uj1uL4H?7=Fb<55?K(W6s!!h>sr;4RLb|Qn>EoKShW$b@+@y zs+4#wht-y`vYN?6}oj?q@0Y;QSCA6B~oDY>F=5b}qA|#A78Vj0XTD zr6vC${nxB@Bo1byC^LXoIb+C&)HilNYxUo3DX9+!3v!SHq~=T8M__PG)O!fS0j#YpYheN3tlGrO%Zms=>Tp&uEz8>3 zC5hl4)}*5PI`V61rKRf%P*PGdCa4MmEm{5*!TA__V$nIO{Ec%AWO{;Z+F7hfnQ1m* z&$}g3yt!ggQB{@0fXei!*xAQS33#u1+!DXwMb$Y>I&O|@L_|uuR&;kGAn)}B|0ikNk9cx;cwL<+{rVFC znTbi^A)i35(k#7yCNr-tb<*|X{*i8gG{y37_rP(wz^upCBQK?y}Aep;`D7l*1~`D%{r=Pnnb3Tei0A zoS9!QXL*82X8tDO9I|BDnS(^iIy(MbipfuvOls%VHaj0w{Cgh>7|B*dJ9S?B@Hrl| z|HR&X{oim3WSaviuX>`mq93lItlxI<92H_ow{QbhOrc`##`d zTGf@F2-1BNJUud!pjJenb!q75l^7$LPNsYWF%7?AU43Yy)0q6pA+kPvvP?gvMRwd_ znVd74D{(YK+1N*NZ)WqR>7Uc@p%f}AqMycG&kyE?pQ11EVLW1rGA(cQDcj_!a&vR1 zW@pjoKMnmN&d(t@TwL5&vs-yZ9$mq=+i9j(e-q!?Sq8t@8qY6V-!?F5KOsj4Z9Z$i zT{WDkdb4pJ{znp^YLJu59-7wjr$_c_72avJGftc#UjUs1X?@xbsEZa%}AT6mc49lsiLb+RY z%_9*PR{nX1SUJM68;oDO2)TWHRXJPdFia1jqo<~&{X&36ak9K{JjZCZ`oPf&<3f`Z z3}{<#wh;WiK)ZeK6{S8`nUj5zf>8D%9MZVGu$5C;Q(Dvf4ZGyiFHvxhYZ2{lDeJgi7WW!a&HH6rI*Ev7`Cc)Il@;)o; zn;N?FAWBF|N-C$OqQ|y=*;BR-g^6R5h~$)c{E$8Dwd&97Yr3n!{ygK$moKPqcaG07 zS~oq-bQKl5jdRg?ULA;oftVJx#oWLq6x?0WhXIrK8uY_uvy9NYFu0}qD3+SSJp@u$ z7QCn}wLRRhw-<(+AYvU_M9R3l{fI!eE%g6b9i;mR0@a}u9&BUu4p+h9X>V}>1l(Ag zK5nqPm=?%|t4w+VV^D01?lMx~tjJYQyuMn$yGG9FN6Gfv&H01Xq4HtjOVEjlE3T^$ Z-VCibosS?l*qvPfA)Lud&#I~GyI9VST3Adbpt9EpV14s~>0Ra=o!w$apGG(zdD z3L0%6WiUcrA+d-n?kjGqT4!rEZ2AZ6uk$|7dpz$C@B2RQ^?BswiB^<{$O8bN=!S9j zk?5GOd_hJcdlwIWkSMtr%+0?8fSUeS2D$mbK1!Ujac&+ivMX|6chpY8^O_-%Dl0IoZJvVZ@>dHMHENp7N?S2>A z_r{HM9`AdA(zVo4W`F;6^a3YG6lAPk<-w5gRuxQ6Y8<45gj`jSL3KAnl`^;Xf7)ia z8-y9>_pcmx>1D@SX&D+Bb-y8Vp9{DB)(c>AFFl#bVo<#~f!o~sEpL4~mJEOJU;l6} z{o(OF6PaLz_rEVom)$2kU$CXTe_yn_Ham5wx=?QQr;3#y+IQrr&uy^x?pcqFj$XY$ zHLGf9P_?(Ww~ASG98N0YOEdm0(=-FU+e*E%xVOsh8yHA8q+N7@hd-W*%;;LW(99X# zbbj!Fv)8kF_xQvyR(Dv9oScs^X&PyO)itjkeg#H?PtZi8z z@MwzFU(7ry+naq@74dnkmF%?b{;V1`vf?(psRF@^w780mTvTV~=S#KD zDYeeATfnklZD%YNtfb>mXOu6JRyhwc$d?0#M@Fc3W*S4zPQ@`cOkQ!vmw)ubL5mZw z0;+3jI@v+3%criw@$rz+Dv#>wYDYXCLizC%%uUiaU*9UyeoLVfAJroTV1>R(EoCH^ z36;9jIBPYNq}*}BO;`WW5IQVO|K#MvD=3IwP@pQIbUUb&Nw$x->d#O9Q(CIk zK7@ki=D{jhEIEK^4)LphBgiq4ljM<-lFEU}MK#%mBT4W&3UYjmWqdYlC965HrhA(CHi6jt__BAjo>x>9`)xGfMIh)LH-^T_+NEwH8XD#m@SLeewZ`~}%IOT4o8dR# zJWAS9fT3qw;=g@r98?1tK0XLH)gZpZ=N1;OA`C_>yd*Lfj|HtpfNJd^@aDTOETTcCuMys+`L9uS#te0X?>6hj1iD{ zBelt$gobzToa%*LL{p;pL*0>9S)Y+XQij7zeZ?N&bFI#wIVDTUGr%&Yyuun>+bH(A@lfrN$tba(=|qX zJ|E@knz4|wr>qg>P&+Q4&HcG2OFdHz34PYl&K!%|Bn_k@D!-gSZ!rJXkGyS4X(p(Ly^5?_-$jf9_$8hJz1-?7e&j{$oD% z{{aUUXDVp)Us=(~NdHpmyh(we^QG5U6nOy(*L_0Ttvdtxp}wEkkeNnH&=GKR@pNW? HN2LA_iX(Ay literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index eadee9a3b6..0cced2f956 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -38,82 +38,71 @@ Microsoft Defender ATP seamlessly integrates with existing security solutions - Logo |Partner name | Description :---|:---|:--- -![Image of AttackIQ logo](images/attackiq-logo.png)| AttackIQ Platform | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets -![Image of Azure Sentinel logo](images/sentinel-logo.png)|AzureSentinel | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel -![Image of Cymulate logo](images/cymulate-logo.png) | Cymulate| Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions -![Image of Elastic security logo](images/elastic-security-logo.png) | Elastic Security | Elastic Security is a free and open solution for preventing, detecting, and responding to threats -![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | IBM QRadar | Configure IBM QRadar to collect detections from Microsoft Defender ATP -![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | Micro Focus ArcSight | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections -![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | RSA NetWitness | Stream Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API -![Image of SafeBreach logo](images/safebreach-logo.png) |SafeBreach| Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations -![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | Skybox Vulnerability Control | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network and threat context to uncover your riskiest vulnerabilities -![Image of Splunk logo](images/splunk-logo.png) | Splunk | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk -![Image of XM Cyber logo](images/xmcyber-logo.png) | XM Cyber | Prioritize your response to an alert based on risk factors and high value assets. +![Image of AttackIQ logo](images/attackiq-logo.png)| [AttackIQ Platform](https://go.microsoft.com/fwlink/?linkid=2103502) | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets +![Image of Azure Sentinel logo](images/sentinel-logo.png)| [AzureSentinel](https://go.microsoft.com/fwlink/?linkid=2135705) | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel +![Image of Cymulate logo](images/cymulate-logo.png) | [Cymulate](https://go.microsoft.com/fwlink/?linkid=2135574)| Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions +![Image of Elastic security logo](images/elastic-security-logo.png) | [Elastic Security](https://go.microsoft.com/fwlink/?linkid=2139303) | Elastic Security is a free and open solution for preventing, detecting, and responding to threats +![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | [IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903) | Configure IBM QRadar to collect detections from Microsoft Defender ATP +![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | [Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548) | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections +![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | [RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566) | Stream Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API +![Image of SafeBreach logo](images/safebreach-logo.png) | [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)| Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations +![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | [Skybox Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2127467) | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network and threat context to uncover your riskiest vulnerabilities +![Image of Splunk logo](images/splunk-logo.png) | [Splunk](https://go.microsoft.com/fwlink/?linkid=2129805) | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk +![Image of XM Cyber logo](images/xmcyber-logo.png) | [XM Cyber](https://go.microsoft.com/fwlink/?linkid=2136700) | Prioritize your response to an alert based on risk factors and high value assets. ### Orchestration and automation Logo |Partner name | Description :---|:---|:--- -![Image of CyberSponse CyOps logo](images/cybersponse-logo.png) | CyberSponse CyOps | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks -![Image of Delta Risk ActiveEye logo](images/delta-risk-activeeye-logo.png) | Delta Risk ActiveEye | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform. ActiveEye -![Image of Demisto, a Palo Alto Networks Company logo](images/demisto-logo.png) | Demisto, a Palo Alto Networks Company | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response -![Image of Microsoft Flow & Azure Functions logo](images/ms-flow-logo.png) | Microsoft Flow & Azure Functions | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures -![Image of Rapid7 InsightConnect logo](images/rapid7-logo.png) | Rapid7 InsightConnect | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes -![Image of ServiceNow logo](images/servicenow-logo.png) | ServiceNow | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration -![Image of Swimlane logo](images/swimlane-logo.png) | Swimlane | Maximize incident response capabilities utilizing Swimlane and Microsoft Defender ATP together +![Image of CyberSponse CyOps logo](images/cybersponse-logo.png) | [CyberSponse CyOps](https://go.microsoft.com/fwlink/?linkid=2115943) | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks +![Image of Delta Risk ActiveEye logo](images/delta-risk-activeeye-logo.png) | [Delta Risk ActiveEye](https://go.microsoft.com/fwlink/?linkid=2127468) | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform, ActiveEye. +![Image of Demisto, a Palo Alto Networks Company logo](images/demisto-logo.png) | [Demisto, a Palo Alto Networks Company](https://go.microsoft.com/fwlink/?linkid=2108414) | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response +![Image of Microsoft Flow & Azure Functions logo](images/ms-flow-logo.png) | [Microsoft Flow & Azure Functions](https://go.microsoft.com/fwlink/?linkid=2114300) | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures +![Image of Rapid7 InsightConnect logo](images/rapid7-logo.png) | [Rapid7 InsightConnect](https://go.microsoft.com/fwlink/?linkid=2116040) | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes +![Image of ServiceNow logo](images/servicenow-logo.png) | [ServiceNow](https://go.microsoft.com/fwlink/?linkid=2135621) | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration +![Image of Swimlane logo](images/swimlane-logo.png) | [Swimlane](https://go.microsoft.com/fwlink/?linkid=2113902) | Maximize incident response capabilities utilizing Swimlane and Microsoft Defender ATP together +### Threat intelligence - - - - - - - -![Image of logo](images/-logo.png) | - - -![Image of logo](images/-logo.png) | - - -![Image of logo](images/-logo.png) | - - - - - - - - -Partner name | Description |Category +Logo |Partner name | Description :---|:---|:--- -|AzureSentinel | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel |Security information and analytics -|Elastic Security | Elastic Security is a free and open solution for preventing, detecting, and responding to threats.|Security information and analytics -|AttackIQ Platform | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets|Security information and analytics -|Skybox Vulnerability Control | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network threat context to uncover your riskiest vulnerabilities.|Security information and analytics -| Splunk | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk |Security information and analytics -|IBM QRadar | Configure IBM QRadar to collect detections from Microsoft Defender ATP |Security information and analytics -|Cymulate | Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions |Security information and analytics -| HP ArcSight |Use HP ArcSight to pull Microsoft Defender ATP detections |Security information and analytics -|SafeBreach | Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations|Security information and analytics -| RSA NetWitness| Steam Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API|Security information and analytics -| XM Cyber| Prioritize your response to an alert based on risk factors and high value assets.|Security information and analytics - Demisto, a Palo Alto Networks Company|Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response|Orchestration and automation - |||Orchestration and automation - |||Orchestration and automation - |||Orchestration and automation - |||Orchestration and automation - |||Orchestration and automation - |||Orchestration and automation -Palo Alto Networks |Enrich your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender ATP using MineMeld|Threat intelligence -ThreatConnect | Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender ATP connectors |Threat intelligence -MISP (Malware Information Sharing Platform) | Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Microsoft Defender ATP environment| Threat intelligence - |||Network security - ||| Cross platform -||| Additional integrations - ||| Manages security service providers +![Image of MISP Malware Information Sharing Platform)logo](images/misp-logo.png) | [MISP (Malware Information Sharing Platform)](https://go.microsoft.com/fwlink/?linkid=2127543) | Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Microsoft Defender ATP environment +![Image of Palo Alto Networks logo](images/paloalto-logo.png) | [Palo Alto Networks](https://go.microsoft.com/fwlink/?linkid=2099582) | Enrich your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender ATP using MineMeld +![Image of ThreatConnect logo](images/threatconnect-logo.png) | [ThreatConnect](https://go.microsoft.com/fwlink/?linkid=2114115) | Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender ATP indicators + + + +### Network security +Logo |Partner name | Description +:---|:---|:--- +![Image of Aruba ClearPass Policy Manager logo](images/aruba-logo.png) | [Aruba ClearPass Policy Manager](https://go.microsoft.com/fwlink/?linkid=2127544) | Ensure Microsoft Defender ATP is installed and updated on each endpoint before allowing access to the network +![Image of Blue Hexagon for Network logo](images/bluehexagon-logo.png) | [Blue Hexagon for Network](https://go.microsoft.com/fwlink/?linkid=2104613) | Blue Hexagon has built the industry's first real-time deep learning platform for network threat protection +![Image of CyberMDX logo](images/cybermdx-logo.png) | [CyberMDX](https://go.microsoft.com/fwlink/?linkid=2135620) | Cyber MDX integrates comprehensive healthcare assets visibility, threat prevention and repose into your Microsoft Defender ATP environment +![Image of Vectra Network Detection and Response (NDR) logo](images/vectra-logo.png) |[Vectra Network Detection and Response (NDR)](https://go.microsoft.com/fwlink/?linkid=866934)| Vectra applies AI & security research to detect and respond to cyber-attacks in real time + + +### Cross platform +Logo |Partner name | Description +:---|:---|:--- +![Image of Bitdefender logo](images/bitdefender-logo.png)| [Bitdefender](https://go.microsoft.com/fwlink/?linkid=860032)| Bitdefender GravityZone is a layered next generation endpoint protection platform offering comprehensive protection against the full spectrum of sophisticated cyber threats +![Image of Better Mobile logo](images/bettermobile-logo.png) | [Better Mobile](https://go.microsoft.com/fwlink/?linkid=2086214)| AI based MTD solution to stop mobile threats & phishing. Private internet browsing to protect user privacy +![Image of Corrata logo](images/corrata-logo.png)| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution - Protect your mobile devices with granular visibility and control from Corrata +![Image of Lookout logo](images/lookout-logo.png)| [Lookout](https://go.microsoft.com/fwlink/?linkid=866935)| Get Lookout Mobile Threat Protection telemetry for Android and iOS mobile devices +![Image of Symantec Endpoint Protection Mobile logo](images/symantec-logo.png) | [Symantec Endpoint Protection Mobile](https://go.microsoft.com/fwlink/?linkid=2090992)| SEP Mobile helps businesses predict, detect and prevent security threats and vulnerabilities on mobile devices +![Image of Zimperium logo](images/zimperium-logo.png)| [Zimperium](https://go.microsoft.com/fwlink/?linkid=2118044)|Extend your Microsoft Defender ATP to iOS and Android with Machine Learning-based Mobile Threat Defense + + +## Additional integrations +Logo |Partner name | Description +:---|:---|:--- +![Image of Cyren Web Filter logo](images/cyren-logo.png)| [Cyren Web Filter](https://go.microsoft.com/fwlink/?linkid=2108221)| Enhance your Microsoft Defender ATP with advanced Web Filtering +![Image of Morphisec logo](images/morphisec-logo.png)| [Morphisec](https://go.microsoft.com/fwlink/?linkid=2086215)| Provides Moving Target Defense-powered advanced threat prevention and integrates forensics data directly into WD Security Center dashboards to help prioritize alerts, determine device at-risk score and visualize full attack timeline including internal memory information +![Image of THOR Cloud logo](images/nextron-thor-logo.png)| [THOR Cloud](https://go.microsoft.com/fwlink/?linkid=862988)| Provides on-demand live forensics scans using a signature base with focus on persistent threats + + + ## SIEM integration Microsoft Defender ATP supports SIEM integration through a variety of methods - specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management. For more information, see [Enable SIEM integration](enable-siem-integration.md). From 269eb52fe6447b34c5eeaf9637b2e7c0560b8a57 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 15 Sep 2020 10:50:48 -0700 Subject: [PATCH 074/115] add mobile devices --- .../microsoft-defender-atp/partner-applications.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index 0cced2f956..a7afe9429d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -128,4 +128,4 @@ Microsoft Defender ATP allows you to integrate with such solutions and act on Io Microsoft Defender ATP currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators. ## Support for non-Windows platforms -Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. +Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms, including mobile devices. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. From 9212521ecaa7f7eb147f1c2054d5fdbc7028c58b Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 15 Sep 2020 11:20:41 -0700 Subject: [PATCH 075/115] branding --- .../microsoft-defender-atp/partner-applications.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index a7afe9429d..dbf3e9b53b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -38,9 +38,9 @@ Microsoft Defender ATP seamlessly integrates with existing security solutions - Logo |Partner name | Description :---|:---|:--- -![Image of AttackIQ logo](images/attackiq-logo.png)| [AttackIQ Platform](https://go.microsoft.com/fwlink/?linkid=2103502) | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets +![Image of AttackIQ logo](images/attackiq-logo.png)| [AttackIQ Platform](https://go.microsoft.com/fwlink/?linkid=2103502) | AttackIQ Platform validates Microsoft Defender ATP is configured properly by launching continuous attacks safely on production assets ![Image of Azure Sentinel logo](images/sentinel-logo.png)| [AzureSentinel](https://go.microsoft.com/fwlink/?linkid=2135705) | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel -![Image of Cymulate logo](images/cymulate-logo.png) | [Cymulate](https://go.microsoft.com/fwlink/?linkid=2135574)| Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions +![Image of Cymulate logo](images/cymulate-logo.png) | [Cymulate](https://go.microsoft.com/fwlink/?linkid=2135574)| Correlate Microsoft Defender ATP findings with simulated attacks to validate accurate detection and effective response actions ![Image of Elastic security logo](images/elastic-security-logo.png) | [Elastic Security](https://go.microsoft.com/fwlink/?linkid=2139303) | Elastic Security is a free and open solution for preventing, detecting, and responding to threats ![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | [IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903) | Configure IBM QRadar to collect detections from Microsoft Defender ATP ![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | [Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548) | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections @@ -48,7 +48,7 @@ Logo |Partner name | Description ![Image of SafeBreach logo](images/safebreach-logo.png) | [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)| Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations ![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | [Skybox Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2127467) | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network and threat context to uncover your riskiest vulnerabilities ![Image of Splunk logo](images/splunk-logo.png) | [Splunk](https://go.microsoft.com/fwlink/?linkid=2129805) | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk -![Image of XM Cyber logo](images/xmcyber-logo.png) | [XM Cyber](https://go.microsoft.com/fwlink/?linkid=2136700) | Prioritize your response to an alert based on risk factors and high value assets. +![Image of XM Cyber logo](images/xmcyber-logo.png) | [XM Cyber](https://go.microsoft.com/fwlink/?linkid=2136700) | Prioritize your response to an alert based on risk factors and high value assets ### Orchestration and automation From cf489095e060eb3808badc97ddb803072e2e2c51 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 12:06:40 -0700 Subject: [PATCH 076/115] Update automated-investigations.md --- .../microsoft-defender-atp/automated-investigations.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 807094bae7..23a09e73f8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -75,15 +75,15 @@ You can configure the following levels of automation: |Automation level | Description| |---|---| -|**Full - remediate threats automatically** | All remediation actions are performed automatically.

***This option is recommended** and is selected by default for Microsoft Defender ATP tenants created on or after August 16, 2020, and have no device groups defined.
If you do have a device group defined, you will also have a device group called **Ungrouped devices (default)**, which will be set to **Full - remediate threats automatically**.*| +|**Full - remediate threats automatically** | All remediation actions are performed automatically.

***This option is recommended** and is selected by default for Microsoft Defender ATP tenants that were created on or after August 16, 2020, and that have no device groups defined.
If you do have a device group defined, you will also have a device group called **Ungrouped devices (default)**, which will be set to **Full - remediate threats automatically**.*| |**Semi - require approval for core folders remediation** | An approval is required on files or executables that are in the operating system directories such as Windows folder and Program files folder.

Files or executables in all other folders are automatically remediated, if needed.| |**Semi - require approval for non-temp folders remediation** | An approval is required on files or executables that are not in temporary folders.

Files or executables in temporary folders, such as the user's download folder or the user's temp folder, are automatically be remediated (if needed).| -|**Semi - require approval for any remediation** | An approval is needed for any remediation action.

*This option is selected by default for Microsoft Defender ATP tenants created before August 16, 2020, and have no device groups defined.
If you do have a device group defined, you will also have a device group called **Ungrouped devices (default)**, which will be set to **Semi - require approval for any remediation**.*| +|**Semi - require approval for any remediation** | An approval is needed for any remediation action.

*This option is selected by default for Microsoft Defender ATP tenants that were created before August 16, 2020, and that have no device groups defined.
If you do have a device group defined, you will also have a device group called **Ungrouped devices (default)**, which will be set to **Semi - require approval for any remediation**.*| |**No automated response** | Devices do not get any automated investigations run on them.

***This option is not recommended**, because it fully disables automated investigation and remediation capabilities, and reduces the security posture of your organization's devices.* | > [!IMPORTANT] -> A few points of clarification regarding automation levels and default settings: +> Regarding automation levels and default settings: > - If your tenant already has device groups defined, the automation level settings are not changed for those device groups. > - If your tenant was onboarded to Microsoft Defender ATP *before* August 16, 2020, and you have not defined a device group, your organization's default setting is **Semi - require approval for any remediation**. > - If your tenant was onboarded to Microsoft Defender ATP *before* August 16, 2020, and you do have a device group defined, you also have an **Ungrouped devices (default)** device group that is set to **Semi - require approval for any remediation**. From 008840d52d4b72e1ba018671bcb7a732aa8db600 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 12:09:36 -0700 Subject: [PATCH 077/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 913a4d215c..9fc6c51bfa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -15,13 +15,16 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual +ms.date: 09/15/2020 --- # Review and approve actions following an automated investigation ## Remediation actions -When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat and resulting verdict, remediation actions occur automatically or upon approval by your organization’s security operations team. For example, some actions, such as removing malware, are taken automatically. Other actions require review and approval to proceed. +When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's device groups are configured, remediation actions occur automatically or upon approval by your organization’s security operations team. + +For example, some actions, such as removing malware, are taken automatically. Other actions require review and approval to proceed. When a verdict of *Malicious* is reached for a piece of evidence, Microsoft Defender Advanced Threat Protection takes one of the following remediation actions automatically: - Quarantine a file From 5b300417ffcdadc035e0e4e84089b74e914ac6a9 Mon Sep 17 00:00:00 2001 From: Jonathan Herlin Date: Tue, 15 Sep 2020 21:44:36 +0200 Subject: [PATCH 078/115] Fix bold marking The "C" was not in bold --- windows/deployment/update/waas-wufb-group-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index 8707f69961..fc80d55002 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -68,7 +68,7 @@ Drivers are automatically enabled because they are beneficial to device systems. #### I want to receive pre-release versions of the next feature update 1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates. -2. Use Group Policy Management Console to go to: C**omputer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage preview builds** and set the policy to **Enable preview builds** for any of test devices you want to install pre-release builds. +2. Use Group Policy Management Console to go to: **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage preview builds** and set the policy to **Enable preview builds** for any of test devices you want to install pre-release builds. 3. Use Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received**. In the **Options** pane, use the pulldown menu to select one of the preview builds. We recomment **Windows Insider Program Slow** for commercial customers using pre-release builds for validation. 4. Select **OK**. From bf4c470e1062e42c924cd7fb2591298897793e42 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 12:46:29 -0700 Subject: [PATCH 079/115] Update manage-auto-investigation.md --- .../manage-auto-investigation.md | 30 +++++++++++-------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 9fc6c51bfa..c18c7cb3ae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -22,11 +22,13 @@ ms.date: 09/15/2020 ## Remediation actions -When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's device groups are configured, remediation actions occur automatically or upon approval by your organization’s security operations team. +When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. -For example, some actions, such as removing malware, are taken automatically. Other actions require review and approval to proceed. +For example, suppose that your organization's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, your security operations team must review and approve all remediation actions. -When a verdict of *Malicious* is reached for a piece of evidence, Microsoft Defender Advanced Threat Protection takes one of the following remediation actions automatically: +Now suppose that you've changed your organization's device groups so that they are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. + +When an automated investigation determines an artifact is malicious, the following remediation actions are taken or recommended: - Quarantine a file - Remove a registry key - Kill a process @@ -35,7 +37,7 @@ When a verdict of *Malicious* is reached for a piece of evidence, Microsoft Defe - Disable a driver - Remove a scheduled task -Evidence determined as *Suspicious* results in pending actions that require approval. As a best practice, make sure to [approve (or reject) pending actions](#review-pending-actions) as soon as possible so that you automated investigations complete in a timely manner. +Artifacts that are determined to be *Suspicious* result in pending actions that require approval. As a best practice, make sure to [approve (or reject) pending actions](#review-pending-actions) as soon as possible so that you automated investigations complete in a timely manner. No actions are taken when a verdict of *No threats found* is reached for a piece of evidence. @@ -43,22 +45,22 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and ## Review pending actions -1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. You'll see the Security dashboard. +1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. You'll see the [Security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard). -2. On the Security dashboard, in the navigation pane on the left, choose **Automated investigations** > **Action center**. +2. On the Security operations dashboard, in the navigation pane on the left, choose **Automated investigations** > **Action center**. 3. Review any items on the **Pending** tab. - Select an investigation from any of the categories to open a panel where you can approve or reject remediation actions. Other details such as file or service details, investigation details, and alert details are displayed. From the panel, you can click on the **Open investigation page** link to see the investigation details. - - You can also select multiple investigations to approve or reject actions on multiple investigations. - + - Select an investigation from any of the categories to open a panel where you can approve or reject remediation actions. + - Other details such as file or service details, investigation details, and alert details are displayed. + - From the panel, you can click on the **Open investigation page** link to see the investigation details. + - You can also select multiple investigations to approve or reject actions on multiple investigations. ## Review completed actions -1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. You'll see the Security dashboard. +1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. You'll see the [Security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard). -2. On the Security dashboard, in the navigation pane on the left, choose **Automated investigations** > **Action center**. +2. On the Security operations dashboard, in the navigation pane on the left, choose **Automated investigations** > **Action center**. 3. Select the **History** tab. (If need be, expand the time period to display more data.) @@ -74,6 +76,8 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and ## Related articles +- [How threats are remediated in automated investigation & remediation (Microsoft Defender Advanced Threat Protection)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated) + - [Automated investigation and response in Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air) -- [Automated investigation and response in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-autoir) \ No newline at end of file +- [Self-healing in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-autoir) \ No newline at end of file From 54f227e7bac9d89ab1a4ef65b2f636043c830f3a Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 15 Sep 2020 13:06:02 -0700 Subject: [PATCH 080/115] add limit --- .../microsoft-defender-atp/run-advanced-query-api.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md index 2625952949..a33a2c88fd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md @@ -28,6 +28,7 @@ ms.topic: article 2. The results will include a maximum of 100,000 rows. 3. The number of executions is limited per tenant: up to 15 calls per minute, 15 minutes of running time every hour and 4 hours of running time a day. 4. The maximal execution time of a single request is 10 minutes. +5. 429 response will represent reaching quota limit either by number of requests or by CPU. The 429 response body will also indicate the time until the quota is renewed. ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) From 656e1c23d93229e30f3645f5e2d6f897935f271c Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 15 Sep 2020 13:09:41 -0700 Subject: [PATCH 081/115] 10 min --- .../microsoft-defender-atp/run-advanced-query-api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md index a33a2c88fd..f0f6228bbe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md @@ -26,7 +26,7 @@ ms.topic: article ## Limitations 1. You can only run a query on data from the last 30 days. 2. The results will include a maximum of 100,000 rows. -3. The number of executions is limited per tenant: up to 15 calls per minute, 15 minutes of running time every hour and 4 hours of running time a day. +3. The number of executions is limited per tenant: up to 10 calls per minute, 10 minutes of running time every hour and 4 hours of running time a day. 4. The maximal execution time of a single request is 10 minutes. 5. 429 response will represent reaching quota limit either by number of requests or by CPU. The 429 response body will also indicate the time until the quota is renewed. From 4e6dc0647bf81760e1d845aba855ae2e5ab2cb24 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 13:30:39 -0700 Subject: [PATCH 082/115] Update manage-auto-investigation.md --- .../manage-auto-investigation.md | 30 +++++++++++-------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index c18c7cb3ae..ee6dc39e0d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -24,25 +24,31 @@ ms.date: 09/15/2020 When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. -For example, suppose that your organization's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, your security operations team must review and approve all remediation actions. +For example, suppose that your organization's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, your security operations team must review and approve all remediation actions. (See [Review pending actions](#review-pending-actions).) -Now suppose that you've changed your organization's device groups so that they are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. +Now suppose that you've changed your organization's device groups so that they are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).) -When an automated investigation determines an artifact is malicious, the following remediation actions are taken or recommended: -- Quarantine a file -- Remove a registry key -- Kill a process -- Stop a service -- Remove a registry key -- Disable a driver -- Remove a scheduled task +### Automated investigation results and remediation actions -Artifacts that are determined to be *Suspicious* result in pending actions that require approval. As a best practice, make sure to [approve (or reject) pending actions](#review-pending-actions) as soon as possible so that you automated investigations complete in a timely manner. +The following table summarizes remediation actions following an automated investigation with several examples. -No actions are taken when a verdict of *No threats found* is reached for a piece of evidence. +|Device group setting | Automated investigation results | What to do | +|:---|:---|:---| +|**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence.

Depending on the artifact, one of the following remediation actions are taken automatically:
- Quarantine a file
- Remove a registry key
- Kill a process
- Stop a service
- Remove a registry key
- Disable a driver
- Remove a scheduled task |[Review completed actions](#review-completed-actions). | +|**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). | +|**Semi - require approval for any remediation** |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. |[Approve (or reject) pending actions](#review-pending-actions). | +|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is not in an operating system directory, remediation actions are taken automatically. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions).| +|**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).| +|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions). | +|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions). | +|Any of the following:
- **Full - remediate threats automatically**
- **Semi - require approval for any remediation**
- **Semi - require approval for core folders remediation**
- **Semi - require approval for non-temp folders remediation** |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions). +> [!TIP] +> To learn more about remediation actions following an automated investigation, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated). + + ## Review pending actions 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. You'll see the [Security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard). From c5162f723441a7d4a70efebd0f25f24e7d0b8654 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 13:32:18 -0700 Subject: [PATCH 083/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index ee6dc39e0d..487483bc1b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -80,10 +80,3 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and - [Get an overview of live response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/live-response) -## Related articles - -- [How threats are remediated in automated investigation & remediation (Microsoft Defender Advanced Threat Protection)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated) - -- [Automated investigation and response in Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air) - -- [Self-healing in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-autoir) \ No newline at end of file From 2400ac320cc19fa81fd54e511f469603a5a4bff0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 13:35:37 -0700 Subject: [PATCH 084/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 487483bc1b..2cf7d4c157 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -41,7 +41,7 @@ The following table summarizes remediation actions following an automated invest |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).| |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions). | |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions). | -|Any of the following:
- **Full - remediate threats automatically**
- **Semi - require approval for any remediation**
- **Semi - require approval for core folders remediation**
- **Semi - require approval for non-temp folders remediation** |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | +|Full or semi automation |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions). From bbc4577e68064278462151d173d2c5cec9bb50e6 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 13:39:26 -0700 Subject: [PATCH 085/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 2cf7d4c157..9c1f7a4a15 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -22,15 +22,15 @@ ms.date: 09/15/2020 ## Remediation actions -When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. +When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. Here are two examples: -For example, suppose that your organization's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, your security operations team must review and approve all remediation actions. (See [Review pending actions](#review-pending-actions).) +- Example 1: Contoso's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, Contoso's security operations team must review and approve all remediation actions. (See [Review pending actions](#review-pending-actions).) -Now suppose that you've changed your organization's device groups so that they are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).) +- Example 2: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).) ### Automated investigation results and remediation actions -The following table summarizes remediation actions following an automated investigation with several examples. +The following table summarizes remediation actions following an automated investigation, and how device group settings affect whether actions are taken automatically or upon approval. |Device group setting | Automated investigation results | What to do | |:---|:---|:---| From 32e68562c541701899b2ebd314e6a9a5e9d026ac Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 13:49:57 -0700 Subject: [PATCH 086/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 9c1f7a4a15..dd00d1c8bd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -41,7 +41,7 @@ The following table summarizes remediation actions following an automated invest |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).| |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions). | |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions). | -|Full or semi automation |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | +|Any of the Full or Semi automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions). From 4e9c1ff56237743fc5e4b571f1cd1d37e922db6f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 13:51:42 -0700 Subject: [PATCH 087/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index dd00d1c8bd..ca76752f2b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -37,7 +37,7 @@ The following table summarizes remediation actions following an automated invest |**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence.

Depending on the artifact, one of the following remediation actions are taken automatically:
- Quarantine a file
- Remove a registry key
- Kill a process
- Stop a service
- Remove a registry key
- Disable a driver
- Remove a scheduled task |[Review completed actions](#review-completed-actions). | |**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). | |**Semi - require approval for any remediation** |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. |[Approve (or reject) pending actions](#review-pending-actions). | -|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is not in an operating system directory, remediation actions are taken automatically. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions).| +|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is not in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).| |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions). | |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions). | From fc24c73b42a041c80148886e6ffed1c2e6ce62ef Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 13:55:42 -0700 Subject: [PATCH 088/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index ca76752f2b..4c638eb8a0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -37,7 +37,7 @@ The following table summarizes remediation actions following an automated invest |**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence.

Depending on the artifact, one of the following remediation actions are taken automatically:
- Quarantine a file
- Remove a registry key
- Kill a process
- Stop a service
- Remove a registry key
- Disable a driver
- Remove a scheduled task |[Review completed actions](#review-completed-actions). | |**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). | |**Semi - require approval for any remediation** |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. |[Approve (or reject) pending actions](#review-pending-actions). | -|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is not in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | +|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).| |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions). | |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions). | From e9a3f4d701277de3c1b249fc8311c8556e9b6899 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 13:56:39 -0700 Subject: [PATCH 089/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 4c638eb8a0..ade960182c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -39,7 +39,7 @@ The following table summarizes remediation actions following an automated invest |**Semi - require approval for any remediation** |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. |[Approve (or reject) pending actions](#review-pending-actions). | |**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).| -|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions). | +|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions). | |Any of the Full or Semi automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | From 932eddb092500716984bea894205bf95d10ab24c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 13:57:17 -0700 Subject: [PATCH 090/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index ade960182c..85f5deb547 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -40,7 +40,7 @@ The following table summarizes remediation actions following an automated invest |**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).| |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | -|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).

[Approve (or reject) pending actions](#review-pending-actions). | +|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | |Any of the Full or Semi automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions). From e083cf68d8004659195e813523ca5d3f195b37d0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 13:58:20 -0700 Subject: [PATCH 091/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 85f5deb547..30b904712a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -39,9 +39,9 @@ The following table summarizes remediation actions following an automated invest |**Semi - require approval for any remediation** |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. |[Approve (or reject) pending actions](#review-pending-actions). | |**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).| -|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | +|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable and **is** in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | -|Any of the Full or Semi automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | +|Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions). From 558839c67d4e40c9fd5717262841f7388ed2a9eb Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 14:00:51 -0700 Subject: [PATCH 092/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 30b904712a..c9b7b643f7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -37,9 +37,9 @@ The following table summarizes remediation actions following an automated invest |**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence.

Depending on the artifact, one of the following remediation actions are taken automatically:
- Quarantine a file
- Remove a registry key
- Kill a process
- Stop a service
- Remove a registry key
- Disable a driver
- Remove a scheduled task |[Review completed actions](#review-completed-actions). | |**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). | |**Semi - require approval for any remediation** |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. |[Approve (or reject) pending actions](#review-pending-actions). | -|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | +|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).| -|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable and **is** in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | +|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable that **is** in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | |Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | From 874f9948b6f28a02aad092b13fb3eb684ff9d999 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 14:01:56 -0700 Subject: [PATCH 093/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index c9b7b643f7..1346b2eed7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -57,10 +57,9 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and 3. Review any items on the **Pending** tab. - - Select an investigation from any of the categories to open a panel where you can approve or reject remediation actions. - - Other details such as file or service details, investigation details, and alert details are displayed. - - From the panel, you can click on the **Open investigation page** link to see the investigation details. - - You can also select multiple investigations to approve or reject actions on multiple investigations. +4. Select an investigation from any of the categories to open a panel where you can approve or reject remediation actions. + + Other details such as file or service details, investigation details, and alert details are displayed. From the panel, you can click on the **Open investigation page** link to see the investigation details. You can also select multiple investigations to approve or reject actions on multiple investigations. ## Review completed actions From f3e39080044f891a7531e2f906a808c14a2996ee Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 14:04:18 -0700 Subject: [PATCH 094/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 1346b2eed7..9954bce34d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -37,10 +37,10 @@ The following table summarizes remediation actions following an automated invest |**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence.

Depending on the artifact, one of the following remediation actions are taken automatically:
- Quarantine a file
- Remove a registry key
- Kill a process
- Stop a service
- Remove a registry key
- Disable a driver
- Remove a scheduled task |[Review completed actions](#review-completed-actions). | |**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). | |**Semi - require approval for any remediation** |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. |[Approve (or reject) pending actions](#review-pending-actions). | -|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | +|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [Review completed actions](#review-completed-actions). | |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).| -|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable that **is** in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | -|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | +|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable that **is** in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [Review completed actions](#review-completed-actions). | +|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [Review completed actions](#review-completed-actions). | |Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions). From adffeaaf1f32a9513a6795bd5c04e88a07da02fe Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 14:06:27 -0700 Subject: [PATCH 095/115] Update manage-auto-investigation.md --- .../manage-auto-investigation.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 9954bce34d..5304516d5f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -28,13 +28,22 @@ When an automated investigation runs, a verdict is generated for each piece of e - Example 2: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).) +Whether taken automatically or upon approval, remediation actions include the following: +- Quarantine a file +- Remove a registry key +- Kill a process +- Stop a service +- Remove a registry key +- Disable a driver +- Remove a scheduled task + ### Automated investigation results and remediation actions The following table summarizes remediation actions following an automated investigation, and how device group settings affect whether actions are taken automatically or upon approval. |Device group setting | Automated investigation results | What to do | |:---|:---|:---| -|**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence.

Depending on the artifact, one of the following remediation actions are taken automatically:
- Quarantine a file
- Remove a registry key
- Kill a process
- Stop a service
- Remove a registry key
- Disable a driver
- Remove a scheduled task |[Review completed actions](#review-completed-actions). | +|**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence.

Appropriate remediation actions are taken automatically. |[Review completed actions](#review-completed-actions). | |**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). | |**Semi - require approval for any remediation** |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. |[Approve (or reject) pending actions](#review-pending-actions). | |**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [Review completed actions](#review-completed-actions). | From b93b78e88f273d9654f478b9db7009ecf9558031 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 15 Sep 2020 14:08:51 -0700 Subject: [PATCH 096/115] Replaced some hyphens with em dashes --- .../microsoft-defender-atp/partner-applications.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index dbf3e9b53b..374a74cd95 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -29,7 +29,7 @@ Microsoft Defender ATP supports third-party applications to help enhance the det The support for third-party solutions help to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender ATP; enabling security teams to effectively respond better to modern threats. -Microsoft Defender ATP seamlessly integrates with existing security solutions - providing out of the box integration with SIEM, ticketing and IT service management solutions, managed security service providers (MSSP), IoC indicators ingestions and matching, automated device investigation and remediation based on external alerts, and integration with Security orchestration and automation response (SOAR) systems. +Microsoft Defender ATP seamlessly integrates with existing security solutions — providing out of the box integration with SIEM, ticketing and IT service management solutions, managed security service providers (MSSP), IoC indicators ingestions and matching, automated device investigation and remediation based on external alerts, and integration with Security orchestration and automation response (SOAR) systems. ## Supported applications @@ -88,7 +88,7 @@ Logo |Partner name | Description :---|:---|:--- ![Image of Bitdefender logo](images/bitdefender-logo.png)| [Bitdefender](https://go.microsoft.com/fwlink/?linkid=860032)| Bitdefender GravityZone is a layered next generation endpoint protection platform offering comprehensive protection against the full spectrum of sophisticated cyber threats ![Image of Better Mobile logo](images/bettermobile-logo.png) | [Better Mobile](https://go.microsoft.com/fwlink/?linkid=2086214)| AI based MTD solution to stop mobile threats & phishing. Private internet browsing to protect user privacy -![Image of Corrata logo](images/corrata-logo.png)| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution - Protect your mobile devices with granular visibility and control from Corrata +![Image of Corrata logo](images/corrata-logo.png)| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution — Protect your mobile devices with granular visibility and control from Corrata ![Image of Lookout logo](images/lookout-logo.png)| [Lookout](https://go.microsoft.com/fwlink/?linkid=866935)| Get Lookout Mobile Threat Protection telemetry for Android and iOS mobile devices ![Image of Symantec Endpoint Protection Mobile logo](images/symantec-logo.png) | [Symantec Endpoint Protection Mobile](https://go.microsoft.com/fwlink/?linkid=2090992)| SEP Mobile helps businesses predict, detect and prevent security threats and vulnerabilities on mobile devices ![Image of Zimperium logo](images/zimperium-logo.png)| [Zimperium](https://go.microsoft.com/fwlink/?linkid=2118044)|Extend your Microsoft Defender ATP to iOS and Android with Machine Learning-based Mobile Threat Defense @@ -105,7 +105,7 @@ Logo |Partner name | Description ## SIEM integration -Microsoft Defender ATP supports SIEM integration through a variety of methods - specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management. For more information, see [Enable SIEM integration](enable-siem-integration.md). +Microsoft Defender ATP supports SIEM integration through a variety of methods — specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management. For more information, see [Enable SIEM integration](enable-siem-integration.md). ## Ticketing and IT service management Ticketing solution integration helps to implement manual and automatic response processes. Microsoft Defender ATP can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API. @@ -118,7 +118,7 @@ Microsoft Defender ATP offers unique automated investigation and remediation cap Integrating the automated investigation and response capability with other solutions such as IDS and firewalls help to address alerts and minimize the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices. -External alerts can be pushed into Microsoft Defender ATP and is presented side-by-side with additional device-based alerts from Microsoft Defender ATP. This view provides a full context of the alert - with the real process and the full story of attack. +External alerts can be pushed into Microsoft Defender ATP and is presented side-by-side with additional device-based alerts from Microsoft Defender ATP. This view provides a full context of the alert — with the real process and the full story of attack. ## Indicators matching You can use threat-intelligence from providers and aggregators to maintain and use indicators of compromise (IOCs). From 4da3f1440c4a423058c7567cf616a7605d6204e4 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 14:13:51 -0700 Subject: [PATCH 097/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 5304516d5f..a6d412497f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -22,11 +22,13 @@ ms.date: 09/15/2020 ## Remediation actions -When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. Here are two examples: +When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. Here are a few examples: -- Example 1: Contoso's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, Contoso's security operations team must review and approve all remediation actions. (See [Review pending actions](#review-pending-actions).) +- Example 1: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).) -- Example 2: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).) +- Example 2: Contoso's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, Contoso's security operations team must review and approve all remediation actions. (See [Review pending actions](#review-pending-actions).) + +- Example 3: Tailspin Toys has their device groups set to **No automated response** (this is not recommended). In this case, automated investigations do not occur. As a result, no remediation actions are taken or pending, and no actions are logged in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center) for their devices. Whether taken automatically or upon approval, remediation actions include the following: - Quarantine a file From 9f2753e4b6aecee95be389980854f74d4173f6dd Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 14:16:04 -0700 Subject: [PATCH 098/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index a6d412497f..e0b0e8a7e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -51,7 +51,7 @@ The following table summarizes remediation actions following an automated invest |**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [Review completed actions](#review-completed-actions). | |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).| |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable that **is** in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [Review completed actions](#review-completed-actions). | -|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [Review completed actions](#review-completed-actions). | +|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions). | |Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions). From 86ac068c96411bcd3ad8935df3529efbfc73abc6 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 14:17:28 -0700 Subject: [PATCH 099/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index e0b0e8a7e3..3b1d959206 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -48,9 +48,9 @@ The following table summarizes remediation actions following an automated invest |**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence.

Appropriate remediation actions are taken automatically. |[Review completed actions](#review-completed-actions). | |**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). | |**Semi - require approval for any remediation** |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. |[Approve (or reject) pending actions](#review-pending-actions). | -|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [Review completed actions](#review-completed-actions). | +|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is *not* in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [Review completed actions](#review-completed-actions). | |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).| -|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable that **is** in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [Review completed actions](#review-completed-actions). | +|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable that *is* in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [Review completed actions](#review-completed-actions). | |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions). | |Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | From 3ac3ca726b0d4d6e2fd154e8218c3ab09ab44f95 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 14:19:50 -0700 Subject: [PATCH 100/115] fixes --- .../microsoft-defender-atp/automated-investigations.md | 2 +- .../microsoft-defender-atp/manage-auto-investigation.md | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 23a09e73f8..d1f5cbfd59 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -106,7 +106,7 @@ You can configure the following levels of automation: - [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide) -## Related articles +## See also - [Automated investigation and response in Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 3b1d959206..6147a7bacc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -88,5 +88,3 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and - [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center) -- [Get an overview of live response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/live-response) - From 7fde4edef7f73701aa2826764359323583031b23 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 14:20:55 -0700 Subject: [PATCH 101/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 6147a7bacc..24e354ee68 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -22,7 +22,9 @@ ms.date: 09/15/2020 ## Remediation actions -When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. Here are a few examples: +When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. + +### Examples showing how device groups affect remediation actions - Example 1: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).) From 052d817f030c3a8e6d9ade4ff420988b5981c398 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 14:22:09 -0700 Subject: [PATCH 102/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 24e354ee68..6153ebe0fb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -22,7 +22,11 @@ ms.date: 09/15/2020 ## Remediation actions -When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. +When an [automated investigation](automated-investigations.md) runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. + +Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. + +Read this article to learn more about remediation actions and what to do when an automated investigation has completed. ### Examples showing how device groups affect remediation actions From b1a31b6e86301adaf28dfd74506bda8b1bb18d0f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 14:23:15 -0700 Subject: [PATCH 103/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 6153ebe0fb..b7e6725f75 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -47,7 +47,7 @@ Whether taken automatically or upon approval, remediation actions include the fo ### Automated investigation results and remediation actions -The following table summarizes remediation actions following an automated investigation, and how device group settings affect whether actions are taken automatically or upon approval. +The following table summarizes remediation actions following an automated investigation, how device group settings affect whether actions are taken automatically or upon approval, and what to do in each case. |Device group setting | Automated investigation results | What to do | |:---|:---|:---| From 01a125d39195313c607ac5d24fe119d9eaf8e9d6 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 14:26:06 -0700 Subject: [PATCH 104/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index b7e6725f75..bfb0da0089 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -34,7 +34,7 @@ Read this article to learn more about remediation actions and what to do when an - Example 2: Contoso's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, Contoso's security operations team must review and approve all remediation actions. (See [Review pending actions](#review-pending-actions).) -- Example 3: Tailspin Toys has their device groups set to **No automated response** (this is not recommended). In this case, automated investigations do not occur. As a result, no remediation actions are taken or pending, and no actions are logged in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center) for their devices. +- Example 3: Tailspin Toys has their device groups set to **No automated response** (this is not recommended). In this case, automated investigations do not occur. As a result, no remediation actions are taken or pending, and no actions are logged in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center) for their devices. (See [Manage device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups#manage-device-groups)) Whether taken automatically or upon approval, remediation actions include the following: - Quarantine a file From e72abf32ff17b0ca89b6c05bcc7f9de7c4f1befa Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 14:27:35 -0700 Subject: [PATCH 105/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index bfb0da0089..93be6e31f7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -24,11 +24,7 @@ ms.date: 09/15/2020 When an [automated investigation](automated-investigations.md) runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. -Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. - -Read this article to learn more about remediation actions and what to do when an automated investigation has completed. - -### Examples showing how device groups affect remediation actions +Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. Here are a few examples: - Example 1: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).) From 75f7218e49b363f9848de99b770aeb51f5afbfe6 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 15:02:19 -0700 Subject: [PATCH 106/115] Update mcafee-to-microsoft-defender-setup.md --- .../mcafee-to-microsoft-defender-setup.md | 23 ++++++++++++++----- 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md index 9d3017e042..bea43bc071 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md @@ -18,7 +18,7 @@ ms.collection: - m365solution-mcafeemigrate ms.topic: article ms.custom: migrationguides -ms.date: 09/03/2020 +ms.date: 09/15/2020 ms.reviewer: jesquive, chventou, jonix, chriggs, owtho --- @@ -31,11 +31,12 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho **Welcome to the Setup phase of [migrating from McAfee Endpoint Security (McAfee) to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This phase includes the following steps: 1. [Enable Microsoft Defender Antivirus and confirm it's in passive mode](#enable-microsoft-defender-antivirus-and-confirm-its-in-passive-mode). -2. [Add Microsoft Defender ATP to the exclusion list for McAfee](#add-microsoft-defender-atp-to-the-exclusion-list-for-mcafee). -3. [Add McAfee to the exclusion list for Microsoft Defender Antivirus](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-antivirus). -4. [Add McAfee to the exclusion list for Microsoft Defender ATP](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-atp). -5. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units). -6. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection). +2. [Get updates for Microsoft Defender Antivirus](#get-updates-for-microsoft-defender-antivirus). +3. [Add Microsoft Defender ATP to the exclusion list for McAfee](#add-microsoft-defender-atp-to-the-exclusion-list-for-mcafee). +4. [Add McAfee to the exclusion list for Microsoft Defender Antivirus](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-antivirus). +5. [Add McAfee to the exclusion list for Microsoft Defender ATP](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-atp). +6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units). +7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection). ## Enable Microsoft Defender Antivirus and confirm it's in passive mode @@ -135,6 +136,16 @@ Microsoft Defender Antivirus can run alongside McAfee if you set Microsoft Defen > [!NOTE] > You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. +## Get updates for Microsoft Defender Antivirus + +Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques, even if Microsoft Defender Antivirus is running in [passive mode](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). + +There are two types of updates related to keeping Microsoft Defender Antivirus up to date: +- Security intelligence updates +- Product updates + +To get your updates, follow the guidance in [Manage Microsoft Defender Antivirus updates and apply baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus). + ## Add Microsoft Defender ATP to the exclusion list for McAfee This step of the setup process involves adding Microsoft Defender ATP to the exclusion list for McAfee and any other security products your organization is using. From a9f2d72cd6905cb2124707447695fbdda810204f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 15 Sep 2020 15:07:43 -0700 Subject: [PATCH 107/115] Update mcafee-to-microsoft-defender-setup.md --- .../mcafee-to-microsoft-defender-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md index bea43bc071..e49e6193d3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md @@ -138,7 +138,7 @@ Microsoft Defender Antivirus can run alongside McAfee if you set Microsoft Defen ## Get updates for Microsoft Defender Antivirus -Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques, even if Microsoft Defender Antivirus is running in [passive mode](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). +Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques, even if Microsoft Defender Antivirus is running in [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). There are two types of updates related to keeping Microsoft Defender Antivirus up to date: - Security intelligence updates From 0038b9f7be7930a0864c42cf77fc2fac4e040220 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 16 Sep 2020 09:36:05 -0700 Subject: [PATCH 108/115] Update manage-auto-investigation.md --- .../manage-auto-investigation.md | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 93be6e31f7..9c0685559d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -1,5 +1,5 @@ --- -title: Review and approve actions following automated investigations in the Microsoft Defender Security Center +title: Review and approve remediation actions following automated investigations in the Microsoft Defender Security Center description: Review and approve (or reject) remediation actions following an automated investigation. keywords: autoir, automated, investigation, detection, dashboard, source, threat types, id, tags, devices, duration, filter export search.product: eADQiWindows 10XVcnh @@ -18,21 +18,25 @@ ms.topic: conceptual ms.date: 09/15/2020 --- -# Review and approve actions following an automated investigation +# Review and approve remediation actions following an automated investigation ## Remediation actions -When an [automated investigation](automated-investigations.md) runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. +When an [automated investigation](automated-investigations.md) runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on +- the type of threat, +- the resulting verdict, and +- how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, +remediation actions can occur automatically or only upon approval by your organization’s security operations team. -Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. Here are a few examples: +Here are a few examples: -- Example 1: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).) +- Example 1: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious following an automated investigation. (See [Review completed actions](#review-completed-actions).) -- Example 2: Contoso's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, Contoso's security operations team must review and approve all remediation actions. (See [Review pending actions](#review-pending-actions).) +- Example 2: Contoso's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, Contoso's security operations team must review and approve all remediation actions following an automated investigation. (See [Review pending actions](#review-pending-actions).) - Example 3: Tailspin Toys has their device groups set to **No automated response** (this is not recommended). In this case, automated investigations do not occur. As a result, no remediation actions are taken or pending, and no actions are logged in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center) for their devices. (See [Manage device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups#manage-device-groups)) -Whether taken automatically or upon approval, remediation actions include the following: +Whether taken automatically or upon approval, remediation actions following an automated investigation include the following: - Quarantine a file - Remove a registry key - Kill a process @@ -55,6 +59,7 @@ The following table summarizes remediation actions following an automated invest |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable that *is* in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [Review completed actions](#review-completed-actions). | |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions). | |Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | +|**No automated response** (this is not recommended)|No automated investigations run, so no verdicts are reached, and no remediation actions are taken or awaiting approval. |[Consider setting up or changing your device groups to use **Full** or **Semi** automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) | In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions). From f122567282487301f2c4a4a151981c348160f9f5 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 16 Sep 2020 09:36:43 -0700 Subject: [PATCH 109/115] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 9c0685559d..e7b2094044 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -22,10 +22,14 @@ ms.date: 09/15/2020 ## Remediation actions -When an [automated investigation](automated-investigations.md) runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on +When an [automated investigation](automated-investigations.md) runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. + +Depending on + - the type of threat, - the resulting verdict, and - how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, + remediation actions can occur automatically or only upon approval by your organization’s security operations team. Here are a few examples: From fe87a002e0d8bf9b947c931e08202fb3571919ad Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 16 Sep 2020 09:38:07 -0700 Subject: [PATCH 110/115] Update manage-auto-investigation.md --- .../manage-auto-investigation.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index e7b2094044..2b613f1c5c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -55,14 +55,14 @@ The following table summarizes remediation actions following an automated invest |Device group setting | Automated investigation results | What to do | |:---|:---|:---| -|**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence.

Appropriate remediation actions are taken automatically. |[Review completed actions](#review-completed-actions). | -|**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). | -|**Semi - require approval for any remediation** |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. |[Approve (or reject) pending actions](#review-pending-actions). | -|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is *not* in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [Review completed actions](#review-completed-actions). | +|**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence.

Appropriate remediation actions are taken automatically. |[Review completed actions](#review-completed-actions) | +|**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions) | +|**Semi - require approval for any remediation** |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. |[Approve (or reject) pending actions](#review-pending-actions) | +|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is *not* in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions)

2. [Review completed actions](#review-completed-actions) | |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).| -|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable that *is* in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).

2. [Review completed actions](#review-completed-actions). | -|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions). | -|Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). | +|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable that *is* in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions)

2. [Review completed actions](#review-completed-actions) | +|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions) | +|Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center) | |**No automated response** (this is not recommended)|No automated investigations run, so no verdicts are reached, and no remediation actions are taken or awaiting approval. |[Consider setting up or changing your device groups to use **Full** or **Semi** automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) | In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions). From e2f4801e853925e4a68e7bf6ffe635fff8af932b Mon Sep 17 00:00:00 2001 From: mapalko Date: Wed, 16 Sep 2020 11:29:49 -0700 Subject: [PATCH 111/115] Updated Key-Trust RDP in FAQ and TOC --- .../identity-protection/hello-for-business/hello-faq.md | 2 +- windows/security/identity-protection/hello-for-business/toc.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md index 390355cb33..e6d36e6967 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.md +++ b/windows/security/identity-protection/hello-for-business/hello-faq.md @@ -28,7 +28,7 @@ Windows Hello for Business is the modern, two-factor credential for Windows 10. Microsoft is committed to its vision of a world without passwords. We recognize the *convenience* provided by convenience PIN, but it stills uses a password for authentication. Microsoft recommends customers using Windows 10 and convenience PINs should move to Windows Hello for Business. New Windows 10 deployments should deploy Windows Hello for Business and not convenience PINs. Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business. ## Can I use Windows Hello for Business key trust and RDP? -RDP currently does not support key based authentication and does not support self signed certificates. RDP with Windows Hello for Business is currently only supported with certificate based deployments. +RDP currently does not support using key based authentication and self signed certificates as supplied credentials. RDP with supplied credentials Windows Hello for Business is currently only supported with certificate based deployments. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard). ## Can I deploy Windows Hello for Business using Microsoft Endpoint Configuration Manager? Windows Hello for Business deployments using Configuration Manager should use the hybrid deployment model that uses Active Directory Federation Services. Starting in Configuration Manager version 1910, certificate-based authentication with Windows Hello for Business settings isn't supported. Key-based authentication is still valid with Configuration Manager. For more information, see [Windows Hello for Business settings in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/windows-hello-for-business-settings). diff --git a/windows/security/identity-protection/hello-for-business/toc.md b/windows/security/identity-protection/hello-for-business/toc.md index 3fe33458fc..8ec19c126f 100644 --- a/windows/security/identity-protection/hello-for-business/toc.md +++ b/windows/security/identity-protection/hello-for-business/toc.md @@ -16,10 +16,10 @@ ## [How Windows Hello for Business works](hello-how-it-works.md) ### [Technical Deep Dive](hello-how-it-works.md#technical-deep-dive) -#### [Technology and Terminology](hello-how-it-works-technology.md) #### [Device Registration](hello-how-it-works-device-registration.md) #### [Provisioning](hello-how-it-works-provisioning.md) #### [Authentication](hello-how-it-works-authentication.md) +#### [Technology and Terminology](hello-how-it-works-technology.md) ## [Planning a Windows Hello for Business Deployment](hello-planning-guide.md) From f083c2e6b9a46a806ce845b5f1b1c63fc2ad73d4 Mon Sep 17 00:00:00 2001 From: mapalko Date: Wed, 16 Sep 2020 12:13:06 -0700 Subject: [PATCH 112/115] Add Passwordless Wizard to Planning Documentation --- .../hello-for-business/hello-planning-guide.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 3fff407e34..9b11a04076 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -13,7 +13,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: conceptual -ms.date: 08/19/2018 +ms.date: 09/16/2020 ms.reviewer: --- # Planning a Windows Hello for Business Deployment @@ -25,6 +25,8 @@ Congratulations! You are taking the first step forward in helping move your orga This guide explains the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of the infrastructure. Armed with your planning worksheet, you'll use that information to select the correct deployment guide for your needs. +If you have an Azure tenant, you can use our online, interactive Passwordless Wizard which walks through the same choices instead of using our manual guide below. The Passwordless Wizard is available in the [Microsoft 365 admin center](https://admin.microsoft.com/AdminPortal/Home#/modernonboarding/passwordlesssetup). + ## Using this guide There are many options from which you can choose when deploying Windows Hello for Business. Providing multiple options ensures nearly every organization can deploy Windows Hello for Business. Providing many options makes the deployment appear complex, however, most organization will realize they've already implemented most of the infrastructure on which the Windows Hello for Business deployment depends. It is important to understand that Windows Hello for Business is a distributed system and does take proper planning across multiple teams within an organization. From 08bebdcdd5b4ad1eaae5d3e125b741bc7f6eb4db Mon Sep 17 00:00:00 2001 From: mapalko Date: Wed, 16 Sep 2020 13:00:40 -0700 Subject: [PATCH 113/115] Fix additional references for Key trust RDP --- .../hello-for-business/hello-deployment-guide.md | 2 +- .../hello-for-business/hello-feature-remote-desktop.md | 6 +++--- .../hello-for-business/hello-overview.md | 3 +-- .../hello-for-business/hello-planning-guide.md | 2 +- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index 13c1e99b51..f3f064b1d1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -52,7 +52,7 @@ The trust model determines how you want users to authenticate to the on-premises * The certificate trust model also supports enterprises which are not ready to deploy Windows Server 2016 Domain Controllers. > [!NOTE] -> Remote Desktop Protocol (RDP) does not support authentication with Windows Hello for Business key trust deployments. RDP is only supported with certificate trust deployments at this time. See [Remote Desktop](hello-feature-remote-desktop.md) to learn more. +> RDP does not support authentication with Windows Hello for Business key trust deployments as a supplied credential. RDP is only supported with certificate trust deployments as a supplied credential at this time. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard). Following are the various deployment guides and models included in this topic: - [Hybrid Azure AD Joined Key Trust Deployment](hello-hybrid-key-trust.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index e1cf05225a..0ebcd33ec5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -13,7 +13,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 09/09/2019 +ms.date: 09/16/2020 ms.reviewer: --- @@ -27,9 +27,9 @@ ms.reviewer: - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices - Certificate trust deployments -Windows Hello for Business supports using a certificate deployed to a WHFB container to a remote desktop to a server or another device. This functionality is not supported for key trust deployments. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol. +Windows Hello for Business supports using a certificate deployed to a Windows Hello for Business container as a supplied credential to establish a remote desktop connection to a server or another device. This functionality is not supported for key trust deployments. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard). -Microsoft continues to investigate supporting this feature for key trust deployments in a future release. +Microsoft continues to investigate supporting using keys trust for supplied credentials in a future release. ## Remote Desktop with Biometrics diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 5d10205e13..80d8f81611 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -94,8 +94,7 @@ For details, see [How Windows Hello for Business works](hello-how-it-works.md). Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing end user certificates can continue to use PKI in combination with Windows Hello. Enterprises that do not use PKI or want to reduce the effort associated with managing user certificates can rely on key-based credentials for Windows Hello but still use certificates on their domain controllers as a root of trust. -Windows Hello for Business with a key does not support RDP. RDP does not support authentication with a key or a self signed certificate. RDP with Windows Hello for Business is supported with certificate based deployments. - +Windows Hello for Business with a key does not support supplied credentials for RDP. RDP does not support authentication with a key or a self signed certificate. RDP with Windows Hello for Business is supported with certificate based deployments as a supplied credential. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard). ## Learn more diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 9b11a04076..1f28723cc9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -93,7 +93,7 @@ The key trust type does not require issuing authentication certificates to end u The certificate trust type issues authentication certificates to end users. Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience. Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 or later Active Directory schema](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs#directories)). Users can use their certificate to authenticate to any Windows Server 2008 R2, or later, domain controller. > [!NOTE] -> RDP does not support authentication with Windows Hello for Business key trust deployments. RDP is only supported with certificate trust deployments at this time. +> RDP does not support authentication with Windows Hello for Business key trust deployments as a supplied credential. RDP is only supported with certificate trust deployments as a supplied credential at this time. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard). #### Device registration From a03022a27ab77e8e5e3d1eb2ed58025310a09745 Mon Sep 17 00:00:00 2001 From: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> Date: Thu, 17 Sep 2020 14:48:29 +0700 Subject: [PATCH 114/115] Update bitlocker-how-to-enable-network-unlock.md --- .../bitlocker/bitlocker-how-to-enable-network-unlock.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index f537134414..5c7b1190b1 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -313,7 +313,7 @@ To turn off the unlock server, the PXE provider can be unregistered from the WDS To update the certificates used by Network Unlock, administrators need to import or generate the new certificate for the server and then update the Network Unlock certificate Group Policy setting on the domain controller. > [!NOTE] -> Machines that do not get the GPO will ask for the PIN when booting. In this case one needs to investigate and understand why the machine could not get the GPO and update the certificate. +> Servers that do not receive the Group Policy Object (GPO) will require a PIN when booting. In such cases, the reason why the server did not receive the GPO to update the certificate needs to be investigated. ## Troubleshoot Network Unlock From d7bee54c38cdd4abf1315b27b1fabb11189afba9 Mon Sep 17 00:00:00 2001 From: Jeff Borsecnik Date: Thu, 17 Sep 2020 08:51:24 -0700 Subject: [PATCH 115/115] Update hello-cert-trust-adfs.md del en-us from added link --- .../hello-for-business/hello-cert-trust-adfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index c6a05e42f4..4486823bc5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -146,7 +146,7 @@ Windows Server 2012 or later domain controllers support Group Managed Service Ac GMSA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers. Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GMSA. Before you can create a GMSA, you must first create a root key for the service. You can skip this if your environment already uses GMSA. >[!NOTE] -> If the [default object creation quota for security principles](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/d55ca655-109b-4175-902a-3e9d60833012) is set, you will need to change it for the Group Managed Service Account in order to be able to register new devices. +> If the [default object creation quota for security principles](https://docs.microsoft.com/openspecs/windows_protocols/ms-adts/d55ca655-109b-4175-902a-3e9d60833012) is set, you will need to change it for the Group Managed Service Account in order to be able to register new devices. #### Create KDS Root Key