From 460376177868cd0dfb3242d34095181241819da4 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Fri, 6 Sep 2024 12:33:03 -0600 Subject: [PATCH 01/91] Windows Sandbox TOC change --- .../application-security/application-isolation/toc.yml | 7 +------ .../application-isolation/windows-sandbox/toc.yml | 7 +++++++ 2 files changed, 8 insertions(+), 6 deletions(-) create mode 100644 windows/security/application-security/application-isolation/windows-sandbox/toc.yml diff --git a/windows/security/application-security/application-isolation/toc.yml b/windows/security/application-security/application-isolation/toc.yml index c8ed9511350..dab01100501 100644 --- a/windows/security/application-security/application-isolation/toc.yml +++ b/windows/security/application-security/application-isolation/toc.yml @@ -12,9 +12,4 @@ items: - name: App containers πŸ”— href: /virtualization/windowscontainers/about - name: Windows Sandbox - href: windows-sandbox/windows-sandbox-overview.md - items: - - name: Windows Sandbox architecture - href: windows-sandbox/windows-sandbox-architecture.md - - name: Windows Sandbox configuration - href: windows-sandbox/windows-sandbox-configure-using-wsb-file.md + href: windows-sandbox/toc.yml \ No newline at end of file diff --git a/windows/security/application-security/application-isolation/windows-sandbox/toc.yml b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml new file mode 100644 index 00000000000..c1ab7907d32 --- /dev/null +++ b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml @@ -0,0 +1,7 @@ +items: + - name: Overview + href: windows-sandbox-overview.md + - name: Windows Sandbox architecture + href: windows-sandbox-architecture.md + - name: Windows Sandbox configuration + href: windows-sandbox-configure-using-wsb-file.md From 5e324a0b1918fcf8a9218db9d4305d6f511f882c Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Mon, 9 Sep 2024 10:40:48 -0600 Subject: [PATCH 02/91] TOC draft --- .../windows-sandbox/toc.yml | 23 +++++++++++++--- .../windows-sandbox/windows-sandbox-faq.yml | 26 +++++++++++++++++++ .../windows-sandbox-install.md | 6 +++++ .../windows-sandbox-overview.md | 2 +- .../windows-sandbox-troubleshoot.md | 6 +++++ .../windows-sandbox/windows-sandbox-use.md | 6 +++++ .../windows-sandbox-versions.md | 6 +++++ 7 files changed, 70 insertions(+), 5 deletions(-) create mode 100644 windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml create mode 100644 windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md create mode 100644 windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md create mode 100644 windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-use.md create mode 100644 windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md diff --git a/windows/security/application-security/application-isolation/windows-sandbox/toc.yml b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml index c1ab7907d32..6aeb54f60e6 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/toc.yml +++ b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml @@ -1,7 +1,22 @@ items: - name: Overview href: windows-sandbox-overview.md - - name: Windows Sandbox architecture - href: windows-sandbox-architecture.md - - name: Windows Sandbox configuration - href: windows-sandbox-configure-using-wsb-file.md + items: + - name: Compare versions + href: windows-sandbox-versions.md + - name: Architecture + href: windows-sandbox-architecture.md + - name: Install Windows Sandbox + href: windows-sandbox-install.md + - name: Use Windows Sandbox + href: windows-sandbox-use.md + - name: Tutorials + items: + - name: Configuration file + href: windows-sandbox-configure-using-wsb-file.md + - name: WindowsSandbox Policy CSP + href: /windows/client-management/mdm/policy-csp-windowssandbox.md + - name: Frequently asked questions + href: windows-sandbox-faq.yml + - name: Troubleshooting + href: windows-sandbox-troubleshoot.md \ No newline at end of file diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml new file mode 100644 index 00000000000..29eb6248369 --- /dev/null +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml @@ -0,0 +1,26 @@ +### YamlMime:FAQ +metadata: + title: Windows Sandbox frequently asked questions (FAQ) + description: Use these frequently asked questions (FAQ) to learn important details about Windows Sandbox. + author: vinaypamnani-msft + ms.author: vinpa + ms.topic: faq + ms.date: 09/09/2024 + +title: Common questions about Windows Sandbox +summary: Windows Sandbox (WSB) provides a lightweight desktop environment to safely run applications in isolation. This feature provides a safe and secure space for testing and debugging apps, exploring unknown files, or experimenting with tools since software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine. + +sections: + + - name: Concepts + questions: + - question: Who can use WSB? + answer: | + WSB can be used by anyone without any technical skills in various scenarios where users need a secure, clean environment for testing or running potentially harmful software. Here are some ways in which you can leverage WSB: + + - *Clean environment for software testing*: Test or debug your applications in WSB's clean environment to identify and resolve bugs or compatibility issues. + - *Secure web browsing*: Use WSB for secure web browsing, especially when accessing unfamiliar or potentially dangerous websites without putting your system at risk of malware infection. + - *Running Untrusted Applications*: Mitigate security risks by running untrusted applications or files, such as email attachments in WSB. + - *Test software features risk-free*: Easily test out software without the need for installing or uninstalling on your host machine. + - *Maintaining multiple dev environments*: Streamline your development process by utilizing WSB to maintain multiple sandboxes for different development environments + - *Privacy Protection*: Users concerned about online privacy can use Windows Sandbox for activities like social media browsing or online shopping to prevent tracking cookies and other privacy-invading techniques. diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md new file mode 100644 index 00000000000..8ffb4f952e6 --- /dev/null +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md @@ -0,0 +1,6 @@ +--- +title: Install Windows Sandbox +description: Install Windows Sandbox +ms.topic: how-to +ms.date: 09/09/2024 +--- \ No newline at end of file diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md index 8d8f873a384..d634acd3e5d 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md @@ -2,7 +2,7 @@ title: Windows Sandbox description: Windows Sandbox overview ms.topic: conceptual -ms.date: 03/26/2024 +ms.date: 09/09/2024 --- # Windows Sandbox diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md new file mode 100644 index 00000000000..52f21ae2c20 --- /dev/null +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md @@ -0,0 +1,6 @@ +--- +title: Troubleshoot Windows Sandbox +description: Troubleshoot Windows Sandbox +ms.topic: troubleshooting +ms.date: 09/09/2024 +--- \ No newline at end of file diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-use.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-use.md new file mode 100644 index 00000000000..4ba08383b4c --- /dev/null +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-use.md @@ -0,0 +1,6 @@ +--- +title: Use Windows Sandbox +description: Use Windows Sandbox +ms.topic: how-to +ms.date: 09/09/2024 +--- \ No newline at end of file diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md new file mode 100644 index 00000000000..86b6cfc0650 --- /dev/null +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md @@ -0,0 +1,6 @@ +--- +title: Windows Sandbox versions +description: Windows Sandbox versions +ms.topic: conceptual +ms.date: 09/09/2024 +--- \ No newline at end of file From b3e6e1202c6a8fe676a11c9e01ab73d7e882eee5 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Mon, 9 Sep 2024 10:46:58 -0600 Subject: [PATCH 03/91] More changes --- .../application-isolation/toc.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/windows/security/application-security/application-isolation/toc.yml b/windows/security/application-security/application-isolation/toc.yml index dab01100501..db3200f4a31 100644 --- a/windows/security/application-security/application-isolation/toc.yml +++ b/windows/security/application-security/application-isolation/toc.yml @@ -1,14 +1,15 @@ items: - name: Microsoft Defender Application Guard (MDAG) href: microsoft-defender-application-guard/md-app-guard-overview.md -- name: MDAG for Edge standalone mode - href: microsoft-defender-application-guard/md-app-guard-overview.md -- name: MDAG for Edge enterprise mode and enterprise management πŸ”— - href: /deployedge/microsoft-edge-security-windows-defender-application-guard -- name: MDAG for Microsoft Office - href: https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46 -- name: MDAG configure via MDM πŸ”— - href: /windows/client-management/mdm/windowsdefenderapplicationguard-csp + items: + - name: MDAG for Microsoft Edge standalone mode + href: microsoft-defender-application-guard/md-app-guard-overview.md + - name: MDAG for Microsoft Edge enterprise mode and enterprise management πŸ”— + href: /deployedge/microsoft-edge-security-windows-defender-application-guard + - name: MDAG for Microsoft Office + href: https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46 + - name: Configure MDAG via MDM πŸ”— + href: /windows/client-management/mdm/windowsdefenderapplicationguard-csp - name: App containers πŸ”— href: /virtualization/windowscontainers/about - name: Windows Sandbox From 65c37f071ec3522c95f040c7a98065347e359ce3 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Mon, 9 Sep 2024 10:48:29 -0600 Subject: [PATCH 04/91] Fix warnings --- .../windows-sandbox/windows-sandbox-install.md | 4 +++- .../windows-sandbox/windows-sandbox-troubleshoot.md | 4 +++- .../windows-sandbox/windows-sandbox-use.md | 4 +++- .../windows-sandbox/windows-sandbox-versions.md | 4 +++- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md index 8ffb4f952e6..9348c762d73 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md @@ -3,4 +3,6 @@ title: Install Windows Sandbox description: Install Windows Sandbox ms.topic: how-to ms.date: 09/09/2024 ---- \ No newline at end of file +--- + +# Install Windows Sandbox diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md index 52f21ae2c20..90722f57224 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md @@ -3,4 +3,6 @@ title: Troubleshoot Windows Sandbox description: Troubleshoot Windows Sandbox ms.topic: troubleshooting ms.date: 09/09/2024 ---- \ No newline at end of file +--- + +# Troubleshoot Windows Sandbox diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-use.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-use.md index 4ba08383b4c..4a3a48313ea 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-use.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-use.md @@ -3,4 +3,6 @@ title: Use Windows Sandbox description: Use Windows Sandbox ms.topic: how-to ms.date: 09/09/2024 ---- \ No newline at end of file +--- + +# Use Windows Sandbox diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md index 86b6cfc0650..7a957abe53f 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md @@ -3,4 +3,6 @@ title: Windows Sandbox versions description: Windows Sandbox versions ms.topic: conceptual ms.date: 09/09/2024 ---- \ No newline at end of file +--- + +# Windows Sandbox versions From 67d0c455dac18fc45f5fe3b8604a4ee6aabed1b0 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Mon, 9 Sep 2024 11:03:32 -0600 Subject: [PATCH 05/91] chore: Update Windows Sandbox TOC to include sample configuration files --- .../windows-sandbox/toc.yml | 11 ++--- .../windows-sandbox-install.md | 44 +++++++++++++++++++ .../windows-sandbox-overview.md | 43 +----------------- .../windows-sandbox-sample-configuration.md | 8 ++++ .../windows-sandbox/windows-sandbox-use.md | 8 ---- 5 files changed, 59 insertions(+), 55 deletions(-) create mode 100644 windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md delete mode 100644 windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-use.md diff --git a/windows/security/application-security/application-isolation/windows-sandbox/toc.yml b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml index 6aeb54f60e6..7509425be9e 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/toc.yml +++ b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml @@ -1,6 +1,7 @@ items: - - name: Overview + - name: What is Windows Sandbox? href: windows-sandbox-overview.md + expanded: true items: - name: Compare versions href: windows-sandbox-versions.md @@ -9,13 +10,13 @@ items: - name: Install Windows Sandbox href: windows-sandbox-install.md - name: Use Windows Sandbox - href: windows-sandbox-use.md + href: windows-sandbox-configure-using-wsb-file.md - name: Tutorials items: - - name: Configuration file - href: windows-sandbox-configure-using-wsb-file.md + - name: Sample configuration files + href: windows-sandbox-sample-configuration.md - name: WindowsSandbox Policy CSP - href: /windows/client-management/mdm/policy-csp-windowssandbox.md + href: /windows/client-management/mdm/policy-csp-windowssandbox - name: Frequently asked questions href: windows-sandbox-faq.yml - name: Troubleshooting diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md index 9348c762d73..b57e6ef35b5 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md @@ -6,3 +6,47 @@ ms.date: 09/09/2024 --- # Install Windows Sandbox + +## Prerequisites + +- ARM64 (for Windows 11, version 22H2 and later) or AMD64 architecture +- Virtualization capabilities enabled in BIOS +- At least 4 GB of RAM (8 GB recommended) +- At least 1 GB of free disk space (SSD recommended) +- At least two CPU cores (four cores with hyper-threading recommended) + +> [!NOTE] +> Windows Sandbox is currently not supported on Windows Home edition. +> Beginning in Windows 11, version 24H2, all inbox store apps like calculator, photos, notepad and terminal are not available inside Windows Sandbox. Ability to use these apps will be added soon. + +## Installation + +1. Ensure that your machine is using Windows 10 Pro or Enterprise, build version 18305 or Windows 11. + +2. Enable virtualization on the machine. + + - If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS. + - If you're using a virtual machine, you need to enable nested virtualization. If needed, also update the VM to support nested virtualization. Run the following PowerShell commands on the host: + + ```powershell + Set-VMProcessor -VMName -ExposeVirtualizationExtensions $true + Update-VMVersion -VMName + ``` + +3. Use the search bar on the task bar and type **Turn Windows Features on or off** to access the Windows Optional Features tool. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted. + + If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this analysis is incorrect, review the prerequisite list and steps 1 and 2. + + > [!NOTE] + > To enable Sandbox using PowerShell, open PowerShell as Administrator and run the following command: + > + > ```powershell + > Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -Online + > ``` + +4. Locate and select **Windows Sandbox** on the Start menu to run it for the first time. + + > [!NOTE] + > Beginning in Windows 11, version 24H2, Windows Sandbox adheres to the mouse settings of the host system. + > + > If you are on an older build and if the host system is set to use a left-handed mouse, you must apply these settings in Windows Sandbox manually when Windows Sandbox starts. Alternatively, you can use a sandbox configuration file to run a logon command to swap the mouse setting. For an example, see [Example 3](windows-sandbox-configure-using-wsb-file.md#example-3). \ No newline at end of file diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md index d634acd3e5d..858efad675a 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md @@ -22,51 +22,10 @@ Windows Sandbox has the following properties: - **Efficient:** Uses the integrated kernel scheduler, smart memory management, and virtual GPU. > [!IMPORTANT] -> Windows Sandbox enables network connection by default. It can be disabled using the [Windows Sandbox configuration file](/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file#networking). +> Windows Sandbox enables network connection by default. It can be disabled using the [Windows Sandbox configuration file](windows-sandbox-configure-using-wsb-file.md#networking). [!INCLUDE [windows-sandbox](../../../../../includes/licensing/windows-sandbox.md)] -## Prerequisites - -- ARM64 (for Windows 11, version 22H2 and later) or AMD64 architecture -- Virtualization capabilities enabled in BIOS -- At least 4 GB of RAM (8 GB recommended) -- At least 1 GB of free disk space (SSD recommended) -- At least two CPU cores (four cores with hyper-threading recommended) - -> [!NOTE] -> Windows Sandbox is currently not supported on Windows Home edition. -> Beginning in Windows 11, version 24H2, all inbox store apps like calculator, photos, notepad and terminal are not available inside Windows Sandbox. Ability to use these apps will be added soon. -## Installation - -1. Ensure that your machine is using Windows 10 Pro or Enterprise, build version 18305 or Windows 11. - -2. Enable virtualization on the machine. - - - If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS. - - If you're using a virtual machine, you need to enable nested virtualization. If needed, also update the VM to support nested virtualization. Run the following PowerShell commands on the host: - - ```powershell - Set-VMProcessor -VMName -ExposeVirtualizationExtensions $true - Update-VMVersion -VMName - ``` - -3. Use the search bar on the task bar and type **Turn Windows Features on or off** to access the Windows Optional Features tool. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted. - - If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this analysis is incorrect, review the prerequisite list and steps 1 and 2. - - > [!NOTE] - > To enable Sandbox using PowerShell, open PowerShell as Administrator and run the following command: - > - > ```powershell - > Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -Online - > ``` - -4. Locate and select **Windows Sandbox** on the Start menu to run it for the first time. - - > [!NOTE] - > Windows Sandbox does not adhere to the mouse settings of the host system, so if the host system is set to use a left-handed mouse, you must apply these settings in Windows Sandbox manually when Windows Sandbox starts. Alternatively, you can use a sandbox configuration file to run a logon command to swap the mouse setting. For an example, see [Example 3](windows-sandbox-configure-using-wsb-file.md#example-3). - ## Usage 1. Copy an executable file (and any other files needed to run the application) from the host and paste them into the **Windows Sandbox** window. diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md new file mode 100644 index 00000000000..079dc91f7f1 --- /dev/null +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md @@ -0,0 +1,8 @@ +--- +title: Windows Sandbox sample configuration files +description: Windows Sandbox sample configuration files +ms.topic: how-to +ms.date: 09/09/2024 +--- + +# Windows Sandbox sample configuration files diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-use.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-use.md deleted file mode 100644 index 4a3a48313ea..00000000000 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-use.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -title: Use Windows Sandbox -description: Use Windows Sandbox -ms.topic: how-to -ms.date: 09/09/2024 ---- - -# Use Windows Sandbox From 633ac1f6e3bc0808c7793afccc70425706b61b5c Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Mon, 9 Sep 2024 16:09:00 -0600 Subject: [PATCH 06/91] chore: Update Windows Sandbox TOC and sample configuration files --- .../windows-sandbox/toc.yml | 7 +- .../windows-sandbox-architecture.md | 12 +- ...indows-sandbox-configure-using-wsb-file.md | 236 ++++++------------ .../windows-sandbox/windows-sandbox-faq.yml | 49 ++++ .../windows-sandbox-install.md | 15 +- .../windows-sandbox-overview.md | 31 ++- .../windows-sandbox-sample-configuration.md | 104 ++++++++ .../windows-sandbox-troubleshoot.md | 1 + 8 files changed, 276 insertions(+), 179 deletions(-) diff --git a/windows/security/application-security/application-isolation/windows-sandbox/toc.yml b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml index 7509425be9e..dc3bd5efd08 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/toc.yml +++ b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml @@ -1,15 +1,16 @@ items: - - name: What is Windows Sandbox? - href: windows-sandbox-overview.md + - name: Overview expanded: true items: + - name: What is Windows Sandbox? + href: windows-sandbox-overview.md - name: Compare versions href: windows-sandbox-versions.md - name: Architecture href: windows-sandbox-architecture.md - name: Install Windows Sandbox href: windows-sandbox-install.md - - name: Use Windows Sandbox + - name: Use & configure Windows Sandbox href: windows-sandbox-configure-using-wsb-file.md - name: Tutorials items: diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md index 0da205053ae..fcb9b56ddcd 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md @@ -2,7 +2,7 @@ title: Windows Sandbox architecture description: Windows Sandbox architecture ms.topic: conceptual -ms.date: 03/26/2024 +ms.date: 09/09/2024 --- # Windows Sandbox architecture @@ -27,18 +27,10 @@ Traditional VMs apportion statically sized allocations of host memory. When reso ## Memory sharing -Because Windows Sandbox runs the same operating system image as the host, it's enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as "direct map." For example, when *ntdll.dll* is loaded into memory in the sandbox, it uses the same physical pages as those pages of the binary when loaded on the host. Memory sharing between the host and the sandbox results in a smaller memory footprint when compared to traditional VMs, without compromising valuable host secrets. +Because Windows Sandbox runs the same operating system image as the host, it's enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as "direct map." For example, when `ntdll.dll` is loaded into memory in the sandbox, it uses the same physical pages as those pages of the binary when loaded on the host. Memory sharing between the host and the sandbox results in a smaller memory footprint when compared to traditional VMs, without compromising valuable host secrets. ![A chart compares the memory footprint in Windows Sandbox versus a traditional VM.](images/3-memory-sharing.png) -## Integrated kernel scheduler - -With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses a new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox gets CPU cycles. - -![A chart compares the scheduling in Windows Sandbox versus a traditional VM.](images/4-integrated-kernal.png) - -Windows Sandbox employs a unique policy that allows the virtual processors of the Sandbox to be scheduled like host threads. Under this scheme, high-priority tasks on the host can preempt less important work in the Sandbox. This preemption means that the most important work is prioritized, whether it's on the host or in the container. - ## WDDM GPU virtualization Hardware accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intensive use cases. Microsoft works with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and Windows Display Driver Model (WDDM), the driver model used by Windows. diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md index 29d6d96ecb4..df8539a64ce 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md @@ -1,11 +1,32 @@ --- -title: Windows Sandbox configuration -description: Windows Sandbox configuration +title: Use and configure Windows Sandbox +description: Use and configure Windows Sandbox ms.topic: how-to -ms.date: 03/26/2024 +ms.date: 09/09/2024 --- -# Windows Sandbox configuration +# Use and configure Windows Sandbox + +To launch a Windows Sandbox with default settings, simply Locate and select Windows Sandbox on the Start menu or search for 'Windows Sandbox'. This launches a basic Sandbox with 4GB memory with the following properties: + +- **vGPU (virtualized GPU)**: Enabled on non-ARM64 devices. +- **Networking**: Enabled. The sandbox uses the Hyper-V default switch. +- **Audio input**: Enabled. The sandbox shares the host's microphone input into the sandbox. +- **Video input**: Disabled. The sandbox doesn't share the host's video input into the sandbox. +- **Protected client**: Disabled. The sandbox doesn't have increased security settings on the Remote Desktop Protocol (RDP) session. +- **Printer redirection**: Disabled. The sandbox doesn't share printers with the host. +- **Clipboard redirection**: Enabled. The sandbox shares the host clipboard with the sandbox so that text and files can be pasted back and forth. + +> [!IMPORTANT] +> +> - Networking is enabled by default. This can expose untrusted applications to the internal network. To launch a Sandbox with networking disabled, use a custom .wsb file. +> - With Clipboard redirection automatically enabled, you can easily copy files from the host and paste them into the Windows Sandbox window. + +You have the freedom to open files, install applications from the web, and perform various other tasks that benefit from an isolated clean environment. + +When you're finished experimenting, close the sandbox. A dialog box will prompt you to confirm the deletion of all sandbox content. Select "Ok" to proceed. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox. + +## Configure a custom Windows Sandbox Windows Sandbox supports simple configuration files, which provide a minimal set of customization parameters for Sandbox. This feature can be used with Windows 10 build 18342 or Windows 11. Windows Sandbox configuration files are formatted as XML and are associated with Sandbox via the `.wsb` file extension. @@ -25,7 +46,7 @@ A configuration file enables the user to control the following aspects of Window > [!NOTE] > The size of the sandbox window currently isn't configurable. -## Creating a configuration file +## Create a configuration file To create a configuration file: @@ -37,10 +58,8 @@ To create a configuration file: ``` -3. Add appropriate configuration text between the two lines. For details, see [examples](#examples). -4. Save the file with the desired name, but make sure its filename extension is `.wsb`. In Notepad, you should enclose the filename and the extension inside double quotation marks, for example, `"My config file.wsb"`. - -## Using a configuration file +3. Add appropriate configuration text between the two lines. For details, see [examples](windows-sandbox-sample-configuration.md). +4. Save the file with the desired name, but make sure its filename extension is `.wsb`. In Notepad, you should enclose the filename and the extension inside double quotation marks, for example, `"MyConfigFile.wsb"`. To use a configuration file, double-click it to start Windows Sandbox according to its settings. You can also invoke it via the command line as shown here: @@ -48,19 +67,21 @@ To use a configuration file, double-click it to start Windows Sandbox according C:\Temp> MyConfigFile.wsb ``` -## Keywords, values, and limits +## Configuration options ### vGPU Enables or disables GPU sharing. -`value` +```xml +value +``` Supported values: -- *Enable*: Enables vGPU support in the sandbox. -- *Disable*: Disables vGPU support in the sandbox. If this value is set, the sandbox uses software rendering, which might be slower than virtualized GPU. -- *Default* This value is the default value for vGPU support. Currently, this default value denotes that vGPU is enabled. +- **Enable**: Enables vGPU support in the sandbox. +- **Disable**: Disables vGPU support in the sandbox. If this value is set, the sandbox uses software rendering, which might be slower than virtualized GPU. +- **Default**: This value is the default value for vGPU support. Currently, this default value denotes that vGPU is enabled. > [!NOTE] > Enabling virtualized GPU can potentially increase the attack surface of the sandbox. @@ -69,20 +90,24 @@ Supported values: Enables or disables networking in the sandbox. You can disable network access to decrease the attack surface exposed by the sandbox. -`value` +```xml +value +``` Supported values: -- *Enable*: Enables networking in the sandbox. -- *Disable*: Disables networking in the sandbox. -- *Default*: This value is the default value for networking support. This value enables networking by creating a virtual switch on the host and connects the sandbox to it via a virtual NIC. +- **Enable**: Enables networking in the sandbox. +- **Disable**: Disables networking in the sandbox. +- **Default**: This value is the default value for networking support. This value enables networking by creating a virtual switch on the host and connects the sandbox to it via a virtual NIC. > [!NOTE] > Enabling networking can expose untrusted applications to the internal network. ### Mapped folders -An array of folders, each representing a location on the host machine that is shared with the sandbox at the specified path. At this time, relative paths aren't supported. If no path is specified, the folder is mapped to the container user's desktop. +An array of folders, each representing a location on the host machine that is shared with the sandbox at the specified path. Currently, relative paths aren't supported. + +When using `` to map folders, the folders are mapped prior to the execution of the [Logon command](#logon-command). ```xml @@ -97,12 +122,12 @@ An array of folders, each representing a location on the host machine that is sh ``` -- *HostFolder*: Specifies the folder on the host machine to share into the sandbox. The folder must already exist on the host, or the container fails to start. -- *SandboxFolder*: Specifies the destination in the sandbox to map the folder to. If the folder doesn't exist, it is created. If no sandbox folder is specified, the folder is mapped to the container desktop. -- *ReadOnly*: If *true*, enforces read-only access to the shared folder from within the container. Supported values: *true*/*false*. Defaults to *false*. +- **HostFolder**: Specifies the folder on the host machine to share into the sandbox. The folder must already exist on the host, or the container fails to start. +- **SandboxFolder**: Specifies the destination in the sandbox to map the folder to. If the folder doesn't exist, it is created. If no sandbox folder is specified, the folder is mapped to the container desktop. +- **ReadOnly**: If *true*, enforces read-only access to the shared folder from within the container. Supported values: *true*/*false*. Defaults to *false*. > [!NOTE] -> Files and folders mapped in from the host can be compromised by apps in the sandbox or potentially affect the host. +> Files and folders mapped in from the host can be compromised by apps in the sandbox or potentially affect the host. Changes made during a Sandbox session to a mapped folder with write-permissions will persist after a Sandbox is disposed. ### Logon command @@ -114,22 +139,24 @@ Specifies a single command that will be invoked automatically after the sandbox ``` -*Command*: A path to an executable or script inside the container that will be executed after signing in. +**Command**: A path to an executable or script inside the container that will be executed after signing in. > [!NOTE] -> Although very simple commands will work (such as launching an executable or script), more complicated scenarios involving multiple steps should be placed into a script file. This script file may be mapped into the container via a shared folder, and then executed via the *LogonCommand* directive. +> Although very simple commands will work (such as launching an executable or script), more complicated scenarios involving multiple steps should be placed into a script file. This script file may be mapped into the container via a shared folder, and then executed via ``. ### Audio input Enables or disables audio input to the sandbox. -`value` +```xml +value +``` Supported values: -- *Enable*: Enables audio input in the sandbox. If this value is set, the sandbox can receive audio input from the user. Applications that use a microphone may require this capability. -- *Disable*: Disables audio input in the sandbox. If this value is set, the sandbox can't receive audio input from the user. Applications that use a microphone may not function properly with this setting. -- *Default*: This value is the default value for audio input support. Currently, this default value denotes that audio input is enabled. +- **Enable**: Enables audio input in the sandbox. If this value is set, the sandbox can receive audio input from the user. Applications that use a microphone may require this capability. +- **Disable**: Disables audio input in the sandbox. If this value is set, the sandbox can't receive audio input from the user. Applications that use a microphone may not function properly with this setting. +- **Default**: This value is the default value for audio input support. Currently, this default value denotes that audio input is enabled. > [!NOTE] > There may be security implications of exposing host audio input to the container. @@ -138,30 +165,32 @@ Supported values: Enables or disables video input to the sandbox. -`value` +```xml +value +``` Supported values: -- *Enable*: Enables video input in the sandbox. -- *Disable*: Disables video input in the sandbox. Applications that use video input may not function properly in the sandbox. -- *Default*: This value is the default value for video input support. Currently, this default value denotes that video input is disabled. Applications that use video input may not function properly in the sandbox. +- **Enable**: Enables video input in the sandbox. +- **Disable**: Disables video input in the sandbox. Applications that use video input may not function properly in the sandbox. +- **Default**: This value is the default value for video input support. Currently, this default value denotes that video input is disabled. Applications that use video input may not function properly in the sandbox. > [!NOTE] > There may be security implications of exposing host video input to the container. ### Protected client -When Protected Client mode is enabled, Sandbox adds a new layer of security boundary by running inside an [AppContainer Isolation](/windows/win32/secauthz/appcontainer-isolation) execution environment. - -AppContainer Isolation provides Credential, Device, File, Network, Process, and Window isolation. +When Protected Client mode is enabled, Sandbox adds a new layer of security boundary by running inside an [AppContainer Isolation](/windows/win32/secauthz/appcontainer-isolation) execution environment. AppContainer Isolation provides Credential, Device, File, Network, Process, and Window isolation. -`value` +```xml +value +``` Supported values: -- *Enable*: Runs Windows sandbox in Protected Client mode. If this value is set, the Sandbox runs in AppContainer Isolation. -- *Disable*: Runs the Sandbox in the standard mode without extra security mitigations. -- *Default*: This value is the default value for Protected Client mode. Currently, this default value denotes that the sandbox doesn't run in Protected Client mode. +- **Enable**: Runs Windows sandbox in Protected Client mode. If this value is set, the Sandbox runs in AppContainer Isolation. +- **Disable**: Runs the Sandbox in the standard mode without extra security mitigations. +- **Default**: This value is the default value for Protected Client mode. Currently, this default value denotes that the sandbox doesn't run in Protected Client mode. > [!NOTE] > This setting may restrict the user's ability to copy/paste files in and out of the sandbox. @@ -170,135 +199,36 @@ Supported values: Enables or disables printer sharing from the host into the sandbox. -`value` +```xml +value +``` Supported values: -- *Enable*: Enables sharing of host printers into the sandbox. -- *Disable*: Disables printer redirection in the sandbox. If this value is set, the sandbox can't view printers from the host. -- *Default*: This value is the default value for printer redirection support. Currently, this default value denotes that printer redirection is disabled. +- **Enable**: Enables sharing of host printers into the sandbox. +- **Disable**: Disables printer redirection in the sandbox. If this value is set, the sandbox can't view printers from the host. +- **Default**: This value is the default value for printer redirection support. Currently, this default value denotes that printer redirection is disabled. ### Clipboard redirection Enables or disables sharing of the host clipboard with the sandbox. -`value` +```xml +value +``` Supported values: -- *Enable*: Enables sharing of the host clipboard with the sandbox. -- *Disable*: Disables clipboard redirection in the sandbox. If this value is set, copy/paste in and out of the sandbox is restricted. -- *Default*: This value is the default value for clipboard redirection. Currently, copy/paste between the host and sandbox are permitted under *Default*. +- **Enable**: Enables sharing of the host clipboard with the sandbox. +- **Disable**: Disables clipboard redirection in the sandbox. If this value is set, copy/paste in and out of the sandbox is restricted. +- **Default**: This value is the default value for clipboard redirection. Currently, copy/paste between the host and sandbox are permitted under *Default*. ### Memory in MB Specifies the amount of memory that the sandbox can use in megabytes (MB). -`value` - -If the memory value specified is insufficient to boot a sandbox, it is automatically increased to the required minimum amount. - -## Examples - -### Example 1 - -The following config file can be used to easily test the downloaded files inside the sandbox. To achieve this testing, networking and vGPU are disabled, and the sandbox is allowed read-only access to the shared downloads folder. For convenience, the logon command opens the downloads folder inside the sandbox when it's started. - -#### Downloads.wsb - -```xml - - Disable - Disable - - - C:\Users\Public\Downloads - C:\Users\WDAGUtilityAccount\Downloads - true - - - - explorer.exe C:\users\WDAGUtilityAccount\Downloads - - -``` - -### Example 2 - -The following config file installs Visual Studio Code in the sandbox, which requires a slightly more complicated LogonCommand setup. - -Two folders are mapped into the sandbox; the first (SandboxScripts) contains VSCodeInstall.cmd, which installs and runs Visual Studio Code. The second folder (CodingProjects) is assumed to contain project files that the developer wants to modify using Visual Studio Code. - -With the Visual Studio Code installer script already mapped into the sandbox, the LogonCommand can reference it. - -#### VSCodeInstall.cmd - -Downloads VS Code to `downloads` folder and runs installation from `downloads` folder. - -```batch -REM Download Visual Studio Code -curl -L "https://update.code.visualstudio.com/latest/win32-x64-user/stable" --output C:\users\WDAGUtilityAccount\Downloads\vscode.exe - -REM Install and run Visual Studio Code -C:\users\WDAGUtilityAccount\Downloads\vscode.exe /verysilent /suppressmsgboxes -``` - -#### VSCode.wsb - ```xml - - - - C:\SandboxScripts - C:\Users\WDAGUtilityAccount\Downloads\sandbox - true - - - C:\CodingProjects - C:\Users\WDAGUtilityAccount\Documents\Projects - false - - - - C:\Users\WDAGUtilityAccount\Downloads\sandbox\VSCodeInstall.cmd - - -``` - -### Example 3 - -The following config file runs a PowerShell script as a logon command to swap the primary mouse button for left-handed users. - -`C:\sandbox` folder on the host is mapped to the `C:\sandbox` folder in the sandbox, so the `SwapMouse.ps1` script can be referenced in the sandbox configuration file. - -#### SwapMouse.ps1 - -Create a PowerShell script using the following code, and save it in the `C:\sandbox` directory as `SwapMouse.ps1`. - -```powershell -[Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | Out-Null - -$SwapButtons = Add-Type -MemberDefinition @' -[DllImport("user32.dll")] -public static extern bool SwapMouseButton(bool swap); -'@ -Name "NativeMethods" -Namespace "PInvoke" -PassThru - -$SwapButtons::SwapMouseButton(!([System.Windows.Forms.SystemInformation]::MouseButtonsSwapped)) +value ``` -### SwapMouse.wsb - -```xml - - - - C:\sandbox - C:\sandbox - True - - - - powershell.exe -ExecutionPolicy Bypass -File C:\sandbox\SwapMouse.ps1 - - -``` +If the memory value specified is insufficient to boot a sandbox, it is automatically increased to the required minimum amount. diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml index 29eb6248369..2f7a816a549 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml @@ -24,3 +24,52 @@ sections: - *Test software features risk-free*: Easily test out software without the need for installing or uninstalling on your host machine. - *Maintaining multiple dev environments*: Streamline your development process by utilizing WSB to maintain multiple sandboxes for different development environments - *Privacy Protection*: Users concerned about online privacy can use Windows Sandbox for activities like social media browsing or online shopping to prevent tracking cookies and other privacy-invading techniques. + + - question: What's the difference between a Hyper-V VM and Windows Sandbox? + answer: | + 1. **Lightweight and Temporary**: + - **Windows Sandbox**: It's a lightweight, disposable environment that runs within your existing Windows installation. You can quickly launch it, test applications, and discard it without affecting your main system. + - **Hyper-V VMs**: Hyper-V VMs are more heavyweight. They require dedicated resources (CPU, memory, disk space) and take longer to set up. + 1. **Security Isolation**: + - **Windows Sandbox**: Provides a secure, isolated environment for testing untrusted software. Any changes made within the sandbox are discarded when you close it. + - **Hyper-V VMs**: While VMs also offer isolation, they persistently store changes unless you revert them manually. + 1. **Resource Efficiency**: + - **Windows Sandbox**: More resource efficient than full VM. It adjusts memory usage according to the demand. It also reuses many of the host’s read only OS files. + - **Hyper-V VMs**: VMs have fixed resource allocations, which can impact overall system performance. + 1. **Ease of Use**: + - **Windows Sandbox**: Simple to useβ€”just open it, test your software, and close it. No complex setup or management. + - **Hyper-V VMs**: Require more configuration, including setting up virtual switches, network adapters, and managing VM snapshots. + + - question: Why can I not change certain settings using a config file? + answer: | + You cannot make changes to properties if they are controlled by Group Policy. Contact your IT Administrator for more details. + + - question: How do I open multiple Sandbox instances? + answer: | + Today, Windows Sandbox only allows users to launch one Sandbox instance at a time. + + - name: Feedback + questions: + + - question: Where can I provide feedback? + answer: | + You can file a bug in Feedback Hub by: + + 1. Open the Feedback Hub app. + 1. Select **Report a problem** or **Suggest a feature**. + 1. Fill in the **Summarize your feedback** and **Explain in more details** boxes with a detailed description of the issue or suggestion. A useful feedback item includes the following: + - Short and descriptive issue title. + - Windows version and build number. This can be gathered from the CMD prompt using the `cmd.exe --version`` command. + - Device information (including CPU type, memory, disk etc.) + - Detailed repro steps. What steps do we need to take to reproduce the issue? Provide as much detail as you can. Provide error message text where possible or screenshots of errors if text cannot be captured. + - Behavior you were expecting. + 1. Select an appropriate category and subcategory by using the dropdown menus. There is a dedicated option in Feedback Hub to file **Windows Sandbox** bugs and feedback. It is located under **Security and Privacy** category. + 1. Select **Next**. + 1. If necessary, you can collect traces for the issue as follows: Select the Recreate my problem tile, then select Start capture, reproduce the issue, and then select **Stop capture**. + 1. Attach any relevant screenshots or files for the problem, then select **Submit**. + + Alternatively, you can also use the [Windows Sandbox GitHub repository](https://github.com/microsoft/Windows-Sandbox) to: + + - **Search existing issues** to see if there are any associated with a problem that you are having. Note that in the search bar, you can remove "is:open" to include issues that have already been resolved in your search. Please consider commenting or giving a thumbs up to any open issues that you would like to express your interest in moving forward as a priority. + - **File a new issue**: If you have found a problem with WSB or WSB documentation and there does not appear to be an existing issue, you can select the green New issue button and then choose WSB - Bug Report. You will need to include a title for the issue, your Windows build number (run cmd.exe /c ver to see your current build #), whether you're running inbox or undocked Windows Sandbox, any other software versions involved, the repro steps, expected behavior, actual behavior, and diagnostic logs if available and appropriate. + - **File a feature request** by selecting the green New issue button and then select Feature request. You will need to address a few questions describing your request. diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md index b57e6ef35b5..115a257de35 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md @@ -16,12 +16,11 @@ ms.date: 09/09/2024 - At least two CPU cores (four cores with hyper-threading recommended) > [!NOTE] -> Windows Sandbox is currently not supported on Windows Home edition. -> Beginning in Windows 11, version 24H2, all inbox store apps like calculator, photos, notepad and terminal are not available inside Windows Sandbox. Ability to use these apps will be added soon. +> Beginning in Windows 11, version 24H2, inbox store apps like Calculator, Photos, Notepad and Terminal are not available inside Windows Sandbox. Ability to use these apps will be added soon. ## Installation -1. Ensure that your machine is using Windows 10 Pro or Enterprise, build version 18305 or Windows 11. +1. Ensure that your machine is using Windows 11 or Windows 10, version 1903 or later. 2. Enable virtualization on the machine. @@ -49,4 +48,12 @@ ms.date: 09/09/2024 > [!NOTE] > Beginning in Windows 11, version 24H2, Windows Sandbox adheres to the mouse settings of the host system. > - > If you are on an older build and if the host system is set to use a left-handed mouse, you must apply these settings in Windows Sandbox manually when Windows Sandbox starts. Alternatively, you can use a sandbox configuration file to run a logon command to swap the mouse setting. For an example, see [Example 3](windows-sandbox-configure-using-wsb-file.md#example-3). \ No newline at end of file + > If you are on an older build and if the host system is set to use a left-handed mouse, you must apply these settings in Windows Sandbox manually when Windows Sandbox starts. Alternatively, you can use a sandbox configuration file to run a logon command to swap the mouse setting. For an example, see [Example 3](windows-sandbox-configure-using-wsb-file.md#example-3). + +## Try WSB preview features by joining the Windows Insider Program + +To try the most recent features or updates to WSB, join the [Windows Insiders Program](https://insider.windows.com/getting-started). Once you have joined Windows Insiders, you can choose the channel you would like to receive preview builds from inside the Windows settings menu. You can choose from: + +- **Dev channel**: Most recent updates, but low stability. +- **Beta channel**: Ideal for early adopters, more reliable builds than the Dev channel. +- **Release Preview channel**: Preview fixes and key features on the next version of Windows just before its available to the general public. diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md index 858efad675a..c8431f91d44 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md @@ -1,31 +1,44 @@ --- title: Windows Sandbox description: Windows Sandbox overview -ms.topic: conceptual +ms.topic: overview ms.date: 09/09/2024 --- # Windows Sandbox -Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine. +Windows Sandbox (WSB) offers a lightweight, isolated desktop environment for safely running applications. It is ideal for testing, debugging, exploring unknown files, and experimenting with tools. Applications installed within the sandbox remain isolated from the host machine using hypervisor-based virtualization. As a disposable virtual machine (VM), Windows Sandbox ensures reboot persistence, quick launch times, and a lower memory footprint compared to full VMs. Its one-click setup simplifies the user experience. -A sandbox is temporary. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application. Note, however, that as of Windows 11, version 22H2, your data persists through a restart initiated from inside the virtualized environmentβ€”useful for installing applications that require the OS to reboot. +The sandbox is temporary; closing it deletes all software, files, and state. Each launch provides a fresh instance. Host-installed software isn't available in the sandbox. Applications needed within the sandbox must be installed there explicitly. -Software and applications installed on the host aren't directly available in the sandbox. If you need specific applications available inside the Windows Sandbox environment, they must be explicitly installed within the environment. +> [!NOTE] +> Starting with Windows 11, version 22H2, data persists through restarts initiated within the sandbox, useful for applications requiring a reboot. -Windows Sandbox has the following properties: +Windows Sandbox offers the following features: -- **Part of Windows**: Everything required for this feature is included in Windows 10 Pro and Enterprise. There's no need to download a Virtual Hard Disk (VHD). -- **Pristine**: Every time Windows Sandbox runs, it's as clean as a brand-new installation of Windows. +- **Part of Windows**: Everything required for this feature is included in the supported Windows SKUs like Pro, Enterprise and Education. There's no need to maintain a separate VM installation. - **Disposable**: Nothing persists on the device. Everything is discarded when the user closes the application. +- **Pristine**: Every time Windows Sandbox runs, it's as clean as a brand-new installation of Windows. - **Secure**: Uses hardware-based virtualization for kernel isolation. It relies on the Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host. -- **Efficient:** Uses the integrated kernel scheduler, smart memory management, and virtual GPU. +- **Efficient**: Takes a few seconds to launch, supports virtual GPU and has smart memory management that optimizes memory footprint. > [!IMPORTANT] -> Windows Sandbox enables network connection by default. It can be disabled using the [Windows Sandbox configuration file](windows-sandbox-configure-using-wsb-file.md#networking). +> Windows Sandbox enables network connection by default. It can be disabled using the [Windows Sandbox configuration file](windows-sandbox-configure-using-wsb-file.md#networking). Enabling networking can expose untrusted applications to the internal network. + +WSB can be used by anyone without any technical skills in various scenarios where users need a secure, clean environment for testing or running potentially harmful software. Here are some ways in which you can leverage WSB: + +- **Clean environment for software testing**: Test or debug your applications in WSB's clean environment to identify and resolve bugs or compatibility issues. +- **Secure web browsing**: Use WSB for secure web browsing, especially when accessing unfamiliar or potentially dangerous websites without putting your system at risk of malware infection. +- **Running Untrusted Applications**: Mitigate security risks by opening untrusted applications or files, such as email attachments in WSB. Improve your safety and security by opening a sandbox with networking disabled and mapping the folder with the application or file you want to open to the sandbox in read-only mode. Check [Sample configuration files](windows-sandbox-sample-configuration.md) for more details. +- **Testing or demoing new software for the first time**: Test drive or demo new software, unstable versions like beta, extensions or add-ons without the hassle of installing and then uninstalling on your host machine. +- **Maintaining multiple dev environments**: Streamline your development process by utilizing WSB to maintain multiple sandboxes for different development environments. For example, maintain a sandbox for each python version and its dependencies! + [!INCLUDE [windows-sandbox](../../../../../includes/licensing/windows-sandbox.md)] +> [!NOTE] +> Windows Sandbox is currently not supported on Windows Home edition. + ## Usage 1. Copy an executable file (and any other files needed to run the application) from the host and paste them into the **Windows Sandbox** window. diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md index 079dc91f7f1..95d5bcbfe9d 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md @@ -6,3 +6,107 @@ ms.date: 09/09/2024 --- # Windows Sandbox sample configuration files + +## Example 1 - Mapping Folders and testing an unknown downloaded file in a Sandbox + +The following config file can be used to easily test unknown downloaded files inside a sandbox. To achieve this testing, networking and vGPU are disabled, and the sandbox is allowed read-only access to the downloads folder from the host and is placed inside a 'temp' folder in the sandbox. For convenience, the logon command opens the downloads folder inside the sandbox when it's started. + +### Downloads.wsb + +```xml + + Disable + Disable + + + C:\Users\Public\Downloads + C:\temp + true + + + + explorer.exe C:\temp + + + +``` + +## Example 2 - Installing Visual Studio Code at launch in a Sandbox + +The following config file installs Visual Studio Code in the sandbox, which requires a slightly more complicated LogonCommand setup. + +Two folders are mapped into the sandbox; the first (`SandboxScripts`) contains VSCodeInstall.cmd, which installs and runs Visual Studio Code. The second folder (`CodingProjects`) is assumed to contain project files that the developer wants to modify using Visual Studio Code. + +With the Visual Studio Code installer script already mapped into the sandbox, the `` can reference it. + +### VSCodeInstall.cmd + +This batch file should be created in the `C:\SandboxScripts` directory on the host. It downloads VS Code to `temp` folder inside the sandbox and runs installation from `temp` folder. + +```batch +REM Download Visual Studio Code +curl -L "https://update.code.visualstudio.com/latest/win32-x64-user/stable" --output C:\temp\vscode.exe + +REM Install and run Visual Studio Code +C:\temp\vscode.exe /verysilent /suppressmsgboxes +``` + +### VSCode.wsb + +```xml + + + + C:\SandboxScripts + C:\temp\sandbox + true + + + C:\CodingProjects + C:\temp\Projects + false + + + + C:\temp\sandbox\VSCodeInstall.cmd + + +``` + +## Example 3 - Mapping Folders and running a PowerShell script as a LogOn Command + +The following config file runs a PowerShell script as a logon command to swap the primary mouse button for left-handed users. + +`C:\sandbox` folder on the host is mapped to the `C:\sandbox` folder in the sandbox, so the `SwapMouse.ps1` script can be referenced in the sandbox configuration file. + +### SwapMouse.ps1 + +Create a PowerShell script using the following code, and save it in the `C:\sandbox` directory as `SwapMouse.ps1`. + +```powershell +[Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | Out-Null + +$SwapButtons = Add-Type -MemberDefinition @' +[DllImport("user32.dll")] +public static extern bool SwapMouseButton(bool swap); +'@ -Name "NativeMethods" -Namespace "PInvoke" -PassThru + +$SwapButtons::SwapMouseButton(!([System.Windows.Forms.SystemInformation]::MouseButtonsSwapped)) +``` + +### SwapMouse.wsb + +```xml + + + + C:\sandbox + C:\sandbox + True + + + + powershell.exe -ExecutionPolicy Bypass -File C:\sandbox\SwapMouse.ps1 + + +``` \ No newline at end of file diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md index 90722f57224..ac4107cb4ac 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md @@ -6,3 +6,4 @@ ms.date: 09/09/2024 --- # Troubleshoot Windows Sandbox + From 63e6ed22e7f4e9a8fe4c68ddcd25880e8fdf6368 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Tue, 10 Sep 2024 11:41:14 -0600 Subject: [PATCH 07/91] chore: Update Windows Sandbox TOC to include sample configuration files --- .../windows-sandbox/windows-sandbox-faq.yml | 56 +++++++++---------- .../windows-sandbox-install.md | 2 +- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml index 2f7a816a549..6fa2f42583d 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml @@ -8,7 +8,7 @@ metadata: ms.date: 09/09/2024 title: Common questions about Windows Sandbox -summary: Windows Sandbox (WSB) provides a lightweight desktop environment to safely run applications in isolation. This feature provides a safe and secure space for testing and debugging apps, exploring unknown files, or experimenting with tools since software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine. +summary: Windows Sandbox (WSB) provides a lightweight desktop environment to safely run applications in isolation. This Frequently Asked Questions (FAQ) article is intended to help you learn more about Windows Sandbox. sections: @@ -16,33 +16,33 @@ sections: questions: - question: Who can use WSB? answer: | - WSB can be used by anyone without any technical skills in various scenarios where users need a secure, clean environment for testing or running potentially harmful software. Here are some ways in which you can leverage WSB: + WSB can be used in various scenarios by anyone without any technical skills. Here are some ways in which you can use WSB: - - *Clean environment for software testing*: Test or debug your applications in WSB's clean environment to identify and resolve bugs or compatibility issues. - - *Secure web browsing*: Use WSB for secure web browsing, especially when accessing unfamiliar or potentially dangerous websites without putting your system at risk of malware infection. - - *Running Untrusted Applications*: Mitigate security risks by running untrusted applications or files, such as email attachments in WSB. - - *Test software features risk-free*: Easily test out software without the need for installing or uninstalling on your host machine. - - *Maintaining multiple dev environments*: Streamline your development process by utilizing WSB to maintain multiple sandboxes for different development environments - - *Privacy Protection*: Users concerned about online privacy can use Windows Sandbox for activities like social media browsing or online shopping to prevent tracking cookies and other privacy-invading techniques. + - **Clean environment for software testing**: Test or debug your applications in WSB's clean environment to identify and resolve bugs or compatibility issues. + - **Secure web browsing**: Use WSB for secure web browsing, especially when accessing unfamiliar or potentially dangerous websites without putting your system at risk of malware infection. + - **Running Untrusted Applications**: Mitigate security risks by running untrusted applications or files, such as email attachments in WSB. + - **Test software features risk-free**: Easily test out software without the need for installing or uninstalling on your host machine. + - **Maintaining multiple dev environments**: Streamline your development process by utilizing WSB to maintain multiple sandboxes for different development environments. + - **Privacy Protection**: Users concerned about online privacy can use Windows Sandbox for activities like social media browsing or online shopping to prevent tracking cookies and other privacy-invading techniques. - - question: What's the difference between a Hyper-V VM and Windows Sandbox? + - question: What's the difference between a Hyper-V virtual machine (VM) and Windows Sandbox? answer: | 1. **Lightweight and Temporary**: - - **Windows Sandbox**: It's a lightweight, disposable environment that runs within your existing Windows installation. You can quickly launch it, test applications, and discard it without affecting your main system. - - **Hyper-V VMs**: Hyper-V VMs are more heavyweight. They require dedicated resources (CPU, memory, disk space) and take longer to set up. + - **Windows Sandbox**: It's a lightweight, disposable environment that runs within your existing Windows installation. You can quickly launch it, test applications, and discard it without affecting your main system. + - **Hyper-V VMs**: Hyper-V VMs are more heavyweight. They require dedicated resources (CPU, memory, disk space) and take longer to set up. 1. **Security Isolation**: - - **Windows Sandbox**: Provides a secure, isolated environment for testing untrusted software. Any changes made within the sandbox are discarded when you close it. - - **Hyper-V VMs**: While VMs also offer isolation, they persistently store changes unless you revert them manually. + - **Windows Sandbox**: Provides a secure, isolated environment for testing untrusted software. Any changes made within the sandbox are discarded when you close it. + - **Hyper-V VMs**: While VMs also offer isolation, they persistently store changes unless you revert them manually. 1. **Resource Efficiency**: - - **Windows Sandbox**: More resource efficient than full VM. It adjusts memory usage according to the demand. It also reuses many of the host’s read only OS files. - - **Hyper-V VMs**: VMs have fixed resource allocations, which can impact overall system performance. + - **Windows Sandbox**: More resource efficient than full VM. It adjusts memory usage according to the demand. It also reuses many of the host’s read only OS files. + - **Hyper-V VMs**: VMs have fixed resource allocations, which can impact overall system performance. 1. **Ease of Use**: - - **Windows Sandbox**: Simple to useβ€”just open it, test your software, and close it. No complex setup or management. - - **Hyper-V VMs**: Require more configuration, including setting up virtual switches, network adapters, and managing VM snapshots. + - **Windows Sandbox**: Simple to useβ€”just open it, test your software, and close it. No complex setup or management. + - **Hyper-V VMs**: Require more configuration, including setting up virtual switches, network adapters, and managing VM snapshots. - question: Why can I not change certain settings using a config file? answer: | - You cannot make changes to properties if they are controlled by Group Policy. Contact your IT Administrator for more details. + You can't make changes to properties if they're controlled by Group Policy. Contact your IT Administrator for more details. - question: How do I open multiple Sandbox instances? answer: | @@ -57,19 +57,19 @@ sections: 1. Open the Feedback Hub app. 1. Select **Report a problem** or **Suggest a feature**. - 1. Fill in the **Summarize your feedback** and **Explain in more details** boxes with a detailed description of the issue or suggestion. A useful feedback item includes the following: - - Short and descriptive issue title. - - Windows version and build number. This can be gathered from the CMD prompt using the `cmd.exe --version`` command. - - Device information (including CPU type, memory, disk etc.) - - Detailed repro steps. What steps do we need to take to reproduce the issue? Provide as much detail as you can. Provide error message text where possible or screenshots of errors if text cannot be captured. - - Behavior you were expecting. - 1. Select an appropriate category and subcategory by using the dropdown menus. There is a dedicated option in Feedback Hub to file **Windows Sandbox** bugs and feedback. It is located under **Security and Privacy** category. + 1. Fill in the **Summarize your feedback** and **Explain in more details** boxes with a detailed description of the issue or suggestion. A useful feedback item includes: + - Short and descriptive issue title. + - Windows version and build number, which can be gathered from a command prompt using the `cmd.exe --version` command. + - Device information (including CPU type, memory, disk etc.) + - Detailed repro steps. What steps do we need to take to reproduce the issue? Provide as much detail as you can. Provide error message text where possible or screenshots of errors if text can't be captured. + - Behavior you were expecting. + 1. Select an appropriate category and subcategory by using the dropdown menus. There's a dedicated option in Feedback Hub to file **Windows Sandbox** bugs and feedback. It's located under **Security and Privacy** category. 1. Select **Next**. 1. If necessary, you can collect traces for the issue as follows: Select the Recreate my problem tile, then select Start capture, reproduce the issue, and then select **Stop capture**. 1. Attach any relevant screenshots or files for the problem, then select **Submit**. Alternatively, you can also use the [Windows Sandbox GitHub repository](https://github.com/microsoft/Windows-Sandbox) to: - - **Search existing issues** to see if there are any associated with a problem that you are having. Note that in the search bar, you can remove "is:open" to include issues that have already been resolved in your search. Please consider commenting or giving a thumbs up to any open issues that you would like to express your interest in moving forward as a priority. - - **File a new issue**: If you have found a problem with WSB or WSB documentation and there does not appear to be an existing issue, you can select the green New issue button and then choose WSB - Bug Report. You will need to include a title for the issue, your Windows build number (run cmd.exe /c ver to see your current build #), whether you're running inbox or undocked Windows Sandbox, any other software versions involved, the repro steps, expected behavior, actual behavior, and diagnostic logs if available and appropriate. - - **File a feature request** by selecting the green New issue button and then select Feature request. You will need to address a few questions describing your request. + - **Search existing issues** to see if there are any associated with a problem that you're having. In the search bar, you can remove "is:open" to include resolved issues in your search. Consider commenting or giving a thumbs up to any open issues that you would like to express your interest in moving forward as a priority. + - **File a new issue**: If you have found a problem with WSB or WSB documentation and there doesn't appear to be an existing issue, you can select the green **New issue** button and then choose **WSB - Bug Report**. Provide a title for the issue, your Windows build number, whether you're running inbox or undocked Windows Sandbox, any other software versions involved, the repro steps, expected behavior, actual behavior, and diagnostic logs if available and appropriate. + - **File a feature request** by selecting the green **New issue** button and then select **Feature request**, then answer the questions describing your request. diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md index 115a257de35..0a3e624f7aa 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md @@ -48,7 +48,7 @@ ms.date: 09/09/2024 > [!NOTE] > Beginning in Windows 11, version 24H2, Windows Sandbox adheres to the mouse settings of the host system. > - > If you are on an older build and if the host system is set to use a left-handed mouse, you must apply these settings in Windows Sandbox manually when Windows Sandbox starts. Alternatively, you can use a sandbox configuration file to run a logon command to swap the mouse setting. For an example, see [Example 3](windows-sandbox-configure-using-wsb-file.md#example-3). + > If you are on an older build and if the host system is set to use a left-handed mouse, you must apply these settings in Windows Sandbox manually when Windows Sandbox starts. Alternatively, you can use a sandbox configuration file to run a logon command to swap the mouse setting. For an example, see [Example 3](windows-sandbox-sample-configuration.md#example-3---mapping-folders-and-running-a-powershell-script-as-a-logon-command). ## Try WSB preview features by joining the Windows Insider Program From a721cb1af017d36c27742c965525091ba0151c5a Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Tue, 10 Sep 2024 12:13:07 -0600 Subject: [PATCH 08/91] chore: Update Windows Sandbox TOC and sample configuration files --- ...indows-sandbox-configure-using-wsb-file.md | 22 +++++++++---------- .../windows-sandbox-install.md | 2 +- .../windows-sandbox-overview.md | 17 +++++--------- .../windows-sandbox-sample-configuration.md | 2 +- 4 files changed, 18 insertions(+), 25 deletions(-) diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md index df8539a64ce..18d00a04e17 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md @@ -7,13 +7,13 @@ ms.date: 09/09/2024 # Use and configure Windows Sandbox -To launch a Windows Sandbox with default settings, simply Locate and select Windows Sandbox on the Start menu or search for 'Windows Sandbox'. This launches a basic Sandbox with 4GB memory with the following properties: +To launch a Windows Sandbox with default settings, locate and select Windows Sandbox on the Start menu or search for 'Windows Sandbox'. This launches a basic Sandbox with 4GB memory with the following properties: - **vGPU (virtualized GPU)**: Enabled on non-ARM64 devices. - **Networking**: Enabled. The sandbox uses the Hyper-V default switch. - **Audio input**: Enabled. The sandbox shares the host's microphone input into the sandbox. - **Video input**: Disabled. The sandbox doesn't share the host's video input into the sandbox. -- **Protected client**: Disabled. The sandbox doesn't have increased security settings on the Remote Desktop Protocol (RDP) session. +- **Protected client**: Disabled. The sandbox doesn't use increased security settings on the Remote Desktop Protocol (RDP) session. - **Printer redirection**: Disabled. The sandbox doesn't share printers with the host. - **Clipboard redirection**: Enabled. The sandbox shares the host clipboard with the sandbox so that text and files can be pasted back and forth. @@ -24,7 +24,7 @@ To launch a Windows Sandbox with default settings, simply Locate and select Wind You have the freedom to open files, install applications from the web, and perform various other tasks that benefit from an isolated clean environment. -When you're finished experimenting, close the sandbox. A dialog box will prompt you to confirm the deletion of all sandbox content. Select "Ok" to proceed. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox. +When you're finished experimenting, close the sandbox. A dialog box prompts you to confirm the deletion of all sandbox content. Select **Ok** to proceed. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox. ## Configure a custom Windows Sandbox @@ -35,7 +35,7 @@ A configuration file enables the user to control the following aspects of Window - **vGPU (virtualized GPU)**: Enable or disable the virtualized GPU. If vGPU is disabled, the sandbox uses Windows Advanced Rasterization Platform (WARP). - **Networking**: Enable or disable network access within the sandbox. - **Mapped folders**: Share folders from the host with *read* or *write* permissions. Exposing host directories might allow malicious software to affect the system or steal data. -- **Logon command**: A command that's executed when Windows Sandbox starts. +- **Logon command**: A command to execute when Windows Sandbox starts. - **Audio input**: Shares the host's microphone input into the sandbox. - **Video input**: Shares the host's webcam input into the sandbox. - **Protected client**: Places increased security settings on the Remote Desktop Protocol (RDP) session to the sandbox. @@ -107,7 +107,7 @@ Supported values: An array of folders, each representing a location on the host machine that is shared with the sandbox at the specified path. Currently, relative paths aren't supported. -When using `` to map folders, the folders are mapped prior to the execution of the [Logon command](#logon-command). +When using `` to map folders, the folders are mapped before the execution of the [Logon command](#logon-command). ```xml @@ -123,7 +123,7 @@ When using `` to map folders, the folders are mapped prior to the ``` - **HostFolder**: Specifies the folder on the host machine to share into the sandbox. The folder must already exist on the host, or the container fails to start. -- **SandboxFolder**: Specifies the destination in the sandbox to map the folder to. If the folder doesn't exist, it is created. If no sandbox folder is specified, the folder is mapped to the container desktop. +- **SandboxFolder**: Specifies the destination in the sandbox to map the folder to. If the folder doesn't exist, it gets created. If no sandbox folder is specified, the folder is mapped to the container desktop. - **ReadOnly**: If *true*, enforces read-only access to the shared folder from within the container. Supported values: *true*/*false*. Defaults to *false*. > [!NOTE] @@ -154,8 +154,8 @@ Enables or disables audio input to the sandbox. Supported values: -- **Enable**: Enables audio input in the sandbox. If this value is set, the sandbox can receive audio input from the user. Applications that use a microphone may require this capability. -- **Disable**: Disables audio input in the sandbox. If this value is set, the sandbox can't receive audio input from the user. Applications that use a microphone may not function properly with this setting. +- **Enable**: Enables audio input in the sandbox. If this value is set, the sandbox can receive audio input from the user. Applications that use a microphone might require this capability. +- **Disable**: Disables audio input in the sandbox. If this value is set, the sandbox can't receive audio input from the user. Applications that use a microphone might not function properly with this setting. - **Default**: This value is the default value for audio input support. Currently, this default value denotes that audio input is enabled. > [!NOTE] @@ -172,8 +172,8 @@ Enables or disables video input to the sandbox. Supported values: - **Enable**: Enables video input in the sandbox. -- **Disable**: Disables video input in the sandbox. Applications that use video input may not function properly in the sandbox. -- **Default**: This value is the default value for video input support. Currently, this default value denotes that video input is disabled. Applications that use video input may not function properly in the sandbox. +- **Disable**: Disables video input in the sandbox. Applications that use video input might not function properly in the sandbox. +- **Default**: This value is the default value for video input support. Currently, this default value denotes that video input is disabled. Applications that use video input might not function properly in the sandbox. > [!NOTE] > There may be security implications of exposing host video input to the container. @@ -231,4 +231,4 @@ Specifies the amount of memory that the sandbox can use in megabytes (MB). value ``` -If the memory value specified is insufficient to boot a sandbox, it is automatically increased to the required minimum amount. +If the memory value specified is insufficient to boot a sandbox, it's automatically increased to the required minimum amount. diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md index 0a3e624f7aa..d634d4aa6a9 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md @@ -52,7 +52,7 @@ ms.date: 09/09/2024 ## Try WSB preview features by joining the Windows Insider Program -To try the most recent features or updates to WSB, join the [Windows Insiders Program](https://insider.windows.com/getting-started). Once you have joined Windows Insiders, you can choose the channel you would like to receive preview builds from inside the Windows settings menu. You can choose from: +To try the most recent features or updates to WSB, join the [Windows Insiders Program](https://insider.windows.com/getting-started). After joining the Windows Insiders Program, you can choose the channel you would like to receive preview builds from inside the Windows settings menu. You can choose from: - **Dev channel**: Most recent updates, but low stability. - **Beta channel**: Ideal for early adopters, more reliable builds than the Dev channel. diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md index c8431f91d44..33aa59a1b89 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md @@ -7,7 +7,7 @@ ms.date: 09/09/2024 # Windows Sandbox -Windows Sandbox (WSB) offers a lightweight, isolated desktop environment for safely running applications. It is ideal for testing, debugging, exploring unknown files, and experimenting with tools. Applications installed within the sandbox remain isolated from the host machine using hypervisor-based virtualization. As a disposable virtual machine (VM), Windows Sandbox ensures reboot persistence, quick launch times, and a lower memory footprint compared to full VMs. Its one-click setup simplifies the user experience. +Windows Sandbox (WSB) offers a lightweight, isolated desktop environment for safely running applications. It's ideal for testing, debugging, exploring unknown files, and experimenting with tools. Applications installed within the sandbox remain isolated from the host machine using hypervisor-based virtualization. As a disposable virtual machine (VM), Windows Sandbox ensures reboot persistence, quick launch times, and a lower memory footprint compared to full VMs. Its one-click setup simplifies the user experience. The sandbox is temporary; closing it deletes all software, files, and state. Each launch provides a fresh instance. Host-installed software isn't available in the sandbox. Applications needed within the sandbox must be installed there explicitly. @@ -16,21 +16,21 @@ The sandbox is temporary; closing it deletes all software, files, and state. Eac Windows Sandbox offers the following features: -- **Part of Windows**: Everything required for this feature is included in the supported Windows SKUs like Pro, Enterprise and Education. There's no need to maintain a separate VM installation. +- **Part of Windows**: Everything required for this feature is included in the supported Windows editions like Pro, Enterprise, and Education. There's no need to maintain a separate VM installation. - **Disposable**: Nothing persists on the device. Everything is discarded when the user closes the application. - **Pristine**: Every time Windows Sandbox runs, it's as clean as a brand-new installation of Windows. - **Secure**: Uses hardware-based virtualization for kernel isolation. It relies on the Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host. -- **Efficient**: Takes a few seconds to launch, supports virtual GPU and has smart memory management that optimizes memory footprint. +- **Efficient**: Takes a few seconds to launch, supports virtual GPU, and has smart memory management that optimizes memory footprint. > [!IMPORTANT] > Windows Sandbox enables network connection by default. It can be disabled using the [Windows Sandbox configuration file](windows-sandbox-configure-using-wsb-file.md#networking). Enabling networking can expose untrusted applications to the internal network. -WSB can be used by anyone without any technical skills in various scenarios where users need a secure, clean environment for testing or running potentially harmful software. Here are some ways in which you can leverage WSB: +WSB can be used without any technical skills in various scenarios where users need a secure, clean environment for testing or running potentially harmful software. Here are some ways in which you can use WSB: - **Clean environment for software testing**: Test or debug your applications in WSB's clean environment to identify and resolve bugs or compatibility issues. - **Secure web browsing**: Use WSB for secure web browsing, especially when accessing unfamiliar or potentially dangerous websites without putting your system at risk of malware infection. - **Running Untrusted Applications**: Mitigate security risks by opening untrusted applications or files, such as email attachments in WSB. Improve your safety and security by opening a sandbox with networking disabled and mapping the folder with the application or file you want to open to the sandbox in read-only mode. Check [Sample configuration files](windows-sandbox-sample-configuration.md) for more details. -- **Testing or demoing new software for the first time**: Test drive or demo new software, unstable versions like beta, extensions or add-ons without the hassle of installing and then uninstalling on your host machine. +- **Testing or demoing new software for the first time**: Test drive or demo new software, preview versions, extensions, or add-ons without the hassle of installing and then uninstalling on your host machine. - **Maintaining multiple dev environments**: Streamline your development process by utilizing WSB to maintain multiple sandboxes for different development environments. For example, maintain a sandbox for each python version and its dependencies! @@ -38,10 +38,3 @@ WSB can be used by anyone without any technical skills in various scenarios wher > [!NOTE] > Windows Sandbox is currently not supported on Windows Home edition. - -## Usage - -1. Copy an executable file (and any other files needed to run the application) from the host and paste them into the **Windows Sandbox** window. -2. Run the executable file or installer inside the sandbox. -3. When you're finished experimenting, close the sandbox. A dialog box will state that all sandbox content will be discarded and permanently deleted. Select **Ok**. -4. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox. diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md index 95d5bcbfe9d..91efb7e8186 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md @@ -73,7 +73,7 @@ C:\temp\vscode.exe /verysilent /suppressmsgboxes ``` -## Example 3 - Mapping Folders and running a PowerShell script as a LogOn Command +## Example 3 - Mapping Folders and running a PowerShell script as a Logon Command The following config file runs a PowerShell script as a logon command to swap the primary mouse button for left-handed users. From a70c340e045d0c201f33e03ec31aa66304a6d804 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Tue, 10 Sep 2024 14:26:02 -0600 Subject: [PATCH 09/91] Update Windows Sandbox TOC to include sample configuration files --- .../application-isolation/windows-sandbox/toc.yml | 6 ++---- .../windows-sandbox/windows-sandbox-troubleshoot.md | 10 ++++++++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/windows/security/application-security/application-isolation/windows-sandbox/toc.yml b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml index dc3bd5efd08..1ef0028e080 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/toc.yml +++ b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml @@ -12,10 +12,8 @@ items: href: windows-sandbox-install.md - name: Use & configure Windows Sandbox href: windows-sandbox-configure-using-wsb-file.md - - name: Tutorials - items: - - name: Sample configuration files - href: windows-sandbox-sample-configuration.md + - name: Sample configuration files + href: windows-sandbox-sample-configuration.md - name: WindowsSandbox Policy CSP href: /windows/client-management/mdm/policy-csp-windowssandbox - name: Frequently asked questions diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md index ac4107cb4ac..4d61fa1b313 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md @@ -7,3 +7,13 @@ ms.date: 09/09/2024 # Troubleshoot Windows Sandbox +This article lists some common issues with Windows Sandbox and possible solutions. To submit feedback about Windows Sandbox, see [Where can I provide feedback?](windows-sandbox-faq.yml#feedback) + +| Error | Possible Solution | +|--|--| +| `WININET_E_NAME_NOT_RESOLVED`
`WU_E_PT_ENDPOINT_UNREACHABLE` | Upgrade to Windows Sandbox app fails because user isn't connected to internet or network adapter is connected but no internet connection. Check your internet connection. | +| `ERROR_FILE_NOT_FOUND` | `.wsb` config file provided by the user doesn't exist. Make sure that the path to the `.wsb` file is correct. | +| `E_INVALIDARG` | The `.wsb` file provided by the user is invalid or has errors. Check the `.wsb` file. | +| `REGDB_E_IIDNOTREG` | Verify if Windows Sandbox component is enabled under 'Turn Windows features on or off'. For more information, see [Install Windows Sandbox](windows-sandbox-install.md) | +| `The following settings are enforced by your IT administrator.` | `.wsb` file has a setting enabled that is controlled via group policy. | +| General failure during installation. | Possible causes:

- Installing Windows Sandbox is disabled via group policy. Check with your IT Admin.
- Timeout error where we can't reach the Microsoft Store. Try again later. | From 3f042fafb25a9e761f23d0fc9f017fcf1efadb53 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Tue, 10 Sep 2024 14:32:12 -0600 Subject: [PATCH 10/91] Update Windows Sandbox TOC to include sample configuration files and fix broken link in troubleshoot.md --- .../application-isolation/windows-sandbox/toc.yml | 2 +- .../windows-sandbox/windows-sandbox-troubleshoot.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/application-security/application-isolation/windows-sandbox/toc.yml b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml index 1ef0028e080..2d0ed23d23d 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/toc.yml +++ b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml @@ -14,7 +14,7 @@ items: href: windows-sandbox-configure-using-wsb-file.md - name: Sample configuration files href: windows-sandbox-sample-configuration.md - - name: WindowsSandbox Policy CSP + - name: WindowsSandbox Policy CSP πŸ”— href: /windows/client-management/mdm/policy-csp-windowssandbox - name: Frequently asked questions href: windows-sandbox-faq.yml diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md index 4d61fa1b313..719eb8a1d29 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md @@ -7,7 +7,7 @@ ms.date: 09/09/2024 # Troubleshoot Windows Sandbox -This article lists some common issues with Windows Sandbox and possible solutions. To submit feedback about Windows Sandbox, see [Where can I provide feedback?](windows-sandbox-faq.yml#feedback) +This article lists some common issues with Windows Sandbox and possible solutions. To submit feedback about Windows Sandbox, see [Where can I provide feedback?](windows-sandbox-faq.yml##where-can-i-provide-feedback) | Error | Possible Solution | |--|--| From e6e59d69b4cb55b4c25acd66665b5d7ad1358afb Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Wed, 11 Sep 2024 15:39:38 -0600 Subject: [PATCH 11/91] Test --- .../security/application-security/application-isolation/toc.yml | 2 +- .../windows-sandbox/{windows-sandbox-overview.md => index.md} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename windows/security/application-security/application-isolation/windows-sandbox/{windows-sandbox-overview.md => index.md} (100%) diff --git a/windows/security/application-security/application-isolation/toc.yml b/windows/security/application-security/application-isolation/toc.yml index db3200f4a31..c2de68aab37 100644 --- a/windows/security/application-security/application-isolation/toc.yml +++ b/windows/security/application-security/application-isolation/toc.yml @@ -13,4 +13,4 @@ items: - name: App containers πŸ”— href: /virtualization/windowscontainers/about - name: Windows Sandbox - href: windows-sandbox/toc.yml \ No newline at end of file + href: windows-sandbox/index.md \ No newline at end of file diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md b/windows/security/application-security/application-isolation/windows-sandbox/index.md similarity index 100% rename from windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md rename to windows/security/application-security/application-isolation/windows-sandbox/index.md From a0adc7e8ae3de776aed9f501b802bf7e5e861e34 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Wed, 11 Sep 2024 15:49:36 -0600 Subject: [PATCH 12/91] Update Windows Sandbox TOC to include sample configuration files and fix broken link in troubleshoot.md --- ...blishing.redirection.windows-security.json | 5 +++ .../windows-sandbox/toc.yml | 40 ++++++++++--------- .../windows-sandbox-troubleshoot.md | 2 +- ...lication-security-application-isolation.md | 2 +- .../security/includes/sections/application.md | 2 +- windows/security/index.yml | 2 +- windows/security/threat-protection/index.md | 2 +- 7 files changed, 31 insertions(+), 24 deletions(-) diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json index fc3a796e959..e66a1c8cae2 100644 --- a/.openpublishing.redirection.windows-security.json +++ b/.openpublishing.redirection.windows-security.json @@ -5,6 +5,11 @@ "redirect_url": "/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt", "redirect_document_id": false }, + { + "source_path": "windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md", + "redirect_url": "/windows/security/application-security/application-isolation/windows-sandbox/index.md", + "redirect_document_id": false + }, { "source_path": "windows/security//threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md", "redirect_url": "/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity", diff --git a/windows/security/application-security/application-isolation/windows-sandbox/toc.yml b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml index 2d0ed23d23d..6a17c8dd4a1 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/toc.yml +++ b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml @@ -1,22 +1,24 @@ items: - - name: Overview - expanded: true - items: - - name: What is Windows Sandbox? - href: windows-sandbox-overview.md - - name: Compare versions - href: windows-sandbox-versions.md - - name: Architecture - href: windows-sandbox-architecture.md - - name: Install Windows Sandbox - href: windows-sandbox-install.md - - name: Use & configure Windows Sandbox - href: windows-sandbox-configure-using-wsb-file.md +- name: Windows Sandbox + href: index.md +- name: Overview + expanded: true + items: + - name: Compare versions + href: windows-sandbox-versions.md + - name: Architecture + href: windows-sandbox-architecture.md +- name: Install Windows Sandbox + href: windows-sandbox-install.md +- name: Use & configure Windows Sandbox + href: windows-sandbox-configure-using-wsb-file.md +- name: Tutorials + items: - name: Sample configuration files href: windows-sandbox-sample-configuration.md - - name: WindowsSandbox Policy CSP πŸ”— - href: /windows/client-management/mdm/policy-csp-windowssandbox - - name: Frequently asked questions - href: windows-sandbox-faq.yml - - name: Troubleshooting - href: windows-sandbox-troubleshoot.md \ No newline at end of file +- name: WindowsSandbox Policy CSP πŸ”— + href: /windows/client-management/mdm/policy-csp-windowssandbox +- name: Frequently asked questions + href: windows-sandbox-faq.yml +- name: Troubleshooting + href: windows-sandbox-troubleshoot.md \ No newline at end of file diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md index 719eb8a1d29..23b9f622635 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md @@ -7,7 +7,7 @@ ms.date: 09/09/2024 # Troubleshoot Windows Sandbox -This article lists some common issues with Windows Sandbox and possible solutions. To submit feedback about Windows Sandbox, see [Where can I provide feedback?](windows-sandbox-faq.yml##where-can-i-provide-feedback) +This article lists some common issues with Windows Sandbox and possible solutions. To submit feedback about Windows Sandbox, see [Where can I provide feedback?](windows-sandbox-faq.yml#where-can-i-provide-feedback) | Error | Possible Solution | |--|--| diff --git a/windows/security/book/application-security-application-isolation.md b/windows/security/book/application-security-application-isolation.md index 603d0138a4f..a81d5c9c9ce 100644 --- a/windows/security/book/application-security-application-isolation.md +++ b/windows/security/book/application-security-application-isolation.md @@ -38,7 +38,7 @@ Once Windows Sandbox is closed, nothing persists on the device. All the software :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:** -- [Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview) +- [Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox) - [Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/windows-sandbox/ba-p/301849) diff --git a/windows/security/includes/sections/application.md b/windows/security/includes/sections/application.md index 8b6b510ef43..f185a1ec049 100644 --- a/windows/security/includes/sections/application.md +++ b/windows/security/includes/sections/application.md @@ -25,4 +25,4 @@ ms.topic: include | **[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)** | Application Guard protects Office files including Word, PowerPoint, and Excel. Application icons have a small shield if Application Guard has been enabled and they are under protection. | | **[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)** | The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in Microsoft Defender Application Guard. | | **[App containers](/virtualization/windowscontainers/about/)** | Universal Windows Platform (UWP) applications run in Windows containers known as app containers. Processes that run in app containers operate with low integrity level, meaning they have limited access to resources they don't own. Because the default integrity level of most resources is medium integrity level, the UWP app can access only a subset of the filesystem, registry, and other resources. The app container also enforces restrictions on network connectivity; for example, access to a local host isn't allowed. As a result, malware or infected apps have limited footprint for escape. | -| **[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)** | Windows Sandbox provides a lightweight desktop environment to safely run untrusted Win32 applications in isolation, using the same hardware-based Hyper-V virtualization technology to isolate apps without fear of lasting impact to your PC. | +| **[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox)** | Windows Sandbox provides a lightweight desktop environment to safely run untrusted Win32 applications in isolation, using the same hardware-based Hyper-V virtualization technology to isolate apps without fear of lasting impact to your PC. | diff --git a/windows/security/index.yml b/windows/security/index.yml index 9553388f93c..6bcbbcbb104 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -110,7 +110,7 @@ landingContent: - text: Microsoft Defender Application Guard (MDAG) url: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview - text: Windows Sandbox - url: /windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview + url: /windows/security/application-security/application-isolation/windows-sandbox/ - linkListType: how-to-guide links: - text: Configure Windows Sandbox diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 5dd0c7c3f09..326b453de12 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -25,7 +25,7 @@ See the following articles to learn more about the different areas of Windows th - [Virtualization-Based Protection of Code Integrity](../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) - [Web Protection](/microsoft-365/security/defender-endpoint/web-protection-overview) - [Windows Firewall](../operating-system-security/network-security/windows-firewall/index.md) -- [Windows Sandbox](../application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md) +- [Windows Sandbox](../application-security/application-isolation/windows-sandbox/index.md) ## Next-generation protection From e6613bb5f4fd15010b5c0aa91e3a53e8d765b0ce Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Tue, 22 Oct 2024 10:44:07 -0600 Subject: [PATCH 13/91] Updates --- .../windows-sandbox/toc.yml | 4 +- .../windows-sandbox/windows-sandbox-cli.md | 101 ++++++++++++++++++ ...indows-sandbox-configure-using-wsb-file.md | 4 +- .../windows-sandbox-sample-configuration.md | 4 +- .../windows-sandbox-versions.md | 26 ++++- 5 files changed, 133 insertions(+), 6 deletions(-) create mode 100644 windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-cli.md diff --git a/windows/security/application-security/application-isolation/windows-sandbox/toc.yml b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml index 6a17c8dd4a1..9654e55dcd5 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/toc.yml +++ b/windows/security/application-security/application-isolation/windows-sandbox/toc.yml @@ -4,7 +4,7 @@ items: - name: Overview expanded: true items: - - name: Compare versions + - name: Windows Sandbox versions href: windows-sandbox-versions.md - name: Architecture href: windows-sandbox-architecture.md @@ -12,6 +12,8 @@ items: href: windows-sandbox-install.md - name: Use & configure Windows Sandbox href: windows-sandbox-configure-using-wsb-file.md +- name: Windows Sandbox command line interface + href: windows-sandbox-cli.md - name: Tutorials items: - name: Sample configuration files diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-cli.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-cli.md new file mode 100644 index 00000000000..b68d31277e1 --- /dev/null +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-cli.md @@ -0,0 +1,101 @@ +--- +title: Windows Sandbox command line +description: Windows Sandbox command line interface +ms.topic: how-to +ms.date: 10/22/2024 +--- + +# Windows Sandbox command line interface + +Starting with Windows 11, version 24H2, the Windows Command Line Interface (CLI) offers powerful tools for creating, managing, and controlling sandboxes, executing commands, and sharing folders within sandbox sessions. This functionality is especially valuable for scripting, task automation, and improving development workflows. In this section, you'll explore how the Windows Sandbox CLI operates, with examples demonstrating how to use each command to enhance your development process. + +**Common parameters**: + +- `--raw`: Formats all outputs in JSON format. +- `-?, -h, --help`: Show help and usage information + +## Start + +The start command creates and launches a new sandbox. The command returns the sandbox ID, which is a unique identifier for the sandbox. The sandbox ID can be used to refer to the sandbox in other commands. + +- `--id `: ID of the Windows Sandbox environment. +- `--c, --config `: Formatted string with the settings that should be used to create the Windows Sandbox environment. + +**Examples**: + +- Create a Windows Sandbox environment with the default settings: + + ```cmd + wsb start + ``` + +- Create a Windows Sandbox environment with a custom configuration: + + ```cmd + wsb start --config "Disabled" + ``` + +## List + +The list command displays a table that shows the information the running Windows Sandbox sessions for the current user. The table includes the sandbox ID. The status can be either running or stopped. The uptime is the duration that the sandbox has been running. + +```cmd +wsb list +``` + +## Exec + +The exec command executes a command in the sandbox. The command takes two arguments: the sandbox ID and the command to execute. The command can be either a built-in command or an executable file. The exec command runs the command in the sandbox and returns the exit code. The exec command can also take optional arguments that are passed to the process started in the sandbox. + +> [!NOTE] +> Currently, there is no support for process I/O meaning that there is no way to retrieve the output of a command run in Sandbox. + +Commands in Windows Sandbox can be executed in the system context or in the context of the currently logged on user. However, there is no way to log on a user without an active RDP session. Therefore, there currently is no way to execute commands in the user context unless there is an active RDP session. + +- `--id ` (REQUIRED): ID of the Windows Sandbox environment. +- `-c, --command ` (REQUIRED): The command to execute within Windows Sandbox. +- `-r, --run-as ` (REQUIRED): Specifies the user context to execute the command within. If the System option is selected, the command will run in the system context. If the ExistingLogin option is selected, the command will run in the currently active user session or fail if there is no active user session. +- `-d, --working-directory `: Directory to execute command in. + +```cmd +wsb exec –-id 12345678-1234-1234-1234-1234567890AB -c app.exe -r System +``` + +## Stop + +The stop command stops a running Windows Sandbox session. The command takes the sandbox ID as an argument. + +The stop command terminates the sandbox process and releases the resources allocated to the sandbox. The stop command also closes the window that shows the sandbox desktop. + +```cmd +wsb stop --id 12345678-1234-1234-1234-1234567890AB +``` + +## Map + +The map command maps a host folder to a folder in the sandbox. The command takes three arguments: the sandbox ID, the host path, and the sandbox path. The host path should be a folder. The sandbox path can be either an existing or a new folder. The share command allows the user to share files and folders between the host and the sandbox. An Additional, `--allow-write` option can be used to allow or disallow the Windows Sandbox environment to write to the folder. + +- `--id ` (REQUIRED): ID of the Windows Sandbox environment. +- `-f, --host-path ` (REQUIRED): Path to folder that will be mapped from the host. +- `-s, --sandbox-path ` (REQUIRED): Path to the folder within the Windows Sandbox. +- `-w, --allow-write`: If specified, the Windows Sandbox environment will be allowed to write to the shared folder. + +```cmd +wsb map --id 12345678-1234-1234-1234-1234567890AB -f C:\host\folder -s C:\sandbox\folder --allow-write +``` + +## Connect + +The connect command starts a remote session within the sandbox. The command takes the sandbox ID as an argument. The connect command opens a new window with a remote desktop session. The connect command allows the user to interact with the sandbox using the mouse and keyboard. + +```cmd +wsb connect --id 12345678-1234-1234-1234-1234567890AB +``` + +## IP + +The ip command displays the IP address of the sandbox. The command takes the sandbox ID as an argument. + +```cmd +wsb ip --id 12345678-1234-1234-1234-1234567890AB +``` diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md index 512d72f4c55..0dd5cdf7611 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md @@ -7,7 +7,7 @@ ms.date: 09/09/2024 # Use and configure Windows Sandbox -To launch a Windows Sandbox with default settings, locate and select Windows Sandbox on the Start menu or search for 'Windows Sandbox'. This launches a basic Sandbox with 4GB memory with the following properties: +To launch a Windows Sandbox with default settings, locate and select Windows Sandbox on the Start menu or search for 'Windows Sandbox'. This launches a basic Sandbox with maximum capacity of 4GB memory with the following properties: - **vGPU (virtualized GPU)**: Enabled on non-ARM64 devices. - **Networking**: Enabled. The sandbox uses the Hyper-V default switch. @@ -231,4 +231,4 @@ Specifies the amount of memory that the sandbox can use in megabytes (MB). value ``` -If the memory value specified is insufficient to boot a sandbox, it's automatically increased to the required minimum amount. +If the memory value specified is insufficient to boot a sandbox, it's automatically increased to the required minimum amount of 2048 MB. diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md index 91efb7e8186..8d1a0ca697d 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md @@ -75,9 +75,9 @@ C:\temp\vscode.exe /verysilent /suppressmsgboxes ## Example 3 - Mapping Folders and running a PowerShell script as a Logon Command -The following config file runs a PowerShell script as a logon command to swap the primary mouse button for left-handed users. +Beginning in Windows 11, version 24H2, Windows Sandbox adheres to the mouse settings of the host system. If you are on an older build and if the host system is set to use a left-handed mouse, you must apply these settings in Windows Sandbox manually when Windows Sandbox starts. Alternatively, you can use a sandbox configuration file to run a logon command to swap the mouse setting. -`C:\sandbox` folder on the host is mapped to the `C:\sandbox` folder in the sandbox, so the `SwapMouse.ps1` script can be referenced in the sandbox configuration file. +In this example, the `C:\sandbox` folder on the host is mapped to the `C:\sandbox` folder in the sandbox, so the `SwapMouse.ps1` script can be referenced in the sandbox configuration file. ### SwapMouse.ps1 diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md index 7a957abe53f..4249eb5e923 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md @@ -2,7 +2,31 @@ title: Windows Sandbox versions description: Windows Sandbox versions ms.topic: conceptual -ms.date: 09/09/2024 +ms.date: 10/22/2024 --- # Windows Sandbox versions + +Starting with Windows 11, version 24H2, a newer version of Windows Sandbox is available from the Microsoft Store, featuring an improved user experience and new command line functionality. + +- **Faster Updates**: With the app now being updated through the Microsoft Store, you can install the bug fixes and new features as soon as they're available, rather than needing to wait for an update of the Windows operating system. +- **Revamped UI**: The app now features WinUI 3, a modern and sleek user interface built on the Fluent design system. +- **New Runtime Features**: Users can now access clipboard redirection, audio/video input control, and folder sharing directly during runtime using the "…" icon in the top-right corner. No need for pre-configured .wsb files. +- **Command Line Preview**: We've introduced an early version of command line support for Windows Sandbox. Check out ---- for more details. + +## Upgrading to the newer version + +### Prerequisites + +- Windows Sandbox must already be installed. If it isn't already installed, [install Windows Sandbox](windows-sandbox-install.md). +- Device must be running Windows 11, version 24H2, with KB10D or later. +- Microsoft Store and Windows Update must be accessible. + +### Upgrade + +- Launch **Windows Sandbox** from the Start menu. +- If the app hasn't been upgraded to the latest version, a progress dialog appears as it automatically attempts to update. This process typically takes 30 seconds to 2 minutes. +- Once the installation is complete, you'll be directed to the updated version of the app. + +> [!NOTE] +> If the upgrade fails on the first try, the installation continues in the background while you use the older version of the app. Additionally, the app is queued in the "Updates & downloads" section of the Microsoft Store app for users who wish to manually install it. \ No newline at end of file From 284258a52408a2f069e90c9a9fd4fd1f05ba92f5 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Tue, 22 Oct 2024 15:57:56 -0600 Subject: [PATCH 14/91] Acro-updates --- .../windows-sandbox/windows-sandbox-cli.md | 8 ++++---- .../windows-sandbox-configure-using-wsb-file.md | 2 +- .../windows-sandbox/windows-sandbox-install.md | 2 +- .../windows-sandbox/windows-sandbox-versions.md | 8 ++++---- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-cli.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-cli.md index b68d31277e1..896af70b77d 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-cli.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-cli.md @@ -50,11 +50,11 @@ The exec command executes a command in the sandbox. The command takes two argume > [!NOTE] > Currently, there is no support for process I/O meaning that there is no way to retrieve the output of a command run in Sandbox. -Commands in Windows Sandbox can be executed in the system context or in the context of the currently logged on user. However, there is no way to log on a user without an active RDP session. Therefore, there currently is no way to execute commands in the user context unless there is an active RDP session. +Commands in Windows Sandbox can be executed in the system context or in the context of the currently logged on user. However, there's no way to sign-in a user without an active RDP session. Therefore, there currently is no way to execute commands in the user context unless there's an active RDP session. - `--id ` (REQUIRED): ID of the Windows Sandbox environment. - `-c, --command ` (REQUIRED): The command to execute within Windows Sandbox. -- `-r, --run-as ` (REQUIRED): Specifies the user context to execute the command within. If the System option is selected, the command will run in the system context. If the ExistingLogin option is selected, the command will run in the currently active user session or fail if there is no active user session. +- `-r, --run-as ` (REQUIRED): Specifies the user context to execute the command within. If the System option is selected, the command runs in the system context. If the ExistingLogin option is selected, the command runs in the currently active user session or fails if there's no active user session. - `-d, --working-directory `: Directory to execute command in. ```cmd @@ -76,9 +76,9 @@ wsb stop --id 12345678-1234-1234-1234-1234567890AB The map command maps a host folder to a folder in the sandbox. The command takes three arguments: the sandbox ID, the host path, and the sandbox path. The host path should be a folder. The sandbox path can be either an existing or a new folder. The share command allows the user to share files and folders between the host and the sandbox. An Additional, `--allow-write` option can be used to allow or disallow the Windows Sandbox environment to write to the folder. - `--id ` (REQUIRED): ID of the Windows Sandbox environment. -- `-f, --host-path ` (REQUIRED): Path to folder that will be mapped from the host. +- `-f, --host-path ` (REQUIRED): Path to folder that is mapped from the host. - `-s, --sandbox-path ` (REQUIRED): Path to the folder within the Windows Sandbox. -- `-w, --allow-write`: If specified, the Windows Sandbox environment will be allowed to write to the shared folder. +- `-w, --allow-write`: If specified, the Windows Sandbox environment is allowed to write to the shared folder. ```cmd wsb map --id 12345678-1234-1234-1234-1234567890AB -f C:\host\folder -s C:\sandbox\folder --allow-write diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md index 0dd5cdf7611..71c365b89e0 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md @@ -9,7 +9,7 @@ ms.date: 09/09/2024 To launch a Windows Sandbox with default settings, locate and select Windows Sandbox on the Start menu or search for 'Windows Sandbox'. This launches a basic Sandbox with maximum capacity of 4GB memory with the following properties: -- **vGPU (virtualized GPU)**: Enabled on non-ARM64 devices. +- **vGPU (virtualized GPU)**: Enabled on non-Arm64 devices. - **Networking**: Enabled. The sandbox uses the Hyper-V default switch. - **Audio input**: Enabled. The sandbox shares the host's microphone input into the sandbox. - **Video input**: Disabled. The sandbox doesn't share the host's video input into the sandbox. diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md index d634d4aa6a9..32b1aee636a 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md @@ -9,7 +9,7 @@ ms.date: 09/09/2024 ## Prerequisites -- ARM64 (for Windows 11, version 22H2 and later) or AMD64 architecture +- Arm64 (for Windows 11, version 22H2 and later) or AMD64 architecture - Virtualization capabilities enabled in BIOS - At least 4 GB of RAM (8 GB recommended) - At least 1 GB of free disk space (SSD recommended) diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md index 4249eb5e923..be0502cecd6 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md @@ -11,8 +11,8 @@ Starting with Windows 11, version 24H2, a newer version of Windows Sandbox is av - **Faster Updates**: With the app now being updated through the Microsoft Store, you can install the bug fixes and new features as soon as they're available, rather than needing to wait for an update of the Windows operating system. - **Revamped UI**: The app now features WinUI 3, a modern and sleek user interface built on the Fluent design system. -- **New Runtime Features**: Users can now access clipboard redirection, audio/video input control, and folder sharing directly during runtime using the "…" icon in the top-right corner. No need for pre-configured .wsb files. -- **Command Line Preview**: We've introduced an early version of command line support for Windows Sandbox. Check out ---- for more details. +- **New Runtime Features**: Users can now access clipboard redirection, audio/video input control, and folder sharing directly during runtime using the "…" icon in the top-right corner without needing a preconfigured `.wsb` file. +- **Command Line Preview**: An early version of [command line support](windows-sandbox-cli.md) for Windows Sandbox is now available. ## Upgrading to the newer version @@ -25,8 +25,8 @@ Starting with Windows 11, version 24H2, a newer version of Windows Sandbox is av ### Upgrade - Launch **Windows Sandbox** from the Start menu. -- If the app hasn't been upgraded to the latest version, a progress dialog appears as it automatically attempts to update. This process typically takes 30 seconds to 2 minutes. -- Once the installation is complete, you'll be directed to the updated version of the app. +- If the app isn't upgraded to the latest version, a progress dialog appears as it automatically attempts to update. This process typically takes 30 seconds to 2 minutes. +- Once the installation is complete, you're directed to the updated version of the app. > [!NOTE] > If the upgrade fails on the first try, the installation continues in the background while you use the older version of the app. Additionally, the app is queued in the "Updates & downloads" section of the Microsoft Store app for users who wish to manually install it. \ No newline at end of file From 78a8b00b0de9f6c59f47ddd80b193cdce4b707d0 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Wed, 23 Oct 2024 16:17:04 -0600 Subject: [PATCH 15/91] Implement feedback items from Kavya --- ...indows-sandbox-configure-using-wsb-file.md | 6 ++--- .../windows-sandbox/windows-sandbox-faq.yml | 26 +++++++++++++++++++ .../windows-sandbox-troubleshoot.md | 4 ++- .../windows-sandbox-versions.md | 4 +-- 4 files changed, 34 insertions(+), 6 deletions(-) diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md index 71c365b89e0..f1a42226e34 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md @@ -107,7 +107,7 @@ Supported values: An array of folders, each representing a location on the host machine that is shared with the sandbox at the specified path. Currently, relative paths aren't supported. -When using `` to map folders, the folders are mapped before the execution of the [Logon command](#logon-command). +When using `` to map folders, the folders are mapped before the execution of the [Logon command](#logon-command). Beginning in Windows 11, version 23H2, you can use environment variables in the path. ```xml @@ -123,11 +123,11 @@ When using `` to map folders, the folders are mapped before the e ``` - **HostFolder**: Specifies the folder on the host machine to share into the sandbox. The folder must already exist on the host, or the container fails to start. -- **SandboxFolder**: Specifies the destination in the sandbox to map the folder to. If the folder doesn't exist, it gets created. If no sandbox folder is specified, the folder is mapped to the container desktop. +- **SandboxFolder**: Specifies the destination in the sandbox to map the folder to. If the folder doesn't exist, it gets created. If no sandbox folder is specified, the folder is mapped to the container user's desktop. The default user of Sandbox is `WDAGUtilityAccount`. - **ReadOnly**: If *true*, enforces read-only access to the shared folder from within the container. Supported values: *true*/*false*. Defaults to *false*. > [!NOTE] -> Files and folders mapped in from the host can be compromised by apps in the sandbox or potentially affect the host. Changes made during a Sandbox session to a mapped folder with write-permissions will persist after a Sandbox is disposed. +> Files and folders mapped from the host can be compromised by apps in the sandbox or potentially affect the host. Changes made during a Sandbox session to a mapped folder with write-permissions will persist after a Sandbox is disposed. ### Logon command diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml index 6fa2f42583d..1cb0a58a9f3 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml @@ -48,6 +48,32 @@ sections: answer: | Today, Windows Sandbox only allows users to launch one Sandbox instance at a time. + - question: Installing the latest version of Windows Sandbox fails. How do I fix this? + answer: | + Ensure that your device has access to the Internet, Windows Update and Microsoft Store. Beginning from Windows 11 24H2, the old Windows Sandbox app attempts to download the latest version from the Store. If the upgrade fails initially, installation continues in the background while the user can still use the app. Additionally, the app is queued in the "Updates & Downloads" section of the Microsoft Store app for users who wish to manually install it manually. + + - question: How do I know which version of Windows Sandbox I am running? + answer: | + Run `Get-AppxPackage -Name WindowsSandbox | Select-Object Version` in a PowerShell prompt. If the version is empty, you are running an older version of Windows Sandbox. If this returns a set of digits, you are running the newer version. + Alternatively, if your Windows Sandbox app has a '...' button in the top-right corner that opens a drop-down menu, you're using the new version. + + - question: How do I save the Sandbox state? + answer: | + Windows Sandbox is temporary; closing it deletes all software, files, and state. + + - question: How can I open Windows Sandbox with a different OS version? + answer: | + Windows Sandbox only allows you to use the same build as your host OS. This allows us to keep Windows Sandbox 'lightweight'. + + - question: What applications aren't supported inside a Windows Sandbox? + answer: | + Inbox apps (for example, Store, Notepad) and Optional features turned on via 'Turn Windows Features On or Off' are not supported. + While Store apps can be installed, you can't download them directly from the Store since the Store app isn't available in the Sandbox. However, if you have an `.appx` package, you can still install those apps. + + - question: How do I uninstall Windows Sandbox? + answer: | + Run the following PowerShell cmdlet to uninstall the app: `Get-AppxPackage -name WindowsSandbox | Remove-AppxPackage` + - name: Feedback questions: diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md index 23b9f622635..a908b5875ce 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-troubleshoot.md @@ -16,4 +16,6 @@ This article lists some common issues with Windows Sandbox and possible solution | `E_INVALIDARG` | The `.wsb` file provided by the user is invalid or has errors. Check the `.wsb` file. | | `REGDB_E_IIDNOTREG` | Verify if Windows Sandbox component is enabled under 'Turn Windows features on or off'. For more information, see [Install Windows Sandbox](windows-sandbox-install.md) | | `The following settings are enforced by your IT administrator.` | `.wsb` file has a setting enabled that is controlled via group policy. | -| General failure during installation. | Possible causes:

- Installing Windows Sandbox is disabled via group policy. Check with your IT Admin.
- Timeout error where we can't reach the Microsoft Store. Try again later. | +| `No hypervisor was found. Please enable hypervisor support.` | Windows Sandbox only supports Hyper-V Hypervisor. Third-party hypervisors are not supported. Ensure that Hyper-V is enabled. | +| `Cannot upgrade to the latest version of Windows Sandbox` | Ensure that your device has access to the Internet, Windows Update and Microsoft Store. Beginning with Windows 11, version 24H2, the old Windows Sandbox app attempts to download the latest version from the Store. If the upgrade fails initially, installation continues in the background while the user can still use the app. Additionally, the app is queued in the "Updates & downloads" section of the Microsoft Store app for users who wish to install it manually. | +| `E_FAIL`, or `E_UNEXPECTED` or general failure during installation. | Possible causes:

- Installing Windows Sandbox is disabled via group policy. Check with your IT Admin.
- Timeout error where we can't reach the Microsoft Store. Try again later. | diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md index be0502cecd6..42ffe331cce 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md @@ -20,7 +20,7 @@ Starting with Windows 11, version 24H2, a newer version of Windows Sandbox is av - Windows Sandbox must already be installed. If it isn't already installed, [install Windows Sandbox](windows-sandbox-install.md). - Device must be running Windows 11, version 24H2, with KB10D or later. -- Microsoft Store and Windows Update must be accessible. +- Internet access for Microsoft Store and Windows Update. ### Upgrade @@ -29,4 +29,4 @@ Starting with Windows 11, version 24H2, a newer version of Windows Sandbox is av - Once the installation is complete, you're directed to the updated version of the app. > [!NOTE] -> If the upgrade fails on the first try, the installation continues in the background while you use the older version of the app. Additionally, the app is queued in the "Updates & downloads" section of the Microsoft Store app for users who wish to manually install it. \ No newline at end of file +> If the upgrade fails on the first try, the installation continues in the background while you use the older version of the app. Additionally, the app is queued in the "Updates & downloads" section of the Microsoft Store app for users who wish to install it manually. \ No newline at end of file From 470aff9146bcf6c2783db482737413c8c85ffeb4 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Wed, 23 Oct 2024 16:20:55 -0600 Subject: [PATCH 16/91] Minor update --- .../windows-sandbox/windows-sandbox-faq.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml index 1cb0a58a9f3..015bb5dd5dd 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml @@ -14,6 +14,7 @@ sections: - name: Concepts questions: + - question: Who can use WSB? answer: | WSB can be used in various scenarios by anyone without any technical skills. Here are some ways in which you can use WSB: @@ -40,6 +41,14 @@ sections: - **Windows Sandbox**: Simple to useβ€”just open it, test your software, and close it. No complex setup or management. - **Hyper-V VMs**: Require more configuration, including setting up virtual switches, network adapters, and managing VM snapshots. + - question: What applications aren't supported inside a Windows Sandbox? + answer: | + Inbox apps (for example, Store, Notepad) and Optional features turned on via 'Turn Windows Features On or Off' are not supported. + While Store apps can be installed, you can't download them directly from the Store since the Store app isn't available in the Sandbox. However, if you have an `.appx` package, you can still install those apps. + + - name: Usage + questions: + - question: Why can I not change certain settings using a config file? answer: | You can't make changes to properties if they're controlled by Group Policy. Contact your IT Administrator for more details. @@ -65,11 +74,6 @@ sections: answer: | Windows Sandbox only allows you to use the same build as your host OS. This allows us to keep Windows Sandbox 'lightweight'. - - question: What applications aren't supported inside a Windows Sandbox? - answer: | - Inbox apps (for example, Store, Notepad) and Optional features turned on via 'Turn Windows Features On or Off' are not supported. - While Store apps can be installed, you can't download them directly from the Store since the Store app isn't available in the Sandbox. However, if you have an `.appx` package, you can still install those apps. - - question: How do I uninstall Windows Sandbox? answer: | Run the following PowerShell cmdlet to uninstall the app: `Get-AppxPackage -name WindowsSandbox | Remove-AppxPackage` From ba82227826b7cacbf69c0a20306d3c73b99af6bb Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Wed, 23 Oct 2024 16:32:28 -0600 Subject: [PATCH 17/91] Update FAQ --- .../windows-sandbox/windows-sandbox-faq.yml | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml index 015bb5dd5dd..bcec797106b 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-faq.yml @@ -5,7 +5,7 @@ metadata: author: vinaypamnani-msft ms.author: vinpa ms.topic: faq - ms.date: 09/09/2024 + ms.date: 10/23/2024 title: Common questions about Windows Sandbox summary: Windows Sandbox (WSB) provides a lightweight desktop environment to safely run applications in isolation. This Frequently Asked Questions (FAQ) article is intended to help you learn more about Windows Sandbox. @@ -29,21 +29,21 @@ sections: - question: What's the difference between a Hyper-V virtual machine (VM) and Windows Sandbox? answer: | 1. **Lightweight and Temporary**: - - **Windows Sandbox**: It's a lightweight, disposable environment that runs within your existing Windows installation. You can quickly launch it, test applications, and discard it without affecting your main system. - - **Hyper-V VMs**: Hyper-V VMs are more heavyweight. They require dedicated resources (CPU, memory, disk space) and take longer to set up. + - Windows Sandbox: It's a lightweight, disposable environment that runs within your existing Windows installation. You can quickly launch it, test applications, and discard it without affecting your main system. + - Hyper-V VMs: Hyper-V VMs are more heavyweight. They require dedicated resources (CPU, memory, disk space) and take longer to set up. 1. **Security Isolation**: - - **Windows Sandbox**: Provides a secure, isolated environment for testing untrusted software. Any changes made within the sandbox are discarded when you close it. - - **Hyper-V VMs**: While VMs also offer isolation, they persistently store changes unless you revert them manually. + - Windows Sandbox: Provides a secure, isolated environment for testing untrusted software. Any changes made within the sandbox are discarded when you close it. + - Hyper-V VMs: While VMs also offer isolation, they persistently store changes unless you revert them manually. 1. **Resource Efficiency**: - - **Windows Sandbox**: More resource efficient than full VM. It adjusts memory usage according to the demand. It also reuses many of the host’s read only OS files. - - **Hyper-V VMs**: VMs have fixed resource allocations, which can impact overall system performance. + - Windows Sandbox: More resource efficient than full VM. It adjusts memory usage according to the demand. It also reuses many of the host's read only OS files. + - Hyper-V VMs: VMs have fixed resource allocations, which can impact overall system performance. 1. **Ease of Use**: - - **Windows Sandbox**: Simple to useβ€”just open it, test your software, and close it. No complex setup or management. - - **Hyper-V VMs**: Require more configuration, including setting up virtual switches, network adapters, and managing VM snapshots. + - Windows Sandbox: Simple to useβ€”just open it, test your software, and close it. No complex setup or management. + - Hyper-V VMs: Require more configuration, including setting up virtual switches, network adapters, and managing VM snapshots. - question: What applications aren't supported inside a Windows Sandbox? answer: | - Inbox apps (for example, Store, Notepad) and Optional features turned on via 'Turn Windows Features On or Off' are not supported. + Inbox apps (for example, Store, Notepad) and Optional features turned on via 'Turn Windows Features On or Off' aren't supported. While Store apps can be installed, you can't download them directly from the Store since the Store app isn't available in the Sandbox. However, if you have an `.appx` package, you can still install those apps. - name: Usage @@ -59,11 +59,11 @@ sections: - question: Installing the latest version of Windows Sandbox fails. How do I fix this? answer: | - Ensure that your device has access to the Internet, Windows Update and Microsoft Store. Beginning from Windows 11 24H2, the old Windows Sandbox app attempts to download the latest version from the Store. If the upgrade fails initially, installation continues in the background while the user can still use the app. Additionally, the app is queued in the "Updates & Downloads" section of the Microsoft Store app for users who wish to manually install it manually. + Ensure that your device has access to the Internet, Windows Update, and Microsoft Store. Beginning from Windows 11 24H2, the old Windows Sandbox app attempts to download the latest version from the Store. If the upgrade fails initially, installation continues in the background while the user can still use the app. Additionally, the app is queued in the "Updates & Downloads" section of the Microsoft Store app for users who wish to manually install it manually. - - question: How do I know which version of Windows Sandbox I am running? + - question: How do I know which version of Windows Sandbox am I running? answer: | - Run `Get-AppxPackage -Name WindowsSandbox | Select-Object Version` in a PowerShell prompt. If the version is empty, you are running an older version of Windows Sandbox. If this returns a set of digits, you are running the newer version. + Run `Get-AppxPackage -Name WindowsSandbox | Select-Object Version` in a PowerShell prompt. If the version is empty, you're running an older version of Windows Sandbox. If it returns a version number, you're running the newer version. Alternatively, if your Windows Sandbox app has a '...' button in the top-right corner that opens a drop-down menu, you're using the new version. - question: How do I save the Sandbox state? From 53fd912111cc3fcf1695e7add01770d19041783c Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Tue, 26 Nov 2024 10:11:54 -0700 Subject: [PATCH 18/91] Update link --- .../security/book/application-security-application-isolation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/book/application-security-application-isolation.md b/windows/security/book/application-security-application-isolation.md index f5a440d04bf..bedd6481b27 100644 --- a/windows/security/book/application-security-application-isolation.md +++ b/windows/security/book/application-security-application-isolation.md @@ -91,7 +91,7 @@ A **Virtualization-based security enclave** is a software-based trusted executio [LINK-6]: /windows/win32/secauthz/app-isolation-packaging-with-vs [LINK-7]: https://blogs.windows.com/windowsdeveloper/2024/03/06/sandboxing-python-with-win32-app-isolation/ [LINK-8]: /windows/apps/windows-app-sdk/migrate-to-windows-app-sdk/feature-mapping-table?source=recommendations -[LINK-9]: /windows/security/application-security/application-isolation/windows-sandbox +[LINK-9]: /windows/security/application-security/application-isolation/windows-sandbox/index [LINK-10]: /windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall [LINK-11]: /windows/wsl/networking#dns-tunneling [LINK-12]: /windows/wsl/networking#auto-proxy From bd4ae8fe0beba497de490eda13c92173f6205d76 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Tue, 26 Nov 2024 10:14:53 -0700 Subject: [PATCH 19/91] Update link --- .../security/book/application-security-application-isolation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/book/application-security-application-isolation.md b/windows/security/book/application-security-application-isolation.md index bedd6481b27..f5a440d04bf 100644 --- a/windows/security/book/application-security-application-isolation.md +++ b/windows/security/book/application-security-application-isolation.md @@ -91,7 +91,7 @@ A **Virtualization-based security enclave** is a software-based trusted executio [LINK-6]: /windows/win32/secauthz/app-isolation-packaging-with-vs [LINK-7]: https://blogs.windows.com/windowsdeveloper/2024/03/06/sandboxing-python-with-win32-app-isolation/ [LINK-8]: /windows/apps/windows-app-sdk/migrate-to-windows-app-sdk/feature-mapping-table?source=recommendations -[LINK-9]: /windows/security/application-security/application-isolation/windows-sandbox/index +[LINK-9]: /windows/security/application-security/application-isolation/windows-sandbox [LINK-10]: /windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall [LINK-11]: /windows/wsl/networking#dns-tunneling [LINK-12]: /windows/wsl/networking#auto-proxy From 7637e62e5a8cdd2339dcea2f31109a070457364f Mon Sep 17 00:00:00 2001 From: Violet Hansen Date: Wed, 8 Jan 2025 20:22:42 +0200 Subject: [PATCH 20/91] Updated the known issue notice --- .../deployment/appcontrol-deployment-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md index 4ee7ef27570..42881a0f12b 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md @@ -43,7 +43,7 @@ All App Control for Business policy changes should be deployed in audit mode bef ## Choose how to deploy App Control policies > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** App Control Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deploy-appcontrol-policies-with-script.md) in this case. +> Due to a known issue in Windows 11 updates earlier than 2024 (24H2), you should activate new **signed** App Control Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deploy-appcontrol-policies-with-script.md) in this case. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. From be618ec949eb0a1267cf89af20834b6e3eb9655f Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 9 Jan 2025 12:05:51 -0800 Subject: [PATCH 21/91] edp-cpw-changes-9673486 --- .../manage-windows-copilot.md | 70 +++++++++---------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/windows/client-management/manage-windows-copilot.md b/windows/client-management/manage-windows-copilot.md index 7c22b93c880..f87ea49216f 100644 --- a/windows/client-management/manage-windows-copilot.md +++ b/windows/client-management/manage-windows-copilot.md @@ -1,9 +1,9 @@ --- -title: Updated Windows and Microsoft Copilot experience +title: Updated Windows and Microsoft 365 Copilot Chat experience description: Learn about changes to the Copilot in Windows experience for commercial environments and how to configure it for your organization. ms.topic: overview ms.subservice: windows-copilot -ms.date: 12/12/2024 +ms.date: 01/15/2025 ms.author: mstewart author: mestew ms.collection: @@ -13,60 +13,60 @@ appliesto: - βœ… Windows 11, version 22H2 or later --- -# Updated Windows and Microsoft Copilot experience +# Updated Windows and Microsoft 365 Copilot Chat experience ->**Looking for consumer information?** See [Welcome to Copilot in Windows](https://support.microsoft.com/topic/675708af-8c16-4675-afeb-85a5a476ccb0). **Looking for more information on Microsoft Copilot experiences?** See [Understanding the different Microsoft Copilot experiences](https://support.microsoft.com/topic/cfff4791-694a-4d90-9c9c-1eb3fb28e842). +>**Looking for consumer information?** See [Welcome to Copilot in Windows](https://support.microsoft.com/topic/675708af-8c16-4675-afeb-85a5a476ccb0). **Looking for more information on Microsoft 365 Copilot Chat experiences?** See [Understanding the different Microsoft 365 Copilot Chat experiences](https://support.microsoft.com/topic/cfff4791-694a-4d90-9c9c-1eb3fb28e842). ## Enhanced data protection with enterprise data protection -The Copilot experience on Windows is changing to enhance data security, privacy, compliance, and simplify the user experience, for users signed in with a Microsoft Entra work or school account. [Microsoft Copilot will offer enterprise data protection](https://techcommunity.microsoft.com/t5/copilot-for-microsoft-365/updates-to-microsoft-copilot-to-bring-enterprise-data-protection/ba-p/4217152) at no additional cost and redirect users to a new simplified interface designed for work and education. [Enterprise data protection (EDP)](/copilot/microsoft-365/enterprise-data-protection) refers to controls and commitments, under the Data Protection Addendum and Product Terms, that apply to customer data for users of Copilot for Microsoft 365 and Microsoft Copilot. This means that security, privacy, compliance controls and commitments available for Copilot for Microsoft 365 will extend to Microsoft Copilot prompts and responses. Prompts and responses are protected by the same terms and commitments that are widely trusted by our customers - not only for Copilot for Microsoft 365, but also for emails in Exchange and files in SharePoint. This is an improvement on top of the previous commercial data protection (CDP) promise. This update is rolling out now. For more information, see the [Microsoft Copilot updates and enterprise data protection FAQ](/copilot/edpfaq). +The Copilot experience on Windows is changing to enhance data security, privacy, compliance, and simplify the user experience, for users signed in with a Microsoft Entra work or school account. [Microsoft 365 Copilot Chat](https://techcommunity.microsoft.com/t5/copilot-for-microsoft-365/updates-to-microsoft-copilot-to-bring-enterprise-data-protection/ba-p/4217152) is available at no additional cost and it redirects users to a new simplified interface designed for work and education. [Enterprise data protection (EDP)](/copilot/microsoft-365/enterprise-data-protection) refers to controls and commitments, under the Data Protection Addendum and Product Terms, that apply to customer data for users of Microsoft 365 and Microsoft 365 Copilot Chat. This means that security, privacy, compliance controls and commitments available for Microsoft 365 will extend to Microsoft 365 Copilot Chat prompts and responses. Prompts and responses are protected by the same terms and commitments that are widely trusted by our customers. This is an improvement on top of the previous commercial data protection (CDP) promise. This update is rolling out now. For more information, see the [Microsoft 365 Copilot Chat updates and enterprise data protection FAQ](/copilot/edpfaq). > [!IMPORTANT] > To streamline the user experience, updates to the Copilot entry points in Windows are being made for users. **Copilot in Windows (preview) will be removed from Windows**. The experience will slightly vary depending on whether your organization has already opted into using Copilot in Windows (preview) or not. ## Copilot in Windows (preview) isn't enabled -If your organization hasn't enabled Copilot in Windows (preview), your existing preferences are respected. Neither the Microsoft Copilot app nor the Microsoft 365 app are pinned to the taskbar. To prepare for the eventual removal of the [Copilot in Windows policy](/windows/client-management/mdm/policy-csp-windowsai#turnoffwindowscopilot), admins should [set Microsoft Copilot pinning options](/copilot/microsoft-365/pin-copilot) in the Microsoft 365 admin center. +If your organization hasn't enabled Copilot in Windows (preview), your existing preferences are respected. Neither Microsoft 365 Copilot Chat or the Microsoft 365 Copilot app (formerly the Microsoft 365 app) are pinned to the taskbar. To prepare for the eventual removal of the [Copilot in Windows policy](/windows/client-management/mdm/policy-csp-windowsai#turnoffwindowscopilot), admins should [set pinning options](/copilot/microsoft-365/pin-copilot) in the Microsoft 365 admin center. > [!NOTE] > Although we won't be pinning any app to the taskbar by default, IT has the capability to use policies to enforce their preferred app pinning. ## Copilot in Windows (preview) is enabled -If you had previously activated Copilot in Windows (in preview) for your workforce, we want to thank you for your enthusiasm. To provide the best Copilot experience for your users moving forward, and support greater efficiency and productivity, we won't automatically pin the Microsoft 365 app to the taskbar in Windows. Rather, we ensure that you have control over how you enable the Copilot experience within your organization. Our focus remains on empowering IT to seamlessly manage AI experiences and adopt those experiences at a pace that suits your organizational needs. +If you had previously activated Copilot in Windows (in preview) for your workforce, we want to thank you for your enthusiasm. To provide the best Copilot experience for your users moving forward, and support greater efficiency and productivity, we won't automatically pin the Microsoft 365 Copilot app to the taskbar in Windows. Rather, we ensure that you have control over how you enable the Copilot experience within your organization. Our focus remains on empowering IT to seamlessly manage AI experiences and adopt those experiences at a pace that suits your organizational needs. -If you have already activated Copilot in Windows (preview) - and want your users to have uninterrupted access to Copilot on the taskbar after the update - use the [configuration options](/windows/configuration/taskbar/?pivots=windows-11) to pin the Microsoft 365 app to the taskbar as Copilot in Windows (preview) icon will be removed from the taskbar. +If you have already activated Copilot in Windows (preview) - and want your users to have uninterrupted access to Copilot on the taskbar after the update - use the [configuration options](/windows/configuration/taskbar/?pivots=windows-11) to pin the Microsoft 365 Copilot app to the taskbar as Copilot in Windows (preview) icon will be removed from the taskbar. ## Users signing in to new PCs with Microsoft Entra accounts For users signing in to new PCs with work or school accounts, the following experience occurs: -- The Microsoft 365 app is pinned to the taskbar - this is the app comes preinstalled with Windows and includes convenient access to Office apps such as Word, PowerPoint, etc. -- Users that have the Microsoft 365 Copilot license have Microsoft Copilot pinned by default inside the Microsoft 365 app. -- Within the Microsoft 365 app, the Microsoft Copilot icon is situated next to the home button. - - Microsoft Copilot (`web` grounding chat) isn't the same as Microsoft 365 Copilot (`web` and `work` scope), which is a separate add-on license. - - Microsoft Copilot is available at no additional cost to customers with a Microsoft Entra account. Microsoft Copilot is the entry point for Copilot at work. While the Copilot chat experience helps users ground their conversations in web data, Microsoft 365 Copilot allows users to incorporate both web and work data they have access to into their conversations by switching between work and web modes in Business Chat. - - For users with the Microsoft 365 Copilot license, they can toggle between the web grounding-based chat capabilities of Microsoft Copilot and the work scoped chat capabilities of Microsoft 365 Copilot. -- Customers that don't have a license for Microsoft 365 Copilot are asked if they want to pin Microsoft Copilot to ensure they have easy access to Copilot. To set the default behavior, admins should [set Microsoft Copilot pinning options](/copilot/microsoft-365/pin-copilot) in the Microsoft 365 admin center. -- If admins elect not to pin Copilot and indicate that users can be asked, users will be asked to pin it themselves in the Microsoft 365 app, Outlook, and Teams. -- If admins elect not to pin Microsoft Copilot and indicate that users can't be asked, Microsoft Copilot won't be available via the Microsoft 365 app, Outlook, or Teams. Users have access to Microsoft Copilot from unless that URL is blocked by the IT admin. -- If the admins make no selection, users will be asked to pin Microsoft Copilot by themselves for easy access. +- The Microsoft 365 Copilot app is pinned to the taskbar - this is the app comes preinstalled with Windows and includes convenient access to Office apps such as Word, PowerPoint, etc. +- Users that have the Microsoft 365 Copilot license have Microsoft 365 Copilot Chat pinned by default inside the Microsoft 365 Copilot app. +- Within the Microsoft 365 Copilot app, the Microsoft 365 Copilot Chat icon is situated next to the home button. + - Microsoft 365 Copilot Chat (`web` grounding chat) isn't the same as Microsoft 365 Copilot (`web` and `work` scope), which is a separate add-on license. + - Microsoft 365 Copilot Chat is available at no additional cost to customers with a Microsoft Entra account. Microsoft 365 Copilot Chat is the entry point for Copilot at work. While the Copilot chat experience helps users ground their conversations in web data, Microsoft 365 Copilot allows users to incorporate both web and work data they have access to into their conversations by switching between work and web modes in Business Chat. + - For users with the Microsoft 365 Copilot license, they can toggle between the web grounding-based chat capabilities of Microsoft 365 Copilot Chat and the work scoped chat capabilities of Microsoft 365 Copilot. +- Customers that don't have a license for Microsoft 365 Copilot are asked if they want to pin Microsoft 365 Copilot Chat to ensure they have easy access to Copilot. To set the default behavior, admins should [set taskbar pinning options](/copilot/microsoft-365/pin-copilot) in the Microsoft 365 admin center. +- If admins elect not to pin Copilot and indicate that users can be asked, users will be asked to pin it themselves in the Microsoft 365 Copilot app, Outlook, and Teams. +- If admins elect not to pin Microsoft 365 Copilot Chat and indicate that users can't be asked, Microsoft 365 Copilot Chat won't be available via the Microsoft 365 Copilot app, Outlook, or Teams. Users have access to Microsoft 365 Copilot Chat from unless that URL is blocked by the IT admin. +- If the admins make no selection, users will be asked to pin Microsoft 365 Copilot Chat by themselves for easy access. ## When will this happen? -The update to Microsoft Copilot to offer enterprise data protection is rolling out now. -The shift to the Microsoft 365 app as the entry point for Microsoft Copilot with enterprise data protection (EDP) is coming soon. Changes will be rolled out to managed PCs starting with the September 2024 optional nonsecurity preview release, and following with the October 2024 monthly security update for all supported versions of Windows 11. These changes will be applied to Windows 10 PCs the month after. This update is replacing the current Copilot in Windows experience. +The update to Microsoft 365 Copilot Chat to offer enterprise data protection is rolling out now. +The shift to Microsoft 365 Copilot Chat is coming soon. Changes will be rolled out to managed PCs starting with the September 2024 optional nonsecurity preview release, and following with the October 2024 monthly security update for all supported versions of Windows 11. These changes will be applied to Windows 10 PCs the month after. This update is replacing the current Copilot in Windows experience. -The Microsoft Copilot app will be automatically enabled after you install the Windows updates listed above if you haven't previously enabled a group policy to prevent the installation of Copilot. The [AppLocker policy](/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview) is available to control this Copilot experience before installing these Windows updates mentioned above or any subsequent Windows updates. +The Microsoft 365 Copilot app will be automatically enabled after you install the Windows updates listed above if you haven't previously enabled a group policy to prevent the installation of Copilot. The [AppLocker policy](/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview) is available to control this Copilot experience before installing these Windows updates mentioned above or any subsequent Windows updates. -Note that the Microsoft Copilot app doesn't support Microsoft Entra authentication and users trying to sing in to the app using a Microsoft Entra account will be redirected to https://copilot.cloud.microsoft/ in their default browser. For users authenticating with a Microsoft Entra account, they should access Copilot through the Microsoft 365 app as the entry point. We recommend you pin Copilot to the navigation bar of the Microsoft 365 app to enable easy access. +Note that the Microsoft 365 Copilot app doesn't support Microsoft Entra authentication and users trying to sign in to the app using a Microsoft Entra account will be redirected to https://copilot.cloud.microsoft/ in their default browser. For users authenticating with a Microsoft Entra account, they should access Copilot through the Microsoft 365 Copilot app as the entry point. We recommend you pin Copilot to the navigation bar of the Microsoft 365 Copilot app to enable easy access. ## Policy information for previous Copilot in Windows (preview) experience -Admins should configure the [pinning options](/copilot/microsoft-365/pin-copilot) to enable access to Microsoft Copilot within the Microsoft 365 app in the Microsoft 365 admin center. +Admins should configure the [pinning options](/copilot/microsoft-365/pin-copilot) to enable access to Microsoft 365 Copilot Chat within the Microsoft 365 Copilot app in the Microsoft 365 admin center. The following policy to manage Copilot in Windows (preview) will be removed in the future and is considered a legacy policy: @@ -94,31 +94,31 @@ You can remove or uninstall the Copilot app from your device by using one of the 1. Open a Windows PowerShell window. You can do this by opening the Start menu, typing `PowerShell`, and selecting **Windows PowerShell** from the results. 1. Once the PowerShell window is open, enter the following commands: ```powershell - # Get the package full name of the Microsoft Copilot app + # Get the package full name of the Microsoft 365 Copilot app $packageFullName = Get-AppxPackage -Name "Microsoft.Copilot" | Select-Object -ExpandProperty PackageFullName - # Remove the Microsoft Copilot app + # Remove the Microsoft 365 Copilot app Remove-AppxPackage -Package $packageFullName ``` ## Implications for the Copilot hardware key -The Microsoft Copilot app is now available only to consumer users authenticating with a Microsoft account and won't work for commercial users authenticating with a Microsoft Entra account. With this change, IT admins need to take steps to ensure users authenticating with a Microsoft Entra account can still access Copilot with the Copilot key. Users attempting to sign in to the Copilot app with their Microsoft Entra account will be redirected to the browser version of Microsoft Copilot with enterprise data protection (https://copilot.cloud.microsoft). +The Microsoft 365 Copilot app is now available only to consumer users authenticating with a Microsoft account and won't work for commercial users authenticating with a Microsoft Entra account. With this change, IT admins need to take steps to ensure users authenticating with a Microsoft Entra account can still access Copilot with the Copilot key. Users attempting to sign in to the Copilot app with their Microsoft Entra account will be redirected to the browser version of Microsoft 365 Copilot Chat for work (https://copilot.cloud.microsoft). -For the optimal experience, enterprise customers should go to Windows client policies, such as Group Policy or Configuration Service Provider (CSP) policies to update the target of the key to the Microsoft 365 app so that users can access Copilot within the Microsoft 365 app. End users can also configure this from the **Settings** page. +For the optimal experience, enterprise customers should go to Windows client policies, such as Group Policy or Configuration Service Provider (CSP) policies to update the target of the key to the Microsoft 365 Copilot app so that users can access Copilot within the Microsoft 365 Copilot app. End users can also configure this from the **Settings** page. -The Microsoft 365 app comes preinstalled on all Windows 11 PCs. If your organization uninstalled the Microsoft 365 app, we suggest you reinstall it from the Microsoft Store or your preferred application management solution so that the Copilot key can be remapped to the Microsoft 365 app. We also suggest you [Pin Microsoft Copilot](/copilot/microsoft-365/pin-copilot) to the navigation bar of the Microsoft 365 app. +The Microsoft 365 Copilot app comes preinstalled on all Windows 11 PCs. If your organization uninstalled the Microsoft 365 Copilot app, we suggest you reinstall it from the Microsoft Store or your preferred application management solution so that the Copilot key can be remapped to the Microsoft 365 Copilot app. We also suggest you [Pin Microsoft 365 Copilot Chat](/copilot/microsoft-365/pin-copilot) to the navigation bar of the Microsoft 365 Copilot app. -To avoid confusion for users as to which entry point for Microsoft Copilot to use, we recommend you uninstall the Copilot app. +To avoid confusion for users as to which entry point for Microsoft 365 Copilot Chat to use, we recommend you uninstall the Copilot app. Use the table below to help determine the experience for your managed organization: | Configuration | Copilot experience | Copilot key invokes | | ---| --- | --- | -| Copilot **not enabled** in environment | Neither Copilot in Windows (preview) nor the Microsoft Copilot app are present. | Windows Search | -| Copilot **enabled** + **do not authenticate** with Microsoft Entra | Copilot in Windows (preview) is removed and replaced by the Microsoft Copilot app, which is not pinned to the taskbar unless you elect to do so. | Microsoft Copilot app | -| Copilot **enabled** + **authenticate** with Microsoft Entra + **new device** | Copilot in Windows (preview) is not present. Microsoft Copilot is accessed through the Microsoft 365 app (after post-setup update). | Microsoft Copilot within the Microsoft 365 app (after post-setup update). | -| Copilot **enabled** + **authenticate** with Microsoft Entra + **existing device** | Copilot in Windows (preview) is removed. Existing users with Copilot enabled on their devices will still see the Microsoft Copilot app. | IT admins should use policy to remap the Copilot key to the Microsoft 365 app, or prompt users to choose. | +| Copilot **not enabled** in environment | Neither Copilot in Windows (preview) nor the Microsoft 365 Copilot app are present. | Windows Search | +| Copilot **enabled** + **do not authenticate** with Microsoft Entra | Copilot in Windows (preview) is removed and replaced by the Microsoft 365 Copilot app, which is not pinned to the taskbar unless you elect to do so. | Microsoft 365 Copilot app | +| Copilot **enabled** + **authenticate** with Microsoft Entra + **new device** | Copilot in Windows (preview) is not present. Microsoft 365 Copilot Chat is accessed through the Microsoft 365 Copilot app (after post-setup update). | Microsoft 365 Copilot Chat within the Microsoft 365 Copilot app (after post-setup update). | +| Copilot **enabled** + **authenticate** with Microsoft Entra + **existing device** | Copilot in Windows (preview) is removed. Existing users with Copilot enabled on their devices will still see the Microsoft 365 Copilot app. | IT admins should use policy to remap the Copilot key to the Microsoft 365 Copilot app, or prompt users to choose. | ## Policies to manage the Copilot key @@ -143,9 +143,9 @@ If you choose to provide users in your organization with the choice to manage th -If a user signed in with their Microsoft Entra account doesn't already have the key mapped to the Microsoft 365 app, they can select the app by going to **Settings** > **Personalization** > **Text input**, then selecting from the dropdown menu in the setting called **Customize Copilot key on keyboard**. This dropdown has options for: **Search**, **Custom**, or a currently mapped app if one is selected. +If a user signed in with their Microsoft Entra account doesn't already have the key mapped to the Microsoft 365 Copilot app, they can select the app by going to **Settings** > **Personalization** > **Text input**, then selecting from the dropdown menu in the setting called **Customize Copilot key on keyboard**. This dropdown has options for: **Search**, **Custom**, or a currently mapped app if one is selected. -To map the key to the Microsoft 365 app, the user should select **Custom** and then choose the Microsoft 365 app from the app picker. If this app picker is empty or doesn't include the Microsoft 365 app, they should reinstall it from the Microsoft Store. +To map the key to the Microsoft 365 Copilot app, the user should select **Custom** and then choose the Microsoft 365 Copilot app from the app picker. If this app picker is empty or doesn't include the Microsoft 365 Copilot app, they should reinstall it from the Microsoft Store. Users can also choose to have the Copilot key launch an app that is MSIX packaged and signed, ensuring the app options the Copilot key can remap to meet security and privacy requirements. From 30ec1665bdc90a979a9da0de7f4f0d2257909c34 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 10 Jan 2025 10:26:06 -0800 Subject: [PATCH 22/91] edits --- windows/client-management/manage-windows-copilot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/manage-windows-copilot.md b/windows/client-management/manage-windows-copilot.md index f87ea49216f..0a9bcbce945 100644 --- a/windows/client-management/manage-windows-copilot.md +++ b/windows/client-management/manage-windows-copilot.md @@ -20,7 +20,7 @@ appliesto: ## Enhanced data protection with enterprise data protection -The Copilot experience on Windows is changing to enhance data security, privacy, compliance, and simplify the user experience, for users signed in with a Microsoft Entra work or school account. [Microsoft 365 Copilot Chat](https://techcommunity.microsoft.com/t5/copilot-for-microsoft-365/updates-to-microsoft-copilot-to-bring-enterprise-data-protection/ba-p/4217152) is available at no additional cost and it redirects users to a new simplified interface designed for work and education. [Enterprise data protection (EDP)](/copilot/microsoft-365/enterprise-data-protection) refers to controls and commitments, under the Data Protection Addendum and Product Terms, that apply to customer data for users of Microsoft 365 and Microsoft 365 Copilot Chat. This means that security, privacy, compliance controls and commitments available for Microsoft 365 will extend to Microsoft 365 Copilot Chat prompts and responses. Prompts and responses are protected by the same terms and commitments that are widely trusted by our customers. This is an improvement on top of the previous commercial data protection (CDP) promise. This update is rolling out now. For more information, see the [Microsoft 365 Copilot Chat updates and enterprise data protection FAQ](/copilot/edpfaq). +The Copilot experience on Windows is changing to enhance data security, privacy, compliance, and simplify the user experience, for users signed in with a Microsoft Entra work or school account. [Microsoft 365 Copilot Chat](https://techcommunity.microsoft.com/t5/copilot-for-microsoft-365/updates-to-microsoft-copilot-to-bring-enterprise-data-protection/ba-p/4217152) is available at no additional cost and it redirects users to a new simplified interface designed for work and education. [Enterprise data protection (EDP)](/copilot/microsoft-365/enterprise-data-protection) refers to controls and commitments, under the Data Protection Addendum and Product Terms, that apply to customer data for users of Microsoft 365 Copilot and Microsoft 365 Copilot Chat. This means that security, privacy, compliance controls and commitments available for Microsoft 365 Copilot will extend to Microsoft 365 Copilot Chat prompts and responses. Prompts and responses are protected by the same terms and commitments that are widely trusted by our customers. This is an improvement on top of the previous commercial data protection (CDP) promise. This update is rolling out now. For more information, see the [Microsoft 365 Copilot Chat updates and enterprise data protection FAQ](/copilot/edpfaq). > [!IMPORTANT] > To streamline the user experience, updates to the Copilot entry points in Windows are being made for users. **Copilot in Windows (preview) will be removed from Windows**. The experience will slightly vary depending on whether your organization has already opted into using Copilot in Windows (preview) or not. From f025a78cde773a1480d2b06e63e88dfb8b2a1265 Mon Sep 17 00:00:00 2001 From: Megan Bradley Date: Fri, 10 Jan 2025 20:12:36 -0700 Subject: [PATCH 23/91] status --- README.md | 2 +- education/windows/tutorial-deploy-apps-winse/create-policies.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 98c771d56dd..97874f3f917 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Anyone who is interested can contribute to the topics. When you contribute, your ### Quickly update an article using GitHub.com -Contributors who only make infrequent or small updates can edit the file directly on GitHub.com without having to install any additional software. This article shows you how. [This two-minute video](https://www.microsoft.com/videoplayer/embed/RE1XQTG) also covers how to contribute. +Contributors who only make infrequent or small updates can edit the file directly on GitHub.com without having to install any additional software. This article shows you how. [This two-minute video](https://learn-video.azurefd.net/vod/player?id=b5167c5a-9c69-499b-99ac-e5467882bc92) also covers how to contribute. 1. Make sure you're signed in to GitHub.com with your GitHub account. 2. Browse to the page you want to edit on Microsoft Learn. diff --git a/education/windows/tutorial-deploy-apps-winse/create-policies.md b/education/windows/tutorial-deploy-apps-winse/create-policies.md index 6947d4612d1..e7fdd297826 100644 --- a/education/windows/tutorial-deploy-apps-winse/create-policies.md +++ b/education/windows/tutorial-deploy-apps-winse/create-policies.md @@ -54,7 +54,7 @@ To create supplemental policies, download and install the [WDAC Policy Wizard][E The following video provides an overview and explains how to create supplemental policies for apps blocked by the Windows 11 SE base policy. -> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWWReO] +> [!VIDEO https://learn-video.azurefd.net/vod/player?id=1eedb284-5592-43e7-9446-ce178953502d] ### Create a supplemental policy for Win32 apps From 8d850ff37aa40cc7702b5212d307d97317416d65 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 13 Jan 2025 11:50:59 -0500 Subject: [PATCH 24/91] migrating content --- .../disable-all-blocked-key-combinations.md | 82 ++++++++ .../configuration/keyboard-filter/index.md | 152 ++++++++++++++ ...oardfilter-add-blocked-key-combinations.md | 166 ++++++++++++++++ .../keyboardfilter-key-names.md | 185 ++++++++++++++++++ ...er-list-all-configured-key-combinations.md | 77 ++++++++ ...eyboardfilter-powershell-script-samples.md | 32 +++ .../keyboardfilter-wmi-provider-reference.md | 29 +++ .../keyboard-filter/modify-global-settings.md | 178 +++++++++++++++++ .../predefined-key-combinations.md | 166 ++++++++++++++++ .../remove-key-combination-configurations.md | 112 +++++++++++ windows/configuration/keyboard-filter/toc.yml | 53 +++++ .../keyboard-filter/wekf-customkey.md | 143 ++++++++++++++ .../keyboard-filter/wekf-customkeyadd.md | 110 +++++++++++ .../keyboard-filter/wekf-customkeyremove.md | 100 ++++++++++ .../keyboard-filter/wekf-predefinedkey.md | 129 ++++++++++++ .../wekf-predefinedkeydisable.md | 49 +++++ .../wekf-predefinedkeyenable.md | 49 +++++ .../keyboard-filter/wekf-scancode.md | 142 ++++++++++++++ .../keyboard-filter/wekf-scancodeadd.md | 58 ++++++ .../keyboard-filter/wekf-scancoderemove.md | 58 ++++++ .../keyboard-filter/wekf-settings.md | 110 +++++++++++ 21 files changed, 2180 insertions(+) create mode 100644 windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md create mode 100644 windows/configuration/keyboard-filter/index.md create mode 100644 windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md create mode 100644 windows/configuration/keyboard-filter/keyboardfilter-key-names.md create mode 100644 windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md create mode 100644 windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md create mode 100644 windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md create mode 100644 windows/configuration/keyboard-filter/modify-global-settings.md create mode 100644 windows/configuration/keyboard-filter/predefined-key-combinations.md create mode 100644 windows/configuration/keyboard-filter/remove-key-combination-configurations.md create mode 100644 windows/configuration/keyboard-filter/toc.yml create mode 100644 windows/configuration/keyboard-filter/wekf-customkey.md create mode 100644 windows/configuration/keyboard-filter/wekf-customkeyadd.md create mode 100644 windows/configuration/keyboard-filter/wekf-customkeyremove.md create mode 100644 windows/configuration/keyboard-filter/wekf-predefinedkey.md create mode 100644 windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md create mode 100644 windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md create mode 100644 windows/configuration/keyboard-filter/wekf-scancode.md create mode 100644 windows/configuration/keyboard-filter/wekf-scancodeadd.md create mode 100644 windows/configuration/keyboard-filter/wekf-scancoderemove.md create mode 100644 windows/configuration/keyboard-filter/wekf-settings.md diff --git a/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md new file mode 100644 index 00000000000..c889554cb21 --- /dev/null +++ b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md @@ -0,0 +1,82 @@ +--- +title: Disable all blocked key combinations +description: Disable all blocked key combinations +ms.assetid: 60327cc7-ef5b-4f26-8437-83b32711b6d8 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# Disable all blocked key combinations + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +The following sample Windows PowerShell script uses the WMI providers to disable all blocked key combinations for Keyboard Filter by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. The key combination configurations are not removed, but Keyboard Filter stops blocking any keys. + +## Disable-all-rules.ps1 + +```powershell +# +# Copyright (C) Microsoft. All rights reserved. +# + +<# +.Synopsis + This Windows PowerShell script shows how to enumerate all existing keyboard filter + rules and how to disable them by setting the Enabled property directly. +.Description + For each instance of WEKF_PredefinedKey, WEKF_CustomKey, and WEKF_Scancode, + set the Enabled property to false/0 to disable the filter rule, thus + allowing all key sequences through the filter. +.Parameter ComputerName + Optional parameter to specify the remote computer that this script should + manage. If not specified, the script will execute all WMI operations + locally. +#> + +param( + [String]$ComputerName +) + +$CommonParams = @{"namespace"="root\standardcimv2\embedded"} +$CommonParams += $PSBoundParameters + +Get-WMIObject -class WEKF_PredefinedKey @CommonParams | + foreach { + if ($_.Enabled) { + $_.Enabled = 0; + $_.Put() | Out-Null; + Write-Host Disabled $_.Id + } + } + +Get-WMIObject -class WEKF_CustomKey @CommonParams | + foreach { + if ($_.Enabled) { + $_.Enabled = 0; + $_.Put() | Out-Null; + Write-Host Disabled $_.Id + } + } + +Get-WMIObject -class WEKF_Scancode @CommonParams | + foreach { + if ($_.Enabled) { + $_.Enabled = 0; + $_.Put() | Out-Null; + "Disabled {0}+{1:X4}" -f $_.Modifiers,$_.Scancode + } + } +``` + +## Related topics + +[Windows PowerShell script samples for keyboard filter](keyboardfilter-powershell-script-samples.md) + +[Keyboard filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) + +[Keyboard filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/index.md b/windows/configuration/keyboard-filter/index.md new file mode 100644 index 00000000000..9d02bea46a4 --- /dev/null +++ b/windows/configuration/keyboard-filter/index.md @@ -0,0 +1,152 @@ +--- +title: Keyboard Filter +description: Keyboard Filter +author: sydbruck +ms.author: sybruckm +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# Keyboard Filter + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +You can use Keyboard Filter to suppress undesirable key presses or key combinations. Normally, a customer can use certain MicrosoftΒ Windows key combinations like Ctrl+Alt+Delete or Ctrl+Shift+Tab to alter the operation of a device by locking the screen or using Task Manager to close a running application. This behavior might not be desirable if your device is intended for a dedicated purpose. + +The Keyboard Filter feature works with physical keyboards, the Windows on-screen keyboard, and the touch keyboard. Switching from one language to another might cause the location of suppressed keys on the keyboard layout to change. Keyboard Filter detects these dynamic layout changes and continues to suppress keys correctly. + +> [!NOTE] +> Keyboard filter is not supported in a remote desktop session. + +## Terminology + +* **Turn on, enable:** Make the setting available to the device and optionally apply the settings to the device. Generally *turn on* is used in the user interface or control panel, whereas *enable* is used for command line. + +* **Configure:** To customize the setting or subsettings. + +* **Embedded Keyboard Filter:** This feature is called Embedded Keyboard Filter in WindowsΒ 10, version 1511. + +* **Keyboard Filter:** This feature is called Keyboard Filter in WindowsΒ 10, version 1607 and later. + +## Turn on Keyboard Filter + +By default, Keyboard Filter isn't turned on. You can turn Keyboard Filter on or off for your device by using the following steps. + +Turning on an off Keyboard Filter requires that you restart your device. Keyboard Filter is automatically enabled after the restart. + +### Turn on Keyboard Filter by using Control Panel + +1. In the Windows search bar, type **Turn Windows features on or off** and either press **Enter** or tap or select **Turn Windows features on or off** to open the **Windows Features** window. +1. In the **Windows Features** window, expand the **Device Lockdown** node, and select (to turn on) or clear (to turn off) the checkbox for **Keyboard Filter**. +1. Select **OK**. The **Windows Features** window indicates that Windows is searching for required files and displays a progress bar. Once found, the window indicates that Windows is applying the changes. When completed, the window indicates the requested changes are completed. +1. Restart your device to apply the changes. + +### Configure Keyboard using Unattend + +1. You can configure the Unattend settings in the [Microsoft-Windows-Embedded-KeyboardFilterService](/windows-hardware/customize/desktop/unattend/microsoft-windows-embedded-keyboardfilterservice) component to add Keyboard Filter features to your image during the design or imaging phase. +1. You can manually create an Unattend answer file or use Windows System Image Manager (Windows SIM) to add the appropriate settings to your answer file. For more information about the keyboard filter settings and XML examples, see the settings in [Microsoft-Windows-Embedded-KeyboardFilterService](/windows-hardware/customize/desktop/unattend/microsoft-windows-embedded-keyboardfilterservice). + +### Turn on and configure Keyboard Filter using Windows Configuration Designer + +The Keyboard Filter settings are also available as Windows provisioning settings so you can configure these settings to be applied during the image deployment time or runtime. You can set one or all keyboard filter settings by creating a provisioning package using Windows Configuration Designer and then applying the provisioning package during image deployment time or runtime. + +1. Build a provisioning package in Windows Configuration Designer by following the instructions in [Create a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package), selecting the **Advanced Provisioning** option. + + > [!Note] + > In the **Choose which settings to view and configure** window, choose **Common to all Windows desktop editions**. + +1. On the **Available customizations** page, select **Runtime settings** > **SMISettings**, and then set the desired values for the keyboard filter settings. +1. Once you have finished configuring the settings and building the provisioning package, you can apply the package to the image deployment time or runtime. For more information, see [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package). + +This example uses a Windows image called install.wim, but you can use the same procedure to apply a provisioning package. For more information on DISM, see [What Is Deployment Image Servicing and Management](/windows-hardware/manufacture/desktop/what-is-dism). + +### Turn on and configure Keyboard Filter by using DISM + +1. Open a command prompt with administrator privileges. +1. Enable the feature using the following command. + + ```cmd + Dism /online /Enable-Feature /FeatureName:Client-KeyboardFilter + ``` + +1. Once the script completes, restart the device to apply the change. + +## Keyboard Filter features + +Keyboard Filter has the following features: + +* Supports hardware keyboards, the standard Windows on-screen keyboard, and the touch keyboard (TabTip.exe). +* Suppresses key combinations even when they come from multiple keyboards. + + For example, if a user presses the Ctrl key and the Alt key on a hardware keyboard, while at the same time pressing Delete on a software keyboard, Keyboard Filter can still detect and suppress the Ctrl+Alt+Delete functionality. + +* Supports numeric keypads and keys designed to access media player and browser functionality. +* Can configure a key to breakout of a locked down user session to return to the Welcome screen. +* Automatically handles dynamic layout changes. +* Can be enabled or disabled for administrator accounts. +* Can force disabling of Ease of Access functionality. +* Supports x86 and x64 architectures. + +## Keyboard scan codes and layouts + +When a key is pressed on a physical keyboard, the keyboard sends a scan code to the keyboard driver. The driver then sends the scan code to the OS and the OS converts the scan code into a virtual key based on the current active layout. The layout defines the mapping of keys on the physical keyboard, and has many variants. A key on a keyboard always sends the same scan code when pressed, however this scan code can map to different virtual keys for different layouts. For example, in the English (United States) keyboard layout, the key to the right of the P key maps to β€œ{β€œ. However, in the Swedish (Sweden) keyboard layout, the same key maps to β€œΓ…β€. + +Keyboard Filter can block keys either by the scan code or the virtual key. Blocking keys by the scan code is useful for custom keyboards that have special scan codes that don't translate into any single virtual key. Blocking keys by the virtual key is more convenient because it's easier to read and Keyboard Filter suppresses the key correctly even when the location of the key changes because of a layout change. + +When you configure Keyboard Filter to block keys by using the virtual key, you must use the English names for the virtual keys. For more information about the names of the virtual keys, see keyboard filter key names. + +For the Windows on-screen keyboard, keyboard filter converts each keystroke into a scan code based on the layout, and back into a virtual key. This allows keyboard filter to suppress the on-screen keyboard keys in the same manner as physical keyboard keys if they're configured with either scan code or virtual key. + +## Keyboard Filter and ease of access features + +By default, ease of access features are enabled and Keyboard Filter is disabled for administrator accounts. + +If Sticky Keys are enabled, a user can bypass Keyboard Filter in certain situations. You can configure keyboard filter to disable all ease of access features and prevent users from enabling them. + +You can enable ease of access features for administrator accounts, while still disabling them for standard user accounts, by making sure that Keyboard Filter is disabled for administrator accounts. + +## Keyboard Filter configuration + +You can configure the following options for Keyboard Filter: + +* Set/unset predefined key combinations to be suppressed. +* Add/remove custom defined key combinations to be suppressed. +* Enable/disable keyboard filter for administrator accounts. +* Force disabling ease of access features. +* Configure a breakout key sequence to break out of a locked down account. + +Most configuration changes take effect immediately. Some changes, such as enabling or disabling Keyboard Filter for administrators, don't take effect until the user signs out of the account and then back in. If you change the breakout key scan code, you must restart the device before the change take effect. + +You can configure keyboard filter by using Windows Management Instrumentation (WMI) providers. You can use the Keyboard Filter WMI providers directly in a PowerShell script or in an application. + +For more information about Keyboard Filter WMI providers, see [Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md). + +## Keyboard breakout + +You may need to sign in to a locked down device with a different account in order to service or configure the device. You can configure a breakout key to break out of a locked down account by specifying a key scan code. A user can press this key consecutively five times to switch to the Welcome screen so that you can sign in to a different account. + +The breakout key is set to the scan code for the left Windows logo key by default. You can use the [WEKF_Settings](wekf-settings.md) WMI class to change the breakout key scan code. If you change the breakout key scan code, you must restart the device before the change takes effect. + +## Keyboard Filter considerations + +Starting a device in Safe Mode bypasses keyboard filter. The Keyboard Filter service isn't loaded in Safe Mode, and keys aren't blocked in Safe Mode. + +Keyboard filter can't block the Sleep key. + +Some hardware keys, such as rotation lock, don't have a defined virtual key. You can still block these keys by using the scan code of the key. + +The add (+), multiply (\*), subtract (-), divide (/), and decimal (.) keys have different virtual keys and scan codes on the numeric keypad than on the main keyboard. You must block both keys to block these keys. For example, to block the multiply key, you must add a rule to block β€œ\*” and a rule to block Multiply. + +When locking the screen by using the on-screen keyboard, or a combination of a physical keyboard and the on-screen keyboard, the on-screen keyboard sends an extra Windows logo key keystroke to the OS. If your device is using the WindowsΒ 10 shell and you use keyboard filter to block Windows logo key+L, the extra Windows logo key keystroke causes the shell to switch between the **Start** screen and the last active app when a user attempts to lock the device by using the on-screen keyboard, which may be unexpected behavior. + +Some custom keyboard software, such as Microsoft IntelliType Pro, can install Keyboard Filter drivers that prevent Keyboard Filter from being able to block some or all keys, typically extended keys like BrowserHome and Search. + +## In this section + +* [Keyboard Filter key names](keyboardfilter-key-names.md) +* [Predefined key combinations](predefined-key-combinations.md) +* [Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) +* [Windows PowerShell script samples for Keyboard Filter](keyboardfilter-powershell-script-samples.md) \ No newline at end of file diff --git a/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md b/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md new file mode 100644 index 00000000000..71640a4e4f4 --- /dev/null +++ b/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md @@ -0,0 +1,166 @@ +--- +title: Add blocked key combinations +description: Add blocked key combinations +ms.assetid: f51892fc-0262-4b25-b117-6e131b86fb68 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# Add blocked key combinations + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +The following sample Windows PowerShell script uses the Windows Management Instrumentation (WMI) providers for Keyboard Filter to create three functions to configure Keyboard Filter so that Keyboard Filter blocks key combinations. It demonstrates several ways to use each function. + +The first function, `Enable-Predefine-Key`, blocks key combinations that are predefined for Keyboard Filter. + +The second function, `Enable-Custom-Key`, blocks custom key combinations by using the English key names. + +The third function, `Enable-Scancode`, blocks custom key combinations by using the keyboard scan code for the key. + +## Enable-rules.ps1 + +```powershell +# +# Copyright (C) Microsoft. All rights reserved. +# + +<# +.Synopsis + This script shows how to use the built in WMI providers to enable and add + keyboard filter rules through Windows PowerShell on the local computer. +.Parameter ComputerName + Optional parameter to specify a remote machine that this script should + manage. If not specified, the script will execute all WMI operations + locally. +#> +param ( + [String] $ComputerName +) + +$CommonParams = @{"namespace"="root\standardcimv2\embedded"} +$CommonParams += $PSBoundParameters + +function Enable-Predefined-Key($Id) { + <# + .Synopsis + Toggle on a Predefined Key keyboard filter Rule + .Description + Use Get-WMIObject to enumerate all WEKF_PredefinedKey instances, + filter against key value "Id", and set that instance's "Enabled" + property to 1/true. + .Example + Enable-Predefined-Key "Ctrl+Alt+Del" + Enable CAD filtering +#> + + $predefined = Get-WMIObject -class WEKF_PredefinedKey @CommonParams | + where { + $_.Id -eq "$Id" + }; + + if ($predefined) { + $predefined.Enabled = 1; + $predefined.Put() | Out-Null; + Write-Host Enabled $Id + } else { + Write-Error "$Id is not a valid predefined key" + } +} + + +function Enable-Custom-Key($Id) { + <# + .Synopsis + Toggle on a Custom Key keyboard filter Rule + .Description + Use Get-WMIObject to enumerate all WEKF_CustomKey instances, + filter against key value "Id", and set that instance's "Enabled" + property to 1/true. + + In the case that the Custom instance does not exist, add a new + instance of WEKF_CustomKey using Set-WMIInstance. + .Example + Enable-Custom-Key "Ctrl+V" + Enable filtering of the Ctrl + V sequence. +#> + + $custom = Get-WMIObject -class WEKF_CustomKey @CommonParams | + where { + $_.Id -eq "$Id" + }; + + if ($custom) { +# Rule exists. Just enable it. + $custom.Enabled = 1; + $custom.Put() | Out-Null; + "Enabled Custom Filter $Id."; + + } else { + Set-WMIInstance ` + -class WEKF_CustomKey ` + -argument @{Id="$Id"} ` + @CommonParams | Out-Null + "Added Custom Filter $Id."; + } +} + +function Enable-Scancode($Modifiers, [int]$Code) { + <# + .Synopsis + Toggle on a Scancode keyboard filter Rule + .Description + Use Get-WMIObject to enumerate all WEKF_Scancode instances, + filter against key values of "Modifiers" and "Scancode", and set + that instance's "Enabled" property to 1/true. + + In the case that the Scancode instance does not exist, add a new + instance of WEKF_Scancode using Set-WMIInstance. + .Example + Enable-Scancode "Ctrl" 37 + Enable filtering of the Ctrl + keyboard scancode 37 (base-10) + sequence. +#> + + $scancode = + Get-WMIObject -class WEKF_Scancode @CommonParams | + where { + ($_.Modifiers -eq $Modifiers) -and ($_.Scancode -eq $Code) + } + + if($scancode) { + $scancode.Enabled = 1 + $scancode.Put() | Out-Null + "Enabled Custom Scancode {0}+{1:X4}" -f $Modifiers, $Code + } else { + Set-WMIInstance ` + -class WEKF_Scancode ` + -argument @{Modifiers="$Modifiers"; Scancode=$Code} ` + @CommonParams | Out-Null + + "Added Custom Scancode {0}+{1:X4}" -f $Modifiers, $Code + } +} + +# Some example uses of the functions defined above. +Enable-Predefined-Key "Ctrl+Alt+Del" +Enable-Predefined-Key "Ctrl+Esc" +Enable-Custom-Key "Ctrl+V" +Enable-Custom-Key "Numpad0" +Enable-Custom-Key "Shift+Numpad1" +Enable-Custom-Key "%" +Enable-Scancode "Ctrl" 37 +``` + +## Related topics + +[Windows PowerShell script samples for keyboard filter](keyboardfilter-powershell-script-samples.md) + +[Keyboard filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) + +[Keyboard filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/keyboardfilter-key-names.md b/windows/configuration/keyboard-filter/keyboardfilter-key-names.md new file mode 100644 index 00000000000..20f08c8ca2f --- /dev/null +++ b/windows/configuration/keyboard-filter/keyboardfilter-key-names.md @@ -0,0 +1,185 @@ +--- +title: Keyboard Filter key names +description: Keyboard Filter key names +ms.assetid: 5f3772bb-fdd2-4816-9994-bd2523099400 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# Keyboard Filter key names + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +You can configure Keyboard Filter to block keys or key combinations. A key combination consists of one or more modifier keys, separated by a plus sign (+), and either a key name or a key scan code. In addition to the keys listed in the following tables, you can use the predefined key combinations names as custom key combinations. However, we recommend using the predefined key settings when enabling or disabling predefined key combinations. + +The key names are grouped as follows: + +- [Modifier keys](#modifier-keys) +- [System keys](#system-keys) +- [Cursor and edit keys](#cursor-and-edit-keys) +- [State keys](#state-keys) +- [OEM keys](#oem-keys) +- [Function keys](#function-keys) +- [Numeric keypad keys](#numeric-keypad-keys) + +## Modifier keys + +You can use the modifier keys listed in the following table when you configure keyboard filter. Multiple modifiers are separated by a plus sign (+). You can also configure Keyboard Filter to block any modifier key even if it’s not part of a key combination. + +| Modifier key name | Virtual key | Description | +| ----------------- | ----------- | ----------- | +| `Ctrl` | VK_CONTROL | The Ctrl key | +| `LCtrl` | VK_LCONTROL | The left Ctrl key | +| `RCtrl` | VK_RCONTROL | The right Ctrl key | +| `Control` | VK_CONTROL | The Ctrl key | +| `LControl` | VK_LCONTROL | The left Ctrl key | +| `RControl` | VK_RCONTROL | The right Ctrl key | +| `Alt` | VK_MENU | The Alt key | +| `LAlt` | VK_LMENU | The left Alt key | +| `RAlt` | VK_RMENU | The right Alt key | +| `Shift` | VK_SHIFT | The Shift key | +| `LShift` | VK_LSHIFT | The left Shift key | +| `RShift` | VK_RSHIFT | The right Shift key | +| `Win` | VK_WIN | The Windows logo key | +| `LWin` | VK_LWIN | The left Windows logo key | +| `RWin` | VK_RWIN | The right Windows logo key | +| `Windows` | VK_WIN | The Windows logo key | +| `LWindows` | VK_LWIN | The left Windows logo key | +| `RWindows` | VK_RWIN | The right Windows key | + +## System keys + +| Modifier key name | Virtual key | Description | +| ----------------- | ----------- | ----------- | +| `Ctrl` | VK_CONTROL | The Ctrl key | +| `LCtrl` | VK_LCONTROL | The left Ctrl key | +| `RCtrl` | VK_RCONTROL | The right Ctrl key | +| `Control` | VK_CONTROL | The Ctrl key | +| `LControl` | VK_LCONTROL | The left Ctrl key | +| `RControl` | VK_RCONTROL | The right Ctrl key | +| `Alt` | VK_MENU | The Alt key | +| `LAlt` | VK_LMENU | The left Alt key | +| `RAlt` | VK_RMENU | The right Alt key | +| `Shift` | VK_SHIFT | The Shift key | +| `LShift` | VK_LSHIFT | The left Shift key | +| `RShift` | VK_RSHIFT | The right Shift key | +| `Win` | VK_WIN | The Windows logo key | +| `LWin` | VK_LWIN | The left Windows logo key | +| `RWin` | VK_RWIN | The right Windows logo key | +| `Windows` | VK_WIN | The Windows logo key | +| `LWindows` | VK_LWIN | The left Windows logo key | +| `RWindows` | VK_RWIN | The right Windows logo key + +## Cursor and edit keys + +| Key name | Virtual key | Description | +| ----------------- | ----------- | ----------- | +| `PageUp` | VK_PRIOR | The Page Up key | +| `Prior` | VK_PRIOR | The Page Up key | +| `PgUp` | VK_PRIOR | The Page Up key | +| `PageDown` | VK_NEXT | The Page Down key | +| `PgDown` | VK_NEXT | The Page Down key | +| `Next` | VK_NEXT | The Page Down key | +| `End` | VK_END | The End key | +| `Home` | VK_HOME | The Home key | +| `Left` | VK_LEFT | The Left Arrow key | +| `Up` | VK_UP | The Up Arrow key | +| `Right` | VK_RIGHT | The Right Arrow key | +| `Down` | VK_DOWN | The Down Arrow key | +| `Insert` | VK_INSERT | The Insert key | +| `Delete` | VK_DELETE | The Delete key | +| `Del` | VK_DELETE | The Delete key | +| `Separator` | VK_SEPARATOR | The Separator key | + +## State keys + +| Key name | Virtual key | Description | +| ----------------- | ----------- | ----------- | +| `NumLock` | VK_NUMLOCK | The Num Lock key | +| `ScrollLock` | VK_SCROLL | The Scroll Lock key | +| `Scroll` | VK_SCROLL | The Scroll Lock key | +| `CapsLock` | VK_CAPITAL | The Caps Lock key | +| `Capital` | VK_CAPITAL | The Caps Lock key | + +## OEM keys + +| Key name | Virtual key | Description | +| ----------------- | ----------- | ----------- | +| `KeypadEqual` | VK_OEM_NEC_EQUAL | The Equals (=) key on the numeric keypad (OEM-specific) | +| `Dictionary` | VK_OEM_FJ_JISHO | The Dictionary key (OEM-specific) | +| `Unregister` | VK_OEM_FJ_MASSHOU | The Unregister Word key (OEM-specific) | +| `Register` | VK_OEM_FJ_TOUROKU | The Register Word key (OEM-specific) | +| `LeftOyayubi` | VK_OEM_FJ_LOYA | The Left OYAYUBI key (OEM-specific) | +| `RightOyayubi` | VK_OEM_FJ_ROYA | The Right OYAYUBI key (OEM-specific) | +| `OemPlus` | VK_OEM_PLUS | For any country/region, the Plus Sign (+) key | +| `OemComma` | VK_OEM_COMMA | For any country/region, the Comma (,) key | +| `OemMinus` | VK_OEM_MINUS | For any country/region, the Minus Sign (-) key | +| `OemPeriod` | VK_OEM_PERIOD | For any country/region, the Period (.) key | +| `Oem1` | VK_OEM_1 | Varies by keyboard | +| `Oem2` | VK_OEM_2 | Varies by keyboard | +| `Oem3` | VK_OEM_3 | Varies by keyboard | +| `Oem4` | VK_OEM_4 | Varies by keyboard | +| `Oem5` | VK_OEM_5 | Varies by keyboard | +| `Oem6` | VK_OEM_6 | Varies by keyboard | +| `Oem7` | VK_OEM_7 | Varies by keyboard | +| `Oem8` | VK_OEM_8 | Varies by keyboard | +| `OemAX` | VK_OEM_AX | The AX key on a Japanese AX keyboard | +| `Oem102` | VK_OEM_102 | Either the angle bracket key or the backslash key on the RT 102-key keyboard | + +## Function keys + +| Key name | Virtual key | Description | +| ----------------- | ----------- | ----------- | +| `F1` | VK_F1 | The F1 key | +| `F2` | VK_F2 | The F2 key | +| `F3` | VK_F3 | The F3 key | +| `F4` | VK_F4 | The F4 key | +| `F5` | VK_F5 | The F5 key | +| `F6` | VK_F6 | The F6 key | +| `F7` | VK_F7 | The F7 key | +| `F8` | VK_F8 | The F8 key | +| `F9` | VK_F9 | The F9 key | +| `F10` | VK_F10 | The F10 key | +| `F11` | VK_F11 | The F11 key | +| `F12` | VK_F12 | The F12 key | +| `F13` | VK_F13 | The F13 key | +| `F14` | VK_F14 | The F14 key | +| `F15` | VK_F15 | The F15 key | +| `F16` | VK_F16 | The F16 key | +| `F17` | VK_F17 | The F17 key | +| `F18` | VK_F18 | The F18 key | +| `F19` | VK_F19 | The F19 key | +| `F20` | VK_F20 | The F20 key | +| `F21` | VK_F21 | The F21 key | +| `F22` | VK_F22 | The F22 key | +| `F23` | VK_F23 | The F23 key | +| `F24` | VK_F24 | The F24 key | + +## Numeric keypad keys + +| Key name | Virtual key | Description | +| ----------------- | ----------- | ----------- | +| `Numpad0` | VK_NUMPAD0 | The 0 key on the numeric keypad | +| `Numpad1` | VK_NUMPAD1 | The 1 key on the numeric keypad | +| `Numpad2` | VK_NUMPAD2 | The 2 key on the numeric keypad | +| `Numpad3` | VK_NUMPAD3 | The 3 key on the numeric keypad | +| `Numpad4` | VK_NUMPAD4 | The 4 key on the numeric keypad | +| `Numpad5` | VK_NUMPAD5 | The 5 key on the numeric keypad | +| `Numpad6` | VK_NUMPAD6 | The 6 key on the numeric keypad | +| `Numpad7` | VK_NUMPAD7 | The 7 key on the numeric keypad | +| `Numpad8` | VK_NUMPAD8 | The 8 key on the numeric keypad | +| `Numpad9` | VK_NUMPAD9 | The 9 key on the numeric keypad | +| `Multiply` | VK_MULTIPLY | The Multiply (*) key on the numeric keypad | +| `Add` | VK_ADD | The Add (+) key on the numeric keypad | +| `Subtract` | VK_SUBTRACT | The Subtract (-) key on the numeric keypad | +| `Decimal` | VK_DECIMAL | The Decimal (.) key on the numeric keypad | +| `Divide` | VK_DIVIDE | The Divide (/) key on the numeric keypad | + +## Related articles + +- [Keyboard filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md b/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md new file mode 100644 index 00000000000..4213a90fad1 --- /dev/null +++ b/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md @@ -0,0 +1,77 @@ +--- +title: List all configured key combinations +description: List all configured key combinations +ms.assetid: b5ffa47e-87ea-4df4-9291-f37f6b23683b +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# List all configured key combinations + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +The following sample Windows PowerShell script uses the Windows Management Instrumentation (WMI) providers for Keyboard Filter to displays all key combination configurations for Keyboard Filter. + +## List-rules.ps1 + +```powershell +# +# Copyright (C) Microsoft. All rights reserved. +# + +<# +.Synopsis + Enumerate all active keyboard filter rules on the system. +.Description + For each instance of WEKF_PredefinedKey, WEKF_CustomKey, and WEKF_Scancode, + get the Enabled property. If Enabled, then output a short description + of the rule. +.Parameter ComputerName + Optional parameter to specify the remote machine that this script should + manage. If not specified, the script will execute all WMI operations + locally. +#> +param ( + [String] $ComputerName +) + +$CommonParams = @{"namespace"="root\standardcimv2\embedded"} +$CommonParams += $PSBoundParameters + +write-host Enabled Predefined Keys -foregroundcolor cyan +Get-WMIObject -class WEKF_PredefinedKey @CommonParams | + foreach { + if ($_.Enabled) { + write-host $_.Id + } + } + +write-host Enabled Custom Keys -foregroundcolor cyan +Get-WMIObject -class WEKF_CustomKey @CommonParams | + foreach { + if ($_.Enabled) { + write-host $_.Id + } + } + +write-host Enabled Scancodes -foregroundcolor cyan +Get-WMIObject -class WEKF_Scancode @CommonParams | + foreach { + if ($_.Enabled) { + "{0}+{1:X4}" -f $_.Modifiers, $_.Scancode + } + } +``` + +## Related topics + +[Windows PowerShell script samples for keyboard filter](keyboardfilter-powershell-script-samples.md) + +[Keyboard filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) + +[Keyboard filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md b/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md new file mode 100644 index 00000000000..1a1edf9deca --- /dev/null +++ b/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md @@ -0,0 +1,32 @@ +--- +title: Windows PowerShell script samples for Keyboard Filter +description: Windows PowerShell script samples for Keyboard Filter +ms.assetid: ba5dbfc3-05a6-44d7-aac9-1f9b328d0df7 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# Windows PowerShell script samples for Keyboard Filter + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +The list below describes sample Windows PowerShell scripts that demonstrate how to use the Windows Management Instrumentation (WMI) providers for Keyboard Filter. + +| Script | Description | +| ------ | ----------- | +| [Add blocked key combinations](keyboardfilter-add-blocked-key-combinations.md) | Demonstrates how to block key combinations for Keyboard Filter.| +| [Disable all blocked key combinations](disable-all-blocked-key-combinations.md) | Demonstrates how to disable all blocked key combinations for Keyboard Filter. | +| [List all configured key combinations](keyboardfilter-list-all-configured-key-combinations.md) | Demonstrates how to list all defined key combination configurations for Keyboard Filter. | +| [Modify global settings](modify-global-settings.md) | Demonstrates how to modify global settings for Keyboard Filter. | +| [Remove key combination configurations](remove-key-combination-configurations.md) | Demonstrates how to remove a custom defined key combination configuration for Keyboard Filter. | + +## Related topics + +[Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) + +[Keyboard Filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md b/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md new file mode 100644 index 00000000000..313f51096bb --- /dev/null +++ b/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md @@ -0,0 +1,29 @@ +--- +title: Keyboard Filter WMI provider reference +description: Keyboard Filter WMI provider reference +ms.assetid: d17428d9-47e3-4510-b2cf-d4b4883687c1 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# Keyboard Filter WMI provider reference + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +Describes the Windows Management Instrumentation (WMI) provider classes that you use to configure Keyboard Filter during run time. + +| WMI Provider Class | Description | +| ------------------ | ----------- | +| [WEKF_CustomKey](wekf-customkey.md) | Blocks or unblocks custom defined key combinations. | +| [WEKF_PredefinedKey](wekf-predefinedkey.md) | Blocks or unblocks predefined key combinations. | +| [WEKF_Scancode](wekf-scancode.md) | Blocks or unblocks key combinations by using keyboard scan codes. | +| [WEKF_Settings](wekf-settings.md) | Enables or disables settings for Keyboard Filter. | + +## Related topics + +[Keyboard filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/modify-global-settings.md b/windows/configuration/keyboard-filter/modify-global-settings.md new file mode 100644 index 00000000000..925c04babb0 --- /dev/null +++ b/windows/configuration/keyboard-filter/modify-global-settings.md @@ -0,0 +1,178 @@ +--- +title: Modify global settings +description: Modify global settings +ms.assetid: b1388f15-e3a4-4513-8721-8ba3ce19747a +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# Modify global settings + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +The following sample Windows PowerShell scripts use the Windows Management Instrumentation (WMI) providers to modify global settings for Keyboard Filter. + +The function **Get-Setting** retrieves the value of a global setting for Keyboard Filter. + +In the first script, the function **Set-DisableKeyboardFilterForAdministrators** modifies the value of the **DisableKeyboardFilterForAdministrators** setting. + +In the second script, the function **Set-ForceOffAccessibility** modifies the value of the **ForceOffAccessibility** setting. + +## Set-DisableKeyboardFilterForAdministrators.ps1 + +```powershell +# +# Copyright (C) Microsoft. All rights reserved. +# + +<# +.Synopsis + This script shows how to enumerate WEKF_Settings to find global settings + that can be set on the keyboard filter. In this specific script, the + global setting to be set is "DisableKeyboardFilterForAdministrators". +.Parameter ComputerName + Optional parameter to specify a remote computer that this script should + manage. If not specified, the script will execute all WMI operations + locally. +.Parameter On + Switch if present that sets "DisableKeyboardFilterForAdministrators" to + true. If not present, sets the setting to false. +#> + +param ( + [Switch] $On = $False, + [String] $ComputerName +) + +$CommonParams = @{"namespace"="root\standardcimv2\embedded"}; +if ($PSBoundParameters.ContainsKey("ComputerName")) { + $CommonParams += @{"ComputerName" = $ComputerName}; +} + +function Get-Setting([String] $Name) { + <# + .Synopsis + Get a WMIObject by name from WEKF_Settings + .Parameter Name + The name of the setting, which is the key for the WEKF_Settings class. +#> + $Entry = Get-WMIObject -class WEKF_Settings @CommonParams | + where { + $_.Name -eq $Name + } + + return $Entry +} + +function Set-DisableKeyboardFilterForAdministrators([Bool] $Value) { + <# + .Synopsis + Set the DisableKeyboardFilterForAdministrators setting to true or + false. + .Description + Set DisableKeyboardFilterForAdministrators to true or false based + on $Value + .Parameter Value + A Boolean value +#> + + $Setting = Get-Setting("DisableKeyboardFilterForAdministrators") + if ($Setting) { + if ($Value) { + $Setting.Value = "true" + } else { + $Setting.Value = "false" + } + $Setting.Put() | Out-Null; + } else { + Write-Error "Unable to find DisableKeyboardFilterForAdministrators setting"; + } +} + +Set-DisableKeyboardFilterForAdministrators $On +``` + +## Set-ForceOffAccessibility.ps1 + +```powershell +# +# Copyright (C) Microsoft. All rights reserved. +# + +<# +.Synopsis + This script shows how to enumerate WEKF_Settings to find global settings + that can be set on the keyboard filter. In this specific script, the + global setting to be set is "ForceOffAccessibility". +.Parameter ComputerName + Optional parameter to specify a remote computer that this script should + manage. If not specified, the script will execute all WMI operations + locally. +.Parameter Enabled + Switch if present that sets "ForceOffAccessibility" to true. If not + present, sets the setting to false. +#> + +param ( + [Switch] $Enabled = $False, + [String] $ComputerName +) + +$CommonParams = @{"namespace"="root\standardcimv2\embedded"}; +if ($PSBoundParameters.ContainsKey("ComputerName")) { + $CommonParams += @{"ComputerName" = $ComputerName}; +} + +function Get-Setting([String] $Name) { + <# + .Synopsis + Get a WMIObject by name from WEKF_Settings + .Parameter Name + The name of the setting, which is the key for the WEKF_Settings class. +#> + $Entry = Get-WMIObject -class WEKF_Settings @CommonParams | + where { + $_.Name -eq $Name + } + + return $Entry +} + +function Set-ForceOffAccessibility([Bool] $Value) { + <# + .Synopsis + Set the ForceOffAccessibility setting to true or false. + .Description + Set ForceOffAccessibility to true or false based on $Value + .Parameter Value + A Boolean value +#> + + $Setting = Get-Setting("ForceOffAccessibility") + if ($Setting) { + if ($Value) { + $Setting.Value = "true" + } else { + $Setting.Value = "false" + } + $Setting.Put() | Out-Null; + } else { + Write-Error "Unable to find ForceOffAccessibility setting"; + } +} + +Set-ForceOffAccessibility $Enabled +``` + +## Related topics + +[Windows PowerShell script samples for keyboard filter](keyboardfilter-powershell-script-samples.md) + +[WEKF_Settings](wekf-settings.md) + +[Keyboard filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/predefined-key-combinations.md b/windows/configuration/keyboard-filter/predefined-key-combinations.md new file mode 100644 index 00000000000..8b0faf9e70d --- /dev/null +++ b/windows/configuration/keyboard-filter/predefined-key-combinations.md @@ -0,0 +1,166 @@ +--- +title: Predefined key combinations +description: Predefined key combinations +ms.assetid: 9fc86f03-6d9e-4899-a4b7-fa8ad7835c65 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# Predefined key combinations + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +This topic lists a set of key combinations that are predefined by a keyboard filter. You can list the value of the WEKF_PredefinedKey.Id to get a complete list of key combinations defined by a keyboard filter. + +You can use the values in the WEKF_PredefinedKey.Id column to configure the Windows Management Instrumentation (WMI) class [WEKF_PredefinedKey](wekf-predefinedkey.md). + +## Accessibility keys + +The following table contains predefined key combinations for accessibility: + +| Key combination | WEKF_PredefinedKey.Id | Blocked behavior | +|:-------------------------------------|:--------------------------|:----------------------------| +| Left Alt + Left Shift + Print Screen | **LShift+LAlt+PrintScrn** | Open High Contrast. | +| Left Alt + Left Shift + Num Lock | **LShift+LAlt+NumLock** | Open Mouse Keys. | +| Windows logo key + U | **Win+U** | Open Ease of Access Center. | + +## Application keys + +The following table contains predefined key combinations for controlling application state: + +| Key combination | WEKF_PredefinedKey.Id | Blocked behavior | +|:----------------------|:----------------------|:-------------------| +| Alt + F4 | **Alt+F4** | Close application. | +| Ctrl + F4 | **Ctrl+F4** | Close window. | +| Windows logo key + F1 | **Win+F1** | Open Windows Help. | + +## Shell keys + +The following table contains predefined key combinations for general UI control: + +| Key combination | WEKF_PredefinedKey.Id | Blocked behavior | +|:---------------------------------------|:----------------------|:-------------------------------------------------------------------------------------------------------------------------------------| +| Alt + Spacebar | **Alt+Space** | Open shortcut menu for the active window. | +| Ctrl + Esc | **Ctrl+Esc** | Open the Start screen. | +| Ctrl + Windows logo key + F | **Ctrl+Win+F** | Open Find Computers. | +| Windows logo key + Break | **Win+Break** | Open System dialog box. | +| Windows logo key + E | **Win+E** | Open Windows Explorer. | +| Windows + F | **Win+F** | Open Search. | +| Windows logo key + P | **Win+P** | Cycle through Presentation Mode. Also blocks the Windows logo key + Shift + P and the Windows logo key + Ctrl + P key combinations. | +| Windows logo key + R | **Win+R** | Open Run dialog box. | +| Alt + Tab | **Alt+Tab** | Switch task. Also blocks the Alt + Shift + Tab key combination. | +| Ctrl + Tab | **Ctrl+Tab** | Switch window. | +| Windows logo key + Tab | **Win+Tab** | Cycle through Microsoft Store apps. Also blocks the Windows logo key + Ctrl + Tab and Windows logo key + Shift + Tab key combinations. | +| Windows logo key + D | **Win+D** | Show desktop. | +| Windows logo key + M | **Win+M** | Minimize all windows. | +| Windows logo key + Home | **Win+Home** | Minimize or restore all inactive windows. | +| Windows logo key + T | **Win+T** | Set focus on taskbar and cycle through programs. | +| Windows logo key + B | **Win+B** | Set focus in the notification area. | +| Windows logo key + Minus Sign | **Win+-** | Zoom out. | +| Windows logo key + Plus Sign | **Win++** | Zoom in. | +| Windows logo key + Esc | **Win+Esc** | Close Magnifier application. | +| Windows logo key + Up Arrow | **Win+Up** | Maximize the active window. | +| Windows logo key + Down Arrow | **Win+Down** | Minimize the active window. | +| Windows logo key + Left Arrow | **Win+Left** | Snap the active window to the left half of screen. | +| Windows logo key + Right Arrow | **Win+Right** | Snap the active window to the right half of screen. | +| Windows logo key + Shift + Up Arrow | **Win+Shift+Up** | Maximize the active window vertically. | +| Windows logo key + Shift + Down Arrow | **Win+Shift+Down** | Minimize the active window. | +| Windows logo key + Shift + Left Arrow | **Win+Shift+Left** | Move the active window to left monitor. | +| Windows logo key + Shift + Right Arrow | **Win+Shift+Right** | Move the active window to right monitor. | +| Windows logo key + Spacebar | **Win+Space** | Switch layout. | +| Windows logo key + O | **Win+O** | Lock device orientation. | +| Windows logo key + Page Up | **Win+PageUp** | Move a Microsoft Store app to the left monitor. | +| Windows logo key + Page Down | **Win+PageDown** | Move a Microsoft Store app to right monitor. | +| Windows logo key + Period | **Win+.** | Snap the current screen to the left or right gutter. Also blocks the Windows logo key + Shift + Period key combination. | +| Windows logo key + C | **Win+C** | Activate Cortana in listening mode (after user has enabled the shortcut through the UI). | +| Windows logo key + I | **Win+I** | Open Settings charm. | +| Windows logo key + K | **Win+K** | Open Connect charm. | +| Windows logo key + H | **Win+H** | Start dictation. | +| Windows logo key + Q | **Win+Q** | Open Search charm. | +| Windows logo key + W | **Win+W** | Open Windows Ink workspace. | +| Windows logo key + Z | **Win+Z** | Open app bar. | +| Windows logo key + / | **Win+/** | Open input method editor (IME). | +| Windows logo key + J | **Win+J** | Swap between snapped and filled applications. | +| Windows logo key + Comma | **Win+,** | Peek at the desktop. | +| Windows logo key + V | **Win+V** | Cycle through toasts in reverse order. | + +## Modifier keys + +The following table contains predefined key combinations for modifier keys (such as Shift and Ctrl): + +| Key combination | WEKF_PredefinedKey.Id | Blocked key | +|:-----------------|:----------------------|:-----------------------| +| Alt | **Alt** | Both Alt keys | +| Application | **Application** | Application key | +| Ctrl | **Ctrl** | Both Ctrl keys | +| Shift | **Shift** | Both Shift keys | +| Windows logo key | **Windows** | Both Windows logo keys | + +## Security keys + +The following table contains predefined key combinations for OS security: + +| Key combination | WEKF_PredefinedKey.Id | Blocked behavior | +|:-----------------------|:----------------------|:----------------------------------| +| Ctrl + Alt + Delete | **Ctrl+Alt+Del** | Open the Windows Security screen. | +| Ctrl + Shift + Esc | **Shift+Ctrl+Esc** | Open Task Manager. | +| Windows logo key + L | **Win+L** | Lock the device. | + +## Extended shell keys + +The following table contains predefined key combinations for extended shell functions (such as automatically opening certain apps): + +| Key combination | WEKF_PredefinedKey.Id | Blocked key | +|:--------------------|:----------------------|:------------------------| +| LaunchMail | **LaunchMail** | Start Mail key | +| LaunchMediaSelect | **LaunchMediaSelect** | Select Media key | +| LaunchApp1 | **LaunchApp1** | Start Application 1 key | +| LaunchApp2 | **LaunchApp2** | Start Application 2 key | + +## Browser keys + +The following table contains predefined key combinations for controlling the browser: + +| Key combination | WEKF_PredefinedKey.Id | Blocked key | +|:-----------------|:----------------------|:---------------------------| +| BrowserBack | **BrowserBack** | Browser Back key | +| BrowserForward | **BrowserForward** | Browser Forward key | +| BrowserRefresh | **BrowserRefresh** | Browser Refresh key | +| BrowserStop | **BrowserStop** | Browser Stop key | +| BrowserSearch | **BrowserSearch** | Browser Search key | +| BrowserFavorites | **BrowserFavorites** | Browser Favorites key | +| BrowserHome | **BrowserHome** | Browser Start and Home key | + +## Media keys + +The following table contains predefined key combinations for controlling media playback: + +| Key combination | WEKF_PredefinedKey.Id | Blocked key | +|:----------------|:----------------------|:---------------------| +| VolumeMute | **VolumeMute** | Volume Mute key | +| VolumeDown | **VolumeDown** | Volume Down key | +| VolumeUp | **VolumeUp** | Volume Up key | +| MediaNext | **MediaNext** | Next Track key | +| MediaPrev | **MediaPrev** | Previous Track key | +| MediaStop | **MediaStop** | Stop Media key | +| MediaPlayPause | **MediaPlayPause** | Play/Pause Media key | + +## Microsoft Surface keyboard keys + +The following table contains predefined key combinations for Microsoft Surface devices: + +| Key combination | WEKF_PredefinedKey.Id | Blocked key | +|:------------------------------|:----------------------|:-------------| +| Left Alt + Windows logo key | **AltWin** | Share key | +| Left Ctrl + Windows logo key | **CtrlWin** | Devices key | +| Left Shift + Windows logo key | **ShiftWin** | Search key | +| F21 | **F21** | Settings key | + +## Related topics + +[Keyboard filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/remove-key-combination-configurations.md b/windows/configuration/keyboard-filter/remove-key-combination-configurations.md new file mode 100644 index 00000000000..8c6295af73a --- /dev/null +++ b/windows/configuration/keyboard-filter/remove-key-combination-configurations.md @@ -0,0 +1,112 @@ +--- +title: Remove key combination configurations +description: Remove key combination configurations +ms.assetid: 14f61d51-834b-4d15-8024-6728f0c8bc9c +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# Remove key combination configurations + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +The following sample Windows PowerShell script uses the Windows Management Instrumentation (WMI) providers for Keyboard Filter to create two functions to remove custom-defined key combination configurations from Keyboard Filter. It demonstrates several ways to use each function. + +The first function, **Remove-Custom-Key**, removes custom key combination configurations. + +The second function, **Remove-Scancode**, removes custom scan code configurations. + +You cannot remove the predefined key combination configurations for Keyboard Filter, but you can disable them. + +## Remove-rules.ps1 + +```powershell +# +# Copyright (C) Microsoft. All rights reserved. +# + +<# +.Synopsis + This script shows how to use the build in WMI providers to remove keyboard filter rules. Rules of type WEKF_PredefinedKey cannot be removed. +.Parameter ComputerName + Optional parameter to specify the remote computer that this script should + manage. If not specified, the script will execute all WMI operations + locally. +#> + +param( + [string] $ComputerName +) + +$CommonParams = @{"namespace"="root\standardcimv2\embedded"} +$CommonParams += $PSBoundParameters + +function Remove-Custom-Key($Id) { + <# + .Synopsis + Remove an instance of WEKF_CustomKey + .Description + Enumerate all instances of WEKF_CustomKey. When an instance has an + Id that matches $Id, delete it. + .Example + Remove-Custom-Key "Ctrl+V" + + This removes the instance of WEKF_CustomKey with a key Id of "Ctrl+V" +#> + + $customInstance = Get-WMIObject -class WEKF_CustomKey @CommonParams | + where {$_.Id -eq $Id} + + if ($customInstance) { + $customInstance.Delete(); + "Removed Custom Filter $Id."; + } else { + "Custom Filter $Id does not exist."; + } +} + +function Remove-Scancode($Modifiers, [int]$Code) { + <# + .Synopsis + Remove and instance of WEKF_Scancode + .Description + Enumerate all instances of WEKF_Scancode. When an instance has a + matching modifiers and code, delete it. + .Example + Remove-Scancode "Ctrl" 37 + + This removes the instance of WEKF_Scancode with Modifiers="Ctrl" and + Scancode=37. +#> + + $scancodeInstance = Get-WMIObject -class WEKF_Scancode @CommonParams | + where {($_.Modifiers -eq $Modifiers) -and ($_.Scancode -eq $Code)} + + if ($scancodeInstance) { + $scancodeInstance.Delete(); + "Removed Scancode $Modifiers+$Code."; + } else { + "Scancode $Modifiers+$Code does not exist."; + } +} + +# Some example uses of the functions defined above. +Remove-Custom-Key "Ctrl+V" +Remove-Custom-Key "Numpad0" +Remove-Custom-Key "Shift+Numpad1" +Remove-Custom-Key "%" +Remove-Scancode "Ctrl" 37 +``` + +## Related topics + +[Windows PowerShell script samples for keyboard filter](keyboardfilter-powershell-script-samples.md) + +[Keyboard filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) + +[Keyboard filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/toc.yml b/windows/configuration/keyboard-filter/toc.yml new file mode 100644 index 00000000000..7c09e1a75c7 --- /dev/null +++ b/windows/configuration/keyboard-filter/toc.yml @@ -0,0 +1,53 @@ +items: +- name: Keyboard Filter + items: + - name: About keyboard filter + href: index.md + - name: Key Names + href: keyboardfilter-key-names.md + - name: Predefined Key Combinations + href: keyboardfilter-list-all-configured-key-combinations.md + - name: WMI Provider Reference + items: + - name: Overview + href: keyboardfilter-wmi-provider-reference.md + - name: Class WEKF_CustomKey + items: + - name: Overview + href: wekf-customkey.md + - name: Add + href: wekf-customkeyadd.md + - name: Remove + href: wekf-customkeyremove.md + - name: Class WEKF_PredefinedKey + items: + - name: Overview + href: wekf-predefinedkey.md + - name: Disable + href: wekf-predefinedkeydisable.md + - name: Enable + href: wekf-predefinedkeyenable.md + - name: Class WEKF_Scancode + items: + - name: Overview + href: wekf-scancode.md + - name: Add + href: wekf-scancodeadd.md + - name: Remove + href: wekf-scancoderemove.md + - name: Class WEKF-Settings + href: wekf-settings.md + - name: PowerShell script samples + items: + - name: Overview + href: keyboardfilter-powershell-script-samples.md + - name: Add blocked key Combinations + href: keyboardfilter-add-blocked-key-combinations.md + - name: Disable all blocked key Combinations + href: disable-all-blocked-key-combinations.md + - name: List all configured key combinations + href: keyboardfilter-list-all-configured-key-combinations.md + - name: Modify global settings + href: modify-global-settings.md + - name: Remove key combination configurations + href: remove-key-combination-configurations.md \ No newline at end of file diff --git a/windows/configuration/keyboard-filter/wekf-customkey.md b/windows/configuration/keyboard-filter/wekf-customkey.md new file mode 100644 index 00000000000..607ca538e39 --- /dev/null +++ b/windows/configuration/keyboard-filter/wekf-customkey.md @@ -0,0 +1,143 @@ +--- +title: WEKF_CustomKey +description: WEKF_CustomKey +ms.assetid: 7d67c0ce-844c-4534-96d4-2c7f21a69c8e +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# WEKF_CustomKey + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +Adds or removes custom-defined key combinations. + +## Syntax + +```powershell +class WEKF_CustomKey { + [Static] uint32 Add( + [In] string CustomKey + ); + [Static] uint32 Remove( + [In] string CustomKey + ); + + [Key] string Id; + [Read, Write] boolean Enabled; +}; +``` + +## Members + +The following tables list any methods and properties that belong to this class. + +### Methods + +| Methods | Description | +|---------|-------------| +| [WEKF_CustomKey.Add](wekf-customkeyadd.md) | Creates a new custom key combination and enables Keyboard Filter to block the new key combination. | +| [WEKF_CustomKey.Remove](wekf-customkeyremove.md) | Removes the specified custom key combination. Keyboard Filter stops blocking the key combination that was removed. | + +### Properties + +| Property | Data type | Qualifiers | Description | +|----------|----------------|------------|--------------| +| **Id** | string | [key] | The name of the custom key combination. | +| **Enabled** | Boolean | [read, write] | Indicates if the key is blocked or unblocked. This property can be one of the following values
- **true** Indicates that the key is blocked.
- **false** Indicates that the key is not blocked. | + +### Remarks + +You can specify key combinations by including the modifier keys in the name. The most common modifier names are β€œCtrl”, β€œShift”, β€œAlt”, and β€œWin”. You cannot block a combination of non-modifier keys. For example, you can block a key combination of β€œCtrl+Shift+F”, but you cannot block a key combination of β€œA+D”. + +When you block a shift-modified key, you must enter the key as β€œShift” + the unmodified key. For example, to block the % key on an English keyboard layout, you must specify the key as β€œShift+5”. Attempting to block β€œ%”, results in Keyboard Filter blocking β€œ5” instead. + +When you specify the key combination to block, you must use the English names for the keys. For a list of the key names you can specify, see Keyboard Filter key names. + +## Example + +The following code demonstrates how to add or enable a custom key combination that Keyboard Filter will block by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. This example modifies the properties directly and does not call any of the methods defined in **WEKF_CustomKey**. + +```powershell +<# +.Synopsis + This script shows how to use the WMI provider to enable and add + Keyboard Filter rules through Windows PowerShell on the local computer. +.Parameter ComputerName + Optional parameter to specify a remote machine that this script should + manage. If not specified, the script will execute all WMI operations + locally. +#> +param ( + [String] $ComputerName +) + +$CommonParams = @{"namespace"="root\standardcimv2\embedded"} +$CommonParams += $PSBoundParameters + +function Enable-Custom-Key($Id) { + <# + .Synopsis + Toggle on a Custom Key Keyboard Filter Rule + .Description + Use Get-WMIObject to enumerate all WEKF_CustomKey instances, + filter against key value "Id", and set that instance's "Enabled" + property to 1/true. + + In the case that the Custom instance does not exist, add a new + instance of WEKF_CustomKey using Set-WMIInstance. + .Example + Enable-Custom-Key "Ctrl+V" + + Enable filtering of the Ctrl + V sequence. +#> + + $custom = Get-WMIObject -class WEKF_CustomKey @CommonParams | + where { + $_.Id -eq "$Id" + }; + + if ($custom) { +# Rule exists. Just enable it. + $custom.Enabled = 1; + $custom.Put() | Out-Null; + "Enabled Custom Filter $Id."; + + } else { + Set-WMIInstance ` + -class WEKF_CustomKey ` + -argument @{Id="$Id"} ` + @CommonParams | Out-Null + + "Added Custom Filter $Id."; + } +} + + +# Some example uses of the function defined above. + +Enable-Custom-Key "Ctrl+V" +Enable-Custom-Key "Numpad0" +Enable-Custom-Key "Shift+Numpad1" +``` + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +[Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) + +[Keyboard Filter key names](keyboardfilter-key-names.md) diff --git a/windows/configuration/keyboard-filter/wekf-customkeyadd.md b/windows/configuration/keyboard-filter/wekf-customkeyadd.md new file mode 100644 index 00000000000..763fca105ba --- /dev/null +++ b/windows/configuration/keyboard-filter/wekf-customkeyadd.md @@ -0,0 +1,110 @@ +--- +title: WEKF_CustomKey.Add +description: WEKF_CustomKey.Add +ms.assetid: 59040e1b-1706-476b-9d7c-2279b20c47b4 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# WEKF_CustomKey.Add + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +Creates a new custom key combination and enables Keyboard Filter to block the new key combination. + +## Syntax + +```powershell +[Static] uint32 Add( + [In] string CustomKey +); +``` + +## Parameters + +**CustomKey**
\[in\] The custom key combination to add. For a list of valid key names, see [Keyboard Filter key names](keyboardfilter-key-names.md). + +## Return Value + +Returns an HRESULT value that indicates a [WMI Non-Error Constant](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI Error Constant](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +**WEKF_CustomKey.Add** creates a new **WEKF_CustomKey** object and sets the **Enabled** property of the new object to **true**, and the **Id** property to *CustomKey*. + +If a **WEKF_CustomKey** object already exists with the **Id** property equal to *CustomKey*, then **WEKF_CustomKey.Add** returns an error code and does not create a new object or modify any properties of the existing object. If the existing **WEKF_CustomKey** object has the **Enabled** property set to **false**, Keyboard Filter does not block the custom key combination. + +## Example + +The following code demonstrates how to add or enable a custom key that Keyboard Filter will block by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. + +```powershell +$COMPUTER = "localhost" +$NAMESPACE = "root\standardcimv2\embedded" + +# Create a handle to the class instance so we can call the static methods +$classCustomKey = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WEKF_CustomKey" + +# Create a function to add or enable a key combination for Keyboard Filter to block +function Enable-Custom-Key($KeyId) { + +# Check to see if the custom key object already exists + $objCustomKey = Get-WMIObject -namespace $NAMESPACE -class WEKF_CustomKey | + where {$_.Id -eq "$KeyId"}; + + if ($objCustomKey) { + +# The custom key already exists, so just enable it + $objCustomKey.Enabled = 1; + $objCustomKey.Put() | Out-Null; + "Enabled ${KeyId}."; + + } else { + +# Create a new custom key object by calling the static Add method + $retval = $classCustomKey.Add($KeyId); + +# Check the return value to verify that the Add is successful + if ($retval.ReturnValue -eq 0) { + "Added ${KeyID}." + } else { + "Unknown Error: " + "{0:x0}" -f $retval.ReturnValue + } + } +} + +# Enable Keyboard Filter to block several custom keys + +Enable-Custom-Key "Ctrl+v" +Enable-Custom-Key "Ctrl+v" +Enable-Custom-Key "Shift+4" +Enable-Custom-Key "Ctrl+Alt+w" + +# List all the currently existing custom keys + +$objCustomKeyList = get-WMIObject -namespace $NAMESPACE -class WEKF_CustomKey +foreach ($objCustomKeyItem in $objCustomKeyList) { + "Custom key: " + $objCustomKeyItem.Id + " enabled: " + $objCustomKeyItem.Enabled + } +``` + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [WEKF_CustomKey](wekf-customkey.md) +- [Keyboard Filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/wekf-customkeyremove.md b/windows/configuration/keyboard-filter/wekf-customkeyremove.md new file mode 100644 index 00000000000..40b9ee91920 --- /dev/null +++ b/windows/configuration/keyboard-filter/wekf-customkeyremove.md @@ -0,0 +1,100 @@ +--- +title: WEKF_CustomKey.Remove +description: WEKF_CustomKey.Remove +ms.assetid: 944d2987-5b2c-4c88-8199-dcec12d626b2 +ms.date: 11/12/2024 +ms.topic: article +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +--- +# WEKF_CustomKey.Remove + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +Removes a custom key combination, causing Keyboard Filter to stop blocking the removed key combination. + +## Syntax + +```powershell +[Static] uint32 Remove( + [In] string CustomKey +); +``` + +## Parameters + +**CustomKey**
\[in\] The custom key combination to remove. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +**WEKF_CustomKey.Remove** removes an existing **WEKF_CustomKey** object. If the object does not exist, **WEKF_CustomKey.Remove** returns an error with the value 0x8007007B. + +Because this method is static, you cannot call it on an object instance, but must instead call it at the class level. + +## Example + +The following code demonstrates how to remove a custom key from Keyboard Filter so it is no longer blocked by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. + +```powershell +$COMPUTER = "localhost" +$NAMESPACE = "root\standardcimv2\embedded" + +# Create a handle to the class instance so we can call the static methods +$classCustomKey = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WEKF_CustomKey" + +# Create a function to remove a key combination +function Remove-Custom-Key($KeyId) { + +# Call the static Remove() method on the class reference + $retval = $classCustomKey.Remove($KeyId) + +# Check the return value for status + if ($retval.ReturnValue -eq 0) { + +# Custom key combination removed successfully + "Removed ${KeyID}." + } elseif ($retval.ReturnValue -eq 2147942523) { + +# No object exists with the specified custom key + "Failed to remove ${KeyID}. No object found." + } else { + +# Unknown error, report error code in hexadecimal + "Failed to remove ${KeyID}. Unknown Error: " + "{0:x0}" -f $retval.ReturnValue + } +} + + +# Example of removing a custom key so that Keyboard Filter stops blocking it +Remove-Custom-Key "Ctrl+Alt+w" + +# Example of removing all custom keys that have the Enabled property set to false +$objDisabledCustomKeys = Get-WmiObject -Namespace $NAMESPACE -Class WEKF_CustomKey; + +foreach ($objCustomKey in $objDisabledCustomKeys) { + if (!$objCustomKey.Enabled) { + Remove-Custom-Key($objCustomKey.Id); + } +} +``` + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [WEKF_CustomKey](wekf-customkey.md) +- [Keyboard Filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkey.md b/windows/configuration/keyboard-filter/wekf-predefinedkey.md new file mode 100644 index 00000000000..e24ad864eea --- /dev/null +++ b/windows/configuration/keyboard-filter/wekf-predefinedkey.md @@ -0,0 +1,129 @@ +--- +title: WEKF_PredefinedKey +description: WEKF_PredefinedKey +ms.assetid: 2fc29e2b-1c76-437f-99b0-db13a3aeb1af +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# WEKF_PredefinedKey + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +This class blocks or unblocks predefined key combinations, such as Ctrl+Alt+Delete. + +## Syntax + +```powershell +class WEKF_PredefinedKey { + [Static] uint32 Enable ( + [In] string PredefinedKey + ); + [Static] uint32 Disable ( + [In] string PredefinedKey + ); + + [Key] string Id; + [Read, Write] boolean Enabled; +}; +``` + +## Members + +The following tables list any constructors, methods, fields, and properties that belong to this class. + +### Methods + +| Methods | Description | +|:-----------------------------------------------------------|:---------------------------------------| +| [WEKF_PredefinedKey.Enable](wekf-predefinedkeyenable.md) | Blocks the specified predefined key. | +| [WEKF_PredefinedKey.Disable](wekf-predefinedkeydisable.md) | Unblocks the specified predefined key. | + +### Properties + +| Property | Data type | Qualifiers | Description | +|:------------|:----------|:--------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Id** | string | [key] | The name of the predefined key combination. | +| **Enabled** | Boolean | [read, write] | Indicates whether the key is blocked or unblocked. To indicate that the key is blocked, specify **true**. To indicate that the key is not blocked, specify **false**. | + +### Remarks + +All accounts have read access to the **WEKF_PRedefinedKey** class, but only administrator accounts can modify the class. + +For a list of predefined key combinations for Keyboard Filter, see [Predefined key combinations](predefined-key-combinations.md). + +## Example + +The following sample Windows PowerShell script blocks the Ctrl+Alt+Delete and the Ctrl+Esc key combinations when the Keyboard Filter service is running. + +```powershell +<# +.Synopsis + This script shows how to use the built in WMI providers to enable and add + Keyboard Filter rules through Windows PowerShell on the local computer. +.Parameter ComputerName + Optional parameter to specify a remote machine that this script should + manage. If not specified, the script will execute all WMI operations + locally. +#> +param ( + [String] $ComputerName +) + +$CommonParams = @{"namespace"="root\standardcimv2\embedded"} +$CommonParams += $PSBoundParameters + +function Enable-Predefined-Key($Id) { + <# + .Synposis + Toggle on a Predefined Key Keyboard Filter Rule + .Description + Use Get-WMIObject to enumerate all WEKF_PredefinedKey instances, + filter against key value "Id", and set that instance's "Enabled" + property to 1/true. + .Example + Enable-Predefined-Key "Ctrl+Alt+Delete" + + Enable CAD filtering +#> + + $predefined = Get-WMIObject -class WEKF_PredefinedKey @CommonParams | + where { + $_.Id -eq "$Id" + }; + + if ($predefined) { + $predefined.Enabled = 1; + $predefined.Put() | Out-Null; + Write-Host Enabled $Id + } else { + Write-Error $Id is not a valid predefined key + } +} + +# Some example uses of the function defined above. + +Enable-Predefined-Key "Ctrl+Alt+Delete" +Enable-Predefined-Key "Ctrl+Esc" +``` + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +[Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) + +[Keyboard Filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md b/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md new file mode 100644 index 00000000000..e9bd017d4a3 --- /dev/null +++ b/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md @@ -0,0 +1,49 @@ +--- +title: WEKF_PredefinedKey.Disable +description: WEKF_PredefinedKey.Disable +ms.assetid: 81a040b3-b845-4cb2-872f-68082b048316 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# WEKF_PredefinedKey.Disable + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +Unblocks the specified predefined key combination. + +## Syntax + +```powershell +[Static] uint32 Disable( + [In] string PredefinedKey +); +``` + +## Parameters + +**PredefinedKey**
\[in\] The predefined key combination to unblock. For a list of predefined keys, see [Predefined key combinations](predefined-key-combinations.md). + +## Return Value + +Returns an HRESULT value that indicates [WMI Non-error constant](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error constant](/windows/win32/wmisdk/wmi-error-constants). + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [WEKF_PredefinedKey](wekf-predefinedkey.md) +- [Keyboard Filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md b/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md new file mode 100644 index 00000000000..65751288747 --- /dev/null +++ b/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md @@ -0,0 +1,49 @@ +--- +title: WEKF_PredefinedKey.Enable +description: WEKF_PredefinedKey.Enable +ms.assetid: 4ea8c6c4-3bf6-475f-b9e1-38e1a971eda5 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# WEKF_PredefinedKey.Enable + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +This method blocks the specified predefined key combination. + +## Syntax + +```powershell +[Static] uint32 Enable( + [In] string PredefinedKey +); +``` + +## Parameters + +**PredefinedKey**
The predefined key combination to block. For a list of predefined keys, see [Predefined key combinations](predefined-key-combinations.md). + +## Return Value + +Returns an HRESULT value that indicates [WMI non-error constant](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error constant](/windows/win32/wmisdk/wmi-error-constants). + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [WEKF_PredefinedKey](wekf-predefinedkey.md) +- [Keyboard Filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/wekf-scancode.md b/windows/configuration/keyboard-filter/wekf-scancode.md new file mode 100644 index 00000000000..e3eacf17ddc --- /dev/null +++ b/windows/configuration/keyboard-filter/wekf-scancode.md @@ -0,0 +1,142 @@ +--- +title: WEKF_Scancode +description: WEKF_Scancode +ms.assetid: a71bcc26-5469-4018-b426-eae277d7716d +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# WEKF_Scancode + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +Blocks or unblocks key combinations by using the keyboard scan code, which is an integer number that is generated whenever a key is pressed or released. + +## Syntax + +```powershell +class WEKF_Scancode { + [Static] uint32 Add( + [In] string Modifiers, + [In] uint16 scancode + ); + [Static] uint32 Remove( + [In] string Modifiers, + [In] uint16 Scancode + ); + + [Key] string Modifiers; + [Key] uint16 Scancode; + [Read, Write] boolean Enabled; +} +``` + +## Members + +The following tables list any constructors, methods, fields, and properties that belong to this class. + +### Methods + +| Methods | Description | +|---------|-------------| +| [WEKF_Scancode.Add](wekf-scancodeadd.md) | Adds a new custom scan code combination and enables Keyboard Filter to block the new scan code combination. | +| [WEKF_Scancode.Remove](wekf-scancoderemove.md) | Removes the specified custom scan code combination. Keyboard Filter stops blocking the scan code combination that was removed. | + +### Properties + +| Property | Data type | Qualifiers | Description | +|----------|----------------|------------|-------------| +| **Modifiers** | string | [key] | The modifier keys that are part of the key combination to block. | +| **Scancode** | uint16 | [key] | The scan code part of the key combination to block. | +| **Enabled** | Boolean | [read, write] | Indicates whether the scan code is blocked or unblocked. This property can be one of the following values:
- **true** Indicates that the scan code is blocked.
- **false** Indicates that the scan code is not blocked. | + +### Remarks + +Scan codes are generated by the keyboard whenever a key is pressed. The same physical key will always generate the same scan code, regardless of which keyboard layout is currently being used by the system. + +You can specify key combinations by including the modifier keys in the *Modifiers* parameter of the **Add** method or by modifying the **Modifiers** property. The most common modifier names are β€œCtrl”, β€œShift”, β€œAlt”, and β€œWin”. + +## Example + +The following code demonstrates how to add or enable a keyboard scan code that Keyboard Filter will block by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. This example modifies the properties directly, and does not call any of the methods defined in **WEKF_Scancode**. + +```powershell +<# +.Synopsis + This script shows how to use the WMI provider to enable and add + Keyboard Filter rules through Windows Powershell on the local computer. +.Parameter ComputerName + Optional parameter to specify a remote machine that this script should + manage. If not specified, the script will execute all WMI operations + locally. +#> +param ( + [String] $ComputerName +) + +$CommonParams = @{"namespace"="root\standardcimv2\embedded"} +$CommonParams += $PSBoundParameters + + +function Enable-Scancode($Modifiers, [int]$Code) { + <# + .Synopsis + Toggle on a Scancode Keyboard Filter Rule + .Description + Use Get-WMIObject to enumerate all WEKF_Scancode instances, + filter against key values of "Modifiers" and "Scancode", and set + that instance's "Enabled" property to 1/true. + + In the case that the Scancode instance does not exist, add a new + instance of WEKF_Scancode using Set-WMIInstance. + .Example + Enable-Predefined-Key "Ctrl+V" + + Enable filtering of the Ctrl + V sequence. +#> + + $scancode = + Get-WMIObject -class WEKF_Scancode @CommonParams | + where { + ($_.Modifiers -eq $Modifiers) -and ($_.Scancode -eq $Code) + } + + if($scancode) { + $scancode.Enabled = 1 + $scancode.Put() | Out-Null + "Enabled Custom Scancode {0}+{1:X4}" -f $Modifiers, $Code + } else { + Set-WMIInstance ` + -class WEKF_Scancode ` + -argument @{Modifiers="$Modifiers"; Scancode=$Code} ` + @CommonParams | Out-Null + + "Added Custom Scancode {0}+{1:X4}" -f $Modifiers, $Code + } +} + +# Some example uses of the function defined above. + +Enable-Scancode "Ctrl" 37 +``` + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +[Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) + +[Keyboard Filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/wekf-scancodeadd.md b/windows/configuration/keyboard-filter/wekf-scancodeadd.md new file mode 100644 index 00000000000..6f277e7630b --- /dev/null +++ b/windows/configuration/keyboard-filter/wekf-scancodeadd.md @@ -0,0 +1,58 @@ +--- +title: WEKF_Scancode.Add +description: WEKF_Scancode.Add +ms.assetid: cb5ea693-e871-4338-957a-f78f87a932ba +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# WEKF_Scancode.Add + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +This method adds a new custom scan code combination and enables Keyboard Filter to block the new combination. + +## Syntax + +```powershell +[Static] uint32 Add( + [In] string Modifiers, + [In] uint16 Scancode +); +``` + +## Parameters + +**Modifers**
The modifier keys that are part of the key combination to block. + +**Scancode**
The hardware scan code of the key to block. + +## Return Value + +Returns an HRESULT value that indicates [WMI non-error constant](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error constant](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +**WEKF_Scancode.Add** creates a new **WEKF_Scancode** object and sets the **Enabled** property of the new object to **true**. + +If a **WEKF_Scancode** object already exists with same *Modifiers* and *Scancode* properties, then **WEKF_Scancode.Add** returns an error code and does not create a new object or modify any properties of the existing object. If the existing **WEKF_Scancode** object has the **Enabled** property set to **false**, Keyboard Filter does not block the scan code. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [WEKF_Scancode](wekf-scancode.md) +- [Keyboard Filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/wekf-scancoderemove.md b/windows/configuration/keyboard-filter/wekf-scancoderemove.md new file mode 100644 index 00000000000..a661b898d69 --- /dev/null +++ b/windows/configuration/keyboard-filter/wekf-scancoderemove.md @@ -0,0 +1,58 @@ +--- +title: WEKF_Scancode.Remove +description: WEKF_Scancode.Remove +ms.assetid: 86185501-edc3-4c1d-be0b-5621c64f9540 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# WEKF_Scancode.Remove + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +This method removes a custom scan code key combination, causing Keyboard Filter to stop blocking the removed combination. + +## Syntax + +```powershell +[Static] uint32 Remove( + [In] string Modifiers, + [In] uint16 Scancode +); +``` + +## Parameters + +**Modifiers**
The modifier keys of the combination to remove. + +**Scancode**
The scan code of the combination to remove. + +## Return Value + +Returns an HRESULT value that indicates [WMI non-error constant](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error constant](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +**WEKF_Scancode.Remove** removes an existing **WEKF_Scancode** object. If the object does not exist, **WEKF_Scancode.Remove** returns an error with the value 0x8007007B. + +Because this method is static, you cannot call it on an object instance, but must instead call it at the class level. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [WEKF_Scancode](wekf-scancode.md) +- [Keyboard Filter](keyboardfilter.md) diff --git a/windows/configuration/keyboard-filter/wekf-settings.md b/windows/configuration/keyboard-filter/wekf-settings.md new file mode 100644 index 00000000000..74f96bf7644 --- /dev/null +++ b/windows/configuration/keyboard-filter/wekf-settings.md @@ -0,0 +1,110 @@ +--- +title: WEKF_Settings +description: WEKF_Settings +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 11/12/2024 +ms.topic: article + + +--- +# WEKF_Settings + +[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + +Enables or disables settings for Keyboard Filter. + +## Syntax + +```powershell +class WEKF_Settings { + [Key] string Name; + [Read, Write] string Value; +}; +``` + +## Members + +The following tables list any methods and properties that belong to this class. + +### Properties + +| Property | Data type | Qualifiers | Description | +|----------|----------------|------------|-------------| +| **Name** | string | [key] | Indicates the name of the Keyboard Filter setting that this object represents. See the Remarks section for a list of valid setting names. | +| **Value** | string | [read, write] | Represents the value of the **Name** setting. The value is not case-sensitive.
See the Remarks section for a list of valid values for each setting. | + +### Remarks + +You must be signed in to an administrator account to make any changes to this class. + +Each **WEKF_Settings** object represents a single Keyboard Filter setting. You can enumerate across all **WEKF_Settings** objects to see the value of all Keyboard Filter settings. + +The following table lists all settings available for Keyboard Filter. + +| Setting name | Description | +|--------------|-------------| +| **DisableKeyboardFilterForAdministrators** | This setting specifies whether Keyboard Filter is enabled or disabled for administrator accounts. Set to **true** to disable Keyboard Filter for administrator accounts; otherwise, set to **false**. Set to **true** by default. | +| **ForceOffAccessibility** | This setting specifies whether Keyboard Filter blocks users from enabling Ease of Access features. Set to **true** to force disabling the Ease of Access features. Set to **false** to allow enabling the Ease of Access features. Set to **false** by default.
Changing this setting to **false** does not automatically enable Ease of Access features; you must manually enable them. | +| **BreakoutKeyScanCode** | This setting specifies the scan code of the key that enables a user to break out of an account that is locked down with Keyboard Filter. A user can press this key consecutively five times to switch to the Welcome screen.
By default, the BreakoutKeyScanCode is set to the scan code for the left Windows logo key. | + +One instance of the **WEKF_Settings** class exists for each valid setting. + +Changes to the **DisableKeyboardFilterForAdministrator** setting are applied when an administrator account signs in, and applies to all applications run during the user session. If a user without an administrator account runs an application as an administrator, Keyboard Filter is still enabled, regardless of the **DisableKeyboardFilterForAdministrator** setting. + +Changes to the **BreakoutKeyScanCode** setting do not take effect until you restart the device. + +If the **BreakoutKeyScanCode** is set to the scan code for either the left Windows logo key or the right Windows logo key, both Windows Logo keys will work as the breakout key. + +The **BreakoutKeyScanCode** setting only applies to accounts where Keyboard Filter is active. If the scan code is set to a value that does not map to any key, such as 0 (zero), then you must use another method to access the Welcome screen if you need to service the device, such as remotely connecting, or restarting the device if automatic sign-in is not enabled. + +> [!IMPORTANT] +> On some devices, if the breakout key is pressed too rapidly, the key presses may not register. We recommend that you include a slight pause between each breakout key press. + +> [!WARNING] +> When setting the **BreakoutKeyScanCode**, be sure to use the scan code of the key, and not the virtual key value. + +### Example + +The following Windows PowerShell script demonstrates how to use this class to modify the breakout mode key for Keyboard Filter. This example sets the **BreakoutKeyScanCode** setting to the scan code for the Home key on a standard keyboard. + +```powershell +#---Define variables--- + +$COMPUTER = "localhost" +$NAMESPACE = "root\standardcimv2\embedded" + +# Define the decimal scan code of the Home key + +$HomeKeyScanCode = 71 + +# Get the BreakoutKeyScanCode setting from WEKF_Settings + +$BreakoutMode = get-wmiobject -class wekf_settings -namespace $NAMESPACE | where {$_.name -eq "BreakoutKeyScanCode"} + +# Set the breakout key to the Home key. + +$BreakoutMode.value = $HomeKeyScanCode + +# Push the change into the WMI configuration. You must restart your device before this change takes effect. + +$BreakoutMode.put() +``` + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +[Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) + +[Keyboard Filter](keyboardfilter.md) From f3ee06fe9097ca61d63ab19d8c4c5f24c2507aa2 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 13 Jan 2025 12:03:22 -0500 Subject: [PATCH 25/91] updates --- .../disable-all-blocked-key-combinations.md | 4 ++-- windows/configuration/keyboard-filter/index.md | 2 +- .../keyboardfilter-add-blocked-key-combinations.md | 4 ++-- .../keyboard-filter/keyboardfilter-key-names.md | 8 ++++---- ...keyboardfilter-list-all-configured-key-combinations.md | 4 ++-- .../keyboardfilter-powershell-script-samples.md | 4 ++-- .../keyboardfilter-wmi-provider-reference.md | 4 ++-- .../keyboard-filter/modify-global-settings.md | 4 ++-- .../keyboard-filter/predefined-key-combinations.md | 4 ++-- .../remove-key-combination-configurations.md | 4 ++-- windows/configuration/keyboard-filter/wekf-customkey.md | 2 +- .../configuration/keyboard-filter/wekf-customkeyadd.md | 4 ++-- .../configuration/keyboard-filter/wekf-customkeyremove.md | 4 ++-- .../configuration/keyboard-filter/wekf-predefinedkey.md | 4 ++-- .../keyboard-filter/wekf-predefinedkeydisable.md | 4 ++-- .../keyboard-filter/wekf-predefinedkeyenable.md | 4 ++-- windows/configuration/keyboard-filter/wekf-scancode.md | 4 ++-- windows/configuration/keyboard-filter/wekf-scancodeadd.md | 4 ++-- .../configuration/keyboard-filter/wekf-scancoderemove.md | 4 ++-- windows/configuration/keyboard-filter/wekf-settings.md | 4 ++-- 20 files changed, 40 insertions(+), 40 deletions(-) diff --git a/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md index c889554cb21..a1e9c9594bc 100644 --- a/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md +++ b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md @@ -13,7 +13,7 @@ ms.topic: article --- # Disable all blocked key combinations -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + The following sample Windows PowerShell script uses the WMI providers to disable all blocked key combinations for Keyboard Filter by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. The key combination configurations are not removed, but Keyboard Filter stops blocking any keys. @@ -79,4 +79,4 @@ Get-WMIObject -class WEKF_Scancode @CommonParams | [Keyboard filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) -[Keyboard filter](keyboardfilter.md) +[Keyboard filter](index.md) diff --git a/windows/configuration/keyboard-filter/index.md b/windows/configuration/keyboard-filter/index.md index 9d02bea46a4..892bb4a6539 100644 --- a/windows/configuration/keyboard-filter/index.md +++ b/windows/configuration/keyboard-filter/index.md @@ -12,7 +12,7 @@ ms.topic: article --- # Keyboard Filter -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + You can use Keyboard Filter to suppress undesirable key presses or key combinations. Normally, a customer can use certain MicrosoftΒ Windows key combinations like Ctrl+Alt+Delete or Ctrl+Shift+Tab to alter the operation of a device by locking the screen or using Task Manager to close a running application. This behavior might not be desirable if your device is intended for a dedicated purpose. diff --git a/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md b/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md index 71640a4e4f4..3b5147e6254 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md @@ -13,7 +13,7 @@ ms.topic: article --- # Add blocked key combinations -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + The following sample Windows PowerShell script uses the Windows Management Instrumentation (WMI) providers for Keyboard Filter to create three functions to configure Keyboard Filter so that Keyboard Filter blocks key combinations. It demonstrates several ways to use each function. @@ -163,4 +163,4 @@ Enable-Scancode "Ctrl" 37 [Keyboard filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) -[Keyboard filter](keyboardfilter.md) +[Keyboard filter](index.md) diff --git a/windows/configuration/keyboard-filter/keyboardfilter-key-names.md b/windows/configuration/keyboard-filter/keyboardfilter-key-names.md index 20f08c8ca2f..67825c91db9 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-key-names.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-key-names.md @@ -13,7 +13,7 @@ ms.topic: article --- # Keyboard Filter key names -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + You can configure Keyboard Filter to block keys or key combinations. A key combination consists of one or more modifier keys, separated by a plus sign (+), and either a key name or a key scan code. In addition to the keys listed in the following tables, you can use the predefined key combinations names as custom key combinations. However, we recommend using the predefined key settings when enabling or disabling predefined key combinations. @@ -29,7 +29,7 @@ The key names are grouped as follows: ## Modifier keys -You can use the modifier keys listed in the following table when you configure keyboard filter. Multiple modifiers are separated by a plus sign (+). You can also configure Keyboard Filter to block any modifier key even if it’s not part of a key combination. +You can use the modifier keys listed in the following table when you configure keyboard filter. Multiple modifiers are separated by a plus sign (+). You can also configure Keyboard Filter to block any modifier key even if it's not part of a key combination. | Modifier key name | Virtual key | Description | | ----------------- | ----------- | ----------- | @@ -73,7 +73,7 @@ You can use the modifier keys listed in the following table when you configure k | `RWin` | VK_RWIN | The right Windows logo key | | `Windows` | VK_WIN | The Windows logo key | | `LWindows` | VK_LWIN | The left Windows logo key | -| `RWindows` | VK_RWIN | The right Windows logo key +| `RWindows` | VK_RWIN | The right Windows logo key | ## Cursor and edit keys @@ -182,4 +182,4 @@ You can use the modifier keys listed in the following table when you configure k ## Related articles -- [Keyboard filter](keyboardfilter.md) +- [Keyboard filter](index.md) diff --git a/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md b/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md index 4213a90fad1..aeb0399df83 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md @@ -13,7 +13,7 @@ ms.topic: article --- # List all configured key combinations -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + The following sample Windows PowerShell script uses the Windows Management Instrumentation (WMI) providers for Keyboard Filter to displays all key combination configurations for Keyboard Filter. @@ -74,4 +74,4 @@ Get-WMIObject -class WEKF_Scancode @CommonParams | [Keyboard filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) -[Keyboard filter](keyboardfilter.md) +[Keyboard filter](index.md) diff --git a/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md b/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md index 1a1edf9deca..88063b903df 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md @@ -13,7 +13,7 @@ ms.topic: article --- # Windows PowerShell script samples for Keyboard Filter -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + The list below describes sample Windows PowerShell scripts that demonstrate how to use the Windows Management Instrumentation (WMI) providers for Keyboard Filter. @@ -29,4 +29,4 @@ The list below describes sample Windows PowerShell scripts that demonstrate how [Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) -[Keyboard Filter](keyboardfilter.md) +[Keyboard Filter](index.md) diff --git a/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md b/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md index 313f51096bb..dffa6315e37 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md @@ -13,7 +13,7 @@ ms.topic: article --- # Keyboard Filter WMI provider reference -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + Describes the Windows Management Instrumentation (WMI) provider classes that you use to configure Keyboard Filter during run time. @@ -26,4 +26,4 @@ Describes the Windows Management Instrumentation (WMI) provider classes that you ## Related topics -[Keyboard filter](keyboardfilter.md) +[Keyboard filter](index.md) diff --git a/windows/configuration/keyboard-filter/modify-global-settings.md b/windows/configuration/keyboard-filter/modify-global-settings.md index 925c04babb0..a5ae8117506 100644 --- a/windows/configuration/keyboard-filter/modify-global-settings.md +++ b/windows/configuration/keyboard-filter/modify-global-settings.md @@ -13,7 +13,7 @@ ms.topic: article --- # Modify global settings -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + The following sample Windows PowerShell scripts use the Windows Management Instrumentation (WMI) providers to modify global settings for Keyboard Filter. @@ -175,4 +175,4 @@ Set-ForceOffAccessibility $Enabled [WEKF_Settings](wekf-settings.md) -[Keyboard filter](keyboardfilter.md) +[Keyboard filter](index.md) diff --git a/windows/configuration/keyboard-filter/predefined-key-combinations.md b/windows/configuration/keyboard-filter/predefined-key-combinations.md index 8b0faf9e70d..dee541f232f 100644 --- a/windows/configuration/keyboard-filter/predefined-key-combinations.md +++ b/windows/configuration/keyboard-filter/predefined-key-combinations.md @@ -13,7 +13,7 @@ ms.topic: article --- # Predefined key combinations -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + This topic lists a set of key combinations that are predefined by a keyboard filter. You can list the value of the WEKF_PredefinedKey.Id to get a complete list of key combinations defined by a keyboard filter. @@ -163,4 +163,4 @@ The following table contains predefined key combinations for Microsoft Surface d ## Related topics -[Keyboard filter](keyboardfilter.md) +[Keyboard filter](index.md) diff --git a/windows/configuration/keyboard-filter/remove-key-combination-configurations.md b/windows/configuration/keyboard-filter/remove-key-combination-configurations.md index 8c6295af73a..ab2c3c63481 100644 --- a/windows/configuration/keyboard-filter/remove-key-combination-configurations.md +++ b/windows/configuration/keyboard-filter/remove-key-combination-configurations.md @@ -13,7 +13,7 @@ ms.topic: article --- # Remove key combination configurations -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + The following sample Windows PowerShell script uses the Windows Management Instrumentation (WMI) providers for Keyboard Filter to create two functions to remove custom-defined key combination configurations from Keyboard Filter. It demonstrates several ways to use each function. @@ -109,4 +109,4 @@ Remove-Scancode "Ctrl" 37 [Keyboard filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) -[Keyboard filter](keyboardfilter.md) +[Keyboard filter](index.md) diff --git a/windows/configuration/keyboard-filter/wekf-customkey.md b/windows/configuration/keyboard-filter/wekf-customkey.md index 607ca538e39..653c7daca37 100644 --- a/windows/configuration/keyboard-filter/wekf-customkey.md +++ b/windows/configuration/keyboard-filter/wekf-customkey.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_CustomKey -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + Adds or removes custom-defined key combinations. diff --git a/windows/configuration/keyboard-filter/wekf-customkeyadd.md b/windows/configuration/keyboard-filter/wekf-customkeyadd.md index 763fca105ba..5f70777e3ea 100644 --- a/windows/configuration/keyboard-filter/wekf-customkeyadd.md +++ b/windows/configuration/keyboard-filter/wekf-customkeyadd.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_CustomKey.Add -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + Creates a new custom key combination and enables Keyboard Filter to block the new key combination. @@ -107,4 +107,4 @@ foreach ($objCustomKeyItem in $objCustomKeyList) { ## Related topics - [WEKF_CustomKey](wekf-customkey.md) -- [Keyboard Filter](keyboardfilter.md) +- [Keyboard Filter](index.md) diff --git a/windows/configuration/keyboard-filter/wekf-customkeyremove.md b/windows/configuration/keyboard-filter/wekf-customkeyremove.md index 40b9ee91920..dad47f568f5 100644 --- a/windows/configuration/keyboard-filter/wekf-customkeyremove.md +++ b/windows/configuration/keyboard-filter/wekf-customkeyremove.md @@ -11,7 +11,7 @@ ms.subservice: iot --- # WEKF_CustomKey.Remove -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + Removes a custom key combination, causing Keyboard Filter to stop blocking the removed key combination. @@ -97,4 +97,4 @@ foreach ($objCustomKey in $objDisabledCustomKeys) { ## Related topics - [WEKF_CustomKey](wekf-customkey.md) -- [Keyboard Filter](keyboardfilter.md) +- [Keyboard Filter](index.md) diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkey.md b/windows/configuration/keyboard-filter/wekf-predefinedkey.md index e24ad864eea..b3acdd2872d 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkey.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkey.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_PredefinedKey -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + This class blocks or unblocks predefined key combinations, such as Ctrl+Alt+Delete. @@ -126,4 +126,4 @@ Enable-Predefined-Key "Ctrl+Esc" [Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) -[Keyboard Filter](keyboardfilter.md) +[Keyboard Filter](index.md) diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md b/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md index e9bd017d4a3..fc567dfc50a 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_PredefinedKey.Disable -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + Unblocks the specified predefined key combination. @@ -46,4 +46,4 @@ Returns an HRESULT value that indicates [WMI Non-error constant](/windows/win32/ ## Related topics - [WEKF_PredefinedKey](wekf-predefinedkey.md) -- [Keyboard Filter](keyboardfilter.md) +- [Keyboard Filter](index.md) diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md b/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md index 65751288747..12e260feef2 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_PredefinedKey.Enable -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + This method blocks the specified predefined key combination. @@ -46,4 +46,4 @@ Returns an HRESULT value that indicates [WMI non-error constant](/windows/win32/ ## Related topics - [WEKF_PredefinedKey](wekf-predefinedkey.md) -- [Keyboard Filter](keyboardfilter.md) +- [Keyboard Filter](index.md) diff --git a/windows/configuration/keyboard-filter/wekf-scancode.md b/windows/configuration/keyboard-filter/wekf-scancode.md index e3eacf17ddc..8a7ca0f2977 100644 --- a/windows/configuration/keyboard-filter/wekf-scancode.md +++ b/windows/configuration/keyboard-filter/wekf-scancode.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_Scancode -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + Blocks or unblocks key combinations by using the keyboard scan code, which is an integer number that is generated whenever a key is pressed or released. @@ -139,4 +139,4 @@ Enable-Scancode "Ctrl" 37 [Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) -[Keyboard Filter](keyboardfilter.md) +[Keyboard Filter](index.md) diff --git a/windows/configuration/keyboard-filter/wekf-scancodeadd.md b/windows/configuration/keyboard-filter/wekf-scancodeadd.md index 6f277e7630b..6be6715ce97 100644 --- a/windows/configuration/keyboard-filter/wekf-scancodeadd.md +++ b/windows/configuration/keyboard-filter/wekf-scancodeadd.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_Scancode.Add -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + This method adds a new custom scan code combination and enables Keyboard Filter to block the new combination. @@ -55,4 +55,4 @@ If a **WEKF_Scancode** object already exists with same *Modifiers* and *Scancode ## Related topics - [WEKF_Scancode](wekf-scancode.md) -- [Keyboard Filter](keyboardfilter.md) +- [Keyboard Filter](index.md) diff --git a/windows/configuration/keyboard-filter/wekf-scancoderemove.md b/windows/configuration/keyboard-filter/wekf-scancoderemove.md index a661b898d69..45836508e3d 100644 --- a/windows/configuration/keyboard-filter/wekf-scancoderemove.md +++ b/windows/configuration/keyboard-filter/wekf-scancoderemove.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_Scancode.Remove -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + This method removes a custom scan code key combination, causing Keyboard Filter to stop blocking the removed combination. @@ -55,4 +55,4 @@ Because this method is static, you cannot call it on an object instance, but mus ## Related topics - [WEKF_Scancode](wekf-scancode.md) -- [Keyboard Filter](keyboardfilter.md) +- [Keyboard Filter](index.md) diff --git a/windows/configuration/keyboard-filter/wekf-settings.md b/windows/configuration/keyboard-filter/wekf-settings.md index 74f96bf7644..64701a6f5d6 100644 --- a/windows/configuration/keyboard-filter/wekf-settings.md +++ b/windows/configuration/keyboard-filter/wekf-settings.md @@ -12,7 +12,7 @@ ms.topic: article --- # WEKF_Settings -[!INCLUDE [Supported Editions - Enterprise Plus](../../../includes/incl-supported-OS-Enterprise-Plus.md)] + Enables or disables settings for Keyboard Filter. @@ -107,4 +107,4 @@ $BreakoutMode.put() [Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) -[Keyboard Filter](keyboardfilter.md) +[Keyboard Filter](index.md) From 24d6dca924d0bd15e1c188da5354a608444b6cbf Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 13 Jan 2025 12:14:25 -0500 Subject: [PATCH 26/91] includes --- .../disable-all-blocked-key-combinations.md | 2 +- .../includes-supported-os-enterprise-plus.md | 10 ++++++++++ windows/configuration/keyboard-filter/index.md | 14 +++++++------- .../keyboardfilter-add-blocked-key-combinations.md | 2 +- .../keyboard-filter/keyboardfilter-key-names.md | 2 +- ...dfilter-list-all-configured-key-combinations.md | 2 +- .../keyboardfilter-powershell-script-samples.md | 2 +- .../keyboardfilter-wmi-provider-reference.md | 2 +- .../keyboard-filter/modify-global-settings.md | 2 +- .../keyboard-filter/predefined-key-combinations.md | 2 +- .../remove-key-combination-configurations.md | 2 +- .../keyboard-filter/wekf-customkey.md | 6 +++--- .../keyboard-filter/wekf-customkeyadd.md | 2 +- .../keyboard-filter/wekf-customkeyremove.md | 2 +- .../keyboard-filter/wekf-predefinedkey.md | 2 +- .../keyboard-filter/wekf-predefinedkeydisable.md | 2 +- .../keyboard-filter/wekf-predefinedkeyenable.md | 2 +- .../configuration/keyboard-filter/wekf-scancode.md | 4 ++-- .../keyboard-filter/wekf-scancodeadd.md | 2 +- .../keyboard-filter/wekf-scancoderemove.md | 2 +- .../configuration/keyboard-filter/wekf-settings.md | 5 ++--- 21 files changed, 40 insertions(+), 31 deletions(-) create mode 100644 windows/configuration/keyboard-filter/includes-supported-os-enterprise-plus.md diff --git a/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md index a1e9c9594bc..b762451821d 100644 --- a/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md +++ b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md @@ -13,7 +13,7 @@ ms.topic: article --- # Disable all blocked key combinations - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] The following sample Windows PowerShell script uses the WMI providers to disable all blocked key combinations for Keyboard Filter by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. The key combination configurations are not removed, but Keyboard Filter stops blocking any keys. diff --git a/windows/configuration/keyboard-filter/includes-supported-os-enterprise-plus.md b/windows/configuration/keyboard-filter/includes-supported-os-enterprise-plus.md new file mode 100644 index 00000000000..7e36da09abb --- /dev/null +++ b/windows/configuration/keyboard-filter/includes-supported-os-enterprise-plus.md @@ -0,0 +1,10 @@ +--- +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms-topic: include +ms.date: 09/30/2024 +--- + +**Supported Editions**
βœ… IoT Enterprise LTSC
βœ… IoT Enterprise
βœ… Enterprise LTSC
βœ… Enterprise
βœ… Education diff --git a/windows/configuration/keyboard-filter/index.md b/windows/configuration/keyboard-filter/index.md index 892bb4a6539..d323739c8b0 100644 --- a/windows/configuration/keyboard-filter/index.md +++ b/windows/configuration/keyboard-filter/index.md @@ -12,9 +12,9 @@ ms.topic: article --- # Keyboard Filter - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] -You can use Keyboard Filter to suppress undesirable key presses or key combinations. Normally, a customer can use certain MicrosoftΒ Windows key combinations like Ctrl+Alt+Delete or Ctrl+Shift+Tab to alter the operation of a device by locking the screen or using Task Manager to close a running application. This behavior might not be desirable if your device is intended for a dedicated purpose. +You can use Keyboard Filter to suppress undesirable key presses or key combinations. Normally, a customer can use certain Microsoft Windows key combinations like Ctrl+Alt+Delete or Ctrl+Shift+Tab to alter the operation of a device by locking the screen or using Task Manager to close a running application. This behavior might not be desirable if your device is intended for a dedicated purpose. The Keyboard Filter feature works with physical keyboards, the Windows on-screen keyboard, and the touch keyboard. Switching from one language to another might cause the location of suppressed keys on the keyboard layout to change. Keyboard Filter detects these dynamic layout changes and continues to suppress keys correctly. @@ -27,9 +27,9 @@ The Keyboard Filter feature works with physical keyboards, the Windows on-screen * **Configure:** To customize the setting or subsettings. -* **Embedded Keyboard Filter:** This feature is called Embedded Keyboard Filter in WindowsΒ 10, version 1511. +* **Embedded Keyboard Filter:** This feature is called Embedded Keyboard Filter in Windows 10, version 1511. -* **Keyboard Filter:** This feature is called Keyboard Filter in WindowsΒ 10, version 1607 and later. +* **Keyboard Filter:** This feature is called Keyboard Filter in Windows 10, version 1607 and later. ## Turn on Keyboard Filter @@ -92,7 +92,7 @@ Keyboard Filter has the following features: ## Keyboard scan codes and layouts -When a key is pressed on a physical keyboard, the keyboard sends a scan code to the keyboard driver. The driver then sends the scan code to the OS and the OS converts the scan code into a virtual key based on the current active layout. The layout defines the mapping of keys on the physical keyboard, and has many variants. A key on a keyboard always sends the same scan code when pressed, however this scan code can map to different virtual keys for different layouts. For example, in the English (United States) keyboard layout, the key to the right of the P key maps to β€œ{β€œ. However, in the Swedish (Sweden) keyboard layout, the same key maps to β€œΓ…β€. +When a key is pressed on a physical keyboard, the keyboard sends a scan code to the keyboard driver. The driver then sends the scan code to the OS and the OS converts the scan code into a virtual key based on the current active layout. The layout defines the mapping of keys on the physical keyboard, and has many variants. A key on a keyboard always sends the same scan code when pressed, however this scan code can map to different virtual keys for different layouts. For example, in the English (United States) keyboard layout, the key to the right of the P key maps to `{`. However, in the Swedish (Sweden) keyboard layout, the same key maps to `Γ…`. Keyboard Filter can block keys either by the scan code or the virtual key. Blocking keys by the scan code is useful for custom keyboards that have special scan codes that don't translate into any single virtual key. Blocking keys by the virtual key is more convenient because it's easier to read and Keyboard Filter suppresses the key correctly even when the location of the key changes because of a layout change. @@ -138,9 +138,9 @@ Keyboard filter can't block the Sleep key. Some hardware keys, such as rotation lock, don't have a defined virtual key. You can still block these keys by using the scan code of the key. -The add (+), multiply (\*), subtract (-), divide (/), and decimal (.) keys have different virtual keys and scan codes on the numeric keypad than on the main keyboard. You must block both keys to block these keys. For example, to block the multiply key, you must add a rule to block β€œ\*” and a rule to block Multiply. +The add (+), multiply (\*), subtract (-), divide (/), and decimal (.) keys have different virtual keys and scan codes on the numeric keypad than on the main keyboard. You must block both keys to block these keys. For example, to block the multiply key, you must add a rule to block "\*" and a rule to block Multiply. -When locking the screen by using the on-screen keyboard, or a combination of a physical keyboard and the on-screen keyboard, the on-screen keyboard sends an extra Windows logo key keystroke to the OS. If your device is using the WindowsΒ 10 shell and you use keyboard filter to block Windows logo key+L, the extra Windows logo key keystroke causes the shell to switch between the **Start** screen and the last active app when a user attempts to lock the device by using the on-screen keyboard, which may be unexpected behavior. +When locking the screen by using the on-screen keyboard, or a combination of a physical keyboard and the on-screen keyboard, the on-screen keyboard sends an extra Windows logo key keystroke to the OS. If your device is using the Windows 10 shell and you use keyboard filter to block Windows logo key+L, the extra Windows logo key keystroke causes the shell to switch between the **Start** screen and the last active app when a user attempts to lock the device by using the on-screen keyboard, which may be unexpected behavior. Some custom keyboard software, such as Microsoft IntelliType Pro, can install Keyboard Filter drivers that prevent Keyboard Filter from being able to block some or all keys, typically extended keys like BrowserHome and Search. diff --git a/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md b/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md index 3b5147e6254..16a6eb3de3c 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md @@ -13,7 +13,7 @@ ms.topic: article --- # Add blocked key combinations - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] The following sample Windows PowerShell script uses the Windows Management Instrumentation (WMI) providers for Keyboard Filter to create three functions to configure Keyboard Filter so that Keyboard Filter blocks key combinations. It demonstrates several ways to use each function. diff --git a/windows/configuration/keyboard-filter/keyboardfilter-key-names.md b/windows/configuration/keyboard-filter/keyboardfilter-key-names.md index 67825c91db9..a3eb1ecb858 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-key-names.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-key-names.md @@ -13,7 +13,7 @@ ms.topic: article --- # Keyboard Filter key names - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] You can configure Keyboard Filter to block keys or key combinations. A key combination consists of one or more modifier keys, separated by a plus sign (+), and either a key name or a key scan code. In addition to the keys listed in the following tables, you can use the predefined key combinations names as custom key combinations. However, we recommend using the predefined key settings when enabling or disabling predefined key combinations. diff --git a/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md b/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md index aeb0399df83..5c88e94fd9a 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md @@ -13,7 +13,7 @@ ms.topic: article --- # List all configured key combinations - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] The following sample Windows PowerShell script uses the Windows Management Instrumentation (WMI) providers for Keyboard Filter to displays all key combination configurations for Keyboard Filter. diff --git a/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md b/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md index 88063b903df..e68471a513d 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md @@ -13,7 +13,7 @@ ms.topic: article --- # Windows PowerShell script samples for Keyboard Filter - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] The list below describes sample Windows PowerShell scripts that demonstrate how to use the Windows Management Instrumentation (WMI) providers for Keyboard Filter. diff --git a/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md b/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md index dffa6315e37..733f298c763 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md @@ -13,7 +13,7 @@ ms.topic: article --- # Keyboard Filter WMI provider reference - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] Describes the Windows Management Instrumentation (WMI) provider classes that you use to configure Keyboard Filter during run time. diff --git a/windows/configuration/keyboard-filter/modify-global-settings.md b/windows/configuration/keyboard-filter/modify-global-settings.md index a5ae8117506..049d85864a5 100644 --- a/windows/configuration/keyboard-filter/modify-global-settings.md +++ b/windows/configuration/keyboard-filter/modify-global-settings.md @@ -13,7 +13,7 @@ ms.topic: article --- # Modify global settings - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] The following sample Windows PowerShell scripts use the Windows Management Instrumentation (WMI) providers to modify global settings for Keyboard Filter. diff --git a/windows/configuration/keyboard-filter/predefined-key-combinations.md b/windows/configuration/keyboard-filter/predefined-key-combinations.md index dee541f232f..5eda454969b 100644 --- a/windows/configuration/keyboard-filter/predefined-key-combinations.md +++ b/windows/configuration/keyboard-filter/predefined-key-combinations.md @@ -13,7 +13,7 @@ ms.topic: article --- # Predefined key combinations - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] This topic lists a set of key combinations that are predefined by a keyboard filter. You can list the value of the WEKF_PredefinedKey.Id to get a complete list of key combinations defined by a keyboard filter. diff --git a/windows/configuration/keyboard-filter/remove-key-combination-configurations.md b/windows/configuration/keyboard-filter/remove-key-combination-configurations.md index ab2c3c63481..698d0fe3606 100644 --- a/windows/configuration/keyboard-filter/remove-key-combination-configurations.md +++ b/windows/configuration/keyboard-filter/remove-key-combination-configurations.md @@ -13,7 +13,7 @@ ms.topic: article --- # Remove key combination configurations - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] The following sample Windows PowerShell script uses the Windows Management Instrumentation (WMI) providers for Keyboard Filter to create two functions to remove custom-defined key combination configurations from Keyboard Filter. It demonstrates several ways to use each function. diff --git a/windows/configuration/keyboard-filter/wekf-customkey.md b/windows/configuration/keyboard-filter/wekf-customkey.md index 653c7daca37..7412c42e3d0 100644 --- a/windows/configuration/keyboard-filter/wekf-customkey.md +++ b/windows/configuration/keyboard-filter/wekf-customkey.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_CustomKey - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] Adds or removes custom-defined key combinations. @@ -53,9 +53,9 @@ The following tables list any methods and properties that belong to this class. ### Remarks -You can specify key combinations by including the modifier keys in the name. The most common modifier names are β€œCtrl”, β€œShift”, β€œAlt”, and β€œWin”. You cannot block a combination of non-modifier keys. For example, you can block a key combination of β€œCtrl+Shift+F”, but you cannot block a key combination of β€œA+D”. +You can specify key combinations by including the modifier keys in the name. The most common modifier names are "Ctrl”, "Shift”, "Alt”, and "Win”. You cannot block a combination of non-modifier keys. For example, you can block a key combination of "Ctrl+Shift+F”, but you cannot block a key combination of "A+D”. -When you block a shift-modified key, you must enter the key as β€œShift” + the unmodified key. For example, to block the % key on an English keyboard layout, you must specify the key as β€œShift+5”. Attempting to block β€œ%”, results in Keyboard Filter blocking β€œ5” instead. +When you block a shift-modified key, you must enter the key as "Shift” + the unmodified key. For example, to block the % key on an English keyboard layout, you must specify the key as "Shift+5”. Attempting to block "%”, results in Keyboard Filter blocking "5” instead. When you specify the key combination to block, you must use the English names for the keys. For a list of the key names you can specify, see Keyboard Filter key names. diff --git a/windows/configuration/keyboard-filter/wekf-customkeyadd.md b/windows/configuration/keyboard-filter/wekf-customkeyadd.md index 5f70777e3ea..9cdc091e069 100644 --- a/windows/configuration/keyboard-filter/wekf-customkeyadd.md +++ b/windows/configuration/keyboard-filter/wekf-customkeyadd.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_CustomKey.Add - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] Creates a new custom key combination and enables Keyboard Filter to block the new key combination. diff --git a/windows/configuration/keyboard-filter/wekf-customkeyremove.md b/windows/configuration/keyboard-filter/wekf-customkeyremove.md index dad47f568f5..b84e8d90a7f 100644 --- a/windows/configuration/keyboard-filter/wekf-customkeyremove.md +++ b/windows/configuration/keyboard-filter/wekf-customkeyremove.md @@ -11,7 +11,7 @@ ms.subservice: iot --- # WEKF_CustomKey.Remove - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] Removes a custom key combination, causing Keyboard Filter to stop blocking the removed key combination. diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkey.md b/windows/configuration/keyboard-filter/wekf-predefinedkey.md index b3acdd2872d..7fdbbb67ffe 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkey.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkey.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_PredefinedKey - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] This class blocks or unblocks predefined key combinations, such as Ctrl+Alt+Delete. diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md b/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md index fc567dfc50a..68392c86351 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_PredefinedKey.Disable - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] Unblocks the specified predefined key combination. diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md b/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md index 12e260feef2..f9b2966bf0d 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_PredefinedKey.Enable - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] This method blocks the specified predefined key combination. diff --git a/windows/configuration/keyboard-filter/wekf-scancode.md b/windows/configuration/keyboard-filter/wekf-scancode.md index 8a7ca0f2977..4238deebc43 100644 --- a/windows/configuration/keyboard-filter/wekf-scancode.md +++ b/windows/configuration/keyboard-filter/wekf-scancode.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_Scancode - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] Blocks or unblocks key combinations by using the keyboard scan code, which is an integer number that is generated whenever a key is pressed or released. @@ -59,7 +59,7 @@ The following tables list any constructors, methods, fields, and properties that Scan codes are generated by the keyboard whenever a key is pressed. The same physical key will always generate the same scan code, regardless of which keyboard layout is currently being used by the system. -You can specify key combinations by including the modifier keys in the *Modifiers* parameter of the **Add** method or by modifying the **Modifiers** property. The most common modifier names are β€œCtrl”, β€œShift”, β€œAlt”, and β€œWin”. +You can specify key combinations by including the modifier keys in the *Modifiers* parameter of the **Add** method or by modifying the **Modifiers** property. The most common modifier names are "Ctrl”, "Shift”, "Alt”, and "Win”. ## Example diff --git a/windows/configuration/keyboard-filter/wekf-scancodeadd.md b/windows/configuration/keyboard-filter/wekf-scancodeadd.md index 6be6715ce97..248ed944e6f 100644 --- a/windows/configuration/keyboard-filter/wekf-scancodeadd.md +++ b/windows/configuration/keyboard-filter/wekf-scancodeadd.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_Scancode.Add - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] This method adds a new custom scan code combination and enables Keyboard Filter to block the new combination. diff --git a/windows/configuration/keyboard-filter/wekf-scancoderemove.md b/windows/configuration/keyboard-filter/wekf-scancoderemove.md index 45836508e3d..2fe9b8aa4da 100644 --- a/windows/configuration/keyboard-filter/wekf-scancoderemove.md +++ b/windows/configuration/keyboard-filter/wekf-scancoderemove.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_Scancode.Remove - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] This method removes a custom scan code key combination, causing Keyboard Filter to stop blocking the removed combination. diff --git a/windows/configuration/keyboard-filter/wekf-settings.md b/windows/configuration/keyboard-filter/wekf-settings.md index 64701a6f5d6..0ba7c0ab7d8 100644 --- a/windows/configuration/keyboard-filter/wekf-settings.md +++ b/windows/configuration/keyboard-filter/wekf-settings.md @@ -7,12 +7,11 @@ ms.service: windows-iot ms.subservice: iot ms.date: 11/12/2024 ms.topic: article - - --- + # WEKF_Settings - +[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] Enables or disables settings for Keyboard Filter. From 4f271fb70fa29d7b8f4eb85127689303df9909cc Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 13 Jan 2025 12:19:04 -0500 Subject: [PATCH 27/91] gremlins --- .../disable-all-blocked-key-combinations.md | 3 +- .../configuration/keyboard-filter/index.md | 48 +++++++++---------- 2 files changed, 23 insertions(+), 28 deletions(-) diff --git a/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md index b762451821d..a64fb74c257 100644 --- a/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md +++ b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md @@ -8,9 +8,8 @@ ms.service: windows-iot ms.subservice: iot ms.date: 11/12/2024 ms.topic: article - - --- + # Disable all blocked key combinations [!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/index.md b/windows/configuration/keyboard-filter/index.md index d323739c8b0..00e000de89d 100644 --- a/windows/configuration/keyboard-filter/index.md +++ b/windows/configuration/keyboard-filter/index.md @@ -7,9 +7,8 @@ ms.service: windows-iot ms.subservice: iot ms.date: 11/12/2024 ms.topic: article - - --- + # Keyboard Filter [!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] @@ -23,13 +22,10 @@ The Keyboard Filter feature works with physical keyboards, the Windows on-screen ## Terminology -* **Turn on, enable:** Make the setting available to the device and optionally apply the settings to the device. Generally *turn on* is used in the user interface or control panel, whereas *enable* is used for command line. - -* **Configure:** To customize the setting or subsettings. - -* **Embedded Keyboard Filter:** This feature is called Embedded Keyboard Filter in Windows 10, version 1511. - -* **Keyboard Filter:** This feature is called Keyboard Filter in Windows 10, version 1607 and later. +- **Turn on, enable:** Make the setting available to the device and optionally apply the settings to the device. Generally *turn on* is used in the user interface or control panel, whereas *enable* is used for command line +- **Configure:** To customize the setting or subsettings +- **Embedded Keyboard Filter:** This feature is called Embedded Keyboard Filter in Windows 10, version 1511 +- **Keyboard Filter:** This feature is called Keyboard Filter in Windows 10, version 1607 and later ## Turn on Keyboard Filter @@ -78,17 +74,17 @@ This example uses a Windows image called install.wim, but you can use the same p Keyboard Filter has the following features: -* Supports hardware keyboards, the standard Windows on-screen keyboard, and the touch keyboard (TabTip.exe). -* Suppresses key combinations even when they come from multiple keyboards. +- Supports hardware keyboards, the standard Windows on-screen keyboard, and the touch keyboard (TabTip.exe) +- Suppresses key combinations even when they come from multiple keyboards For example, if a user presses the Ctrl key and the Alt key on a hardware keyboard, while at the same time pressing Delete on a software keyboard, Keyboard Filter can still detect and suppress the Ctrl+Alt+Delete functionality. -* Supports numeric keypads and keys designed to access media player and browser functionality. -* Can configure a key to breakout of a locked down user session to return to the Welcome screen. -* Automatically handles dynamic layout changes. -* Can be enabled or disabled for administrator accounts. -* Can force disabling of Ease of Access functionality. -* Supports x86 and x64 architectures. +- Supports numeric keypads and keys designed to access media player and browser functionality +- Can configure a key to breakout of a locked down user session to return to the Welcome screen +- Automatically handles dynamic layout changes +- Can be enabled or disabled for administrator accounts +- Can force disabling of Ease of Access functionality +- Supports x86 and x64 architectures ## Keyboard scan codes and layouts @@ -112,11 +108,11 @@ You can enable ease of access features for administrator accounts, while still d You can configure the following options for Keyboard Filter: -* Set/unset predefined key combinations to be suppressed. -* Add/remove custom defined key combinations to be suppressed. -* Enable/disable keyboard filter for administrator accounts. -* Force disabling ease of access features. -* Configure a breakout key sequence to break out of a locked down account. +- Set/unset predefined key combinations to be suppressed +- Add/remove custom defined key combinations to be suppressed +- Enable/disable keyboard filter for administrator accounts +- Force disabling ease of access features +- Configure a breakout key sequence to break out of a locked down account Most configuration changes take effect immediately. Some changes, such as enabling or disabling Keyboard Filter for administrators, don't take effect until the user signs out of the account and then back in. If you change the breakout key scan code, you must restart the device before the change take effect. @@ -146,7 +142,7 @@ Some custom keyboard software, such as Microsoft IntelliType Pro, can install Ke ## In this section -* [Keyboard Filter key names](keyboardfilter-key-names.md) -* [Predefined key combinations](predefined-key-combinations.md) -* [Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) -* [Windows PowerShell script samples for Keyboard Filter](keyboardfilter-powershell-script-samples.md) \ No newline at end of file +- [Keyboard Filter key names](keyboardfilter-key-names.md) +- [Predefined key combinations](predefined-key-combinations.md) +- [Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) +- [Windows PowerShell script samples for Keyboard Filter](keyboardfilter-powershell-script-samples.md) \ No newline at end of file From 44265a6b6e8a14d340c7b167e22a718ff7e100c0 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 13 Jan 2025 12:31:30 -0500 Subject: [PATCH 28/91] moved includes --- .../iot/supported-os-enterprise-plus.md | 2 -- .../keyboard-filter/disable-all-blocked-key-combinations.md | 2 +- windows/configuration/keyboard-filter/index.md | 2 +- .../keyboardfilter-add-blocked-key-combinations.md | 2 +- .../configuration/keyboard-filter/keyboardfilter-key-names.md | 2 +- .../keyboardfilter-list-all-configured-key-combinations.md | 2 +- .../keyboard-filter/keyboardfilter-powershell-script-samples.md | 2 +- .../keyboard-filter/keyboardfilter-wmi-provider-reference.md | 2 +- windows/configuration/keyboard-filter/modify-global-settings.md | 2 +- .../keyboard-filter/predefined-key-combinations.md | 2 +- .../keyboard-filter/remove-key-combination-configurations.md | 2 +- windows/configuration/keyboard-filter/wekf-customkey.md | 2 +- windows/configuration/keyboard-filter/wekf-customkeyadd.md | 2 +- windows/configuration/keyboard-filter/wekf-customkeyremove.md | 2 +- windows/configuration/keyboard-filter/wekf-predefinedkey.md | 2 +- .../configuration/keyboard-filter/wekf-predefinedkeydisable.md | 2 +- .../configuration/keyboard-filter/wekf-predefinedkeyenable.md | 2 +- windows/configuration/keyboard-filter/wekf-scancode.md | 2 +- windows/configuration/keyboard-filter/wekf-scancodeadd.md | 2 +- windows/configuration/keyboard-filter/wekf-scancoderemove.md | 2 +- windows/configuration/keyboard-filter/wekf-settings.md | 2 +- 21 files changed, 20 insertions(+), 22 deletions(-) rename windows/configuration/keyboard-filter/includes-supported-os-enterprise-plus.md => includes/iot/supported-os-enterprise-plus.md (83%) diff --git a/windows/configuration/keyboard-filter/includes-supported-os-enterprise-plus.md b/includes/iot/supported-os-enterprise-plus.md similarity index 83% rename from windows/configuration/keyboard-filter/includes-supported-os-enterprise-plus.md rename to includes/iot/supported-os-enterprise-plus.md index 7e36da09abb..b6c086d649f 100644 --- a/windows/configuration/keyboard-filter/includes-supported-os-enterprise-plus.md +++ b/includes/iot/supported-os-enterprise-plus.md @@ -1,8 +1,6 @@ --- author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot ms-topic: include ms.date: 09/30/2024 --- diff --git a/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md index a64fb74c257..b03d30bccf6 100644 --- a/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md +++ b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md @@ -12,7 +12,7 @@ ms.topic: article # Disable all blocked key combinations -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] The following sample Windows PowerShell script uses the WMI providers to disable all blocked key combinations for Keyboard Filter by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. The key combination configurations are not removed, but Keyboard Filter stops blocking any keys. diff --git a/windows/configuration/keyboard-filter/index.md b/windows/configuration/keyboard-filter/index.md index 00e000de89d..fd81f310463 100644 --- a/windows/configuration/keyboard-filter/index.md +++ b/windows/configuration/keyboard-filter/index.md @@ -11,7 +11,7 @@ ms.topic: article # Keyboard Filter -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] You can use Keyboard Filter to suppress undesirable key presses or key combinations. Normally, a customer can use certain Microsoft Windows key combinations like Ctrl+Alt+Delete or Ctrl+Shift+Tab to alter the operation of a device by locking the screen or using Task Manager to close a running application. This behavior might not be desirable if your device is intended for a dedicated purpose. diff --git a/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md b/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md index 16a6eb3de3c..0a348ac1535 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md @@ -13,7 +13,7 @@ ms.topic: article --- # Add blocked key combinations -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] The following sample Windows PowerShell script uses the Windows Management Instrumentation (WMI) providers for Keyboard Filter to create three functions to configure Keyboard Filter so that Keyboard Filter blocks key combinations. It demonstrates several ways to use each function. diff --git a/windows/configuration/keyboard-filter/keyboardfilter-key-names.md b/windows/configuration/keyboard-filter/keyboardfilter-key-names.md index a3eb1ecb858..4cd9dca8004 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-key-names.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-key-names.md @@ -13,7 +13,7 @@ ms.topic: article --- # Keyboard Filter key names -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] You can configure Keyboard Filter to block keys or key combinations. A key combination consists of one or more modifier keys, separated by a plus sign (+), and either a key name or a key scan code. In addition to the keys listed in the following tables, you can use the predefined key combinations names as custom key combinations. However, we recommend using the predefined key settings when enabling or disabling predefined key combinations. diff --git a/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md b/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md index 5c88e94fd9a..4eedce1bdc9 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md @@ -13,7 +13,7 @@ ms.topic: article --- # List all configured key combinations -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] The following sample Windows PowerShell script uses the Windows Management Instrumentation (WMI) providers for Keyboard Filter to displays all key combination configurations for Keyboard Filter. diff --git a/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md b/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md index e68471a513d..54291219920 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md @@ -13,7 +13,7 @@ ms.topic: article --- # Windows PowerShell script samples for Keyboard Filter -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] The list below describes sample Windows PowerShell scripts that demonstrate how to use the Windows Management Instrumentation (WMI) providers for Keyboard Filter. diff --git a/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md b/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md index 733f298c763..75a555b395e 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md @@ -13,7 +13,7 @@ ms.topic: article --- # Keyboard Filter WMI provider reference -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] Describes the Windows Management Instrumentation (WMI) provider classes that you use to configure Keyboard Filter during run time. diff --git a/windows/configuration/keyboard-filter/modify-global-settings.md b/windows/configuration/keyboard-filter/modify-global-settings.md index 049d85864a5..139d0d170e5 100644 --- a/windows/configuration/keyboard-filter/modify-global-settings.md +++ b/windows/configuration/keyboard-filter/modify-global-settings.md @@ -13,7 +13,7 @@ ms.topic: article --- # Modify global settings -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] The following sample Windows PowerShell scripts use the Windows Management Instrumentation (WMI) providers to modify global settings for Keyboard Filter. diff --git a/windows/configuration/keyboard-filter/predefined-key-combinations.md b/windows/configuration/keyboard-filter/predefined-key-combinations.md index 5eda454969b..451c03a1c51 100644 --- a/windows/configuration/keyboard-filter/predefined-key-combinations.md +++ b/windows/configuration/keyboard-filter/predefined-key-combinations.md @@ -13,7 +13,7 @@ ms.topic: article --- # Predefined key combinations -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] This topic lists a set of key combinations that are predefined by a keyboard filter. You can list the value of the WEKF_PredefinedKey.Id to get a complete list of key combinations defined by a keyboard filter. diff --git a/windows/configuration/keyboard-filter/remove-key-combination-configurations.md b/windows/configuration/keyboard-filter/remove-key-combination-configurations.md index 698d0fe3606..1bc023065a8 100644 --- a/windows/configuration/keyboard-filter/remove-key-combination-configurations.md +++ b/windows/configuration/keyboard-filter/remove-key-combination-configurations.md @@ -13,7 +13,7 @@ ms.topic: article --- # Remove key combination configurations -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] The following sample Windows PowerShell script uses the Windows Management Instrumentation (WMI) providers for Keyboard Filter to create two functions to remove custom-defined key combination configurations from Keyboard Filter. It demonstrates several ways to use each function. diff --git a/windows/configuration/keyboard-filter/wekf-customkey.md b/windows/configuration/keyboard-filter/wekf-customkey.md index 7412c42e3d0..5ff3078bcda 100644 --- a/windows/configuration/keyboard-filter/wekf-customkey.md +++ b/windows/configuration/keyboard-filter/wekf-customkey.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_CustomKey -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] Adds or removes custom-defined key combinations. diff --git a/windows/configuration/keyboard-filter/wekf-customkeyadd.md b/windows/configuration/keyboard-filter/wekf-customkeyadd.md index 9cdc091e069..66d2468ae0b 100644 --- a/windows/configuration/keyboard-filter/wekf-customkeyadd.md +++ b/windows/configuration/keyboard-filter/wekf-customkeyadd.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_CustomKey.Add -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] Creates a new custom key combination and enables Keyboard Filter to block the new key combination. diff --git a/windows/configuration/keyboard-filter/wekf-customkeyremove.md b/windows/configuration/keyboard-filter/wekf-customkeyremove.md index b84e8d90a7f..1430acc8f9b 100644 --- a/windows/configuration/keyboard-filter/wekf-customkeyremove.md +++ b/windows/configuration/keyboard-filter/wekf-customkeyremove.md @@ -11,7 +11,7 @@ ms.subservice: iot --- # WEKF_CustomKey.Remove -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] Removes a custom key combination, causing Keyboard Filter to stop blocking the removed key combination. diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkey.md b/windows/configuration/keyboard-filter/wekf-predefinedkey.md index 7fdbbb67ffe..117169f6c3c 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkey.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkey.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_PredefinedKey -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] This class blocks or unblocks predefined key combinations, such as Ctrl+Alt+Delete. diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md b/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md index 68392c86351..ff0c74fa690 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_PredefinedKey.Disable -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] Unblocks the specified predefined key combination. diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md b/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md index f9b2966bf0d..7b551de1b35 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_PredefinedKey.Enable -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] This method blocks the specified predefined key combination. diff --git a/windows/configuration/keyboard-filter/wekf-scancode.md b/windows/configuration/keyboard-filter/wekf-scancode.md index 4238deebc43..91bd402293f 100644 --- a/windows/configuration/keyboard-filter/wekf-scancode.md +++ b/windows/configuration/keyboard-filter/wekf-scancode.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_Scancode -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] Blocks or unblocks key combinations by using the keyboard scan code, which is an integer number that is generated whenever a key is pressed or released. diff --git a/windows/configuration/keyboard-filter/wekf-scancodeadd.md b/windows/configuration/keyboard-filter/wekf-scancodeadd.md index 248ed944e6f..da49f64456c 100644 --- a/windows/configuration/keyboard-filter/wekf-scancodeadd.md +++ b/windows/configuration/keyboard-filter/wekf-scancodeadd.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_Scancode.Add -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] This method adds a new custom scan code combination and enables Keyboard Filter to block the new combination. diff --git a/windows/configuration/keyboard-filter/wekf-scancoderemove.md b/windows/configuration/keyboard-filter/wekf-scancoderemove.md index 2fe9b8aa4da..b7871134089 100644 --- a/windows/configuration/keyboard-filter/wekf-scancoderemove.md +++ b/windows/configuration/keyboard-filter/wekf-scancoderemove.md @@ -13,7 +13,7 @@ ms.topic: article --- # WEKF_Scancode.Remove -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] This method removes a custom scan code key combination, causing Keyboard Filter to stop blocking the removed combination. diff --git a/windows/configuration/keyboard-filter/wekf-settings.md b/windows/configuration/keyboard-filter/wekf-settings.md index 0ba7c0ab7d8..d2e4cde1f8f 100644 --- a/windows/configuration/keyboard-filter/wekf-settings.md +++ b/windows/configuration/keyboard-filter/wekf-settings.md @@ -11,7 +11,7 @@ ms.topic: article # WEKF_Settings -[!INCLUDE [Supported Editions - Enterprise Plus](includes-supported-os-enterprise-plus.md)] +[!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] Enables or disables settings for Keyboard Filter. From 044a55a746deafe2c427a43fafe32f6430098b3f Mon Sep 17 00:00:00 2001 From: Nidhi Doshi <77081571+doshnid@users.noreply.github.com> Date: Mon, 13 Jan 2025 10:01:40 -0800 Subject: [PATCH 29/91] Update mcc-isp-signup.md support for Ubuntu 22.04 LTS --- windows/deployment/do/mcc-isp-signup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md index 284269f52ef..2af14e7fe25 100644 --- a/windows/deployment/do/mcc-isp-signup.md +++ b/windows/deployment/do/mcc-isp-signup.md @@ -36,7 +36,7 @@ Before you begin sign up, ensure you have the following components: 1. **Peering DB**: Ensure your organization's [Peering DB](https://www.peeringdb.com/) page is up-to-date and active. Check that the NOC email listed is accurate, and that you have access to this email. -1. **Server**: Ensure the server you wish to install Microsoft Connected Cache on is ready, and that the server is installed on Ubuntu 20.04 LTS. +1. **Server**: Ensure the server you wish to install Microsoft Connected Cache on is ready, and that the server is installed on Ubuntu 22.04 LTS. 1. **Configure cache drive**: Make sure that you have a data drive configured with full permissions on your server. You'll need to specify the location for this cache drive during the cache node configuration process. The minimum size for the data drive is 100 GB. For instructions to mount a disk on a Linux VM, see [Attach a data disk to a Linux VM](/azure/virtual-machines/linux/attach-disk-portal#find-the-disk). ## Resource creation and sign up process From 929a31447b785874c8f10df79d690ba71edde50c Mon Sep 17 00:00:00 2001 From: Nidhi Doshi <77081571+doshnid@users.noreply.github.com> Date: Mon, 13 Jan 2025 10:03:27 -0800 Subject: [PATCH 30/91] Update mcc-isp-faq.yml support for ubuntu 22.04 --- windows/deployment/do/mcc-isp-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-isp-faq.yml b/windows/deployment/do/mcc-isp-faq.yml index a5c2e9f7826..1e23e8c36db 100644 --- a/windows/deployment/do/mcc-isp-faq.yml +++ b/windows/deployment/do/mcc-isp-faq.yml @@ -35,7 +35,7 @@ sections: answer: | - Azure subscription - Hardware to host Microsoft Connected Cache - - Ubuntu 20.04 LTS on a physical server or VM of your choice. + - Ubuntu 22.04 LTS on a physical server or VM of your choice. > [!NOTE] > The Microsoft Connected Cache is deployed and managed using Azure IoT Edge and Ubuntu 20.04 is an [Azure IoT Edge Tier 1 operating system](/azure/iot-edge/support?view=iotedge-2020-11#tier-1). Additionally, the Microsoft Connected Cache module is optimized for Ubuntu 20.04 LTS. From a339e5d4a6ba9e75bd7ece1c5f9e6a411ea7bf11 Mon Sep 17 00:00:00 2001 From: Nidhi Doshi <77081571+doshnid@users.noreply.github.com> Date: Mon, 13 Jan 2025 10:37:45 -0800 Subject: [PATCH 31/91] Update mcc-isp-support.md support for Ubuntu 22.04 --- windows/deployment/do/mcc-isp-support.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/windows/deployment/do/mcc-isp-support.md b/windows/deployment/do/mcc-isp-support.md index dbced5230c6..a2e165f1999 100644 --- a/windows/deployment/do/mcc-isp-support.md +++ b/windows/deployment/do/mcc-isp-support.md @@ -97,6 +97,15 @@ Rerun the IoT Edge Check command to validate proper connectivity: ```bash iotedge check -verbose ``` +
+ +## Updating from Ubuntu 20.04 to 22.04 +You can now provision Microsoft Connected Cache for ISP on Ubuntu 22.04. +If you have a cache node provisioned on Ubuntu 20.04, you will need to uninstall it first before updating to Ubuntu 22.04. +Once you have updated the system, download the provisioning package from Azure portal and run the provisioning script on the portal. +For more information on provisioning cache node, visit, [Create, provision and deploy cache node](mcc-isp-create-provision-deploy#provision-your-server). + +
## Diagnose and Solve Problems @@ -110,6 +119,7 @@ Within **Diagnose and solve problems**, select **Troubleshoot** under the type o :::image type="content" source="images/mcc-isp-diagnose-solve-troubleshoot.png" alt-text="A screenshot of Azure portal showing the option to select Troubleshoot to continue troubleshooting common issues related to the installation of Microsoft Connected Cache." lightbox="images/mcc-isp-diagnose-solve-troubleshoot.png"::: + ## Steps to obtain an Azure subscription ID To onboard onto Microsoft Connected Cache, you'll need an Azure subscription ID. Use the following steps to obtain your subscription ID: From 491a3850c4130f5cfdc2ed9c1caa25aea64b24ff Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 13 Jan 2025 14:01:34 -0500 Subject: [PATCH 32/91] metadata --- .../disable-all-blocked-key-combinations.md | 7 ++----- windows/configuration/keyboard-filter/index.md | 10 ++++------ .../keyboardfilter-add-blocked-key-combinations.md | 9 +++------ .../keyboard-filter/keyboardfilter-key-names.md | 10 +++------- ...rdfilter-list-all-configured-key-combinations.md | 10 +++------- .../keyboardfilter-powershell-script-samples.md | 10 +++------- .../keyboardfilter-wmi-provider-reference.md | 10 +++------- .../keyboard-filter/modify-global-settings.md | 10 +++------- .../keyboard-filter/predefined-key-combinations.md | 10 +++------- .../remove-key-combination-configurations.md | 10 +++------- .../configuration/keyboard-filter/wekf-customkey.md | 13 +++++-------- .../keyboard-filter/wekf-customkeyadd.md | 10 +++------- .../keyboard-filter/wekf-customkeyremove.md | 8 +++----- .../keyboard-filter/wekf-predefinedkey.md | 10 +++------- .../keyboard-filter/wekf-predefinedkeydisable.md | 10 +++------- .../keyboard-filter/wekf-predefinedkeyenable.md | 10 +++------- .../configuration/keyboard-filter/wekf-scancode.md | 12 ++++-------- .../keyboard-filter/wekf-scancodeadd.md | 10 +++------- .../keyboard-filter/wekf-scancoderemove.md | 10 +++------- .../configuration/keyboard-filter/wekf-settings.md | 6 ++---- 20 files changed, 62 insertions(+), 133 deletions(-) diff --git a/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md index b03d30bccf6..36e78231ef6 100644 --- a/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md +++ b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md @@ -1,13 +1,10 @@ --- title: Disable all blocked key combinations description: Disable all blocked key combinations -ms.assetid: 60327cc7-ef5b-4f26-8437-83b32711b6d8 author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article +ms.date: 01/13/2025 +ms.topic: reference --- # Disable all blocked key combinations diff --git a/windows/configuration/keyboard-filter/index.md b/windows/configuration/keyboard-filter/index.md index fd81f310463..cb761c4814a 100644 --- a/windows/configuration/keyboard-filter/index.md +++ b/windows/configuration/keyboard-filter/index.md @@ -1,12 +1,10 @@ --- title: Keyboard Filter description: Keyboard Filter -author: sydbruck -ms.author: sybruckm -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article +author: TerryWarwick +ms.author: twarwick +ms.date: 01/13/2025 +ms.topic: overview --- # Keyboard Filter diff --git a/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md b/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md index 0a348ac1535..acb297b4221 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md @@ -4,13 +4,10 @@ description: Add blocked key combinations ms.assetid: f51892fc-0262-4b25-b117-6e131b86fb68 author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article - - +ms.date: 01/13/2025 +ms.topic: reference --- + # Add blocked key combinations [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/keyboardfilter-key-names.md b/windows/configuration/keyboard-filter/keyboardfilter-key-names.md index 4cd9dca8004..39de2bc0290 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-key-names.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-key-names.md @@ -1,16 +1,12 @@ --- title: Keyboard Filter key names description: Keyboard Filter key names -ms.assetid: 5f3772bb-fdd2-4816-9994-bd2523099400 author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article - - +ms.date: 01/13/2025 +ms.topic: reference --- + # Keyboard Filter key names [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md b/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md index 4eedce1bdc9..cf3c45fed99 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md @@ -1,16 +1,12 @@ --- title: List all configured key combinations description: List all configured key combinations -ms.assetid: b5ffa47e-87ea-4df4-9291-f37f6b23683b author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article - - +ms.date: 01/13/2025 +ms.topic: reference --- + # List all configured key combinations [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md b/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md index 54291219920..86dc5306fcb 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md @@ -1,16 +1,12 @@ --- title: Windows PowerShell script samples for Keyboard Filter description: Windows PowerShell script samples for Keyboard Filter -ms.assetid: ba5dbfc3-05a6-44d7-aac9-1f9b328d0df7 author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article - - +ms.date: 01/13/2025 +ms.topic: reference --- + # Windows PowerShell script samples for Keyboard Filter [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md b/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md index 75a555b395e..798cef5c0f0 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md @@ -1,16 +1,12 @@ --- title: Keyboard Filter WMI provider reference description: Keyboard Filter WMI provider reference -ms.assetid: d17428d9-47e3-4510-b2cf-d4b4883687c1 author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article - - +ms.date: 01/13/2025 +ms.topic: reference --- + # Keyboard Filter WMI provider reference [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/modify-global-settings.md b/windows/configuration/keyboard-filter/modify-global-settings.md index 139d0d170e5..2b69a9de23b 100644 --- a/windows/configuration/keyboard-filter/modify-global-settings.md +++ b/windows/configuration/keyboard-filter/modify-global-settings.md @@ -1,16 +1,12 @@ --- title: Modify global settings description: Modify global settings -ms.assetid: b1388f15-e3a4-4513-8721-8ba3ce19747a author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article - - +ms.date: 01/13/2025 +ms.topic: how-to --- + # Modify global settings [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/predefined-key-combinations.md b/windows/configuration/keyboard-filter/predefined-key-combinations.md index 451c03a1c51..17df2fd3a5c 100644 --- a/windows/configuration/keyboard-filter/predefined-key-combinations.md +++ b/windows/configuration/keyboard-filter/predefined-key-combinations.md @@ -1,16 +1,12 @@ --- title: Predefined key combinations description: Predefined key combinations -ms.assetid: 9fc86f03-6d9e-4899-a4b7-fa8ad7835c65 author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article - - +ms.date: 01/13/2025 +ms.topic: reference --- + # Predefined key combinations [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/remove-key-combination-configurations.md b/windows/configuration/keyboard-filter/remove-key-combination-configurations.md index 1bc023065a8..6cc57a6efd4 100644 --- a/windows/configuration/keyboard-filter/remove-key-combination-configurations.md +++ b/windows/configuration/keyboard-filter/remove-key-combination-configurations.md @@ -1,16 +1,12 @@ --- title: Remove key combination configurations description: Remove key combination configurations -ms.assetid: 14f61d51-834b-4d15-8024-6728f0c8bc9c author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article - - +ms.date: 01/13/2025 +ms.topic: reference --- + # Remove key combination configurations [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/wekf-customkey.md b/windows/configuration/keyboard-filter/wekf-customkey.md index 5ff3078bcda..cf923ed0e60 100644 --- a/windows/configuration/keyboard-filter/wekf-customkey.md +++ b/windows/configuration/keyboard-filter/wekf-customkey.md @@ -1,16 +1,13 @@ --- title: WEKF_CustomKey description: WEKF_CustomKey -ms.assetid: 7d67c0ce-844c-4534-96d4-2c7f21a69c8e author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article +ms.date: 01/13/2025 +ms.topic: reference +--- ---- # WEKF_CustomKey [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] @@ -53,9 +50,9 @@ The following tables list any methods and properties that belong to this class. ### Remarks -You can specify key combinations by including the modifier keys in the name. The most common modifier names are "Ctrl”, "Shift”, "Alt”, and "Win”. You cannot block a combination of non-modifier keys. For example, you can block a key combination of "Ctrl+Shift+F”, but you cannot block a key combination of "A+D”. +You can specify key combinations by including the modifier keys in the name. The most common modifier names are "Ctrl", "Shift", "Alt", and "Win". You cannot block a combination of non-modifier keys. For example, you can block a key combination of "Ctrl+Shift+F", but you cannot block a key combination of "A+D". -When you block a shift-modified key, you must enter the key as "Shift” + the unmodified key. For example, to block the % key on an English keyboard layout, you must specify the key as "Shift+5”. Attempting to block "%”, results in Keyboard Filter blocking "5” instead. +When you block a shift-modified key, you must enter the key as "Shift" + the unmodified key. For example, to block the % key on an English keyboard layout, you must specify the key as "Shift+5". Attempting to block "%", results in Keyboard Filter blocking "5" instead. When you specify the key combination to block, you must use the English names for the keys. For a list of the key names you can specify, see Keyboard Filter key names. diff --git a/windows/configuration/keyboard-filter/wekf-customkeyadd.md b/windows/configuration/keyboard-filter/wekf-customkeyadd.md index 66d2468ae0b..303b38b6da5 100644 --- a/windows/configuration/keyboard-filter/wekf-customkeyadd.md +++ b/windows/configuration/keyboard-filter/wekf-customkeyadd.md @@ -1,16 +1,12 @@ --- title: WEKF_CustomKey.Add description: WEKF_CustomKey.Add -ms.assetid: 59040e1b-1706-476b-9d7c-2279b20c47b4 author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article - - +ms.date: 01/13/2025 +ms.topic: reference --- + # WEKF_CustomKey.Add [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/wekf-customkeyremove.md b/windows/configuration/keyboard-filter/wekf-customkeyremove.md index 1430acc8f9b..b968ab2ccd3 100644 --- a/windows/configuration/keyboard-filter/wekf-customkeyremove.md +++ b/windows/configuration/keyboard-filter/wekf-customkeyremove.md @@ -1,14 +1,12 @@ --- title: WEKF_CustomKey.Remove description: WEKF_CustomKey.Remove -ms.assetid: 944d2987-5b2c-4c88-8199-dcec12d626b2 -ms.date: 11/12/2024 -ms.topic: article +ms.date: 01/13/2025 +ms.topic: reference author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot --- + # WEKF_CustomKey.Remove [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkey.md b/windows/configuration/keyboard-filter/wekf-predefinedkey.md index 117169f6c3c..428aa6a2107 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkey.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkey.md @@ -1,16 +1,12 @@ --- title: WEKF_PredefinedKey description: WEKF_PredefinedKey -ms.assetid: 2fc29e2b-1c76-437f-99b0-db13a3aeb1af author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article - - +ms.date: 01/13/2025 +ms.topic: reference --- + # WEKF_PredefinedKey [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md b/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md index ff0c74fa690..9ab8d4c21b6 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md @@ -1,16 +1,12 @@ --- title: WEKF_PredefinedKey.Disable description: WEKF_PredefinedKey.Disable -ms.assetid: 81a040b3-b845-4cb2-872f-68082b048316 author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article - - +ms.date: 01/13/2025 +ms.topic: reference --- + # WEKF_PredefinedKey.Disable [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md b/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md index 7b551de1b35..94bb6ddda09 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md @@ -1,16 +1,12 @@ --- title: WEKF_PredefinedKey.Enable description: WEKF_PredefinedKey.Enable -ms.assetid: 4ea8c6c4-3bf6-475f-b9e1-38e1a971eda5 author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article - - +ms.date: 01/13/2025 +ms.topic: reference --- + # WEKF_PredefinedKey.Enable [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/wekf-scancode.md b/windows/configuration/keyboard-filter/wekf-scancode.md index 91bd402293f..1fad410df3d 100644 --- a/windows/configuration/keyboard-filter/wekf-scancode.md +++ b/windows/configuration/keyboard-filter/wekf-scancode.md @@ -1,16 +1,12 @@ --- title: WEKF_Scancode description: WEKF_Scancode -ms.assetid: a71bcc26-5469-4018-b426-eae277d7716d author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article - - +ms.date: 01/13/2025 +ms.topic: reference --- + # WEKF_Scancode [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] @@ -59,7 +55,7 @@ The following tables list any constructors, methods, fields, and properties that Scan codes are generated by the keyboard whenever a key is pressed. The same physical key will always generate the same scan code, regardless of which keyboard layout is currently being used by the system. -You can specify key combinations by including the modifier keys in the *Modifiers* parameter of the **Add** method or by modifying the **Modifiers** property. The most common modifier names are "Ctrl”, "Shift”, "Alt”, and "Win”. +You can specify key combinations by including the modifier keys in the *Modifiers* parameter of the **Add** method or by modifying the **Modifiers** property. The most common modifier names are "Ctrl", "Shift", "Alt", and "Win". ## Example diff --git a/windows/configuration/keyboard-filter/wekf-scancodeadd.md b/windows/configuration/keyboard-filter/wekf-scancodeadd.md index da49f64456c..705ec45d58b 100644 --- a/windows/configuration/keyboard-filter/wekf-scancodeadd.md +++ b/windows/configuration/keyboard-filter/wekf-scancodeadd.md @@ -1,16 +1,12 @@ --- title: WEKF_Scancode.Add description: WEKF_Scancode.Add -ms.assetid: cb5ea693-e871-4338-957a-f78f87a932ba author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article - - +ms.date: 01/13/2025 +ms.topic: reference --- + # WEKF_Scancode.Add [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/wekf-scancoderemove.md b/windows/configuration/keyboard-filter/wekf-scancoderemove.md index b7871134089..324834c26cc 100644 --- a/windows/configuration/keyboard-filter/wekf-scancoderemove.md +++ b/windows/configuration/keyboard-filter/wekf-scancoderemove.md @@ -1,16 +1,12 @@ --- title: WEKF_Scancode.Remove description: WEKF_Scancode.Remove -ms.assetid: 86185501-edc3-4c1d-be0b-5621c64f9540 author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article - - +ms.date: 01/13/2025 +ms.topic: reference --- + # WEKF_Scancode.Remove [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] diff --git a/windows/configuration/keyboard-filter/wekf-settings.md b/windows/configuration/keyboard-filter/wekf-settings.md index d2e4cde1f8f..58c388b7e5f 100644 --- a/windows/configuration/keyboard-filter/wekf-settings.md +++ b/windows/configuration/keyboard-filter/wekf-settings.md @@ -3,10 +3,8 @@ title: WEKF_Settings description: WEKF_Settings author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot -ms.date: 11/12/2024 -ms.topic: article +ms.date: 01/13/2025 +ms.topic: reference --- # WEKF_Settings From 69a96a28e64b23b1a12726a7e7b2a8fa43b4453b Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 13 Jan 2025 15:05:20 -0500 Subject: [PATCH 33/91] Acrolinx --- .../disable-all-blocked-key-combinations.md | 12 +++++------ ...er-list-all-configured-key-combinations.md | 2 +- ...eyboardfilter-powershell-script-samples.md | 2 +- .../remove-key-combination-configurations.md | 4 ++-- .../keyboard-filter/wekf-customkey.md | 20 +++++-------------- .../keyboard-filter/wekf-customkeyadd.md | 14 ++----------- .../keyboard-filter/wekf-customkeyremove.md | 16 +++------------ .../keyboard-filter/wekf-predefinedkey.md | 19 ++++-------------- .../wekf-predefinedkeydisable.md | 11 +--------- .../wekf-predefinedkeyenable.md | 12 +---------- .../keyboard-filter/wekf-scancode.md | 18 ++++------------- .../keyboard-filter/wekf-scancodeadd.md | 14 ++----------- .../keyboard-filter/wekf-scancoderemove.md | 16 +++------------ .../keyboard-filter/wekf-settings.md | 20 +++++-------------- 14 files changed, 39 insertions(+), 141 deletions(-) diff --git a/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md index 36e78231ef6..c8e6da20645 100644 --- a/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md +++ b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md @@ -11,7 +11,7 @@ ms.topic: reference [!INCLUDE [supported-os-enterprise-plus](../../../includes/iot/supported-os-enterprise-plus.md)] -The following sample Windows PowerShell script uses the WMI providers to disable all blocked key combinations for Keyboard Filter by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. The key combination configurations are not removed, but Keyboard Filter stops blocking any keys. +The following sample Windows PowerShell script uses the WMI providers to disable all blocked key combinations for Keyboard Filter by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. The key combination configurations aren't removed, but Keyboard Filter stops blocking any keys. ## Disable-all-rules.ps1 @@ -69,10 +69,8 @@ Get-WMIObject -class WEKF_Scancode @CommonParams | } ``` -## Related topics +## Related articles -[Windows PowerShell script samples for keyboard filter](keyboardfilter-powershell-script-samples.md) - -[Keyboard filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) - -[Keyboard filter](index.md) +- [Windows PowerShell script samples for keyboard filter](keyboardfilter-powershell-script-samples.md) +- [Keyboard filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) +- [Keyboard filter](index.md) diff --git a/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md b/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md index cf3c45fed99..2fa1f6d8e26 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md @@ -64,7 +64,7 @@ Get-WMIObject -class WEKF_Scancode @CommonParams | } ``` -## Related topics +## Related articles [Windows PowerShell script samples for keyboard filter](keyboardfilter-powershell-script-samples.md) diff --git a/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md b/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md index 86dc5306fcb..8f8048582e4 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md @@ -21,7 +21,7 @@ The list below describes sample Windows PowerShell scripts that demonstrate how | [Modify global settings](modify-global-settings.md) | Demonstrates how to modify global settings for Keyboard Filter. | | [Remove key combination configurations](remove-key-combination-configurations.md) | Demonstrates how to remove a custom defined key combination configuration for Keyboard Filter. | -## Related topics +## Related articles [Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) diff --git a/windows/configuration/keyboard-filter/remove-key-combination-configurations.md b/windows/configuration/keyboard-filter/remove-key-combination-configurations.md index 6cc57a6efd4..eadd760d933 100644 --- a/windows/configuration/keyboard-filter/remove-key-combination-configurations.md +++ b/windows/configuration/keyboard-filter/remove-key-combination-configurations.md @@ -17,7 +17,7 @@ The first function, **Remove-Custom-Key**, removes custom key combination config The second function, **Remove-Scancode**, removes custom scan code configurations. -You cannot remove the predefined key combination configurations for Keyboard Filter, but you can disable them. +You can't remove the predefined key combination configurations for Keyboard Filter, but you can disable them. ## Remove-rules.ps1 @@ -99,7 +99,7 @@ Remove-Custom-Key "%" Remove-Scancode "Ctrl" 37 ``` -## Related topics +## Related articles [Windows PowerShell script samples for keyboard filter](keyboardfilter-powershell-script-samples.md) diff --git a/windows/configuration/keyboard-filter/wekf-customkey.md b/windows/configuration/keyboard-filter/wekf-customkey.md index cf923ed0e60..d1869903ee4 100644 --- a/windows/configuration/keyboard-filter/wekf-customkey.md +++ b/windows/configuration/keyboard-filter/wekf-customkey.md @@ -46,19 +46,19 @@ The following tables list any methods and properties that belong to this class. | Property | Data type | Qualifiers | Description | |----------|----------------|------------|--------------| | **Id** | string | [key] | The name of the custom key combination. | -| **Enabled** | Boolean | [read, write] | Indicates if the key is blocked or unblocked. This property can be one of the following values
- **true** Indicates that the key is blocked.
- **false** Indicates that the key is not blocked. | +| **Enabled** | Boolean | [read, write] | Indicates if the key is blocked or unblocked. This property can be one of the following values
- **true** Indicates that the key is blocked.
- **false** Indicates that the key isn't blocked. | ### Remarks -You can specify key combinations by including the modifier keys in the name. The most common modifier names are "Ctrl", "Shift", "Alt", and "Win". You cannot block a combination of non-modifier keys. For example, you can block a key combination of "Ctrl+Shift+F", but you cannot block a key combination of "A+D". +You can specify key combinations by including the modifier keys in the name. The most common modifier names are >Ctrl, >Shift, >Alt, and >Win. You can't block a combination of non-modifier keys. For example, you can block a key combination of >Ctrl+>Shift+>F, but you can't block a key combination of >A+>D. -When you block a shift-modified key, you must enter the key as "Shift" + the unmodified key. For example, to block the % key on an English keyboard layout, you must specify the key as "Shift+5". Attempting to block "%", results in Keyboard Filter blocking "5" instead. +When you block a >Shift-modified key, you must enter the key as >Shift + the unmodified key. For example, to block the >% key on an English keyboard layout, you must specify the key as >Shift+>5. Attempting to block >%, results in Keyboard Filter blocking >5 instead. When you specify the key combination to block, you must use the English names for the keys. For a list of the key names you can specify, see Keyboard Filter key names. ## Example -The following code demonstrates how to add or enable a custom key combination that Keyboard Filter will block by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. This example modifies the properties directly and does not call any of the methods defined in **WEKF_CustomKey**. +The following code demonstrates how to add or enable a custom key combination that Keyboard Filter will block by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. This example modifies the properties directly and doesn't call any of the methods defined in **WEKF_CustomKey**. ```powershell <# @@ -123,17 +123,7 @@ Enable-Custom-Key "Numpad0" Enable-Custom-Key "Shift+Numpad1" ``` -## Requirements - -| Windows Edition | Supported | -|:-----------------------|:---------:| -| Windows Home | No | -| Windows Pro | No | -| Windows Enterprise | Yes | -| Windows Education | Yes | -| Windows IoT Enterprise | Yes | - -## Related topics +## Related articles [Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) diff --git a/windows/configuration/keyboard-filter/wekf-customkeyadd.md b/windows/configuration/keyboard-filter/wekf-customkeyadd.md index 303b38b6da5..cd56a93da5d 100644 --- a/windows/configuration/keyboard-filter/wekf-customkeyadd.md +++ b/windows/configuration/keyboard-filter/wekf-customkeyadd.md @@ -33,7 +33,7 @@ Returns an HRESULT value that indicates a [WMI Non-Error Constant](/windows/win3 **WEKF_CustomKey.Add** creates a new **WEKF_CustomKey** object and sets the **Enabled** property of the new object to **true**, and the **Id** property to *CustomKey*. -If a **WEKF_CustomKey** object already exists with the **Id** property equal to *CustomKey*, then **WEKF_CustomKey.Add** returns an error code and does not create a new object or modify any properties of the existing object. If the existing **WEKF_CustomKey** object has the **Enabled** property set to **false**, Keyboard Filter does not block the custom key combination. +If a **WEKF_CustomKey** object already exists with the **Id** property equal to *CustomKey*, then **WEKF_CustomKey.Add** returns an error code and doesn't create a new object or modify any properties of the existing object. If the existing **WEKF_CustomKey** object has the **Enabled** property set to **false**, Keyboard Filter does not block the custom key combination. ## Example @@ -90,17 +90,7 @@ foreach ($objCustomKeyItem in $objCustomKeyList) { } ``` -## Requirements - -| Windows Edition | Supported | -|:-----------------------|:---------:| -| Windows Home | No | -| Windows Pro | No | -| Windows Enterprise | Yes | -| Windows Education | Yes | -| Windows IoT Enterprise | Yes | - -## Related topics +## Related articles - [WEKF_CustomKey](wekf-customkey.md) - [Keyboard Filter](index.md) diff --git a/windows/configuration/keyboard-filter/wekf-customkeyremove.md b/windows/configuration/keyboard-filter/wekf-customkeyremove.md index b968ab2ccd3..5fdceb9f5a1 100644 --- a/windows/configuration/keyboard-filter/wekf-customkeyremove.md +++ b/windows/configuration/keyboard-filter/wekf-customkeyremove.md @@ -31,13 +31,13 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n ## Remarks -**WEKF_CustomKey.Remove** removes an existing **WEKF_CustomKey** object. If the object does not exist, **WEKF_CustomKey.Remove** returns an error with the value 0x8007007B. +**WEKF_CustomKey.Remove** removes an existing **WEKF_CustomKey** object. If the object doesn't exist, **WEKF_CustomKey.Remove** returns an error with the value 0x8007007B. -Because this method is static, you cannot call it on an object instance, but must instead call it at the class level. +Because this method is static, you can't call it on an object instance, but must instead call it at the class level. ## Example -The following code demonstrates how to remove a custom key from Keyboard Filter so it is no longer blocked by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. +The following code demonstrates how to remove a custom key from Keyboard Filter so it's no longer blocked by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. ```powershell $COMPUTER = "localhost" @@ -82,16 +82,6 @@ foreach ($objCustomKey in $objDisabledCustomKeys) { } ``` -## Requirements - -| Windows Edition | Supported | -|:-----------------------|:---------:| -| Windows Home | No | -| Windows Pro | No | -| Windows Enterprise | Yes | -| Windows Education | Yes | -| Windows IoT Enterprise | Yes | - ## Related topics - [WEKF_CustomKey](wekf-customkey.md) diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkey.md b/windows/configuration/keyboard-filter/wekf-predefinedkey.md index 428aa6a2107..d81f72d8015 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkey.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkey.md @@ -45,7 +45,7 @@ The following tables list any constructors, methods, fields, and properties that | Property | Data type | Qualifiers | Description | |:------------|:----------|:--------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **Id** | string | [key] | The name of the predefined key combination. | -| **Enabled** | Boolean | [read, write] | Indicates whether the key is blocked or unblocked. To indicate that the key is blocked, specify **true**. To indicate that the key is not blocked, specify **false**. | +| **Enabled** | Boolean | [read, write] | Indicates whether the key is blocked or unblocked. To indicate that the key is blocked, specify **true**. To indicate that the key isn't blocked, specify **false**. | ### Remarks @@ -108,18 +108,7 @@ Enable-Predefined-Key "Ctrl+Alt+Delete" Enable-Predefined-Key "Ctrl+Esc" ``` -## Requirements +## Related articles -| Windows Edition | Supported | -|:-----------------------|:---------:| -| Windows Home | No | -| Windows Pro | No | -| Windows Enterprise | Yes | -| Windows Education | Yes | -| Windows IoT Enterprise | Yes | - -## Related topics - -[Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) - -[Keyboard Filter](index.md) +- [Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) +- [Keyboard Filter](index.md) diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md b/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md index 9ab8d4c21b6..8b954dee192 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md @@ -29,17 +29,8 @@ Unblocks the specified predefined key combination. Returns an HRESULT value that indicates [WMI Non-error constant](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error constant](/windows/win32/wmisdk/wmi-error-constants). -## Requirements -| Windows Edition | Supported | -|:-----------------------|:---------:| -| Windows Home | No | -| Windows Pro | No | -| Windows Enterprise | Yes | -| Windows Education | Yes | -| Windows IoT Enterprise | Yes | - -## Related topics +## Related articles - [WEKF_PredefinedKey](wekf-predefinedkey.md) - [Keyboard Filter](index.md) diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md b/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md index 94bb6ddda09..a96fbd43653 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md @@ -29,17 +29,7 @@ This method blocks the specified predefined key combination. Returns an HRESULT value that indicates [WMI non-error constant](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error constant](/windows/win32/wmisdk/wmi-error-constants). -## Requirements - -| Windows Edition | Supported | -|:-----------------------|:---------:| -| Windows Home | No | -| Windows Pro | No | -| Windows Enterprise | Yes | -| Windows Education | Yes | -| Windows IoT Enterprise | Yes | - -## Related topics +## Related articles - [WEKF_PredefinedKey](wekf-predefinedkey.md) - [Keyboard Filter](index.md) diff --git a/windows/configuration/keyboard-filter/wekf-scancode.md b/windows/configuration/keyboard-filter/wekf-scancode.md index 1fad410df3d..d24df9ed10c 100644 --- a/windows/configuration/keyboard-filter/wekf-scancode.md +++ b/windows/configuration/keyboard-filter/wekf-scancode.md @@ -49,17 +49,17 @@ The following tables list any constructors, methods, fields, and properties that |----------|----------------|------------|-------------| | **Modifiers** | string | [key] | The modifier keys that are part of the key combination to block. | | **Scancode** | uint16 | [key] | The scan code part of the key combination to block. | -| **Enabled** | Boolean | [read, write] | Indicates whether the scan code is blocked or unblocked. This property can be one of the following values:
- **true** Indicates that the scan code is blocked.
- **false** Indicates that the scan code is not blocked. | +| **Enabled** | Boolean | [read, write] | Indicates whether the scan code is blocked or unblocked. This property can be one of the following values:
- **true** Indicates that the scan code is blocked.
- **false** Indicates that the scan code isn't blocked. | ### Remarks Scan codes are generated by the keyboard whenever a key is pressed. The same physical key will always generate the same scan code, regardless of which keyboard layout is currently being used by the system. -You can specify key combinations by including the modifier keys in the *Modifiers* parameter of the **Add** method or by modifying the **Modifiers** property. The most common modifier names are "Ctrl", "Shift", "Alt", and "Win". +You can specify key combinations by including the modifier keys in the *Modifiers* parameter of the **Add** method or by modifying the **Modifiers** property. The most common modifier names are >Ctrl, >Shift, >Alt, and >Win. ## Example -The following code demonstrates how to add or enable a keyboard scan code that Keyboard Filter will block by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. This example modifies the properties directly, and does not call any of the methods defined in **WEKF_Scancode**. +The following code demonstrates how to add or enable a keyboard scan code that Keyboard Filter will block by using the Windows Management Instrumentation (WMI) providers for Keyboard Filter. This example modifies the properties directly, and doesn't call any of the methods defined in **WEKF_Scancode**. ```powershell <# @@ -121,17 +121,7 @@ function Enable-Scancode($Modifiers, [int]$Code) { Enable-Scancode "Ctrl" 37 ``` -## Requirements - -| Windows Edition | Supported | -|:-----------------------|:---------:| -| Windows Home | No | -| Windows Pro | No | -| Windows Enterprise | Yes | -| Windows Education | Yes | -| Windows IoT Enterprise | Yes | - -## Related topics +## Related articles [Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) diff --git a/windows/configuration/keyboard-filter/wekf-scancodeadd.md b/windows/configuration/keyboard-filter/wekf-scancodeadd.md index 705ec45d58b..02ae02c4f11 100644 --- a/windows/configuration/keyboard-filter/wekf-scancodeadd.md +++ b/windows/configuration/keyboard-filter/wekf-scancodeadd.md @@ -36,19 +36,9 @@ Returns an HRESULT value that indicates [WMI non-error constant](/windows/win32/ **WEKF_Scancode.Add** creates a new **WEKF_Scancode** object and sets the **Enabled** property of the new object to **true**. -If a **WEKF_Scancode** object already exists with same *Modifiers* and *Scancode* properties, then **WEKF_Scancode.Add** returns an error code and does not create a new object or modify any properties of the existing object. If the existing **WEKF_Scancode** object has the **Enabled** property set to **false**, Keyboard Filter does not block the scan code. +If a **WEKF_Scancode** object already exists with same *Modifiers* and *Scancode* properties, then **WEKF_Scancode.Add** returns an error code and doesn't create a new object or modify any properties of the existing object. If the existing **WEKF_Scancode** object has the **Enabled** property set to **false**, Keyboard Filter does not block the scan code. -## Requirements - -| Windows Edition | Supported | -|:-----------------------|:---------:| -| Windows Home | No | -| Windows Pro | No | -| Windows Enterprise | Yes | -| Windows Education | Yes | -| Windows IoT Enterprise | Yes | - -## Related topics +## Related articles - [WEKF_Scancode](wekf-scancode.md) - [Keyboard Filter](index.md) diff --git a/windows/configuration/keyboard-filter/wekf-scancoderemove.md b/windows/configuration/keyboard-filter/wekf-scancoderemove.md index 324834c26cc..ae761e5b61b 100644 --- a/windows/configuration/keyboard-filter/wekf-scancoderemove.md +++ b/windows/configuration/keyboard-filter/wekf-scancoderemove.md @@ -34,21 +34,11 @@ Returns an HRESULT value that indicates [WMI non-error constant](/windows/win32/ ## Remarks -**WEKF_Scancode.Remove** removes an existing **WEKF_Scancode** object. If the object does not exist, **WEKF_Scancode.Remove** returns an error with the value 0x8007007B. +**WEKF_Scancode.Remove** removes an existing **WEKF_Scancode** object. If the object doesn't exist, **WEKF_Scancode.Remove** returns an error with the value 0x8007007B. -Because this method is static, you cannot call it on an object instance, but must instead call it at the class level. +Because this method is static, you can't call it on an object instance, but must instead call it at the class level. -## Requirements - -| Windows Edition | Supported | -|:-----------------------|:---------:| -| Windows Home | No | -| Windows Pro | No | -| Windows Enterprise | Yes | -| Windows Education | Yes | -| Windows IoT Enterprise | Yes | - -## Related topics +## Related articles - [WEKF_Scancode](wekf-scancode.md) - [Keyboard Filter](index.md) diff --git a/windows/configuration/keyboard-filter/wekf-settings.md b/windows/configuration/keyboard-filter/wekf-settings.md index 58c388b7e5f..0aa64a5a7d0 100644 --- a/windows/configuration/keyboard-filter/wekf-settings.md +++ b/windows/configuration/keyboard-filter/wekf-settings.md @@ -31,7 +31,7 @@ The following tables list any methods and properties that belong to this class. | Property | Data type | Qualifiers | Description | |----------|----------------|------------|-------------| | **Name** | string | [key] | Indicates the name of the Keyboard Filter setting that this object represents. See the Remarks section for a list of valid setting names. | -| **Value** | string | [read, write] | Represents the value of the **Name** setting. The value is not case-sensitive.
See the Remarks section for a list of valid values for each setting. | +| **Value** | string | [read, write] | Represents the value of the **Name** setting. The value isn't case-sensitive.
See the Remarks section for a list of valid values for each setting. | ### Remarks @@ -44,18 +44,18 @@ The following table lists all settings available for Keyboard Filter. | Setting name | Description | |--------------|-------------| | **DisableKeyboardFilterForAdministrators** | This setting specifies whether Keyboard Filter is enabled or disabled for administrator accounts. Set to **true** to disable Keyboard Filter for administrator accounts; otherwise, set to **false**. Set to **true** by default. | -| **ForceOffAccessibility** | This setting specifies whether Keyboard Filter blocks users from enabling Ease of Access features. Set to **true** to force disabling the Ease of Access features. Set to **false** to allow enabling the Ease of Access features. Set to **false** by default.
Changing this setting to **false** does not automatically enable Ease of Access features; you must manually enable them. | +| **ForceOffAccessibility** | This setting specifies whether Keyboard Filter blocks users from enabling Ease of Access features. Set to **true** to force disabling the Ease of Access features. Set to **false** to allow enabling the Ease of Access features. Set to **false** by default.
Changing this setting to **false** doesn't automatically enable Ease of Access features; you must manually enable them. | | **BreakoutKeyScanCode** | This setting specifies the scan code of the key that enables a user to break out of an account that is locked down with Keyboard Filter. A user can press this key consecutively five times to switch to the Welcome screen.
By default, the BreakoutKeyScanCode is set to the scan code for the left Windows logo key. | One instance of the **WEKF_Settings** class exists for each valid setting. Changes to the **DisableKeyboardFilterForAdministrator** setting are applied when an administrator account signs in, and applies to all applications run during the user session. If a user without an administrator account runs an application as an administrator, Keyboard Filter is still enabled, regardless of the **DisableKeyboardFilterForAdministrator** setting. -Changes to the **BreakoutKeyScanCode** setting do not take effect until you restart the device. +Changes to the **BreakoutKeyScanCode** setting don't take effect until you restart the device. If the **BreakoutKeyScanCode** is set to the scan code for either the left Windows logo key or the right Windows logo key, both Windows Logo keys will work as the breakout key. -The **BreakoutKeyScanCode** setting only applies to accounts where Keyboard Filter is active. If the scan code is set to a value that does not map to any key, such as 0 (zero), then you must use another method to access the Welcome screen if you need to service the device, such as remotely connecting, or restarting the device if automatic sign-in is not enabled. +The **BreakoutKeyScanCode** setting only applies to accounts where Keyboard Filter is active. If the scan code is set to a value that doesn't map to any key, such as 0 (zero), then you must use another method to access the Welcome screen if you need to service the device, such as remotely connecting, or restarting the device if automatic sign-in isn't enabled. > [!IMPORTANT] > On some devices, if the breakout key is pressed too rapidly, the key presses may not register. We recommend that you include a slight pause between each breakout key press. @@ -90,17 +90,7 @@ $BreakoutMode.value = $HomeKeyScanCode $BreakoutMode.put() ``` -## Requirements - -| Windows Edition | Supported | -|:-----------------------|:---------:| -| Windows Home | No | -| Windows Pro | No | -| Windows Enterprise | Yes | -| Windows Education | Yes | -| Windows IoT Enterprise | Yes | - -## Related topics +## Related articles [Keyboard Filter WMI provider reference](keyboardfilter-wmi-provider-reference.md) From ca8b15f5c7c8728bd351304caf93a3404051151e Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 13 Jan 2025 15:11:29 -0500 Subject: [PATCH 34/91] Acrolinx --- windows/configuration/keyboard-filter/wekf-scancodeadd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/keyboard-filter/wekf-scancodeadd.md b/windows/configuration/keyboard-filter/wekf-scancodeadd.md index 02ae02c4f11..11742730380 100644 --- a/windows/configuration/keyboard-filter/wekf-scancodeadd.md +++ b/windows/configuration/keyboard-filter/wekf-scancodeadd.md @@ -36,7 +36,7 @@ Returns an HRESULT value that indicates [WMI non-error constant](/windows/win32/ **WEKF_Scancode.Add** creates a new **WEKF_Scancode** object and sets the **Enabled** property of the new object to **true**. -If a **WEKF_Scancode** object already exists with same *Modifiers* and *Scancode* properties, then **WEKF_Scancode.Add** returns an error code and doesn't create a new object or modify any properties of the existing object. If the existing **WEKF_Scancode** object has the **Enabled** property set to **false**, Keyboard Filter does not block the scan code. +If a **WEKF_Scancode** object already exists with same *Modifiers* and *Scancode* properties, then **WEKF_Scancode.Add** returns an error code and doesn't create a new object or modify any properties of the existing object. If the existing **WEKF_Scancode** object has the **Enabled** property set to **false**, Keyboard Filter doesn't block the scan code. ## Related articles From 2b69f6561aac30d21ea66cd993cb4460a6dfef06 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 13 Jan 2025 15:33:29 -0800 Subject: [PATCH 35/91] Update windows/deployment/do/mcc-isp-support.md add file type --- windows/deployment/do/mcc-isp-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-isp-support.md b/windows/deployment/do/mcc-isp-support.md index a2e165f1999..13bad4646a6 100644 --- a/windows/deployment/do/mcc-isp-support.md +++ b/windows/deployment/do/mcc-isp-support.md @@ -103,7 +103,7 @@ iotedge check -verbose You can now provision Microsoft Connected Cache for ISP on Ubuntu 22.04. If you have a cache node provisioned on Ubuntu 20.04, you will need to uninstall it first before updating to Ubuntu 22.04. Once you have updated the system, download the provisioning package from Azure portal and run the provisioning script on the portal. -For more information on provisioning cache node, visit, [Create, provision and deploy cache node](mcc-isp-create-provision-deploy#provision-your-server). +For more information on provisioning cache node, visit, [Create, provision and deploy cache node](mcc-isp-create-provision-deploy.md#provision-your-server).
From bb0d7e324da084f26d95b22e32e28933bd046583 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 13 Jan 2025 15:35:07 -0800 Subject: [PATCH 36/91] Update windows/deployment/do/mcc-isp-faq.yml extend ver to note --- windows/deployment/do/mcc-isp-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-isp-faq.yml b/windows/deployment/do/mcc-isp-faq.yml index 1e23e8c36db..66a7f6361fd 100644 --- a/windows/deployment/do/mcc-isp-faq.yml +++ b/windows/deployment/do/mcc-isp-faq.yml @@ -38,7 +38,7 @@ sections: - Ubuntu 22.04 LTS on a physical server or VM of your choice. > [!NOTE] - > The Microsoft Connected Cache is deployed and managed using Azure IoT Edge and Ubuntu 20.04 is an [Azure IoT Edge Tier 1 operating system](/azure/iot-edge/support?view=iotedge-2020-11#tier-1). Additionally, the Microsoft Connected Cache module is optimized for Ubuntu 20.04 LTS. + > The Microsoft Connected Cache is deployed and managed using Azure IoT Edge and Ubuntu 22.04 is an [Azure IoT Edge Tier 1 operating system](/azure/iot-edge/support?view=iotedge-2020-11#tier-1). Additionally, the Microsoft Connected Cache module is optimized for Ubuntu 22.04 LTS. The following are recommended hardware configurations: From e9c0cffae3cc3ab064df11119bd3822ecbe40984 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 13 Jan 2025 15:43:42 -0800 Subject: [PATCH 37/91] mcc-isp-ubuntu22-04 --- windows/deployment/do/mcc-isp-faq.yml | 2 +- windows/deployment/do/mcc-isp-signup.md | 2 +- windows/deployment/do/mcc-isp-support.md | 2 +- windows/deployment/do/mcc-isp-vm-performance.md | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/do/mcc-isp-faq.yml b/windows/deployment/do/mcc-isp-faq.yml index a5c2e9f7826..85313e19725 100644 --- a/windows/deployment/do/mcc-isp-faq.yml +++ b/windows/deployment/do/mcc-isp-faq.yml @@ -15,7 +15,7 @@ metadata: appliesto: - βœ… Windows 11 - βœ… Windows 10 - ms.date: 05/23/2024 + ms.date: 01/14/2025 title: Microsoft Connected Cache Frequently Asked Questions summary: | Frequently asked questions about Microsoft Connected Cache diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md index 284269f52ef..f96d907d1f1 100644 --- a/windows/deployment/do/mcc-isp-signup.md +++ b/windows/deployment/do/mcc-isp-signup.md @@ -13,7 +13,7 @@ appliesto: - βœ… Windows 11 - βœ… Windows 10 - βœ… Microsoft Connected Cache for ISPs -ms.date: 05/23/2024 +ms.date: 01/14/2024 --- # Operator sign up and service onboarding for Microsoft Connected Cache diff --git a/windows/deployment/do/mcc-isp-support.md b/windows/deployment/do/mcc-isp-support.md index dbced5230c6..88eaa2589cd 100644 --- a/windows/deployment/do/mcc-isp-support.md +++ b/windows/deployment/do/mcc-isp-support.md @@ -13,7 +13,7 @@ appliesto: - βœ… Windows 11 - βœ… Windows 10 - βœ… Microsoft Connected Cache for ISPs -ms.date: 05/23/2024 +ms.date: 01/14/2025 --- # Support and troubleshooting diff --git a/windows/deployment/do/mcc-isp-vm-performance.md b/windows/deployment/do/mcc-isp-vm-performance.md index f3d3079534d..6df9fd0b0bc 100644 --- a/windows/deployment/do/mcc-isp-vm-performance.md +++ b/windows/deployment/do/mcc-isp-vm-performance.md @@ -12,7 +12,7 @@ ms.reviewer: mstewart ms.collection: tier3 appliesto: - βœ… Microsoft Connected Cache for ISPs -ms.date: 05/23/2024 +ms.date: 01/14/2025 --- # Enhancing cache performance @@ -21,7 +21,7 @@ To make sure you're maximizing the performance of your cache node, review the fo #### OS requirements -The Microsoft Connected Cache module is optimized for Ubuntu 20.04 LTS. Install Ubuntu 20.04 LTS on a physical server or VM of your choice. +The Microsoft Connected Cache module is optimized for Ubuntu 22.04 LTS. Install Ubuntu 22.04 LTS on a physical server or VM of your choice. #### NIC requirements From 853422cb2a185334e8c93389bff7d684e0a6ce08 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 14 Jan 2025 09:16:45 -0800 Subject: [PATCH 38/91] Update windows/deployment/do/mcc-isp-faq.yml --- windows/deployment/do/mcc-isp-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-isp-faq.yml b/windows/deployment/do/mcc-isp-faq.yml index 66a7f6361fd..9c4f3fa9088 100644 --- a/windows/deployment/do/mcc-isp-faq.yml +++ b/windows/deployment/do/mcc-isp-faq.yml @@ -38,7 +38,7 @@ sections: - Ubuntu 22.04 LTS on a physical server or VM of your choice. > [!NOTE] - > The Microsoft Connected Cache is deployed and managed using Azure IoT Edge and Ubuntu 22.04 is an [Azure IoT Edge Tier 1 operating system](/azure/iot-edge/support?view=iotedge-2020-11#tier-1). Additionally, the Microsoft Connected Cache module is optimized for Ubuntu 22.04 LTS. + > The Microsoft Connected Cache is deployed and managed using Azure IoT Edge and Ubuntu 22.04 is an [Azure IoT Edge Tier 1 operating system](/azure/iot-edge/support#tier-1). Additionally, the Microsoft Connected Cache module is optimized for Ubuntu 22.04 LTS. The following are recommended hardware configurations: From 3eb07e7000a34accf6c4e24d2ecf68586ecd3985 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 14 Jan 2025 17:15:21 -0500 Subject: [PATCH 39/91] move --- .../custom-logon/images/customlogoncad.jpg | Bin 0 -> 14976 bytes windows/configuration/custom-logon/index.md | 142 +++++++ .../custom-logon/troubleshoot.md | 119 ++++++ .../shell-launcher/browser-support.md | 52 +++ windows/configuration/shell-launcher/index.md | 352 ++++++++++++++++++ .../shell-launcher/multi-app-kiosk.md | 44 +++ .../shell-launcher/single-app-kiosk.md | 43 +++ windows/configuration/shell-launcher/toc.yml | 24 ++ .../shell-launcher/wedl-assignedaccess.md | 150 ++++++++ .../shell-launcher/wesl-usersetting.md | 183 +++++++++ .../wesl-usersettinggetcustomshell.md | 86 +++++ .../wesl-usersettinggetdefaultshell.md | 66 ++++ .../wesl-usersettingisenabled.md | 50 +++ .../wesl-usersettingremovecustomshell.md | 54 +++ .../wesl-usersettingsetcustomshell.md | 86 +++++ .../wesl-usersettingsetdefaultshell.md | 66 ++++ .../wesl-usersettingsetenabled.md | 56 +++ windows/configuration/unbranded-boot/index.md | 166 +++++++++ 18 files changed, 1739 insertions(+) create mode 100644 windows/configuration/custom-logon/images/customlogoncad.jpg create mode 100644 windows/configuration/custom-logon/index.md create mode 100644 windows/configuration/custom-logon/troubleshoot.md create mode 100644 windows/configuration/shell-launcher/browser-support.md create mode 100644 windows/configuration/shell-launcher/index.md create mode 100644 windows/configuration/shell-launcher/multi-app-kiosk.md create mode 100644 windows/configuration/shell-launcher/single-app-kiosk.md create mode 100644 windows/configuration/shell-launcher/toc.yml create mode 100644 windows/configuration/shell-launcher/wedl-assignedaccess.md create mode 100644 windows/configuration/shell-launcher/wesl-usersetting.md create mode 100644 windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md create mode 100644 windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md create mode 100644 windows/configuration/shell-launcher/wesl-usersettingisenabled.md create mode 100644 windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md create mode 100644 windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md create mode 100644 windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md create mode 100644 windows/configuration/shell-launcher/wesl-usersettingsetenabled.md create mode 100644 windows/configuration/unbranded-boot/index.md diff --git a/windows/configuration/custom-logon/images/customlogoncad.jpg b/windows/configuration/custom-logon/images/customlogoncad.jpg new file mode 100644 index 0000000000000000000000000000000000000000..0f610d3b57f72ba5dd55d9ab78b0f1cc4dfa7b5f GIT binary patch literal 14976 zcmeHtXE{1p+xfgKr_H-qF~uXD+{A5^z98jhlP?%F?pNkPfP%)-jX%f~Mu zC?q8J-vPXU&qELCcjVpn4VciuB@)DZ)|RD zqYsaM9-o|I&dz`FMFbH4ldb>c?0@5nj=)h&g3hujxC`S9|qm)cMQp>#PU#$Iuv;P@mFaMu7`%lLHi?11gnwW?n zJYqTk1Ym691gdsbF>?YRa2maQ9zjfeWp#w>80OuDzMz(GNmiAWg?uzbD zO|f2gj_e(ekWV9h`_A6Hx^LIsz7ZFBlGw}bbvI{HsjpR?^<&{gU0DSi&O>L`BVMu0 ze_G^5*XRJ>sUOlsfjHHA1cMe<3qL`0D!X5KHPzus>{*1+I!6_Nh7LCi&V>!|Jc z@E+qk3#+#r8yDV?fez4hB_EE8rRE`y9o@#p_ltit%$5#^_@AZfa8viY53I#pc~wl; zc{?>E1>?G<*~yJ6xFy_77G)l!9T%Xv)@^^wJt@x={K-I#am44hTpdeK zMC16es6vlUmd-o&UQtAegQ9TWHPtIbB)-yT0SQXB8K^0mfxBNBZUq=7%3VC1V}_Se z2DnN6G;B>cdCpEFVk10l)+U-i-*9Ra8cNFpLj4I!X2Am~VNleEv9>dzWQ;#;Z}K_+ z1|FcK5hmOyD@I`cLZ{f0K!Q%SFePYNiwPx_BApU75m`m4zgB05{QNvlYQ14_6>6S3 zQTl2xhU*47JZSN~J4N;ReqeUYfo`(?C!IwJger^bx+PT|Z;l^_WrwQfz~?+3VX>9^ zR@E6ubp<*wz#YE=v22jqdS}Xj@h|%TCN9@PH3**O^7FMhrMdGk4e)a&*AM6 zuyM8YJ=XmF8@u>{tl;2x$u_IQRBu$|wX?02kWSFfPpwMOQDyKy>B+<03jbdTo@zi> z?eY2qmp@ogLYp*U!p`x4-o!>DT3d}YqFz~lCZwP3QSSA*2eKO;tN_W8DMG#?YT@+u0`;jw4<%9xO>5O!v&^EDp;q5?O3Fq-h3Kk?x$p~eZZOyU1CW- zB8~iNGf{ep#sl1GlXze$6A!RU(Qq9-LZDcqzI9NDxujkM>wv|i3Zkp5(FAUhS_EZ#AR%X;FVod;s4{a; zcu5mFDL!IWy&S;o&F7HiJS|Rt!E8n4as6hmR~WVgUh?6mMJRse%yl%SuG(g|u7H+w^e1_)y7N)3^Lh7E%|%RT87xC4h&)&6p#1OV+ zHaw`XY4-C%h{8yi6jrdVR-YD2i)PB^k!=b+-p%VcpJJ1~1#9rA^Ou7{4{3P&*>=$r_X z!viDJ4uqpcm=kyRKH+aM)|>N4#+;xualLpTVXE&CQ@MEei_;VysKO-U41>xT-xME~ zPI}@9hsB{9jPVE78Qn6!*HeI^HEnEc`p$7U{<_F9v6NG5F!rQ}s3%-S7kIdW#x~ z3Oqn-h*^Q1vF$=pY6L=iT=773Nr*Qd$gLp|NMg!~buP_9J7?+1vA5~AL1Xa18qe2O z18FytvZ_?4B}z zC3$G-W?V=aSv)h`y9MXGwy28==)UXD!3LqJ>+Mt+Qxkc1_EIiqMxJRxsH}8d&fuhz zW&X6m0frGu?xlyWKCQ+B?TpcQfHe=tk%t}t9sYA6I|&Q>4r}{M*qUH@QEza{ zqqv(IrDAPM*-TXPLfsYSYT!c53(Z>D*}98Y#Fu4d-|_}~Rx+5^A{3XScgvO%y~Z`z za^gcTqj`s;92(H{9yFAYSn!8HaD=-L%VECJ^}`;!!?^y>Kg{Aqw&~iGf@XC?5Y0b7 z@AL}3IS$9QRc?H>7TDD<2>J=73E@WS$F`9>5Hyc`KXPSHXy(G?FF*E*gv4T-nL0P6 zS;U7ePr7-*J8aGlhj!}gZ5Q%09?)xGj^U0|9498hH?mEiDyziO<4MzpdbfnTsgh+@ zjsEl!MBHvYKa$kPhXgg!Go*(w9$q-BT?h7h&$`TU^v-z>B?J%L6WH`v1bK=_=dfa+ zg^N07gyRp7GO{@HIPFqX z%Y7f@r*9FLSpmNsr-|pktCva_?|RzM7Y^xU_p8`5LNb+=VYKgE)u;{EO43{p4!)-_ zGvrl}$jY6voSVpod}#Jcc+mQdCWbrM<$6M9-B!!JZ{Bqd(!7iz#YxUl`BbcDCT0na*Cw_Fit4-OTL|0X!&6o75 zs>BT|D~u=wdoO1waU$ar-8rT6;0>eu`6=51YZ6ju{xsI*g+F+xk~G4Ey*LxXI49u; zRFG8DG3h*HGEHyc?B|;1IK^99B1*+euO~-yWSLOCH-%CvNB6JZ>$=vUepxBS>^f_X zs+hd&ZmlZwV44!=g^$m+9A9RS8ZZtTJ{YQ*9v^(oo~KzOF!vG>XfIK1mH=+ehUo-` zxm2+$(`*S^4G#s!oo3qp)h=To=w6L$}m|oPc+DV2W`XS8btuxs*5wc0 zCs6=PqsyS^FfR1*Wp`!x@@24f6C4=2nq8zDAR_OX_q?avOtkm5Pp{X>)>Dtmsly)~ zIn1=eHlen2^%ujEwo$D-p-j43A+pG;<8}z#x0GGC+APR^1L=i)s@JF(k}OSc_mxCy z+=%U8$_k+m4u?W$S7Z?5gIwE0xz=a(tzjWBi4a6lMtJSBo1eThPa-Zq|IA43VtavF zDESCU?Mhb_?cy6U%X zcHVV65{%l>Op>Z^Xc(84ikrV_9BH2*U0!bgs_y!y20w`_;m-P?DT!}*pb1xZbS!;d zNW*hkbX=95yIQhj?f)<_UG;m0bHjxtot+p5XI*I45U04{N%Gu2dmxN2z}u1;bXCdC zrPy7@2O`@&vfz5M6Hsi`8vnfJ$Ad3#(;Nlgt=ut>dO`#&p>2){OWXcX6fCV{QP)O3 zR5<&?V|3oKo#R84I2Om8tUD$(A4J%DdR55ySm}EzVzFtLo~jT3GJvRhh4~EZvjQcBW$G?8N%mK?1N5;o2oD@THFpA*7?@{$a z0VTmevGDxO3U6ijWo@P9zJ=Y(KDSt}!6{~)E3ABo!yl0%dy+!A_Kn*J(u*6eY-YXj zAle1@L}dNAl8N{7rTY&qi`lJZ$EGOerb|p?EYG2Xw`7^>=LF~bJK;yYQLO@yymtG= z3+Ao`uF=-s4RYo7l3|b4zy;gv+5x+U!NZS>3E;zVfByvQCd}SS+0R%nCGQpaw1u?; zd)i9tKjM}L(lS(1V_637h$-7UKGz@gSsoxxFbw-v@bS`Sqnh2Bv0(3xf5nfVpom2> z#NB1_S$=&KIBpNlN$;A;ZkA^qWzNxkz}qnH#sBIHW9ON=X6J)lbchoT=tr!^mXZLO71(oK86R8#yD^BSqk1X-;`Gqt!# z@%`vQxf`jEX4%Di7MRnmzI;gVx=bl%>q`sC7|tw9YRnc*+lH&2yRH1uFSXq4f2fa5 zepYiCk5v>aDXi#Ckmhzk3b)aiZywILjm&{VoxoR=DmH}9ytP~d6RQ1QT_++jp&>gF z)7AKr8CD%yv0y%DHE_d2M#qh`3pK0!w%9$Mw~41aJ7-ZJD$08}a5kE9-5HT*i0NFR zu{G2g7-ohPo*c67?HeLPZIBkG9?#bo9u2NW#|+#_tbHRXZz#(?Kc=jN>C|r;Rhx

BJhHN~u)oFy!IrE*Y$Uk%T(emN{vf&f#3zmU4}-CfU~Ia+sj;^l z({WMm_IGG?LuA2-ul{vg$l=CA)NqVQUCEQr6H=QijquE~s{2RRwN)R+I}TDiU=uo|7kAY;QFrP4A1Rqs?>yQG_IK5 zlaJ`$c!U$*XU-US%e6ym1sa}2VN*o3U%rJPRo{`)I8FEajC_BwU7vAwnW8cq51(G% z%$(S%VRS> zJ^Mm8yHJ1!A_c3U{=GOnfCrAtK%Un&7q^c=Z&pr6TbpSyhMA|QPoW3DZdxW|41@mL zjDV?JWprlIdyp6E&xy)EKG?T_F5&?k{GXE_c;Fv1aqvG7tN$C`^nc(LNFVI~2Oh`F zt&vchqQm!L=Z{y-Yzg^IBOBaa^5w7py<^M<>(KSk9`_O}w9@BWka>MFl=?yv(*28G zeOd#LuivcrrM6WG_M@PJ`oZrM38Z4Iu;+y2{XFQ;5vfp$W#}1`@8bDSLOMdN!loP# z(9mKE>;8G+zGZX6&Y4-Pcq~j!H@G-(%i29e0zR(9TCl@*8YAkfK2@>NJT6L;-yo?^ zt%nY*+2w4~;!DyTS&o&cWi*}{>Rll`?f^ye>!QV9NVV`k9;p;RroA?;U*r~)SYPPr zO_I!0a%<3;|E`GSfbboS$m%<$B3Jg1Jqq8GYg*4|rlwEFL$OKa3Pl0KEp;t>O}kpm zy9X<=;FReQS?D@Ee`+r+f#+EVI)8BA%0AFjN@cRoQBrK_Gb_Q1q7?42G5xTJO5Aq$ z9eSWEgp|2o6Iv466gRS%;$4;ne65u)^e2B} zmaH{(7+<!J~<7Sc0IPH z88^1`q_FT@mzYyqbGBQ*-zBN^kU~@Oq*CdfeXSXXo1t~k<$TcA)<*S~4sCjo>jX3a zdySBG{UTRkbOJ@wMk`TOd1Tg6753)#+vgZZXo5|*t=@&JZ(5LRz+ant^?5106ppKU zgo(V+dkk6pa=sCrHf7@pGE4bpo>YOnInr*4^KWgnrYpLD%rP(TK43CI@2hgfdivzYq!$dv4 z`xDOh2_1HU>JJwR?7$z2!NxFDBUS~5!N%hOq7{O2tZkNGzENZgb~{x_#yk$YO)xTj zEufVJ5GoJH%ozjPI26Z{C1ZutKPEd|>pVGD%vQnlB8l;U_-p8r5_DMuD+apGc^2|t z@5}qq`3YBT)cosxIltc52t{##P#>@kXd;4--PiVOR%sJ=FF}!N)_C8KY=u9D7TZcV zBVM2hr=DtYh{=?+4n;*_Q(|soLf6v$a3OWt+h&St9A9rm?iIniW`{%>Orz|6ho%0T zhTlWw|CYnwa`^vV2Uvfznt{MQ;VlRra9WJOv0$8*Z-Kj8h0yAW-bhce1@r^m8-!XK zo!0I9^_3>ZeZZVnJ9}!XEprdMUpi{zQ<4lLztEv~gxdoXo;kC-rw*0z*2xV^3q*sE ztXTy0R)-WQl;{oZL-Jo}b zDmL4hEhb?);1Y0vqEf2PIIZx&b$v-fWh;t`V92(h8Alb2$F$KPCusQM^}0lNFg2#R zI|$yB=sG1?oXKN+W?mRDBc>vxLDt{}N7@oYUBGN%V+xgd4ofYJeq|MWgSHFN6QWNY z;4k`KlesjeNv&(q-Jee}_qJ8*XytOUIQ?!yYM9!2SW-ITo4KLet7WkR?mNp7L9Iyl zF|nD)8kMm>NDa?3FwuWqAnH(sCnP!%FJ)k+=W+=PO~)isQTsOHYygI^{jvsZxm-&nc1PQPxv zy=I;iG{M%EsGbg$0y#7|MaHeZ_XTO6J)Mn5*BwcxIhpI1gPcpPjT6j-{l~L3#$6^Z z<0C=@`z7B0fq}&wfs4ma4rm#7g-pEMDWMJ~1*g`s@{gf)ZSV4m(Bd05(?!^;m{{+n z7PBtd1+q32F1Y{`1isPhQ$C~bz)|GFIFwx%HGzO+gfCj<{LyTYw41;wOR)7Xra95# za6Hi3c0Sp!5!aXmpA@Oko>4R_%DYFoa1-OL#cviT8d~+TOBhEcWkpVEVVv8xL{)E>}WFqEtSGhMtC4*v08SIC?5mvPymPf z(SS@w)yt$ZCo5LRMGCjqMFgX^87b-+<%IOKHdu%c_j%BrF`Mg+?D4n1-ihh9cZ$`M zmY_^Yp8PD|a;)cWwm$Az=e4e6x3q84c^q2sw11*gJBg!CNIg~0pi59LI3*>eMkmy7 zlKW5}N0;~rIw<~#AUPL;a)OqbCnfN}?RgD?+Xcf4{{($$Lz(N(-0WVsj&`p0TW*VL zl5UH_3Mg5*oxrYbU-&gUlvr#n-S2($$hc+Nj_ZJ|amZ3Ur^2S`^gKZG!s+qg9~ zgyU{*Sr+DKKb~IL%!DIO_OJRQJi}P^^~l*x-(Vl0{qqaRpDi#p5&}g^sv77|+G!ZA zQ8dK)J-56=DX(ao_Xc=lKSVmTVBRfKdD7F{%dy{9hMQy8uSer)QqIQ@RU=T07%aXL z;kN{xp0#K_{Jvv30;f@TjDHr(lPM~sLC%uG!1Se`A8^cppP_9FAfVpk#;FL@oK|dS zxzcu1weQ5)gtbC#{^h>;0yZ6EdUB-f5icp{#9Httsr*rKF`Ta=%(cWb!1IDoJ+m$3 zl>1lbJ;@3}ozS56dMLfpy$cD5&m)hB>ZvT<@k+}pOeS%zKQVK;w_miIFTGOtZr`%y z%Xxdk-vx@ckwQmzfc`pf_-pUGu0uzYXId^pPcURC|KrTi@-x0Wwlu7Ao!8`9q%q)l z*0h^MIjeHzPOhU7?q-M$UY2fz(wLWSKHN?G?rAcGZu5vup5j)>cTWt1?`+1obS4DEorgaRAC=hyv+M}3E64y@}(R_e2V-V!!xPC*_* zuy8(IO*IDHwH2Dr?}};2Vp}OgAZXM0GPm)~bH?nXmH@ZVV%36K*C4}reRnS!M8%0o z!hvdl_Yw7tw)JllvkjG)fRndq+jw||kEO1x%>+UvzzrHU(^4N^+<9-PqG?v;+3jo& zo(ww^RUxisAmA>&)*_CJLpAhnxpZ@=z3@j%Wsm9RhN|HO|05`p4b7d{R_!f&u**N+ zVkTNyr*k-N8rI)><1>mmDNJUQ(BRRN9GELI<9ou)Y%s5D$0Ir4GlCd>ky0c1R_ui^ zqlg?Ap?9NQ0uh>r@#x|B19gcjTbc)%pck_9H=9J1g-4ve*M%BxdNld&xp`AsJtn1B zqb{zIB)VDC=;%bP2%0`xwoO9ZgrZfuI20NjN+6{(I{lTah?hv6fpm{p=huirIr}j$ zd4Rr`@knF09}3P78->w;#r8#aD@3qH`NQ|R#$rA;B#Pg04sh-$EhdfU07x>?a>A@H zzty(hsR*xNt6Tjvr2YQQ$2qtD=6gn`Z*z9fz2w_hYLvpG1y)?YzSX>RN0l(M@(R6% zkJnl%Rv}JkF@mrpDG&=}r#QuKqA&Bi_v4bt36E?$rQaUA8)k;eU_}UGz zsyV%nr>by5i*B+h7WXi+vZ!{MTF$I@JZ>hrv3bs4i{%8A4op!JyVhT!kBnK#E`wk0o;M{7TDc?6f(z^YeylT8A#eoOG=%Wn8pi2d9^q^f4*tsg>a~Sax)c06W z7am}Oy!>`y)P%};akwe-s?&Ql(QtiRSSL86Fvc_T$z7>ZM_(E)^$%%xtf-JxJwvJ| zuPzIulW)1FnJReYBCYcL?p37Wf!Z$*ul!Ncl2IMO2}%848FB}+y-13%UJ+ItAcuo# zAUhhLQR@vZcR<@tPtbFGjjl*f(qwwda^qMNukT`-USUr9C;dkAU))<0*+Jy*=I`c zeLorXd(8w3C83b0&s^7$g1>%iO`L!CE}qpi$XfoAmUF@D4E=R@7CB~najwbXc^#3QSiO=UsKZ$tVlxdeu( zHzj08f8c@5=Vn{{SVpTAnP?OkN6DF26t}xyrNq1fjyhGof#$Ll@F*7Xf>YIa-6py2 z^wRZ1wg#HTf7PpMjs3B^P8YVsa1kam>tCU_6$tl53~wDUI+4D8;$#Hg#a4x;@2@#y zQ{mX;grBgPDGSVpHa6+x7@W|ApZ;}7=NCNiqe=d)ldD741z4xq$_g^V0FUHq$bNfY zbIO@)@QX}+0b1|ir2aAi@oYh%x$!%~2W3CgX*_~Z@xGXUfCsdiTBABv^qbyikBb=2 zt4N8gWk7>IMBX-*g`xh`kF&YmY*iI~5~R_sPch$L-`Qnzb7F55o^g#bV0afUDYLZ zn=gjuduA?%Gd8~uSSN!C{cj`Ce%4Du*>uY5^_PaUQCJ2)$bujADU! zpy3~v2g2f@hfh(U<0D3b82!E-+yJfSmf_f-=kA28nb}Vj)SZ8I1ZQmuLyz~&s71D9 zS0yMJczC$5byEMaU7P=`rHzm#~o>Wzdllqzw;{F>_+AIZ=cQgpg&Wo6y-N*N6v@ zWyxD=fodNvgSmMA1;2h%wl+%CR!A5j%S;$!*0$uSjfe>^b}t zJ`3-ubDuX3GbW)pz0a_%5O*-Lv@Ysu88asB>SYm7{t)|NMcxop;i-=tl613J9ot)d zon(<=oD$aTk(I|%_4->Qx6qKc&dqqklQ^Y@gbi9h#o76k)}kGD<`uIWs8$P+ETL?W zo#2HA+Z%z&$9n?v!J67LJar1(NKbyyA$bGA(Pzd3v3WT9P~rbJuMF^HK_c2PQ5NEt z_XwtX5_)!bs}1SYI9^XcCr7nmi)YZxv7*Pi*Db7OMVrc^0nRsm!z`y&Ba6vxD8u1t z=93(B0^4a)*bS^c`f7m(_(aid4c-vZ4ZL2ZLy8(OEa&^AP@FZbTxpXLP@3vP%Z}oK zD4&w$GVMaH$UhZ}mlfpV-mGWa*aQzLy9|A;tn$2oN#{Vuy8^$7LFUG%P2S|{G5NX` z3yimMJ&H>(6P+(lZsNVngFY!spXdJ~9%CqLKT^Vt2ZSd1u~JjJx4CBt9ydQyeM}-T zya-3Lv#j(;u8IoB3*)stk{u-2wKh6JuO){t`UcBS$YT(WBKnNe1lq2P2Ry5Y!hSG; zsCPq%^Dt#<<5)76V8@XineQm1pjzga>UWiVB8;Bz=vO(LPiwpnD;Ugn-V=YB29vEC z%LNFmpD+Y|4qROm{`S0tZ}r&ot1e79$HhEh>ZVed(A*(>x4ceUXrM5bP^q`I5B!(! Mxc}jfC&N$w8}Fr;M*si- literal 0 HcmV?d00001 diff --git a/windows/configuration/custom-logon/index.md b/windows/configuration/custom-logon/index.md new file mode 100644 index 00000000000..2c48c05b62a --- /dev/null +++ b/windows/configuration/custom-logon/index.md @@ -0,0 +1,142 @@ +--- +title: Custom Logon +description: Custom Logon +MSHAttr: +- 'PreferredSiteName:MSDN' +- 'PreferredLib:/library/windows/hardware' +ms.assetid: aaf4ddd3-eac4-4c60-90c8-38837078c43b +author: sydbruck +ms.author: sybruckm +ms.service: windows-iot +ms.subservice: iot +ms.date: 03/05/2024 +ms.topic: article + + +--- +# Custom Logon + +You can use the Custom Logon feature to suppress WindowsΒ UI elements that relate to the Welcome screen and shutdown screen. For example, you can suppress all elements of the Welcome screen UI and provide a custom logon UI. You can also suppress the Blocked Shutdown Resolver (BSDR) screen and automatically end applications while the OS waits for applications to close before a shutdown. + +Custom Logon settings don't modify the credential behavior of **Winlogon**, so you can use any credential provider that is compatible with WindowsΒ 10 to provide a custom sign-in experience for your device. For more information about creating a custom logon experience, see [Winlogon and Credential Providers](/windows/win32/secauthn/winlogon-and-credential-providers). + +## Requirements + +Custom Logon can be enabled on: + +- WindowsΒ 10 Enterprise +- Windows 10 IoT Enterprise +- WindowsΒ 10 Education +- Windows 11 Enterprise +- Windows 11 IoT Enterprise +- Windows 11 Education + +## Terminology + +**Turn on, enable:** To make the feature available and optionally apply settings to the device. Generally *turn on* is used in the user interface or control panel, whereas *enable* is used for command line. + +**Configure:** To customize the setting or subsettings. + +**Embedded Logon:** This feature is called Embedded Logon in WindowsΒ 10, version 1511. + +**Custom Logon:** This feature is called Custom Logon in WindowsΒ 10, version 1607 and later. + +## Turn on Custom Logon + +Custom Logon is an optional component and isn't turned on by default in WindowsΒ 10. It must be turned on prior to configuring. You can turn on and configure Custom Logon in a customized WindowsΒ 10 image (.wim) if MicrosoftΒ Windows hasn't been installed. If Windows has already been installed and you're applying a provisioning package to configure Custom Logon, you must first turn on Custom Logon in order for a provisioning package to be successfully applied. + +The Custom Logon feature is available in the Control Panel. You can set Custom Logon by following these steps: + +### Turn on Custom Logon in Control Panel + +1. In the Windows search bar, type **Turn Windows features on or off** and either press **Enter** or tap or select **Turn Windows features on or off** to open the **Windows Features** window. +1. In the **Windows Features** window, expand the **Device Lockdown** node, and select (to turn on) or clear (to turn off) the checkbox for **Custom Logon**. +1. Select **OK**. The **Windows Features** window indicates that Windows is searching for required files and displays a progress bar. Once found, the window indicates that Windows is applying the changes. When completed, the window indicates the requested changes are completed. + +### Turn on Custom Logon using DISM + +1. Open a command prompt with administrator rights. +1. Enable the feature using the following command. + + ```cmd + dism /online /enable-feature /featureName:Client-EmbeddedLogon + ``` + +## Configure Custom Logon + +### Configure Custom Logon settings using Unattend + +You can configure the Unattend settings in the [Microsoft-Windows-Embedded-EmbeddedLogon](/windows-hardware/customize/desktop/unattend/microsoft-windows-embedded-embeddedlogon) component to add custom logon features to your image during the design or imaging phase. You can manually create an Unattend answer file or use Windows System Image Manager (Windows SIM) to add the appropriate settings to your answer file. For more information about the custom logon settings and XML examples, see the settings in Microsoft-Windows-Embedded-EmbeddedLogon. + +The following example shows how to disable all Welcome screen UI elements and the **Switch user** button. + +```xml + + + 17 + 1 + 1 + 1 + 1 + + +``` + +### Remove buttons from Logon screen + +To remove buttons from the Welcome screen, set the appropriate value for **BrandingNeutral** in the following registry key: + +```text +HKLM\Software\Microsoft\Windows Embedded\EmbeddedLogon +``` + +1. Make sure you have enabled Custom Logon following the instructions in [Turn on Custom Logon](#turn-on-custom-logon). +1. In the Windows search bar, type "Registry Editor" to open the **Registry Editor** window. +1. Use the file navigation in the left pane to access **HKLM\Software\Microsoft\Windows Embedded\EmbeddedLogon**. +1. In the right pane, right click on **BrandingNeutral** and select **Modify**. +1. Select the correct **Base** and enter the value for your desired customizations according to the following table, and click **OK** to apply the changes. + +> [!NOTE] +> Changing the **Base** of **BrandingNeutral** will automatically convert the value field to the selected base. To ensure you are getting the correct value, select the base before entering the value. + +The following table shows the possible values. To disable multiple Logon screen UI elements together, you can select the **Decimal** base when modifying the **BrandingNeutral** value, and combine actions by adding the decimal values of the desired actions and inputting the sum as the value of **BrandingNeutral**. For example, to disable the Power button and the Language button, select the decimal option for the base, then add the decimal values of each, in this case 2 and 4 respectively, and input the total (6) as the value for **BrandingNeutral**. + +| Action |Description| Registry value (Hexadecimal) | Registry value (Decimal)| +|--------|------------|----|---| +| Disable all Logon screen UI elements |Disables the Power, Language, and Ease of Access buttons on the Logon and Ctrl+Alt+Del screens. |`0x1` | 1| +| Disable the Power button |Disables the Power button on the Logon and Ctrl+Alt+Del screens.|`0x2` |2| +| Disable the Language button |Disables the Language button on the Logon and Ctrl+Alt+Del screens.|`0x4` |4| +| Disable the Ease of Access button |Disables the Ease of Access button on the Logon and Ctrl+Alt+Del screens.|`0x8` |8| +| Disable the Switch user button |Disables the Switch User button from the Ctrl+Alt+Del screen, preventing a user from switching accounts. | `0x10` |16| +|Disable the Blocked Shutdown Resolver (BSDR) screen|Disables the Blocked Shutdown Resolver (BSDR) screen so that restarting or shutting down the system causes the OS to immediately force close any open applications that are blocking system shut down. No UI is displayed, and users aren't given a chance to cancel the shutdown process. | `0x20` |32| + +In the following image of the `[ctrl + alt + del]` screen, you can see the Switch user button highlighted by a light green outline, the Language button highlighted by an orange outline, the Ease of Access button highlighted by a red outline, and the power button highlighted by a yellow outline. If you disable these buttons, they're hidden from the UI. + +![custom logon screen](images/customlogoncad.jpg) + +You can remove the Wireless UI option from the Welcome screen by using Group Policy. + +### Remove Wireless UI from Logon screen + +You use the following steps to remove Wireless UI from the Welcome screen + +1. From a command prompt, run gpedit.msc to open the Local Group Policy Editor. +1. In the Local Group Policy Editor, under **Computer Configuration**, expand **Administrative Templates**, expand **System**, and then tap or click **Logon**. +1. Double-tap or click **Do not display network selection UI**. + +## Additional Customizations + +The following table shows additional customizations that can be made using registry keys. + +|Action |Path |Registry Key and Value | +|---------|---------|---------| +|Hide Autologon UI |HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Embedded\EmbeddedLogon |`HideAutoLogonUI = 1`| +|Hide First Logon Animation |HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Embedded\EmbeddedLogon |`HideFirstLogonAnimation = 1` | +|Disable Authentication Animation |HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI |`AnimationDisabled = 1` | +|Disable Lock Screen | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization |`NoLockScreen = 1` | + +## Related articles + +- [Troubleshooting Custom Logon](troubleshooting-custom-logon.md) +- [Unbranded Boot](unbranded-boot.md) +- [Shell Launcher](shell-launcher.md) \ No newline at end of file diff --git a/windows/configuration/custom-logon/troubleshoot.md b/windows/configuration/custom-logon/troubleshoot.md new file mode 100644 index 00000000000..7b592d9ce69 --- /dev/null +++ b/windows/configuration/custom-logon/troubleshoot.md @@ -0,0 +1,119 @@ +--- +title: Troubleshooting Custom Logon +description: Troubleshooting Custom Logon +MSHAttr: +- 'PreferredSiteName:MSDN' +- 'PreferredLib:/library/windows/hardware' +ms.assetid: 5763E187-D09E-415D-B73C-BDD6BAB67E04 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 05/02/2017 +ms.topic: article + + +--- +# Troubleshooting Custom Logon + +This section highlights some common issues that you may encounter when using Custom Logon. + +## When automatic sign-in is enabled, the device asks for a password when resuming from sleep or hibernate + +This can occur when your device is configured to require a password when waking up from a sleep state. + +### To disable password protection on wake-up + +1. If you have write filters enabled on your device, perform the following steps to disable them so that you can save setting changes: + + 1. At an administrator command prompt, type the following command: + + ```cmd + uwfmgr.exe filter disable + ``` + + 1. To restart the device, type the following command: + + ```cmd + uwfmgr.exe restart + ``` + +1. In **Contol Panel**, search for **Power Options** , and then select the Power Options heading. + +1. Under the **Power Options** heading, select **Require a password on wake up**. + +1. On the **Define power buttons and turn on password protection** page, under **Password protection on wakeup**, select **Don’t require a password**. + +1. If you have disabled write filters, perform the following steps to enable them again: + + 1. At an administrator command prompt, type the following command: + + ```cmd + uwfmgr.exe filter enable + ``` + + 1. To restart the device, type the following command: + + ```cmd + uwfmgr.exe restart + ``` + +## The device displays a black screen during setup + +Set the **HideAutoLogonUI** and **AnimationDisabled** settings to **0** (zero). The device will then display a default screen during setup. + +## The device displays a black screen when Ctrl+Alt+Del is pressed + +**HideAutoLogonUI** and**ForceAutoLogon** have known issues when used together. To avoid a black screen, we recommend you use Keyboard Filter to block this key combination. + +## The device displays a black screen when Windows key + L is used to lock the device + +**HideAutoLogonUI** and **ForceAutoLogon** have known issues when used together. To avoid a black screen, we recommend you use Keyboard Filter to block this key combination. + +### The device displays a black screen when Notepad is opened, any characters are typed and the current user signs out, or the device is rebooted, or the device is shut down + +**HideAutoLogonUI** and **ForceAutoLogon** have known issues when used together. To avoid a black screen, we recommend you disable the Blocked Shutdown Resolver Screen (BSDR). + +> [!WARNING] +> When the BSDR screen is disabled, restarting or shutting down the device causes the OS to immediately force close any open applications that are blocking system shutdown. No UI is displayed, and users are not given a chance to cancel the shutdown process. This can result in lost data if any open applications have unsaved data. + +## The device displays a black screen when the device is suspended and then resumed + +**HideAutoLogonUI** and **ForceAutoLogon** have known issues when used together. To avoid a black screen, we recommend you disable the password protection on wake up. + +### To disable password protection on wake up + +1. In **Control Panel**, select **Power Options**. + +1. In the **Power Options** item, select **Require a password on wake up**. + +1. On the **Define power buttons and turn on password protection** page, under **Password protection on wake up**, select **Don’t require a password**. + +### The device displays a black screen when a password expiration screen is displayed + +**HideAutoLogonUI** has a known issue. To avoid a black screen, we recommend you set the password to never expire. + +### To set a password to never expire on an individual user account + +1. On your device, open a command prompt with administrator privileges. + +1. Type the following, replacing *<accountname>* with the name of the account you want to remove the password expiration from. + + ```cmd + net accounts /expires:never + ``` + +### To set passwords to never expire on all user accounts + +1. On your device, open a command prompt with administrator privileges. + +1. Type the following + + ```cmd + net accounts /MaxPWAge:unlimited + ``` + +## Related articles + +- [Custom Logon](custom-logon.md) +- [Complementary features to Custom Logon](complementary-features-to-custom-logon.md) diff --git a/windows/configuration/shell-launcher/browser-support.md b/windows/configuration/shell-launcher/browser-support.md new file mode 100644 index 00000000000..58b1ab37152 --- /dev/null +++ b/windows/configuration/shell-launcher/browser-support.md @@ -0,0 +1,52 @@ +--- +title: Browser Support +author: TerryWarwick +ms.author: twarwick +ms.date: 03/30/2023 +ms.topic: article +ms.service: windows-iot +ms.subservice: iot +description: Learn about browser support in Kiosk Mode +keywords: Lockdown, Kiosks, Kiosk Mode, Browser +--- + +# Browser Support + +Today, you can use two browsers, Internet Explorer 11 and [Microsoft Edge](/deployedge/microsoft-edge-configure-kiosk-mode) to create an assigned access single-app or multi-app kiosk experience. + +## Microsoft Edge Kiosk Mode + +> Available for LTSC starting in [Windows 10 IoT Enterprise 2021 LTSC](/windows/iot/iot-enterprise/whats-new/Windows-10-IoT-Enterprise-LTSC-2021) + +[Microsoft Edge kiosk mode](/deployedge/microsoft-edge-configure-kiosk-mode) offers two lockdown experiences of the browser so organizations can create, manage, and provide the best experience for their customers. The following lockdown experiences are available: + +* Digital/Interactive Signage experience - Displays a specific site in full-screen mode. +* Public-Browsing experience - Runs a limited multi-tab version of Microsoft Edge. + +Both experiences are running a Microsoft Edge InPrivate session, which protects user data. + +## Internet Explorer 11 + +[Internet Explorer 11](/internet-explorer/internet-explorer) will be considered a legacy browser, in subsequent releases. + +In anticipation of that, you can use [Internet Explorer (IE) mode](/deployedge/edge-ie-mode) on Microsoft Edge. IE mode allows you to run legacy web apps as well as modern web apps in a single browser. + +> [!NOTE] +> For in-support Windows 10 IoT Enterprise [Semi-Annual Channel (SAC) releases](/lifecycle/products/windows-10-iot-enterprise), Internet Explorer 11 will reach end of support on June 15, 2022. +> +> Internet Explorer 11 follows the Long-Term-Servicing-Channel (LTSC) Lifecycle for [Windows 10 IoT Enterprise LTSC](/lifecycle/products/?terms=Windows%2010%20IoT%20Enterprise%20LTSC) products. + +## Supported Versions + +| Browser | ![Internet Explorer 11](./media/IE11.png) | ![Microsoft Edge Legacy](./media/Microsoft-Edge-Legacy.png) | ![New Microsoft Edge](./media/Microsoft-Edge-New.png) | +|--|--|--|--| +| OS Release | [IE11 App](/internet-explorer/internet-explorer) | [Edge Browser - Legacy](/deployedge/microsoft-edge-kiosk-mode-transition-plan) | [New Edge Browser](/deployedge/microsoft-edge-configure-kiosk-mode) | +| Windows 10 IoT Enterprise LTSC 2019 | [Follows OS Release Support Lifecycle](/lifecycle/products/windows-10-iot-enterprise-ltsc-2019) | No browser security updates after March, 9, 2021 (removed where applicable). In-box engine supported until OS EOL | Edge and WebView2 Runtime not in-box (requires app migration from EdgeHTML) | +| Windows 10 IoT Enterprise, version 21H2 | End of support June 15, 2022 | Removed & replaced with New Edge Browser in May 2021 Update | Included in-box or installed with May 2021 Update | +| Windows 10 IoT Enterprise LTSC 2021 | [Follows OS Release Support Lifecycle](/lifecycle/products/windows-10-iot-enterprise-ltsc-2021) | Not included | Microsoft Edge included in-box and follows [Modern Lifecycle Policy](/lifecycle/policies/modern) | +| Windows 11 IoT Enterprise | N/A | N/A | Microsoft Edge included in-box and follows [Modern Lifecycle Policy](/lifecycle/policies/modern) | + +## Additional Resources + +* [Configure Microsoft Edge kiosk mode](/deployedge/microsoft-edge-configure-kiosk-mode) +* [Plan your kiosk mode transition](/deployedge/microsoft-edge-kiosk-mode-transition-plan) diff --git a/windows/configuration/shell-launcher/index.md b/windows/configuration/shell-launcher/index.md new file mode 100644 index 00000000000..3d75d24ce74 --- /dev/null +++ b/windows/configuration/shell-launcher/index.md @@ -0,0 +1,352 @@ +--- +title: Shell Launcher +description: Shell Launcher +MSHAttr: +- 'PreferredSiteName:MSDN' +- 'PreferredLib:/library/windows/hardware' +ms.assetid: c65f1400-9d2a-406e-8b43-74eaafb0ccae +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.date: 06/07/2018 +ms.topic: article + + +--- +# Shell Launcher + +Using Shell Launcher, you can configure a kiosk device to use almost any application or executable as your custom shell. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. + +You can also configure Shell Launcher to launch different shell applications for different users or user groups. + +There are a few exceptions to the applications and executables you can use as a custom shell: + +- You can't use the following executable as a custom shell: `C:\\Windows\\System32\\Eshell.exe`. Using Eshell.exe as the default shell will result in a blank screen after user signs in. +- You can't use a Universal Windows app as a custom shell. +- You can't use a custom shell to launch Universal Windows apps, for example, the Settings app. +- You can't use an application that launches a different process and exits as a custom shell. For example, you can't specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher isn't aware of the newly created wordpad.exe process, Shell Launcher takes action based on the exit code of **Write.exe**, and restart the custom shell. +- You can't prevent the system from shutting down. For Shell Launcher V1 and V2, you can't block the session ending by returning FALSE upon receiving the [WM_QUERYENDSESSION](/windows/win32/shutdown/wm-queryendsession) message in a graphical application or returning FALSE in the [handler routine](/windows/console/handlerroutine) that is added through the [SetConsoleCtrlHandler](/windows/console/setconsolectrlhandler) function in a console application. + +> [!NOTE] +> You cannot configure both Shell Launcher and assigned access on the same system. +> +> Use **Shell Launcher V2**, you can specify a Universal Windows app as a custom shell. Check [Use Shell Launcher to create a Windows 10 kiosk](/windows/configuration/kiosk-shelllauncher) for the differences between Shell Launcher v1 and Shell Launcher V2. + +Shell Launcher processes the **Run** and **RunOnce** registry keys before starting the custom shell, so your custom shell doesn’t need to handle the automatic startup of other applications and services. + +Shell Launcher also handles the behavior of the system when your custom shell exits. You can configure the shell exit behavior if the default behavior doesn't meet your needs. + +Methods of controlling access to other desktop applications and system components can be used in addition to using the Shell Launcher such as, [Group Policy](https://www.microsoft.com/download/details.aspx?id=25250), [AppLocker](/windows/iot/iot-enterprise/customize/application-control#applocker), and [Mobile Device Management](/windows/client-management/mdm/) + +> [!NOTE] +> +> In Shell Launcher v1, available in Windows 10, you can only specify a Windows desktop application as the replacement shell. In Shell Launcher v2, available in Windows 10, version 1809 and above, you can also specify a UWP app as the replacement shell. +> +> To use Shell Launcher v2 in version 1809, you need to install the [KB4551853 update](https://support.microsoft.com/topic/may-12-2020-kb4551853-os-build-17763-1217-c2ea33f7-4506-dd13-2739-d9c7bb80b26d). + +## Differences between Shell Launcher v1 and Shell Launcher v2 + +Shell Launcher v1 replaces ```explorer.exe```, the default shell, with ```eshell.exe```, which can launch a Windows desktop application. +Shell Launcher v2 replaces ```explorer.exe``` with ```customshellhost.exe```. This new executable file can launch a Windows desktop application or a UWP app. +In addition to allowing you to use a UWP app for your replacement shell, Shell Launcher v2 offers more enhancements: + +- You can use a custom Windows desktop application that can then launch UWP apps, such as Settings and Touch Keyboard. +- From a custom UWP shell, you can launch secondary views and run on multiple monitors. +- The custom shell app runs in full screen, and can run other apps in full screen on user’s demand. +For sample XML configurations for the different app combinations, see [Samples for Shell Launcher v2](https://github.com/microsoft/Windows-IoT-Samples/tree/master/samples/ShellLauncher/ShellLauncherV2). + +## Requirements + +Windows 10 Enterprise or Windows 10 Education. + +## Terminology + +- **Turn on, enable:** To make the setting available to the device and optionally apply the settings to the device. +- **Configure:** To customize the setting or subsettings. +- **Embedded Shell Launcher:** This feature is called Embedded Shell Launcher in Windows 10, version 1511. +- **Custom Shell Launcher:** This feature is called Shell Launcher in Windows 10, version 1607 and later. + +## Turn on Shell Launcher + +Shell Launcher is an optional component and isn't turned on by default in Windows 10. It must be turned on prior to configuring. You can turn on and configure Shell Launcher in a customized Windows 10 image (.wim) if Microsoft Windows hasn't been installed. If Windows has already been installed, you must turn on Shell Launcher before applying a provisioning package to configure Shell Launcher. + +### Enable Shell Launcher using Control Panel + +1. In the **Search the web and Windows** field, type **Programs and Features** and either press **Enter** or tap or select **Programs and Features** to open it. +1. In the **Programs and Features** window, select **Turn Windows features on or off**. +1. In the **Windows Features** window, expand the **Device Lockdown** node, select or clear the checkbox for **Shell Launcher**, and then select **OK.** +1. The **Windows Features** window indicates that Windows is searching for required files and displays a progress bar. Once found, the window indicates that Windows is applying the changes. When completed, the window indicates the requested changes are completed. +1. Select **Close** to close the **Windows Features** window. + +> [!NOTE] +> Turning on Shell Launcher does not require a device restart. + +### Enable Shell Launcher by calling WESL_UserSetting + +1. Enable or disable Shell Launcher by calling the WESL_UserSetting.SetEnabled function in the Windows Management Instrumentation (WMI) class WESL_UserSetting. +1. If you enable or disable Shell Launcher using WESL_UserSetting, the changes don't affect any sessions that are currently signed in; you must sign out and sign back in. + +This example uses a Windows image called install.wim, but you can use the same procedure to apply a provisioning package (for more information on DISM, see [What Is Deployment Image Servicing and Management](/windows-hardware/manufacture/desktop/what-is-dism). + +### Enable Shell Launcher using DISM + +1. Open a command prompt with administrator privileges. +1. Copy install.wim to a temporary folder on hard drive (in the following steps, we assume it's called C:\\wim). +1. Create a new directory. + + ```CMD + md c:\wim + ``` + +1. Mount the image. + + ```CMD + dism /mount-wim /wimfile:c:\bootmedia\sources\install.wim /index:1 /MountDir:c:\wim + ``` + +1. Enable the feature. + + ```CMD + dism /image:c:\wim /enable-feature /all /featureName:Client-EmbeddedShellLauncher + ``` + +1. Commit the change. + + ```CMD + dism /unmount-wim /MountDir:c:\wim /Commit + ``` + +### Enable Shell Launcher using Windows Configuration Designer + +The Shell Launcher settings are also available as Windows provisioning settings so you can configure these settings to be applied during the image runtime. You can set one or all Shell Launcher settings by creating a provisioning package using Windows Configuration Designer and then applying the provisioning package during image deployment time or runtime. If Windows hasn't been installed and you're using Windows Configuration Designer to create installation media with settings for Shell Launcher included in the image or you're applying a provisioning package during setup, you must enable Shell Launcher on the installation media with DISM in order for a provisioning package to successfully apply. + +Use the following steps to create a provisioning package that contains the ShellLauncher settings. + +1. Build a provisioning package in Windows Configuration Designer by following the instructions in [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package). +1. In the **Available customizations** page, select **Runtime settings** > **SMISettings** > **ShellLauncher**. +1. Set the value of **Enable** to **ENABLE**. More options to configure Shell Launcher appears, and you can set the values as desired. +1. Once you have finished configuring the settings and creating the provisioning package, you can apply the package to the image deployment time or runtime. See the [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) for more information. The process for applying the package to a Windows 10 Enterprise image is the same. + +## Configure Shell Launcher + +There are two ways you can configure Shell Launcher: + +1. In Windows 10, version 1803, you can configure Shell Launcher using the **ShellLauncher** node of the Assigned Access Configuration Service Provider (CSP). See [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp) for details. Configuring Shell Launcher using this method also automatically enables Shell Launcher on the device, if the device supports it. +1. Use the Shell Launcher WMI providers directly in a PowerShell script or application. + +You can configure the following options for Shell Launcher: + +- Enable or disable Shell Launcher. +- Specify a shell configuration for a specific user or group. +- Remove a shell configuration for a specific user or group. +- Change the default shell configuration. +- Get information on a shell configuration for a specific user or group. + +Any changes don't take effect until a user signs in. + +## Launch different shells for different user accounts + +By default, Shell Launcher runs the default shell, which is specified when you create the OS image at design time. The default shell is set to Cmd.exe, but you can specify any executable file to be the default shell. + +You can configure Shell Launcher to launch a different shell for specific users or groups if you don't want to run the default shell. For example, you might configure a device to run a custom application shell for guest accounts, but run the standard Windows Explorer shell for administrator accounts in order to service the device. + +If you use the WMI providers to configure Shell Launcher for a user or group at run time, you must use the security identifier (SID) for that user or group; you can't use the user name or group name. + +For more information about common security identifiers, see [Well-known SIDs](/windows/win32/secauthz/well-known-sids). + +When the current signed in account belongs to two or more groups that have different configurations defined for each group, Shell Launcher uses the first configuration it finds. The search order isn't defined, so we recommend that you avoid assigning a user to multiple groups with different Shell Launcher configurations. + +## Perform an action when the shell exits + +When a custom shell exits, Shell Launcher can perform one of four actions: + +|Action|Description| +|:---:|:---| +|0|Restart the shell.| +|1|Restart the device.| +|2|Shut down the device.| +|3|Do nothing.| + +> [!IMPORTANT] +> Make sure that your shell application does not automatically exit and is not automatically closed by any features such as Dialog Filter, as this can lead to an infinite cycle of exiting and restarting, unless the return code action is set to do nothing. + +### Default return code action + +You can define a default return code action for Shell Launcher with the DefaultReturnCodeAction setting. If you don't change the initial value, the default return code action is set to 0 (zero), which indicates that Shell Launcher restarts the shell when the shell exits. + +### Map the exit code to a Shell Launcher action + +Shell Launcher can take a specific action based on the exit code returned by the shell. For any given exit code returned by the shell, you can configure the action that Shell Launcher takes by mapping that exit code to one of the shell exit actions. + +If the exit code doesn't match a defined value, Shell Launcher performs the default return code action. + +For example, your shell might return exit code values of -1, 0, 1, or 255 depending on how the shell exits. You can configure Shell Launcher to: + +- restart the device (1) when the shell returns an exit code of value -1 +- restart the shell (0) when the shell returns an exit code of value 0 +- do nothing (3) when the shell returns an exit code of value 1 +- shut down the device (2) when the shell returns an exit code of value 255 + +Your custom return code action mapping would look like this: + +|Exit code|Action| +|:----:|----| +|-1|1 (restart the device)| +|0|0 (restart the shell)| +|1|3 (do nothing)| +|255|2 (shut down the device)| + +## Set your custom shell + +Modify the following PowerShell script as appropriate and run the script on the device. + +```PowerShell +# Check if shell launcher license is enabled +function Check-ShellLauncherLicenseEnabled +{ + [string]$source = @" +using System; +using System.Runtime.InteropServices; + +static class CheckShellLauncherLicense +{ + const int S_OK = 0; + + public static bool IsShellLauncherLicenseEnabled() + { + int enabled = 0; + + if (NativeMethods.SLGetWindowsInformationDWORD("EmbeddedFeature-ShellLauncher-Enabled", out enabled) != S_OK) { + enabled = 0; + } + return (enabled != 0); + } + + static class NativeMethods + { + [DllImport("Slc.dll")] + internal static extern int SLGetWindowsInformationDWORD([MarshalAs(UnmanagedType.LPWStr)]string valueName, out int value); + } + +} +"@ + + $type = Add-Type -TypeDefinition $source -PassThru + + return $type[0]::IsShellLauncherLicenseEnabled() +} + +[bool]$result = $false + +$result = Check-ShellLauncherLicenseEnabled +"`nShell Launcher license enabled is set to " + $result +if (-not($result)) +{ + "`nThis device doesn't have required license to use Shell Launcher" + exit +} + +$COMPUTER = "localhost" +$NAMESPACE = "root\standardcimv2\embedded" + +# Create a handle to the class instance so we can call the static methods. +try { + $ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting" + } catch [Exception] { + write-host $_.Exception.Message; + write-host "Make sure Shell Launcher feature is enabled" + exit + } + + +# This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group. + +$Admins_SID = "S-1-5-32-544" + +# Create a function to retrieve the SID for a user account on a machine. + +function Get-UsernameSID($AccountName) { + + $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName) + $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier]) + + return $NTUserSID.Value +} + +# Get the SID for a user account named "Cashier". Rename "Cashier" to an existing account on your system to test this script. + +$Cashier_SID = Get-UsernameSID("Cashier") + +# Define actions to take when the shell program exits. + +$restart_shell = 0 +$restart_device = 1 +$shutdown_device = 2 +$do_nothing = 3 + +# Examples. You can change these examples to use the program that you want to use as the shell. + +# This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed. + +$ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device) + +# Display the default shell to verify that it was added correctly. + +$DefaultShellObject = $ShellLauncherClass.GetDefaultShell() + +"`nDefault Shell is set to " + $DefaultShellObject.Shell + " and the default action is set to " + $DefaultShellObject.defaultaction + +# Set Internet Explorer as the shell for "Cashier", and restart the machine if Internet Explorer is closed. + +$ShellLauncherClass.SetCustomShell($Cashier_SID, "c:\program files\internet explorer\iexplore.exe www.microsoft.com", ($null), ($null), $restart_shell) + +# Set Explorer as the shell for administrators. + +$ShellLauncherClass.SetCustomShell($Admins_SID, "explorer.exe") + +# View all the custom shells defined. + +"`nCurrent settings for custom shells:" +Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select Sid, Shell, DefaultAction + +# Enable Shell Launcher + +$ShellLauncherClass.SetEnabled($TRUE) + +$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled() + +"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled + +# Remove the new custom shells. + +$ShellLauncherClass.RemoveCustomShell($Admins_SID) + +$ShellLauncherClass.RemoveCustomShell($Cashier_SID) + +# Disable Shell Launcher + +$ShellLauncherClass.SetEnabled($FALSE) + +$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled() + +"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled +``` + +> [!NOTE] +> The previous script includes examples of multiple configuration options, including removing a custom shell and disabling Shell Launcher. It is not intended to be run as-is. + +## Shell Launcher user rights + +A custom shell is launched with the same level of user rights as the account that is signed in. This means that a user with administrator rights can perform any system action that requires administrator rights, including launching other applications with administrator rights, while a user without administrator rights can't. + +> [!WARNING] +> If your shell application requires administrator rights and needs to be elevated, and User Account Control (UAC) is present on your device, you must disable UAC in order for Shell Launcher to launch the shell application. + +## Related articles + +- [Unbranded Boot](unbranded-boot.md) +- [Custom Logon](custom-logon.md) +- [Use Shell Launcher to create a Windows 10 Kiosk](/windows/configuration/kiosk-shelllauncher) +- [Launch different shells for different user accounts](/windows-hardware/customize/enterprise/shell-launcher#launch-different-shells-for-different-user-accounts) +- [Perform an action when the shell exits](/windows-hardware/customize/enterprise/shell-launcher#perform-an-action-when-the-shell-exits) +- [Shell Launcher user rights](/windows-hardware/customize/enterprise/shell-launcher#shell-launcher-user-rights) diff --git a/windows/configuration/shell-launcher/multi-app-kiosk.md b/windows/configuration/shell-launcher/multi-app-kiosk.md new file mode 100644 index 00000000000..bdce5f1bc38 --- /dev/null +++ b/windows/configuration/shell-launcher/multi-app-kiosk.md @@ -0,0 +1,44 @@ +--- +title: Multi-App Kiosk +author: TerryWarwick +ms.author: twarwick +ms.date: 08/16/2023 +ms.topic: article +ms.service: windows-iot +ms.subservice: iot +description: Learn about the Multi-App Kiosk in Windows IoT Enterprise. +keywords: Lockdown, Multi-App, Kiosk +--- + +# Assigned access multi-app kiosk + +An assigned access multi-app kiosk runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types. A multi-app kiosk is appropriate for devices that are shared by multiple people. Here's a [guide](/windows/configuration/lock-down-windows-10-to-specific-apps) on how to set up a multi-app kiosk. + +> [!NOTE] +> Multi-app kiosk mode is not available for Windows 11 IoT Enterprise, version 21H2 or 22H2. Please refer to [What's new for subsequent releases](../whats-new/Release-History.md#windows-11-iot-enterprise) for information about its return. +> +> **Update** - [Multi-app kiosk mode is now available in Windows 11](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/multi-app-kiosk-mode-now-available-in-windows-11/ba-p/3845558)., version 22H2 as part of the Windows continuous innovation releases. To learn how you can take advantage of features introduced via Windows continuous innovation, see more about how you can access this feature in Windows 11 IoT Enterprise, version 22H2, see [Delivering continuous innovation in Windows 11](https://support.microsoft.com/windows/delivering-continuous-innovation-in-windows-11-b0aa0a27-ea9a-4365-9224-cb155e517f12). + +## Benefits of using a multi-app kiosk + +The benefit of a kiosk that runs multiple specified apps is to provide an easy-to-understand experience for individuals by showing them only the things they need to use, and removing the things they don’t need to access. + +A multi-app kiosk is appropriate for devices that are shared by multiple people. Each user can authenticate with the device and receive a customized lockdown experience based on the configuration. + +## Configuring your multi-app kiosk + +* [Configure a kiosk in Microsoft Intune](/windows/configuration/lock-down-windows-10-to-specific-apps#configure-a-kiosk-in-microsoft-intune) +* [Configure a kiosk using a provisioning package](/windows/configuration/lock-down-windows-10-to-specific-apps#configure-a-kiosk-using-a-provisioning-package) + +> [!NOTE] +> +> When you configure a multi-app kiosk, [specific policies](/windows/configuration/kiosk-policies) are enforced that will affect all non-administrator users on the device. + +## Additional Resources + +* [New features and improvements](/windows/configuration/lock-down-windows-10-to-specific-apps) +* [Set up a multi-app kiosk](/windows/configuration/lock-down-windows-10-to-specific-apps) +* [Kiosk apps for assigned access: Best practices](/windows-hardware/drivers/partnerapps/create-a-kiosk-app-for-assigned-access) +* [Guidelines for choosing an app for assigned access](/windows/configuration/guidelines-for-assigned-access-app) +* [Configure kiosks and digital signs](/windows/configuration/kiosk-methods) +* [More kiosk methods and reference information](/windows/configuration/kiosk-additional-reference) diff --git a/windows/configuration/shell-launcher/single-app-kiosk.md b/windows/configuration/shell-launcher/single-app-kiosk.md new file mode 100644 index 00000000000..592a4e49b76 --- /dev/null +++ b/windows/configuration/shell-launcher/single-app-kiosk.md @@ -0,0 +1,43 @@ +--- +title: Assigned access Single-App Kiosk +author: TerryWarwick +ms.author: twarwick +ms.date: 03/30/2023 +ms.topic: article +ms.service: windows-iot +ms.subservice: iot +description: Learn about the Single-App Kiosk in Windows IoT Enterprise. +keywords: Kiosk Mode, Single-App +--- + +# Assigned access single-app kiosk + +A single-app kiosk uses the assigned access feature to run a single app above the lock screen. When the kiosk account signs in, the app is launched automatically. The person using the kiosk can't do anything on the device outside of the kiosk app. + +> [!NOTE] +> +> Assigned access single-app kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk. + +## Benefits of using a single-app kiosk + +A single-app kiosk is ideal for public use. Using [shell launcher](./Shell-Launcher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk runs above the lock screen, and users have access to only this app and nothing else on the system. This experience is often used for public-facing kiosk machines. Check out [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions) for more information. + +## Configuring your single-app kiosks + +You have several options for configuring your single-app kiosk. + +* [Settings App](/windows/configuration/kiosk-single-app#local) +* [PowerShell](/windows/configuration/kiosk-single-app#powershell) +* [Kiosk Wizard in Windows Configuration Designer](/windows/configuration/kiosk-single-app#wizard) +* [Microsoft Intune or other MDM providers](/windows/configuration/kiosk-single-app#mdm) + +> [!TIP] +> You can also configure a kiosk account and app for single-app kiosk within [XML in a provisioning package](/windows/configuration/lock-down-windows-10-to-specific-apps) by using a [kiosk profile](/windows/configuration/lock-down-windows-10-to-specific-apps#profile). + +## Additional Resources + +* [Set up a single-app kiosk](/windows/configuration/kiosk-single-app) +* [Guidelines for choosing an app for assigned access](/windows/configuration/guidelines-for-assigned-access-app) +* [Kiosk apps for assigned access: Best practices](/windows-hardware/drivers/partnerapps/create-a-kiosk-app-for-assigned-access) +* [Configure kiosks and digital signs](/windows/configuration/kiosk-methods) +* [More kiosk methods and reference information](/windows/configuration/kiosk-additional-reference) diff --git a/windows/configuration/shell-launcher/toc.yml b/windows/configuration/shell-launcher/toc.yml new file mode 100644 index 00000000000..84f542a7320 --- /dev/null +++ b/windows/configuration/shell-launcher/toc.yml @@ -0,0 +1,24 @@ + +items: +- name: Shell Launcher + items: + - name: Overview + href: shell-launcher.md + - name: WMI Provider Reference + items: + - name: Class WESL_UserSetting + href: wesl-usersetting.md + - name: GetCustomShell + href: wesl-usersettinggetcustomshell.md + - name: GetDefaultShell + href: wesl-usersettinggetdefaultshell.md + - name: IsEnabled + href: wesl-usersettingisenabled.md + - name: RemoveCustomShell + href: wesl-usersettingremovecustomshell.md + - name: SetCustomShell + href: wesl-usersettingsetcustomshell.md + - name: SetDefaultShell + href: wesl-usersettingsetdefaultshell.md + - name: SetEnabled + href: wesl-usersettingsetenabled.md \ No newline at end of file diff --git a/windows/configuration/shell-launcher/wedl-assignedaccess.md b/windows/configuration/shell-launcher/wedl-assignedaccess.md new file mode 100644 index 00000000000..a8692c930e0 --- /dev/null +++ b/windows/configuration/shell-launcher/wedl-assignedaccess.md @@ -0,0 +1,150 @@ +--- +title: WEDL\_AssignedAccess +description: WEDL\_AssignedAccess +MSHAttr: +- 'PreferredSiteName:MSDN' +- 'PreferredLib:/library/windows/hardware' +ms.assetid: 2be8d294-db13-4494-bd5f-ba97ed89528e +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 05/20/2024 +ms.topic: article + + +--- +# WEDL\_AssignedAccess + +This Windows Management Instrumentation (WMI) provider class configures settings for assigned access. + +## Syntax + +```powershell +class WEDL_AssignedAccess { + [Key] string UserSID; + [Read, Write] string AppUserModelId; + [Read] sint32 Status; +}; +``` + +## Members + +The following tables list any methods and properties that belong to this class. + +### Methods + +This class contains no methods. + +### Properties + +| Property | Data type | Qualifiers | Description | +|----------|----------------|------------|-------------| +| **UserSID** | string | [key] | The security identifier (SID) for the user account that you want to use as the assigned access account. | +| **AppUserModelId** | string | [read, write] | The Application User Model ID (AUMID) of the Windows app to launch for the assigned access account. | +| **Status** | Boolean | none | Indicates the current status of the assigned access configuration | + +| Value | Description | +|:-----:|-------------| +| 0 | A valid account is configured, but no Windows app is specified. Assigned access is not enabled. | +| 1 | Assigned access is enabled. | +| 0x100 | UserSID error: cannot find the account. | +| 0x103 | UserSID error: the account profile does not exist. | +| 0x200 | AppUserModelID error: cannot find the Windows app. | +| 0x201 | Task Scheduler error: Could not schedule task. Make sure that the Task Scheduler service is running. | +| 0xffffffff | Unspecified error.| + +### Remarks + +Changes to assigned access do not affect any sessions that are currently signed in; you must sign out and sign back in. + +## Example + +The following Windows PowerShell script demonstrates how to use this class to set up an assigned access account. + +```powershell +# +#---Define variables--- +# + +$COMPUTER = "localhost" +$NAMESPACE = "root\standardcimv2\embedded" + +# Define the assigned access account. +# To use a different account, change $AssignedAccessAccount to a user account that is present on your device. + +$AssignedAccessAccount = "KioskAccount" + +# Define the Windows app to launch, in this example, use the Application Model User ID (AUMID) for Windows Calculator. +# To use a different Windows app, change $AppAUMID to the AUMID of the Windows app to launch. +# The Windows app must be installed for the account. + +$AppAUMID = "Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" + +# +#---Define helper functions--- +# + +function Get-UsernameSID($AccountName) { + +# This function retrieves the SID for a user account on a machine. +# This function does not check to verify that the user account actually exists. + + $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName) + $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier]) + + return $NTUserSID.Value +} + +# +#---Set up the new assigned access account--- +# + +# Get the SID for the assigned access account. + +$AssignedAccessUserSID = Get-UsernameSID($AssignedAccessAccount) + +# Check to see if an assigned access account is already set up, and if so, clear it. + +$AssignedAccessConfig = get-WMIObject -namespace $NAMESPACE -computer $COMPUTER -class WEDL_AssignedAccess + +if ($AssignedAccessConfig) { + +# Configuration already exists. Delete it so that we can create a new one, since only one assigned access account can be set up at a time. + + $AssignedAccessConfig.delete(); + +} + +# Configure assigned access to launch the specified Windows app for the specified account. + +Set-WmiInstance -class WEDL_AssignedAccess -ComputerName $COMPUTER -Namespace $NAMESPACE -Arguments @{ + UserSID = $AssignedAccessUserSID; + AppUserModelId = $AppAUMID + } | Out-Null; + +# Confirm that the settings were created properly. + +$AssignedAccessConfig = get-WMIObject -namespace $NAMESPACE -computer $COMPUTER -class WEDL_AssignedAccess + +if ($AssignedAccessConfig) { + + "Set up assigned access for the " + $AssignedAccessAccount + " account." + " UserSID = " + $AssignedAccessConfig.UserSid + " AppModelId = " + $AssignedAccessConfig.AppUserModelId + +} else { + + "Could not set up assigned access account." +} +``` + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | diff --git a/windows/configuration/shell-launcher/wesl-usersetting.md b/windows/configuration/shell-launcher/wesl-usersetting.md new file mode 100644 index 00000000000..78c25d9c4a5 --- /dev/null +++ b/windows/configuration/shell-launcher/wesl-usersetting.md @@ -0,0 +1,183 @@ +--- +title: WESL_UserSetting +description: WESL_UserSetting +MSHAttr: +- 'PreferredSiteName:MSDN' +- 'PreferredLib:/library/windows/hardware' +ms.assetid: 73c5bb46-bf9e-4657-a5ae-88dbd14b79e8 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 05/02/2017 +ms.topic: article + + +--- +# WESL_UserSetting + +This class configures which application Shell Launcher starts based on the security identifier (SID) of the signed in user, and also configures the set of return codes and return actions that Shell Launcher performs when the application exits. + +## Syntax + +```powershell +class WESL_UserSetting { + [read, write, Required] string Sid; + [read, write, Required] string Shell; + [read, write] Sint32 CustomReturnCodes[]; + [read, write] Sint32 CustomReturnCodesAction[]; + [read, write] sint32 DefaultAction; + + [Static] uint32 SetCustomShell( + [In, Required] string Sid, + [In, Required] string Shell, + [In] sint32 CustomReturnCodes[], + [In] sint32 CustomReturnCodesAction[], + [In] sint32 DefaultAction + ); + [Static] uint32 GetCustomShell( + [In, Required] string Sid, + [Out, Required] string Shell, + [Out, Required] sint32 CustomReturnCodes[], + [Out, Required] sint32 CustomReturnCodesAction[], + [Out, Required] sint32 DefaultAction + ); + [Static] uint32 RemoveCustomShell( + [In, Required] string Sid + ); + [Static] uint32 GetDefaultShell( + [Out, Required] string Shell, + [Out, Required] sint32 DefaultAction + ); + [Static] uint32 SetDefaultShell( + [In, Required] string Shell, + [In, Required] sint32 DefaultAction + ); + [Static] uint32 IsEnabled( + [Out, Required] boolean Enabled + ); + [Static] uint32 SetEnabled( + [In, Required] boolean Enabled); + ); +}; +``` + +## Members + +The following tables list any methods and properties that belong to this class. + +### Methods + +| Methods | Description | +|---------|-------------| +| [WESL_UserSetting.SetCustomShell](wesl-usersettingsetcustomshell.md) | Configures Shell Launcher for a specific user or group, based on SID. | +| [WESL_UserSetting.GetCustomShell](wesl-usersettinggetcustomshell.md) | Retrieves the Shell Launcher configuration for a specific user or group, based on the SID. | +| [WESL_UserSetting.RemoveCustomShell](wesl-usersettingremovecustomshell.md) | Removes a Shell Launcher configuration for a specific user or group, based on the SID. | +| [WESL_UserSetting.GetDefaultShell](wesl-usersettinggetdefaultshell.md) | Retrieves the default Shell Launcher configuration. | +| [WESL_UserSetting.SetDefaultShell](wesl-usersettingsetdefaultshell.md) | Sets the default Shell Launcher configuration. | +| [WESL_UserSetting.IsEnabled](wesl-usersettingisenabled.md) | Retrieves a value that indicates if Shell Launcher is enabled or disabled. | +| [WESL_UserSetting.SetEnabled](wesl-usersettingsetenabled.md) | Enables or disables Shell Launcher. | + +### Properties + +| Property | Data type | Qualifiers | Description | +|----------|----------------|------------|-------------| +| **Sid** | string | [read, write, required] | User or group SID. | +| **shell** | string | [read, write, required] | The application to start as the shell.
The **shell** property can be a filename in the *Path* environment variable, or it can contain a fully qualified path to the application. You can also use environment variables in the path.
Any spaces in the **shell** property must be part of a quote-delimited string. | +| **CustomReturnCodes** | Sint32[] |[read, write] | An array of custom return codes that can be returned by the shell. | +| **CustomReturnCodesAction** | Sint32[] | [read, write] | An array of custom return code actions that determine what action Shell Launcher takes when the shell exits. The custom actions map to the array of **CustomReturnCodes**.
The possible actions are:
0 - Restart the shell.
1 - Restart the device.
2 - Shut down the device.
3 - Do nothing. | +| **DefaultAction** | Sint32 | [read, write] | The default action Shell Launcher takes when the shell exits.
The possible actions are defined as follows:
0 - Restart the shell.
1 - Restart the device.
2 - Shut down the device.
3 - Do nothing. | + +### Remarks + +Only one **WESL_UserSetting** instance exists on a device with Shell Launcher. + +Shell Launcher uses the custom configuration defined for the SID of the user currently signed in, if one exists. Otherwise, Shell Launcher uses a custom configuration defined for a group SID that the user is a member of, if any exist. If multiple group custom configurations for the user exist, Shell Launcher uses the first valid configuration it finds. The search order is not defined. + +If there is no custom configuration for the user’s SID or any group SIDs that the user is a member of, Shell Launcher uses the default configuration. + +You can find the SID for a user and any groups that the user is a member of by using the [whoami](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771299(v=ws.10)) command-line tool. + +## Example + +The following Windows PowerShell script demonstrates how to add and remove custom shell configurations for Shell Launcher by using the Windows Management Instrumentation (WMI) providers for Shell Launcher. + +```powershell +$COMPUTER = "localhost" +$NAMESPACE = "root\standardcimv2\embedded" + +# Create a handle to the class instance so we can call the static methods. +$ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting" + + +# This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group. + +$Admins_SID = "S-1-5-32-544" + +# Create a function to retrieve the SID for a user account on a machine. + +function Get-UsernameSID($AccountName) { + + $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName) + $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier]) + + return $NTUserSID.Value + +} + +# Get the SID for a user account named "Cashier". Rename "Cashier" to an existing account on your system to test this script. + +$Cashier_SID = Get-UsernameSID("Cashier") + +# Define actions to take when the shell program exits. + +$restart_shell = 0 +$restart_device = 1 +$shutdown_device = 2 +$do_nothing = 3 + +# Examples + +# Set the command prompt as the default shell, and restart the device if it's closed. + +$ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device) + +# Display the default shell to verify that it was added correctly. + +$DefaultShellObject = $ShellLauncherClass.GetDefaultShell() + +"`nDefault Shell is set to " + $DefaultShellObject.Shell + " and the default action is set to " + $DefaultShellObject.defaultaction + +# Set Internet Explorer as the shell for "Cashier", and restart the machine if it's closed. + +$ShellLauncherClass.SetCustomShell($Cashier_SID, "c:\program files\internet explorer\iexplore.exe www.microsoft.com", ($null), ($null), $restart_shell) + +# Set Explorer as the shell for administrators. + +$ShellLauncherClass.SetCustomShell($Admins_SID, "explorer.exe") + +# View all the custom shells defined. + +"`nCurrent settings for custom shells:" +Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select Sid, Shell, DefaultAction + +# Remove the new custom shells. + +$ShellLauncherClass.RemoveCustomShell($Admins_SID) + +$ShellLauncherClass.RemoveCustomShell($Cashier_SID) +``` + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [Shell Launcher](shell-launcher.md) diff --git a/windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md b/windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md new file mode 100644 index 00000000000..432e7709490 --- /dev/null +++ b/windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md @@ -0,0 +1,86 @@ +--- +title: WESL_UserSetting.GetCustomShell +description: WESL_UserSetting.GetCustomShell +MSHAttr: +- 'PreferredSiteName:MSDN' +- 'PreferredLib:/library/windows/hardware' +ms.assetid: 7bd2b50c-d566-4688-8fbd-1ea0197c1cde +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 05/20/2024 +ms.topic: article + + +--- +# WESL_UserSetting.GetCustomShell + +This method retrieves the Shell Launcher configuration for a specific user or group, based on the security identifier (SID). + +## Syntax + +```powershell +[Static] uint32 GetCustomShell ( + [In, Required] string Sid, + [Out, Required] string Shell, + [Out, Required] sint32 CustomReturnCodes[], + [Out, Required] sint32 CustomReturnCodesAction[], + [Out, Required] sint32 DefaultAction +); +``` + +## Parameters + +**Sid**
\[in, required\] A string containing the security identifier (SID) of the user or group that Shell Launcher is configured for. + +**Shell**
\[out, required\] The application or executable that Shell Launcher starts as the shell. + +**CustomReturnCodes**
\[out, required\] An array of custom return codes returned by the shell application. + +**CustomReturnCodesAction**
\[out, required\] An array of custom return code actions that determine the action that Shell Launcher takes when the shell application exits. The custom actions map to the array of *CustomReturnCodes*. + +The possible actions are defined in the following table: + +| Value | Description | +|:-----:|-------------| +| 0 | Restart the shell. | +| 1 | Restart the device. | +| 2 | Shut down the device. | +| 3 | Do nothing. | + +**DefaultAction**
\[out, required\] The default action that Shell Launcher takes when the shell application exits. + +The possible actions are defined in the following table: + +| Value | Description | +|:------:|-------------| +| 0 | Restart the shell. | +| 1 | Restart the device. | +| 2 | Shut down the device. | +| 3 | Do nothing. | + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +Shell Launcher uses the *CustomReturnCodes* and *CustomReturnCodesAction* arrays to determine the system behavior when the shell application exits, based on the return value of the application. + +If the return value does not exist in *CustomReturnCodes*, or if the corresponding action defined in *CustomReturnCodesAction* is not a valid value, Shell Launcher uses *DefaultAction* to determine system behavior. If *DefaultAction* is not defined, or is not a valid value, Shell Launcher restarts the shell application. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [WESL_UserSetting](wesl-usersetting.md) +- [Shell Launcher](shell-launcher.md) diff --git a/windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md b/windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md new file mode 100644 index 00000000000..f750175178b --- /dev/null +++ b/windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md @@ -0,0 +1,66 @@ +--- +title: WESL_UserSetting.GetDefaultShell +description: WESL_UserSetting.GetDefaultShell +MSHAttr: +- 'PreferredSiteName:MSDN' +- 'PreferredLib:/library/windows/hardware' +ms.assetid: 26dc7e10-6e89-44e0-aec2-322676e8b2d1 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 05/20/2024 +ms.topic: article + + +--- +# WESL_UserSetting.GetDefaultShell + +This method retrieves the default Shell Launcher configuration. + +## Syntax + +```powershell +[Static] uint32 GetDefaultShell ( + [Out, Required] string Shell, + [Out, Required] sint32 DefaultAction +); +``` + +## Parameters + +**Shell**
\[out, required\] The application or executable that Shell Launcher starts as the shell. + +**DefaultAction**
\[out, required\] The default action Shell Launcher takes when the shell application exits. + +The possible actions are defined in the following table: + +| Value | Description | +|:-----:|-------------| +| 0 | Restart the shell. | +| 1 | Restart the device. | +| 2 | Shut down the device. | +| 3 | Do nothing. | + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +Shell Launcher uses the default configuration when the security identifier (SID) of the user who is currently signed in does not match any custom defined Shell Launcher configurations. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [WESL_UserSetting](wesl-usersetting.md) +- [Shell Launcher](shell-launcher.md) diff --git a/windows/configuration/shell-launcher/wesl-usersettingisenabled.md b/windows/configuration/shell-launcher/wesl-usersettingisenabled.md new file mode 100644 index 00000000000..b53d5cd3298 --- /dev/null +++ b/windows/configuration/shell-launcher/wesl-usersettingisenabled.md @@ -0,0 +1,50 @@ +--- +title: WESL_UserSetting.IsEnabled +description: WESL_UserSetting.IsEnabled +MSHAttr: +- 'PreferredSiteName:MSDN' +- 'PreferredLib:/library/windows/hardware' +ms.assetid: 567f57b5-f9c8-4129-8279-dd351028df5d +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 05/20/2024 +ms.topic: article + + +--- +# WESL_UserSetting.IsEnabled + +This method retrieves a value that indicates if Shell Launcher is enabled or disabled. + +## Syntax + +```powershell +[Static] uint32 IsEnabled( + [Out, Required] boolean Enabled +); +``` + +## Parameters + +**Enabled**
\[out, required\] A Boolean value that indicates if Shell Launcher is enabled. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [WESL_UserSetting](wesl-usersetting.md) +- [Shell Launcher](shell-launcher.md) diff --git a/windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md b/windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md new file mode 100644 index 00000000000..51cb663ea59 --- /dev/null +++ b/windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md @@ -0,0 +1,54 @@ +--- +title: WESL_UserSetting.RemoveCustomShell +description: WESL_UserSetting.RemoveCustomShell +MSHAttr: +- 'PreferredSiteName:MSDN' +- 'PreferredLib:/library/windows/hardware' +ms.assetid: 161eb289-e3b5-4d16-b367-f79f2b90f291 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 05/20/2024 +ms.topic: article + + +--- +# WESL_UserSetting.RemoveCustomShell + +This method removes a Shell Launcher configuration for a specific user or group, based on the security identifier (SID). + +## Syntax + +```powershell +[Static] uint32 RemoveCustomShell ( + [In, Required] string Sid +); +``` + +## Parameters + +**Sid**
\[in, required\] A string containing the security identifier (SID) of the user or group that Shell Launcher is configured for. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +You must restart your device for the changes to take effect. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [WESL_UserSetting](wesl-usersetting.md) +- [Shell Launcher](shell-launcher.md) diff --git a/windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md b/windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md new file mode 100644 index 00000000000..a0b846cc137 --- /dev/null +++ b/windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md @@ -0,0 +1,86 @@ +--- +title: WESL_UserSetting.SetCustomShell +description: WESL_UserSetting.SetCustomShell +MSHAttr: +- 'PreferredSiteName:MSDN' +- 'PreferredLib:/library/windows/hardware' +ms.assetid: 09fa040b-0fa1-4886-bfdd-8614eead0da8 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 05/20/2024 +ms.topic: article + + +--- +# WESL_UserSetting.SetCustomShell + +This method configures Shell Launcher for a specific user or group, based on the security identifier (SID). + +## Syntax + +```powershell +[Static] uint32 SetCustomShell ( + [In, Required] string Sid, + [In, Required] string Shell, + [In] sint32 CustomReturnCodes[], + [In] sint32 CustomReturnCodesAction[], + [In] sint32 DefaultAction +); +``` + +## Parameters + +**Sid**
\[in, required\] A string containing the security identifier (SID) of the user or group that Shell Launcher is being configured for. + +**Shell**
\[in, required\] The application or executable that Shell Launcher starts as the shell. + +**CustomReturnCodes**
\[in\] An array of custom return codes that can be returned by the shell application. + +**CustomReturnCodesAction**
\[in\] An array of custom return code actions that determine the action that Shell Launcher takes when the shell application exits. The custom actions map to the array of *CustomReturnCodes*. + +The possible actions are defined in the following table: + +| Value | Description | +|:-----:|-------------| +| 0 | Restart the shell. | +| 1 | Restart the device. | +| 2 | Shut down the device. | +| 3 | Do nothing. | + +**DefaultAction**
\[In\] The default action that Shell Launcher takes when the shell application exits. + +The possible actions are defined in the following table: + +| Value | Description | +|:-----:|-------------| +| 0 | Restart the shell.| +| 1 | Restart the device. | +| 2 | Shut down the device. | +| 3 | Do nothing. | + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +Shell Launcher uses the *CustomReturnCodes* and *CustomReturnCodesAction* arrays to determine the system behavior when the shell application exits, based on the return value of the shell application. + +If the return value does not exist in *CustomReturnCodes*, or if the corresponding action defined in *CustomReturnCodesAction* is not a valid value, Shell Launcher uses *DefaultAction* to determine system behavior. If *DefaultAction* is not defined, or is not a valid value, Shell Launcher restarts the shell application. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [WESL_UserSetting](wesl-usersetting.md) +- [Shell Launcher](shell-launcher.md) diff --git a/windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md b/windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md new file mode 100644 index 00000000000..cd2ec426911 --- /dev/null +++ b/windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md @@ -0,0 +1,66 @@ +--- +title: WESL_UserSetting.SetDefaultShell +description: WESL_UserSetting.SetDefaultShell +MSHAttr: +- 'PreferredSiteName:MSDN' +- 'PreferredLib:/library/windows/hardware' +ms.assetid: fb4040bb-7cf2-4644-bf0f-d7d0274dd080 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 05/20/2024 +ms.topic: article + + +--- +# WESL_UserSetting.SetDefaultShell + +This method sets the default Shell Launcher configuration. + +## Syntax + +```powershell +[Static] uint32 SetDefaultShell ( + [In, Required] string Shell, + [In, Required] sint32 DefaultAction +); +``` + +## Parameters + +**Shell**
\[in, required\] The application or executable that Shell Launcher starts as the shell. + +**DefaultAction**
\[in, required\] The default action that Shell Launcher takes when the *Shell* application exits. + +The possible actions are defined in the following table: + +| Value | Description | +|:-------:|-------------| +| 0 | Restart the shell. | +| 1 | Restart the device. | +| 2 | Shut down the device. | +| 3 | Do nothing. | + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +Shell Launcher uses the default configuration when the security identifier (SID) of the user who is currently signed in does not match any custom defined Shell Launcher configurations. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [WESL_UserSetting](wesl-usersetting.md) +- [Shell Launcher](shell-launcher.md) diff --git a/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md b/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md new file mode 100644 index 00000000000..fb9468d91b8 --- /dev/null +++ b/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md @@ -0,0 +1,56 @@ +--- +title: WESL_UserSetting.SetEnabled +description: WESL_UserSetting.SetEnabled +MSHAttr: +- 'PreferredSiteName:MSDN' +- 'PreferredLib:/library/windows/hardware' +ms.assetid: 8dc373fe-37f9-45ca-bb0a-38f0e54feef1 +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 05/20/2024 +ms.topic: article + + +--- +# WESL_UserSetting.SetEnabled + +This method enables or disables Shell Launcher. + +## Syntax + +```powershell +[Static] uint32 SetEnabled( + [In, Required] boolean Enabled +); +``` + +## Parameters + +**Enabled**
\[in, required\] A Boolean value that indicates whether to enable or disable Shell Launcher. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +This method enables or disables Shell Launcher by modifying the **Shell** value in the registry key **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon**. If Unified Write Filter (UWF) is enabled, you may need to disable UWF or commit this registry key by using [UWF_RegistryFilter.CommitRegistry](uwf-registryfiltercommitregistry.md) in order to enable or disable Shell Launcher. + +Enabling or disabling Shell Launcher does not take effect until a user signs in. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [WESL_UserSetting](wesl-usersetting.md) +- [Shell Launcher](shell-launcher.md) diff --git a/windows/configuration/unbranded-boot/index.md b/windows/configuration/unbranded-boot/index.md new file mode 100644 index 00000000000..e9a481729e4 --- /dev/null +++ b/windows/configuration/unbranded-boot/index.md @@ -0,0 +1,166 @@ +--- +title: Unbranded Boot +description: Unbranded Boot +author: TerryWarwick +ms.author: twarwick +ms.service: windows-iot +ms.subservice: iot +ms.date: 09/10/2024 +ms.topic: reference + + +--- +# Unbranded Boot + +You can suppress Windows elements that appear when Windows starts or resumes and can suppress the crash screen when Windows encounters an error that it can't recover from. This feature is known as Unbranded Boot. + +> [!IMPORTANT] +> The first user to sign in to the device must be an administrator. This ensures that the **RunOnce** registry settings correctly apply the settings. Also, when using auto sign-in, you must not configure auto sign-in on your device at design time. Instead, auto sign-in should be configured manually after first signing in as an administrator. + +## Requirements + +Unbranded Boot can be enabled on: + +- WindowsΒ 10 Enterprise +- Windows 10 IoT Enterprise +- WindowsΒ 10 Education +- Windows 11 Enterprise +- Windows 11 IoT Enterprise +- Windows 11 Education + +## Terminology + +- **Turn on, Enable:** To make the setting available to the device and optionally apply the settings to the device. Generally "turn on" is used in the user interface or control panel, whereas "enable" is used for command line. + +- **Configure:** To customize the setting or subsettings. + +- **Embedded Boot Experience:** this feature is called "Embedded Boot Experience" in Windows 10, build 1511. + +- **Custom Boot Experience:** this feature is called "Custom Boot Experience" in Windows 10, build 1607 and later. + +## Turn on Unbranded Boot settings + +Unbranded Boot is an optional component and isn't enabled by default in Windows. It must be enabled prior to configuring. + +If Windows has already been installed, you can't apply a provisioning package to configure Unbranded Boot; instead you must use BDCEdit to configure Unbranded boot if Windows is installed. + +BCDEdit is the primary tool for editing the Boot Configuration Database (BCD) of Windows and is included in Windows in the %WINDIR%\\System32 folder. Administrator privileges are required to use BCDEdit to modify the BCD. + +### Turn on Unbranded Boot by using Control Panel + +1. In the Windows search bar, type **Turn Windows features on or off** and either press **Enter** or tap or select **Turn Windows features on or off** to open the **Windows Features** window. +1. In the **Windows Features** window, expand the **Device Lockdown** node, and select (to turn on) or clear (to turn off) the checkbox for **Unbranded Boot**. +1. Select **OK**. The **Windows Features** window indicates that Windows is searching for required files and displays a progress bar. Once found, the window indicates that Windows is applying the changes. When completed, the window indicates the requested changes are completed. +1. Restart your device to apply the changes. + +## Configure Unbranded Boot settings at runtime using BCDEdit + + +1. Open a command prompt as an administrator. +1. Run the following command to disable the F8 key during startup to prevent access to the **Advanced startup options** menu. + + ```cmd + bcdedit.exe -set {globalsettings} advancedoptions false + ``` + +1. Run the following command to disable the F10 key during startup to prevent access to the **Advanced startup options** menu. + + ```cmd + bcdedit.exe -set {globalsettings} optionsedit false + ``` + +1. Run the following command to suppress all Windows UI elements (logo, status indicator, and status message) during startup. + + ```cmd + bcdedit.exe -set {globalsettings} bootuxdisabled on + ``` + +1. Run the following command to suppress any error screens that are displayed during boot. If **noerrordisplay** is on and the boot manager hits a *WinLoad Error* or *Bad Disk Error*, the system displays a black screen. + + ```cmd + bcdedit.exe -set {bootmgr} noerrordisplay on + ``` + +## Configure Unbranded Boot using Unattend + +You can also configure the Unattend settings in the [Microsoft-Windows-Embedded-BootExp](/windows-hardware/customize/desktop/unattend/microsoft-windows-embedded-bootexp) component to add Unbranded Boot features to your image during the design or imaging phase. You can manually create an Unattend answer file or use Windows System Image Manager (Windows SIM) to add the appropriate settings to your answer file. For more information about the Unbranded Boot settings and XML examples, see the settings in Microsoft-Windows-Embedded-BootExp. + +### Unbranded Boot settings + +The following table shows Unbranded Boot settings and their values. + +| Setting | Description | Value | +|---------|-------------|-------| +| DisableBootMenu | Contains an integer that disables the F8 and F10 keys during startup to prevent access to the Advanced startup options menu. | Set to 1 to disable the menu; otherwise; set to 0 (zero). The default value is 0. | +| DisplayDisabled | Contains an integer that configures the device to display a blank screen when Windows encounters an error that it can't recover from. | Set to 1 to display a blank screen on error; otherwise; set to 0 (zero). The default value is 0. | +| HideAllBootUI | Contains an integer that suppresses all Windows UI elements (logo, status indicator, and status message) during startup. | Set to 1 to suppress all Windows UI elements during startup; otherwise; set to 0 (zero). The default value is 0. | +| HideBootLogo | Contains an integer that suppresses the default Windows logo that displays during the OS loading phase. | Set to 1 to suppress the default Windows logo; otherwise; set to 0 (zero). The default value is 0. | +| HideBootStatusIndicator | Contains an integer that suppresses the status indicator that displays during the OS loading phase. | Set to 1 to suppress the status indicator; otherwise; set to 0 (zero). The default value is 0. | +| HideBootStatusMessage | Contains an integer that suppresses the startup status text that displays during the OS loading phase. | Set to 1 to suppress the startup status text; otherwise; set to 0 (zero). The default value is 0. | + +## Customize the boot screen using Windows Configuration Designer and Deployment Image Servicing and Management (DISM) + +You must enable Unbranded boot on the installation media with DISM before you can apply settings for Unbranded boot using either Windows Configuration Designer or applying a provisioning package during setup. + +1. Create a provisioning package or create a new Windows image in Windows Configuration Designer by following the instructions in [Create a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package). + +1. In the Available customizations page, select **Runtime settings** > **SMISettings** and then set the value for the boot screen settings. The following values are just examples. + + - **HideAllBootUI**=FALSE + - **HideBootLogo**=FALSE + - **HideBootStatusIndicator**=TRUE + - **HideBootStatusMessage**=TRUE + - **CrashDumpEnabled**=Full dump + + > [!TIP] + > For more information, see [SMISettings](/windows/configuration/wcd/wcd-smisettings) in the Windows Configuration Designer reference. + +1. Once you have finished configuring the settings and building the package or image, you use DISM to apply the settings. + 1. Open a command prompt with administrator privileges. + 1. Copy install.wim to a temporary folder on hard drive (in the following steps, it assumes it's called c:\\wim). + 1. Create a new directory. + + ```cmd + md c:\wim + ``` + + 1. Mount the image. + + ```cmd + dism /mount-wim /wimfile:c:\bootmedia\sources\install.wim /index:1 /MountDir:c:\wim + ``` + + 1. Enable the feature. + + ```cmd + dism /image:c:\wim /enable-feature /featureName:Client-EmbeddedBootExp + ``` + + 1. Commit the change. + + ```cmd + dism /unmount-wim /MountDir:c:\wim /Commit + ``` + +In the following image, the BootLogo is outlined in green, the BootStatusIndicator is outlined in red, and the BootStatusMessage is outlined in blue. + +![unbranded boot screen](images/boot.jpg) + +## Replace the startup logo + +The only supported way to replace the startup logo with a custom logo is to modify the Boot Graphics Resource Table (BGRT) on a device that uses UEFI as the firmware interface. If your device uses the BGRT to include a custom logo, it's always displayed and you can't suppress the custom logo. + +## Suppress Errors During Boot + +Errors that occur during early Windows Boot are typically a sign of bad device configuration or failing hardware and require user intervention to recover. You can suppress all error screens during early boot by enabling the **noerrordisplay** BCD setting. + +1. Open a command prompt as an administrator. +1. Run the following command to suppress error screens during boot. + + ```cmd + bcdedit.exe -set {bootmgr} noerrordisplay on + ``` + +## Related articles + +- [Custom Logon](custom-logon.md) From 83932149e53c8a15bd96850a50cbaf6c3c1e2ccf Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Tue, 14 Jan 2025 16:45:06 -0700 Subject: [PATCH 40/91] December DDF updates --- .../mdm/healthattestation-csp.md | 4 +- .../mdm/healthattestation-ddf.md | 4 +- .../mdm/policies-in-preview.md | 17 +- .../mdm/policy-csp-connectivity.md | 57 +++++- .../mdm/policy-csp-deliveryoptimization.md | 58 +++--- .../mdm/policy-csp-deviceguard.md | 68 ++++++- .../mdm/policy-csp-humanpresence.md | 181 +++++++++++++++++- .../mdm/policy-csp-printers.md | 54 +++++- windows/client-management/mdm/vpnv2-csp.md | 14 +- .../client-management/mdm/vpnv2-ddf-file.md | 12 +- 10 files changed, 415 insertions(+), 54 deletions(-) diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md index 4367d3cb2f6..a43aae095f5 100644 --- a/windows/client-management/mdm/healthattestation-csp.md +++ b/windows/client-management/mdm/healthattestation-csp.md @@ -1,7 +1,7 @@ --- title: HealthAttestation CSP description: Learn more about the HealthAttestation CSP. -ms.date: 01/31/2024 +ms.date: 01/14/2025 --- @@ -51,7 +51,7 @@ The following list shows the HealthAttestation configuration service provider no | Scope | Editions | Applicable OS | |:--|:--|:--| -| βœ… Device
❌ User | βœ… Pro
βœ… Enterprise
βœ… Education
βœ… Windows SE
βœ… IoT Enterprise / IoT Enterprise LTSC | βœ… Windows Insider Preview | +| βœ… Device
❌ User | βœ… Pro
βœ… Enterprise
βœ… Education
βœ… Windows SE
βœ… IoT Enterprise / IoT Enterprise LTSC | βœ… Windows 11, version 22H2 with [KB5046732](https://support.microsoft.com/help/5046732) [10.0.22621.4541] and later
βœ… Windows 11, version 24H2 with [KB5046617](https://support.microsoft.com/help/5046617) [10.0.26100.2314] and later
βœ… Windows Insider Preview | diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md index 0c9d3828727..5a273aecc4f 100644 --- a/windows/client-management/mdm/healthattestation-ddf.md +++ b/windows/client-management/mdm/healthattestation-ddf.md @@ -1,7 +1,7 @@ --- title: HealthAttestation DDF file description: View the XML file containing the device description framework (DDF) for the HealthAttestation configuration service provider. -ms.date: 06/28/2024 +ms.date: 01/14/2025 --- @@ -436,7 +436,7 @@ The following XML file contains the device description framework (DDF) for the H - 99.9.99999 + 99.9.99999, 10.0.26100.2314, 10.0.22621.4541 1.4 diff --git a/windows/client-management/mdm/policies-in-preview.md b/windows/client-management/mdm/policies-in-preview.md index 0e4249d6437..a728e43011f 100644 --- a/windows/client-management/mdm/policies-in-preview.md +++ b/windows/client-management/mdm/policies-in-preview.md @@ -1,7 +1,7 @@ --- title: Configuration service provider preview policies description: Learn more about configuration service provider (CSP) policies that are available for Windows Insider Preview. -ms.date: 11/27/2024 +ms.date: 01/14/2025 --- @@ -31,6 +31,7 @@ This article lists the policies that are applicable for Windows Insider Preview ## Connectivity +- [DisableCrossDeviceResume](policy-csp-connectivity.md#disablecrossdeviceresume) - [UseCellularWhenWiFiPoor](policy-csp-connectivity.md#usecellularwhenwifipoor) - [DisableCellularSettingsPage](policy-csp-connectivity.md#disablecellularsettingspage) - [DisableCellularOperatorSettingsPage](policy-csp-connectivity.md#disablecellularoperatorsettingspage) @@ -46,6 +47,10 @@ This article lists the policies that are applicable for Windows Insider Preview - [DODisallowCacheServerDownloadsOnVPN](policy-csp-deliveryoptimization.md#dodisallowcacheserverdownloadsonvpn) - [DOVpnKeywords](policy-csp-deliveryoptimization.md#dovpnkeywords) +## DeviceGuard + +- [MachineIdentityIsolation](policy-csp-deviceguard.md#machineidentityisolation) + ## DevicePreparation CSP - [PageEnabled](devicepreparation-csp.md#pageenabled) @@ -80,6 +85,12 @@ This article lists the policies that are applicable for Windows Insider Preview - [AttestErrorMessage](healthattestation-csp.md#attesterrormessage) +## HumanPresence + +- [ForcePrivacyScreen](policy-csp-humanpresence.md#forceprivacyscreen) +- [ForcePrivacyScreenDim](policy-csp-humanpresence.md#forceprivacyscreendim) +- [ForcePrivacyScreenNotification](policy-csp-humanpresence.md#forceprivacyscreennotification) + ## InternetExplorer - [AllowLegacyURLFields](policy-csp-internetexplorer.md#allowlegacyurlfields) @@ -115,6 +126,10 @@ This article lists the policies that are applicable for Windows Insider Preview - [DisablePostLogonProvisioning](passportforwork-csp.md#devicetenantidpoliciesdisablepostlogonprovisioning) +## Printers + +- [ConfigureIppTlsCertificatePolicy](policy-csp-printers.md#configureipptlscertificatepolicy) + ## Reboot CSP - [WeeklyRecurrent](reboot-csp.md#scheduleweeklyrecurrent) diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 5ed3127e3fb..a58ea71af25 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -1,7 +1,7 @@ --- title: Connectivity Policy CSP description: Learn more about the Connectivity Area in Policy CSP. -ms.date: 11/05/2024 +ms.date: 01/14/2025 --- @@ -684,6 +684,61 @@ This policy makes all configurable settings in the 'Cellular' Settings page read + +## DisableCrossDeviceResume + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ❌ Device
βœ… User | βœ… Pro
βœ… Enterprise
βœ… Education
βœ… Windows SE
βœ… IoT Enterprise / IoT Enterprise LTSC | βœ… Windows Insider Preview | + + + +```User +./User/Vendor/MSFT/Policy/Config/Connectivity/DisableCrossDeviceResume +``` + + + + +This policy allows IT admins to turn off CrossDeviceResume feature to continue tasks, such as browsing file, continue using 1P/3P apps that require linking between Phone and PC. + +- If you enable this policy setting, the Windows device won't receive any CrossDeviceResume notification. + +- If you disable this policy setting, the Windows device will receive notification to resume activity from linked phone. + +- If you don't configure this policy setting, the default behavior is that the CrossDeviceResume feature is turned 'ON'. Changes to this policy take effect on reboot. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | CrossDeviceResume is Enabled. | +| 1 | CrossDeviceResume is Disabled. | + + + + + + + + ## DisableDownloadingOfPrintDriversOverHTTP diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index c058b8bccf0..c8994390c1a 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -1,7 +1,7 @@ --- title: DeliveryOptimization Policy CSP description: Learn more about the DeliveryOptimization Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 01/14/2025 --- @@ -93,7 +93,7 @@ The value 0 (zero) means "unlimited" cache; Delivery Optimization will clear the -Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network. +Specifies whether the device, with an active VPN connection, is allowed to participate in P2P or not. @@ -240,10 +240,18 @@ If this policy isn't configured, the client will attempt to automatically find a |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-4294967295]` | | Default Value | 0 | + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 1 | DHCP Option 235. | +| 2 | DHCP Option 235 Force. | + + **Group policy mapping**: @@ -342,7 +350,7 @@ The recommended value is 1 hour (3600). -Specifies the time in seconds to delay the fallback from Cache Server to the HTTP source for a background content download. Note that the DODelayBackgroundDownloadFromHttp policy takes precedence over this policy to allow downloads from peers first. +For background downloads that use a cache server, specifies the time to wait before falling back to download from the original HTTP source. @@ -397,7 +405,7 @@ Specifies the time in seconds to delay the fallback from Cache Server to the HTT -Specifies the time in seconds to delay the fallback from Cache Server to the HTTP source for foreground content download. Note that the DODelayForegroundDownloadFromHttp policy takes precedence over this policy to allow downloads from peers first. +For foreground downloads that use a cache server, specifies the time to wait before falling back to download from the original HTTP source. @@ -513,7 +521,7 @@ The recommended value is 1 minute (60). -Disallow downloads from Microsoft Connected Cache servers when the device connects via VPN. By default, the device is allowed to download from Microsoft Connected Cache when connected via VPN. +Specify to disallow downloads from Microsoft Connected Cache servers when the device has an active VPN connection. By default, the button is 'Not Set'. This means the device is allowed to download from Microsoft Connected Cache when the device has an active VPN connection. To block these downloads, turn the button on to 'Enabled'. @@ -535,8 +543,8 @@ Disallow downloads from Microsoft Connected Cache servers when the device connec | Value | Description | |:--|:--| -| 0 (Default) | Allowed. | -| 1 | Not allowed. | +| 0 (Default) | Not Set. | +| 1 | Enabled. | @@ -572,7 +580,7 @@ Disallow downloads from Microsoft Connected Cache servers when the device connec -Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates. The default value is 1. +Specifies the method that Delivery Optimization can use to download content on behalf of various Microsoft products. @@ -598,10 +606,10 @@ Specifies the download method that Delivery Optimization can use in downloads of |:--|:--| | 0 (Default) | HTTP only, no peering. | | 1 | HTTP blended with peering behind the same NAT. | -| 2 | When this option is selected, peering will cross NATs. To create a custom group use Group ID in combination with Mode 2. | +| 2 | HTTP blended with peering across a private group. | | 3 | HTTP blended with Internet peering. | -| 99 | Simple download mode with no peering. Delivery Optimization downloads using HTTP only and doesn't attempt to contact the Delivery Optimization cloud services. Added in WindowsΒ 10, version 1607. | -| 100 | Bypass mode. Windows 10: Don't use Delivery Optimization and use BITS instead. Windows 11: Deprecated, use Simple mode instead. | +| 99 | HTTP only, no peering, no use of DO cloud service. | +| 100 | Bypass mode, deprecated in Windows 11. | @@ -698,7 +706,7 @@ Note this is a best effort optimization and shouldn't be relied on for an authen -Set this policy to restrict peer selection to a specific source. Available options are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = Microsoft Entra ID. When set, the Group ID will be assigned automatically from the selected source. This policy is ignored if the GroupID policy is also set. The options set in this policy only apply to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. For option 3 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID. Starting with Windows 10, version 1903, you can use the Microsoft Entra tenant ID as a means to define groups. To do this, set the value of DOGroupIdSource to 5. +Specifies the source of group ID used for peer selection. @@ -722,12 +730,12 @@ Set this policy to restrict peer selection to a specific source. Available optio | Value | Description | |:--|:--| -| 0 (Default) | Unset. | +| 0 (Default) | Not Set. | | 1 | AD site. | | 2 | Authenticated domain SID. | -| 3 | DHCP user option. | -| 4 | DNS suffix. | -| 5 | Microsoft Entra ID. | +| 3 | DHCP Option ID. | +| 4 | DNS Suffix. | +| 5 | Entra ID Tenant ID. | @@ -824,7 +832,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts -Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means unlimited; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size hasn't exceeded. The value 0 is new in Windows 10, version 1607. The default value is 604800 seconds (7 days). +Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. @@ -879,7 +887,7 @@ Specifies the maximum time in seconds that each file is held in the Delivery Opt -Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). The default value is 20. +Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of the available drive space. @@ -991,7 +999,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts -Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/sec for background downloads. This policy affects the blending of peer and HTTP sources. Delivery Optimization complements the download from the HTTP source to achieve the minimum QoS value set. The default value is 20480 (20 MB/s). +Specifies the minimum download QoS (Quality of Service) in KiloBytes/sec for background downloads. @@ -1165,7 +1173,7 @@ Recommended values: 64 GB to 256 GB. -Specifies the minimum content file size in MB enabled to use Peer Caching. Recommended values: 1 MB to 100,000 MB. The default value is 100 MB. +Specifies the minimum content file size in MB eligible to use P2P. @@ -1220,7 +1228,7 @@ Specifies the minimum content file size in MB enabled to use Peer Caching. Recom -Specifies the minimum RAM size in GB required to use Peer Caching. For example, if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB. The default value is 4 GB. +Specifies the minimum total RAM size in GB required to use P2P. @@ -1330,7 +1338,7 @@ By default, %SystemDrive% is used to store the cache. The drive location can be -Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. The value 0 (zero) means unlimited; No monthly upload limit's applied if 0 is set. The default value is 5120 (5 TB). +Specifies the maximum bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. @@ -1501,7 +1509,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts -Set this policy to restrict peer selection via selected option. Options available are: 1=Subnet mask, 2 = Local discovery (DNS-SD). These options apply to both Download Mode LAN (1) and Group (2). +Specifies to restrict peer selection using the selected method, in addition to the DownloadMode policy. @@ -1528,7 +1536,7 @@ In Windows 11 the 'Local Peer Discovery' option was introduced to restrict peer |:--|:--| | 0 (Default) | None. | | 1 | Subnet mask. | -| 2 | Local peer discovery (DNS-SD). | +| 2 | Local discovery (DNS-SD). | diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index c27a1426969..ba7cfacf34b 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -1,7 +1,7 @@ --- title: DeviceGuard Policy CSP description: Learn more about the DeviceGuard Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 01/14/2025 --- @@ -9,6 +9,8 @@ ms.date: 01/18/2024 # Policy CSP - DeviceGuard +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] + @@ -205,6 +207,70 @@ Credential Guard Configuration: 0 - Turns off CredentialGuard remotely if config + +## MachineIdentityIsolation + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| βœ… Device
❌ User | ❌ Pro
βœ… Enterprise
βœ… Education
❌ Windows SE
βœ… IoT Enterprise / IoT Enterprise LTSC | βœ… Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/DeviceGuard/MachineIdentityIsolation +``` + + + + +Machine Identity Isolation: 0 - Machine password is only LSASS-bound and stored in $MACHINE.ACC registry key. 1 - Machine password both LSASS-bound and IUM-bound. It's stored in $MACHINE.ACC and $MACHINE.ACC.IUM registry keys. 2 - Machine password is only IUM-bound and stored in $MACHINE.ACC.IUM registry key. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | (Disabled) Machine password is only LSASS-bound and stored in $MACHINE.ACC registry key. | +| 1 | (Enabled in audit mode) Machine password both LSASS-bound and IUM-bound. It's stored in $MACHINE.ACC and $MACHINE.ACC.IUM registry keys. | +| 2 | (Enabled in enforcement mode) Machine password is only IUM-bound and stored in $MACHINE.ACC.IUM registry key. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | VirtualizationBasedSecurity | +| Friendly Name | Turn On Virtualization Based Security | +| Element Name | Machine Identity Isolation Configuration. | +| Location | Computer Configuration | +| Path | System > Device Guard | +| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\DeviceGuard | +| ADMX File Name | DeviceGuard.admx | + + + + + + + + ## RequirePlatformSecurityFeatures diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md index 1cf592ddffb..b27018ae745 100644 --- a/windows/client-management/mdm/policy-csp-humanpresence.md +++ b/windows/client-management/mdm/policy-csp-humanpresence.md @@ -1,7 +1,7 @@ --- title: HumanPresence Policy CSP description: Learn more about the HumanPresence Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 01/14/2025 --- @@ -9,6 +9,8 @@ ms.date: 09/27/2024 # Policy CSP - HumanPresence +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] + @@ -526,6 +528,183 @@ Determines the timeout for Lock on Leave forced by the MDM policy. The user will + +## ForcePrivacyScreen + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| βœ… Device
❌ User | βœ… Pro
βœ… Enterprise
βœ… Education
❌ Windows SE
βœ… IoT Enterprise / IoT Enterprise LTSC | βœ… Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/HumanPresence/ForcePrivacyScreen +``` + + + + +Determines whether detect when other people are looking at my screen is forced on/off by the MDM policy. The user won't be able to change this setting and the UI will be greyed out. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 2 | ForcedOff. | +| 1 | ForcedOn. | +| 0 (Default) | DefaultToUserChoice. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | ForcePrivacyScreen | +| Path | Sensors > AT > WindowsComponents > HumanPresence | + + + + + + + + + +## ForcePrivacyScreenDim + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| βœ… Device
❌ User | βœ… Pro
βœ… Enterprise
βœ… Education
❌ Windows SE
βœ… IoT Enterprise / IoT Enterprise LTSC | βœ… Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/HumanPresence/ForcePrivacyScreenDim +``` + + + + +Determines whether dim the screen when other people are looking at my screen checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 2 | ForcedUnchecked. | +| 1 | ForcedChecked. | +| 0 (Default) | DefaultToUserChoice. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | ForcePrivacyScreenDim | +| Path | Sensors > AT > WindowsComponents > HumanPresence | + + + + + + + + + +## ForcePrivacyScreenNotification + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| βœ… Device
❌ User | βœ… Pro
βœ… Enterprise
βœ… Education
❌ Windows SE
βœ… IoT Enterprise / IoT Enterprise LTSC | βœ… Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/HumanPresence/ForcePrivacyScreenNotification +``` + + + + +Determines whether providing alert when people are looking at my screen checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 2 | ForcedUnchecked. | +| 1 | ForcedChecked. | +| 0 (Default) | DefaultToUserChoice. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | ForcePrivacyScreenNotification | +| Path | Sensors > AT > WindowsComponents > HumanPresence | + + + + + + + + diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 098733446d9..b852afb0b4d 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -1,7 +1,7 @@ --- title: Printers Policy CSP description: Learn more about the Printers Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 01/14/2025 --- @@ -11,6 +11,8 @@ ms.date: 09/27/2024 [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] + @@ -348,6 +350,56 @@ The following are the supported values: + +## ConfigureIppTlsCertificatePolicy + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| βœ… Device
❌ User | βœ… Pro
βœ… Enterprise
βœ… Education
βœ… Windows SE
βœ… IoT Enterprise / IoT Enterprise LTSC | βœ… Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/Printers/ConfigureIppTlsCertificatePolicy +``` + + + + + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `chr` (string) | +| Access Type | Add, Delete, Get, Replace | + + + + +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] + +**ADMX mapping**: + +| Name | Value | +|:--|:--| +| Name | ConfigureIppTlsCertificatePolicy | +| ADMX File Name | Printing.admx | + + + + + + + + ## ConfigureRedirectionGuardPolicy diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 58d6463c975..f8ca2e1a8ab 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -1,7 +1,7 @@ --- title: VPNv2 CSP description: Learn more about the VPNv2 CSP. -ms.date: 01/18/2024 +ms.date: 01/14/2025 --- @@ -863,11 +863,7 @@ Returns the type of App/Id. This value can be either of the following: PackageFa -False: Don't Bypass for Local traffic. - -True: ByPass VPN Interface for Local Traffic. - -Optional. When this setting is True, requests to local resources that are available on the same Wi-Fi network as the VPN client can bypass the VPN. For example, if enterprise policy for VPN requires force tunnel for VPN, but enterprise intends to allow the remote user to connect locally to media center in their home, then this option should be set to True. The user can bypass VPN for local subnet traffic. When this is set to False, the setting is disabled and no subnet exceptions are allowed. +Not supported. @@ -5160,11 +5156,7 @@ Returns the type of App/Id. This value can be either of the following: PackageFa -False: Don't Bypass for Local traffic. - -True: ByPass VPN Interface for Local Traffic. - -Optional. When this setting is True, requests to local resources that are available on the same Wi-Fi network as the VPN client can bypass the VPN. For example, if enterprise policy for VPN requires force tunnel for VPN, but enterprise intends to allow the remote user to connect locally to media center in their home, then this option should be set to True. The user can bypass VPN for local subnet traffic. When this is set to False, the setting is disabled and no subnet exceptions are allowed. +Not supported. diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md index abe39e405a3..8927c4cc29a 100644 --- a/windows/client-management/mdm/vpnv2-ddf-file.md +++ b/windows/client-management/mdm/vpnv2-ddf-file.md @@ -1,7 +1,7 @@ --- title: VPNv2 DDF file description: View the XML file containing the device description framework (DDF) for the VPNv2 configuration service provider. -ms.date: 06/28/2024 +ms.date: 01/14/2025 --- @@ -1156,10 +1156,7 @@ The following XML file contains the device description framework (DDF) for the V - False : Do not Bypass for Local traffic - True : ByPass VPN Interface for Local Traffic - - Optional. When this setting is True, requests to local resources that are available on the same Wi-Fi network as the VPN client can bypass the VPN. For example, if enterprise policy for VPN requires force tunnel for VPN, but enterprise intends to allow the remote user to connect locally to media center in their home, then this option should be set to True. The user can bypass VPN for local subnet traffic. When this is set to False, the setting is disabled and no subnet exceptions are allowed. + Not supported. @@ -4425,10 +4422,7 @@ A device tunnel profile must be deleted before another device tunnel profile can - False : Do not Bypass for Local traffic - True : ByPass VPN Interface for Local Traffic - - Optional. When this setting is True, requests to local resources that are available on the same Wi-Fi network as the VPN client can bypass the VPN. For example, if enterprise policy for VPN requires force tunnel for VPN, but enterprise intends to allow the remote user to connect locally to media center in their home, then this option should be set to True. The user can bypass VPN for local subnet traffic. When this is set to False, the setting is disabled and no subnet exceptions are allowed. + Not supported. From dbcbff2c9b5110631aa0efe55a6822da4e09ded7 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 14 Jan 2025 18:46:37 -0500 Subject: [PATCH 41/91] updates --- windows/configuration/shell-launcher/single-app-kiosk.md | 4 ++-- windows/configuration/shell-launcher/toc.yml | 2 +- windows/configuration/shell-launcher/wesl-usersetting.md | 2 +- .../shell-launcher/wesl-usersettinggetcustomshell.md | 2 +- .../shell-launcher/wesl-usersettinggetdefaultshell.md | 2 +- .../configuration/shell-launcher/wesl-usersettingisenabled.md | 2 +- .../shell-launcher/wesl-usersettingremovecustomshell.md | 2 +- .../shell-launcher/wesl-usersettingsetcustomshell.md | 2 +- .../shell-launcher/wesl-usersettingsetdefaultshell.md | 2 +- .../shell-launcher/wesl-usersettingsetenabled.md | 2 +- 10 files changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/configuration/shell-launcher/single-app-kiosk.md b/windows/configuration/shell-launcher/single-app-kiosk.md index 592a4e49b76..3b24c8cb1f3 100644 --- a/windows/configuration/shell-launcher/single-app-kiosk.md +++ b/windows/configuration/shell-launcher/single-app-kiosk.md @@ -20,7 +20,7 @@ A single-app kiosk uses the assigned access feature to run a single app above th ## Benefits of using a single-app kiosk -A single-app kiosk is ideal for public use. Using [shell launcher](./Shell-Launcher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk runs above the lock screen, and users have access to only this app and nothing else on the system. This experience is often used for public-facing kiosk machines. Check out [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions) for more information. +A single-app kiosk is ideal for public use. Using [shell launcher](./index.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk runs above the lock screen, and users have access to only this app and nothing else on the system. This experience is often used for public-facing kiosk machines. Check out [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions) for more information. ## Configuring your single-app kiosks @@ -32,7 +32,7 @@ You have several options for configuring your single-app kiosk. * [Microsoft Intune or other MDM providers](/windows/configuration/kiosk-single-app#mdm) > [!TIP] -> You can also configure a kiosk account and app for single-app kiosk within [XML in a provisioning package](/windows/configuration/lock-down-windows-10-to-specific-apps) by using a [kiosk profile](/windows/configuration/lock-down-windows-10-to-specific-apps#profile). +> You can also configure a kiosk account and app for single-app kiosk within [XML in a provisioning package](/windows/configuration/lock-down-windows-10-to-specific-apps) by using a [kiosk profile](/windows/configuration/lock-down-windows-10-to-specific-apps#profile). ## Additional Resources diff --git a/windows/configuration/shell-launcher/toc.yml b/windows/configuration/shell-launcher/toc.yml index 84f542a7320..a25c9dde938 100644 --- a/windows/configuration/shell-launcher/toc.yml +++ b/windows/configuration/shell-launcher/toc.yml @@ -3,7 +3,7 @@ items: - name: Shell Launcher items: - name: Overview - href: shell-launcher.md + href: index.md - name: WMI Provider Reference items: - name: Class WESL_UserSetting diff --git a/windows/configuration/shell-launcher/wesl-usersetting.md b/windows/configuration/shell-launcher/wesl-usersetting.md index 78c25d9c4a5..1239aae7185 100644 --- a/windows/configuration/shell-launcher/wesl-usersetting.md +++ b/windows/configuration/shell-launcher/wesl-usersetting.md @@ -180,4 +180,4 @@ $ShellLauncherClass.RemoveCustomShell($Cashier_SID) ## Related topics -- [Shell Launcher](shell-launcher.md) +- [Shell Launcher](index.md) diff --git a/windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md b/windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md index 432e7709490..b28608d8170 100644 --- a/windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md +++ b/windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md @@ -83,4 +83,4 @@ If the return value does not exist in *CustomReturnCodes*, or if the correspondi ## Related topics - [WESL_UserSetting](wesl-usersetting.md) -- [Shell Launcher](shell-launcher.md) +- [Shell Launcher](index.md) diff --git a/windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md b/windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md index f750175178b..4aa7e6bc23c 100644 --- a/windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md +++ b/windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md @@ -63,4 +63,4 @@ Shell Launcher uses the default configuration when the security identifier (SID) ## Related topics - [WESL_UserSetting](wesl-usersetting.md) -- [Shell Launcher](shell-launcher.md) +- [Shell Launcher](index.md) diff --git a/windows/configuration/shell-launcher/wesl-usersettingisenabled.md b/windows/configuration/shell-launcher/wesl-usersettingisenabled.md index b53d5cd3298..8afbe060a56 100644 --- a/windows/configuration/shell-launcher/wesl-usersettingisenabled.md +++ b/windows/configuration/shell-launcher/wesl-usersettingisenabled.md @@ -47,4 +47,4 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n ## Related topics - [WESL_UserSetting](wesl-usersetting.md) -- [Shell Launcher](shell-launcher.md) +- [Shell Launcher](index.md) diff --git a/windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md b/windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md index 51cb663ea59..c636f9a829f 100644 --- a/windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md +++ b/windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md @@ -51,4 +51,4 @@ You must restart your device for the changes to take effect. ## Related topics - [WESL_UserSetting](wesl-usersetting.md) -- [Shell Launcher](shell-launcher.md) +- [Shell Launcher](index.md) diff --git a/windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md b/windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md index a0b846cc137..3bd103fb801 100644 --- a/windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md +++ b/windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md @@ -83,4 +83,4 @@ If the return value does not exist in *CustomReturnCodes*, or if the correspondi ## Related topics - [WESL_UserSetting](wesl-usersetting.md) -- [Shell Launcher](shell-launcher.md) +- [Shell Launcher](index.md) diff --git a/windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md b/windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md index cd2ec426911..ee18b101691 100644 --- a/windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md +++ b/windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md @@ -63,4 +63,4 @@ Shell Launcher uses the default configuration when the security identifier (SID) ## Related topics - [WESL_UserSetting](wesl-usersetting.md) -- [Shell Launcher](shell-launcher.md) +- [Shell Launcher](index.md) diff --git a/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md b/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md index fb9468d91b8..96fc8630d76 100644 --- a/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md +++ b/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md @@ -53,4 +53,4 @@ Enabling or disabling Shell Launcher does not take effect until a user signs in. ## Related topics - [WESL_UserSetting](wesl-usersetting.md) -- [Shell Launcher](shell-launcher.md) +- [Shell Launcher](index.md) From 87ac286a0ac0964014dc33af743c9d927f2dfff7 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 15 Jan 2025 08:04:41 -0500 Subject: [PATCH 42/91] updates --- windows/configuration/custom-logon/index.md | 38 +-- .../custom-logon/troubleshoot.md | 19 +- .../shell-launcher/browser-support.md | 5 +- windows/configuration/shell-launcher/index.md | 14 +- .../shell-launcher/multi-app-kiosk.md | 4 +- .../wesl-usersettingsetenabled.md | 2 +- .../unbranded-boot/images/boot.jpg | Bin 0 -> 15392 bytes windows/configuration/unbranded-boot/index.md | 21 +- .../hibernate-once-resume-many-horm.md | 167 ++++++++++ .../unified-write-filter/index.md | 126 +++++++ .../service-uwf-protected-devices.md | 37 +++ .../unified-write-filter/toc.yml | 126 +++++++ .../uwf-antimalware-support.md | 75 +++++ .../uwf-apply-oem-updates.md | 44 +++ .../uwf-apply-windows-updates.md | 71 ++++ .../unified-write-filter/uwf-excludedfile.md | 53 +++ .../uwf-excludedregistrykey.md | 53 +++ .../unified-write-filter/uwf-filter.md | 171 ++++++++++ .../unified-write-filter/uwf-filterdisable.md | 45 +++ .../unified-write-filter/uwf-filterenable.md | 68 ++++ .../uwf-filterresetsettings.md | 49 +++ .../uwf-filterrestartsystem.md | 50 +++ .../uwf-filtershutdownsystem.md | 49 +++ .../uwf-master-servicing-script.md | 90 +++++ .../unified-write-filter/uwf-overlay.md | 166 ++++++++++ .../unified-write-filter/uwf-overlayconfig.md | 161 +++++++++ .../uwf-overlayconfigsetmaximumsize.md | 57 ++++ .../uwf-overlayconfigsettype.md | 60 ++++ .../unified-write-filter/uwf-overlayfile.md | 53 +++ .../uwf-overlaygetoverlayfiles.md | 69 ++++ .../uwf-overlaysetcriticalthreshold.md | 53 +++ .../uwf-overlaysetwarningthreshold.md | 53 +++ .../uwf-registryfilter.md | 271 +++++++++++++++ .../uwf-registryfilteraddexclusion.md | 60 ++++ .../uwf-registryfiltercommitregistry.md | 52 +++ ...wf-registryfiltercommitregistrydeletion.md | 54 +++ .../uwf-registryfilterfindexclusion.md | 46 +++ .../uwf-registryfiltergetexclusions.md | 47 +++ .../uwf-registryfilterremoveexclusion.md | 47 +++ .../uwf-servicing-screen-saver.md | 53 +++ .../unified-write-filter/uwf-servicing.md | 101 ++++++ .../uwf-servicingdisable.md | 45 +++ .../uwf-servicingenable.md | 45 +++ .../uwf-servicingupdatewindows.md | 55 +++ .../unified-write-filter/uwf-turnonuwf.md | 148 +++++++++ .../unified-write-filter/uwf-volume.md | 313 ++++++++++++++++++ .../uwf-volumeaddexclusion.md | 58 ++++ .../uwf-volumecommitfile.md | 49 +++ .../uwf-volumecommitfiledeletion.md | 49 +++ .../uwf-volumefindexclusion.md | 50 +++ .../uwf-volumegetexclusions.md | 47 +++ .../unified-write-filter/uwf-volumeprotect.md | 47 +++ .../uwf-volumeremoveallexclusions.md | 47 +++ .../uwf-volumeremoveexclusion.md | 47 +++ .../uwf-volumesetbindbydriveletter.md | 52 +++ .../uwf-volumeunprotect.md | 45 +++ .../uwf-wes7-ewf-to-win10-uwf.md | 60 ++++ .../uwf-wmi-provider-reference.md | 45 +++ .../unified-write-filter/uwfexclusions.md | 191 +++++++++++ .../unified-write-filter/uwfmgrexe.md | 216 ++++++++++++ .../unified-write-filter/uwfoverlay.md | 135 ++++++++ .../uwftroubleshooting.md | 35 ++ 62 files changed, 4496 insertions(+), 63 deletions(-) create mode 100644 windows/configuration/unbranded-boot/images/boot.jpg create mode 100644 windows/configuration/unified-write-filter/hibernate-once-resume-many-horm.md create mode 100644 windows/configuration/unified-write-filter/index.md create mode 100644 windows/configuration/unified-write-filter/service-uwf-protected-devices.md create mode 100644 windows/configuration/unified-write-filter/toc.yml create mode 100644 windows/configuration/unified-write-filter/uwf-antimalware-support.md create mode 100644 windows/configuration/unified-write-filter/uwf-apply-oem-updates.md create mode 100644 windows/configuration/unified-write-filter/uwf-apply-windows-updates.md create mode 100644 windows/configuration/unified-write-filter/uwf-excludedfile.md create mode 100644 windows/configuration/unified-write-filter/uwf-excludedregistrykey.md create mode 100644 windows/configuration/unified-write-filter/uwf-filter.md create mode 100644 windows/configuration/unified-write-filter/uwf-filterdisable.md create mode 100644 windows/configuration/unified-write-filter/uwf-filterenable.md create mode 100644 windows/configuration/unified-write-filter/uwf-filterresetsettings.md create mode 100644 windows/configuration/unified-write-filter/uwf-filterrestartsystem.md create mode 100644 windows/configuration/unified-write-filter/uwf-filtershutdownsystem.md create mode 100644 windows/configuration/unified-write-filter/uwf-master-servicing-script.md create mode 100644 windows/configuration/unified-write-filter/uwf-overlay.md create mode 100644 windows/configuration/unified-write-filter/uwf-overlayconfig.md create mode 100644 windows/configuration/unified-write-filter/uwf-overlayconfigsetmaximumsize.md create mode 100644 windows/configuration/unified-write-filter/uwf-overlayconfigsettype.md create mode 100644 windows/configuration/unified-write-filter/uwf-overlayfile.md create mode 100644 windows/configuration/unified-write-filter/uwf-overlaygetoverlayfiles.md create mode 100644 windows/configuration/unified-write-filter/uwf-overlaysetcriticalthreshold.md create mode 100644 windows/configuration/unified-write-filter/uwf-overlaysetwarningthreshold.md create mode 100644 windows/configuration/unified-write-filter/uwf-registryfilter.md create mode 100644 windows/configuration/unified-write-filter/uwf-registryfilteraddexclusion.md create mode 100644 windows/configuration/unified-write-filter/uwf-registryfiltercommitregistry.md create mode 100644 windows/configuration/unified-write-filter/uwf-registryfiltercommitregistrydeletion.md create mode 100644 windows/configuration/unified-write-filter/uwf-registryfilterfindexclusion.md create mode 100644 windows/configuration/unified-write-filter/uwf-registryfiltergetexclusions.md create mode 100644 windows/configuration/unified-write-filter/uwf-registryfilterremoveexclusion.md create mode 100644 windows/configuration/unified-write-filter/uwf-servicing-screen-saver.md create mode 100644 windows/configuration/unified-write-filter/uwf-servicing.md create mode 100644 windows/configuration/unified-write-filter/uwf-servicingdisable.md create mode 100644 windows/configuration/unified-write-filter/uwf-servicingenable.md create mode 100644 windows/configuration/unified-write-filter/uwf-servicingupdatewindows.md create mode 100644 windows/configuration/unified-write-filter/uwf-turnonuwf.md create mode 100644 windows/configuration/unified-write-filter/uwf-volume.md create mode 100644 windows/configuration/unified-write-filter/uwf-volumeaddexclusion.md create mode 100644 windows/configuration/unified-write-filter/uwf-volumecommitfile.md create mode 100644 windows/configuration/unified-write-filter/uwf-volumecommitfiledeletion.md create mode 100644 windows/configuration/unified-write-filter/uwf-volumefindexclusion.md create mode 100644 windows/configuration/unified-write-filter/uwf-volumegetexclusions.md create mode 100644 windows/configuration/unified-write-filter/uwf-volumeprotect.md create mode 100644 windows/configuration/unified-write-filter/uwf-volumeremoveallexclusions.md create mode 100644 windows/configuration/unified-write-filter/uwf-volumeremoveexclusion.md create mode 100644 windows/configuration/unified-write-filter/uwf-volumesetbindbydriveletter.md create mode 100644 windows/configuration/unified-write-filter/uwf-volumeunprotect.md create mode 100644 windows/configuration/unified-write-filter/uwf-wes7-ewf-to-win10-uwf.md create mode 100644 windows/configuration/unified-write-filter/uwf-wmi-provider-reference.md create mode 100644 windows/configuration/unified-write-filter/uwfexclusions.md create mode 100644 windows/configuration/unified-write-filter/uwfmgrexe.md create mode 100644 windows/configuration/unified-write-filter/uwfoverlay.md create mode 100644 windows/configuration/unified-write-filter/uwftroubleshooting.md diff --git a/windows/configuration/custom-logon/index.md b/windows/configuration/custom-logon/index.md index 2c48c05b62a..9bcdb4c1dfc 100644 --- a/windows/configuration/custom-logon/index.md +++ b/windows/configuration/custom-logon/index.md @@ -1,32 +1,26 @@ --- title: Custom Logon description: Custom Logon -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: aaf4ddd3-eac4-4c60-90c8-38837078c43b author: sydbruck -ms.author: sybruckm -ms.service: windows-iot -ms.subservice: iot +author: TerryWarwick +ms.author: twarwick ms.date: 03/05/2024 -ms.topic: article - - +ms.topic: overview --- + # Custom Logon -You can use the Custom Logon feature to suppress WindowsΒ UI elements that relate to the Welcome screen and shutdown screen. For example, you can suppress all elements of the Welcome screen UI and provide a custom logon UI. You can also suppress the Blocked Shutdown Resolver (BSDR) screen and automatically end applications while the OS waits for applications to close before a shutdown. +You can use the Custom Logon feature to suppress Windows UI elements that relate to the Welcome screen and shutdown screen. For example, you can suppress all elements of the Welcome screen UI and provide a custom logon UI. You can also suppress the Blocked Shutdown Resolver (BSDR) screen and automatically end applications while the OS waits for applications to close before a shutdown. -Custom Logon settings don't modify the credential behavior of **Winlogon**, so you can use any credential provider that is compatible with WindowsΒ 10 to provide a custom sign-in experience for your device. For more information about creating a custom logon experience, see [Winlogon and Credential Providers](/windows/win32/secauthn/winlogon-and-credential-providers). +Custom Logon settings don't modify the credential behavior of **Winlogon**, so you can use any credential provider that is compatible with Windows 10 to provide a custom sign-in experience for your device. For more information about creating a custom logon experience, see [Winlogon and Credential Providers](/windows/win32/secauthn/winlogon-and-credential-providers). ## Requirements Custom Logon can be enabled on: -- WindowsΒ 10 Enterprise +- Windows 10 Enterprise - Windows 10 IoT Enterprise -- WindowsΒ 10 Education +- Windows 10 Education - Windows 11 Enterprise - Windows 11 IoT Enterprise - Windows 11 Education @@ -37,13 +31,13 @@ Custom Logon can be enabled on: **Configure:** To customize the setting or subsettings. -**Embedded Logon:** This feature is called Embedded Logon in WindowsΒ 10, version 1511. +**Embedded Logon:** This feature is called Embedded Logon in Windows 10, version 1511. -**Custom Logon:** This feature is called Custom Logon in WindowsΒ 10, version 1607 and later. +**Custom Logon:** This feature is called Custom Logon in Windows 10, version 1607 and later. ## Turn on Custom Logon -Custom Logon is an optional component and isn't turned on by default in WindowsΒ 10. It must be turned on prior to configuring. You can turn on and configure Custom Logon in a customized WindowsΒ 10 image (.wim) if MicrosoftΒ Windows hasn't been installed. If Windows has already been installed and you're applying a provisioning package to configure Custom Logon, you must first turn on Custom Logon in order for a provisioning package to be successfully applied. +Custom Logon is an optional component and isn't turned on by default in Windows 10. It must be turned on prior to configuring. You can turn on and configure Custom Logon in a customized Windows 10 image (.wim) if Microsoft Windows hasn't been installed. If Windows has already been installed and you're applying a provisioning package to configure Custom Logon, you must first turn on Custom Logon in order for a provisioning package to be successfully applied. The Custom Logon feature is available in the Control Panel. You can set Custom Logon by following these steps: @@ -97,7 +91,7 @@ HKLM\Software\Microsoft\Windows Embedded\EmbeddedLogon 1. Select the correct **Base** and enter the value for your desired customizations according to the following table, and click **OK** to apply the changes. > [!NOTE] -> Changing the **Base** of **BrandingNeutral** will automatically convert the value field to the selected base. To ensure you are getting the correct value, select the base before entering the value. +> Changing the **Base** of **BrandingNeutral** will automatically convert the value field to the selected base. To ensure you are getting the correct value, select the base before entering the value. The following table shows the possible values. To disable multiple Logon screen UI elements together, you can select the **Decimal** base when modifying the **BrandingNeutral** value, and combine actions by adding the decimal values of the desired actions and inputting the sum as the value of **BrandingNeutral**. For example, to disable the Power button and the Language button, select the decimal option for the base, then add the decimal values of each, in this case 2 and 4 respectively, and input the total (6) as the value for **BrandingNeutral**. @@ -126,7 +120,7 @@ You use the following steps to remove Wireless UI from the Welcome screen ## Additional Customizations -The following table shows additional customizations that can be made using registry keys. +The following table shows additional customizations that can be made using registry keys. |Action |Path |Registry Key and Value | |---------|---------|---------| @@ -137,6 +131,6 @@ The following table shows additional customizations that can be made using regis ## Related articles -- [Troubleshooting Custom Logon](troubleshooting-custom-logon.md) -- [Unbranded Boot](unbranded-boot.md) -- [Shell Launcher](shell-launcher.md) \ No newline at end of file +- [Troubleshooting Custom Logon](troubleshoot.md) +- [Unbranded Boot](../unbranded-boot/index.md) +- [Shell Launcher](../shell-launcher/index.md) \ No newline at end of file diff --git a/windows/configuration/custom-logon/troubleshoot.md b/windows/configuration/custom-logon/troubleshoot.md index 7b592d9ce69..74c76cf7348 100644 --- a/windows/configuration/custom-logon/troubleshoot.md +++ b/windows/configuration/custom-logon/troubleshoot.md @@ -1,19 +1,12 @@ --- title: Troubleshooting Custom Logon description: Troubleshooting Custom Logon -MSHAttr: -- 'PreferredSiteName:MSDN' -- 'PreferredLib:/library/windows/hardware' -ms.assetid: 5763E187-D09E-415D-B73C-BDD6BAB67E04 author: TerryWarwick ms.author: twarwick -ms.service: windows-iot -ms.subservice: iot ms.date: 05/02/2017 -ms.topic: article - - +ms.topic: troubleshooting --- + # Troubleshooting Custom Logon This section highlights some common issues that you may encounter when using Custom Logon. @@ -42,7 +35,7 @@ This can occur when your device is configured to require a password when waking 1. Under the **Power Options** heading, select **Require a password on wake up**. -1. On the **Define power buttons and turn on password protection** page, under **Password protection on wakeup**, select **Don’t require a password**. +1. On the **Define power buttons and turn on password protection** page, under **Password protection on wakeup**, select **Don't require a password**. 1. If you have disabled write filters, perform the following steps to enable them again: @@ -87,7 +80,7 @@ Set the **HideAutoLogonUI** and **AnimationDisabled** settings to **0** (zero). 1. In the **Power Options** item, select **Require a password on wake up**. -1. On the **Define power buttons and turn on password protection** page, under **Password protection on wake up**, select **Don’t require a password**. +1. On the **Define power buttons and turn on password protection** page, under **Password protection on wake up**, select **Don't require a password**. ### The device displays a black screen when a password expiration screen is displayed @@ -113,7 +106,3 @@ Set the **HideAutoLogonUI** and **AnimationDisabled** settings to **0** (zero). net accounts /MaxPWAge:unlimited ``` -## Related articles - -- [Custom Logon](custom-logon.md) -- [Complementary features to Custom Logon](complementary-features-to-custom-logon.md) diff --git a/windows/configuration/shell-launcher/browser-support.md b/windows/configuration/shell-launcher/browser-support.md index 58b1ab37152..c2899e2ddf9 100644 --- a/windows/configuration/shell-launcher/browser-support.md +++ b/windows/configuration/shell-launcher/browser-support.md @@ -4,10 +4,7 @@ author: TerryWarwick ms.author: twarwick ms.date: 03/30/2023 ms.topic: article -ms.service: windows-iot -ms.subservice: iot description: Learn about browser support in Kiosk Mode -keywords: Lockdown, Kiosks, Kiosk Mode, Browser --- # Browser Support @@ -38,7 +35,7 @@ In anticipation of that, you can use [Internet Explorer (IE) mode](/deployedge/e ## Supported Versions -| Browser | ![Internet Explorer 11](./media/IE11.png) | ![Microsoft Edge Legacy](./media/Microsoft-Edge-Legacy.png) | ![New Microsoft Edge](./media/Microsoft-Edge-New.png) | +| Browser | Internet Explorer 11 | Microsoft Edge Legacy | Microsoft Edge | |--|--|--|--| | OS Release | [IE11 App](/internet-explorer/internet-explorer) | [Edge Browser - Legacy](/deployedge/microsoft-edge-kiosk-mode-transition-plan) | [New Edge Browser](/deployedge/microsoft-edge-configure-kiosk-mode) | | Windows 10 IoT Enterprise LTSC 2019 | [Follows OS Release Support Lifecycle](/lifecycle/products/windows-10-iot-enterprise-ltsc-2019) | No browser security updates after March, 9, 2021 (removed where applicable). In-box engine supported until OS EOL | Edge and WebView2 Runtime not in-box (requires app migration from EdgeHTML) | diff --git a/windows/configuration/shell-launcher/index.md b/windows/configuration/shell-launcher/index.md index 3d75d24ce74..0b9e96cc661 100644 --- a/windows/configuration/shell-launcher/index.md +++ b/windows/configuration/shell-launcher/index.md @@ -23,7 +23,7 @@ There are a few exceptions to the applications and executables you can use as a - You can't use the following executable as a custom shell: `C:\\Windows\\System32\\Eshell.exe`. Using Eshell.exe as the default shell will result in a blank screen after user signs in. - You can't use a Universal Windows app as a custom shell. -- You can't use a custom shell to launch Universal Windows apps, for example, the Settings app. +- You can't use a custom shell to launch Universal Windows apps, for example, the Settings app. - You can't use an application that launches a different process and exits as a custom shell. For example, you can't specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher isn't aware of the newly created wordpad.exe process, Shell Launcher takes action based on the exit code of **Write.exe**, and restart the custom shell. - You can't prevent the system from shutting down. For Shell Launcher V1 and V2, you can't block the session ending by returning FALSE upon receiving the [WM_QUERYENDSESSION](/windows/win32/shutdown/wm-queryendsession) message in a graphical application or returning FALSE in the [handler routine](/windows/console/handlerroutine) that is added through the [SetConsoleCtrlHandler](/windows/console/setconsolectrlhandler) function in a console application. @@ -32,7 +32,7 @@ There are a few exceptions to the applications and executables you can use as a > > Use **Shell Launcher V2**, you can specify a Universal Windows app as a custom shell. Check [Use Shell Launcher to create a Windows 10 kiosk](/windows/configuration/kiosk-shelllauncher) for the differences between Shell Launcher v1 and Shell Launcher V2. -Shell Launcher processes the **Run** and **RunOnce** registry keys before starting the custom shell, so your custom shell doesn’t need to handle the automatic startup of other applications and services. +Shell Launcher processes the **Run** and **RunOnce** registry keys before starting the custom shell, so your custom shell doesn't need to handle the automatic startup of other applications and services. Shell Launcher also handles the behavior of the system when your custom shell exits. You can configure the shell exit behavior if the default behavior doesn't meet your needs. @@ -52,7 +52,7 @@ In addition to allowing you to use a UWP app for your replacement shell, Shell L - You can use a custom Windows desktop application that can then launch UWP apps, such as Settings and Touch Keyboard. - From a custom UWP shell, you can launch secondary views and run on multiple monitors. -- The custom shell app runs in full screen, and can run other apps in full screen on user’s demand. +- The custom shell app runs in full screen, and can run other apps in full screen on user's demand. For sample XML configurations for the different app combinations, see [Samples for Shell Launcher v2](https://github.com/microsoft/Windows-IoT-Samples/tree/master/samples/ShellLauncher/ShellLauncherV2). ## Requirements @@ -253,7 +253,7 @@ $NAMESPACE = "root\standardcimv2\embedded" try { $ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting" } catch [Exception] { - write-host $_.Exception.Message; + write-host $_.Exception.Message; write-host "Make sure Shell Launcher feature is enabled" exit } @@ -286,7 +286,7 @@ $do_nothing = 3 # Examples. You can change these examples to use the program that you want to use as the shell. -# This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed. +# This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed. $ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device) @@ -344,8 +344,8 @@ A custom shell is launched with the same level of user rights as the account tha ## Related articles -- [Unbranded Boot](unbranded-boot.md) -- [Custom Logon](custom-logon.md) +- [Unbranded Boot](../unbranded-boot/index.md) +- [Custom Logon](../custom-logon/index.md) - [Use Shell Launcher to create a Windows 10 Kiosk](/windows/configuration/kiosk-shelllauncher) - [Launch different shells for different user accounts](/windows-hardware/customize/enterprise/shell-launcher#launch-different-shells-for-different-user-accounts) - [Perform an action when the shell exits](/windows-hardware/customize/enterprise/shell-launcher#perform-an-action-when-the-shell-exits) diff --git a/windows/configuration/shell-launcher/multi-app-kiosk.md b/windows/configuration/shell-launcher/multi-app-kiosk.md index bdce5f1bc38..8bcac51b691 100644 --- a/windows/configuration/shell-launcher/multi-app-kiosk.md +++ b/windows/configuration/shell-launcher/multi-app-kiosk.md @@ -15,13 +15,13 @@ keywords: Lockdown, Multi-App, Kiosk An assigned access multi-app kiosk runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types. A multi-app kiosk is appropriate for devices that are shared by multiple people. Here's a [guide](/windows/configuration/lock-down-windows-10-to-specific-apps) on how to set up a multi-app kiosk. > [!NOTE] -> Multi-app kiosk mode is not available for Windows 11 IoT Enterprise, version 21H2 or 22H2. Please refer to [What's new for subsequent releases](../whats-new/Release-History.md#windows-11-iot-enterprise) for information about its return. +> Multi-app kiosk mode is not available for Windows 11 IoT Enterprise, version 21H2 or 22H2. Please refer to [What's new for subsequent releases](/windows/iot/iot-enterprise/whats-new/release-history#windows-11-iot-enterprise) for information about its return. > > **Update** - [Multi-app kiosk mode is now available in Windows 11](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/multi-app-kiosk-mode-now-available-in-windows-11/ba-p/3845558)., version 22H2 as part of the Windows continuous innovation releases. To learn how you can take advantage of features introduced via Windows continuous innovation, see more about how you can access this feature in Windows 11 IoT Enterprise, version 22H2, see [Delivering continuous innovation in Windows 11](https://support.microsoft.com/windows/delivering-continuous-innovation-in-windows-11-b0aa0a27-ea9a-4365-9224-cb155e517f12). ## Benefits of using a multi-app kiosk -The benefit of a kiosk that runs multiple specified apps is to provide an easy-to-understand experience for individuals by showing them only the things they need to use, and removing the things they don’t need to access. +The benefit of a kiosk that runs multiple specified apps is to provide an easy-to-understand experience for individuals by showing them only the things they need to use, and removing the things they don't need to access. A multi-app kiosk is appropriate for devices that are shared by multiple people. Each user can authenticate with the device and receive a customized lockdown experience based on the configuration. diff --git a/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md b/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md index 96fc8630d76..89614d8cef8 100644 --- a/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md +++ b/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md @@ -36,7 +36,7 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n ## Remarks -This method enables or disables Shell Launcher by modifying the **Shell** value in the registry key **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon**. If Unified Write Filter (UWF) is enabled, you may need to disable UWF or commit this registry key by using [UWF_RegistryFilter.CommitRegistry](uwf-registryfiltercommitregistry.md) in order to enable or disable Shell Launcher. +This method enables or disables Shell Launcher by modifying the **Shell** value in the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`. If Unified Write Filter (UWF) is enabled, you may need to disable UWF or commit this registry key by using [UWF_RegistryFilter.CommitRegistry](uwf-registryfiltercommitregistry.md) in order to enable or disable Shell Launcher. Enabling or disabling Shell Launcher does not take effect until a user signs in. diff --git a/windows/configuration/unbranded-boot/images/boot.jpg b/windows/configuration/unbranded-boot/images/boot.jpg new file mode 100644 index 0000000000000000000000000000000000000000..bc46adb1cfbf2906b4e10b6f9c9654da277599f3 GIT binary patch literal 15392 zcmeHu3piA3+y9c}OhVFWc2Pv7LPV^sk|<45A|1V&anGVqy|vqM{Pg5)zV9;1Cs;k(HK`nf^T8$@JsX zPk~=4F;TJU7XN1lUI@vF32|n{2@5TUX2}T&%L(D75CO<40yLUd>X$=kmhfzmIY1-{ zNzfp3E)ZW>coq;=WcF;(IskkR&6X3Hw`{%19C@q5qRTxMHe9;?NK9qR%Ob_S)ht!* zBWEs)OUzeVpuBL!N;UOW8alcg_4GFxY~5zM-E4=sh4sGuHns=s?46Gub8$WH=I(X& zoVSnf`3r$R1qFwMhK1j_8GY+^%$?Y{_=LxaPm+Fq`YbIyBQq;I=T&ZTNoiSm#hc2v zHMMp14UJ9BEnUp+&po|;{R3avqhp+L?gVdgYFaNLNccb1`ln_y^pXR5%>rXETXb44 zp;-Xi?j4$||=Le8)3^Cc1QiNF};`{)>qDh7wD@kF>EZqdhm|pKFy+!;>jB`ZG6mL z-t5!S*4U6@Vt%Hw?CDyYxON?Gn}vFOuIz!oL%h};CN{}ao0Pae;n0h-9aCG4{B23@ zltN_m5IsXp5C{xXqdfTj1N|bsj38J=SXMz8T@xh;NWh__L;kjLtKQ~4-KHAOVbJQ1 zDdf3%d;TaLe?R@w-WIo7cO^~f{4+$&(@z)Pb}_zq?wJ+&u!Xs1nuKPxKY_2}zlV3R z8i$UcM(o@1X#o`>=64d1!Yt-%QV|ZZ%otIh*6e7{U!ZfRt=l^>K>8Kw+3ht`wu!-& zUQ%W(^^Z>1k^v=VE!-nfg+onVI7E&s z(4ze;N7D8Q{mpxsQZ8o2Iqw^_-1a9bFk38F_9&)T_kV0GBC*JnOCCMhp#>}4b3-PW zwVdcILSTLr4n1s4_SM70f>>H5ruI{e(iTp*7Z&^MPL*Jr1@&V=K|KA*x_selRlId< zN;Y!Wb+YjeZ=gcIgXtn4jxn#moaiVeRtPGe*NI$;9EQ7Mg5F&@oZ974j`p~u5-XO9 zR{JaAkcd1_lbq0>yZgEjt1&bz^6gv0b4TV$&6C@{qw@1qV@*hkKMt||k@7dj5@7f< znMA>?PYFhES-y_Cx*>@Ru+ayVTG>m>+ayby3!Gz_#`N%~)&lB0!9eBUkZU{jN96-o zP8~5aTJ>-YhZ-K9O|oq&Uv+}Ab=4-rH*PAmI?i$DmJOQb1~Kl@J5z9IG?ErZAAe_w zL$!(bDGM6E`k;y>m{lWN4|_GxF?BATRv3on`WcC*o02D0TycohheMAG z`Fp#uJt?w+5STle%*>r}i8^bx(0DylgmhL^$ra#r!s&4Ut*^BQFNdo?ob^|q1$Bap zAfOf@$BBGVB2Y)WvFsc-X-E`@R!Z`>AWa5{VA+HG_pLlh)CxGq>!XW3acDURvZUiU zG|)ttA4$DR3B{qJd|*jy;vhPmv%uw|^_ ztd~z(x4Np{_R*W=V{R9VcrChq(WGw{i0qeMD)hVNT*!Q!pwQmxy|X=lC|rJmt{B;w zPmvehyBSOJ1=~45L=qZH^iZ8;)`)W6*eZ}(3?70p2o<~SEM(o z3F*9R4b*eT07tOfK%Ei?-(RXg8Dp;4GU|LBs!Er`q07?`QMWwE>?A1BdsGP`$dEl- z4ZB3%L*Qvl42?uhu4;gJD?wnLT$u00v_%!HJD$6W%d$zl+u^G;|@r7g7)}3fj;7efbA8GC&j9L#NEX$|B#JXCjkq_4g zhvFXrv42r-qPz4JQ82p}hYAxg*J2zh)n;}~%|8OO_5q>g``x!T6!_s#NGj!HH|8D? zf{ACs*!IUTYkx;`2NphkV;tN_5FCAr^sl61B7`wnUa-Fd4sCgFhDlJth}!}?0=VF*lZ%k6)R$UOo7Z;{m)Z{+|4?63c4DY@7d}C&jC*X^we!auo5cYzn*MfeU3bSJS_Z-yl8tcIol*mV zoMZ8h4Kuwo6>%uc=;0e2N*yNM4l+%IKEt8K#5#J$2OKh5RGUI@zl&Ya>vhZfnKnpzR*mhSP(ib?nsS8E zjC2ywih$I^IJAZ^aFYb1P7k&N99;L8Kl0&~zbVZ&p|KY779i!H?z+G$ z>;)$w-CwnJP{Q*<50)GmaPpTK?!KYR}(=Z z@T$}_0DbBt)c`4S{Hl5v6aT6}4V zQm`)C%&gZh(GL&L&Y^Ea9(9=J)@!i*d-m=owi11ibeX=E7{X}Kab#!{4rPCs4(c- zMi1M#kV~j(Ko>t{i*E2hO7Zp6;XWdV3NH)wB?d%E^+u1jeT+1Cc50oE8#(=8z^?pl zU2*8vk~`1uO0Q6E2seMrwYhPjS+Dk`V6Kc`btSDF2As9%6lUn__0FN4Sdz=}99L@D zX7OSCc-F#kvKUfSgsEn1JLuO{9`f^CitEd|V;TBfsWb`faxpLEdL6Ir(cmJ?77o(Z zil10`_$!N@WQ%HB00*@&s+W@BEX<+_@p6%FfFa=J?brn1<(&wfBRnleNq{3#I#`6Q zu6BT2#19t`856FYXK~r6LPcjsDZSOXixjbpty>=RsNY~^=CPk0-3|P!CEZfz%Sm+Y zk8pMSd{pMMO>D)2qfKo_`dw@}a*MV11;bTk*{-L8{Rv%qO2?FgF5E$-x(Uflm9x>e zdbYc3uumS$x^a+EU}kade8pwDM@JAc_r0?zFRYW_dvlTV!h4=?kj}Lx0?n$Swa)b? zZ~K`$=LY4PONJ?6n%7C^Ln;m@Cs)VCBoIeo$%>=rBgIF%)py^;IL8PdmRoFXxOFRf zRP4!kYU>9gn zAv(M~98$Rhq9x@FTuqA4My~_6LK_1V;LuFJJM)^d{ue*o%=?@AVP|aJqTi%|Ag~na z`RfLBlbUGV526xVGkcSswZ2Y#E>X0r=Jma|&%}R_dMT`W$;ru6^~Hpr7nmRxW)rrz-cww+`Jp;EqOxh?UKHT}1D^+p!4gH=zTc^p1oXnxTe1-DH6n2%$V>50I02 zBoFdPlaqwkNbDf;Jl0GgVhx&hW3HjW%)pf%t@N%|I_O}_f7`)vtO^8q#v8#PS^{D= z+^<2!Lekb2?qm{oxIKSOwn zk@xH+^-sGPi#?Xgq^lid;%lG#)T*^KQ76Gx9UdAvtv3jd8gn~K@D zHD%Go&Ll1lq4GUmi>a492L-7Q=2OVcq>;99MhlEdu40l}ytpUXY9;MnMRC$pRMo0g z#eJjghJ-DLbA!8$9ZrcF?{GZo>>ZHYZ7?A_Q@iSanH7hAv1{-9oY-DPMaN_3Hm&f; z%EDsXOI~#CijZQRH?`1t`f8K@v+LQ~X=FRY6IoTW1F|BU-_|3d(D0bY$%XAmD$y^VeeHt({`_SoQ<8i zbzf@A>JnF|=Z@REwd9$TTx-U4%Tbmogqy2Q^__0G3n1n3*A@X5MBRopL zA$fBgk`?Cx!<$Mv0*;QLmcI3hQFSaFswBKx3^$!83xrE>2#T6q`tF;i1Qv^WmB87P z$v{H@BW}EEW%kRHqTHnppk@fVDOADC06QotrsyEmzrNKB-K^GaCQw-8g+t50?9uJs zXEnYV9yJ4GBjh%i0h?i#7~p1rn*8PsK+bQZRR|!;qSyJ?ki$K6j;t&?3;yhHGhKJ5EHJgO4!3YmAh)>*ZoLAm zO3Hzihea4)nx<_qN{Qkf=?LoJ*l}c0sh2p^Jw7(4jcUPJfE;Cn#lRA%TDPyiB-0~G zoHup=k>&a94KDi}Vqd42wdlac%SWTL_Ngno*a)vUAc--`kg8n;{U8)Fu)NcK0K8e?Ce*QpMq9h+#2yDrSDiGf>Ha%6 z0xr_-q6mxc#Ix=`Xk9{4tIj0K@B&S9JS?|b)}=T#e0_UN|M=&y!lQ@#f7ETJyn#p0 z6v%>nqzjEpD?P+MJ75uCx^vs7>VZ+CT{pvc9!u_26%kb)-!d;>^DHwp`tdCc)>i87 zD^aINqmB)m^~mQ}pa#y{=bu-R%ec!l-?V4<`n)B6wgjh_e2^hk*7~Mnxqu=J=;(eP zA2{T0@nqqB^RLXi<8B11XYiazN#lw`tarEX8`L{1zD`iCT#=f)q7DSfFUF_A-@j-z z_P>8`+aJP8lU0jZ$OPfgVKJClJ2aoFo=gjBXf)X0o52Z?Fn|?l7nC zt;>eR8={YGKUjL`JS2!mPaaztnM)4W9bQ^dV$jNq*iw7qocN=cECGK8odp!)NVD7 z@;mZ|Qa5o5hYGa679OOl3qjr9n>w0BvE8;{t!*5IZ`#H&Uu$wr2<#jGK+!n1{gr3O z*LoNvRVw{CFlLscHN^+j@SUb3ts&U%yJghznhqQ?e?(KG9T4Q?2%hGHb(e!{z@kpv z!qE$i)i~sph%LZ&46%hVi!1N2VohYA5)>Z~R=f#Pu=){v`rkW``x1+DLn8gHpY-Qi z<~g~?mDSnUoYoZ4wp96Pn@Fhe>K`kA@Uk24??{tH?^8<%{6#u+fo6E_y0iQ3S&3^N z*YMjT9le+DTUW1X=3ACIYI)xkHFWLv5s3Lvc}swUsyGfx$tO@?;72l`ARwFq^M?Io zQ3W&ZE8cZh6qnYRp(V}Bv#HUEaPUwIZTDZ^f31v+rWzGI=-@ zpaw`j>11rDudB$FkRgKLGRM;I2-pGQI!dAbp|+Ve25}Yg*+dfJ&dY#$3gryW(ICzX4oDbj;`{0b7#J z&cl8(WS}w`z|Uuz{ni8^&5`fc6DTb4!KR4V$|zo0-Vx&|1PwjIrjH$lSqnSR>wYu( z$UsW6D0)a$$axS<8mOo@@c1P~#@a}=Nh31y7>AhC*!b2u3$jm`b$|(VUB*cdJE4XN z1Lt}}Yi4Jlpzxbvt(WEbs+E(c)D1=i94cxFGP>UwrhEQyD1QJ1$Yt-!ap(hB(=YTu zMomGP<+uI(kMQ`{fX%?A8G5AsB_RODwr%q5n0!IyNt3Z1{rU31;|=qw6MQSob8}d0 zz7%U&b|V4dzuuZpat$Ps<_*g(lkXxp{R5 zbAO`9iuw06iUdh{u2oc4AE?qlYP{00_6n8h<SDs1&@lgf}7U+6!_7izt2}qR(uv_5{nAdZbAPINg2E+kd z=4QMsyDl@LG9$KhaQ5x0XKzk#7oSJ4pCr%he+KlPoF_|vTsto%JiYb;j6Ux#V)w~+ zd6dX+UG+|(vo0RgOETQrjXaGO8g1o17X%ipK}~r8YHM80SSQv_NSmp#eK?AOI_@O z{L9meSJ~WqQghWqZPO+l+R9;{#MVE?E#ZH}Z6o$i*Kj`nyKne^#y7nFCJKSFE4+x_ zzZI;F7Y-6J!+ppMU;d2`xZ;qdG6JH&n-Hxf!J`!S0?EAeTAgH{+`N0A9M%P^E{YAc6W15sJjCLvn0^Q>SxoU(iDp zNf^u~60I(TbMPVz^OYWh*aq@h+Y%-!gQOxY^>979H;!FIY2OHX-XT_kiKXlK{o!P<{Z z8qwsD#wYiI274MmUY$tpr}H%E=!3>E`e5yD&`jN<&x~LH#nT6kWFzBTWXgK;ZXv)N zoV7sir$Fa~h5@BMQtkgRGygZ&VgsJ?#c=4Yk+Ct-2zEA1Z5wCX4T6RHZ|vXXNkAjc zj7*Jd2{vhuVX}bP6nKI?G2J-yWYsjHmr^eNSwcw+8LsW3C4NO~<<@ZKsm?>sJYr z35*X3s}6anCl{C_1FJcVZ!Er@Uq7{szYF_F5<%RMD+V!Fw2TdWNftSEM=q;)$Rs#x zY+oLyE;&*7tyZjQ!Q_(wi5)t9N;5L=RYBiFxsSs9PZ}H;}kLw~Ch<&L?6^Mp)WdB%y@P zQ#uT?jefu={ZJ{8hla35Fp(yNJ;g@qPB31>=prHjgK-G9++}A=HYVSQLp`o#(Y7rJ zYXrGO<($Tr0LPmri^0HMc67Q57Q-P3Yb}s9sv1jh2>{fwvjst~A*H)2{cLck_ySlx zdd^Gx_k@7|iwv^7uvjhk4jz$&L$|2&tw?Tw-@V4>Ak`&2K)YrQ!8`%s8=m-cr zfSD_gzD`EEj1bJm-_A4ubS^W&QwH0yWWm@-PLB--`9`iU8(lw9F=^1aQWV|xJ|>fl zs?oqSU__|XK;qE#3FLTie-~;9IKMYxx`6bJSc2{E`5+}J0?j7@#SD$T!3AOKC$J@J z(vE#hkxTu?{=X;L&&|{e2yY|EnN$gE`3+9>bk+kp4rv;%jxPYc&qM+Itz_eiv_}9Y z=783p1HZ%KJ1qVauzzP*MEqXJiNBy1Y&@Uxo|Gn9Mwae}=lg3hlWFtZVm545;@*mX zUn97maG-jg%~}T|(M@0j*n9od$h9T;#*2i5?#1^>oZNZa!d!1J(KjpWcweW~-m-4( zUFY;Gt)JSj-CP~L$l{iMwwvmN<%x~q>a-Ae$Dg@yEL9z+{!padWOI$xk8_TH02}Y( fv;nnqxl(NkDJSUs`8OXv_&e [!NOTE] +> HORM can be used on Unified Extensible Firmware Interface (UEFI) devices running Windows 10, version 1709, or newer versions of Windows, only. In previous Windows versions, the installation procedure for UEFI creates a hidden system partition. Because UWF cannot protect hidden partitions, HORM cannot be used on any devices that contain a hidden partition, including UEFI-capable devices on older versions of Windows. + +## Requirements + +Windows 10 Enterprise, Windows 10 Education, or Windows IoT Core (IoT Core). Supported on x86-based and x64-based devices. + +On Windows 10, version 21H2 or newer versions of Windows, Read-Only Media mode must be implemented to enable HORM. + +## UWF configuration + +UWF must be enabled before you can enable or disable HORM. UWF must be configured in the following ways to protect the hibernation file from becoming invalid: + +- All fixed volumes that are mounted on the system are protected by UWF. +- Your system must not have any file, folder, or registry exclusions configured for UWF. +- The UWF overlay must be configured to use RAM mode. HORM doesn't support disk-backed overlays. + +UWF doesn't filter hibernation files from being written to disk. If you want to protect the preconfigured state of your device, lock down any functionality that can modify the hibernation file. For example, disable hibernation, hybrid sleep, and fast startup for standard user accounts to prevent the saved hibernation file from being overwritten when entering sleep, hibernate, or shutdown state. + +To disable hybrid sleep and fast startup on your device, follow these steps. + +### How to disable hybrid sleep + +1. Open the Local Group Policy Editor (gpedit.msc) and navigate to the following path. + Computer Configuration\Administrative Templates\System\Power Management\Sleep settings + +1. Enable the following two settings under the path: + + Turn off hybrid sleep (plugged in) + Turn off hybrid sleep (on battery) + +### How to disable fast startup + +To disable fast startup, set the following registry value: + +> [!IMPORTANT] +> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur. + +Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power +Name: HiberbootEnabled +Type: DWORD +Value: 0 (0 = Disabled、1 = Enabled) + +### How to prevent Windows from entering hibernation due to the system idle time-out or user operations + +Configure the following two policies in Local Group Policy Editor (gpedit.msc): + +Policy to prevent Windows from entering hibernation by the system idle time: + +1. Under the following path: + Computer Configuration\Administrative Templates\System\Power Management\Sleep settings + +1. Enable these two settings and set the value to 0. + + Specify the system hibernate timeout (plugged in) + Specify the system hibernate timeout (on battery) + +Disable the policy to show "Hibernation" in the power options menu: + +1. Under the following path: + Computer Configuration\Windows Components\File Explorer + +1. Disable the following setting: + Show hibernate in the power options menu + +> [!NOTE] +> +> - Don't disable hibernate (i.e. powercfg /h off) because it will delete the hiberfil.sys which HORM requires. +> - Even after you set all these settings, the timestamp of hiberfil.sys is updated after the system reboot. This is because UWF cannot filter the hiberfil.sys file, and the file needs to be compressed and decompressed during the system reboot. However, this doesn't change the content of hiberfil.sys so the preconfigured state of the device is protected. + +## Configure HORM + +1. On the device, open a command prompt as an administrator. +1. To enable hibernation on the device, type the following command: + + `powercfg /h on` + +1. To enable UWF on your device, type the following command: + + `uwfmgr.exe filter enable` + +1. To protect all volumes on your device, type the following command: + + `uwfmgr.exe volume protect all` + + > [!Note] + > DVD RW and floppy drives throw an expected error that can be safely ignored. + +1. To restart your device to enable UWF, type the following command: + + `uwfmgr.exe filter restart` + +1. After the device restarts, to verify the UWF changes that you made on your device, type the following command: + + `uwfmgr.exe get-config` + +1. To enable HORM on your device, type the following command: + + `uwfmgr.exe filter enable-horm` + + > [!Note] + > Remove all file and registry exclusions before you enable HORM. + +1. (Optional) In Control Panel, set the Power Option **When I press the power button** to avoid displaying the command prompt when resuming from hibernation, or use a script to close the command prompt on startup. +1. To hibernate the system one time to create an initial hibernation file, at the command prompt, type the following command: + + `shutdown /h` + +1. Press the power button to wake the system from hibernation. +1. After the system starts from hibernation to create an initial hibernation file, to shut down and restart the system, type the following command: + + `uwfmgr.exe restart` + +1. When HORM is enabled, you can't change the UWF configuration. To make changes, you must first disable HORM. To disable HORM, type the following command: + + `uwfmgr.exe filter disable-horm` + +1. To restart the system to finish disabling HORM, type the following command: + + `uwfmgr.exe restart` + + The system restarts normally with HORM disabled. + +> [!WARNING] +> Do not uninstall UWF when the filter is enabled or when HORM is enabled, either online or offline by using Windows PE. + +## Fix an issue when you can't disable HORM + +In rare circumstances, your device can enter a state where you can't disable HORM normally. + +If you can't disable HORM on your device, use following procedure to resolve this issue: + +1. Start your device in Windows PE. +1. Type the following command: + + `bcdedit.exe /set {bootmgr} custom:26000024 0` + +1. Restart the device: + + `shutdown /r/t 0` + +1. Disable HORM: + + `uwfmgr.exe filter disable-horm` + +1. Enable HORM: + + `uwfmgr.exe filter enable-horm` + +1. Hibernate the device: + + `shutdown /h` diff --git a/windows/configuration/unified-write-filter/index.md b/windows/configuration/unified-write-filter/index.md new file mode 100644 index 00000000000..ffbad1bc835 --- /dev/null +++ b/windows/configuration/unified-write-filter/index.md @@ -0,0 +1,126 @@ +--- +title: Unified Write Filter (UWF) feature (unified-write-filter) +description: Unified Write Filter (UWF) feature (unified-write-filter) +author: TerryWarwick +ms.author: twarwick +ms.date: 10/02/2018 +ms.topic: overview +--- + +# Unified Write Filter (UWF) feature + +Unified Write Filter (UWF) is an optional Windows 10 feature that helps to protect your drives by intercepting and redirecting any writes to the drive (app installations, settings changes, saved data) to a virtual overlay. The virtual overlay is a temporary location that is cleared during a reboot or when a guest user logs off. + +## Benefits + +- Provides a clean experience for thin clients and workspaces that have frequent guests, like school, library or hotel computers. Guests can work, change settings, and install software. After the device reboots, the next guest receives a clean experience. + +- Increases security and reliability where new apps aren't frequently added. + +- Can be used to reduce wear on solid-state drives and other write-sensitive media. + +- Optimizing Application load timing on boot – it can be faster to resume from a HORM file on every boot rather than reloading the system on each boot + +UWF replaces the Windows 7 Enhanced Write Filter (EWF) and the File Based Write Filter (FBWF). + +## Features + +- UWF can protect most supported writable storage types, including physical hard disks, solid-state drives, internal USB devices, and external SATA devices. You can't use UWF to protect external removable drives, USB devices or flash drives. Supports both master boot record (MBR) and GUID partition table (GPT) volumes. + +- You can use UWF to make read-only media appear to the OS as a writable volume. + +- You can manage UWF directly on a Windows 10 device using [uwfmgr.exe](uwfmgrexe.md), or remotely using MDM tools with the [UnifiedWriteFilter CSP](/windows/client-management/mdm/unifiedwritefilter-csp) or the [UWF WMI](uwf-wmi-provider-reference.md). + +- You can [update and service UWF-protected devices](service-uwf-protected-devices.md) by using UWF servicing mode or adding file and registry exclusions to specific system areas. + +- On Windows 10, version 1803, you can use a [persistent overlay](uwfoverlay.md#persistent-overlay) to allow data saved in the virtual overlay to remain even after a reboot. + +- On devices with a disk overlay, you can use [free space passthrough)](uwfoverlay.md#freespace-passthrough-recommended) to access your drive's free space. + +- UWF supports paging to increase virtual memory, if the page file exists on an unprotected volume. When paging is used together with a RAM-based overlay, the uptime of the system can be increased. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Limitations + +- File systems: + - FAT: fully supported. + - NTFS: fully supported. However, during device startup, NTFS file system journal files can write to a protected volume before UWF has started protecting the volume. + - Other file systems (example: exFAT): You can protect the volume, but can't create file exclusions or do file commit operations on the volume. Writes to excluded files still influence the growth of the Overlay. + +- The overlay doesn't mirror the entire volume, but dynamically grows to keep track of redirected writes. + +- UWF supports up to 16 terabytes of protected volumes. + +- UWF doesn't support the use of fast startup when shutting down your device. If fast startup is turned on, shutting down the device doesn't clear the overlay. You can disable fast startup in Control Panel by navigating to **Control Panel** > **All Control Panel Items** > **Power Options** > **System Settings** and clearing the checkbox next to **Turn on fast startup (recommended)**. + +- UWF doesn't support [Storage Spaces](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831739(v=ws.11)). + +- On a computer on which [UWF is enabled and used to protect drive C](./uwf-turnonuwf.md#turn-on-uwf-on-a-running-pc), you can't permanently set the date and time to a past time. If you make such a change, the original date and time settings will be restored after the computer restarts. + + To work around this issue, you must disable UWF before you change the date and time with th the following command. + + ```cmd + uwfmgr.exe filter disable + ``` + + > [!NOTE] + > Do not add the file that retains date and time settings ("%windir%\bootstat.dat") to the [write filter exclusions](./uwfexclusions.md) to work around this issue. Doing this causes Stop error 0x7E (SYSTEM_THREAD_EXCEPTION_NOT_HANDLED) to occur. + +## Turn on and configure UWF + +UWF is an optional component and isn't enabled by default in Windows 10. You must [turn on UWF](uwf-turnonuwf.md) before you can configure it. + +## UWF overlay + +You can choose the type of overlay, reserved space and persistence after a reboot. + +To increase uptime, set up monitoring to check if your overlay is filling up. At certain levels, your device can warn users and/or reboot the device. + +To learn more, see [UWF Overlay location and size](uwfoverlay.md). + +## Volumes + +A volume is a logical unit that represents an area of persistent storage to the file system that is used by the OS such as: + +- A single physical storage device, such as a hard disk +- A single partition on a physical storage device with multiple partitions +- Span across multiple physical storage devices + +For example, a collection of hard disks in a RAID array can be represented as a single volume to the OS. + +When you configure UWF to protect a volume, you can specify the volume by using either a drive letter or the volume device identifier. To determine the device identifier for a volume, query the **DeviceID** property in the **Win32_Volume** WMI class. + +If you specify a volume using a drive letter, UWF uses *loose binding* to recognize the volume. With *loose binding*, drive letters are assigned dynamically as the volume configuration changes. + +If you specify a volume using the volume device identifier, UWF uses *tight binding* to recognize the volume. With *tight binding*, the device identifier is unique to the storage volume and is independent from the drive letter assigned to the volume by the file system. + +## Exclusions + +You can add specific files, folders, and registry keys to the [write filter exclusion](uwfexclusions.md) list to prevent them from being filtered. + +## UWF servicing mode + +When a device is protected with UWF, you must use UWF servicing mode commands to service the device and apply updates to an image. You can use UWF servicing mode to apply Windows updates, antimalware signature file updates, and custom software or third-party software updates. + +For more information about how to use UWF servicing mode to apply software updates to your device, see [Service UWF-protected devices](service-uwf-protected-devices.md). + +## Troubleshooting UWF + +UWF uses Windows Event Log to log events, errors and messages related to overlay consumption, configuration changes, and servicing. + +For more information about how to find event log information for troubleshooting problems with Unified Write Filter (UWF), see [Troubleshooting Unified Write Filter (UWF)](uwftroubleshooting.md). + +## Related articles + +- [Unbranded Boot](unbranded-boot.md) +- [Custom Logon](custom-logon.md) +- [Shell Launcher](shell-launcher.md) diff --git a/windows/configuration/unified-write-filter/service-uwf-protected-devices.md b/windows/configuration/unified-write-filter/service-uwf-protected-devices.md new file mode 100644 index 00000000000..911b651e93b --- /dev/null +++ b/windows/configuration/unified-write-filter/service-uwf-protected-devices.md @@ -0,0 +1,37 @@ +--- +title: Service UWF-protected devices +description: Service UWF-protected devices +author: TerryWarwick +ms.author: twarwick +ms.date: 10/02/2018 +ms.topic: reference +--- + +# Service UWF-protected devices + +To update your devices, use UWF servicing mode. UWF servicing mode allows you to apply Windows updates, antimalware signature file updates, and custom software or third-party software updates. + +Normally, when the Unified Write Filter (UWF) is active, system updates are disabled, as they would be erased when the overlay is cleared. + +When UWF servicing mode is triggered, Windows does the following: + +1. Clears the UWF overlay. +1. Reboots the devices. +1. Triggers a [system maintenance hour](/windows/desktop/TaskSchd/task-maintenence). +1. Disables the UWF filter. +1. Scans for and applies Windows updates. +1. Scans for and applies app updates from the Microsoft store. +1. After servicing is complete, it re-enables the UWF filter and resumes UWF protection. + +>[!NOTE] +> Servicing mode requires that all user accounts on the system have a password. If there is a user account that does not include a password, UWF servicing will fail. + +## In this section + +| Topic | Description | +|:------------------------------------------|:-----------------------------------------------------------------------------------| +| [Antimalware support on UWF-protected devices](uwf-antimalware-support.md) |Describes the procedures to add support for Microsoft Defender and System Center Endpoint Protection (SCEP/Forefront) antimalware to your UWF-protected devices. | +| [Apply OEM updates to UWF-protected devices](uwf-apply-windows-updates.md) |Provides information about how to apply OEM updates to a UWF-protected device. | +| [Apply Windows updates to UWF-protected devices](uwf-apply-windows-updates.md) | Describes the procedures to apply Windows updates to your UWF-protected devices. | +| [UWF master servicing script](uwf-master-servicing-script.md) | Provides information about the UWF master servicing script (UwfServicingMasterScript.cmd). | +| [UWF servicing screen saver](uwf-servicing-screen-saver.md) | Provides information about how to modify the default UWF servicing screen saver. | diff --git a/windows/configuration/unified-write-filter/toc.yml b/windows/configuration/unified-write-filter/toc.yml new file mode 100644 index 00000000000..d8105e71ecb --- /dev/null +++ b/windows/configuration/unified-write-filter/toc.yml @@ -0,0 +1,126 @@ + +items: +- name: Unified Write Filter + items: + - name: Overview + href: index.md + - name: Hibernate Once/Resume Many (HORM) + href: hibernate-once-resume-many-horm.md + - name: Exclusions + href: uwfexclusions.md + - name: Overlay + href: uwfoverlay.md + - name: Enable + href: uwf-turnonuwf.md + - name: Command Line Utility (uwfmgr.exe) + href: uwfmgrexe.md + - name: Servicing + items: + - name: Servicing protected devices + href: service-uwf-protected-devices.md + - name: Antimalware support + href: uwf-antimalware-support.md + - name: Windows Updates + href: uwf-apply-windows-updates.md + - name: OEM Updates + href: uwf-apply-oem-updates.md + - name: Servicing master script + href: uwf-master-servicing-script.md + - name: Servicing screen saver + href: uwf-servicing-screen-saver.md + - name: Troubleshooting + href: uwftroubleshooting.md + - name: WMI Provider Reference + items: + - name: Overview + href: uwf-wmi-provider-reference.md + - name: Class UWF_ExcludedFile + href: uwf-excludedfile.md + - name: Class UWF_ExcludedRegistryKey + href: uwf-excludedregistrykey.md + - name: Class UWF_Filter + items: + - name: Overview + href: uwf-filter.md + - name: Disable + href: uwf-filterdisable.md + - name: Enable + href: uwf-filterdisable.md + - name: ResetSettings + href: uwf-filterresetsettings.md + - name: RestartSystem + href: uwf-filterrestartsystem.md + - name: ShutdownSystem + href: uwf-filtershutdownsystem.md + - name: Class UWF_Overlay + items: + - name: Overview + href: uwf-overlay.md + - name: GetOverlayFiles + href: uwf-overlaygetoverlayfiles.md + - name: OverlayFile + href: uwf-overlayfile.md + - name: SetCriticalThreshold + href: uwf-overlaysetcriticalthreshold.md + - name: SetWarningThreshold + href: uwf-overlaysetwarningthreshold.md + - name: Class UWF_OverlayConfig + items: + - name: Overview + href: uwf-overlayconfig.md + - name: SetMaximumSize + href: uwf-overlayconfigsetmaximumsize.md + - name: SetType + href: uwf-overlayconfigsettype.md + - name: Class UWF_RegistryFilter + items: + - name: Overview + href: uwf-registryfilter.md + - name: AddExclusion + href: uwf-registryfilteraddexclusion.md + - name: CommitRegistry + href: uwf-registryfiltercommitregistry.md + - name: CommitRegistryDeletion + href: uwf-registryfiltercommitregistrydeletion.md + - name: FindExclusion + href: uwf-registryfilterfindexclusion.md + - name: GetExclusions + href: uwf-registryfiltergetexclusions.md + - name: RemoveExclusion + href: uwf-registryfilterremoveexclusion.md + - name: Class UWF_Servicing + items: + - name: Overview + href: uwf-servicing.md + - name: Disable + href: uwf-servicingdisable.md + - name: Enable + href: uwf-servicingenable.md + - name: UpdateWindows + href: uwf-servicingupdatewindows.md + - name: Class UWF_Volume + items: + - name: Overview + href: uwf-volume.md + - name: AddExclusion + href: uwf-volumeaddexclusion.md + - name: CommitFile + href: uwf-volumecommitfile.md + - name: CommitFileDeletion + href: uwf-volumecommitfiledeletion.md + - name: FindExclusion + href: uwf-volumefindexclusion.md + - name: GetExclusions + href: uwf-volumegetexclusions.md + - name: protect + href: uwf-volumeprotect.md + - name: RemoveAllExclusions + href: uwf-volumeremoveallexclusions.md + - name: RemoveExclusion + href: uwf-volumeremoveexclusion.md + - name: SetBindByDriveLetter + href: uwf-volumesetbindbydriveletter.md + - name: Unprotect + href: uwf-volumeunprotect.md + - name: Migration from Enhanced Write Filter + href: uwf-wes7-ewf-to-win10-uwf.md \ No newline at end of file diff --git a/windows/configuration/unified-write-filter/uwf-antimalware-support.md b/windows/configuration/unified-write-filter/uwf-antimalware-support.md new file mode 100644 index 00000000000..dcd29bb5788 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-antimalware-support.md @@ -0,0 +1,75 @@ +--- +title: Antimalware support on UWF-protected devices +description: Antimalware support on UWF-protected devices +author: TerryWarwick +ms.author: twarwick +ms.date: 05/02/2017 +ms.topic: reference +--- + +# Antimalware support on UWF-protected devices + +Learn how to enable antimalware support on your USB Filter-enabled Windows 10 Enterprise device. + +When using antimalware software on your Unified Write Filter (UWF)-protected device, you must add the required file and registry exclusions that enable the software to apply updates to signature files and persist changes to the device after a system restart. + +## Add support for Microsoft Defender on UWF-protected devices + +Add these exclusions to UWF: + +1. File exclusions + + ```text + C:\Program Files\Windows Defender + C:\ProgramData\Microsoft\Windows Defender + C:\Windows\WindowsUpdate.log + C:\Windows\Temp\MpCmdRun.log + ``` + +1. Registry exclusions + + ```reg + HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender + HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot + HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter + HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc + HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv + HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend + ``` + + > [!NOTE] + > If a Windows IoT Enterprise computer stops responding during Windows startup, see [Windows doesn't start after you exclude UWF from Microsoft Defender](/troubleshoot/windows-client/performance/windows-hangs-on-startup-after-excluding-uwf-from-microsoft-defender) for a workaround. This issue impacts: + > + > - Windows 10 IoT Enterprise, version 21H1 + > - Windows 10 IoT Enterprise, version 21H2 + > - Windows 10 IoT Enterprise, version 22H1 + > - Windows 10 IoT Enterprise LTSC 2016 + > - Windows 10 IoT Enterprise LTSC 2019 + > - Windows 10 IoT Enterprise LTSC 2021 + > - Windows 11 IoT Enterprise + +## Add support for System Center Endpoint Protection on UWF-protected devices + +Add these exclusions to UWF: + +1. File exclusions + + ```txt + C:\Program Files\Microsoft Security Client + C:\Windows\Windowsupdate.log + C:\Windows\Temp\Mpcmdrun.log + C:\ProgramData\Microsoft\Microsoft Antimalware + ``` + +1. Registry exclusions + + ```reg + HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware + ``` + +> [!NOTE] +> Windows 10 Enterprise does not include System Center Endpoint Protection. You can purchase licenses and install System Center Endpoint Protection independently. + +## Related topics + +- [Service UWF-protected devices](service-uwf-protected-devices.md) diff --git a/windows/configuration/unified-write-filter/uwf-apply-oem-updates.md b/windows/configuration/unified-write-filter/uwf-apply-oem-updates.md new file mode 100644 index 00000000000..e6202652cb9 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-apply-oem-updates.md @@ -0,0 +1,44 @@ +--- +title: Apply OEM updates to UWF-protected devices +description: Apply OEM updates to UWF-protected devices +author: TerryWarwick +ms.author: twarwick +ms.date: 05/02/2017 +ms.topic: reference +--- + +# Apply OEM updates to UWF-protected devices + +To apply OEM updates on a Unified Write Filter (UWF)-protected Windows 10 device, you can modify the UPDATE\_SUCCESS block of UWF master servicing script (UwfServicingMasterScript.cmd) to call a custom OEM script that applies any required OEM updates. The OEM script should return control back to the UWF Master Servicing Script when finished. + +The UWF Master Servicing Script (UwfServicingMasterScript.cmd) is located in the \Windows\System32 folder. + +## UPDATE_SUCCESS (UwfServicingMasterScript.cmd) + +The UPDATE_SUCCESS block of the UWF master servicing script follows: + +```powershell +:UPDATE_SUCCESS +echo UpdateAgent returned success. +REM +REM echo UpdateAgent executing OEM script +REM OEM can call their custom scripts +REM at this point through a "call". +REM +REM The OEM script should hand control +REM back to this script once complete. +REM +REM Any error recovery for OEM script +REM should be handled outside of this script +REM post a reboot. +REM +uwfmgr servicing disable +echo Restarting system +goto UPDATE_EXIT +``` + +## Related topics + +- [Service UWF-protected devices](service-uwf-protected-devices.md) +- [UWF master servicing script](uwf-master-servicing-script.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-apply-windows-updates.md b/windows/configuration/unified-write-filter/uwf-apply-windows-updates.md new file mode 100644 index 00000000000..36ddf5619d0 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-apply-windows-updates.md @@ -0,0 +1,71 @@ +--- +title: Apply Windows updates to UWF-protected devices +description: Apply Windows updates to UWF-protected devices +author: TerryWarwick +ms.author: twarwick +ms.date: 05/02/2017 +ms.topic: reference +--- + +# Apply Windows updates to UWF-protected devices + +When a device is protected with Unified Write Filter (UWF), you must use UWF servicing mode commands to service the device and apply updates to an image. + +UWF servicing mode uses the following files to when it applies Windows updates to your device: + +- UWFMgr.exe command-line tool +- UwfServicingScr.scr screen saver +- UwfServicingMasterScript.cmd script + +> [!NOTE] +> The master servicing script can be modified to service third-party applications, service custom OEM applications, or call custom OEM servicing scripts. + +UWF servicing supports the following types of Windows updates: + +- Critical updates +- Security updates +- Driver updates + +## Enable Servicing Mode + +1. To apply Windows updates to your device, at an administrator command prompt, type the following command: + + ```cmd + uwfmgr.exe servicing enable + ``` + +1. Restart the device. Use either command. + + ```cmd + uwfmgr.exe filter restart + ``` + + ```cmd + shutdown /r /t 0 + ``` + +On restart, the device will automatically sign in to the servicing account and servicing will start. + +> [!IMPORTANT] +> The default servicing account that is automatically created and used for servicing is named **UWF-Servicing**. It is important that you do not have a user account that has that same name on a device before starting UWF servicing. + +Once servicing has started, no user interaction is required. The system may restart if it is required by the Windows updates that are installing. If a restart is required, the system will re-enter servicing mode on restart and continue until all updates have been installed. + +While servicing is underway, the UwfServicingScr.scr screen saver displays on the device. + +> [!NOTE] +> The UwfServicingScr.scr screen saver that is included with Windows 10 Enterprise is a standard Windows screen saver and can be replaced by a custom OEM screen saver if required. + +When Windows update servicing is finished, the system will disable UWF servicing and restart the system with UWF-protection enabled and all file and registry exclusions restored to their original pre-servicing state. + +> [!NOTE] +> Be aware that during UWF servicing in Windows 10 Enterprise, Windows Update automatically accepts all Microsoft Software License Terms. + +> [!NOTE] +> If Windows updates cannot be installed or return an error, servicing will be disabled and the system will restart with UWF-protection re-enabled and all file and registry exclusions restored to their original pre-servicing state. + +## Related topics + +- [Unified Write Filter](unified-write-filter.md) +- [UWF master servicing script](uwf-master-servicing-script.md) +- [UWF servicing screen saver](uwf-servicing-screen-saver.md) diff --git a/windows/configuration/unified-write-filter/uwf-excludedfile.md b/windows/configuration/unified-write-filter/uwf-excludedfile.md new file mode 100644 index 00000000000..f9de9c1d4d0 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-excludedfile.md @@ -0,0 +1,53 @@ +--- +title: UWF_ExcludedFile +description: UWF_ExcludedFile +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_ExcludedFile + +Contains the files and folders that are currently in the file exclusion list for a volume protected by Unified Write Filter (UWF). + +## Syntax + +```powershell +class UWF_ExcludedFile { + [Read] string FileName; +}; +``` + +## Members + +The following tables list any methods and properties that belong to this class. + +### Properties + +| Property | Data type | Qualifier | Description | +|----------|-----------|-----------|-------------| +| FileName | string | [read] | The name of the file or folder path in the file exclusion list, including the full path relative to the volume. | + +### Remarks + +UWF_ExcludedFile does not represent an actual WMI object, and you cannot use this class to get or set file exclusions. + +You must use the [UWF_Volume.GetExclusions](uwf-volumegetexclusions.md) method to retrieve UWF_ExcludedFile objects. + +You can use the [UWF_Volume.AddExclusion](uwf-volumeaddexclusion.md) and [UWF_Volume.RemoveExclusion](uwf-volumeremoveexclusion.md) methods to add or remove file and folder exclusions to a volume. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [Unified Write Filter WMI provider reference](uwf-wmi-provider-reference.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-excludedregistrykey.md b/windows/configuration/unified-write-filter/uwf-excludedregistrykey.md new file mode 100644 index 00000000000..27ff296b3bb --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-excludedregistrykey.md @@ -0,0 +1,53 @@ +--- +title: UWF_ExcludedRegistryKey +description: UWF_ExcludedRegistryKey +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_ExcludedRegistryKey + +Contains the registry keys that are currently in the registry key exclusion list for Unified Write Filter (UWF). + +## Syntax + +```powershell +class UWF_ExcludedRegistryKey { + [Read] string RegistryKey; +}; +``` + +## Members + +The following tables list any methods and properties that belong to this class. + +### Properties + +| Property | Data type | Qualifier | Description | +|-------------|----------------|-----------|-------------| +| RegistryKey | string | [read] | The full path of the registry key in the registry key exclusion list. | + +### Remarks + +UWF_ExcludedRegistryKeydoes not represent an actual WMI object, and you cannot use this class to get or set registry key exclusions. + +You can use the [UWF_RegistryFilter.GetExclusions](uwf-registryfiltergetexclusions.md) or [UWF_RegistryFilter.FindExclusion](uwf-registryfilterfindexclusion.md) methods to retrieve UWF_ExcludedRegistryKey objects. + +You can use the [UWF_Volume.AddExclusion](uwf-volumeaddexclusion.md) and [UWF_Volume.RemoveExclusion](uwf-volumeremoveexclusion.md) methods to add or remove registry keys to the UWF registry key exclusion list. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [Unified Write Filter WMI provider reference](uwf-wmi-provider-reference.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-filter.md b/windows/configuration/unified-write-filter/uwf-filter.md new file mode 100644 index 00000000000..bb8751a406c --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-filter.md @@ -0,0 +1,171 @@ +--- +title: UWF_Filter +description: UWF_Filter +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Filter + +Enables or disables Unified Write Filter (UWF), resets configuration settings for UWF, and shuts down or restarts your device. + +## Syntax + +```powershell +class UWF_Filter{ + [key] string Id; + [read] boolean CurrentEnabled; + [read] boolean NextEnabled; + UInt32 Enable(); + UInt32 Disable(); + UInt32 ResetSettings(); + UInt32 ShutdownSystem(); + UInt32 RestartSystem(); +}; +``` + +## Members + +The following tables list any methods and properties that belong to this class. + +### Methods + +| Methods | Description | +|----------|-------------| +| [UWF_Filter.Enable](uwf-filterenable.md) | Enables UWF on the next restart. | +| [UWF_Filter.Disable](uwf-filterdisable.md) | Disables UWF on the next restart. | +| [UWF_Filter.ResetSettings](uwf-filterresetsettings.md) | Restores UWF settings to the orig inal state that was captured at install time. | +| [UWF_Filter.ShutdownSystem](uwf-filtershutdownsystem.md) |Safely shuts down a system protected by UWF, even if the overlay is full. | +| [UWF_Filter.RestartSystem](uwf-filterrestartsystem.md) | Safely restarts a system protected by UWF, even if the overlay is full. | + +### Properties + +| Property | Data type | Qualifiers | Description | +|----------|----------------|------------|-------------| +| **Id** | string | [key] | A unique ID. This is always set to **UWF_Filter** | +| **CurrentEnabled** | Boolean | [read] | Indicates if UWF is enabled for the current session. | +| **NextEnabled** | Boolean | [read] | Indicates if UWF is enabled after the next restart. | + +### Remarks + +You must use an administrator account to make any changes to the configuration settings for UWF. Users with any kind of account can read the current configuration settings. + +## Example + +The following example demonstrates how to enable or disable UWF by using the WMI provider in a PowerShell script. + +The PowerShell script creates three functions to help enable or disable UWF. It then demonstrates how to use each function. + +The first function, `Disable-UWF`, retrieves a WMI object for **UWF_Filter**, and calls the **Disable()** method to disable UWF after the next device restart. + +The second function, `Enable-UWF`, retrieves a WMI object for **UWF_Filter**, and calls the **Enable()** method to enable UWF after the next device restart. + +The third function, `Display-UWFState`, examines the properties of the **UWF_Filter** object, and prints out the current settings for **UWF_Filter**. + +```powershell +$COMPUTER = "localhost" +$NAMESPACE = "root\standardcimv2\embedded" + +# Create a function to disable the Unified Write Filter driver after the next restart. +function Disable-UWF() { + +# Retrieve the UWF_Filter settings. + $objUWFInstance = Get-WMIObject -namespace $NAMESPACE -class UWF_Filter; + + if(!$objUWFInstance) { + "Unable to retrieve Unified Write Filter settings." + return; + } + +# Call the method to disable UWF after the next restart. This sets the NextEnabled property to false. + + $retval = $objUWFInstance.Disable(); + +# Check the return value to verify that the disable is successful + if ($retval.ReturnValue -eq 0) { + "Unified Write Filter will be disabled after the next system restart." + } else { + "Unknown Error: " + "{0:x0}" -f $retval.ReturnValue + } +} + +# Create a function to enable the Unified Write Filter driver after the next restart. +function Enable-UWF() { + +# Retrieve the UWF_Filter settings. + $objUWFInstance = Get-WMIObject -namespace $NAMESPACE -class UWF_Filter; + + if(!$objUWFInstance) { + "Unable to retrieve Unified Write Filter settings." + return; + } + +# Call the method to enable UWF after the next restart. This sets the NextEnabled property to false. + + $retval = $objUWFInstance.Enable(); + +# Check the return value to verify that the enable is successful + if ($retval.ReturnValue -eq 0) { + "Unified Write Filter will be enabled after the next system restart." + } else { + "Unknown Error: " + "{0:x0}" -f $retval.ReturnValue + } +} + +# Create a function to display the current settings of the Unified Write Filter driver. +function Display-UWFState() { + +# Retrieve the UWF_Filter object + $objUWFInstance = Get-WmiObject -Namespace $NAMESPACE -Class UWF_Filter; + + if(!$objUWFInstance) { + "Unable to retrieve Unified Write Filter settings." + return; + } + +# Check the CurrentEnabled property to see if UWF is enabled in the current session. + if($objUWFInstance.CurrentEnabled) { + $CurrentStatus = "enabled"; + } else { + $CurrentStatus = "disabled"; + } + +# Check the NextEnabled property to see if UWF is enabled or disabled after the next system restart. + if($objUWFInstance.NextEnabled) { + $NextStatus = "enabled"; + } else { + $NextStatus = "disabled"; + } +} + +# Some examples of how to call the functions + +Display-UWFState + +"Enabling Unified Write Filter" +Enable-UWF + +Display-UWFState + +"Disabling Unified Write Filter" +Disable-UWF + +Display-UWFState +``` + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [Unified Write Filter WMI provider reference](uwf-wmi-provider-reference.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-filterdisable.md b/windows/configuration/unified-write-filter/uwf-filterdisable.md new file mode 100644 index 00000000000..814de833ac1 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-filterdisable.md @@ -0,0 +1,45 @@ +--- +title: UWF_Filter.Disable +description: UWF_Filter.Disable +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Filter.Disable + +Disables Unified Write Filter (UWF) on the next restart. + +## Syntax + +```powershell +UInt32 Disable(); +``` + +## Parameters + +None. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +You must use an administrator account to disable UWF. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Filter](uwf-filter.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-filterenable.md b/windows/configuration/unified-write-filter/uwf-filterenable.md new file mode 100644 index 00000000000..8ea287e6dfb --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-filterenable.md @@ -0,0 +1,68 @@ +--- +title: UWF_Filter.Enable +description: UWF_Filter.Enable +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Filter.Enable + +Enables Unified Write Filter (UWF) on the next restart. + +## Syntax + +```powershell +UInt32 Enable(); +``` + +## Parameters + +None. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +You must use an administrator account to enable UWF. + +You must restart your device after you enable or disable UWF before the change takes effect. + +The first time you enable UWF on your device, UWF makes the following changes to your system to improve the performance of UWF: + +- Paging files are disabled. +- System restore is disabled. +- SuperFetch is disabled. +- File indexing service is turned off. +- Defragmentation service is turned off. +- Fast boot is disabled. +- BCD setting **bootstatuspolicy** is set to **ignoreallfailures**. + +You can change these settings after you enable UWF if you want to. For example, you can move the page file location to an unprotected volume and re-enable paging files. + +Additionally, after you run `uwfmgr filter enable`, restart the computer and exit the servicing mode, the following things are disabled: + +- Windows Update by setting `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate` +- Windows Store Update by setting `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore\AutoDownload` +- Registry Reorganization by setting `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Configuration Manager\RegistryReorganizationLimitDays` +- Maintenance Hour by setting `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Maintenance\MaintenanceDisabled` + +After you run `uwfmgr filter disable`, restart the computer and enter the serving mode, the changes are reverted. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Filter](uwf-filter.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-filterresetsettings.md b/windows/configuration/unified-write-filter/uwf-filterresetsettings.md new file mode 100644 index 00000000000..fe969637137 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-filterresetsettings.md @@ -0,0 +1,49 @@ +--- +title: UWF_Filter.ResetSettings +description: UWF_Filter.ResetSettings +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Filter.ResetSettings + +Restores UWF settings to the original configuration settings. + +## Syntax + +```powershell +UInt32 ResetSettings(); +``` + +## Parameters + +None. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +You must use an administrator account to reset UWF settings. + +The original configuration settings are captured the first time that you enable UWF after you add UWF to your device by using **Turn Windows features on or off**. You can change the original configuration settings by using **Turn Windows features on or off** to remove and then add UWF, and then modifying the configuration to the desired state before you enable UWF. + +If you added UWF to your device by using SMI settings in an unattend.xml file, the original configuration settings are captured when Windows 10 Enterprise is installed on your device. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related articles + +- [UWF_Filter](uwf-filter.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-filterrestartsystem.md b/windows/configuration/unified-write-filter/uwf-filterrestartsystem.md new file mode 100644 index 00000000000..1de561155b4 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-filterrestartsystem.md @@ -0,0 +1,50 @@ +--- +title: UWF_Filter.RestartSystem +description: UWF_Filter.RestartSystem +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Filter.RestartSystem + +Safely restarts a system protected by UWF, even if the overlay is full. + +## Syntax + +```powershell +UInt32 RestartSystem(); +``` + +## Parameters + +None. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +You must use an administrator account to call this method. +You can't run on WMI providers; it's only available from Intune/CSP. + +If the overlay is full, or near full, shutting down or restarting the system normally can cause the system to take an long time to shut down. This occurs when the system repeatedly tries to write files during shutdown, which constantly fail due to the overlay being full. You can call this method to safely restart a system by avoiding this scenario. + +If the overlay becomes full while the system is performing a large number of writes, such as copying a large group of files, calling this method can still result in a long shutdown time. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related articles + +- [UWF_Filter](uwf-filter.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-filtershutdownsystem.md b/windows/configuration/unified-write-filter/uwf-filtershutdownsystem.md new file mode 100644 index 00000000000..b05d1c127d9 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-filtershutdownsystem.md @@ -0,0 +1,49 @@ +--- +title: UWF_Filter.ShutdownSystem +description: UWF_Filter.ShutdownSystem +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Filter.ShutdownSystem + +Safely shuts down a system protected by UWF, even if the overlay is full. + +## Syntax + +```powershell +UInt32 ShutdownSystem(); +``` + +## Parameters + +None. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +You must use an administrator account to call this method. + +If the overlay is full, or near full, shutting down or restarting the system normally can cause the system to take an extremely long time to shut down. This occurs when the system repeatedly tries to write files during shutdown, which constantly fail due to the overlay being full. You can call this method to safely shutdown a system by avoiding this scenario. + +If the overlay becomes full while the system is performing a large amount of writes, such as copying a large group of files, calling this method can still result in a long shutdown time. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Filter](uwf-filter.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-master-servicing-script.md b/windows/configuration/unified-write-filter/uwf-master-servicing-script.md new file mode 100644 index 00000000000..280c56d6abe --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-master-servicing-script.md @@ -0,0 +1,90 @@ +--- +title: UWF master servicing script +description: UWF master servicing script +author: TerryWarwick +ms.author: twarwick +ms.date: 05/02/2017 +ms.topic: reference +--- + +# UWF master servicing script + +The UWF master servicing script (UwfServicingMasterScript.cmd) is located in the \\Windows\\System32 folder. + +## UwfServicingMasterScript.cmd + +The full UWF master servicing script follows: + +```powershell +REM servicing of the device with UWF installed. The script will +REM call UWF manager application to update the system with the +REM latest available updates. +REM The script will detect whether the update operation +REM ended successfully or requires a reboot. +REM +REM The script will change the "SERVICING" state of the device +REM only when the update operation results in a "SUCCESS". +REM A state change of the device requires a reboot. +REM +REM If the update operation requires a "REBOOT" the script will +REM reboot device without changing the "SERVICING" state. The +REM Will then run again on the following reboot until +REM the update operation either return a "SUCCESS" or a "ERROR" +REM +REM Any third-party script that needs to run before the state +REM change should run in the UPDATE_SUCCESS block +REM +REM Environment : +REM It is expected that UWF is turned "OFF", "SERVICING" mode +REM enabled and all other preconditions +REM for servicing are in place. +REM +REM +REM + + +echo UpdateAgent starting. +uwfmgr servicing update-windows +if ERRORLEVEL 3010 goto UPDATE_REBOOT +if ERRORLEVEL 0 goto UPDATE_SUCCESS +echo UpdateAgent returned error =%ERRORLEVEL% + +:UPDATE_ERROR +uwfmgr servicing disable +echo Restarting system +goto UPDATE_EXIT + +:UPDATE_REBOOT +echo UpdateAgent requires a reboot. +echo UpdateAgent restarting system +goto UPDATE_EXIT + +:UPDATE_SUCCESS +echo UpdateAgent returned success. +REM +REM echo UpdateAgent executing OEM script +REM OEM can call their custom scripts +REM at this point through a "call". +REM +REM The OEM script should hand control +REM back to this script once it is done. +REM +REM Any error recovery for OEM script +REM should be handled outside of this script +REM post a reboot. +REM +uwfmgr servicing disable +echo Restarting system +goto UPDATE_EXIT + +:UPDATE_EXIT +echo UpdateAgent exiting. +shutdown -r -t 5 +EXIT /B +``` + +## Related topics + +[Service UWF-protected devices](service-uwf-protected-devices.md) + +[Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlay.md b/windows/configuration/unified-write-filter/uwf-overlay.md new file mode 100644 index 00000000000..a1f300872ab --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-overlay.md @@ -0,0 +1,166 @@ +--- +title: UWF_Overlay +description: UWF_Overlay +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Overlay + +Contains the current size of the Unified Write Filter (UWF) overlay and manages the critical and warning thresholds for the overlay size. + +## Syntax + +```powershell +class UWF_Overlay { + [key] string Id; + [read] UInt32 OverlayConsumption; + [read] UInt32 AvailableSpace; + [read] UInt32 CriticalOverlayThreshold; + [read] UInt32 WarningOverlayThreshold; + + UInt32 GetOverlayFiles( + [in] string Volume, + [out, EmbeddedInstance("UWF_OverlayFile")] string OverlayFiles[] + ); + UInt32 SetWarningThreshold( + UInt32 size + ); + UInt32 SetCriticalThreshold( + UInt32 size + ); +}; +``` + +## Members + +The following tables list any methods and properties that belong to this class. + +| Methods | Description | +|---------|-------------| +| [UWF_Overlay.GetOverlayFiles](uwf-overlaygetoverlayfiles.md) | Returns a list of files of a volume that were cached in the UWF overlay. | +| [UWF_Overlay.SetWarningThreshold](uwf-overlaysetwarningthreshold.md) | Sets the warning threshold for monitoring the size of the UWF overlay. | +| [UWF_Overlay.SetCriticalThreshold](uwf-overlaysetcriticalthreshold.md) | Sets the critical warning threshold for monitoring the size of the UWF overlay. | + +### Properties + +| Property | Data type | Qualifiers | Description | +|----------|----------------|------------|-------------| +| ID | string | [key] | A unique ID. This is always set to **UWF_Overlay**. | +| OverlayConsumption | Uint32 | [read] | The current size, in megabytes, of the UWF overlay. | +| AvailableSpace | Uint32 | [read] | The amount of free space, in megabytes, available to the UWF overlay. | +| CriticalOverlayThreshold | Uint32 | [read] | The critical threshold size, in megabytes. UWF sends a critical threshold notification event when the UWF overlay size reaches or exceeds this value. | +| WarningOverlayThreshold | Uint32 | [read] | The warning threshold size, in megabytes. UWF sends a warning threshold notification event when the UWF overlay size reaches or exceeds this value. | + +### Examples + +The following example demonstrates how to use the UWF overlay by using the WMI provider in a PowerShell script. + +```powershell +$COMPUTER = "localhost" +$NAMESPACE = "root\standardcimv2\embedded" + +# Function to set the Unified Write Filter overlay warning threshold + +function Set-OverlayWarningThreshold($ThresholdSize) { + +# Retrieve the overlay WMI object + + $OverlayInstance = Get-WMIObject -namespace $NAMESPACE -class UWF_Overlay; + + if(!$OverlayInstance) { + "Unable to get handle to an instance of the UWF_Overlay class" + return; + } + +# Call the instance method to set the warning threshold value + + $retval = $OverlayInstance.SetWarningThreshold($ThresholdSize); + +# Check the return value to verify that setting the warning threshold is successful + + if ($retval.ReturnValue -eq 0) { + "Overlay warning threshold has been set to " + $ThresholdSize + " MB" + } else { + "Unknown Error: " + "{0:x0}" -f $retval.ReturnValue + } +} + +# Function to set the Unified Write Filter overlay critical threshold + +function Set-OverlayCriticalThreshold($ThresholdSize) { + +# Retrieve the overlay WMI object + + $OverlayInstance = Get-WMIObject -namespace $NAMESPACE -class UWF_Overlay; + + if(!$OverlayInstance) { + "Unable to get handle to an instance of the UWF_Overlay class" + return; + } + +# Call the instance method to set the warning threshold value + + $retval = $OverlayInstance.SetCriticalThreshold($ThresholdSize); + +# Check the return value to verify that setting the critical threshold is successful + + if ($retval.ReturnValue -eq 0) { + "Overlay critical threshold has been set to " + $ThresholdSize + " MB" + } else { + "Unknown Error: " + "{0:x0}" -f $retval.ReturnValue + } +} + +# Function to print the current overlay information + +function Get-OverlayInformation() { + +# Retrieve the Overlay WMI object + + $OverlayInstance = Get-WMIObject -namespace $NAMESPACE -class UWF_Overlay; + + if(!$OverlayInstance) { + "Unable to get handle to an instance of the UWF_Overlay class" + return; + } + +# Display the current values of the overlay properties + + "`nOverlay Consumption: " + $OverlayInstance.OverlayConsumption + "Available Space: " + $OverlayInstance.AvailableSpace + "Critical Overlay Threshold: " + $OverlayInstance.CriticalOverlayThreshold + "Warning Overlay Threshold: " + $OverlayInstance.WarningOverlayThreshold +} + +# Examples of using these functions + +"`nSetting the warning threshold to 768 MB." +Set-OverlayWarningThreshold( 768 ) + +"`nSetting the critical threshold to 896 MB." +Set-OverlayCriticalThreshold( 896 ) + +"`nDisplaying the current state of the overlay." +Get-OverlayInformation +``` + +### Remarks + +Only one **UFW\_Overlay** instance exists for a system protected with UWF. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related articles + +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlayconfig.md b/windows/configuration/unified-write-filter/uwf-overlayconfig.md new file mode 100644 index 00000000000..a4ede8380fb --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-overlayconfig.md @@ -0,0 +1,161 @@ +--- +title: UWF_OverlayConfig +description: UWF_OverlayConfig +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_OverlayConfig + +Displays and configures global settings for the Unified Write Filter (UWF) overlay. You can modify the maximum size and the type of the UWF overlay. + +## Syntax + +```powershell +class UWF_OverlayConfig{ + [key, Read] boolean CurrentSession; + [read] UInt32 Type; + [read] SInt32 MaximumSize; + + UInt32 SetType( + UInt32 type + ); + UInt32 SetMaximumSize( + UInt32 size + ); +}; +``` + +## Members + +The following tables list the methods and properties that belong to this class. + +### Methods + +| Method | Description | +|--------|-------------| +| [UWF_OverlayConfig.SetMaximumSize](uwf-overlayconfigsetmaximumsize.md) | Sets the maximum cache size, in megabytes, of the overlay. | +| [UWF_OverlayConfig.SetType](uwf-overlayconfigsettype.md) | Sets the type of the UWF overlay to either RAM-based or disk-based. | + +### Properties + +| Property | Data type | Qualifiers | Description | +|----------|----------------|------------|-------------| +| CurrentSession | Boolean | [key, read] | Indicates which session the object contains settings for.
- **True** for the current session
- **False** for the next session that begins after a restart. | +| Type | UInt32 | [read] | Indicates the type of overlay.
- **0** for a RAM-based overlay
- **1** for a disk-based overlay. | +| MaximumSize | SInt32 | [read] | Indicates the maximum cache size, in megabytes, of the overlay. | + +### Remarks + +Changes to the overlay configuration take effect on the next restart in which UWF is enabled. + +Before you can change the **Type** or **MaximumSize** properties, UWF must be disabled in the current session. + +### Example + +The following example demonstrates how to change the maximum size or the storage type of the overlay in UWF by using the Windows Management Instrumentation (WMI) provider in a PowerShell script. + +The PowerShell script creates two functions to modify the overlay configuration. It then demonstrates how to use the functions. The first function, **Set-OverlaySize**, sets the maximum size of the overlay. The second function, **Set-OverlayType**, sets the type of the overlay to RAM-based or disk-based. + +```powershell +$COMPUTER = "localhost" +$NAMESPACE = "root\standardcimv2\embedded" + +# Define common parameters + +$CommonParams = @{"namespace"=$NAMESPACE; "computer"=$COMPUTER} + +function Set-OverlaySize([UInt32] $size) { + +# This function sets the size of the overlay to which file and registry changes are redirected +# Changes take effect after the next restart + +# $size is the maximum size in MB of the overlay + +# Make sure that UWF is currently disabled + + $UWFFilter = Get-WmiObject -class UWF_Filter @commonParams + + if ($UWFFilter.CurrentEnabled -eq $false) { + +# Get the configuration for the next session after a restart + + $nextConfig = Get-WMIObject -class UWF_OverlayConfig -Filter "CurrentSession = false" @CommonParams; + + if ($nextConfig) { + +# Set the maximum size of the overlay + + $nextConfig.SetMaximumSize($size); + write-host "Set overlay max size to $size MB." + } + } else { + write-host "UWF must be disabled in the current session before you can change the overlay size." + } +} + +function Set-OverlayType([UInt32] $overlayType) { + +# This function sets the type of the overlay to which file and registry changes are redirected +# Changes take effect after the next restart + +# $overlayType is the type of storage that UWF uses to maintain the overlay. 0 = RAM-based; 1 = disk-based. + + $overlayTypeText = @("RAM-based", "disk-based") + +# Make sure that the overlay type is a valid value + + if ($overlayType -eq 0 -or $overlayType -eq 1) { + +# Make sure that UWF is currently disabled + + $UWFFilter = Get-WmiObject -class UWF_Filter @commonParams + + if ($UWFFilter.CurrentEnabled -eq $false) { + +# Get the configuration for the next session after a restart + + $nextConfig = Get-WMIObject -class UWF_OverlayConfig -Filter "CurrentSession = false" @CommonParams; + + if ($nextConfig) { + +# Set the type of the overlay + + $nextConfig.SetType($overlayType); + write-host "Set overlay type to $overlayTypeText[$overlayType]." + } + } else { + write-host "UWF must be disabled in the current session before you can change the overlay type." + } + } else { + write-host "Invalid value for overlay type. Valid values are 0 (RAM-based) or 1 (disk-based)." + } +} + +# The following sample commands demonstrate how to use the functions to change the overlay configuration + +$RAMMode = 0 +$DiskMode = 1 + +Set-OverlaySize 2048 + +Set-OverlayType $DiskMode +``` + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +[Unified Write Filter WMI provider reference](uwf-wmi-provider-reference.md) + +[Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlayconfigsetmaximumsize.md b/windows/configuration/unified-write-filter/uwf-overlayconfigsetmaximumsize.md new file mode 100644 index 00000000000..f5c049d861e --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-overlayconfigsetmaximumsize.md @@ -0,0 +1,57 @@ +--- +title: UWF_OverlayConfig.SetMaximumSize +description: UWF_OverlayConfig.SetMaximumSize +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_OverlayConfig.SetMaximumSize + +Sets the maximum cache size of the Unified Write Filter (UWF) overlay. + +## Syntax + +```powershell +UInt32 SetMaximumSize( + UInt32 size +); +``` + +## Parameters + +**size**
An integer that represents the maximum cache size, in megabytes, of the overlay. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +When the size of the overlay reaches the *size* value, UWF returns an error for any attempt to write to a protected volume. + +If the overlay type is disk-based, your device must meet the following requirements to change the maximum size of the overlay. + +- UWF must be disabled in the current session. +- The *size* value must be at least 1024. +- The system volume on your device must have available free space greater than the new maximum size value. + +If the overlay type is RAM-based, your device must meet the following requirement to change the maximum size of the overlay. + +- UWF must be disabled in the current session. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_OverlayConfig](uwf-overlayconfig.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlayconfigsettype.md b/windows/configuration/unified-write-filter/uwf-overlayconfigsettype.md new file mode 100644 index 00000000000..fdfbc5ca6b7 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-overlayconfigsettype.md @@ -0,0 +1,60 @@ +--- +title: UWF_OverlayConfig.SetType +description: UWF_OverlayConfig.SetType +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_OverlayConfig.SetType + +Sets the type of the Unified Write Filter (UWF) overlay to either RAM-based or disk-based. + +## Syntax + +```powershell +UInt32 SetType( + UInt32 type +); +``` + +## Parameters + +**type**
The type of overlay. Set to **0** for a RAM-based overlay; set to **1** for a disk-based overlay. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +Changes to the overlay type take effect during the next device restart in which UWF is enabled. + +When you change the overlay type from RAM-based to disk-based, UWF creates a file on the system volume. The file has a size equal to the **MaximumSize** property of [UWF_OverlayConfig](uwf-overlayconfig.md). + +Before you can change the overlay type to disk-based, your device must meet the following requirements. + +- UWF must be disabled in the current session. +- The system volume on your device must have available free space greater than the maximum size of the overlay. +- The maximum size of the overlay must be at least 1024 MB. + +Before you can change the overlay type to RAM-based, your device must meet the following requirements. + +- UWF must be disabled in the current session. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_OverlayConfig](uwf-overlayconfig.md) +- [Overlay for Unified Write Filter (UWF)](uwfoverlay.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlayfile.md b/windows/configuration/unified-write-filter/uwf-overlayfile.md new file mode 100644 index 00000000000..e7aac9e7400 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-overlayfile.md @@ -0,0 +1,53 @@ +--- +title: UWF_OverlayFile +description: UWF_OverlayFile +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_OverlayFile + +Contains a file that is currently in the overlay for a volume protected by Unified Write Filter (UWF). + +## Syntax + +```powershell +class UWF_OverlayFile { + [read] string FileName; + [read] UInt64 FileSize; +}; +``` + +## Members + +The following table lists any properties that belong to this class. + +### Properties + +| Property | Data type | Qualifier | Description | +|----------|----------------|-----------|-------------| +| FileName | string | [read] | The name of the file in the file overlay. | +| FileSize | UInt64 | [read] | The size of the file in the file overlay. | + +### Remarks + +You cannot use the **UWF_ OverlayFile** class directly to get overlay files. You must use the **UWF_Overlay.GetOverlayFiles** method to retrieve **UWF_ OverlayFile** objects. + +For more information about specific limitations and conditions when using the **GetOverlayFiles** method, see the **Remarks** section in the [UWF_Overlay.GetOverlayFiles](uwf-overlaygetoverlayfiles.md) topic in the UWF WMI provider technical reference. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [Unified Write Filter WMI provider reference](uwf-wmi-provider-reference.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlaygetoverlayfiles.md b/windows/configuration/unified-write-filter/uwf-overlaygetoverlayfiles.md new file mode 100644 index 00000000000..a6b5db730eb --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-overlaygetoverlayfiles.md @@ -0,0 +1,69 @@ +--- +title: UWF_Overlay.GetOverlayFiles +description: UWF_Overlay.GetOverlayFiles +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Overlay.GetOverlayFiles + +Returns a list of files of a volume that were cached in the Unified Write Filter (UWF) overlay. + +## Syntax + +```powershell +UInt32 GetOverlayFiles( + [in] string Volume, + [out, EmbeddedInstance("UWF_OverlayFile")] string OverlayFiles[] +); +``` + +## Parameters + +**Volume**
A string that specifies the drive letter or volume name. + +**OverlayFiles**
An array of **UWF_OverlayFiles** objects embedded as strings. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +You must use an administrator account to access this method. + +The **GetOverlayFiles** method is intended to be used as a diagnostic tool. + +Do not base decisions about what to commit based on this method’s output. + +You should be aware of the following limitations: + +- This method is only supported on the NTFS file system. +- This method requires a significant amount of free system memory to succeed (in a linear relationship to overlay usage). The method call fails when there is insufficient memory available to complete the call. +- This method requires significant time to complete (in an exponential relationship to overlay usage). +- This method may show files that are affected by seemingly unrelated operations to both registry and file exclusions and commits. + +You should also be aware of the following items when you use the **GetOverlayFiles** method: + +- Files that were committed with the `uwfmgr.exe file commit` command are also contained in the overlay files list. +- Excluded files may be contained in the overlay files list. +- Files that are smaller than the cluster size (for example, 4 KB in most cases) will not be listed even if they are cached in overlay. +- Changes and deletions in excluded directories, excluded files, or excluded registry items add to overlay usage. +- File and registry commits add to overlay usage. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Overlay](uwf-overlay.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlaysetcriticalthreshold.md b/windows/configuration/unified-write-filter/uwf-overlaysetcriticalthreshold.md new file mode 100644 index 00000000000..355dd4696b9 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-overlaysetcriticalthreshold.md @@ -0,0 +1,53 @@ +--- +title: UWF_Overlay.SetCriticalThreshold +description: UWF_Overlay.SetCriticalThreshold +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Overlay.SetCriticalThreshold + +Sets the critical threshold for monitoring the size of the Unified Write Filter (UWF) overlay. + +## Syntax + +```powershell +UInt32 SetCriticalThreshold( + UInt32 size +); +``` + +## Parameters + +**size**
An integer that represents the size, in megabytes, of the critical threshold level for the overlay. If *size* is 0 (zero), UWF does not raise critical threshold events. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +When the size of the overlay reaches or exceeds the *size* threshold value, UWF writes the following notification event to the event log. + +| Message ID | Event code | Message text | +|------------|------------|--------------| +| UWF_OVERLAY_REACHED_CRITICAL_LEVEL | 0x80010002L | The UWF overlay size has reached CRITICAL level. | + +The critical threshold must be higher than the warning threshold. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Overlay](uwf-overlay.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlaysetwarningthreshold.md b/windows/configuration/unified-write-filter/uwf-overlaysetwarningthreshold.md new file mode 100644 index 00000000000..06f07ad28f1 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-overlaysetwarningthreshold.md @@ -0,0 +1,53 @@ +--- +title: UWF_Overlay.SetWarningThreshold +description: UWF_Overlay.SetWarningThreshold +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Overlay.SetWarningThreshold + +Sets the warning threshold for monitoring the size of the Unified Write Filter (UWF) overlay. + +## Syntax + +```powershell +UInt32 SetWarningThreshold( + UInt32 size +); +``` + +## Parameters + +**size**
An integer that represents the size, in megabytes, of the warning threshold level for the overlay. If *size* is set to 0 (zero), UWF does not raise warning threshold events. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +When the size of the overlay reaches or exceeds the *size* threshold value, UWF writes the following notification event to the event log. + +| Message ID | Event code | Message text | +|------------|------------|--------------| +|UWF_OVERLAY_REACHED_WARNING_LEVEL | 0x80010001L | The UWF overlay size has reached WARNING level. | + +The warning threshold must be lower than the critical threshold. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Overlay](uwf-overlay.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-registryfilter.md b/windows/configuration/unified-write-filter/uwf-registryfilter.md new file mode 100644 index 00000000000..3b0d8dd7864 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-registryfilter.md @@ -0,0 +1,271 @@ +--- +title: UWF_RegistryFilter +description: UWF_RegistryFilter +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_RegistryFilter + +Adds or removes registry exclusions from Unified Write Filter (UWF) filtering, and also commits registry changes. + +## Syntax + +```powershell +class UWF_RegistryFilter{ + [key, Read] boolean CurrentSession; + [Read, Write] boolean PersistDomainSecretKey; + [Read, Write] boolean PersistTSCAL; + + UInt32 AddExclusion( + string RegistryKey + ); + UInt32 RemoveExclusion( + string RegistryKey + ); + UInt32 FindExclusion( + [in] string RegistryKey, + [out] boolean bFound + ); + UInt32 GetExclusions( + [out, EmbeddedInstance("UWF_ExcludedRegistryKey")] string ExcludedKeys[] + ); + UInt32 CommitRegistry( + [in] string RegistryKey, + [in] string ValueName + ); + UInt32 CommitRegistryDeletion( + string Registrykey, + string ValueName + ); +}; +``` + +## Members + +The following tables list the methods and properties that belong to this class. + +| Method | Description                                                                           | +|--------|-------------| +| [UWF_RegistryFilter.AddExclusion](uwf-registryfilteraddexclusion.md) | Adds a registry key to the registry exclusion list for UWF. | +| [UWF_RegistryFilter.CommitRegistry](uwf-registryfiltercommitregistry.md) | Commits changes to the specified registry key and value. | +| [UWF_RegistryFilter.CommitRegistryDeletion](uwf-registryfiltercommitregistrydeletion.md) | Deletes the specified registry key or registry value and commits the deletion. | +| [UWF_RegistryFilter.FindExclusion](uwf-registryfilterfindexclusion.md) | Determines whether a specific registry key is excluded from being filtered by UWF. | +| [UWF_RegistryFilter.GetExclusions](uwf-registryfiltergetexclusions.md) | Retrieves all registry key exclusions from a system that is protected by UWF | +| [UWF_RegistryFilter.RemoveExclusion](uwf-registryfilterremoveexclusion.md) | Removes a registry key from the registry exclusion list for Unified Write Filter (UWF). | + +### Properties + +| Property | Data type | Qualifiers | Description                                                                       | +|----------|----------------|------------|-------------| +| CurrentSession | Boolean | [key, read] | Indicates which session the object contains settings for.
- **True** if settings are for the current session
- **False** if settings are for the next session that follows a restart. | +| PersistDomainSecretKey | Boolean | [read, write] | Indicates if the domain secret registry key is in the registry exclusion list. If the registry key is not in the exclusion list, changes are not persisted after a restart.
- **True** to include in the exclusion list
- Otherwise **False**. | +| PersistTSCAL | Boolean | [read, write] | Indicates if the Terminal Server Client Access License (TSCAL) registry key is in the UWF registry exclusion list. If the registry key is not in the exclusion list, changes are not persisted after a restart.
- **True** to include in the exclusion list
- Otherwise, set to **False** | + +### Remarks + +Additions or removals of registry exclusions, including changes to the values of **PersistDomainSecretKey** and **PersistTSCAL**, take effect after the next restart in which UWF is enabled. + +You can only add registry keys in the HKLM registry root to the UWF registry exclusion list. + +You can also use **UWF_RegistryFilter** to exclude the domain secret registry key and the TSCAL registry key from UWF filtering. + +### Example + +The following example demonstrates how to manage UWF registry exclusions by using the Windows Management Instrumentation (WMI) provider in a PowerShell script. + +The PowerShell script creates four functions, and then demonstrates how to use them. + +The first function, **Get-RegistryExclusions**, displays a list of UWF registry exclusions for both the current session and the next session that follows a restart. + +The second function, **Add-RegistryExclusion**, adds a registry entry to the UWF registry exclusion list after you restart the device. + +The third function, **Remove-RegistryExclusion**, removes a registry entry from the UWF exclusion list after you restart the device. + +The fourth function, **Clear-RegistryExclusions**, removes all UWF registry exclusions. You must restart the device before UWF stops filtering the exclusions. + +```powershell +$COMPUTER = "EMBEDDEDDEVICE" +$NAMESPACE = "root\standardcimv2\embedded" + +# Define common parameters + +$CommonParams = @{"namespace"=$NAMESPACE; "computer"=$COMPUTER} + +function Get-RegistryExclusions() { + +# This function lists the UWF registry exclusions, both +# for the current session as well as the next session after a restart. + + +# Get the UWF_RegistryFilter configuration for the current session + + $currentConfig = Get-WMIObject -class UWF_RegistryFilter @CommonParams | + where { + $_.CurrentSession -eq $true + }; + +# Get the UWF_RegistryFilter configuration for the next session after a restart + + $nextConfig = Get-WMIObject -class UWF_RegistryFilter @CommonParams | + where { + $_.CurrentSession -eq $false + }; + +# Display registry exclusions for the current session + + if ($currentConfig) { + + Write-Host "" + Write-Host "The following registry entries are currently excluded from UWF filtering:"; + + $currentExcludedList = $currentConfig.GetExclusions() + + if ($currentExcludedList.ExcludedKeys) { + foreach ($registryExclusion in $currentExcludedList.ExcludedKeys) { + Write-Host " " $registryExclusion.RegistryKey + } + } else { + Write-Host " None" + } + } else { + Write-Error "Could not retrieve UWF_RegistryFilter."; +} + +# Display registry exclusions for the next session after a restart + + if ($nextConfig) { + + Write-Host "" + Write-Host "The following registry entries will be excluded from UWF filtering after the next restart:"; + + $nextExcludedList = $nextConfig.GetExclusions() + + if ($nextExcludedList.ExcludedKeys) { + foreach ($registryExclusion in $nextExcludedList.ExcludedKeys) { + Write-Host " " $registryExclusion.RegistryKey + } + } else { + Write-Host " None" + } + Write-Host "" + } +} + +function Add-RegistryExclusion($exclusion) { + +# This function adds a new UWF registry exclusion. +# The new registry exclusion takes effect the next time the device is restarted and UWF is enabled. + +# $exclusion is the path of the registry exclusion + +# Get the UWF_RegistryFilter configuration for the next session after a restart + + $nextConfig = Get-WMIObject -class UWF_RegistryFilter @CommonParams | + where { + $_.CurrentSession -eq $false + }; + +# Add the exclusion + + if ($nextConfig) { + $nextConfig.AddExclusion($exclusion) | Out-Null; + Write-Host "Added exclusion $exclusion."; + } else { + Write-Error "Could not retrieve UWF_RegistryFilter"; + } +} + +function Remove-RegistryExclusion($exclusion) { + +# This function removes a UWF registry exclusion. +# The registry exclusion is removed the next time the device is restarted + +# $exclusion is the path of the registry exclusion + +# Get the UWF_RegistryFilter configuration for the next session after a restart + + $nextConfig = Get-WMIObject -class UWF_RegistryFilter @CommonParams | + where { + $_.CurrentSession -eq $false + }; + +# Try to remove the exclusion + + if ($nextConfig) { + try { + $nextConfig.RemoveExclusion($exclusion) | Out-Null; + Write-Host "Removed exclusion $exclusion."; + } catch { + Write-Host "Could not remove exclusion $exclusion." + } + } else { + Write-Error "Could not retrieve UWF_RegistryFilter"; + } +} + +function Clear-RegistryExclusions() { + +# This function removes all UWF registry exclusions +# The registry exclusions are removed the next time the device is restarted + +# Get the configuration for the next session + + $nextConfig = Get-WMIObject -class UWF_RegistryFilter @CommonParams | + where { + $_.CurrentSession -eq $false + }; + +# Remove all registry exclusions + + if ($nextConfig) { + + Write-Host "Removing all registry exclusions:"; + + $nextExcludedList = $nextConfig.GetExclusions() + + if ($nextExcludedList) { + foreach ($registryExclusion in $nextExcludedList.ExcludedKeys) { + Write-Host "Removing:" $registryExclusion.RegistryKey + $nextConfig.RemoveExclusion($registryExclusion.RegistryKey) | Out-Null + } + } else { + Write-Host "No registry exclusions to remove." + } + Write-Host "" + } +} + +# Some examples of using the functions + +Clear-RegistryExclusions + +Get-RegistryExclusions + +Add-RegistryExclusion "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer" +Add-RegistryExclusion "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers\(Default)" + +Get-RegistryExclusions + +Remove-RegistryExclusion "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer" + +Get-RegistryExclusions + +Clear-RegistryExclusions +``` + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-registryfilteraddexclusion.md b/windows/configuration/unified-write-filter/uwf-registryfilteraddexclusion.md new file mode 100644 index 00000000000..83ea618dd2a --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-registryfilteraddexclusion.md @@ -0,0 +1,60 @@ +--- +title: UWF_RegistryFilter.AddExclusion +description: UWF_RegistryFilter.AddExclusion +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_RegistryFilter.AddExclusion + +Adds a registry key to the registry exclusion list for Unified Write Filter (UWF). + +> [!IMPORTANT] +> Only registry subkeys under the following registry keys can be added to the exclusion list. +> +> - HKEY_LOCAL_MACHINE\BCD00000000 +> - HKEY_LOCAL_MACHINE\SYSTEM +> - HKEY_LOCAL_MACHINE\SOFTWARE +> - HKEY_LOCAL_MACHINE\SAM +> - HKEY_LOCAL_MACHINE\SECURITY +> - HKEY_LOCAL_MACHINE\COMPONENTS + +> [!IMPORTANT] +> Excluding a registry key from filtering also excludes all subkeys from filtering. + +## Syntax + +```powershell +UInt32 AddExclusion( + string RegistryKey +); +``` + +## Parameters + +**RegistryKey**
A string that contains the full path of the registry key. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +You must restart the device before the registry key is excluded from UWF filtering. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_RegistryFilter](uwf-registryfilter.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-registryfiltercommitregistry.md b/windows/configuration/unified-write-filter/uwf-registryfiltercommitregistry.md new file mode 100644 index 00000000000..38adff90ceb --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-registryfiltercommitregistry.md @@ -0,0 +1,52 @@ +--- +title: UWF_RegistryFilter.CommitRegistry +description: UWF_RegistryFilter.CommitRegistry +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_RegistryFilter.CommitRegistry + +Commits changes to the specified registry key and value. + +## Syntax + +```powershell +UInt32 CommitRegistry( + [in] string RegistryKey, + [in] string ValueName +); +``` + +## Parameters + +**RegistryKey**
A string that contains the full path of the registry key to be committed. + +**ValueName**
A string that contains the name of the value to be committed. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +This method will commit only the value specified by *ValueName* under *RegistryKey* if *ValueName* is specified. + +You must use an administrator account to change any properties or call any methods that change the configuration settings. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_RegistryFilter](uwf-registryfilter.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-registryfiltercommitregistrydeletion.md b/windows/configuration/unified-write-filter/uwf-registryfiltercommitregistrydeletion.md new file mode 100644 index 00000000000..e5adc198efb --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-registryfiltercommitregistrydeletion.md @@ -0,0 +1,54 @@ +--- +title: UWF_RegistryFilter.CommitRegistryDeletion +description: UWF_RegistryFilter.CommitRegistryDeletion +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_RegistryFilter.CommitRegistryDeletion + +Deletes the specified registry key or registry value and commits the deletion. + +## Syntax + +```powershell +UInt32 CommitRegistryDeletion( + string Registrykey, + string ValueName +); +``` + +## Parameters + +**RegistryKey**
A string that contains the full path of the registry key that contains the value to be deleted. If *ValueName* is empty, the entire registry key is deleted. + +**ValueName**
A string that contains the name of the value to be deleted. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +If *ValueName* is specified, this method will delete only the value specified by *ValueName* that is contained by *RegistryKey*. If *ValueName* is empty, the entire *RegistryKey* and all its sub keys are deleted. + +This method deletes the registry key or registry value from both the overlay and the persistent storage. + +You must use an administrator account to change any properties or call any methods that change the configuration settings. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_RegistryFilter](uwf-registryfilter.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-registryfilterfindexclusion.md b/windows/configuration/unified-write-filter/uwf-registryfilterfindexclusion.md new file mode 100644 index 00000000000..3e26b636059 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-registryfilterfindexclusion.md @@ -0,0 +1,46 @@ +--- +title: UWF_RegistryFilter.FindExclusion +description: UWF_RegistryFilter.FindExclusion +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_RegistryFilter.FindExclusion + +Checks if a specific registry key is excluded from being filtered by Unified Write Filter (UWF). + +## Syntax + +```powershell +UInt32 FindExclusion( + [in] string RegistryKey, + [out] boolean bFound +); +``` + +## Parameters + +**RegistryKey**
\[in\] A string that contains the full path of the registry key. + +**bFound**
\[out\] Indicates if the *RegistryKey* is in the exclusion list of registry keys. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_RegistryFilter](uwf-registryfilter.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-registryfiltergetexclusions.md b/windows/configuration/unified-write-filter/uwf-registryfiltergetexclusions.md new file mode 100644 index 00000000000..6db6bc51492 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-registryfiltergetexclusions.md @@ -0,0 +1,47 @@ +--- +title: UWF_RegistryFilter.GetExclusions +description: UWF_RegistryFilter.GetExclusions +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_RegistryFilter.GetExclusions + +Retrieves all registry key exclusions from a device that is protected by Unified Write Filter (UWF). + +## Syntax + +```powershell +UInt32 GetExclusions( + [out, EmbeddedInstance("UWF_ExcludedRegistryKey")] string ExcludedKeys[] +); +``` + +## Parameters + +**ExcludedKeys**
\[out\] An array of [UWF_ExcludedRegistryKey](uwf-excludedregistrykey.md) objects that represent the registry keys excluded from UWF filtering. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +If this method does not find any registry keys in the registry key exclusion list, it sets the *ExcludedKeys* parameter to null. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_RegistryFilter](uwf-registryfilter.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-registryfilterremoveexclusion.md b/windows/configuration/unified-write-filter/uwf-registryfilterremoveexclusion.md new file mode 100644 index 00000000000..7b1896236cd --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-registryfilterremoveexclusion.md @@ -0,0 +1,47 @@ +--- +title: UWF_RegistryFilter.RemoveExclusion +description: UWF_RegistryFilter.RemoveExclusion +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_RegistryFilter.RemoveExclusion + +Removes a registry key from the registry exclusion list for Unified Write Filter (UWF). + +## Syntax + +```powershell +UInt32 RemoveExclusion( + string RegistryKey +); +``` + +## Parameters + +**RegistryKey**
A string that contains the full path of the registry key. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +You must restart the device before the registry key is excluded from UWF filtering. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_RegistryFilter](uwf-registryfilter.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-servicing-screen-saver.md b/windows/configuration/unified-write-filter/uwf-servicing-screen-saver.md new file mode 100644 index 00000000000..083b743ba9b --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-servicing-screen-saver.md @@ -0,0 +1,53 @@ +--- +title: UWF servicing screen saver +description: UWF servicing screen saver +author: TerryWarwick +ms.author: twarwick +ms.date: 05/02/2017 +ms.topic: reference +--- + +# UWF servicing screen saver + +The default settings for the Unified Write Filter (UWF) servicing screen saver can be changed through the Windows registry to use custom text, title, font, and color settings. + +The UWF servicing screen saver (UwfServicingScr.scr) is located in the \\Windows\\System32 folder. + +> [!IMPORTANT] +> When UWF is installed on your device, when you right-click on the **Desktop**, and then click **Personalize** > **Screen Saver**, the UWF servicing screen saver will appear in the list of available screen savers in the **Screen Saver Settings** dialog box. + +Do not select **UwfServicingScr** as the screen saver and then click **Preview**, as you will not be able to exit the UWF servicing screen saver by moving the mouse or pressing a key. The only way to exit the UWF servicing screen saver in this case is by pressing the Ctrl+Alt+Delete keys. + +## Modify the default registry settings for the UWF servicing screen saver + +1. To modify the default registry settings for the UWF servicing screen saver, from the example shown here, change the values in a text editor, and then save as a .reg file (for example, Overridescreensaver.reg). + + ```powershell + Windows Registry Editor Version 5.00 + [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Embedded\ServicingScreenSaver] + "ColorBackground"=dword:000000ff + "ColorText"=dword:0000ff00 + "ColorProgress"=dword:00ff0000 + "ScreenSaverTitle"="Device" + "ScreenSaverSubTitle"="Servicing device…" + "HideScreenSaverText"=dword:00000000 + "HideScreenSaverProgress"=dword:00000000 + "Font"="Algerian" + ``` + +1. On the device, open a command prompt as an administrator. For Windows Shell, to open a command prompt, do the following: + 1. In Windows Explorer, move to \\Windows\\System32, right-click **cmd.exe**, and then click **Run as Administrator**. + 1. Accept the UAC prompt. +1. To apply the custom registry settings for the screen saver to the device, type the following command: + + ```powershell + regedit.exe /s overridescreensaver.reg + ``` + +The next time the device enters UWF servicing mode, the UwfServicingScr.scr screen saver will use the custom settings. + +## Related topics + +[Service UWF-protected devices](service-uwf-protected-devices.md) + +[Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-servicing.md b/windows/configuration/unified-write-filter/uwf-servicing.md new file mode 100644 index 00000000000..1c0665abf20 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-servicing.md @@ -0,0 +1,101 @@ +--- +title: UWF_Servicing +description: UWF_Servicing +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Servicing + +This class contains properties and methods that enable you to query and control Unified Write Filter (UWF) servicing mode. + +## Syntax + +```powershell +class UWF_Servicing { + [key, read] boolean CurrentSession; + [read] boolean ServicingEnabled; + + UInt32 Enable(); + UInt32 Disable(); + UInt32 UpdateWindows( + [out] UInt32 UpdateStatus + ); +}; +``` + +## Members + +The following tables list the methods and properties that belong to this class. + +### Methods + +| Method | Description                                                                      | +|--------|-------------| +|[UWF_Servicing.Disable](uwf-servicingdisable.md) | Disables Unified Write Filter (UWF) servicing mode.
The system leaves servicing mode in the next session that follows a restart. | +| [UWF_Servicing.Enable](uwf-servicingenable.md) | Enables Unified Write Filter (UWF) servicing mode.
The system enters servicing mode in the next session that follows a restart. | +| [UWF_Servicing.UpdateWindows](uwf-servicingupdatewindows.md) | Calls Windows Update to download and install critical and security updates for your device running Windows 10 Enterprise. | + +### Properties + +| Property | Data type | Qualifiers | Description                                                                     & | +|----------|----------------|------------|-------------| +| CurrentSession | Boolean | [key, read] | Indicates when to enable servicing.
- **True** if servicing is enabled in the current session
- **False** if servicing will be enabled in the session that follows a restart. | +| ServiceEnabled | Boolean | [read] | Indicates if the system is in servicing mode in the current session, or will be in servicing mode in the next session that follows a restart.
- **True** if servicing is enabled
- otherwise, **False**. | + +### Remarks + +This class only has two instances, one for the current session, and another for the next session that follows a restart. + +### Example + +The following example shows how to enable and disable UWF servicing mode on a device by using the Windows Management Instrumentation (WMI) provider in a PowerShell script. + +```powershell +$COMPUTER = "localhost" +$NAMESPACE = "root\standardcimv2\embedded" + +# Define common parameters + +$CommonParams = @{"namespace"=$NAMESPACE; "computer"=$COMPUTER} + +# Enable UWF servicing + +$nextSession = Get-WmiObject -class UWF_Servicing @CommonParams | where { + $_.CurrentSession -eq $false +} + +if ($nextSession) { + + $nextSession.Enable() | Out-Null; + Write-Host "This device is enabled for servicing mode after the next restart." +} + +# Disable UWF servicing + +$nextSession = Get-WmiObject -class UWF_Servicing @CommonParams | where { + $_.CurrentSession -eq $false +} + +if ($nextSession) { + + $nextSession.Disable() | Out-Null; + Write-Host "Servicing mode is now disabled for this device." +} +``` + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-servicingdisable.md b/windows/configuration/unified-write-filter/uwf-servicingdisable.md new file mode 100644 index 00000000000..e8736b990c7 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-servicingdisable.md @@ -0,0 +1,45 @@ +--- +title: UWF_Servicing.Disable +description: UWF_Servicing.Disable +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Servicing.Disable + +Disables Unified Write Filter (UWF) servicing mode. + +## Syntax + +```powershell +UInt32 Disable(); +``` + +## Parameters + +None. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +When this method is called, the system will leave servicing mode in the next session after a restart. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Servicing](uwf-servicing.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-servicingenable.md b/windows/configuration/unified-write-filter/uwf-servicingenable.md new file mode 100644 index 00000000000..0ee3e2e4b7c --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-servicingenable.md @@ -0,0 +1,45 @@ +--- +title: UWF_Servicing.Enable +description: UWF_Servicing.Enable +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Servicing.Enable + +Enables Unified Write Filter (UWF) servicing mode. + +## Syntax + +```powershell +UInt32 Enable(); +``` + +## Parameters + +None. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +When this method is called, the system will enter servicing mode in the next session after a restart. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Servicing](uwf-servicing.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-servicingupdatewindows.md b/windows/configuration/unified-write-filter/uwf-servicingupdatewindows.md new file mode 100644 index 00000000000..a71d86741f9 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-servicingupdatewindows.md @@ -0,0 +1,55 @@ +--- +title: UWF_Servicing.UpdateWindows +description: UWF_Servicing.UpdateWindows +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Servicing.UpdateWindows + +Calls Windows Update to download and install critical and security updates for your device running Windows 10 Enterprise. + +## Syntax + +```powershell +UInt32 UpdateWindows( + [out] UInt32 UpdateStatus +); +``` + +## Parameters + +**UpdateStatus**
\[out\] An integer that contains the status of the Windows Update operation, according to the following table: + +| UpdateStatus | Description | +|:----------------:|-------------------| +| 0 | Success. | +| 3010 | Restart required. | +| Any other value. | Generic error. | + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +This method is meant to be used as part of a servicing script. For more information, see [Service UWF-protected devices](service-uwf-protected-devices.md). + +This method does not disable or enable Unified Write Filter (UWF). If you call this method while UWF is enabled, updates may be lost when the device restarts. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Servicing](uwf-servicing.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-turnonuwf.md b/windows/configuration/unified-write-filter/uwf-turnonuwf.md new file mode 100644 index 00000000000..f535a9f4feb --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-turnonuwf.md @@ -0,0 +1,148 @@ +--- +title: Unified Write Filter (UWF) feature (uwf-turnonuwf) +description: Unified Write Filter (UWF) feature (uwf-turnonuwf) +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: article +ms.custom: RS5 +--- + +# Use the Unified Write Filter (UWF) feature + +The Unified Write Filter (UWF) is an Windows 10 optional feature. + +To use UWF, you'll first need to install the feature. + +Next, you'll enable (and optionally configure) the feature. The first time you enable UWF on your device, UWF makes the following changes to your system to improve the performance of UWF: + +- Paging files are disabled. +- System restore is disabled. +- SuperFetch (aka "SysMain" service) is disabled. +- File indexing service is turned off. +- Fast boot is disabled. +- Defragmentation service (aka "Optimize drives" service) is turned off. +- BCD setting **bootstatuspolicy** is set to **ignoreallfailures**. + +After UWF is enabled, you can finally select a drive to protect and start using UWF. If you'll disable after enable it, features above will not be turned on automatically. + +You can install UWF for running PCs and devices, prepare it for customized Windows images, or manage it remotely using CSP or WMI. + +## Turn on UWF on a running PC + +1. Install the feature: + + 1. Click Start, type **Turn Windows features on or off**. + + 1. In the **Windows Features** window, expand the **Device Lockdown** node, and check **Unified Write Filter** > **OK**. + + The **Windows Features** window indicates Windows is searching for required files and displays a progress bar. Once found, the window indicates Windows is applying the changes. When completed, the window indicates the requested changes are completed. + + 1. Click **Close** to close the **Windows Features** window. + +1. Enable the filter: + + ```cmd + uwfmgr filter enable + ``` + + > [!Note] + > After you run this command, restart the computer and exit the servicing mode, the following things are disabled: + > - Windows Update (by setting HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate.) + > - Windows Store Update (by setting HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore\AutoDownload.) + > - Registry Reorganization (by setting HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Configuration Manager\RegistryReorganizationLimitDays.) + > - Maintenance Hour (by setting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Maintenance\MaintenanceDisabled.) + > + > After you run `uwfmgr filter disable`, restart the computer and enter the serving mode, the changes will be reverted. + +1. Enable write protection for a drive: + + ```cmd + uwfmgr.exe volume protect C: + ``` + +1. Restart your computer. + +1. Confirm that UWF is running: + + ```cmd + uwfmgr.exe get-config + ``` + +## Install UWF on a customized Windows image + +1. Open a command prompt with administrator privileges. +1. Copy install.wim to a temporary folder on hard drive (in the following steps, we'll assume it's called C:\\wim). +1. Create a new directory. + + ```cmd + md c:\wim + ``` + +1. Mount the image. + + ```cmd + dism /mount-wim /wimfile:c:\bootmedia\sources\install.wim /index:1 /MountDir:c:\wim + ``` + +1. Enable the feature. + + ```cmd + dism /image:c:\wim /enable-feature /featureName:Client-UnifiedWriteFilter + ``` + +1. Commit the change. + + ```cmd + dism /unmount-wim /MountDir:c:\wim /Commit + ``` + +To activate UWF, you can use a command-line script, CSP, or WMI: + +- [CMD](uwfmgrexe.md): `uwfmgr filter enable`, then `uwfmgr.exe volume protect C:` +- [CSP](/windows/client-management/mdm/unifiedwritefilter-csp): `CurrentSession/FilterEnabled`, then `CurrentSession/Volume` +- [WMI](uwf-wmi-provider-reference.md): `UWF\Filter.Enable`, then `UWF\Volume`. + +## Install the UWF feature by using Windows Configuration Designer + +1. Create a provisioning package in Windows Configuration Designer by following the instructions in [Create a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package). + + > [!Note] + > When setting the file exclusion in Windows Configuration Designer, you do not need to specify the drive letter since that is already input via the Volume protection setting. For example, if the file being excluded is `C:\testdir\test.txt`, after adding a drive in Volume protection, you only need to input `\testdir\test.txt` to add this file exclusion. + +1. In the Available customizations page, select **Runtime settings** > **SMISettings** and then set the value for the Unified Write Filter setting. + +1. Once you have finished configuring the settings and building the provisioning package, you can apply the package to the image deployment time or runtime. See [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) for more information. + +To activate UWF, you can use a command-line script, CSP, or WMI: + +- [CMD](uwfmgrexe.md): `uwfmgr filter enable`, then `uwfmgr.exe volume protect C:` +- [CSP](/windows/client-management/mdm/unifiedwritefilter-csp): `CurrentSession/FilterEnabled`, then `CurrentSession/Volume` +- [WMI](uwf-wmi-provider-reference.md): `UWF\Filter.Enable`, then `UWF\Volume`. + +## Install the UWF feature by using Windows Management Instrumentation (WMI) + +If Windows has already been installed and you do not want to use a provisioning package, you can also configure UWF by using the Windows Management Instrumentation (WMI) providers. To turn on UWF using WMI, you can use the [UWF_Filter](uwf-filter.md) function, specifically the [UWF_Filter.Enable](uwf-filterenable.md) method. You can do this in one of the following ways: + +- Use the WMI providers directly in a PowerShell script. +- Use the WMI providers directly in an application. +- Use the command line tool, [uwfmgr.exe](uwfmgrexe.md). + +You must restart your device after you turn on or turn off UWF before the change takes effect. + +You can change these settings after you turn on UWF if you want to. For example, you can move the page file location to an unprotected volume and re-enable paging files. + +> [!Important] +> If you add UWF to your image by using SMI settings in an unattend.xml file, turning on UWF only sets the **bootstatuspolicy** BCD setting and turns off the defragmentation service. In this case, you must manually turn off the other features and services if you want to increase the performance of UWF. + +All configuration settings for UWF are stored in the registry. UWF automatically excludes these registry entries from filtering. + +UWF maintains configuration settings in the registry for the current session and for the next session after a device restart. Static configuration changes do not take effect until after a device restart, and these changes are saved in the registry entries for the next session. Dynamic configuration changes occur immediately and persist after a device restart. + +## Related topics + +[Unified Write Filter](unified-write-filter.md) + +[Unified Write Filter WMI provider reference](uwf-wmi-provider-reference.md) + +UWF Command-line tool: [uwfmgr.exe](uwfmgrexe.md) diff --git a/windows/configuration/unified-write-filter/uwf-volume.md b/windows/configuration/unified-write-filter/uwf-volume.md new file mode 100644 index 00000000000..1f02de4bc5e --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-volume.md @@ -0,0 +1,313 @@ +--- +title: UWF_Volume +description: UWF_Volume +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Volume + +This class manages a volume protected by Unified Write Filter (UWF). + +## Syntax + +```powershell +class UWF_Volume { + [key, Read] boolean CurrentSession; + [key, Read] string DriveLetter; + [key, Read] string VolumeName; + [Read, Write] boolean BindByDriveLetter; + [Read] boolean CommitPending; + [Read, Write] boolean Protected; + + UInt32 CommitFile([in] string FileFullPath); + UInt32 CommitFileDeletion(string FileName); + UInt32 Protect(); + UInt32 Unprotect(); + UInt32 SetBindByDriveLetter(boolean bBindByVolumeName); + UInt32 AddExclusion(string FileName); + UInt32 RemoveExclusion(string FileName); + UInt32 RemoveAllExclusions(); + UInt32 FindExclusion([in] string FileName, [out] bFound); + UInt32 GetExclusions([out, EmbeddedInstance("UWF_ExcludedFile")] string ExcludedFiles[]); + +}; +``` + +## Members + +The following tables list the methods and properties that belong to this class. + +### Methods + +| Method | Description | +|--------|-------------| +| [UWF_Volume.AddExclusion](uwf-volumeaddexclusion.md) | Adds a file or folder to the file exclusion list for a volume protected byUWF. | +| [UWF_Volume.CommitFile](uwf-volumecommitfile.md) | Commits changes from the overlay to the physical volume for a specified file on a volume protected by Unified Write Filter (UWF). | +| [UWF_Volume.CommitFileDeletion](uwf-volumecommitfiledeletion.md) | Deletes a protected file from the volume, and commits the deletion to the physical volume. | +| [UWF_Volume.FindExclusion](uwf-volumefindexclusion.md) | Determines whether a specific file or folder is in the exclusion list for a volume protected byUWF. | +| [UWF_Volume.GetExclusions](uwf-volumegetexclusions.md) | Retrieves a list of all file exclusions for a volume protected byUWF. | +| [UWF_Volume.Protect](uwf-volumeprotect.md) | Protects the volume after the next system restart, if UWF is enabled after the restart. | +| [UWF_Volume.RemoveAllExclusions](uwf-volumeremoveallexclusions.md) | Removes all files and folders from the file exclusion list for a volume protected by UWF. | +| [UWF_Volume.RemoveExclusion](uwf-volumeremoveexclusion.md) | Removes a specific file or folder from the file exclusion list for a volume protected byUWF. | +| [UWF_Volume.SetBindByDriveLetter](uwf-volumesetbindbydriveletter.md) | Sets the **BindByDriveLetter** property, which indicates whether the UWF volume is bound to the physical volume by drive letter or by volume name. | +| [UWF_Volume.Unprotect](uwf-volumeunprotect.md) | Disables UWF protection of the volume after the next system restart. | + +### Properties + +| Property | Data type | Qualifiers | Description | +|----------|----------------|------------|-------------| +| **BindByDriveLetter** | Boolean | [read, write] | Indicates the type of binding that the volume uses.
- **True** to bind the volume by **DriveLetter**(loose binding)
- **False** to bind the volume by **VolumeName** (tight binding). | +| **CommitPending** | Boolean | [read] | Reserved for Microsoft use.| +| **CurrentSession** | Boolean | [key, read] | Indicates which session the object contains settings for.
- **True** if settings are for the current session
- **False** if settings are for the next session that follows a restart. | +| **DriveLetter** | string | [key, read] | The drive letter of the volume. If the volume does not have a drive letter, this value is **NULL**. | +| **Protected** | Boolean | [read, write] | If **CurrentSession** is **true**, indicates whether the volume is currently protected by UWF.
If **CurrentSession** is **false**, indicates whether the volume is protected in the next session after the device restarts. | +| **VolumeName** | string | [key, read] | The unique identifier of the volume on the current system. The **VolumeName** is the same as the **DeviceID** property of the [Win32_Volume](/previous-versions/windows/desktop/legacy/aa394515(v=vs.85)) class for the volume. | + +### Remarks + +You must use an administrator account to change any properties or call any methods that change the configuration settings. + +### Turn UWF protection on or off + +The following example demonstrates how to protect or unprotect a volume with UWF by using the Windows Management Instrumentation (WMI) provider in a PowerShell script. + +The PowerShellscript creates a function, **Set-ProtectVolume**, that turns UWF protection on or off for a volume. The script then demonstrates how to use the function. + +```powershell +$COMPUTER = "localhost" +$NAMESPACE = "root\standardcimv2\embedded" + +# Define common parameters + +$CommonParams = @{"namespace"=$NAMESPACE; "computer"=$COMPUTER} + +# Create a function to protect or unprotect a volume based on the drive letter of the volume + +function Set-ProtectVolume($driveLetter, [bool] $enabled) { + +# Each volume has two entries in UWF_Volume, one for the current session and one for the next session after a restart +# You can only change the protection status of a drive for the next session + + $nextConfig = Get-WMIObject -class UWF_Volume @CommonParams | + where { + $_.DriveLetter -eq "$driveLetter" -and $_.CurrentSession -eq $false + }; + +# If a volume entry is found for the drive letter, enable or disable protection based on the $enabled parameter + + if ($nextConfig) { + + Write-Host "Setting drive protection on $driveLetter to $enabled" + + if ($Enabled -eq $true) { + $nextConfig.Protect() | Out-Null; + } else { + $nextConfig.Unprotect() | Out-Null; + } + } + +# If the drive letter does not match a volume, create a new UWF_volume instance + + else { + Write-Host "Error: Could not find $driveLetter. Protection is not enabled." + } +} + +# The following sample commands demonstrate how to use the Set-ProtectVolume function +# to protect and unprotect volumes + +Set-ProtectVolume "C:" $true +Set-ProtectVolume "D:" $true + +Set-ProtectVolume "C:" $false +``` + +### Manage UWF file and folder exclusions + +The following example demonstrates how to manage UWF file and folder exclusions by using the WMI provider in a PowerShell script. The PowerShell script creates four functions, and then demonstrates how to use them. + +The first function, **Get-FileExclusions**, displays a list of UWF file exclusions that exist on a volume. Exclusions for both the current session and the next session that follows a restart are displayed. + +The second function, **Add-FileExclusion**, adds a file or folder to the UWF exclusion list for a given volume. The exclusion is added for the next session that follows a restart. + +The third function, **Remove-FileExclusion**, removes a file or folder from the UWF exclusion list for a given volume. The exclusion is removed for the next session that follows a restart. + +The fourth function, **Clear-FileExclusions**, removes all UWF file and folder exclusions from a given volume. The exclusions are removed for the next session that follows a restart. + +```powershell +$COMPUTER = "localhost" +$NAMESPACE = "root\standardcimv2\embedded" + +# Define common parameters + +$CommonParams = @{"namespace"=$NAMESPACE; "computer"=$COMPUTER} + +function Get-FileExclusions($driveLetter) { + +# This function lists the UWF file exclusions for a volume, both +# for the current session as well as the next session after a restart + +# $driveLetter is the drive letter of the volume + +# Get the UWF_Volume configuration for the current session + + $currentConfig = Get-WMIObject -class UWF_Volume @CommonParams | + where { + $_.DriveLetter -eq "$driveLetter" -and $_.CurrentSession -eq $true + }; + +# Get the UWF_Volume configuration for the next session after a restart + + $nextConfig = Get-WMIObject -class UWF_Volume @CommonParams | + where { + $_.DriveLetter -eq "$driveLetter" -and $_.CurrentSession -eq $false + }; + +# Display file exclusions for the current session + + if ($currentConfig) { + + Write-Host "The following files and folders are currently excluded from UWF filtering for $driveLetter"; + + $currentExcludedList = $currentConfig.GetExclusions() + + if ($currentExcludedList) { + foreach ($fileExclusion in $currentExcludedList.ExcludedFiles) { + Write-Host " " $fileExclusion.FileName + } + } else { + Write-Host " None" + } + } else { + Write-Error "Could not find drive $driveLetter"; +} + +# Display file exclusions for the next session after a restart + + if ($nextConfig) { + + Write-Host "" + Write-Host "The following files and folders will be excluded from UWF filtering for $driveLetter after the next restart:"; + + $nextExcludedList = $nextConfig.GetExclusions() + + if ($nextExcludedList) { + foreach ($fileExclusion in $nextExcludedList.ExcludedFiles) { + Write-Host " " $fileExclusion.FileName + } + } else { + Write-Host " None" + } + + Write-Host "" + } +} + +function Add-FileExclusion($driveLetter, $exclusion) { + +# This function adds a new UWF file exclusion to a volume +# The new file exclusion takes effect the next time the device is restarted and UWF is enabled + +# $driveLetter is the drive letter of the volume +# $exclusion is the path and filename of the file or folder exclusion + +# Get the configuration for the next session for the volume + + $nextConfig = Get-WMIObject -class UWF_Volume @CommonParams | + where { + $_.DriveLetter -eq "$driveLetter" -and $_.CurrentSession -eq $false + }; + +# Add the exclusion + + if ($nextConfig) { + $nextConfig.AddExclusion($exclusion) | Out-Null; + Write-Host "Added exclusion $exclusion for $driveLetter"; + } else { + Write-Error "Could not find drive $driveLetter"; + } +} + +function Remove-FileExclusion($driveLetter, $exclusion) { + +# This function removes a UWF file exclusion from a volume +# The file exclusion is removed the next time the device is restarted + +# $driveLetter is the drive letter of the volume +# $exclusion is the path and filename of the file or folder exclusion + +# Get the configuration for the next session for the volume + + $nextConfig = Get-WMIObject -class UWF_Volume @CommonParams | + where { + $_.DriveLetter -eq "$driveLetter" -and $_.CurrentSession -eq $false + }; + +# Try to remove the exclusion + + if ($nextConfig) { + try { + $nextConfig.RemoveExclusion($exclusion) | Out-Null; + Write-Host "Removed exclusion $exclusion for $driveLetter"; + } catch { + Write-Host "Could not remove exclusion $exclusion on drive $driveLetter" + } + } else { + Write-Error "Could not find drive $driveLetter"; + } +} + +function Clear-FileExclusions($driveLetter) { + +# This function removes all UWF file exclusions on a volume +# The file exclusions are removed the next time the device is restarted + +# $driveLetter is the drive letter of the volume + +# Get the configuration for the next session for the volume + + $nextConfig = Get-WMIObject -class UWF_Volume @CommonParams | + where { + $_.DriveLetter -eq "$driveLetter" -and $_.CurrentSession -eq $false + }; + +# Remove all file and folder exclusions + + if ($nextConfig) { + $nextConfig.RemoveAllExclusions() | Out-Null; + Write-Host "Cleared all exclusions for $driveLetter"; + } else { + Write-Error "Could not clear exclusions for drive $driveLetter"; + } +} + +# Some examples of using the functions + +Clear-FileExclusions "C:" + +Add-FileExclusion "C:" "\Users\Public\Public Documents" +Add-FileExclusion "C:" "\myfolder\myfile.txt" + +Get-FileExclusions "C:" + +Remove-FileExclusion "C:" "\myfolder\myfile.txt" + +Get-FileExclusions "C:" +``` + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumeaddexclusion.md b/windows/configuration/unified-write-filter/uwf-volumeaddexclusion.md new file mode 100644 index 00000000000..44d19c02bbb --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-volumeaddexclusion.md @@ -0,0 +1,58 @@ +--- +title: UWF_Volume.AddExclusion +description: UWF_Volume.AddExclusion +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Volume.AddExclusion + +Adds a file or folder to the file exclusion list for a volume protected by Unified Write Filter (UWF). + +## Syntax + +```powershell +UInt32 AddExclusion( + string FileName +); +``` + +## Parameters + +**FileName**
A string that contains the full path of the file or folder relative to the volume. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +You must use an administrator account to add or remove file or folder exclusions during run time, and you must restart the device for new exclusions to take effect. + +> [!IMPORTANT] +> You can’t add exclusions for the following items: +> +> - The volume root. For example, C: or D:. +> - The \Windows folder on the system volume. +> - The \Windows\System32 folder on the system volume. +> - The \Windows\system32\drivers folder on the system volume. +> - Paging files. + +However, you can exclude subdirectories and files under these items. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Volume](uwf-volume.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumecommitfile.md b/windows/configuration/unified-write-filter/uwf-volumecommitfile.md new file mode 100644 index 00000000000..619372906bc --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-volumecommitfile.md @@ -0,0 +1,49 @@ +--- +title: UWF_Volume.CommitFile +description: UWF_Volume.CommitFile +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Volume.CommitFile + +Commits changes from the overlay to the physical volume for a specified file on a volume protected by Unified Write Filter (UWF). + +## Syntax + +```powershell +UInt32 CommitFile( + [in] string FileName +); +``` + +## Parameters + +**FileName**
\[in\] A string that contains the path of the file to commit on the overlay, but does not include the drive letter or volume name. For example, β€œ\\users\\test.dat”. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error constant](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +The *FileName* must contain the name of a file that exists. The **CommitFile** method cannot commit a file that does not exist. + +You must use an administrator account to change any properties or call any methods that change the configuration settings. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Volume](uwf-volume.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumecommitfiledeletion.md b/windows/configuration/unified-write-filter/uwf-volumecommitfiledeletion.md new file mode 100644 index 00000000000..57f99a289be --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-volumecommitfiledeletion.md @@ -0,0 +1,49 @@ +--- +title: UWF_Volume.CommitFileDeletion +description: UWF_Volume.CommitFileDeletion +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Volume.CommitFileDeletion + +Deletes the specified file and commits the deletion to the physical volume. + +## Syntax + +```powershell +UInt32 CommitFileDeletion( + string FileName +); +``` + +## Parameters + +**FileName**
\[in\] A string that contains the path of the file to delete, but does not include the drive letter or volume name. For example: β€œ\\users\\test.dat”. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error constant](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +The *FileName* must contain the name of a file that exists on the physical volume. The **CommitFileDeletion** method cannot delete a file that does not exist. + +You must use an administrator account to call this method. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Volume](uwf-volume.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumefindexclusion.md b/windows/configuration/unified-write-filter/uwf-volumefindexclusion.md new file mode 100644 index 00000000000..d8b16ea8d0a --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-volumefindexclusion.md @@ -0,0 +1,50 @@ +--- +title: UWF_Volume.FindExclusion +description: UWF_Volume.FindExclusion +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Volume.FindExclusion + +Checks if a specific file or folder is in the exclusion list for a volume protected by Unified Write Filter (UWF). + +## Syntax + +```powershell +UInt32 FindExclusion ( + [in] string FileName, + [out] boolean bFound +); +``` + +## Parameters + +**FileName**
\[in\] A string that contains the full path of the file or folder relative to the volume. + +**bFound**
\[out\] Indicates if *FileName* is in the file exclusion list for the volume. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error constant](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +**FindExclusion** sets *bFound* to **true** only for file and folder exclusions that have been explicitly added to the exclusion list. Files and subfolders that are in an excluded folder are not identified as excluded by **FindExclusion**, unless they have been explicitly excluded. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Volume](uwf-volume.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumegetexclusions.md b/windows/configuration/unified-write-filter/uwf-volumegetexclusions.md new file mode 100644 index 00000000000..ecbe5098bd9 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-volumegetexclusions.md @@ -0,0 +1,47 @@ +--- +title: UWF_Volume.GetExclusions +description: UWF_Volume.GetExclusions +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Volume.GetExclusions + +Gets a list of all file exclusions for a Unified Write Filter (UWF) protected volume. + +## Syntax + +```powershell +UInt32 GetExclusions( + [out, EmbeddedInstance("UWF_ExcludedFile")] string ExcludedFiles[] +); +``` + +## Parameters + +**ExcludedFiles**
\[out\] An array of [UWF_ExcludedFile](uwf-excludedfile.md) objects that represent the files and folders that are excluded from UWF filtering for a volume. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error constant](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +If **GetExclusions** does not find any files or folders in the file exclusion list for the volume, **GetExclusions** sets the *ExcludedFiles* parameter to null. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Volume](uwf-volume.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumeprotect.md b/windows/configuration/unified-write-filter/uwf-volumeprotect.md new file mode 100644 index 00000000000..a52bdd6a4a2 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-volumeprotect.md @@ -0,0 +1,47 @@ +--- +title: UWF_Volume.Protect +description: UWF_Volume.Protect +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Volume.Protect + +Enables Unified Write Filter (UWF) to protect the volume after the next system restart, if UWF is enabled after the restart. + +## Syntax + +```powershell +UInt32 Protect(); +``` + +## Parameters + +None. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error constant](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +UWF starts protecting the volume after the next device restart in which UWF is enabled. + +This method does not enable UWF if it is disabled; you must explicitly enable UWF for the next session to start volume protection. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Volume](uwf-volume.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumeremoveallexclusions.md b/windows/configuration/unified-write-filter/uwf-volumeremoveallexclusions.md new file mode 100644 index 00000000000..251adcaf1b9 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-volumeremoveallexclusions.md @@ -0,0 +1,47 @@ +--- +title: UWF_Volume.RemoveAllExclusions +description: UWF_Volume.RemoveAllExclusions +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Volume.RemoveAllExclusions + +Removes all files and folders from the file exclusion list for a volume protected by Unified Write Filter (UWF). + +## Syntax + +```powershell +UInt32 RemoveAllExclusions(); +``` + +## Parameters + +None. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI errorj constant](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +This command does not remove registry exclusions. + +You must use an administrator account to remove file or folder exclusions, and you must restart the device for this change to take effect. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Volume](uwf-volume.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumeremoveexclusion.md b/windows/configuration/unified-write-filter/uwf-volumeremoveexclusion.md new file mode 100644 index 00000000000..f473d6eb4c8 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-volumeremoveexclusion.md @@ -0,0 +1,47 @@ +--- +title: UWF_Volume.RemoveExclusion +description: UWF_Volume.RemoveExclusion +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Volume.RemoveExclusion + +Removes a specific file or folder from the file exclusion list for a volume protected by Unified Write Filter (UWF). + +## Syntax + +```powershell +UInt32 RemoveExclusion( + string FileName +); +``` + +## Parameters + +**FileName**
A string that contains the full path of the file or folder relative to the volume. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error constant](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +You must use an administrator account to remove file or folder exclusions, and you must restart the device for this change to take effect. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Volume](uwf-volume.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumesetbindbydriveletter.md b/windows/configuration/unified-write-filter/uwf-volumesetbindbydriveletter.md new file mode 100644 index 00000000000..bbd6e554185 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-volumesetbindbydriveletter.md @@ -0,0 +1,52 @@ +--- +title: UWF_Volume.SetBindByDriveLetter +description: UWF_Volume.SetBindByDriveLetter +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Volume.SetBindByDriveLetter + +Sets the **BindByDriveLetter** property, which indicates if the Unified Write Filter (UWF) volume is bound to the physical volume by drive letter or volume name. + +## Syntax + +```powereshell +UInt32 SetBindByDriveLetter( + boolean bBindByDriveLetter +); +``` + +## Parameters + +**bBindByDriveLetter**
A Boolean value that indicates the type of binding to use. The **BindByDriveLetter** property is set to this value. + +| Value | Description | +|:------:|--------------| +| **true** | Binds the UWF volume by the drive letter (*loose binding*). | +| **false** | Binds the UWF volume by the volume name (*tight binding*). | + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +Binding by volume name is considered more reliable than binding by drive letter, since drive letters can change for a volume if devices are added or removed. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Volume](uwf-volume.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumeunprotect.md b/windows/configuration/unified-write-filter/uwf-volumeunprotect.md new file mode 100644 index 00000000000..dda739d5931 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-volumeunprotect.md @@ -0,0 +1,45 @@ +--- +title: UWF_Volume.Unprotect +description: UWF_Volume.Unprotect +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# UWF_Volume.Unprotect + +Disables UWF protection of the volume after the next system restart. + +## Syntax + +```powershell +UInt32 Unprotect(); +``` + +## Parameters + +None. + +## Return Value + +Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error constant](/windows/win32/wmisdk/wmi-error-constants). + +## Remarks + +Unprotecting the volume does not remove the [UWF_Volume](uwf-volume.md) entry or any configuration settings from the UWF configuration registry. This means that you can unprotect a volume, and then protect it again later, while keeping any file exclusions or volume configurations that you have defined. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [UWF_Volume](uwf-volume.md) +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwf-wes7-ewf-to-win10-uwf.md b/windows/configuration/unified-write-filter/uwf-wes7-ewf-to-win10-uwf.md new file mode 100644 index 00000000000..3702170620d --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-wes7-ewf-to-win10-uwf.md @@ -0,0 +1,60 @@ +--- +title: Windows Embedded Systems7 Enhanced Write Filter to Windows 10 Unified Write Filter +description: Migration of WES7 EWF to Win10 UWF +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# Windows Embedded Systems 7 Enhanced Write Filter to Windows 10 Unified Write Filter + +**Allowing UWF swapfile (aka. DISK Overlay) to be created and used on any volume**
We added ability for Overlay in DISK mode to use file on any available volume unrelated to whether the volume is protected or not. The main purpose for the change is to allow booting from devices susceptible to wear by writings (such as Flash/SD/SSD devices) while redirecting the DISK overlay to less β€œprecious” media. Prior to that change, DISK mode Overlay was exclusively restricted to OS (aka C:) volume. + +:::image type="content" source="images/administratorcommandprompt.png" alt-text="This is a administrator command prompt"::: + +New subcommand β€œcreate-swapfile” was introduced under β€œuwfmgr.exe volume” to allow user control over the location of the DISK mode Overlay swapfile. This command requires volume DOS name (such as C:, D:, and so on.) or volume GUID as argument. The initial size of the file is deduced from the size of the Overlay at the time and may be later changed by issuing β€œuwfmgr.exe overlay set-size” subcommand. +The new subcommand β€œcreate-swapfile” is only allowed when UWF filter is disabled and UWF Overlay is in DISK mode. + +## Read Only Media mode + +Read Only Mode allows elimination of all and any writes to the physical storage device, even metadata writes that does not have any effect on a files content. Read Only Media mode can be easily configured using UWF to get into it and out of it. The new functionality supports many popular scenarios that users of legacy WES7 EWF volume-based filter used. +The new subcommand "set-rom-mode" was introduced under "uwfmgr.exe. overlay" to allow the user to enable/disable Read-Only Media mode. + +:::image type="content" source="images/administratorcompactprompt.png" alt-text="This is a administrator compact prompt"::: + +This subcommand requires "on" or "off" argument. Read-Only Media mode can be enabled only when UWF is currently disabled. The mode can be disabled, if UWF is currently enabled, but after β€œoff” command is issued there is no way to re-enable Read-Only Media mode until the next reboot. Also, UWF can be enabled/disabled while in Read-Only Media mode, but such β€œstate change” will result in files and/or metadata to be changed on physical device protected by UWF. + +> [!NOTE] +> +>- After enabling Read-Only Media mode, all writes will be filtered out as earlier as next reboot, so anything that is written until then may cause changes on the physical device. +>- All existing exclusions are ignored (nonfunctional) and no file/registry commits are possible in Read Only Media mode. See "*Full Volume Commit*" in this document). +>- Enabling Read Only Media mode is only possible when UWF is configured to use RAM overlay. + +:::image type="content" source="images/overlaysettings.png" alt-text="This is a overlay settings"::: + +UWF CSP provider was updated by allowing setting new bit (0x4) in CFG_DATATYPE_INTEGER UnifiedWriteFilter\NextSession\OverlayFlags property. + +After the implementation of Read-Only Media mode we were able to make HORM mode transitions significantly more consistent, safe, and reliable. To enable HORM mode, UWF must be configured and booted into Read Only Media mode, which eliminates the need for user to care about exclusions and situation where HORM enablement is not possible by other reasons. + +### Full Volume Commit in Read-Only Media mode + +After introduction of Read-Only Media mode, we were able to implement ability to commit entire state of the UWF protected volumes to the physical disk at once, which was architecturally impossible before in presence of active file/registry exclusions. + +The new subcommand β€œcommit” was introduced under "uwfmgr.exe overlay" to allow the user to commit all accumulated changes since, previous boot and all following changes until next reboot to the underlying physical device. After successful β€œfull volume commit” and until the next reboot OS behaves like being totally unprotected. Protection is restored on the next reboot. + +:::image type="content" source="images/administratorprompt.png" alt-text="This is a administrator prompt"::: + +> [!NOTE] +> +>- UWF must be enabled and configured in Read-Only Media mode +>- UWF must not be in HORM mode: +> HORM mode cannot be enabled after Full Volume Commit and before the next reboot. +> +>- UWF can be disabled after Full Volume Commit + +UWF CSP provider was updated by adding read/write CFG_DATATYPE_BOOLEAN β€œUnifiedWriteFilter\CurrentSession\OverlayCommit” property, which indicates if Full Overlay Commit was issued after the last boot. Setting that property from zero (FALSE) to non-zero value (TRUE) causes immediate Full Volume Commit to be performed. Setting this property to zero (FALSE) if its current value is non-zero (TRUE) is not allowed. + +Customer can easily determine "Full Volume Commit" state by checking current configuration (for example, uwfmgr get-config): + +:::image type="content" source="images/fullvolumecommit.png" alt-text="This is a full volume commit"::: diff --git a/windows/configuration/unified-write-filter/uwf-wmi-provider-reference.md b/windows/configuration/unified-write-filter/uwf-wmi-provider-reference.md new file mode 100644 index 00000000000..55b113a0986 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwf-wmi-provider-reference.md @@ -0,0 +1,45 @@ +--- +title: Unified Write Filter WMI provider reference +description: Unified Write Filter WMI provider reference +author: TerryWarwick +ms.author: twarwick +ms.date: 05/20/2024 +ms.topic: reference +--- + +# Unified Write Filter WMI provider reference + +To help protect physical storage media, you can use the WMI providers for Unified Write Filter (UWF) to configure UWF. + +This section describes the WMI provider classes for UWF. + +## In this section + +| Classes | Description | +|---------|-------------| +| [UWF_ExcludedFile](uwf-excludedfile.md) | A container class that contains the files and folders that are currently in the file exclusion list for a volume protected by UWF.| +| [UWF_ExcludedRegistryKey](uwf-excludedregistrykey.md) | A container class that contains the registry keys that are currently in the registry key exclusion list for UWF. | +| [UWF_Filter](uwf-filter.md) | Enables or disables Unified Write Filter (UWF), resets configuration settings for UWF, and shuts down or restarts your device. | +| [UWF_Overlay](uwf-overlay.md) | Contains the current size of the UWF overlay and manages the critical and warning thresholds for the overlay size. | +| [UWF_OverlayConfig](uwf-overlayconfig.md) | Manages the configuration of the UWF overlay. | +| [UWF_OverlayFile](uwf-overlayfile.md) | Displays and configures global settings for the UWF overlay. You can modify the maximum size and the type of the UWF overlay. | +| [UWF_RegistryFilter](uwf-registryfilter.md) | Adds or removes registry exclusions from UWF filtering. | +| [UWF_Servicing](uwf-servicing.md) | Contains properties and methods that enable you to query and control UWF servicing mode. | +| [UWF_Volume](uwf-volume.md) | Manages a volume protected by UWF. | + +> [!NOTE] +> We recommend setting the authentication level to PacketIntegrity or PacketPrivacy for remote clients when you connect to WMI providers under root\\standardcimv2\\embedded when using WMI scripts or applications. For more information about how to use authentication with WMI providers, see this [WMI Enhancements in Windows PowerShell 2.0 CTP](/previous-versions/windows/it-pro/windows-powershell-1.0/ff730973(v=technet.10)) on TechNet. + +## Requirements + +| Windows Edition | Supported | +|:-----------------------|:---------:| +| Windows Home | No | +| Windows Pro | No | +| Windows Enterprise | Yes | +| Windows Education | Yes | +| Windows IoT Enterprise | Yes | + +## Related topics + +- [uwfmgr.exe](uwfmgrexe.md) diff --git a/windows/configuration/unified-write-filter/uwfexclusions.md b/windows/configuration/unified-write-filter/uwfexclusions.md new file mode 100644 index 00000000000..aa2615cd04d --- /dev/null +++ b/windows/configuration/unified-write-filter/uwfexclusions.md @@ -0,0 +1,191 @@ +--- +title: Common write filter exclusions +description: Common write filter exclusions +author: TerryWarwick +ms.author: twarwick +ms.date: 08/11/2023 +ms.topic: reference +--- + +# Write filter exclusions + +You can add specific files or folders on a protected volume to a file exclusion list. When a file or folder is in the exclusion list all writes to that file or folder persists through a device restart. + +You must use an administrator account to add or remove file or folder exclusions during run time, and you must restart the device for new exclusions to take effect. + +> [!IMPORTANT] +> Adding files and folders to exclusions will not reduce overlay consumption. Exclusions are intended to allow small amounts of data and configuration to persist after the device restarts. +> +> Don't add exclusions for the following: +> +> - \Windows\System32\config\DEFAULT +> - \Windows\System32\config\SAM +> - \Windows\System32\config\SECURITY +> - \Windows\System32\config\SOFTWARE +> - \Windows\System32\config\SYSTEM +> - \Users\\NTUSER.DAT +> - \Windows\BOOTSTAT.DAT +> - %System Drive%\EFI\Microsoft\Boot\BOOTSTAT.DAT +> - %System Drive%\Boot\BOOTSTAT.DAT +> +> Also, don't add exclusions for the following: +> +> - The volume root. For example, C: or D:. +> - The `\Windows` folder on the system volume. +> - The `\Windows\System32` folder on the system volume. +> - The `\Windows\System32\Drivers` folder on the system volume. +> - Paging files. +> +> Adding an exclusion for any of these items is unsupported and may lead to unpredictable results. +> It's OK to exclude subdirectories and files under these locations. +> +> Folders need to exist prior to adding them to the exclusion list. +> + +You can't rename or move a file or folder from a protected location to an unprotected location, or vice versa. An error occurs if you attempt to delete a file folder in the exclusion list on a write filter protected volume. In this case, Windows attempts to move the file or folder to the Recycle Bin. The Recycle Bin isn't in the exclusion list. You can't move files that are in the exclusion list to a location that is write filter protected. + +You can work around this error using one of the following options: + +- Disable the Recycle Bin +- User can press Ctrl+Shift and then left-click on the file to directly delete the excluded file to bypass the Recycle Bin. +- User can delete the excluded file directly from a command prompt. + +You must restart the device for new exclusions to take effect. + +## Virtual Hard Disk (VHD) file exclusions + +When you deploy a Windows image with UWF on a VHD boot disk, you can protect the volume that contains the VHD file by adding a file exclusion for the VHD file before enabling UWF and protecting the volume. + +To add a file exclusion for the VHD file at an administrator command prompt: + +```cmd +uwfmgr.exe file add-exclusion :\\.vhd +``` + +For example: + +```cmd +uwfmgr.exe file add-exclusion E:\VHD\test.vhd +``` + +## Registry exclusions + +You can add specific registry keys to an exclusion list to exclude those keys from UWF protection. When a registry key is in the exclusion list, all writes to that registry key bypass UWF filtering and are written directly to the registry and persist after the device restarts. + +You must use an administrator account to add or remove registry exclusions during run time, and you must restart the device for new exclusions to take effect. + +If you exclude a registry key, all its subkeys are also excluded from filtering. You can exclude registry subkeys only under the following registry keys: + +- `HKEY\LOCAL\MACHINE\BCD00000000` +- `HKEY\LOCAL\MACHINE\SYSTEM` +- `HKEY\LOCAL\MACHINE\SOFTWARE` +- `HKEY\LOCAL\MACHINE\SAM` +- `HKEY\LOCAL\MACHINE\SECURITY` +- `HKEY\LOCAL\MACHINE\COMPONENTS` + +> [!IMPORTANT] +> Don't add exclusions for the following: +> +> - `HKLM\SECURITY\Policy\Secrets\$MACHINE.ACC` + +> [!NOTE] +> UWF automatically excludes certain registry keys from being filtered. These registry keys are primarily related to UWF configuration settings and cannot be removed from the exclusion list. + +For more information about common registry exclusions, see [Common write filter exclusions](uwfexclusions.md). + +## Common write-filter exclusions + +Some services and features write information to a device’s persistent volume, and expect that information to be present across device restarts. You may need to configure your write filter to allow for specific file and registry exclusions in order for these services and features to work correctly. + +This article lists registry and file exclusions that can help enable some common services and features to work correctly when write filters are enabled. + +If you're running any antivirus or security software in addition to UWF, consult with your antivirus vendor for advice on how to configure their solution in a UWF environment. You may need to add a UWF exclusion for the signature or update folder. + +### Customer Experience Improvement Program (CEIP) + +When you choose to participate in the CEIP, your computer or device automatically sends information to Microsoft about how you use certain products. Information from your computer or device is combined with other CEIP data to help Microsoft solve problems and to improve the products and features customers use most often. + +CEIP data is stored in files that have a `.sqm` file name extension. To make sure that the CEIP data in the `.sqm` files is available on a device that has write filters enabled, you can add file and folder exclusions for the `.sqm` files and folders. + +To locate the `.sqm` files and folders on your device, search for `.sqm` files by using File Explorer. Alternately, at a command prompt with administrator rights at the root of the drive, type the following command to obtain a list of `.sqm` files on the device: + +```powershell +dir *.sqm /s +``` + +Add file and folder exclusions as required for any `.sqm` files located on your device. + +Add registry exclusions for the following registry keys: + +- `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows\CEIPEnable` +- `HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\CEIPEnable` +- `HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\UploadDisableFlag` + +### Background Intelligent Transfer Service (BITS) + +Background Intelligent Transfer Service (BITS) downloads or uploads files between a client and server and provides progress information related to the transfers. + +Add file exclusions for the following folders and files: + +- `%ALLUSERSPROFILE%*\Microsoft\Network\Downloader` + +Add registry exclusions for the following registry keys: + +- `HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\BITS\StateIndex` + +### Windows Explorer + +If you attempt to delete an excluded file or folder on a protected volume using Windows Explorer, you experience an error. In this case, Windows attempt to move the file or folder to the Recycle Bin, which isn't in the exclusion list. The write filter doesn't support moving a file or folder in the exclusion list to a location that is write filter protected. + +You can work around this error using one of the following options: + +- Disable the Recycle Bin +- User can press Ctrl+Shift and then left-click on the file to directly delete the excluded file to bypass the Recycle Bin. +- User can delete the excluded file directly from a command prompt. + +### Networks + +When you use write filters on your device, you can add file and registry exclusions to enable your device to join wired and wireless networks. The following file and registry exclusions may be required on your device. + +Client Group Policy Object (GPO) registry keys: + +- Wireless: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Wireless\GPTWirelessPolicy` +- Wired: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WiredL2\GP_Policy` + +GPO policy files: + +- Wireless: `C:\Windows\wlansvc\Policies` +- Wired: `C:\Windows\dot2svc\Policies` + +Interface profile registry keys: + +- Wireless: `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\wlansvc` +- Wired: `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dot3svc` + +Interface policy file: + +- Wireless: `C:\ProgramData\Microsoft\wlansvc\Profiles\Interfaces\{***<Interface GUID>***}\{***<Profile GUID>***}.xml` +- Wired: `C:\ProgramData\Microsoft\dot3svc\Profiles\Interfaces\{***<Interface GUID>***}\{***<Profile GUID>***}.xml` + +Services registry keys: + +- Wireless: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wlansvc` +- Wireless: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WwanSvc` +- Wired: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dot3svc` + +> [!IMPORTANT] +> Folders need to exist prior to adding them to the exclusion list. +> + +### Daylight saving time (DST) + +You can add the following registry exclusions to persist daylight saving time (DST) settings on your device. + +- `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones` +- `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation` + +## Related articles + +- [Unified Write Filter](unified-write-filter.md) +- [Service UWF-protected devices](service-uwf-protected-devices.md) +- [Unified Write Filter WMI provider reference](uwf-wmi-provider-reference.md) diff --git a/windows/configuration/unified-write-filter/uwfmgrexe.md b/windows/configuration/unified-write-filter/uwfmgrexe.md new file mode 100644 index 00000000000..3b0273edda2 --- /dev/null +++ b/windows/configuration/unified-write-filter/uwfmgrexe.md @@ -0,0 +1,216 @@ +--- +title: uwfmgr.exe +description: uwfmgr.exe +author: TerryWarwick +ms.author: twarwick +ms.date: 10/02/2018 +ms.topic: reference +--- + +# uwfmgr.exe + +The UWFMgr tool can be used at the command-line or in PowerShell to configure and retrieve settings for [Unified Write Filter (UWF)](unified-write-filter.md). + +> [!IMPORTANT] +> Users with standard accounts can use commands that retrieve information, but only users who have administrator accounts can use commands that change the configuration settings. + +## Syntax + +```powershell +uwfmgr.exe + Help | ? + Get-Config + Filter + Help | ? + Enable + Disable + Reset-Settings + Shutdown + Restart + Volume + Help | ? + Get-Config { | all} + Protect { | all} + Unprotect + File + Help | ? + Get-Exclusions { | all} + Add-Exclusion + Remove-Exclusion + Commit + Commit-Delete + Registry + Help | ? + Get-Exclusions + Add-Exclusion + Remove-Exclusion + Commit [] + Commit-Delete [] + Overlay + Help | ? + Get-Config + Get-AvailableSpace + Get-Consumption + Set-Size + Set-Type {RAM | DISK} + Set-WarningThreshold + Set-CriticalThreshold + Set-Passthrough + Set-Persistent + Reset-PersistentState + Servicing + Enable + Disable + Update-Windows + Get-Config + Help +``` + +## Location + +**Uwfmgr** can be found under the %WINDIR%\\System32\\ folder. + +## Command-line options and parameters + +The following list describes the options and sub-options that are available to use in **uwfmgr.exe**, and it lists the corresponding WMI class or method for each command-line option and sub-option (if available). + +- **Help | ?** + - Displays command-line help for basic parameters for **uwfmgr.exe**. +- **Get-Config** + - Displays UWF configuration settings for the current and next session. +- **Filter** + - Configures basic UWF settings. + - [UWF_Filter](uwf-filter.md) + - *Enable* + - Enables UWF protection for the next session after a system restart. + - [UWF_Filter.Enable](uwf-filterenable.md) + - *Disable* + - Disables UWF protection for the next session after a system restart. + - [UWF_Filter.Disable](uwf-filterdisable.md) + - *Reset-Settings* + - Restores UWF settings to the original state.
If you added UWF to your image by using **Turn Windows features on or off** or by using DISM, the original state is the state of UWF settings when UWF was first enabled.
If you added UWF to your image by using SMI settings in an unattend file, the original state is the state of UWF settings when Windows was installed on the device. **Starting in Windows 10, this command is no longer supported.** + - [UWF_Filter.ResetSettings](uwf-filterresetsettings.md) + - *Shutdown* + - Shuts down the device immediately, even if the overlay is full or near full. Administrator-level permissions are required to use this command. + - [UWF_Filter.ShutdownSystem](uwf-filtershutdownsystem.md) + - *Restart* + - Shuts down the device immediately and restarts, even if the overlay is full or near full. Administrator-level permissions are required to use this command. + - [UWF_Filter.RestartSystem](uwf-filterrestartsystem.md) +- **Volume** + - Configures settings for volumes protected by UWF. If the *<volume>* argument is needed, you can specify a drive letter (for example, `uwfmgr.exe volume protect C:`), or else you can specify all volumes (for example, `uwfmgr.exe volume get-config all`). + - [UWF_Volume](uwf-volume.md) + - *Help | ?* + - Displays command-line help for the `uwfmgr.exe volume` command. + - *Get-Config* {*<volume>* | all} + - Displays configuration settings and file exclusions for the specified volume, or all volumes if **all** is specified. Displays information for both the current and the next session. + - [UWF_Volume](uwf-volume.md) + - *Protect* {*<volume>* | all} + - Adds the specified volume to the list of volumes that are protected by UWF. UWF starts protecting the volume after the next system restart if UWF filtering is enabled. + - [UWF_Volume.Protect](uwf-volumeprotect.md) + - *Unprotect* *<volume>* + - Removes the specified volume from the list of volumes that are protected by UWF. UWF stops protecting the volume after the next system restart. + - [UWF_Volume.Unprotect](uwf-volumeunprotect.md) +- **File** + - Configures file exclusion settings for UWF. If you use the *<file>* argument, it must be fully qualified, including the volume and path. **uwfmgr.exe** uses the volume specified in the *<file>* argument to determine which volume contains the file exclusion list for the file. + - [UWF_Volume](uwf-volume.md) + - *Help | ?* + - Displays command-line help for the `uwfmgr.exe file` command. + - *Get-Exclusions* {*<volume>* | all} + - Displays all files and directories in the exclusion list for the specified volume (for example, `uwfmgr.exe file Get-Exclusions C:`), or all volumes if **all** is specified. Displays information for both the current and the next session. + - [UWF_Volume.GetExclusions](uwf-volumegetexclusions.md) + - *Add-Exclusion* *<file>* + - Adds the specified file to the file exclusion list of the volume protected by UWF. UWF starts excluding the file from filtering after the next system restart. + - [UWF_Volume.AddExclusion](uwf-volumeaddexclusion.md) + - *Remove-Exclusion* *<file>* + - Removes the specified file from the file exclusion list of the volume protected by UWF. UWF stops excluding the file from filtering after the next system restart. + - [UWF_Volume.RemoveExclusion](uwf-volumeremoveexclusion.md) + - *Commit* *<file>* + - Commits changes to a specified file to overlay for a UWF-protected volume. Administrator-level permissions are required to use this command. + - [UWF_Volume.CommitFile](uwf-volumecommitfile.md) + - *Commit-Delete* *<file>* + - Deletes the specified file from both the overlay and the physical volume. Administrator-level permissions are required to use this command. + - [UWF_Volume.CommitFileDeletion](uwf-volumecommitfiledeletion.md) +- **Registry** + - Configures registry key exclusion settings for UWF. + - [UWF_RegistryFilter](uwf-registryfilter.md) + - *Help | ?* + - Displays command-line help for the `uwfmgr.exe registry` command. + - *Get-Exclusions* + - Displays all registry keys in the registry exclusion list. Displays information for both the current and the next session. + - [UWF_RegistryFilter.GetExclusions](uwf-registryfiltergetexclusions.md) + - *Add-Exclusion<key>* + - Adds the specified registry key to the registry exclusion list for UWF. UWF starts excluding the registry key from filtering after the next system restart. + - [UWF_RegistryFilter.AddExclusion](uwf-registryfilteraddexclusion.md) + - *Remove-Exclusion* *<key>* + - Removes the specified registry key from the registry exclusion list for UWF. UWF stops excluding the registry key from filtering after the next system restart. + - [UWF_RegistryFilter.RemoveExclusion](uwf-registryfilterremoveexclusion.md) + - *Commit* *<key> <value>* + - Commits changes to the specified key and value. Administrator-level permissions are required to use this command. + - [UWF_RegistryFilter.CommitRegistry](uwf-registryfiltercommitregistry.md) + - *Commit-Delete* *<key> \[<value>\]* + - Deletes the specified registry key and value and commits the deletion. Deletes all values and subkeys if the value is empty, and commits the deletion. Administrator-level permissions are required to use this command. + - [UWF_RegistryFilter.CommitRegistryDeletion](uwf-registryfiltercommitregistrydeletion.md) +- **Overlay** + - Configures settings for the UWF overlay. + - [UWF_Overlay](uwf-overlay.md) and [UWF_OverlayConfig](uwf-overlayconfig.md) + - *Help | ?* + - Displays command-line help for the `uwfmgr.exe overlay` command. + - *Get-Config* + - Displays configuration settings for the UWF overlay. Displays information for both the current and the next session. + - [UWF_Overlay](uwf-overlay.md) and [UWF_OverlayConfig](uwf-overlayconfig.md) + - *Get-AvailableSpace* + - Displays the amount of space remaining that is available for the UWF overlay. + - [UWF_Overlay](uwf-overlay.md) + - *Get-Consumption* + - Displays the amount of space currently used by the UWF overlay. + - [UWF_Overlay](uwf-overlay.md) + - *Set-Size* *<size>* + - Sets the maximum size of the UWF overlay, in megabytes, for the next session after a system restart. + - [UWF_OverlayConfig.SetMaximumSize](uwf-overlayconfigsetmaximumsize.md) + - *Set-Type* {*RAM | DISK*} + - Sets the type of the overlay storage to RAM-based or disk-based. UWF must be disabled in the current session to set the overlay type to disk-based. + - [UWF_OverlayConfig.SetType](uwf-overlayconfigsettype.md) + - *Set-WarningThreshold* *<size>* + - Sets the overlay size, in megabytes, at which the driver issues warning notifications for the current session. + - [UWF_Overlay.SetWarningThreshold](uwf-overlaysetwarningthreshold.md) + - *Set-CriticalThreshold* *<size>* + - Sets the overlay size, in megabytes, at which the driver issues critical notifications for the current session. + - [UWF_Overlay.SetCriticalThreshold](uwf-overlaysetcriticalthreshold.md) + - *Set-Passthrough* ** + - Turns the [free space passthrough](uwfoverlay.md#freespace-passthrough-recommended) on or off, allowing UWF to use free space outside of the reserved space when available. + - *Set-Persistent* ** + - Sets the overlay as a [persistent overlay](uwfoverlay.md#persistent-overlay), allowing users to keep using their data after a reboot. + - *Reset-PersistentState* ** + - Clears a persistent overlay on the next boot (on/off). + +- **Servicing** + - Configures settings for UWF servicing mode. + - [UWF_Servicing](uwf-servicing.md) + - *Enable* + - Enables servicing mode in the next session after a restart. Administrator-level permissions are required to use this command. + - [UWF_Servicing.Enable](uwf-servicingenable.md) + - *Disable* + - Disables UWF servicing mode in the next session after a restart. Administrator-level permissions are required to use this command. + - [UWF_Servicing.Disable](uwf-servicingdisable.md) + - *Update-Windows* + - Stand-alone command to apply Windows updates to a device. Called by the master servicing script that is called by the `uwfmgr.exe servicing enable` command. We recommend that you use the `uwfmgr.exe servicing enable` command to service your UWF–protected device whenever possible. Administrator-level permissions are required to use this command. + - [UWF_Servicing.UpdateWindows](uwf-servicingupdatewindows.md) + - *Get-Config* + - Displays UWF servicing mode information for the current session and the next session. + - [UWF_Servicing](uwf-servicing.md) + - *Help* + - Displays command-line help for the `uwfmgr.exe servicing` command. + +## Unsupported WMI methods + +The following list contains the UWF WMI provider methods that are not currently supported by the **uwfmgr.exe** tool: + +- [UWF_Overlay.GetOverlayFiles](uwf-overlaygetoverlayfiles.md) +- [UWF_RegistryFilter.FindExclusion](uwf-registryfilterfindexclusion.md) +- [UWF_Volume.FindExclusion](uwf-volumefindexclusion.md) +- [UWF_Volume.RemoveAllExclusions](uwf-volumeremoveallexclusions.md) +- [UWF_Volume.SetBindByDriveLetter](uwf-volumesetbindbydriveletter.md) + +## Related topics + +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwfoverlay.md b/windows/configuration/unified-write-filter/uwfoverlay.md new file mode 100644 index 00000000000..cc5b904b9bd --- /dev/null +++ b/windows/configuration/unified-write-filter/uwfoverlay.md @@ -0,0 +1,135 @@ +--- +title: Overlay for Unified Write Filter (UWF) +description: Overlay for Unified Write Filter (UWF) +author: TerryWarwick +ms.author: twarwick +ms.date: 10/02/2018 +ms.topic: reference +--- + +# Unified Write Filter (UWF) overlay location and size + +The Unified Write Filter (UWF) protects the contents of a volume by intercepting write attempts to a protected volume and redirects those write attempts to a virtual overlay. + +You can choose where the overlay is stored (RAM or disk), how much space is reserved, and what happens when the overlay fills up. + +To increase uptime, set up monitoring to check if your overlay is filling up. At certain levels, your device can warn users and/or reboot the device. + +## RAM overlay vs. disk overlay + +- **RAM overlay (default)**: The virtual overlay is stored in RAM, and is cleared after a reboot. + + - By writing to RAM, you can reduce the wear on write-sensitive media like solid-state drives. + - RAM is often more limited than drive space. As the drive overlay fills up the available RAM, device performance could be reduced, and users will eventually be prompted to reboot the device. If your users are expected to make many large writes to the overlay, consider using a disk overlay instead. + +- **Disk overlay**: The virtual overlay is stored in a temporary location on the drive. By default, the overlay is cleared on reboot. + + - You can use [freespace passthrough](#freespace-passthrough-recommended) to use additional free space on the drive beyond the reserved virtual overlay space. + - On Windows 10, version 1803, you can use [persistent overlay](#persistent-overlay) to allow users to save work in the virtual overlay even after a reboot. + +## Overlay size + +- Default=1024MB. Set with: + - [CMD](uwfmgrexe.md): `uwfmgr overlay set-size` + - [CSP](/windows/client-management/mdm/unifiedwritefilter-csp): `NextSession/MaximumOverlaySize` + - [WMI](uwf-overlayconfigsetmaximumsize.md): `UWF\Overlay.SetMaximumSize` + +When planning device rollouts, we recommend optimizing the overlay size to fit your needs. + +For RAM overlays, you'll need to budget some RAM for the system. For example, if the OS requires 2 GB of RAM, and your device has 4 GB of RAM, set the maximum size of the overlay to 2048MB (2 GB) or less. + +We recommend enabling UWF on a test device, installing the necessary apps, and putting the device through usage simulations. You can use this Powershell script to find out which files are consuming space: + +```powershell +$wmiobject = get-wmiobject -Namespace "root\standardcimv2\embedded" -Class UWF_Overlay +$files = $wmiobject.GetOverlayFiles("c:") +$files.OverlayFiles | select-object -Property FileName,FileSize | export-csv -Path D:\output.csv +``` + +The amount of overlay used will depend on: + +- Device usage patterns. +- Apps that can be accessed. (Some apps have high write volumes and will fill up the overlay faster.) +- Time between resets. +- When files are deleted, UWF removes them from the overlay and returns the freed resources to the available pool. + +### Warnings and critical events + +As the drive overlay fills up the available space, you can warn your users that they're running out of space, and prompt them to reboot the device or to run a script to clear the overlay. + +1. Set warning levels and critical levels (optional). When the overlay is filled to this value, UWF writes an Event Tracing for Windows (ETW) message. + + - **Warning level**: Default=512MB. Set with: + - [CMD](uwfmgrexe.md): `uwfmgr overlay set-warningthreshold` + - [CSP](/windows/client-management/mdm/unifiedwritefilter-csp): `NextSession/WarningOverlayThreshold` + - [WMI](uwf-overlaysetwarningthreshold.md): `UWF_Overlay.SetWarningThreshold` + - **Critical level**: Default=1024MB. Set with: + - [CMD](uwfmgrexe.md): `uwfmgr overlay set-criticalthreshold` + - [CSP](/windows/client-management/mdm/unifiedwritefilter-csp): `NextSession/CriticalOverlayThreshold` + - [WMI](uwf-overlaysetcriticalthreshold.md): `UWF_Overlay.SetCriticalThreshold` + + Note, these settings will take affect after the next reboot. + +1. Use Task Scheduler to detect the ETW message and to warn users to wrap up their work on the device so they do not lose their content before the overlay is cleared. You can also provide a link to script to clear the contents of the overlay. + + Create tasks that trigger on the event that the **System** log receives an event ID from **uwfvol**: + + | Overlay usage | Source | Level | Event ID | + |---------------------|---------|-------------|----------| + | Warning threshold | uwfvol | Warning | 1 | + | Critical threshold | uwfvol | Error | 2 | + | Back to normal | uwfvol | Information | 3 | + +1. Reboot the device. + +### Freespace passthrough (recommended) + +On devices with a disk overlay, you can use freespace passthrough to access your drive's additional free space. + +You'll still need to reserve some space on the disk for the overlay. This space is used to manage the overlay, and to store overwrites, such as system updates. All other writes are sent to free space on disk. Over time, the reserved overlay will grow slower and slower, because overwrites will just keep replacing one another. + +On devices with a RAM overlay, you can also use freespace passthrough to access your drive's additional free space to reduce overlay usage. +However, freespace passthrough is not recommended for use with a RAM overlay because it does not reduce wear on write-sensitive media like solid-state drives. + +- [CMD](uwfmgrexe.md): uwfmgr overlay set-passthrough (on|off) + +### Persistent overlay + +> [!NOTE] +> This mode is experimental, and we recommend thoroughly testing it before deploying to multiple devices. This option is not used by default. + +On devices with a disk overlay, you can choose to keep working using the overlay data, even after a reboot. This can be helpful in situations where your guest users may need to access for longer periods, and may need to power off the device between uses. + +This option gives your IT department more control over when the overlay is reset. You can also provide your users with scripts that will help them reset the overlay on demand. + +To turn persistent overlay on or off: + +- [CMD](uwfmgrexe.md): uwfmgr overlay set-persistent (on|off) + +To reset the overlay: + +- [CMD](uwfmgrexe.md): `uwfmgr overlay reset-persistentstate on` + +### Overlay exhaustion + +If the size of the overlay is close to or equal to the maximum overlay size, any write attempts will fail, returning an error indicating that there is not enough space to complete the operation. If the overlay on your device reaches this state, your device may become unresponsive and sluggish, and you may need to restart your device. + +When Windows shuts down, it attempts to write a number of files to the disk. If the overlay is full, these write attempts fail, causing Windows to attempt to rewrite the files repeatedly until UWF can determine that the device is trying to shut down and resolve the issue. Attempting to shut down by using normal methods when the overlay is full or near to full can result in the device taking a long time, in some cases up to an hour or longer, to shut down. + +You can often avoid this issue by using UWF to automatically initiate the shut down or restart: + +- **Shut down**: + - [CMD](uwfmgrexe.md): `uwfmgr shutdown` + - [CSP](/windows/client-management/mdm/unifiedwritefilter-csp): `ShutdownSystem` + - [WMI](uwf-filtershutdownsystem.md): `UWF\Filter.ShutdownSystem` + +- **Restart**: + - [CMD](uwfmgrexe.md): `uwfmgr restart` + - [CSP](/windows/client-management/mdm/unifiedwritefilter-csp): `RestartSystem` + - [WMI](uwf-filterrestartsystem.md): `UWF\Filter.RestartSystem` + +Windows 10 19H1 and later will automatically restart if the maximum size of the overlay is exceeded. + +## Related topics + +- [Unified Write Filter](unified-write-filter.md) diff --git a/windows/configuration/unified-write-filter/uwftroubleshooting.md b/windows/configuration/unified-write-filter/uwftroubleshooting.md new file mode 100644 index 00000000000..4ee6237190c --- /dev/null +++ b/windows/configuration/unified-write-filter/uwftroubleshooting.md @@ -0,0 +1,35 @@ +--- +title: Troubleshooting Unified Write Filter (UWF) +description: Troubleshooting Unified Write Filter (UWF) +author: TerryWarwick +ms.author: twarwick +ms.date: 05/02/2017 +ms.topic: reference +--- + +# Troubleshooting Unified Write Filter (UWF) + +Review the log files and error message information locations for Unified Write Filter (UWF) on your Windows 10 Enterprise device. + +If you are having difficulties configuring Unified Write Filter (UWF) on your device, see the following information about how to find event log and error message information for troubleshooting problems with UWF. + +## Event logs + +UWF uses Windows Event Log to log events, errors and messages. + +* Events related to overlay consumption are sent by UWF kernel mode components and are logged in the **Windows Logs\\System** event log. +* Event related to configuration changes and servicing logs are sent by UWF user mode components: + * Error messages are logged in the **Applications and Services Logs\\Microsoft\\Windows\\UnifiedWriteFilter\\Admin** event log. + * Informational messages are logged in the **Applications and Services Logs\\Microsoft\\Windows\\UnifiedWriteFilter\\Operational** event log. + +## Related topics + +[Unified Write Filter](unified-write-filter.md) + +[Common write filter exclusions](uwfexclusions.md) + +[Service UWF-protected devices](service-uwf-protected-devices.md) + +[Unified Write Filter WMI provider reference](uwf-wmi-provider-reference.md) + +[uwfmgr.exe](uwfmgrexe.md) From e763a7d289e66d951bf3ad6538527ba18ed4dc91 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 15 Jan 2025 08:14:17 -0500 Subject: [PATCH 43/91] updates --- windows/configuration/custom-logon/index.md | 2 +- windows/configuration/custom-logon/troubleshoot.md | 1 - windows/configuration/unbranded-boot/index.md | 1 - .../unified-write-filter/uwf-apply-oem-updates.md | 2 +- .../unified-write-filter/uwf-apply-windows-updates.md | 2 +- .../configuration/unified-write-filter/uwf-excludedfile.md | 2 +- .../unified-write-filter/uwf-excludedregistrykey.md | 2 +- windows/configuration/unified-write-filter/uwf-filter.md | 2 +- .../configuration/unified-write-filter/uwf-filterdisable.md | 2 +- .../configuration/unified-write-filter/uwf-filterenable.md | 2 +- .../unified-write-filter/uwf-filterresetsettings.md | 2 +- .../unified-write-filter/uwf-filterrestartsystem.md | 2 +- .../unified-write-filter/uwf-filtershutdownsystem.md | 2 +- .../unified-write-filter/uwf-master-servicing-script.md | 2 +- windows/configuration/unified-write-filter/uwf-overlay.md | 2 +- .../configuration/unified-write-filter/uwf-overlayconfig.md | 2 +- .../unified-write-filter/uwf-overlayconfigsetmaximumsize.md | 2 +- .../unified-write-filter/uwf-overlayconfigsettype.md | 2 +- windows/configuration/unified-write-filter/uwf-overlayfile.md | 2 +- .../unified-write-filter/uwf-overlaygetoverlayfiles.md | 2 +- .../unified-write-filter/uwf-overlaysetcriticalthreshold.md | 2 +- .../unified-write-filter/uwf-overlaysetwarningthreshold.md | 2 +- .../configuration/unified-write-filter/uwf-registryfilter.md | 2 +- .../unified-write-filter/uwf-registryfilteraddexclusion.md | 2 +- .../unified-write-filter/uwf-registryfiltercommitregistry.md | 2 +- .../uwf-registryfiltercommitregistrydeletion.md | 2 +- .../unified-write-filter/uwf-registryfilterfindexclusion.md | 2 +- .../unified-write-filter/uwf-registryfiltergetexclusions.md | 2 +- .../unified-write-filter/uwf-registryfilterremoveexclusion.md | 2 +- .../unified-write-filter/uwf-servicing-screen-saver.md | 2 +- windows/configuration/unified-write-filter/uwf-servicing.md | 2 +- .../unified-write-filter/uwf-servicingdisable.md | 2 +- .../configuration/unified-write-filter/uwf-servicingenable.md | 2 +- .../unified-write-filter/uwf-servicingupdatewindows.md | 2 +- windows/configuration/unified-write-filter/uwf-turnonuwf.md | 4 ++-- windows/configuration/unified-write-filter/uwf-volume.md | 2 +- .../unified-write-filter/uwf-volumeaddexclusion.md | 2 +- .../unified-write-filter/uwf-volumecommitfile.md | 2 +- .../unified-write-filter/uwf-volumecommitfiledeletion.md | 2 +- .../unified-write-filter/uwf-volumefindexclusion.md | 2 +- .../unified-write-filter/uwf-volumegetexclusions.md | 2 +- .../configuration/unified-write-filter/uwf-volumeprotect.md | 2 +- .../unified-write-filter/uwf-volumeremoveallexclusions.md | 2 +- .../unified-write-filter/uwf-volumeremoveexclusion.md | 2 +- .../unified-write-filter/uwf-volumesetbindbydriveletter.md | 2 +- .../configuration/unified-write-filter/uwf-volumeunprotect.md | 2 +- windows/configuration/unified-write-filter/uwfexclusions.md | 2 +- windows/configuration/unified-write-filter/uwfmgrexe.md | 4 ++-- windows/configuration/unified-write-filter/uwfoverlay.md | 2 +- .../configuration/unified-write-filter/uwftroubleshooting.md | 2 +- 50 files changed, 50 insertions(+), 52 deletions(-) diff --git a/windows/configuration/custom-logon/index.md b/windows/configuration/custom-logon/index.md index 9bcdb4c1dfc..fd559d303b6 100644 --- a/windows/configuration/custom-logon/index.md +++ b/windows/configuration/custom-logon/index.md @@ -133,4 +133,4 @@ The following table shows additional customizations that can be made using regis - [Troubleshooting Custom Logon](troubleshoot.md) - [Unbranded Boot](../unbranded-boot/index.md) -- [Shell Launcher](../shell-launcher/index.md) \ No newline at end of file +- [Shell Launcher](../shell-launcher/index.md) diff --git a/windows/configuration/custom-logon/troubleshoot.md b/windows/configuration/custom-logon/troubleshoot.md index 74c76cf7348..6ebdb66b136 100644 --- a/windows/configuration/custom-logon/troubleshoot.md +++ b/windows/configuration/custom-logon/troubleshoot.md @@ -105,4 +105,3 @@ Set the **HideAutoLogonUI** and **AnimationDisabled** settings to **0** (zero). ```cmd net accounts /MaxPWAge:unlimited ``` - diff --git a/windows/configuration/unbranded-boot/index.md b/windows/configuration/unbranded-boot/index.md index ac63ae3d334..5cfc26abced 100644 --- a/windows/configuration/unbranded-boot/index.md +++ b/windows/configuration/unbranded-boot/index.md @@ -52,7 +52,6 @@ BCDEdit is the primary tool for editing the Boot Configuration Database (BCD) of ## Configure Unbranded Boot settings at runtime using BCDEdit - 1. Open a command prompt as an administrator. 1. Run the following command to disable the F8 key during startup to prevent access to the **Advanced startup options** menu. diff --git a/windows/configuration/unified-write-filter/uwf-apply-oem-updates.md b/windows/configuration/unified-write-filter/uwf-apply-oem-updates.md index e6202652cb9..3722ce6d636 100644 --- a/windows/configuration/unified-write-filter/uwf-apply-oem-updates.md +++ b/windows/configuration/unified-write-filter/uwf-apply-oem-updates.md @@ -41,4 +41,4 @@ goto UPDATE_EXIT - [Service UWF-protected devices](service-uwf-protected-devices.md) - [UWF master servicing script](uwf-master-servicing-script.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-apply-windows-updates.md b/windows/configuration/unified-write-filter/uwf-apply-windows-updates.md index 36ddf5619d0..d7a8984f496 100644 --- a/windows/configuration/unified-write-filter/uwf-apply-windows-updates.md +++ b/windows/configuration/unified-write-filter/uwf-apply-windows-updates.md @@ -66,6 +66,6 @@ When Windows update servicing is finished, the system will disable UWF servicing ## Related topics -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) - [UWF master servicing script](uwf-master-servicing-script.md) - [UWF servicing screen saver](uwf-servicing-screen-saver.md) diff --git a/windows/configuration/unified-write-filter/uwf-excludedfile.md b/windows/configuration/unified-write-filter/uwf-excludedfile.md index f9de9c1d4d0..db114b273dd 100644 --- a/windows/configuration/unified-write-filter/uwf-excludedfile.md +++ b/windows/configuration/unified-write-filter/uwf-excludedfile.md @@ -50,4 +50,4 @@ You can use the [UWF_Volume.AddExclusion](uwf-volumeaddexclusion.md) and [UWF_Vo ## Related topics - [Unified Write Filter WMI provider reference](uwf-wmi-provider-reference.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-excludedregistrykey.md b/windows/configuration/unified-write-filter/uwf-excludedregistrykey.md index 27ff296b3bb..c901139f62e 100644 --- a/windows/configuration/unified-write-filter/uwf-excludedregistrykey.md +++ b/windows/configuration/unified-write-filter/uwf-excludedregistrykey.md @@ -50,4 +50,4 @@ You can use the [UWF_Volume.AddExclusion](uwf-volumeaddexclusion.md) and [UWF_Vo ## Related topics - [Unified Write Filter WMI provider reference](uwf-wmi-provider-reference.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-filter.md b/windows/configuration/unified-write-filter/uwf-filter.md index bb8751a406c..db02d267398 100644 --- a/windows/configuration/unified-write-filter/uwf-filter.md +++ b/windows/configuration/unified-write-filter/uwf-filter.md @@ -168,4 +168,4 @@ Display-UWFState ## Related topics - [Unified Write Filter WMI provider reference](uwf-wmi-provider-reference.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-filterdisable.md b/windows/configuration/unified-write-filter/uwf-filterdisable.md index 814de833ac1..029810ab80f 100644 --- a/windows/configuration/unified-write-filter/uwf-filterdisable.md +++ b/windows/configuration/unified-write-filter/uwf-filterdisable.md @@ -42,4 +42,4 @@ You must use an administrator account to disable UWF. ## Related topics - [UWF_Filter](uwf-filter.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-filterenable.md b/windows/configuration/unified-write-filter/uwf-filterenable.md index 8ea287e6dfb..4472d96e5c6 100644 --- a/windows/configuration/unified-write-filter/uwf-filterenable.md +++ b/windows/configuration/unified-write-filter/uwf-filterenable.md @@ -65,4 +65,4 @@ After you run `uwfmgr filter disable`, restart the computer and enter the servin ## Related topics - [UWF_Filter](uwf-filter.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-filterresetsettings.md b/windows/configuration/unified-write-filter/uwf-filterresetsettings.md index fe969637137..26ee33ec26b 100644 --- a/windows/configuration/unified-write-filter/uwf-filterresetsettings.md +++ b/windows/configuration/unified-write-filter/uwf-filterresetsettings.md @@ -46,4 +46,4 @@ If you added UWF to your device by using SMI settings in an unattend.xml file, t ## Related articles - [UWF_Filter](uwf-filter.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-filterrestartsystem.md b/windows/configuration/unified-write-filter/uwf-filterrestartsystem.md index 1de561155b4..afcccc8a1e7 100644 --- a/windows/configuration/unified-write-filter/uwf-filterrestartsystem.md +++ b/windows/configuration/unified-write-filter/uwf-filterrestartsystem.md @@ -47,4 +47,4 @@ If the overlay becomes full while the system is performing a large number of wri ## Related articles - [UWF_Filter](uwf-filter.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-filtershutdownsystem.md b/windows/configuration/unified-write-filter/uwf-filtershutdownsystem.md index b05d1c127d9..e6a8cfb620a 100644 --- a/windows/configuration/unified-write-filter/uwf-filtershutdownsystem.md +++ b/windows/configuration/unified-write-filter/uwf-filtershutdownsystem.md @@ -46,4 +46,4 @@ If the overlay becomes full while the system is performing a large amount of wri ## Related topics - [UWF_Filter](uwf-filter.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-master-servicing-script.md b/windows/configuration/unified-write-filter/uwf-master-servicing-script.md index 280c56d6abe..51a96751139 100644 --- a/windows/configuration/unified-write-filter/uwf-master-servicing-script.md +++ b/windows/configuration/unified-write-filter/uwf-master-servicing-script.md @@ -87,4 +87,4 @@ EXIT /B [Service UWF-protected devices](service-uwf-protected-devices.md) -[Unified Write Filter](unified-write-filter.md) +[Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlay.md b/windows/configuration/unified-write-filter/uwf-overlay.md index a1f300872ab..abb7fd23e5e 100644 --- a/windows/configuration/unified-write-filter/uwf-overlay.md +++ b/windows/configuration/unified-write-filter/uwf-overlay.md @@ -163,4 +163,4 @@ Only one **UFW\_Overlay** instance exists for a system protected with UWF. ## Related articles -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlayconfig.md b/windows/configuration/unified-write-filter/uwf-overlayconfig.md index a4ede8380fb..e1ff6a81e16 100644 --- a/windows/configuration/unified-write-filter/uwf-overlayconfig.md +++ b/windows/configuration/unified-write-filter/uwf-overlayconfig.md @@ -158,4 +158,4 @@ Set-OverlayType $DiskMode [Unified Write Filter WMI provider reference](uwf-wmi-provider-reference.md) -[Unified Write Filter](unified-write-filter.md) +[Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlayconfigsetmaximumsize.md b/windows/configuration/unified-write-filter/uwf-overlayconfigsetmaximumsize.md index f5c049d861e..c6b0e208d1f 100644 --- a/windows/configuration/unified-write-filter/uwf-overlayconfigsetmaximumsize.md +++ b/windows/configuration/unified-write-filter/uwf-overlayconfigsetmaximumsize.md @@ -54,4 +54,4 @@ If the overlay type is RAM-based, your device must meet the following requiremen ## Related topics - [UWF_OverlayConfig](uwf-overlayconfig.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlayconfigsettype.md b/windows/configuration/unified-write-filter/uwf-overlayconfigsettype.md index fdfbc5ca6b7..39b24e97b0f 100644 --- a/windows/configuration/unified-write-filter/uwf-overlayconfigsettype.md +++ b/windows/configuration/unified-write-filter/uwf-overlayconfigsettype.md @@ -57,4 +57,4 @@ Before you can change the overlay type to RAM-based, your device must meet the f - [UWF_OverlayConfig](uwf-overlayconfig.md) - [Overlay for Unified Write Filter (UWF)](uwfoverlay.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlayfile.md b/windows/configuration/unified-write-filter/uwf-overlayfile.md index e7aac9e7400..2fb3e7860d2 100644 --- a/windows/configuration/unified-write-filter/uwf-overlayfile.md +++ b/windows/configuration/unified-write-filter/uwf-overlayfile.md @@ -50,4 +50,4 @@ For more information about specific limitations and conditions when using the ** ## Related topics - [Unified Write Filter WMI provider reference](uwf-wmi-provider-reference.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlaygetoverlayfiles.md b/windows/configuration/unified-write-filter/uwf-overlaygetoverlayfiles.md index a6b5db730eb..668dad65b4d 100644 --- a/windows/configuration/unified-write-filter/uwf-overlaygetoverlayfiles.md +++ b/windows/configuration/unified-write-filter/uwf-overlaygetoverlayfiles.md @@ -66,4 +66,4 @@ You should also be aware of the following items when you use the **GetOverlayFil ## Related topics - [UWF_Overlay](uwf-overlay.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlaysetcriticalthreshold.md b/windows/configuration/unified-write-filter/uwf-overlaysetcriticalthreshold.md index 355dd4696b9..6b68ac6b3e1 100644 --- a/windows/configuration/unified-write-filter/uwf-overlaysetcriticalthreshold.md +++ b/windows/configuration/unified-write-filter/uwf-overlaysetcriticalthreshold.md @@ -50,4 +50,4 @@ The critical threshold must be higher than the warning threshold. ## Related topics - [UWF_Overlay](uwf-overlay.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-overlaysetwarningthreshold.md b/windows/configuration/unified-write-filter/uwf-overlaysetwarningthreshold.md index 06f07ad28f1..d7c527add1d 100644 --- a/windows/configuration/unified-write-filter/uwf-overlaysetwarningthreshold.md +++ b/windows/configuration/unified-write-filter/uwf-overlaysetwarningthreshold.md @@ -50,4 +50,4 @@ The warning threshold must be lower than the critical threshold. ## Related topics - [UWF_Overlay](uwf-overlay.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-registryfilter.md b/windows/configuration/unified-write-filter/uwf-registryfilter.md index 3b0d8dd7864..45c4dba6d3c 100644 --- a/windows/configuration/unified-write-filter/uwf-registryfilter.md +++ b/windows/configuration/unified-write-filter/uwf-registryfilter.md @@ -268,4 +268,4 @@ Clear-RegistryExclusions ## Related topics -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-registryfilteraddexclusion.md b/windows/configuration/unified-write-filter/uwf-registryfilteraddexclusion.md index 83ea618dd2a..56f0742a88a 100644 --- a/windows/configuration/unified-write-filter/uwf-registryfilteraddexclusion.md +++ b/windows/configuration/unified-write-filter/uwf-registryfilteraddexclusion.md @@ -57,4 +57,4 @@ You must restart the device before the registry key is excluded from UWF filteri ## Related topics - [UWF_RegistryFilter](uwf-registryfilter.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-registryfiltercommitregistry.md b/windows/configuration/unified-write-filter/uwf-registryfiltercommitregistry.md index 38adff90ceb..e7f37460407 100644 --- a/windows/configuration/unified-write-filter/uwf-registryfiltercommitregistry.md +++ b/windows/configuration/unified-write-filter/uwf-registryfiltercommitregistry.md @@ -49,4 +49,4 @@ You must use an administrator account to change any properties or call any metho ## Related topics - [UWF_RegistryFilter](uwf-registryfilter.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-registryfiltercommitregistrydeletion.md b/windows/configuration/unified-write-filter/uwf-registryfiltercommitregistrydeletion.md index e5adc198efb..d70e6ffd4eb 100644 --- a/windows/configuration/unified-write-filter/uwf-registryfiltercommitregistrydeletion.md +++ b/windows/configuration/unified-write-filter/uwf-registryfiltercommitregistrydeletion.md @@ -51,4 +51,4 @@ You must use an administrator account to change any properties or call any metho ## Related topics - [UWF_RegistryFilter](uwf-registryfilter.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-registryfilterfindexclusion.md b/windows/configuration/unified-write-filter/uwf-registryfilterfindexclusion.md index 3e26b636059..675316175c6 100644 --- a/windows/configuration/unified-write-filter/uwf-registryfilterfindexclusion.md +++ b/windows/configuration/unified-write-filter/uwf-registryfilterfindexclusion.md @@ -43,4 +43,4 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n ## Related topics - [UWF_RegistryFilter](uwf-registryfilter.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-registryfiltergetexclusions.md b/windows/configuration/unified-write-filter/uwf-registryfiltergetexclusions.md index 6db6bc51492..29c0aed8c8e 100644 --- a/windows/configuration/unified-write-filter/uwf-registryfiltergetexclusions.md +++ b/windows/configuration/unified-write-filter/uwf-registryfiltergetexclusions.md @@ -44,4 +44,4 @@ If this method does not find any registry keys in the registry key exclusion lis ## Related topics - [UWF_RegistryFilter](uwf-registryfilter.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-registryfilterremoveexclusion.md b/windows/configuration/unified-write-filter/uwf-registryfilterremoveexclusion.md index 7b1896236cd..ae171db0fd6 100644 --- a/windows/configuration/unified-write-filter/uwf-registryfilterremoveexclusion.md +++ b/windows/configuration/unified-write-filter/uwf-registryfilterremoveexclusion.md @@ -44,4 +44,4 @@ You must restart the device before the registry key is excluded from UWF filteri ## Related topics - [UWF_RegistryFilter](uwf-registryfilter.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-servicing-screen-saver.md b/windows/configuration/unified-write-filter/uwf-servicing-screen-saver.md index 083b743ba9b..5d91e58a1a7 100644 --- a/windows/configuration/unified-write-filter/uwf-servicing-screen-saver.md +++ b/windows/configuration/unified-write-filter/uwf-servicing-screen-saver.md @@ -50,4 +50,4 @@ The next time the device enters UWF servicing mode, the UwfServicingScr.scr scre [Service UWF-protected devices](service-uwf-protected-devices.md) -[Unified Write Filter](unified-write-filter.md) +[Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-servicing.md b/windows/configuration/unified-write-filter/uwf-servicing.md index 1c0665abf20..7a80bba249f 100644 --- a/windows/configuration/unified-write-filter/uwf-servicing.md +++ b/windows/configuration/unified-write-filter/uwf-servicing.md @@ -98,4 +98,4 @@ if ($nextSession) { ## Related topics -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-servicingdisable.md b/windows/configuration/unified-write-filter/uwf-servicingdisable.md index e8736b990c7..31d599dce67 100644 --- a/windows/configuration/unified-write-filter/uwf-servicingdisable.md +++ b/windows/configuration/unified-write-filter/uwf-servicingdisable.md @@ -42,4 +42,4 @@ When this method is called, the system will leave servicing mode in the next ses ## Related topics - [UWF_Servicing](uwf-servicing.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-servicingenable.md b/windows/configuration/unified-write-filter/uwf-servicingenable.md index 0ee3e2e4b7c..ed07bf289a0 100644 --- a/windows/configuration/unified-write-filter/uwf-servicingenable.md +++ b/windows/configuration/unified-write-filter/uwf-servicingenable.md @@ -42,4 +42,4 @@ When this method is called, the system will enter servicing mode in the next ses ## Related topics - [UWF_Servicing](uwf-servicing.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-servicingupdatewindows.md b/windows/configuration/unified-write-filter/uwf-servicingupdatewindows.md index a71d86741f9..31f95799716 100644 --- a/windows/configuration/unified-write-filter/uwf-servicingupdatewindows.md +++ b/windows/configuration/unified-write-filter/uwf-servicingupdatewindows.md @@ -52,4 +52,4 @@ This method does not disable or enable Unified Write Filter (UWF). If you call t ## Related topics - [UWF_Servicing](uwf-servicing.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-turnonuwf.md b/windows/configuration/unified-write-filter/uwf-turnonuwf.md index f535a9f4feb..34797673d62 100644 --- a/windows/configuration/unified-write-filter/uwf-turnonuwf.md +++ b/windows/configuration/unified-write-filter/uwf-turnonuwf.md @@ -132,7 +132,7 @@ You must restart your device after you turn on or turn off UWF before the change You can change these settings after you turn on UWF if you want to. For example, you can move the page file location to an unprotected volume and re-enable paging files. -> [!Important] +> [!IMPORTANT] > If you add UWF to your image by using SMI settings in an unattend.xml file, turning on UWF only sets the **bootstatuspolicy** BCD setting and turns off the defragmentation service. In this case, you must manually turn off the other features and services if you want to increase the performance of UWF. All configuration settings for UWF are stored in the registry. UWF automatically excludes these registry entries from filtering. @@ -141,7 +141,7 @@ UWF maintains configuration settings in the registry for the current session and ## Related topics -[Unified Write Filter](unified-write-filter.md) +[Unified Write Filter]( index.md) [Unified Write Filter WMI provider reference](uwf-wmi-provider-reference.md) diff --git a/windows/configuration/unified-write-filter/uwf-volume.md b/windows/configuration/unified-write-filter/uwf-volume.md index 1f02de4bc5e..b90f888c852 100644 --- a/windows/configuration/unified-write-filter/uwf-volume.md +++ b/windows/configuration/unified-write-filter/uwf-volume.md @@ -310,4 +310,4 @@ Get-FileExclusions "C:" ## Related topics -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumeaddexclusion.md b/windows/configuration/unified-write-filter/uwf-volumeaddexclusion.md index 44d19c02bbb..4ab1a92bdde 100644 --- a/windows/configuration/unified-write-filter/uwf-volumeaddexclusion.md +++ b/windows/configuration/unified-write-filter/uwf-volumeaddexclusion.md @@ -55,4 +55,4 @@ However, you can exclude subdirectories and files under these items. ## Related topics - [UWF_Volume](uwf-volume.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumecommitfile.md b/windows/configuration/unified-write-filter/uwf-volumecommitfile.md index 619372906bc..ef3bc804420 100644 --- a/windows/configuration/unified-write-filter/uwf-volumecommitfile.md +++ b/windows/configuration/unified-write-filter/uwf-volumecommitfile.md @@ -46,4 +46,4 @@ You must use an administrator account to change any properties or call any metho ## Related topics - [UWF_Volume](uwf-volume.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumecommitfiledeletion.md b/windows/configuration/unified-write-filter/uwf-volumecommitfiledeletion.md index 57f99a289be..3ba57a840a2 100644 --- a/windows/configuration/unified-write-filter/uwf-volumecommitfiledeletion.md +++ b/windows/configuration/unified-write-filter/uwf-volumecommitfiledeletion.md @@ -46,4 +46,4 @@ You must use an administrator account to call this method. ## Related topics - [UWF_Volume](uwf-volume.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumefindexclusion.md b/windows/configuration/unified-write-filter/uwf-volumefindexclusion.md index d8b16ea8d0a..88536d3f992 100644 --- a/windows/configuration/unified-write-filter/uwf-volumefindexclusion.md +++ b/windows/configuration/unified-write-filter/uwf-volumefindexclusion.md @@ -47,4 +47,4 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n ## Related topics - [UWF_Volume](uwf-volume.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumegetexclusions.md b/windows/configuration/unified-write-filter/uwf-volumegetexclusions.md index ecbe5098bd9..2e188432f0a 100644 --- a/windows/configuration/unified-write-filter/uwf-volumegetexclusions.md +++ b/windows/configuration/unified-write-filter/uwf-volumegetexclusions.md @@ -44,4 +44,4 @@ If **GetExclusions** does not find any files or folders in the file exclusion li ## Related topics - [UWF_Volume](uwf-volume.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumeprotect.md b/windows/configuration/unified-write-filter/uwf-volumeprotect.md index a52bdd6a4a2..8663bed3651 100644 --- a/windows/configuration/unified-write-filter/uwf-volumeprotect.md +++ b/windows/configuration/unified-write-filter/uwf-volumeprotect.md @@ -44,4 +44,4 @@ This method does not enable UWF if it is disabled; you must explicitly enable UW ## Related topics - [UWF_Volume](uwf-volume.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumeremoveallexclusions.md b/windows/configuration/unified-write-filter/uwf-volumeremoveallexclusions.md index 251adcaf1b9..2785a23d0dc 100644 --- a/windows/configuration/unified-write-filter/uwf-volumeremoveallexclusions.md +++ b/windows/configuration/unified-write-filter/uwf-volumeremoveallexclusions.md @@ -44,4 +44,4 @@ You must use an administrator account to remove file or folder exclusions, and y ## Related topics - [UWF_Volume](uwf-volume.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumeremoveexclusion.md b/windows/configuration/unified-write-filter/uwf-volumeremoveexclusion.md index f473d6eb4c8..3bc28510795 100644 --- a/windows/configuration/unified-write-filter/uwf-volumeremoveexclusion.md +++ b/windows/configuration/unified-write-filter/uwf-volumeremoveexclusion.md @@ -44,4 +44,4 @@ You must use an administrator account to remove file or folder exclusions, and y ## Related topics - [UWF_Volume](uwf-volume.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumesetbindbydriveletter.md b/windows/configuration/unified-write-filter/uwf-volumesetbindbydriveletter.md index bbd6e554185..6ac051b7143 100644 --- a/windows/configuration/unified-write-filter/uwf-volumesetbindbydriveletter.md +++ b/windows/configuration/unified-write-filter/uwf-volumesetbindbydriveletter.md @@ -49,4 +49,4 @@ Binding by volume name is considered more reliable than binding by drive letter, ## Related topics - [UWF_Volume](uwf-volume.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwf-volumeunprotect.md b/windows/configuration/unified-write-filter/uwf-volumeunprotect.md index dda739d5931..89c0f56e472 100644 --- a/windows/configuration/unified-write-filter/uwf-volumeunprotect.md +++ b/windows/configuration/unified-write-filter/uwf-volumeunprotect.md @@ -42,4 +42,4 @@ Unprotecting the volume does not remove the [UWF_Volume](uwf-volume.md) entry or ## Related topics - [UWF_Volume](uwf-volume.md) -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwfexclusions.md b/windows/configuration/unified-write-filter/uwfexclusions.md index aa2615cd04d..323f2ae2e18 100644 --- a/windows/configuration/unified-write-filter/uwfexclusions.md +++ b/windows/configuration/unified-write-filter/uwfexclusions.md @@ -186,6 +186,6 @@ You can add the following registry exclusions to persist daylight saving time (D ## Related articles -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) - [Service UWF-protected devices](service-uwf-protected-devices.md) - [Unified Write Filter WMI provider reference](uwf-wmi-provider-reference.md) diff --git a/windows/configuration/unified-write-filter/uwfmgrexe.md b/windows/configuration/unified-write-filter/uwfmgrexe.md index 3b0273edda2..586e1f29efe 100644 --- a/windows/configuration/unified-write-filter/uwfmgrexe.md +++ b/windows/configuration/unified-write-filter/uwfmgrexe.md @@ -9,7 +9,7 @@ ms.topic: reference # uwfmgr.exe -The UWFMgr tool can be used at the command-line or in PowerShell to configure and retrieve settings for [Unified Write Filter (UWF)](unified-write-filter.md). +The UWFMgr tool can be used at the command-line or in PowerShell to configure and retrieve settings for [Unified Write Filter (UWF)]( index.md). > [!IMPORTANT] > Users with standard accounts can use commands that retrieve information, but only users who have administrator accounts can use commands that change the configuration settings. @@ -213,4 +213,4 @@ The following list contains the UWF WMI provider methods that are not currently ## Related topics -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwfoverlay.md b/windows/configuration/unified-write-filter/uwfoverlay.md index cc5b904b9bd..98aae2fef65 100644 --- a/windows/configuration/unified-write-filter/uwfoverlay.md +++ b/windows/configuration/unified-write-filter/uwfoverlay.md @@ -132,4 +132,4 @@ Windows 10 19H1 and later will automatically restart if the maximum size of the ## Related topics -- [Unified Write Filter](unified-write-filter.md) +- [Unified Write Filter]( index.md) diff --git a/windows/configuration/unified-write-filter/uwftroubleshooting.md b/windows/configuration/unified-write-filter/uwftroubleshooting.md index 4ee6237190c..195793832e9 100644 --- a/windows/configuration/unified-write-filter/uwftroubleshooting.md +++ b/windows/configuration/unified-write-filter/uwftroubleshooting.md @@ -24,7 +24,7 @@ UWF uses Windows Event Log to log events, errors and messages. ## Related topics -[Unified Write Filter](unified-write-filter.md) +[Unified Write Filter]( index.md) [Common write filter exclusions](uwfexclusions.md) From 312c17811ad95d851345582d93555026f933fe68 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 15 Jan 2025 09:33:22 -0500 Subject: [PATCH 44/91] metadata updates --- windows/configuration/custom-logon/index.md | 3 --- .../custom-logon/troubleshoot.md | 2 -- windows/configuration/docfx.json | 20 ++++++++++++++++ .../disable-all-blocked-key-combinations.md | 2 -- .../configuration/keyboard-filter/index.md | 2 -- ...oardfilter-add-blocked-key-combinations.md | 2 -- .../keyboardfilter-key-names.md | 2 -- ...er-list-all-configured-key-combinations.md | 2 -- ...eyboardfilter-powershell-script-samples.md | 2 -- .../keyboardfilter-wmi-provider-reference.md | 2 -- .../keyboard-filter/modify-global-settings.md | 2 -- .../predefined-key-combinations.md | 2 -- .../remove-key-combination-configurations.md | 2 -- .../keyboard-filter/wekf-customkey.md | 2 -- .../keyboard-filter/wekf-customkeyadd.md | 2 -- .../keyboard-filter/wekf-customkeyremove.md | 2 -- .../keyboard-filter/wekf-predefinedkey.md | 2 -- .../wekf-predefinedkeydisable.md | 2 -- .../wekf-predefinedkeyenable.md | 2 -- .../keyboard-filter/wekf-scancode.md | 2 -- .../keyboard-filter/wekf-scancodeadd.md | 2 -- .../keyboard-filter/wekf-scancoderemove.md | 2 -- .../keyboard-filter/wekf-settings.md | 2 -- .../shell-launcher/browser-support.md | 2 -- windows/configuration/shell-launcher/index.md | 2 -- .../shell-launcher/multi-app-kiosk.md | 2 -- .../shell-launcher/single-app-kiosk.md | 2 -- .../shell-launcher/wedl-assignedaccess.md | 4 +--- .../shell-launcher/wesl-usersetting.md | 2 -- .../wesl-usersettinggetcustomshell.md | 2 -- .../wesl-usersettinggetdefaultshell.md | 2 -- .../wesl-usersettingisenabled.md | 2 -- .../wesl-usersettingremovecustomshell.md | 2 -- .../wesl-usersettingsetcustomshell.md | 2 -- .../wesl-usersettingsetdefaultshell.md | 2 -- .../wesl-usersettingsetenabled.md | 4 +--- windows/configuration/unbranded-boot/index.md | 2 -- .../hibernate-once-resume-many-horm.md | 2 -- .../images/administratorcommandprompt.png | Bin 0 -> 146111 bytes .../images/administratorcompactprompt.png | Bin 0 -> 198586 bytes .../images/administratorprompt.png | Bin 0 -> 195194 bytes .../images/fullvolumecommit.png | Bin 0 -> 135517 bytes .../images/overlaysettings.png | Bin 0 -> 95176 bytes .../unified-write-filter/index.md | 8 +++---- .../service-uwf-protected-devices.md | 2 -- .../uwf-antimalware-support.md | 2 -- .../uwf-apply-oem-updates.md | 2 -- .../uwf-apply-windows-updates.md | 2 -- .../unified-write-filter/uwf-excludedfile.md | 2 -- .../uwf-excludedregistrykey.md | 2 -- .../unified-write-filter/uwf-filter.md | 2 -- .../unified-write-filter/uwf-filterdisable.md | 2 -- .../unified-write-filter/uwf-filterenable.md | 2 -- .../uwf-filterresetsettings.md | 2 -- .../uwf-filterrestartsystem.md | 2 -- .../uwf-filtershutdownsystem.md | 2 -- .../uwf-master-servicing-script.md | 2 -- .../unified-write-filter/uwf-overlay.md | 2 -- .../unified-write-filter/uwf-overlayconfig.md | 2 -- .../uwf-overlayconfigsetmaximumsize.md | 2 -- .../uwf-overlayconfigsettype.md | 2 -- .../unified-write-filter/uwf-overlayfile.md | 2 -- .../uwf-overlaygetoverlayfiles.md | 2 -- .../uwf-overlaysetcriticalthreshold.md | 2 -- .../uwf-overlaysetwarningthreshold.md | 2 -- .../uwf-registryfilter.md | 2 -- .../uwf-registryfilteraddexclusion.md | 2 -- .../uwf-registryfiltercommitregistry.md | 2 -- ...wf-registryfiltercommitregistrydeletion.md | 2 -- .../uwf-registryfilterfindexclusion.md | 2 -- .../uwf-registryfiltergetexclusions.md | 2 -- .../uwf-registryfilterremoveexclusion.md | 2 -- .../uwf-servicing-screen-saver.md | 2 -- .../unified-write-filter/uwf-servicing.md | 2 -- .../uwf-servicingdisable.md | 2 -- .../uwf-servicingenable.md | 2 -- .../uwf-servicingupdatewindows.md | 2 -- .../unified-write-filter/uwf-turnonuwf.md | 2 -- .../unified-write-filter/uwf-volume.md | 2 -- .../uwf-volumeaddexclusion.md | 2 -- .../uwf-volumecommitfile.md | 2 -- .../uwf-volumecommitfiledeletion.md | 2 -- .../uwf-volumefindexclusion.md | 2 -- .../uwf-volumegetexclusions.md | 2 -- .../unified-write-filter/uwf-volumeprotect.md | 2 -- .../uwf-volumeremoveallexclusions.md | 2 -- .../uwf-volumeremoveexclusion.md | 2 -- .../uwf-volumesetbindbydriveletter.md | 2 -- .../uwf-volumeunprotect.md | 2 -- .../uwf-wes7-ewf-to-win10-uwf.md | 22 +++++++++--------- .../uwf-wmi-provider-reference.md | 2 -- .../unified-write-filter/uwfexclusions.md | 2 -- .../unified-write-filter/uwfmgrexe.md | 2 -- .../unified-write-filter/uwfoverlay.md | 2 -- .../uwftroubleshooting.md | 2 -- 95 files changed, 36 insertions(+), 193 deletions(-) create mode 100644 windows/configuration/unified-write-filter/images/administratorcommandprompt.png create mode 100644 windows/configuration/unified-write-filter/images/administratorcompactprompt.png create mode 100644 windows/configuration/unified-write-filter/images/administratorprompt.png create mode 100644 windows/configuration/unified-write-filter/images/fullvolumecommit.png create mode 100644 windows/configuration/unified-write-filter/images/overlaysettings.png diff --git a/windows/configuration/custom-logon/index.md b/windows/configuration/custom-logon/index.md index fd559d303b6..536cdcb8f95 100644 --- a/windows/configuration/custom-logon/index.md +++ b/windows/configuration/custom-logon/index.md @@ -1,9 +1,6 @@ --- title: Custom Logon description: Custom Logon -author: sydbruck -author: TerryWarwick -ms.author: twarwick ms.date: 03/05/2024 ms.topic: overview --- diff --git a/windows/configuration/custom-logon/troubleshoot.md b/windows/configuration/custom-logon/troubleshoot.md index 6ebdb66b136..f91a603d58e 100644 --- a/windows/configuration/custom-logon/troubleshoot.md +++ b/windows/configuration/custom-logon/troubleshoot.md @@ -1,8 +1,6 @@ --- title: Troubleshooting Custom Logon description: Troubleshooting Custom Logon -author: TerryWarwick -ms.author: twarwick ms.date: 05/02/2017 ms.topic: troubleshooting --- diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json index 32f9c412472..22924a43cc7 100644 --- a/windows/configuration/docfx.json +++ b/windows/configuration/docfx.json @@ -80,12 +80,18 @@ "assigned-access//**/*.yml": "paolomatarazzo", "cellular//**/*.md": "paolomatarazzo", "cellular//**/*.yml": "paolomatarazzo", + "custom-logon//**/*.md": "terrywarwick", + "custom-logon//**/*.yml": "terrywarwick", + "keyboard-filter//**/*.md": "terrywarwick", + "keyboard-filter//**/*.yml": "terrywarwick", "lock-screen//**/*.md": "paolomatarazzo", "lock-screen//**/*.yml": "paolomatarazzo", "provisioning-packages//**/*.md": "vinaypamnani-msft", "provisioning-packages//**/*.yml": "vinaypamnani-msft", "shared-pc//**/*.md": "paolomatarazzo", "shared-pc//**/*.yml": "paolomatarazzo", + "shell-launcher//**/*.md": "terrywarwick", + "shell-launcher//**/*.yml": "terrywarwick", "start//**/*.md": "paolomatarazzo", "start//**/*.yml": "paolomatarazzo", "store//**/*.md": "paolomatarazzo", @@ -94,6 +100,10 @@ "taskbar//**/*.yml": "paolomatarazzo", "tips//**/*.md": "paolomatarazzo", "tips//**/*.yml": "paolomatarazzo", + "unbranded-boot//**/*.md": "terrywarwick", + "unbranded-boot//**/*.yml": "terrywarwick", + "unified-write-filter//**/*.md": "terrywarwick", + "unified-write-filter//**/*.yml": "terrywarwick", "wcd//**/*.md": "vinaypamnani-msft", "wcd//**/*.yml": "vinaypamnani-msft" }, @@ -104,12 +114,18 @@ "assigned-access//**/*.yml": "paoloma", "cellular//**/*.md": "paoloma", "cellular//**/*.yml": "paoloma", + "custom-logon//**/*.md": "twarwick", + "custom-logon//**/*.yml": "twarwick", "lock-screen//**/*.md": "paoloma", + "keyboard-filter//**/*.md": "twarwick", + "keyboard-filter//**/*.yml": "twarwick", "lock-screen//**/*.yml": "paoloma", "provisioning-packages//**/*.md": "vinpa", "provisioning-packages//**/*.yml": "vinpa", "shared-pc//**/*.md": "paoloma", "shared-pc//**/*.yml": "paoloma", + "shell-launcher//**/*.md": "twarwick", + "shell-launcher//**/*.yml": "twarwick", "start//**/*.md": "paoloma", "start//**/*.yml": "paoloma", "store//**/*.md": "paoloma", @@ -118,6 +134,10 @@ "taskbar//**/*.yml": "paoloma", "tips//**/*.md": "paoloma", "tips//**/*.yml": "paoloma", + "unbranded-boot//**/*.md": "twarwick", + "unbranded-boot//**/*.yml": "twarwick", + "unified-write-filter//**/*.md": "twarwick", + "unified-write-filter//**/*.yml": "twarwick", "wcd//**/*.md": "vinpa", "wcd//**/*.yml": "vinpa" }, diff --git a/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md index c8e6da20645..9a5c32fb354 100644 --- a/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md +++ b/windows/configuration/keyboard-filter/disable-all-blocked-key-combinations.md @@ -1,8 +1,6 @@ --- title: Disable all blocked key combinations description: Disable all blocked key combinations -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/index.md b/windows/configuration/keyboard-filter/index.md index cb761c4814a..6f7d3cc589d 100644 --- a/windows/configuration/keyboard-filter/index.md +++ b/windows/configuration/keyboard-filter/index.md @@ -1,8 +1,6 @@ --- title: Keyboard Filter description: Keyboard Filter -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: overview --- diff --git a/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md b/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md index acb297b4221..d1ec4d5fb53 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-add-blocked-key-combinations.md @@ -2,8 +2,6 @@ title: Add blocked key combinations description: Add blocked key combinations ms.assetid: f51892fc-0262-4b25-b117-6e131b86fb68 -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/keyboardfilter-key-names.md b/windows/configuration/keyboard-filter/keyboardfilter-key-names.md index 39de2bc0290..9fe13801501 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-key-names.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-key-names.md @@ -1,8 +1,6 @@ --- title: Keyboard Filter key names description: Keyboard Filter key names -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md b/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md index 2fa1f6d8e26..35788409b15 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-list-all-configured-key-combinations.md @@ -1,8 +1,6 @@ --- title: List all configured key combinations description: List all configured key combinations -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md b/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md index 8f8048582e4..7547ba96149 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-powershell-script-samples.md @@ -1,8 +1,6 @@ --- title: Windows PowerShell script samples for Keyboard Filter description: Windows PowerShell script samples for Keyboard Filter -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md b/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md index 798cef5c0f0..eeff8800eb9 100644 --- a/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md +++ b/windows/configuration/keyboard-filter/keyboardfilter-wmi-provider-reference.md @@ -1,8 +1,6 @@ --- title: Keyboard Filter WMI provider reference description: Keyboard Filter WMI provider reference -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/modify-global-settings.md b/windows/configuration/keyboard-filter/modify-global-settings.md index 2b69a9de23b..39d26be872d 100644 --- a/windows/configuration/keyboard-filter/modify-global-settings.md +++ b/windows/configuration/keyboard-filter/modify-global-settings.md @@ -1,8 +1,6 @@ --- title: Modify global settings description: Modify global settings -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: how-to --- diff --git a/windows/configuration/keyboard-filter/predefined-key-combinations.md b/windows/configuration/keyboard-filter/predefined-key-combinations.md index 17df2fd3a5c..eb25a41a530 100644 --- a/windows/configuration/keyboard-filter/predefined-key-combinations.md +++ b/windows/configuration/keyboard-filter/predefined-key-combinations.md @@ -1,8 +1,6 @@ --- title: Predefined key combinations description: Predefined key combinations -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/remove-key-combination-configurations.md b/windows/configuration/keyboard-filter/remove-key-combination-configurations.md index eadd760d933..624edc69f49 100644 --- a/windows/configuration/keyboard-filter/remove-key-combination-configurations.md +++ b/windows/configuration/keyboard-filter/remove-key-combination-configurations.md @@ -1,8 +1,6 @@ --- title: Remove key combination configurations description: Remove key combination configurations -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/wekf-customkey.md b/windows/configuration/keyboard-filter/wekf-customkey.md index d1869903ee4..dcc812049ec 100644 --- a/windows/configuration/keyboard-filter/wekf-customkey.md +++ b/windows/configuration/keyboard-filter/wekf-customkey.md @@ -1,8 +1,6 @@ --- title: WEKF_CustomKey description: WEKF_CustomKey -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/wekf-customkeyadd.md b/windows/configuration/keyboard-filter/wekf-customkeyadd.md index cd56a93da5d..a48eeedb72b 100644 --- a/windows/configuration/keyboard-filter/wekf-customkeyadd.md +++ b/windows/configuration/keyboard-filter/wekf-customkeyadd.md @@ -1,8 +1,6 @@ --- title: WEKF_CustomKey.Add description: WEKF_CustomKey.Add -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/wekf-customkeyremove.md b/windows/configuration/keyboard-filter/wekf-customkeyremove.md index 5fdceb9f5a1..26b1d35bdc1 100644 --- a/windows/configuration/keyboard-filter/wekf-customkeyremove.md +++ b/windows/configuration/keyboard-filter/wekf-customkeyremove.md @@ -3,8 +3,6 @@ title: WEKF_CustomKey.Remove description: WEKF_CustomKey.Remove ms.date: 01/13/2025 ms.topic: reference -author: TerryWarwick -ms.author: twarwick --- # WEKF_CustomKey.Remove diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkey.md b/windows/configuration/keyboard-filter/wekf-predefinedkey.md index d81f72d8015..dd5de7d93ac 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkey.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkey.md @@ -1,8 +1,6 @@ --- title: WEKF_PredefinedKey description: WEKF_PredefinedKey -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md b/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md index 8b954dee192..b49d3383f01 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkeydisable.md @@ -1,8 +1,6 @@ --- title: WEKF_PredefinedKey.Disable description: WEKF_PredefinedKey.Disable -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md b/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md index a96fbd43653..a674afda86e 100644 --- a/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md +++ b/windows/configuration/keyboard-filter/wekf-predefinedkeyenable.md @@ -1,8 +1,6 @@ --- title: WEKF_PredefinedKey.Enable description: WEKF_PredefinedKey.Enable -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/wekf-scancode.md b/windows/configuration/keyboard-filter/wekf-scancode.md index d24df9ed10c..8cfb7b0f6e2 100644 --- a/windows/configuration/keyboard-filter/wekf-scancode.md +++ b/windows/configuration/keyboard-filter/wekf-scancode.md @@ -1,8 +1,6 @@ --- title: WEKF_Scancode description: WEKF_Scancode -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/wekf-scancodeadd.md b/windows/configuration/keyboard-filter/wekf-scancodeadd.md index 11742730380..cd4b70efe8c 100644 --- a/windows/configuration/keyboard-filter/wekf-scancodeadd.md +++ b/windows/configuration/keyboard-filter/wekf-scancodeadd.md @@ -1,8 +1,6 @@ --- title: WEKF_Scancode.Add description: WEKF_Scancode.Add -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/wekf-scancoderemove.md b/windows/configuration/keyboard-filter/wekf-scancoderemove.md index ae761e5b61b..18bc6d3514f 100644 --- a/windows/configuration/keyboard-filter/wekf-scancoderemove.md +++ b/windows/configuration/keyboard-filter/wekf-scancoderemove.md @@ -1,8 +1,6 @@ --- title: WEKF_Scancode.Remove description: WEKF_Scancode.Remove -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/keyboard-filter/wekf-settings.md b/windows/configuration/keyboard-filter/wekf-settings.md index 0aa64a5a7d0..df43feb21ea 100644 --- a/windows/configuration/keyboard-filter/wekf-settings.md +++ b/windows/configuration/keyboard-filter/wekf-settings.md @@ -1,8 +1,6 @@ --- title: WEKF_Settings description: WEKF_Settings -author: TerryWarwick -ms.author: twarwick ms.date: 01/13/2025 ms.topic: reference --- diff --git a/windows/configuration/shell-launcher/browser-support.md b/windows/configuration/shell-launcher/browser-support.md index c2899e2ddf9..715a2b38bc4 100644 --- a/windows/configuration/shell-launcher/browser-support.md +++ b/windows/configuration/shell-launcher/browser-support.md @@ -1,7 +1,5 @@ --- title: Browser Support -author: TerryWarwick -ms.author: twarwick ms.date: 03/30/2023 ms.topic: article description: Learn about browser support in Kiosk Mode diff --git a/windows/configuration/shell-launcher/index.md b/windows/configuration/shell-launcher/index.md index 0b9e96cc661..91deab86c95 100644 --- a/windows/configuration/shell-launcher/index.md +++ b/windows/configuration/shell-launcher/index.md @@ -5,8 +5,6 @@ MSHAttr: - 'PreferredSiteName:MSDN' - 'PreferredLib:/library/windows/hardware' ms.assetid: c65f1400-9d2a-406e-8b43-74eaafb0ccae -author: TerryWarwick -ms.author: twarwick ms.service: windows-iot ms.date: 06/07/2018 ms.topic: article diff --git a/windows/configuration/shell-launcher/multi-app-kiosk.md b/windows/configuration/shell-launcher/multi-app-kiosk.md index 8bcac51b691..d6ad5ae3faa 100644 --- a/windows/configuration/shell-launcher/multi-app-kiosk.md +++ b/windows/configuration/shell-launcher/multi-app-kiosk.md @@ -1,7 +1,5 @@ --- title: Multi-App Kiosk -author: TerryWarwick -ms.author: twarwick ms.date: 08/16/2023 ms.topic: article ms.service: windows-iot diff --git a/windows/configuration/shell-launcher/single-app-kiosk.md b/windows/configuration/shell-launcher/single-app-kiosk.md index 3b24c8cb1f3..ee2280cba63 100644 --- a/windows/configuration/shell-launcher/single-app-kiosk.md +++ b/windows/configuration/shell-launcher/single-app-kiosk.md @@ -1,7 +1,5 @@ --- title: Assigned access Single-App Kiosk -author: TerryWarwick -ms.author: twarwick ms.date: 03/30/2023 ms.topic: article ms.service: windows-iot diff --git a/windows/configuration/shell-launcher/wedl-assignedaccess.md b/windows/configuration/shell-launcher/wedl-assignedaccess.md index a8692c930e0..c26818c7ebf 100644 --- a/windows/configuration/shell-launcher/wedl-assignedaccess.md +++ b/windows/configuration/shell-launcher/wedl-assignedaccess.md @@ -5,8 +5,6 @@ MSHAttr: - 'PreferredSiteName:MSDN' - 'PreferredLib:/library/windows/hardware' ms.assetid: 2be8d294-db13-4494-bd5f-ba97ed89528e -author: TerryWarwick -ms.author: twarwick ms.service: windows-iot ms.subservice: iot ms.date: 05/20/2024 @@ -70,7 +68,7 @@ The following Windows PowerShell script demonstrates how to use this class to se $COMPUTER = "localhost" $NAMESPACE = "root\standardcimv2\embedded" -# Define the assigned access account. +# Define the assigned access account. # To use a different account, change $AssignedAccessAccount to a user account that is present on your device. $AssignedAccessAccount = "KioskAccount" diff --git a/windows/configuration/shell-launcher/wesl-usersetting.md b/windows/configuration/shell-launcher/wesl-usersetting.md index 1239aae7185..21b749a121e 100644 --- a/windows/configuration/shell-launcher/wesl-usersetting.md +++ b/windows/configuration/shell-launcher/wesl-usersetting.md @@ -5,8 +5,6 @@ MSHAttr: - 'PreferredSiteName:MSDN' - 'PreferredLib:/library/windows/hardware' ms.assetid: 73c5bb46-bf9e-4657-a5ae-88dbd14b79e8 -author: TerryWarwick -ms.author: twarwick ms.service: windows-iot ms.subservice: iot ms.date: 05/02/2017 diff --git a/windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md b/windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md index b28608d8170..c8aa487307e 100644 --- a/windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md +++ b/windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md @@ -5,8 +5,6 @@ MSHAttr: - 'PreferredSiteName:MSDN' - 'PreferredLib:/library/windows/hardware' ms.assetid: 7bd2b50c-d566-4688-8fbd-1ea0197c1cde -author: TerryWarwick -ms.author: twarwick ms.service: windows-iot ms.subservice: iot ms.date: 05/20/2024 diff --git a/windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md b/windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md index 4aa7e6bc23c..c9c3338e33b 100644 --- a/windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md +++ b/windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md @@ -5,8 +5,6 @@ MSHAttr: - 'PreferredSiteName:MSDN' - 'PreferredLib:/library/windows/hardware' ms.assetid: 26dc7e10-6e89-44e0-aec2-322676e8b2d1 -author: TerryWarwick -ms.author: twarwick ms.service: windows-iot ms.subservice: iot ms.date: 05/20/2024 diff --git a/windows/configuration/shell-launcher/wesl-usersettingisenabled.md b/windows/configuration/shell-launcher/wesl-usersettingisenabled.md index 8afbe060a56..9074ec4be88 100644 --- a/windows/configuration/shell-launcher/wesl-usersettingisenabled.md +++ b/windows/configuration/shell-launcher/wesl-usersettingisenabled.md @@ -5,8 +5,6 @@ MSHAttr: - 'PreferredSiteName:MSDN' - 'PreferredLib:/library/windows/hardware' ms.assetid: 567f57b5-f9c8-4129-8279-dd351028df5d -author: TerryWarwick -ms.author: twarwick ms.service: windows-iot ms.subservice: iot ms.date: 05/20/2024 diff --git a/windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md b/windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md index c636f9a829f..cc0218362cf 100644 --- a/windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md +++ b/windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md @@ -5,8 +5,6 @@ MSHAttr: - 'PreferredSiteName:MSDN' - 'PreferredLib:/library/windows/hardware' ms.assetid: 161eb289-e3b5-4d16-b367-f79f2b90f291 -author: TerryWarwick -ms.author: twarwick ms.service: windows-iot ms.subservice: iot ms.date: 05/20/2024 diff --git a/windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md b/windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md index 3bd103fb801..ee29ce1bde2 100644 --- a/windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md +++ b/windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md @@ -5,8 +5,6 @@ MSHAttr: - 'PreferredSiteName:MSDN' - 'PreferredLib:/library/windows/hardware' ms.assetid: 09fa040b-0fa1-4886-bfdd-8614eead0da8 -author: TerryWarwick -ms.author: twarwick ms.service: windows-iot ms.subservice: iot ms.date: 05/20/2024 diff --git a/windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md b/windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md index ee18b101691..ce319424e84 100644 --- a/windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md +++ b/windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md @@ -5,8 +5,6 @@ MSHAttr: - 'PreferredSiteName:MSDN' - 'PreferredLib:/library/windows/hardware' ms.assetid: fb4040bb-7cf2-4644-bf0f-d7d0274dd080 -author: TerryWarwick -ms.author: twarwick ms.service: windows-iot ms.subservice: iot ms.date: 05/20/2024 diff --git a/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md b/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md index 89614d8cef8..6f91c96cef2 100644 --- a/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md +++ b/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md @@ -5,8 +5,6 @@ MSHAttr: - 'PreferredSiteName:MSDN' - 'PreferredLib:/library/windows/hardware' ms.assetid: 8dc373fe-37f9-45ca-bb0a-38f0e54feef1 -author: TerryWarwick -ms.author: twarwick ms.service: windows-iot ms.subservice: iot ms.date: 05/20/2024 @@ -36,7 +34,7 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n ## Remarks -This method enables or disables Shell Launcher by modifying the **Shell** value in the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`. If Unified Write Filter (UWF) is enabled, you may need to disable UWF or commit this registry key by using [UWF_RegistryFilter.CommitRegistry](uwf-registryfiltercommitregistry.md) in order to enable or disable Shell Launcher. +This method enables or disables Shell Launcher by modifying the **Shell** value in the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`. If Unified Write Filter (UWF) is enabled, you may need to disable UWF or commit this registry key by using [UWF_RegistryFilter.CommitRegistry](../unified-write-filter/uwf-registryfiltercommitregistry.md) in order to enable or disable Shell Launcher. Enabling or disabling Shell Launcher does not take effect until a user signs in. diff --git a/windows/configuration/unbranded-boot/index.md b/windows/configuration/unbranded-boot/index.md index 5cfc26abced..e3aa95b2444 100644 --- a/windows/configuration/unbranded-boot/index.md +++ b/windows/configuration/unbranded-boot/index.md @@ -1,8 +1,6 @@ --- title: Unbranded Boot description: Unbranded Boot -author: TerryWarwick -ms.author: twarwick ms.date: 09/10/2024 ms.topic: overview --- diff --git a/windows/configuration/unified-write-filter/hibernate-once-resume-many-horm.md b/windows/configuration/unified-write-filter/hibernate-once-resume-many-horm.md index d2f45771c1e..ea903a49299 100644 --- a/windows/configuration/unified-write-filter/hibernate-once-resume-many-horm.md +++ b/windows/configuration/unified-write-filter/hibernate-once-resume-many-horm.md @@ -1,8 +1,6 @@ --- title: Hibernate Once/Resume Many (HORM) description: Hibernate Once/Resume Many (HORM) -author: TerryWarwick -ms.author: twarwick ms.date: 04/12/2018 ms.topic: reference --- diff --git a/windows/configuration/unified-write-filter/images/administratorcommandprompt.png b/windows/configuration/unified-write-filter/images/administratorcommandprompt.png new file mode 100644 index 0000000000000000000000000000000000000000..3e16f5dc745a4a8f6931560f2539b23948d4b08d GIT binary patch literal 146111 zcmZU)1yEaE7dDDputISwPVwUIg%&7Mio08JcZX8ki)#zTr9g2jE`j12T!IA)1W7L6 z_kQpH-#d5BWHM(@GH0E$_TJBW*0Xl3hME!{4kZo}5)$6~cM2bokWgEYkdW)KP@YGK zOq?H{zmPpXD#;<$PEj8{U!d8_evm~%YDfY+nxj8oW4pf7_dr4-W&Y0x`Ta*G2oe(F z`+Ei1PrfE6>zIMm_Cdms<@KZ0`G9ldMr&=AMkX@-My4vg%;$lwTa&d1nAq^T8+GJ; zG$~ecBvYA&JPuR33<`2$r*#3H}RR**Vow+Q&v_CR^Qbbc9)iQlw%h79UIPv@pN5(bTO5d zc)B+Hd@#C^CC+>a%$S(sVrIw2!~39-nx02p#YF#Rt0;9Y;wKrmDf+4abXV(qEnHqn z9dX(kg40s0+zsthGOIXFDFk)n5n#Ut!(se|5iU=mc^?9Nf}wlBApCBB-5XWqGXlxW zxdZqWnHd$d=y4MyjSiH)f3bSrqhNniD9O*!8$3b>N!2DXGtm93a~LNZL02?v6w_G>-Sn=`G~9{&pV;C}M!4UA=e?QF z{TDk-J~cKp%zU?UcAgUYdrUp|XXJ2c$uNCl64-OIY}*HgM7WnL=!Dc&xh$|99Ut>^ zn3J<8#+uX(10D8BGi8Iu@*hun3MG0lvT9A+FSbF*(a&!RfptLoqddmn+z)nY3f~6x zbrksf2ic=bUH?><_H(A(cX=EoZ~;a01U>R>ae(gkL0wm;t`{d`*KOsSAi*4L|AF+?8uYC%bf7Q_2)|hc=C4QIKCY8V)h{Ds zGBmjaU5-P>&x5y4=5QxIn;?LNplFwneV|LVX-qlj{?Q`@PO&68yy;T79zJ^0RrS#i zLWa0`93=UcopT>o_edTLmqy%|y9D8LSMx~ShN<^Ifc)M3FNhu=)SU-HLiW?neYfB1 z8JZxPdSC()?V??eO999oFA*1uJpFA=hAvNc(gWktk3a(Ho0rwKlb@xp=rwY$BSN13 zfY)&2eY~Ab9=>VeIMcYU`Wf7tB3PMEa9HJrBkaqqsFr zPA#$ozzw48Po^KZPD_>DJv;#ER#sLOj^4h$OFFOk<3Fy|uKs99qkA036sqf?gP%W` z8klxqfM6F%8+@w(vV!|rCEHaq*W*(<|3KtRK=}ruAA@?b%5O0SPKTS`+IdPRjhW<` z)L;0x$BL0i*1z8r(l|GVyNGzCD=5s3YL&RMP%`8)^1DcTUYlfQmsYU0+aL@n#D>S9 z(#qB>;==gu9@Mj>lS}YcFfQbN+sjT$61rT6Ad?VUYPp$<**ra96$0Hm`<@S8jNN-c zekMJRt{6(8IiSbRUv9*$x}MUQek8qClkyMpH```;T<&m51Qx`o2R*{V|0w$&1Qb+F z03%Khq+Pv=@G>``ukS{hxB463`hxi5mSGId{Xbc8gOmtaNm85k+Gjb^k-z=k4{o4_<;CBU_i)d zE@OFB%cctA@gnw~+xJ098v7u+-Q=#SC#+^HwcvaC)&;D6ZQtu|siUyE@>>Kj_$I9x z^Kx^gu=8Nej%>{z*l{p+Y<2}x??Xs#p3qSK*K&k4;IgBvv@bs;d~xbrWUZi|j~H$N zxq#q{Ay12z%9T}BP7x*tkC{p-_OYreRt60JVBTXxROU#XZ0y?F%A4Jcujqk6h~Q z@ayLtd&0CoqbBM=>c-ypR|x#P$A_x>CdKgT>OA^+wgO#D^4B}>@0iICjp2VxyUB!x zLB$0Z68b9-ZL6(Y&_!ua=z_j4d^@8`{fTR>`{|M(Sb!4mQR;;x1+Q5}z>0^>c1{40f?V4==?C=RPfbA8 z`I>$LXHYQc5m(}=zfdyj`&xS-{NnhjMhnu=1KYGXu$K7_?_YW;ag`_?7IoyP%;6jY zKibPqxQ)1^dY!@}tmC6v5On~$y&daarR(_ZdvpZs10t?UPv=*Q@DaCUS+($<)`5hu z<)ok|p}^x(^$E2u;^&QUG%EA`-K=_$Z?_+Iu=@j4T9O|x3-oYih^hklS+|byPs}NE zbVml`$PUsUpVSHh&f4Uar66GhON##M77y(vJ_Hhn$NuU))e1D-!nXx+MxZ5zaUxYU zwf44l6rcwnD{MffF|^b_^O+(gh0)X5jLJ&|^f@bLX?MXSN!BCOtb5aRYw zS6kCJZ!2|oGRAjN+w(N*vliLSU(OwJG7Cw}&irvRyafb#TiV0(A#rrUB+)rkw)-r_ zJs~?yh-=+xeb>ua^+%3J*kty?ls)+=WypCsf(R_ILtSult4DTNrf1inuR0 zuJ_w|>wBJXIDiFw}qdyuTLMq_xmKN~-A{C>KsGp4l* zD~_@zKU%*(5$;A#y2cHGfP&FXVY9jXT0H&Ztvyw>k4f+y))!@jf7(js?}uO}zh1YXH6_BiLYJJXchk5!IdthGf zy!tfPO<9}Iki2nP*n>ugIK)KkHz80!Pg4ZJkad@5{5yzw&WV$@auF9bh31~WZVW+> zX9REp_pbdgC< zr_xo72uM#4?DQP|jMSy)!FyDoF!4CcaRS6XBV8y#;3lx=e!UPGBsO25}EXpajEVDy9(xL7S+MY{XrGSies<^oH*7+WPK@p!;gl zC76zv#%nL+z%k@aP&-`#d=pdpi3fxfk0?dJS?>-_;ar`bi`FW3|1&tb1xE_#{%%`6 z_>%E1D+Jcc6MSU)A0TldxEc((KL~la?1^xq6bR{rEr%fHm2dU$cvg}Aoj=m>X`<}? z3^^66e@1eI%|A0=@+WaUp4dtwubNR(GWP_+4y55*Nn6MV4gXT2$CPN;RBI0=P`cTI zO6Gs8L|*=CAO9)@@nE@Rgf_$8QZgGf-%LLGJtz z3-*%`qVK2-IK)AKv$8gZ#009Ws*DWV)Ks;pH{eu^Kt4;Fv3u!@NL&FBFM|$1CC75$^dfHo*wKeq^&jKJF zRVD>@lh4TT<_51TKH8-C$)d0dpCd`rxi<1!zNK#&4x!VeGV^wYUO+LvzgH&vAMGmk zlUL*lsH&>!Dc#j7yq^QHn+LdNI!_btarDWco zl2y`w89IL?VuBPl>pw&jQ#_>{5Q~njo%ONPJ)E4fi$H>gNpZa2S&{?7dFaW>;+Wfb z`EqVojJcC-90k)~y!H1ttm!LCnsHC%+G7ZXH7d^= zkZLhfWgIkU^B%9afry)(!hLOzHxJfL8`3Nd3sJJEe=C(G)|f_&&nA#|AsxQ-#Z5nz zF;HMBj;y9*?r<7n8`HbY$G?IY3;w$efLI)mI}I5SH>QZ2@(f;6Sdxpp&(oWpxwLw} z;F{v!gkzN)ALZ7O-=>#Vk)hrBWnc3_IFAbr@I7|CYEwxyhLM%umMmvNb&IUM12{Y9xs8e!|oS@!);$1)YtUO7|lD_#dg-`ppx zTaP#2I9=<@o-U{kHhu5AzsT@RzcG3oRr_`*f~=^+=*syUjV{-eJUqfJ%K6iX5xm2$QbVy^`mxc9nPPUOH%_kZH)z7P zRn@{_RWUJfP5i!ozp3!}ij2HHZ_o&o7D?NHBs;P`eD^oa6GglR(kyaBFC}gL3@n=Nq-$-v->?1#*)Y6)4TDYVq=s+Nzy7;rJ0sar@ zF>gbA>UbifFqcPBTvK0Lgs?LWMtx&Kw#)e64tSNLR8#t#fQ3LkOrw9aSGLEJ*o{JU zmF6!~2S20C#pw%bLH_J%>K34DZc{8{wjbzzy$uMB-U}nUZkspe6@2rz!>b8MZ=IF?bwlPIIWMB#p7s93o>_8Q?TIwE&(zv4wDJ?6Py!XsQX+eXO5dw7Pb^# z8?|Aexu-gfp0yBEPqMm3b#ZQP z;G#@M+$Y42eBF1eCTTz~Bw%?4Em@T7_!ohV&H?@4>WE$Q=4Nio(~_aNWu=p=HO;;9 zN8Cn9>e>^(>oFnfukKm|Ut?_MB%yP}yl?(CH#DFqG315K#Ku&1mmuFyp zm^Ng$|Lt!#>(`@;v^crLtco#aJ436^T!P_gRhZXxpx>RMfF_kJ(uc3T>~_pu<_C6s zqH9(2SQPVV^>2(SXYDqv5ManpCJ449nwE-(afEz*w?xXWJ*J*^?ZcIs(~rgFKjAvI zrqZ3b8Apln@-O2*5HNkGj=8zYs+EGWt+l&iJ8!Iw;Wo(lyJ@-TV&cZD3y_qd0^J>& z{)IS`stPZjXUO{xpZgb94d>c#k(nda{JqV*sQ5wz68`rhdU+v25Ukuo5h_-wCwP5Q- z$MQJDz$@h)c0>}1xtx;&56P{ptrH7+kcmks4AM_<8GjE=R!_->m&aQBnd!B8S=S9dXK!?4JEuCTB}N9C~td#X)#5;%XvV-zG}Q^rqJ?o~u+vBl)mYhzb1e0s4`D zvu~p1H96Y{WE%aKL_Nf)=RvE?BAYfMAB6#u)+x9LXf?C5Z5OXKR%iU#dtN#yU#U<= z7hPC!qD5Lym~`Tzeiu!VHQCH|cd&0nA9E0oHpnSjzKipEzu*<(PtVlG;!n#jpAzWPv!(il|6x8WYhbKd$pA3> zs@3hjZFuq3#E5$%?Pspif9sYtrI~LC*i(8S=hI6XGa>=_(O*mFG`;-enj&b56k3)< z!<(8SW{NOX)ksDA86Eun@QLz7r(^b~(6;g}u6imz8G7Gas>HG%&U z`G;?r2M&fxDl&TGyfntjkj`+9dU#SkOktMuIz94@m=F27$vEI^XgD;sZ9|Qmx-ch~ zI;?a{t(O;y$A6_kboOIvioVUtyMh!)z12%cS8j1adAR{~y2snY%@b<~LwpD2M0ST9 zW%kOWq1$E}te2?Ov*Cl-6S1Ok4AZJv_qs`#1{w6fv8l*4j<|nm+KepvAueq)JG2n5 zIJ;h8gWHk9Okg2%6pu}vk01ZR+{ZhnRN- zlu5gXE>=$XP2Wfv>lbQf*5~zI*)35TG^Q*m=!xJ+Lc{zYdhBv@FOTBVa?F;6^6fzC zULK)RM<{3K(=zLdIvsjbnTn(!Qq~k#3w}+%*1-_8{9xeEJ1z6qZ>IGCPFjxIO8r}h z+1*=V-fTP^<7;$id9PL||BrA(`L@P^)_~!*nWVx}1g2nto=!*m=evNT82o4qSXfp^u795hYawLfM4phCa(8bZO)=XD zffC5LON=;URR%>rXUxA z+LU7dIP^Wqm>Ax;)n_Hh&R`;`q!J!sR;$^1Ln2WzXVZxAWegnLLt{|Cova6S86#_X zK(CQ`Y{jQnJ1}7Z;UkR|s_)&D!EWMTmJ0Jy3Gt+yY4LSXMFL>xejO2myQHL~NGuV! zjTxlNV|IB z(UMULXn7gU7i?4>GO_?$UC0I0)s4ARVy$m>5j5F{RWf5A0;U(q^JC+l!>o^Qf&NQ4 zI~6qnX3u<&DEt31!#{1ncM&TZfDTNKZHnTb` za2Hd&VyOXidl{Vn>MoyP_~NryBj*nW<)Ssd2-TzmPjWi6_c}l?9qDD=oL4BPY!Z?Bs!A*N89qX{fM=Sh*{p~P_%D)%Q=Tf zk!KCrQx>5zdshZh| z(O-&>t*@lFe+WX;04;rGqKV5%o+}yZYE9P~y4UVwbJ(k#oAr_2({8yut8f}Zn-5rD zj_z(Zi|!ef$mq|qY#_QW(nf+YaEgJ3PViJhQx)%B>QIS>SOG34! z#@jg3R5WAvS)6DLhq;-v%>#6P`;mCbi#|caM{c?n6g0Q-)|<)i1tf08)`{aoRac!; zi!NH5da)RoO0ulgf{c=9OBccZbfg8)Mo*dW>Ihk|c@&KMVkX5IYNK)fym~Lx)PUiU6*6g>1j-j5bZD#O>E9MS z6lueAm8{Nxsg2{9aU2Hco9PY?@(?v9(Wu1ZBSkQU4bJfMiQ!U@Vw3yVOKvse3pMy( zz2$0?;ahgKs%Shf5nhQ>Pz+0|lI&zDwZ5%50z3FjtwlF-hRs!M+6{%2RFmZq z1KT9T20{>rd+i;j3u6!VnyC^eIxGw~A<*-_G#CUJm3kXq8}1QPt&VkzkL{rW$oGDx7gWr-kxgt_m`-;7-Ac8G+WO?<>& zuUGu5!9_B*z2|Nhjth%2nht9}RBGLOsL7xFo z(Olp67@xEP0O*m#Z;)^J(ImlGy+7!+7SaZ4I{@K!8rVPQqnRvFzyca&D0Sv}D7OO* zzx1qmO9$Y2f5M`#zIFSfg83O`$_Euj?t7gJ#8{4umwuEbH|9f1@jv;~ELZx}h+7xN z2)A34?8{eo&H3Q7fst%+$YX9k1JwLm$_N=FA#;|BUaShO zcEi81gXzVHcB?fl`H=bMiQwUwx`tHG791lF&J8?=A?@v*aHC6Jg~QP;n1`DcS-;V3QzVaeOiXg8`&-`B#PKNe25roHKr!$WQ&b`ueYw*lAzVtt(lf z0DsgiYG`h=v_~E*U8fkr(q_!1VYTd=6=pxx5X!5qd53+A(wTL4Iv%;dzhC;^yeN2C znWs_A@ujK@7oF!cvd!q2%~GNE+Kdt2gZx@XUF~~@a*xZnXf5rVw@Ub-QF$w>8yJ!U zL`4(!1gjGS+XMXNtyHP0IcnKOUIP5X zZsS#>qJLyQ#@i91_w8;2tkORC_-;roheHXbhS$ZtrkMI%9kC-$V1+=OI3z)1&` z^WN#hJ2W=-y6}l0WQPU|ubXkMnyAXz;h+g3y{`TM(z^buq=G7Lj_^4)I$0OYpTpzg zlxp(dS{aLcUbAvyA-hpzczJ2Kifoiw_KmVKycWe%)5#Ncvy)yLy$!O}d~GiHV>6}6 zP=gvAZynV>)7+BEG$OJ7v<(2tgnb! zF)95Hdo}ikB5HcZD2;F*J6xul^ef6V7aQ%INtrj(HN$sCnh6d`bO#=kzq04}uOGeg zT$G&=Cw{(Xuw(RK{LrolMlbn#0X-V3TvXe-&$f|b$fDT6!r(S|C+e?>Y9BJX@Up!9 zxLnIkTh_`tk<}3^=J);q>LWa_Rlcf+&NQpwEyG`lqRVrU@5Hh+~ygins3H_l~o- zqYcU;wg8FPjpEgsi9c4c}`vLapVGHOWAR5-puGM~r1mDrYK^{UDw^O|xrRy}NxS-C6=C^{G+F zZPP(27bPMJCe`Rm)8LG^~ko^ZbnThGfzmQWwU%zej&Ok>-*9f z*^j|je?572b+5ahPSs@;zt~P5vdmeFy-9piU*8lqYq zbC1O|WZZn+)%Y@bSgJ^Sa*F9{DmNe~zfF#HWQj zM7r#yfE4@?&+aGZgz{I6Ig0DE%fF1#+)@&(io=obs zEM}wG>Gn-axUYukAb$5~S{xwMWKOgT#epZh+%&MesuD?2w-wwtAY0mX>s!f0WYWEX zk9@)F=G-(rj1u2h=i-H@c1n;qSs7jqf_0~8r4-FJw6IzhqjQnVHJbZ5vG)yQ;xDRp zJ{SXgM@9GtM$M>JNgFlOOE>s_O&A})jzt^YMsuc>iegmZ_2P@N^?Vgu5|K-G0%Xt6 zK8qo@CFZ~heg9<&b8Brr0ZUrgZng6xog={*P1xOja}$@nd9Q=$zu@Vs$-b-0ma>{d z$)Z%u`zOl$TH~*%mJcT_`vYm^>`Ca0r(xX#`pH%A)`KrQ30kMjMS-8DC=>jvT=-O7 zxc8!bBL+97n8rhWW=o*2?Iz;13aQ*Hp0aK0D!NrOU!>Z;TkQ z^EADnL2=}SrdDo^OUoI09+CJYAg)cYWY&-o!K?2PDWIQDknUB3KOfpUYSnBYGsoB4K0G<8CX);( zP?!>9vornXFo71K`*&pp?QVHl7nhS5^ORhLEq+4%)Tcp46ZCibh)Jdk`R8zA%gHEf&qoVrn1jn1}6d@CL3lQo#gztiu5|=4B$XG_xGV zHZ~Aks{`Q=-g`(G`?o+jTeWJnfxi5W@0la}MFrpeMs9|4_~rdT7REm?dA-ACwJbN| z`dWy&>UG}}`7{Pqzoru~_~cH&nIc+hf^t%q?gf;YPkE;}PK=x8-HzF=Ztj!}$;)ht zi@f-5KN7EUR7f4prkif(UoWT^J7V9<+HGg^>qW^e38(6O#9LcX>(k3MP|9?iSv9*c z*HLOBHGzk)?BmacjBE-!cB$=sI~2`N_e=x3f(fmpETQ*~Ye(JR6Xkk=htKJ!98Y-m zsJ{f}bleYzL=<+lM#ayk%$h(_`oby^rQVb8O;IK+W)sMzS%u-lEm^Bm=`tz^3zt3Q zSBqSlQjF7fda<*iQebi;KX97|fLKH8lYm$&F7xXtN;MR72&7rYB^{at-iRg1!X+*_|(X!uahyQ(aJ+%lSu@j8%b?6lZLl*9F(Y{?Qytja= ziXuk5MAEwG2H1{XlCJx-1JdUqEsC*>(#Gafc1y17F^u^}Ieej|Uv9e!|ElnaX zcnePZ0jcl;ejetq=38L6N|GrMTM(s`#7LrZQ^o|fT3sLo2q0%+s|ogNd_kn8d{7SV zt+q_18a8j==e5Tjh}>)CzRkzrEcp^1AE-PPx|{o}kr!JEx-{@AVGXD_L&ojrUs~-1ilj z%Xv_mc~lNom?K4X_^)sb7>cpzZd#?1nTZ_B%;K9FUE;W-z?RHA*xZ;YF1b8TT*rtw{@m_POUa!aUjiBh1D_>)id@@OM= z$f(!lkfw;%Npgm7SvwW2tUyPNz|8aGn<#dgw7p-dI_u;Ur$#1<>DD>}11Xik zB0gSK-(R6B&@3CT89Js`*wT=%S9M^T+x_af*W=`k|89B2_umCqbjk!a{&<*XQf8D- zNi#OXNXXtn)>2N1Wc{N(?5nt~!R2klO8>NFf??VR8GlWG)QT>weU@WYF^qH*PqZ_h zl=%Fp)9x;Y#4P_^-gw@h*i#ZUO1q zSNTrDQu=j)F7lNj8MHjl3oqYu2l8C`;ov z9aMtKtn`c&Hx8?5tll@Y$UT*Ktg0e2Qo&YX~G8#|7J^BEA&HY;;rSi2Gl79*M zbN9?7mFO7g?)glC=_94*+yU$@ZA{eZeA}QXxigp7U&G>GLDfvl$O2Gv$=M=F6zOAQ8_5f*3XX|BipAA=pRAQ&q8$K}gIntG@47@!rlH#kwE^G*L- z)K*w`iTq6O#jVK)eNxdbAI|uA+{pG^8A9uuAGFT0*r!@mkUv`Lg}JBU?|1@S0V>C) zYtiKe{tjNhk;5gc!OcslIJrQR-$*+(w(ziI;a{SWCsE0+(o=C4F zuMc7hD$6D6;0u$6YL{yBaMJuf=f&kJ90-4J-dSjbZNVlw+D(SvZ;3Q&aoqpAca@so1ve zvm$l9Yas~DfgdT+hEUeJsP-4@sh0*}d8*fOa!>Z}|8-4|%Me*xGAzWV%uikw!V;v| z8hazV2WM$XmQyp^t0;5V6YJn>6(K~8mcmnGODZ}_PIU~<5Tq}N%op(GrD@$O?F(|Q}UtH!EPa1+VR06*+Ee`3y{gJ zXl8_UMR;q_b{|y~KV56D`OPv3hv8~{1FyEX04;=7zUm^h&k<;nFM`UFpy>W3EQ%F$ zk$DB+6%jMaDn!9&v1N0n>AC!4xOwDw%=|NDbDwto>w4A9&t-ehLrRF3&|UdL@9M@a z>+udMFW*cE+Y-8jT$(rri`nN&I`{4HxwM+mDUSbivrSS7{!;kC%=bU>|9|~xYZ=dJ zW`<$RuT`nkmS;WY_6jA=mf5e+j;y4PT)@`W(Y_TyBa<=)zwiAW?7=^xDdKIHX4B{tdSK_;96zQi z3*UJ_Y2JkypMJFtzuAzEc!11tJPUu(Oxe14-=SJZIqGogN z_}~bP=C4nxAo<%57TQx-m)j(nJlG~Z_NjgZJVzKG{jDa^WMg9!yuH1*hYckq{&t#| z-eyknK?B86wd)HUCk_hNg2Q^$gKIPRY-u&Xl z++Yy@_VYH9~_{nK}q+x*Dv8~HhL5; z-ZT8KHm>k~b;&Ay+;?`r ze}vZoDCuUfdY_D|qv4-|{@W=rg-WyZ5GZFduZ%;|U78b}f>s@_|18-l7Xw-g`Q|$Y#6Gt&}&cY!gD%$ot0L4Eg zCXSIUq*ir_jkb1b6Kwy$Z!NUycYhaNSeKNqiKdo(azfpUT{C!Rvh;C7P3L(gP+tt= zN*JFYRiT8yX#*R?|I_f2Bdj`ya#zgU=#J`u@h6{6c$_ii#j19LhFE2f`Kz|JOs7wp zpU!@L?{?Xd<)eft!Hj7b)+w@7_47qwN{W+~<7WxW?=)o!Lf^A5Qv`=xldJ!vPuEX2 z>vw2t6VF;-TiurgeP+~+_(;2AOz6c>_5wUIMpHJQat?^*xY7!4Pm@&Fg=eIxa}j6c zXj*$B(bP?G!ci8{BzU;2B-`INb9eaB+JN?Ws=1a-n*3c$IE{}!{P8*zec36O@6z~6 z`yONTOu!pssZqRneKN?l>r@}-GKtUUrWkXtHujuGD~KE8%=zUdu)w>b>ri%JRNz*P zblEBOp3s1c&HQc9*r?5t9$mys7uHN-S&FM-%~rrdt{AHqxmhAu)o1mwUa-ErPds18 ze%?7m)_XM`^D~u7e?day+*l%oT(Hi5qxdDNyg{5TN18Ug>+0ib{?0l_;e@7fq_`}r zE^A3=5tKWP@60%)2wM9nNkDN%Tid4T7jKZf@xtB69(fY;KDRcb3iRPM>Jslobve9079!z)AwoJQTFI}?S`yjW#_qw? zDyRu$dj<6So_wo$sk-XYvZ)V7)~xoqIb>wH;`niWkH)X9Tl5!mWHDL87-^-1`@Aa7 zsf}6tSbDZW#~dPpR~xF*o+rh-e;z--eC z_fEvPq55{D}!XHzZO3ZayWGli4MsTd1ekZ360Cus9!C1nP$Qgsidz9d1=Qv$v_3jOrr1p;cVnT~V&4D~Df{gZ$5z^Go2t zMZq!Ik$m}Y%5y@wCqb9WYI2d~5$^ooDX9J=!7lvljE}tE+1LnNp@oWqeWCauXnEhpx@>3a}RWnru;w6 zZ_j68>ex~Oay;}(QPaIuow&IA?Oco_vq(e|wWVtm=N?`aIWUl=&Y$8Bxn9mYb*`qK zXFC4cCF)Yz>u+@vnzOL|Q4QBmWK4f0ZV|zgP zU94Go*7c*N7eCY8Y9`^^{sAdBMUUQ-9D%MDwB;FmFp6Gy+I@MZ*>kz03rsHZwOWvY zm~`<6{qkfriB+(b4lx=rE6vQID5-vZaYAmcu#!n4JvYkKuG)ah=u1^gHeXDdG_1 z4jn%m>13*U@OlxW%K8)OY_?QCDLht}G^gVMj0k zocNZHlJ;}jN^ZV~m!~g%vCD}-GT99{$nfM5pSv(W;>nrx2A^l?jRsG618e4wpB~e$ z6Q~ez9jPyQI_}uvL(%MH+4RD}<|2*LWBQ6?#P8>3`O`BliVm$mvuT*FjGW<>WK7mX zdLp5+m1iyKJfC7a;yr}zRujXfTxl@NVgPw7DZHP8Li7G|roHiduRfLcX5^3|RMIh- zxlf42z6tAa0_-P6&M>$)(6$%M6N`D_Qx8)7PjA;1CedEaP9O87ZgDfabcZ>L(D3*= zu0I4T0sqPssY%P#>y}q_3YUZ_3Z;&pM#38-Cx=SOX808%l!rWzaVniGJnKE{Zv`29 z{oC$G$DHpKbu4}EM$At;GBLaaw)-DXC>i2c%+Qm1ELpztdW*Ly>DhF;1n z`DDvi`{B=o$Q+sVH+@nGhBTb7aYeaV4#lsN5i$Rg9w-IA3ivCrkMDVW2$MEYQE?`y-Ya885FCrh^06pLMvXjR`<) zb#g^<)*ZGk&)8_N_>H*U)7#Onh1kM~S*N#!C5qL(%(?7%PWII;g{BKl$(GvfgxvfL z+s&DOi~T7!G>5aGI61A5U~f`V>xql-)OtEVQBM9`A;d{a#NZmNt$b~Bn|33~`!x&r z=T%wM!^_sm{*!m8o{5PWwu)iP%N@?1#2dF~WLZBjiqCfGFOhM89q6=nCsffhTYWp& z-J$kr8)lAVvHp1`Ew>V$oMg(5l&p#vn-D3NlTY%W{AZ^B2zYA$KfJwFR2%QR{tX0z zySqz^rAYA-912AW#U&JXcPS90xVw`UXmNKM+}*XfyB28aKi{A1y$|1`HwRfOYt5{g zm6^xx>$*PAzR0k+bBJI^0Tpn7z3o`JYa$UXPKf5EP598ankX|&2Iq1sbE49J7Fo-N z?Cki$#=gG!O@!`A*O#?#6>kKCyI2ca-B5}ZmXo0p;1OFRlpgkKWn4Zp_gw7^vQ$|JlUq|69EqkP7h(>iFYGaNtyG== z#&))8XL;2|GOr`g*v;<0wJJA=&;Ml62;VcWFn15Sq~=}Esf>up8Ry(rV4NHkMW+qg zb<}?XBp^DgN+lsps$s0&)4H^_D@{S8mM7D5SUu zDi!<;aeDQApu%CKgII3^#~8D^y`}!=2!=kc8J;9wwn4IK5zsv;hKW|4LP;DOSQSuR z-;%WB5ZZR0Bxehxp9suInd>uUBDfSTL^CYaJ85YNaxAbbOKkTt;N-d9Ix1^ zClHa65n;&ZVM&)s{IQ^cnOC^*?cF=WfXrWevKtnysME`9hh#pl*hQd z_VN-4Iw28ktVgk+)VOT9t>&9ct(HXiAjdl{w%n>Eg!FXWF>+1~3!2S5&5F>9xb@cl zgXilPKc9NSZYHKStA)as+~Q@v$ayVqQd2Up>W=N4S-SN`BJo>LF4s%fz`}-NNVjMa zu6B=wcg`8E?x`JrfwM)sS-L>=J=i2QOv3W>^)*SB%yC`(6XOU@ggkqGxR9fEG%kI=2PwVutB8qAYD3 z@(Cvz<+va)y;lV!G`uA`n)WNf!SVi{b-17EHF$PH!n0p^Toss>`^uz#wB^NIVTc1oJo001g-hC$`OlC=+vw(Z9 z=}Q>nXjnNG7vB2qTBdJ`!OtS6qZY-bQdM0@{HJaL%9ERIV>)`*%y^koAll3Leg#s2 zo_YJW>_O!J#Nj-zFNhxMOv1z0_dmio~)dZPYD$|Z`Oxvgh#OJBQ`79{%g`M}wE)-7fn389Iw zC;vg3xe`&w(BY|)vGwm>{LN%8C#A<2ez$ zE=H&~&;K2xu}L0qA_%t?+-sI@b~oiQ{0L@Nw2f3ztxNTuTttUo9Qg*OpdXyQ%usar zvb$UVoyVGcsLa7BVl`(52CLYBSy4cRVn#>V(UyXjf5luSF2%uu@;yZ9bh(K&CsCpU ztY%#dI{@uw)26-wuczYBVhpD1aJYS*Hwe;ZB|A|$nI#UV&LDAOEw6rJj+>*bgPL2@ zh|7`tsl-}@fi=LqO<9IMk{%Yarucb!fVkA3jOWVunK@`~`&aur8kO8t1-4NTQ;C_k zjpiXIBZ0U-s}dgXcpG+I6D<9jD3V@bXbMjz1X+yXkO z5SDksWh-qr;*J7e??bIxdzg3F!eIdlwsF>0^-5OfonRL z31>o&>8kkTi##oJN*POPYpG53{tq%NjNT?9@{ZWY%C|7uusw4%p)Jso@MSWJyC^cM z>$$~rL$#m#-*4o;dJOkpUp>Y-8imCb?G)X~Ez-PLI2I_#Yji2HX@{{;su!1WYWGlo zN8c-C67#?3nZK9a5{T1KfCSi(7^3xW?BFME2KsUXM4L*NT9hzc8rBX)+bsS4TG6)f z5ZNKzkgD7VtqByZVlgD@HNY5EJ+gL9gU|cKj9v+1BW47DW`?yZ$ae3Kv?{eVfJ_V$LO_JS8qY#l5)gr8V>^4CH~ zt0&WjEI5>0Z{j2|sqKh2c=>&+P<7iM7W&g)Z~@jTfN?98dwEuN__|&B)=rE=J2N1cH)u(thD;ti%e9N?WNaJ zU6#s`Ad-D_2X&+scObf{gB|0t5s-EOvz8pk#M{4}jh5z=7Di0WIJwm8#x+Pc1!@v# zni#-1S$8^lQ8#tH%J{UI98CJK?$lFhfI&^Swf)z3B>*RO? zP4+rjUB;rp^T1K$3OlW6!6*Z|pA8{|35KQh!C~JGL7ZOFddCUR;CNVW?i|Yfr@V37 z#RD@3=i_qxOe0&c2Qx*_>MIZ2$D_c7Xor^PU-&4%4>sth^PO-BC->Nq9yPnwZ5x(P)+DNrwXaG zreLr5;JIt7czHi)?%enB1^XH|SI>x$w8If>2ZTe$BlWCbo2gBKr?N^$Iw3dB0+|>2 z#}~e4Z_hh$2K}!mUoqV=2q+6=bb zE|v}Os62~YiQYnr%xz?4&-3Mye;m_3Zn70W>2#S^Dyef`b#`<~Cye#oLxRkSP;0Gzu z3vn`8l-zlJeiuwfBctqWnvm5LP;S!3AGB>w?CN%5;DeHB&Nv49@bNUP13ZwdEE;5e zH)wYd_BHb|cpbTvQ`CC$5Tm4^coR)GpE6u#%Gh#(!kRjJWpz2c;oEvBfkFaKpx__k z>SjKn#rLS5Mb+nuXeo4fQ<$C!21eL=re|LSW@;iIjC6S7r8&M~-9ilb-^!|@2M-OD zVb6elQuQ{q%na^2L4)7U!sk5PLwq>KVvCp%rYwgTXPMYnDKuwwQIaYk=WQlqsgt!)MqUtfs`Ds)C+^e>n7g#^ z9)R21V&LA6bJ#b=X=gX7k@hY9l(DH*^UyGv*vyDBF_2-^izM@eSFz||M@P>9+tj#G z*>(fjxYusdzr5Yd)e+A!qKzoT5dI4E&B`BGT+%OAh7F&CL#^+=pJW9M9cD&W+Fp1P z0Fti3|1=|}Yt*z9~?cD9ltAw%x_8Ux;eWVh@ou1q{f-3eJ7_@X{(ZFmn|S24hyhVo=iXw z9MFjMJw=I=tBE>7ud6o-)lEZ%n-6&e$=NI5DPx#RrIb0on9zP}K3?N+Cq7Gir~czZ zaeb_;-ka$_kDrip=W{}chu<8zH#~%oK*m7Y_RE4(JTd< zw9HQJ@S}O?TB9l8dxYFjUCLsym(H1C3e{a);TyDU6C-f26=jE*yW^YIS!W6q=*P$O zsxGii%Hx&}@3Vuzpt-)c#7l<{CfP@9@bBvEaqrq@+N$+u*KZN>rDof4SW_D?MOl`4 z_>9G-p6>%{S+?vcsO`_>9Yc%y{W#}Vryi`!R&pRp^H|@b?8T>IMYo}AuQS?;#@P0P zDZiQ@J%zJuFf&#Nj3}dXI?P`4-<|fgTtK?NcVxRC!1l^g{-a-B)>`40xbEymH*I4^ z*{4i(j08Ix&INi8%y(yW)Zy)af_LnG?>rV)(d;_7v3n~B_@K)8XwoBecaPV3Az*Z^ zo}IO|yD#X#2_3fkC`Q7R$6`Rk9& zzXRHyh{|**BKE%XbY1XGoWZ;spX!zoI)|88$~vHae9G;8jaq~I>(if6t37 ze;P$CcpGO_wo)|y{KW3lLAECt`#f&hF|)2SWgb%y_t#cF&`jZU(_G^jP9FM?+7iBp zFH+?bsS-shMG!;g=j`f^R5zp;zAXQ13`PcKi=OL>11$r87{AIIy~D$UynorWQ2y~% z)=4U)qCG7+AdI7KidtoOdeO{nG5kl3^y6oJ%I^g&TvK#{p$T^fs$#9$cxEF(rBGr(ML zL-sJQAKSoMUCzQlIOy3G!DI&0 z&_^zmHq>E!zj^BZ89@J%9@x|>l8z?RD)!AQP)(piz<1K34w{tRWOe@j|as+L&DQ(=&RiJvaNcCMYlJgo@}BE9Us@#HKu$h$wNI>=U&|sG%;6E&dK&uB*R#!E z0i=rNocU|eTo)$IC`wO8p^fFA(LgKpl1d@H9K%(3&)SS!WJyVx6p568ECqTn`(Pn`Bl9X;{=d z?OGdI=$j%G_ZO!fMfh~bhxiGKx}oJj%-N#J`Em&rsWA{F-YzURsb8*6xIh*bs|rnA1nG1tO_E1tfRhXD|;6K&!?oSUQ3&K&p{5n<(P z2OqK)Sri`IuQUm-9&~}^aorrdv%b#Ebjx4&TW&dmg_v@B1Uw=147C+VA*BFp* zZ0#yk8ot4Yb&!6&{c|zMOwMc64AiMIp)4CiLKkupUYlGN;zO~!hBA7}50>Wz?py(5 zczMcW8$+_oaaDwY$=Av~2v6S*bJ>&8yC5RH`umWn77JmL=eMl2Ci;|I@eLU)WacNl z8M%yY&EMPF$h8~O3px4?ZepOBr`RLW*VP>Xg(8wfG)6K{Ryq)S*UhD-A4s@Mg@<3) zCiTclHfahxoiSXer-_?9ee8Vvm^+C0l05#1eUIJx=A7HFa_TO>$x@`iXY#V&P zRufPI?+-!buY&Sg4$aV~3mTd#Hmu)}?3aLewGZ(!ZIT_BHm|*c5;zfUu2SD08#bU>NyRACb~)lzeoNqO*1RD@3iKlZkRbEaYA=m_~6x~5rj9pp5T zy5u9uhWGWf{fHDqcc8NmZ4d{~E?Y0GR@YDdCamk>8+2V89LXi(-BYE>)Rbj`r|1O| zkur3ZfA3EtFq#)JmuBXB|HpZEXdn)C8LD8Yq+mhzW$!f)J{h3LxuL^`EZ!wAivJ zf8yvG(7DWjHuBVw>HrN#-{)OIt{x(!%mwLO6oUUtDfltKF*n7TI>?Tt&sHF~5Me3- z@ix1(29uC@#i)9CbPxX8={;be!E7|6Ao0f=^;N{JEMatT>NK(I7gSd_fBA(f>$BW7?zM5Y z^GuYvts8BHWpA|p+07J;`C`UQ?Y7%>LCGV5mBGu>2E$f#g-Y2qGVOUfNk2n3@05-{ zD2jNXP1LubwB5m`2s5cxwdd-}dgxHT`SIqq8$)vNTekI^P4t+ZB?%!+h5Hixic#s> zNKkj}hIV)3%YNMa82IlYM|h3&!j|}s75y2_N$BrY%^n9__4(ItX5Zs8uLz~1 zA0u^?mTrJheZoB^MrE{-dQfSDQ~RV$;*kH!>{g4evw(0O7~}`2Q~!%H+>0e>AoD$F z8FUa_ni@FTylM&KcObs_tx2xgVOZdOb=0tgHz+1}bJkQT{TVul@n*8AQJZWR?Pzul z?*mu-tc>0}6E!1T9G;4FdNpYAP($j_3yRaq=)1;{aY0{?0JOU&JzZne4&%SoM41bR zaQ4=%zIX}rFl3JV6j)mQk(YYzmJdd(glr0@OTQTEY-L{{^X zld<(MHyf2HKX;dLBr2I3o87z%KV_$*E*(Wq>A-uY1pVloH`Kv%qt2dNdV(L3Bp56J z)FkhJyFb0Sa7l{%wKbC7R9M?`|Bc-Vyg7B!m}n|&r1g64CxDce|2o$v!Mohmw;X+P zgZaf&kaj|}{Ho5oH4`Qn&yIx{2d%y?{b|H-?Q|#sdA0WmbZGbXE}TDz-qv+y!?_3I z#SkOQ~3Ql{{BLnTiim|Sd$^=XRILNv1^I1 zjPOBYKpAHO@kv0vBZ{_Ft1VmOri4=m!MSbt&tlm+Q{(PZ65VCMD3Y+-$g1rvm87B?L|r< z`=D~~3HJCo?Hxe&g;d}jP6OceTT6cejDGl3!#iQR?^B^W@cCukpfAWUCls#S9|DuQ zXq1;-JGJB(|IrDp*O4@$b^il9K}a9}UXIqtaet&oaBLd)Y|!|>(1|1_2M{o!KyyxU zHb}{c$+yt)@Sc?-ry#Etlh(1i5)DS8fME!~sk%8efe4S}z%Nq|^T{oDP!L!fXW5Es)Tz`Khi--qVy+qbUxv`Avf zbhC2}LSJOHE3Iqz#H@K=!LgEzx1>N~^y2y$B~jS-5v_oUnhmn*s_Jqa*XfVuX@G^G zNr)sb1`gKkEoM;l;OC8M^^5yEEId49`X2=c&XNfgstGx%ItgARTg)=6G^cP*2Jyia zx>-7uJWt=LBQyn767w(pGP;V@Wx1HBsso=rL7+OE%qoAm=o?pEs_&W;SzvU68z4rM zGVhBQp(%e}5ghE=*SCVT%rjbBZ}^IBf|x7ZR?KdzKYjAwpB2nFAKnv|pcxd;^Wvgq z0sy+^)|iC_DB3&xdqPmUc!ilpf1-I0@jP5$GIVeV0#)SgoMliZy$k{Rju4-DcDgMC-4B-Jvn%4x*rMnZrUW&&+)y&%;R4O+qWmbrU!y5)$&Y%=u zv1GYz49p7FV@+C|(qOoC!dzQ@!D!E0pz9&#Zjp5eM=7}ivA1fAbI#}8b;?W)-e3hw zC%YjdsYrXQx8bMMY7;lw;L^4Zj^Ulk7qz8xpr8{0gNJ^Kc+q!5Acy;bAWt92Jm>nX?J3gv(<%Ya$D^tyiS7#i-@22!Lm|ACU9 ztjSE=sPxPTH8Qd;BHX04R__T{y-yWLR{$VeqGaB#O(Y=}BCZY6we~xn zED7%gy=^RrZ0+pA*{ll0B@}nu3%JmYkrp|0!N%QJFR5i#+cZ)dO756eJVf9w~u&OQwV?tf+K&o@cQEh z{-IX?v0SP%;cMfzbAiA)2Kw{ zHlSHG+ahM<8yxsJ-DB5D6i6-wd#8PY8}~LQ9w_8j=Zk5)g5gwM%K6j&oQyUfL!+w` z!YWj#9ku)v5@%X33Rah;@g)?_I`@CRD1(uVh1lbKUPK=n8X`nKV{py!WprM#uKJWx z=Vxv;5%dQWlVImGr2oZA{J$zi;d@@W5r}ZpW4e>HiQne27E>7^THJ@8MC#L!(_nNt z-bipiscbcFz*^CQ@==$ntN9J%?Gn9wir>d;^LNQ;z6}lA=YkwAbK6x%H7h0>6C*^< z=H{*xPeL!Ay{r^0IpF7Zv_nZ(mpBihdmiVT{~-+HV{<3cQ|UAPr9%`7|BDp z^uR9pAQE$zdQ^||8=3s`{}71c=isJs?3%yH1oRI(Lw@zVG z!-hvk+qw)BRJCkVjxt7mWzvLM9>#T9Fm+(wu_@HDMuo_({OdE8{ZD}9-vbQdyM+^< zJ5lm)pA*>R3DX0Id!%erH&AUV^3!a-djGoS(Ak^NQpseKd%U&mwP4?lav@PE>E%KY zJ$Ztx)~M}Z-EE@{$KRKm!sFU1D?kc!gzAnH93!K|V+k0%Q6c;<8#7CXya6dtJ@R+h z-=O(D{)mbC?&;sZf8U^{(5|pMGbtt&$Q_o8=bOoas8lF0hCxK!>_}01N_$qq4W7ZQg#+Z7woheAVvq1`9;~LNX^|wcYw3i; zU7|;!*gE7e8XUNCX@}fmE=E)!*mRrP+fmzd1?t+ zAsGd{;S<|OdNpkKC~B}_Egb}@mbU-s`WPu~?c|__?S-c5`&47BDNtEI9?kTrhYD&;6g zd~?@CFGheW&MC)E8EcDg`3Vc6879UkGejS);ryIFEY+J_^kC7B{re|?k*6mD_+=kP5FOYEus}J z7R`55X)!It#e-c!BSeo9TO)@mUsEi%`q&hrXNj@V`EBv-{G#m8yfU>6bo*Y1$Ml;v zxFLMBvRpc;>eS!Fc;M3W4XCl!hies?VxIAZAfe$63T#Sdd-APPEji@(=NL9!3Ne6a z_@%OA@LUa6q-jCBRi(fjF{qg3SZbCp$%Kh(EY91Y0lui9V$UNLUWP$YS73&xkELk~ z+$&%)wj3n{b%d8szePrLmOEPY*^5p9DrH+pq`l}{32v3VvR@u%9~;Yrq? zMIf#+ex455#N^W_UbSi=Dq&+3KdbnhR*mM)Wjr?6{@{c1WD037Hd6*mV#77GX7^S` zW4vI>)?J@gv6f3Wr@-mVezy=jX)8b&kp(erry3PEm~2Cm**)Y)FZ6XUE4g97$Qg$u zN$u&CWH38B2C%{PkmTLZGkylO#xM|!cEXPLH+F&t!)pXf6>C71=nxw>#;Gw>QPrq- z6T#buE5QvJoof&t8JRgA zWe8I8)Z2Xr5|j`Tpbx0fd(OKqZ@7K2aCh6 z4SxhWbXHM`pUN%3?K5`N};Gc4q4aSEUIQuDd)w zYj?0({eRShLPWdSWW6H)ffwNLpwA8Pt(*J!8foCjyd#wWRnG~ftgp+yF+{@&q<7La zegtuPjY6qF5Cen_juZ${mV4qs__8gaI3XMfc3frYdTi<9{rJ9Rb13rAA$um-SRSS_ zz-w{?_*yR|8m6!YA0$n_gXJQFe{p4rGKPYK@*SA~IY^?6D0zzELi`|>thz~GHV@sE zTUd`tk$7;GRf*|u0xi;- zOJu>#K~y(<1^q04H?3s9@!X2NI(QZ5yDfpj{E?3#@$yn-_gkZeMTZ8{1@tjj?5aUb zdeWs+V@cgO1!x&OHzE%wQ3|#PZAn@@Tj#uYfbv-wq)@)VR<7kY;8US(pFuLX``vs! znaB7)gaY#pe-x*&W+ew7c^_gDm_9~~qqQ-?Ty zd?S`>csazBfVCQgX{r??^<8HdsU{MRBTJ^627q>jU~4(-B7ji z_0aILKRcm%A%WEf z1yh$t;XODG*^&0bn6s%cm7TM97g<0z0v|G6<9Y|yuc=3)gA+%sGIs(HFWfTbMKXNs z&p%$jWy#a*Tq{^LxfUFAG&s|vZ`^GBshDzWOQ2huHl+OA;E31^4Kckhi@9q2JIq>p zMP^;*Al3hO$d6DYA^K65H_^-g_WUtVa&LGgjeEyP%CwcA?j^*PBf~<@kKOCy!nuyZ z98TTgJKvitvgI>8GiNrp;}A~M&ZenN4ab~MY3BzCEb9ac(8Ir21FECd>)wgtF7~T+(q1w;*s;m1`i}!4Jk2C5dh5`~wY6nlQtp?zA9KiFwsCXG zlDQqUkez&O2Pyi&{bH3kWhPzLg6ZBqWPxKi=bKRU}|#<@1VA@x^TP^XO|u=EPA{$ zgRt(`CF1x0OY;gG_@_-c86cOKfnT`IWqo*{Ry&#h?x#$CTa(N2)~TTe*BR<)OMO7L9TOadv7*_U`OGOQKbS zC<=3#n-(z13p5Kv1x6BWaK~}Q@a2%BCeUk*ZB`JljN0!jruwp|Nc=8NA1V*tf5q$C zZb-md*TGD~b=vCTh_$M?D?biq#ARFf3%>&wN;4@jRkwC@IhAuHzo$;ANuk7ei*~({ za4L)U^#wM^NxQ_cg;d!bl72}gxL#-NF@u4sym84BZoKrsxNU0AN2sy(oFh-3p^h;_ z?C^#Sv-*lcJ_v?e=ho3jKuWc>?TD@)uFPu}5nSvKGJ};`WDOqc;#C(7mEhxxzRR%+ zyU2NYP&Phg*RVmDhz|%LtrQ2~z}$JKEz9X$M=8qI$HfTy$>i_+7Lk`LI$w9kyO&Qi zz=J;%U|hIJEd(dbCVi`6yO@kV3Q;btP2r%GLK2WC@rF=_#|s0kgb>e^2r`zG+D0tC zt!qI(yLYCuUnbbrbb}|O-+Wprp?j3e%~41mJS2h@zQ>LS6b3vN#1R*kTQCT%11Q2j z=yY;Leo-zQNUBh79D%;|<>R3f)snzL;3QO4RHOn-Yc=-3J%a?upMm9em2Vl}Fm%bFriXozdyq+76r>k^#MWoa|wC|G^hNg}Q(n6g%x{<2` zSrXB^j;5BykX(%UV5CShb2hrd&P9RcPXfY_ef1^Iy}^8@ulr`j=G4o^eMkAU5RV-v z(o(?rquWi8!@ro^*PKP251mm&lwSt{Z+F^G-!wj*tIiS*CZ}Gro2%NLCnIMIjqjso zBH&>81>ovr+!tuKAh9O#SIa;`d8j7jrMo+R&&6!-jXJYzGsWo|px}$wX16zI=+lF6 z2CFlU(n+3fXkxg3nG%ZB#>rYwp^GyW=(3`La`5xT_{;C1H_rUW1US2M7SDHzAjXKLXWPKP0j70BPI-}4rQQT`(0FEYDt_;FCEZ<6z`1)lO2q{-#_F^U`+Jsudat(lNX zlB%hX#@!(^;+C9H_fy9CBH}2IQun0l+Jz5^T^}#kHe&zpPCye+MYp1rQFR-kd9s|cpxu<^xJmdj07UO$YuEFIEWU@-CQ_9r>+)+i}ua5bOyO2Ys$K? zz@w-Egq-55OP!G5b~i=7K|8UULwO3#=>?x;OT9H7+gU}4@knVqMgu+eYtJvptZeKI zYe{|y6#)$V)G0i=rOL&KpbnRRS&Q7zJpPJ`?R7f7AL1om%~B{XY%9UFM5pE^BZlZy zRXfmp$9{hd++z@$x3PL)@wopmVoi+g2dOQagxdy@T=+ea6{QbGpd|g-oMwaDIW*Ui zNw0a|Pzq~L35rRguaOR@06A$Y=)4Eoeqt|7@N|LAzBR?;lQgRSc?>YG`ZDh<;fR&C@nP4&{AutK3<8)I`Bdgrj{jB(cA}=#yx8bzq`Q?Q`w8kN8 z_0v8F>rJPm!oMbUKVBaBq5cp2BAHa_f0kklM}EC!FB8vGy6(+OP&%&{&j_ejAb@W* z8ZVB0;x2iugU2p`oIOGIpzrT66)S|>7SWNx(HfLI?-5dAiX#tS2wv7T zaZ&ACQv~YF$#3T+&RzYN2%lgM#XxlBjp6y2co+sw4{5_hm-?JkHITl=!;YG1%`m&9 zv5;@ByO|AsH7{KcC45`rDDG8BE-h1=KEWen={~!7#74pb?CH7+#&$b}yl#DG+=+I| z{(d!ww(Cp!nZXBN54qjDlZ4CC6dt5~-i)bps!6L@k!-_Q~?%tbn1uQLc#|bU0_Ha>+y3jpO5| zKu*IYn(HJHf*KpoqCnmRH>~hJyZG0;EJ$RslY9gTT7O1Y=pt4Fj0cWNAmw+8hL1Lj zh9~%1eC;k@S;Z)Fwy;e70$wss;u;zmjmk?LSiJbHC}^lh?Kyi4_PmnN6GCmu3pm?* z6t5Rb1L`60)9(hd*-XDS;nY*bsy0gZ_0C(*F*>`sxFEbMOUP|v9EoO8%chkuU2X(Z zPOWEF-Qumji1>4w^0&e~^*8Oa9|-XEY0rsrareh7`@E^ZoGY|19mCz?C9ZE$xew0E z!@QlWq>>m#n=Yr{OD-NZ=+D#XvoEy0)npWY*x4N!Avipmk!ZpqJ?x4@$1-(rVVGp; zl3?Wb%U-9y(gykYTv}nZj%KzSk#yyY2#7$52SQjmC|{2|(&Kob z;<9JuiWfRLmc5dsqoJWi(+*z^uX$MKyTE<7+U`k;^-;p39I25kA>mEg_Ag@EXy*XG z&YEweu9_ipXN=k9CB9^)tuJ)`@KGACi5iDYkJ}hTmT!X7a78?NsuxWT&yG;Z^lp?n z!t1CtHKYP31>79JaAB$hXF3Heh!yNj2CqK)=pGHBX_en=mHH}?oP+HxRL1Gc^z%CAaYDbj7i{Gs9@#5}vNSUqJzBC_j;gaOmSuJb7-5RSj&F7iE}}lg{d*!RH`{tcs%)+e7_Na3tz6&j zAOq$!hUopSA|A#m!@SYeRprUtv*4?E&FzbupNSGo>&2_Ipsl^Fn}@Aj;JVRH1=GOB zZEH`;nEOjJ4jYWY@l)fj~ekwHLXkrajGLGZyvSBQ=aKcq_LpW#qM!%a=@Ix@(0d0Oh zy$z~~(#1OoWEc#4#4MM9e5-KXcBOH{_6Fr)I_qTZ4Iiq)j2nA#YnM_jc<$uwZ6GiF zeQ)kT#6z%u${hr6L_hBkzzz*J;rj=#bH$0d3v64?jGRb@jl0 z-Dv^ds1#w>QT+JTeUh?%bg%z~xxU>dg;sjd5jauK42@LL_pgMLya< z3IT2q8DrILd)ORWfYx=s;7KkDi)!Z~XV7kwU}@HA5}x^jzkW7V{P@A-?+}anr@ps6 zfDMxLCV_dN{A}nWhHmrayfQXma!#mGcmX>i>Dn?aoB?S9XFPPbZ!yujIM+D_|pj>Xz~Ncs1o%t+~n-7 z$Tl_olv#W9KEJ1N+&%7i9l4~2kR@G3U$gnJo68&u7gn3$k)a>HURNNj=&>2u3LWSvq&at*9B!-=Vy_$q?=&yF-bGwOOD zP$ZH^wj}~U0`nrP3%KZJ;@`uCAkE)|8DF4D`_nk+q!H-m8jz?|ahE(T^#JfXU*2lbY~@+9

ONT)jV$*ml}iL_ViHP+f%T^+_|~pOWWZW$C$bRk3X2Tu0;n=@0<;((Gp;&iii) zi578n!m?f66$4Mo_#vOnW#13K`TUMs*B~zlK#2U+h#zG9iRtxMGVOg^@HC%78@cIs zs`D8Zmy#zPKQ$;JTG~}AWm&G7yDI5wt0xb4KQ(IZvvm(aj=>6orW-s;fe&ub6stvp z-74IZ-*vC#t>e`2OU+&AYZ`MEplrBP5uApU%r|b_Bzj}u;9NO30+y_AZ*I{|es0_? zA?AMmtDcArYc_C)29N5Wu8%gmW9vM8h6=PvBVLB5p_egm2z)fZMVY0I<;$RD;Hlc2 zpL?f>b-&|IL*m6V=1C?!nz*-*7;$G~{4;WoUcOnwBF^QePkD5u2|$6u zSLQaKM_!atFPJx?^KyOu#BsxAOu?ayynnEDI~VvF^U99KASB$(B^dK-b&EI=IUOn^ za;I-z*k`j_=ZD{hw$>n2v`5_--|9Lq72zeUcq6?v`Xgkv4!HC9WOMUWAP0&rceHj; za+!k50*YbYIf|MUXNeayt|1zhDnf8Vzq5UYaqlIWX90L`yE(ly^h^EIpdAG?aXBYr zR$n)}V#!>Wh+A zx{hYlsbC&)r{LDY-QZrSotB-sjI7h&S%fKc)J?lu`F#|xOgqhUyVZ>*2s(Jy3=M&=InW2 zNx2kyS_33k;5@jsB+q9!&}$c1Fh*6?#&)J+<10ZPuZlUtzC&k^UKisbZ+va3`B9pI zW%4J2rY_RCu{F%mtc$w4V!`l2XTP~AXl8`T=`vy}HFmqE5}r`C`Y82t>)~wL{33oR z&mb#wc2Qu_cfqfC*mc9&=I_(`UkaAT=6Y2JuoBg*5L4#A2P7)0xVt6j!Gp?5?6weBN0;UboOYHWK^6ek zb&}M?Arl|=rflu$mBBiuLKGh{eAIPkkee5ko#r?{BmD3%b84Q?xyDO$>J9ElkAw50 z%J$JPpLxHiFz{>F#i+Z1CbL$K@RqHh%=A>U&8yDpr(Kskvp;5dGUvZY5I~JInkbZ^ z6OUF8r2YYUzpN1k_|R4LF}Gq7#1l7SKCe+%%};%pPCKbX+29dk=~z_A0;pytOv*tA zm`hojHh&!*8;0hZy#Ki);NJLJXO}iS=t6jKWNg)ofz}o8E3K#t)^w2}&7b4~H+S2Q z?x-)_h~+ebI?iKMf(< z+M2Cl+@W!4+#$FV+&yTJK+xb0!QI^*f|CS-yIa$^Ho;wjLvXi#Ip_JFd++#u@6kQ> zTB~-|s;XIYx`iOVC9ouUxgi(%gG}PcCWxq-Xrw<&Eem_<7S~v%td(9NI~Xcc;~2bz zq2ELar_qqFV!5Td-uiDEjiKWy5z)VFs8X}?Z3VO0U4%HFWccn>d&m3FN3JD>A$Hb6_yr2{=wxA5`GPG~}hqf~!U zXXg$I6=OlKqIKZ%MrSi#^uQcDs<(c&dXnwI+<-#ru8}EoLtv;2e*fJsTA@3+|0s-%BcTm zm0njrlV>jC{7+9X_daYce_Gmh#H zPDqEr`^ceMx$AY)_f$WeVi4e>Z=q_QkusdhLqEsNLfo(cX_Gf?-s9{)9V0Uq1vF)M zkLuCs(*wyXx;ZW@6Nu;*MNI+XWxCutrN5@FJ=V=EbV?C1G}w152h5Uo8%59ZiRVb$ zY>4CaOUjgk2Y%b|25lYPWYy6f-DoL3rCYn@`h39N9So+k4Ta?+OsZf;4|7E|WTQ?} z-VRwd*;%*ybP|8*;ICtdg`4NfZ2Q4l?&|R~o1TK!@KTD>nnd$vUUGV@N@)A^`xPxN zVh09M3Ebh3vat|E>ah@djnn$!W4Bx;`1w$7_EBAfA@ve1C$FEYj_TR(K4pmBOuSG# z{Hc}o0K(D;rCc`gxc=3%u-(xIDM=Pe*@^=FuM!Lfi% zkEgjfl7Td@vCPKgVh!Vdkxq6Zum5ggOL~W7C%FfUhd=zQn!C*+&o!rpb?nHZ`fS#A z$0&%Vj7Wr9WAX?Dmx2V0w=JMWuXyAqm~gVuUDvr-=K5a82~ zxl?sVPqF#F?^kf}=Baj>MQ9Mh0G1dt`e+3>2uu4V`Yz@hj!Uq2L&6!34IL0pJTOA@ zbJY{d*77m_#cX&h%!+5#xJRov^-(##d2*R+;lW8Px(b0%-v6{=ezLe{$mh z@c#kYyxqc|tCh@~`uzpzM;DeXZj}EjjZ}(x-xUd~sgIhhfOi<(1s?|Z|1o;J6$R@7gqvy}SuH-gV`tL=sg=2dH%?V#iuex*q^mpPtdy+@{&)M} z|3~Wm?d@|qF45>O|Jl3ZIj-L0#-lQflBT)Foo)z%t!k4D1GM2KNGUTnt!R}cQKT|K zN$Jb(XEayOL*ejC!yC4v^Sl)`7Vxl^y~fm)M4o-4UauL~m*2vr28+e~5*(;P8SpDI zb4*%1pDH&^oJx7G-<;naM7daXs4t)4U)%oIzAxmfd??-6FV&1A>bhy%G0yxWZAnQB z54`G2qLJSQ1QHPA<-p1`g>-}nSYE0_(PXu`F!gUdXv($s;s7QijRV}2{(2$EL1T&} zz^5y02$k(f3yW?<=RT$rrfm8TOMB592zcKX|)l@f31m#eWECoP9a<@WHk~<`54=L5D(5 zUUYp|6`DEx-%Gzz zh{dd5%u^4ryZknlFFAJ8c^#%8@yNc1M}Y^>D1zN?#&kFI0h6wuM+kIoVLEyJF{TL+ zlzoN1I%VY$13!y~ATN~kmkBMIq~)ov1~>)!68xO^z}kDH68d#?GQe`bb3E1K^MEV% za)7<;bZ6M@g;vw^ymz(Fv6Y&Myg=heU2!pJVoX_Sm>)N{AIj2xS>go6#L{8Jn&K!b zrPH~L4>_EW_PTd|JZVrfeU&Q;CXpzzvPB^rD1?O;la?CbVQ;G@f2haL%>^|0s%;$( z)@pMF8I?{sbpxyzS6*H`i;Ae`8R>u#I+M`*ry5fWj}uD=3MPh7oqgo5i9KQ9I)-Q) z&^KD&|6SuVOZc#_cp43~2P*!ilg#Pa2FOc()gOVg{8V$H9J$80PY;Vh%pyG1OLWgNNmcXw_Hw)Lx%$Ll)wl8|jXAy#tsuKOGTq{Z*jtqDN$2RKPt zBOMk@-}IqR&iJe98WY)g6YO5*8V}}}8^I^!{F=X}-T_Rq&3aWxgT0Jhun7WI&#Xug zo15@1p7VQ?l3!HhWP~NH^k5w0&ITbwRna{~trEWg;YL0xLHv+s|1|-L|Ff32^I~L@ zy!|=6j=%K3hX^LkFGP3%GhaeqH#pyOd3heAR;~}@lyH}f;A8_j5>=Jp-GlJG{jRW) zC@|Qj)MQ6TriE?&%x>o!oBm_*JxzF|uuQxD`2~cx) zy98Rn!O>;7d_|i_(r5A6H*KhaBc8!J6$_qQ`Qh^u@g|#4A$h`5c8aR-es5$MWwC4! z$eA-ib3wp-2^xi01owW=%92Ch8bJi7esiu9-Af}uFrPIdtCFJn{Uw6;Q{oN1rn#;O zHp2abmzKGc7nl^fy>_=`H)13WXg=(U4OCl_l29J{f9 zy%-Pd7as5uj->iBzx$g+K|_VXQ-dgWwsuF|CCqYr#Qq!8A?Olo+=-1N?xt@d|JMje zGHYGbzNRX8DRnHnqs7$b>~KT{U51YL>`YBED*4A+en^$?T!3k~v$G5A40>$A>z=RP z$>{D>$xOF*dF}v>rn!~Tkd<)&TI`=cU%)L?le>5YU&;3X1>hd&>v5fd_GY8r*XkDV zT5$K%SC(4QxqV*S-c3AF&wKoY`MnNXSI}3E%acDGAYYFEtjn?U#`mY~TXfxjFRB~i z&$*r-C%zpiPOs(MGchyXBCn0ysVMVcck_Ybbn8@O4phvE<79cA87ai5Mxx8;IW_Xa zQ3NvcyFdnL@S$Do`4%PY|MO{Ql8NWiTruibPOM>nX{FH`Ew7d~lB=9BM+hCs$k#>F z9%uvUkeD~Hh;U;+!^25Q!&B3VkoD2@Nxw-GP%*Lc(h>KS(D;*~2}JvgXS&y3J&U^(P$nI?@Q?uJG1+!M` zS3~O+XBVFD?|M!>@4q?qUGc|nB~-vaID1yv=RX=_PGzBZ=GEwokeiYDe8UU;dSq~_ zK6KZq91M;>4=qag`_Hx!k!)Q7sQdcyyoSu1Ls*sd)UeuTsGrp@(6XJ*Q;eI`_RKzIWOf(*BmGhB99-NM$MB~b-b^b`_ zqxzBDO@Dj=C4W5)*Ms%fUEATfEj|tk0Gj%c-I5%yrqCtKE zkpH3)wLO^y8dfC#+{I5lOZp&-#Kq)IH*Jf?`Bwj)eq*vFXmbPUVbUN<6VUrR6w6J2TWb%$sqJzI!DWM{%F)lS|-TN?M}V>*D!0hgWApYnzBe zUpXGxeI^)hBLrS8`YMU9^&!?b386s4_cfzKbQFQt}DIEUp5#RJ&4j2;-4M+5De##4-tfmK+$>KaaHQg0*) z#MK^y5^L^4@-bd6%TcS;FkCAeO;d%qR#27dh=kKogOm+G#@Uj7}JwF~RLWoMUYCEn( z^8vRBrft!h!;l0^NRKXkPsIHfaDN~ zGSIis%p!tX(+F&Mg-~DKRgrU%fsDWEYRTDaDJibK|FsOw!LXzpW@4?WVGqy3rhLT4 z8S>>D8W3DO$**9NNsGTrO7W@J%t1Gl`gxMQeiK*K7g)yns>o=uecFfPr_Wln^zJ-c zBX5q`hAcUjmQS`st9Dhcfuuj~7o8_LLft6J=pQQ=!k)scMU>hOyS_i8V?C_n40wxh zeduEqMNB*(Q=U*1_wRvbS#c?I1gI8#Hw&@#pbbT ztM+h;E8?2*Ku!$71)-`_FXo<5S# z(xTCiedM$L=Q!(F>paX7$VTCgznYx{Eo^`DIFL#9yqHxk;mHcJRJ&=6IcB+zm`90`oL>ql{Pk;OYB(rA zkToMH;m_%7T1%*aZ)|(#5ls)t^_yoDIWT!gQaQi|Ut8bY+}wnc_k)Bm6ajZK?;)OJ zk)pBA4Od*nfS`mfg35dV18ER$yGHVhcQbJ{PuZtfjbcW9Eo--+Pcd6DDv1|=if}NI z*yvm8QC-b)w=roGemwhRtf%(Qz$4v=*A7MdOG_T(V}9fy4L*8y)SF-+aaKb5m_rll zg~_0nmo3K+l)ON#?0mrvxSJ@&Y%}e32CCh0QA?)6e&qsQ2Z_pNTub0xX&H1%#DE*f zVvWXvA_^x+t=~1too;>#*5D5RaAquF*W4ax>KeO*;szW!ORUd{7ij_)n2l^;R+_u4 z_o4R!XNezPLpg!{K(qHR=mzjjR7G+^NKx&-*s|=#ke?5gY=d--Kkp$dN^np6t3A&% zHesuQ3y<1#yHQ50Bko#)=FIxOK^lDO1m@uwzH95LtS3QYWTd57E_vzPl_<=-xk}QC zg_so42^&)5k4DmcAId;c{NGg{7$8V=5Mqb9_z7%PL!xk1w4BAZuy2T1Trzf>RVcem za{7s8OqTMxONV(aA)e)O6>0%jFn%`^x?S2My}T(j$C7q&>(Cv%12$EdE+nh(v+)-c z$&pCMi%2RZJvwVhBsjJ_oYMmg7u3ai$XRV`mUY1jC;iqab@k^bPnzfK=?<_*p5J0I!A=lS|#MIaovE zPKUYV!OaP`4_|a158|8DtID#K4dZD8bHy*Z$LmO)9Hd z9I2aN8t7kKQ-US+GCupY%~N6=c4me^^|3Ls@9V%H@B+|9C^(~1K!?9kDpwgm{Hemd zud6AxV~$!v`kEVZ-Kp)n$2grJS44QvP^-gKP!gNxCp=+%aTPp#x@C8*ZK47sWZt-j{m7U~j8OCT>J zzoputIY1!O+OOGjN(+)KA!0*gygVv9O;4N*JC)EDKy$dIJj(V~-xA6@iytxc@)DMx z9|B0!54jCl#=FHH}u`E5-*^cVIEwm$Sn;v!%k6HpY{pyl=MU3llf`G z!@?h~r(#)ZEV#2rDA3p}VI1h2TL4$j#!1gc?#gnEYQVPgY=n38uYUvAqIS zr~erPZq0c@FU&j%9h>+Dke4J&`M#$&_nkw!wy%jLo{EP@zDJc#s$B{CPO1tqX`O6&A6EFS(1?|(7oN?Z@hv@#mU?fi{I${n(uH}Z+A=a zTR;^xVpWM3p@j$imCsVG)50io3)}sUdl*Uw2VKaaT~*T_c!FT9{RFXK@qn8X$2&}> zu^0l~dpNU(Q;hXU(i_B0PT)Y-<^1`qL6@iLxsI}Z83!FczyI@EVBghCo55d9Y`l}S zYeAn+U*CO0j*KX3XomUBPsixy=)*T26MZV+`e^L*H+;*trM?6%80tJ>-~bn$z(a@H zAFA_QTkt3=Y4b@VNCWU%_ulgqOL{8)NIez~*T26@O2T zBSQoOQ`P9wGWL-5>66HcWG(2i53RV~?c{NexGMPZuTl`V%^0DAEC);=lGd65x_5?) z0T(`9Ew~UiS*vt#{Ce_CqIg7I4nF6joaaqqUl*x%06(Jnr)Z_|@XMGZ;X9Ho$KqEq5fSh?aNebqo~85=Y*)erov!<{g^m+wr}O-0h%jfMU4ctl_XBTxyN@C zafl>VEQic==e)3?@m!x?Q76)xujja z_pN%M9IdN4ozptVIFe%Z_DF6!+x0Al3%hCpDQQ$?_J1WC!aMub={nP{-X&|vXF3ZH zsFB$)Y2Xb>s#IWK*YX!&4^J`&wf~G*fAxsE)1|9GPnr4s_1#e+^tS4nN%+96{f!N{ zRX}8QJqdu7C)VCdX!N|dvGoT$uwqz+O}WKb%~Fcbzt-VNq{Lkk?}K*`KX|Z;Mm$(; zn1{|D2t9iJbU!5?(8D{AT(yASi@fv;OliA}9Qmfaz|b4b4^IfK{W(cNye9Z?U=0Un z@!g$Jf`V}puK!DB2%f95D;})F93u_pXe@Vfo3#Dp4QR{spls}pOF@FMt^1<3splJk z4RYQ($~1G^CqLiI9Z?PXhKar9gfsF(pQgz#b>tLTmMygBo-3 zcL{8jR`Vn1runVfCubkF8c%g7xdHu zjP13AMABtSXjwGhhllkSAOH9?l9X$J$vXOuSlKn3&<59|yiu5eo~RO`#%9BgF+Ii#Eugmj*sr zZm*MDGmS{-!Zin#&7Ybc^l0GO^8}lJjgC9j_x>w!<}e)P0g8NNCkr_6qo!`Dzgy>Y zYgvdoWfCjpWn{;uQ%o3T3JGaM;Z)L7c4L^*4IsR~f7Dsa4he)#LG``?gPL>9N@d|j zwqteZfSP_m1aaM_KhozQkXbbC^z?}jyV&+6E0F$Wyx5Zu$z9Bs;_v^-TxI`LSbNK9 z-^x%iZ%<^OQ?$&LkT((pq`m5g+l;%&bzEXYdz~631hz z_x%)sPsZod>pL&mT3(&=c^Mk0zL5ry_4#@qH(0QCTe3~K^Ydjz=tGBkV3)}3PYEB3 zg~3t$w1p;e%2QC2dV{f%@Oc5{`__deFHvzsKY#zR4u;K&DRGKZo8bCBdlv+WNm?E*VJ6vm($CUk@{s%=UszFYjRKd_31Dt`5}`v*l#*&^WSs&2nz>mhce=NX zkNR7aJCCn!95NAunCy9dR%!sD99wD@_FI4LfjkV`vo`#oDU;vD&n z1%#9H;>4UBmyE$hAWDb=m_BV1%Nm|(+!=D|EbX=H@8vB-PMQNd_7n*(0NesSPCu@_ zWu8)hL7W}#t0|PQi(eW@tv2odU=0K31v}9H2ps!l=JyE{(%4#2EfPD3&137WBIpuj=eNMEeOAsLs zY!LYPO0XmQZR-dwW*wE>*iDY>MC8${tp+aX!(%vo-}xwsezLVf+X&8Px63@&-LDD1}F2ac7Y#m{7ck%-%u#}t8=nD$e*b2{l#3PAu( z=Fy)?cNY}6q9veB^eXUJtyo}7oiB{7@3_t1zbztvf}@b? zT~j`sLdyg&dftLY$dBdSW!!C=bb@UYgVt(ZuTo1$i1S7Kn?+Gr-2;U~v=HDXX;2E}SbPQ9JZ5>`v5 zvHz19rek89n2=tGb4T05DTd10U)$Cz7%bgExC!p8b;k$6vpVE`(A61qXd28;Y$U2r zS&7tOeA2gv~gq?7Nhp&+G2RsK0etbrjky z>>uF;*;)(toa@1-^P`K?o8PWX!!bme+qS-xeQ(NaANHxpoF)zn%*mrk?FJWo7u9CC@4hEOa{yeY^4n3A~mt?JvDyXp6$@Ju}k?TEe9O(krS{ z{i!qPwJ-6p&6=P;Lf7sEFi+;LsEb_T*quSVwZ~h?OB9tDyi|;k{OL#D#6r>0U~lS` z!?2p-U+-4ro~N0>fSVl*LJALQGiN>Un(Y12%)Y;2ym|@&<4VXDXxlQ-m)uQ_m1DyJ zu8ZD$zacP^V~Q|>f&yI85Q$xEZ9X6+klret+?dd+>2-ZMkoWT)6Z5bK@J5}h6YAB5 z*N8N9J^l574K+M!`!q41Ov;@^CxA@QFISe$bL)zu$4?M~r9JTJ`3Y|CcI$m3&2-YO zr4Kc0&s8jk5$I~FJE+Fk?|P&(v50@*Cl^zY{u_aayq5U|qy=yd&R0k7MCB{FE>s@A z=lH2{Wu6Ocr(xMVx90(YB#yPby+n|iHBeU)^CcC-J~<_ZZ2#V#JjB#%*MKQ=lv$_B zwFl%7hknx%ZixvE=7=Rn;x`JsvBzxpl{1Fk3KKI&J5er$|EhK?#5wf5pexBAk+i98 zYr?g$3d)a4uoU^TztAna7TxZ(evcZWX`VO#zV(94$f%O7rW*WPCUJ}oJQ4n9U?n_A zONWVxgT?wNd}b{&Aa0tT*?)U)ml^-DVfeSvBJo-A#3=1ASGa(?mmz>pyXnKU)w%tJ z$6%9(;97vm+u-ukk2thV?XzpFRaUfJL{7z;J2mF8bnw;9lV=eVE$)2-bRE+L*;K)G z>HNi)le6h!x0Er7+(i4#`!ej)^pS(JuLrtMHIZAqL$8Ufo5~-5!Mu(il1=Kty)h+Y zmZ2oFjP&FKj@l1eLTuZ%Q2MlMenH%CygDaT8 zBdG>cCr?^22*To;lL|S=+=}c=H>ba|9uX1B+EuAmUiPMvQ=3Rmq)7+tfo<I2@V=n@}2vhGldr^oD$cD={^{@^W$o>c`AjMCY>vIXXL= zQZ85jy1U6?I>uWoUK}3&ZtgF^eANBhZ*E&zn;E)}0oJFvKRP~n9 zBvoRlpZ_{zMywA!-}Q{v{a}5pdgkx-u;y8^dja9CZFAlSn$X?dX*Q;?Q1CbF;`$Ls zCFQme8NU!F>_s9m+-P4~TUz7}WGf24FwlrB@W+M$#%lZ^&PwEog{O2}GT z2|tR<9r+eIpiiyzE<|VLkepaPs zT*^Re|8j?EHK4YUQwYIMt*29uJYxNcrRQO7$XRq1?N^m&qUW9IwuhEiA^duem{R)w zT^_PkQ*OS4L_ko@h+j3D zu3zM~Dhb)~@J#W1aHBYPG=S>d#90LR)V@qCfkHa5!2LgGn{F458;eMOcPokIG$)0= zPg2~#6rN6m+sPI!dyH}K7OcG|s=v#*`VpzaPD@o3KFrvU$L}@rEF+@h?Rr__ zlwTv&$l|v9j5^Es!1;x4mQP2b_V3#9YFQ|~Afa4~>g`X4!aCj$enlH(I-S0?2(oS3 zcHdI5-|?J(;8+n9iJaRCa54N;GZ*#reZj*+3yzoyFCZ{wwT)gYJh~dWz{I} zZ{+Pt3Fq8~K-*WOmNA;_Nt7~z57335!y=x3c)YzI;;0g6D2RhSBZBf0CMzuz&+rTp zg`Z+I&_d6TrLDe&Zc=8|`um}fB=cV&Vl}43fcOOSk65GiG%-UcC0TFUUH~kNLxIOlJfm)zd7izM82(vd$SfKj?#bG z>ePtsz8||6U%=!QQ+Y?eCyh6r>7Hgm%$Mn@~6)?pvW8+Y$N z)c{ZN-`o3~!Rd2j>f14#80HelDwxDFZ}?uoB`h##zI-Swjr`n2upJv39PLme))RJ= zJDUvFbrzWpsItLN_$k!LfIKepV7BW)@bQ+-@irrL5ZCAY!O5hVo~SnK=Yf>q`_;Hh z9vGz6ocF;a)d)XjdizFP{Oz$DRZcnudxENVmoCShA%}G86*oF%#(&F6jSLQc!Pq-q znA++8;ru5b5O*UDMd?yq5o-h3!KWAV{%mTTIsxf>MiWC`&&~b61D)CLJ!0%NRJe%^ zrwxeI3fU1!bM^C#bb6{iOCghRHK6rFIY$|x6A`FaV;2H$N(wdmyVV892o_QZd5q$T zjAv%TV|gkpW14MDWviv9Y7w1boYL5=h9W)M_;7J;6mQq2zt@~UXF>%j&LvzvM%nWU z(u|t!n-JjIvzD2|OnOoxJP!2^UMMY5!xY+!WH_20QaN z?fz0-e<*SDVcpu*jFpaIa7D$^dLVm43cXPK&>YcRv0m$$PQy0{V+R80G{3+U( zI~INp6**a2?Y=r>33;{issm7?6));EHeH!|d4)C#ty}q;U!G0iSOrbN)2Dwk!W_`& z?~ne>@F~bnRZdH*E?hsD0U!cKBx4SF!k^j^aYhCheOa(iXk(vN8-4C{ZEC{q(-iBG z*$Tu$tL;ER7I%JzPOS{YSv=l<+>n)uQwZ6Oz@I&}rOdedhh!e#v!1JtmEylI#=x3v znRy{@eTS?@_(Ubv_HbjBSj5gj&&7;NBmG$r8lKZ#_oqsF(I`9aoF}ODe!0buf5shC zU10iPZs{{BD~af^dWA-=WH@H%`BFuRAQU@G@DYVyE~oBN(LSwb1_KyBPeP2EM@w3x zYT5hCdLYI^c^xpUN*9|mn^N;-wQ)FI^bD=vr)f_ zV!iDpuFsZFQJ*u5{33f{Yq}z_V{{vKpILy?vG*!*^0CG$q_vy&u=ethu)Z^AeM&3< zA=}h4&q?G&+((nd3BFPw^gU8@zQ53d7UCjJT~PqGhKpUG1+n9`D(GY__~B0}#PHSg z`|xwwqfVzdM#--ZBzdBQU!qrcUP?5yT$m%FL&gD~^({z4!Ytt0EoDo&G5K*U5g3{tUxRS4DsNTKjYr{m-WXP~7ANv9jWBt9W!6YgRy?Q1k1-CNck>e8U$%iHaHe47a|e2BN30(n;7m zQIl1X4|6xWH`?6un5L?aVTqH08)5n_qo9FUuy$6qc{qYDq!wswjL%%V~UxV0?LA>uICOS)oK8}&BC zu9bw6A2_h4VZ4oyKAu0L3l=#3ln*<{i}noZM&MAM-#q!%CB68`Xi-!!bm}u(dNXQ}>8b+vdtYMFARIpC6b}Zq1_vnEoP&l~>zbaq4-WOBtkI+STq!fkbM? zr^FP;I*}4>9~^2eIn~ zN>rgx{B>x|EDZrsg$li-b1FU7#sLMrp0~ZcajOR&9uN#ecS~koz=neBIZBr;U}Q~) z01_RJY?d<>aB8U<;aO8i;v94mtZhBwZVkt6;%LDzU=vn(EGis{T-#X-^YQ_4TXV($ zbJ`rCgXMN|=bhj4fIxxRdT7q7bweP{s=;?11P(QwLMrB2Mj^n@4BZ8t3{!U-Iv!qZ z41Gf>3!+@nzyQIo05e+uH~vBhIN||5Y+^C|;ZG#)RfowLj*wM7@9dt{Y^WUCQGr3| zZKJ}Ql(W7DnoCq|acm2cC3wJU1GEHMzF=ooL${b@$};*q8GC_P!fHT3o|T9C#ZJC9 z(9O%c6)t>Q@;VH?i@m(?jZ36UP@gP(N1=k233IPGQMWd#!tUx%3pfv{R{pz+Lmuei zb{z~NJa-uuDuHW~ZkWn9>h&|m)1!0nc_3dD7x}E06Zx7UlDCdDAw8x>;Q+pzo=I(U zJm;CFeYOt0N+cKk6lBJm70SJJUb4ToYZLSteDn=X%U}puUf4OHF^yy!88kxA^F(w$ z(Xx?WBNh~9!gEhQmn$BKT4CU;cB}KoGj8r>MhvtyU_8B*8tQtuAZ^3W`_$v@g`ga( zeAh85$@RXd+1K8}8;9Rx{^%sIS){l!tAAcAn+)XTZnme-g7u}ZkZ-PT2eRV}{{cw-OV;ZD~v6DfEQ2kLA= zQH}TxHT-X_yIX5xD+-w0qKwST6&Hu0WCvv;v~BLt+!*toz@sW*1Eym7w^%2Ff$+C& zJ@phqppQQa1!Wx4ah1AoKl6mB@z*!9|2k3Ef&_o(GD=whQv(&`G#^tLO zX1mf%+`M`#UpK;AO=|C|G!mkjYf>K$g7mF#jbMGwb;OrPl=yf$F%bE;@PKc?Kb3Pj z#R)>Zxi(?KZ+F9B4Ky}x)kZs*#}wk(@lZXVvJfb>@}wwWm2zy=D!Gb0ZTnGO$%Oqv zeQ7@eM0i1eQkzULDXY?BB-!%WKez?4vvQ2Pr!fT2;{+QLL!`?AK93TRM_wgO1u1G3 z)+#m*4$$6jJ^d(vH8FbEJbK{sU8YU9oJ28}jfDexgc6dm zuK!>EK);~p8vg;FnlNtuafO;NXL}8w00dH?Z-J;SAG@2<%gg6UdA4ghFSH^j64)GC zyc6h73kgjcLLLQxBu?)adqTjp)U3ma9y;)A8fu<+r16B2#xmvz231yppT?%Ig(0x*L4me@Y6I+z64BXbBIf)%eE7 z9|;IEDUyckjgp21^hAx{l%QKrqCu1x)ET`wR2Y`bJYo4GYrsf)1RuZP@u#xT@S@Zn z|K^a^tJ1UXaH0x}L^ywi_vNcHt$eP1GHpRxp$0jC&1HlGtWB$_^mSTa^pmaZK357OyPj8{c z#Gt^7Q&yTk=J|h9g8`D=FXG=++=0=|XX0#t#qv>NVdK4qezJCRo zViS;{QU?c6E(VxIP2i9bV!cU|gQ$zJH}@MCqpW4I<6Z%nBZrMEFI21|QYW;qVmhPd z(}DUbZY9y?*XStGXtIGMmYycqc^5_Ed&XY|m(uk_Ekn&=dU|Vz&rNEHZ#uor$U4Fa zqwxrK&=F6I`0f4WWe{`UBFU&*AQ`#@x5BoZbL31y9*(^pDcRo&eq)rxr~xs|dap}S zRl|Fulm0p?R(#GXy2If7LVOY|Q$fN-g5C^GdsPVmY(g>^rmXI_Fk!-t7#;}^q}vqi zFJPwWfD5U8qLPAxm+>^`eu%g{Z<>xrJM|^F=PpMdMLx&gxNa2oKhfba`IyT37MzJl z2oTvLWxrF+UV_0?y_9U?2r>fnqy&^uDirkF(hkA85E}qvW5w6E&K`t#`kO{1Aqfd^ z2T&~aDp@ouL|f7){Y+4TamHKR(x=3hBp~JPQX4=}0g#cAg$2fy@$h}7Fl!gbYs`oa zR1h?QH$gJlWh)TK5V#^>)C~wOD&D<9l#CbGvnemmipea}K{XgHTZC!A{kyt*jJ+nz zPv!tGRJ#cOY#0=P1Bvm2lY$w7qm0CaOb&>M1jC9|OGx0wU;tpvLEG07BB(=*RC>I` z%SN4!)xFqvqX29cW3ClAslFgNbXQnaAe#;{LS#g0FH9W~^5auks$Slfh6eV59Ue;o z2a|)>ELzQ>+8xDRK$bbVAQ;^vQEk&FqQ+}E!k+u>chc6iJx}*P2>ZrLy7ixO>qb1(jt*!tP?0be+bT6Z&<*XQp%S4}x7Rws`KR6yj?@;E)6%}sDqT6m zqW$ts(|jFIi*#4*XwTE|mp7+Vt6LZz_27=x?9s$G;##wYN4}`>;w|y~W zyY{FKRvp9NG$?8^ZDV8L4aA?ijJcndy8P!MSk^ zCom2-5Fa3sOH>!Dfq!~rDem^3;W7Jr`fn`6y5}7LyY`VB8fow8GxLpJh z#?R8kkfhE}25BuDghzdtK!%sYr=6kfZ2E1@TfN-aUq*@LStsaPKK7&gA~YDSTdT5k z@}sd4qY(?52G?tZQ1_x1_R$G;vEZXFMiDf~%DfwLeL2Cpfo{YC)XFO{KUZT7+f8k_ zXvVEQxIS8c1aGm2y_3JWnk9iB(2RP#*g9iFalo&;^v010));{Eu}$Q{h`}6nOdvnC z2M^v(dc6TWSK_Wu@&RmRzS^y^J=_T$%d;`-<9lFG1+5N_lLC#`h~Mr@_6YMmnz}9? z1e@ziPFm&^3kX^~c*y=OhxP+>t5Dzjot&(e3&JskCkdcy#aNHfdoo+9U8uXWQ6b;* z4o;L7mrjZZn`z_+?%Z0W(eL)17tSW>*B46+g5y+u^s}yqVSHZL$SVwAb%r<*;vhXr z@&rUT!9v=1k~gz9*nYsBQ8RjK01jqo0-{L&iMoyF2TryR(tpFmMF6Si#<1VHW#>34 znkk$<6Q`F)hfE(xR??UAK_zg0<>)==J#8n2O%Ig!`}`S+#UUWn9s2cn7Ey-kfK?YP zTZntA`G&+`C~~AJCz}Ix|$dKtW@kcch)>YFqhBhRnC}eTJ2fjEJ`K zEFamxUGA#{>d@x~(Ef)p&mY+MTh+hk9?HjxCohI9CBMY{@*??|&lFmNYh=?cHt+~H zr8;Wd^GTVwSN{7&pgG&G@N*xHx%Ie6B0rYPbJk5{T`@jXv7d`Zepx~f-#mgAbjy#} z!G;DHm#oZz?mrmLBCHFM;&U}!;2&4e@w+f)N9R778sX>DyeYF1J^W-i<1-XfsroJa z<3;a$>3oE_?5^%nVr_GEX&wLjR%LG)oj`6OL{<J@=9XjwonPoxOMl}>Sg|U5NESY6E01>j z$IVkCSySD1;GLi?HNF|Bw(maONa(64JucvL%^bXHT>k^McE&pF$4E+K8Re~A&1qf& zOjqcWW%EB%15D!#(L=`bD=!Tp#ym+F`9o9L1BoT&8#$MQ0Ay%ZXd&rM*a5?@r;-4T z=g3X*Z7|xpa4cY1CMRxsF5l?$jQW$BQL6&IXeN)B$}6C&z7?kYePtv|Ia2{?jOm$1AULP80;&oG0LGn$Z8#fK&m z4Ing8DBeUid;ncQjJB8}xcc%9!<(>m%J~2Iddr};zV8ng4Nh=(cXxL$))sd!Qrz9$ zi@TJd#oZl>7k76J?p(gV|J<4T>b}inGILJ$UO7AK^E@k&vh^V)&w2VwvrE)i_rZfo z<%MA)MZ5bW>cjYSgE*z*B`U44xwY%D0BTti%Q=|eOOV0EET`wV>>Q-> z7m+T}wS27RkCwtms5nYv$HvZAF4j2xYbdn-yR|L+TD4*jbg0kwUI-SZ=fEyh4rqRi zZdNx#)R6%<35@6?@#YF+iV)<*(+;33=V1Sj-nm5XGNqUk{fGpom5eMM4p#fA8cMhe zEXO8^4>yE}R>4nej>s@u9X0b= zO{f%bA;bDZTvA26FrnB7bMXyo7@2#m=zl!eC-WxNbo?a|{r{l1p=!F)Xy@=x z-~@Vp^uNdMPmnQWgy$oOkoidbNJz0MeUO(N!--+l-nI8}?Y{p);OhHr(=-fT`qGMC zM!?R10~=oP^rH`6o}sRmUO?10|Bn!%rS~J=kGJN$o|C?BU*$36WT+ckNG#HLa6sPV zy(Q^ECIx>Qv45h(+9}6NSY$JH{vq_c8UA?MpEXSpZ5TFGX?*7Z~}!TlZb!3xp_^P&4LZgpb~~b*bds!yLk&w(D>K zW>z%t0gAX@L5=pg{j>2qDvhV8wA<9o1o24#@8G*f$Le8wzi?~2t!s^U1jsB?D+I-p z2lx=UuVDTk&H1Xn%c_z%uPj+hr^6h4T6FjkzbP90w=Zn{kTsu@w#(m`G;H;69pOb^ z{j52B16_YRtC4##qW}luD-q7%0d%Y+qsqe&IVClZ&=P{oX2QSIMRH31pGFT*O&8zj zdOfe6{NGu%I%lVO>Y#DQnuA{ZjV`X9dd7Vpri_3?;Ki>n zNW_8)l-C0LBm?M-W>B1^S5NuOzcju|jiO?>p$3^~>_=IPopxMJFRr$1a0%$ZcSpCt zElP6;{J%>#w2By42@yDw-3=dlE!fV@y$-&7Uq&0GnCtfEn*(nk-JLTQbb;MUFW9(GH zNe&{EXt-h5Ldn`$-!=_$fmc+AQjXC(4ZZ>hsRc-;pdUvoDk>9(K>^nGlIP9vP=}O@v6S6YX&fi7yab**?u9h^P@EGT6gVQ>N^5JD;KS|GU?Z zV_(e%qh8bLc6jt6Im{{3t8Q=h;VTA9Mr0E1>g0I>6F=5CX$nZ;KW%Hl;{TlLR=VkF zv@2krJ5`c1{B&0+W~ohLtdd*+#J!)>oIVk|TXh$i5t}EwfhedBu^o>63K@lZ@xs*q9iTC!uT79@WbCnH*2Pay5HdRP{3XPReSr_ zwOwntd$*{{uA(^FAizyvF0N+q`;I*Go2)Mf!Q014gr?Vbm`+LRPU4d+JWb{a;h7Y* z_1W@J!@!>z&rU#eAB^`t&J~c$uXw_g4zs#auc7CE zXyg8nVJ<}l(6`9f@Ei%P5L5N?YY!4wQ2w~1IU(q9TJw>j8+Tl$$Ptyz++AUGxeOFt^Zm`|2v0+?w8zsNjZrj>IS zGJttxUcd(w_Ga zGvY0OLiZ%vA&4Vim7YZ7)?N4k8T{J2bqZ)pEF7#dMD^D6Q2#pLI0-#T@> z<>-skMm?rGzQ^jM|IEr{y-r*Ss0Yme;VWrQj}+RlGutrqOKm7C70Z^H@=^ zpJ8L~JdzO3A<7ekYOTd9&K(IJr23i8Lxy?4T>$C?i^Le3^QaY`%O^fzEUh*Ec7`+n zOk}!8%-KaVP_oe@vSBb}(ENTz*m$&&WXBgT%r}hTHO_h!kl->;j{M+x-XuuRjcRH8 zCl$;!N>BpHY;OL8!)VZSyL_@5|M?hWs`(Hf8P~hn0_pLGva3!0X|iIDe)bB z56s)i#~QTwKy z8O#9BuX}llMzi`qp8QR(_HRB5>|^gEg8E)_uovWeP#d$mrBn`bz6z!%!yUDc)XDlI zFz%mRp?gtf$}=xG%82Ma$X_(*XSwQ&8bgkSr2Cf$R+W}$X~&M`tj8AXbS9oF=chp8 z{j1AY&*lLHS^ibQm?-zMm+xgnx*oBRk0{U^87@*iMKBR9cY+n?W@~L;-PG0G`&4+>g4X zsIJK6oS_1@l8$%!>>LwkCwW*6|I7w;rg>lvWd)fBBl8!>d zDZ5|a#L~@*gb9AeP4xF}98{INuo0LWP^tk^WD9U!Xdb75A?ZoY6ox%EMNEPATKDII zRcIGdEI$FRP%tT=Nuand&SeYT@h*Qsi-VX$E_I!fyDM8%OHUwfq3(d+Uz_t>cx}eZ z>qOV<-qP&(sVTTCI0cvu%dgY6gWz6^-QzziqtWV~Z&GeC+aohaQUsENF1h>LgI=n? zr6%agc2kDIVyO*iNqVha!bqbm6_5XrtZnN?25hn5kZvDLyolta5>IUBes6#24JKt| zk||O~4G5dm0f0r<^o1bk|dqC2&S@jrY8 zAK5~lL9}zdqG%^_Sl{TU#O_kOVZhhtGhnzXNWx3QfRh9IkZughE64f3%h2b^a0%jm z%oC#r!osx**obYRt4s^KT7Ic95Wu~WhU;S0^=0~1>Z{|H+(iSlp_mERQ{Ua6)zDhM zeBM_sP~FC3=#WYZ#n)u-m%%JC%Mcs|DHVkrYA0i=UKh8&?Hp`lbqLeq__qW#%S1cB za)8A)Y+k`6<2T$zdh1`uepksNtF=fRLN+d?5O)nDy7X&@etA}IupI=ex!e+oz zQ`U`61~= zM{uEElBHYp9u^1%HW*N`$uP6w@HIIj^f!+By$22q(PLHI{JPG9tKl0O5gOY8eXo+&?GdL5qtQr41LkXe}$x6)eMT2EUI zy2s9lE-)6+>#TTT3oHwl3lOGWwbyF=nE>;)Rp=9l1|gsQs|DHhRM33nC-jjt^0a|k ztc~ckbbFx9r+pp>pJpE*+Uv!cVYlV7B<-d+fB5^q_hE4GsgAW{)EU5yVmG_v$_DUo zcMFiDFZsB2LCLek$|b7VH@bqEp-viAZhv;b6&dbQRl2*AT{iQqyH_fveEWzZ0%k_o}tSmLt0rTQMZntEf3B^VXR!-A>L5ph&`{W(O zR7?|MjhbJ!(*Zv3b;YJmM)X7m7b$~q0gPllQk&{&E2Nci?$}T(&5vNs70E{fdFH(G z0Kf<E>m@pSH@huw!uNQLnaoGri?R#E>3!{~dp|){c;d0AAPCp#4jTJ5 z`t~oCJe6*>fPtV0b9M!th`;tLx>+G?hLl(J^ef7ANbQ0JAbaq+ZEdOUf>qNhQ$Q&8 zd6lQtj}vA5{Ch2H9fy;ty}hRGv3WK4COjz?a_fs&L*3VJ^w+@9C0QvrNe`zO9Lrmz ziSUJ?ypGX=*u^{vNiSfj$UF>edmAnbe7fxL)Ulbi)LL%P}t~aq}jUa z__{se;~#h#)n9wI)A*X2fN++UjHb5Ao^E{ZAAm<4ZgGTVwpJ$} zmkwB8SJ))f^|}qBwEC7-BwTOZ^^{1obO*cBW&5p<=Vp6jfA`LIcAx{_R$5+fXa31f zv_o|WFL@m5$-XssxSHuRq<7=p@`ClO;FIAG>+{kcukPE3mZ>Au?gv9FOE|5DW*^5K zTD9I;bR%2S-RRrFivV_WHaCwK-TQ2n7B3FB zeAih)s900`v1imp8pN#Nq$X%fL_%VCA*tf1Af_Z@EBb-+KJ5Q`Z}r&=K6SdSLq{a= zT5tz$dwA2Z3ZSJcE0>=K-^|W-rqH*fqNN+G0yp2m{(bIw!mB#j0ohg{j8s(2QxGju zFxpYY^j9-vz{l0uXsj@wkf?#*G-Ov&?e#qo(Z!$si~Z$)MwonGyr`^yF|mP4niU;lRNiYhoYx3c@8u(*C&|buo!=v%-+x!{M~UjH-C}ztrb}hw;j& z_i@`-w^oj&=ssrWg3bfAgtmd`yx}0@2P=PPFNnef_O4`BhPqxH6v~@1*D__JgNPT! z3RV1FB=*)Xr*Pp8E}jn6Jf!1Z(A@~qU!C1OyB-ACO27yc!873xCPV`8Oje!#Ae?_u zZCiV)8ZSQYkg|zX5>pCh` z+wp@6kq(-GTUR?Cf4UKDJFp|e8oEBPP;mehuS!>w$AR)3Fu#BGT-@G;6xKoqg)yQ1E+ov;)htfKB(PM*gl?Nx}L_Gf=Pf!V>c7%3%%Vxo>Zj zOCtRIT10_z;X_1tun#4?55P|v$}NTJN$hlqCWebzyXe~3*}ja89pU1S=u7vh31OCgA;|#=*9iSAsH!_>Y^d=LPb!s#wdAm%t%2 z`{TTToZ!yi%iakjfxnpHy<~79k@!U22n&5s;+AaK8b5c>JTxTg-CUn&xslfm8tP=c zR4fSz7b`b?R-Y&Pk2iNiq44wHWkJPas%Kri zBuvmeb1R=A_piuk+4{{jO~{I?mhtyEWUP~#*~}FaLE(JsQA$;MOB=xxRp%R-W;KA~ zp0#Tqw**ud@nz1No!VX}E2;O?#ujCLd+OIo~&vH#1~(GE;W+n8Mv&Yz2FnP5~C#7x}9RAbKFN^j=q>J z%v_GP2B56$YCrRDBetVLPHUqdmiErhNIz4DpQJ&(*H4EZpS)3cawkg5s!lPl4q0c1 zxuYGf@>G)!M`7<4{3&r>XiDte&8+j0-G~x>J7nJ5MYr$AyyB8}2Fn*99Jm50X8HL5 zXk5zveeGKbO8~E*IXGTEaXn)PE~wi$>Gn@L17G`^f(sk`A7Xy}qp;GJ70pdwnBOy# zNrC2C$1F%=r(xAy-jJ=^_kS-?mWaxcm8(Ag$$D%b`bAfIq@CNnirD$pW>$Z(C;u_V zR$pJ8HD3&gS_De|(KTmaz@N&=1Td*aM}1lcv}l-9xe4F^fvm z$#d+*N>m*m&>cT&;)-^1F{rLPcy4Y_-D#pfeS(JO1JmY2r$_vviSdiVhC8mHO7rTD zHXao?xn-c6X@(p;AD#A)RY&&ZCF=8R(p>Y0G&lRtc;$KT=*h~$JIn2z>*YC%cy>RU z{y!i{&=l|%fHZo|ZZnnzS1EBrCy+meuAS>yvGb>-2~48kv| zqUGWlxQZQD6c%ahb~6I+;|U+UT zH6$_{mhIg-Kx#=pu3T$`i>6Q`PKQy5M&ymgSDI?FYY3j0{kC z+&`t|977sKG6hx5%1-5qgw0GsNmoE`?p+u4yUL+B8>$xPCK#5KSksaPF^Blkq!-a@I3y=jC)ci_GRAHzg&L0_XmA(-)Tmg-ir^nak2HE{GL5l>u zkgyYvvQ5|;+MB#R$LQGuRKZX;ALJ1$Nx0bd4MnpWchErgjRD?oHbnwEN=M>Gq0`$_ zDh#H#8NY=XfWpJd`VVz?(MZp#Kd~cjK+oH{tRyx&nx=?L#~KP?nZxrP!S~Q9TEw$mt5W=X8h)2SBj&nmLu2G$Cqh#M za9g0k5{BloPc~#y%FA`3dV!E(xm*v3-KJPZM--F=sp5%mTFP26(aYw&;!l_>3E>sYX@KJ_{{*Au1M~C$~=-cTneM{M)+D+BB?G={wpJ8jp8R<4H~# zy=Yq9Wn1x;UE^n~Z){?Bgg$yO@9# z&UTR*HDoJX<#t%8o0X~fG_sHt9pv#my#-n;^2$e4qADdkeCUROkyr1lbyEL!4t8iD z?t_f|f|!iK;@}JspDW%3vP`lU)>*D_*h}mpo}}p>Dcq?`KGNUKW&RK=P+~@*@%C#6 zKMj0Ml6CmKQAzvG|MYJ_C><)8uW@V;;^GE82xQ5~SQb>AUMw#Y4744=Mf@ol zxs8?r&{Nbqo;u)?e7exC&uJY5S)V(xmL-~D@mvbQBBRKekb>qyC z@ow@2T0#h){BChgze7iVZB~G&)@Pru@$bMeH`^*FTFN*HyUr?NTV51m<3MT_@LqK1 z$^Ymb;x!b7or&_0WT;W}YI&}$OZiyC_&ar(75a1!mGAjd(tA);bPa*emhb$GN76tu zkIK>~MJpqjT6%W}ymDRIQgAO16YnQG_L>6!WxLXlLQkKrX%~bw#z3;i3p}5hJgakj zJSR1n5^e#`GTJzF7tIZqLMOi{n~lqW67yddcK)sV7%8>ZcR)5HB0et~^y5zP%3Q|x zT|Y}m>Oe%4yNwII8GhWc7sLIdpwyE$2f>}9Sq~aobqTD*3(?mdG0ku)0Ip)ELK8=0 zhv95gbBOVCd11QWnx}AvWQ@Fi*cG+|vc2fbYtV6U-B_AHHqLyDiCu3t*P;%4C(NI?OBpH*w#4@0+97%3 zJkUUHX&x(=gjo*n4oAXlnb^pSFkS*;bm4lNnpUpX*IR5M?Q=+5Q~o~$ZoD#YGdS#; zW=*flIJ`9O!@8V-8u(xH&39%lyM#i)FF>3H%>qtV4E1s^slKT1KOVqvY1RF{4xX46 zeuC{gqzen8upsXjU|U5`sVSP_MswFIn#>Sr6_N52eRvu$@9hMqLm9dWL^}YD) zym#mB=}%@gw7->5l6V;$6oMIJs&L0gz2v1fTMv^xtWeF(t9NifZdNGtH96W-l8!W<3%t+IPd{D<81f0K`i1RQs(>59Ji(Be=0jP#U z@@d1fY{Czb9`gA_Mfu5*Z@oUL63D|T(%#rpX?jOvqr%IStFD`>Myl&_-feB-i{?2- z-q#63-K&Zbo$lpbl`UiEO8zeNu9tOM*loXQ!FEC6CFIZPC}^ZsNTp}tpS1G2WONN1 zM~Bxl{Ig(Y+CyA^g+R6CXJhK{`J4bC&R;dv{SH&oPS`ubC0D$4>(X3D2Iute>no9l z17OJPKuf;hayLzP`WI##CM8-1yCqD{f|HE}ps6HCv3z&y)`PrPB`_77xc{yv#$fb| zi)?up=N`wXVeFeb2!jO(qKrlM`O2^jzJcQ{r;>}9TbAH3df79!j76>E&?;rEmC{>% zvBDhEIfs4X_^dxWt!j&KG+Q%2f5a7j316L;$to0E@0shB5WxBl z$Q51>`5Q9QwI9y5fCe$1*z~f8VQu<$R|j=5G@5~&e>b}1bq}v&0@dIJeMGcMw7~^Sa{R9WoVjB5R?Yy*gs=r89!tLjxBJdtd1O9C!FQ zp+2GCAAt3>F1lHq6sYv+uGiH)(~$|_m8yMTU)k468RCEs(3(EG`@75$&2{Pb^eyS_ z*jRojsLH@o1!raXiJh8EyKL<#CDrwAXTI+!N}rij{hrRkrH-%{hZ=#@ z#0>EyQwJK@r%ogXj!nZ=E)+}94Z=G|dJtwai7yOr#fAg32*M`VpKvgT*p&WAP0}wR zI}=5_4BuT-#rQ!yd07D z$J1i`=jr#pLo3=I{?{7b%fZ-GeudEdP@Y`~m7V(^IK+xomE2qjZKbp6XZ+TSVZ988 z>sy$=lso2;~M^~ zv3NMu644%u^XLvts;>xtJQ_j%b>e^~Mx;tx7ZBD83(6kPZh)y#KvvI^A+?VQkeBG+ z;(vnE0jxs-6TxK}$Hi@y&$~C+@LV=xmXSJdM}!`of+SQw#F`#yN-V{_tXFz=(6h%k z&@;r9md_7W;tFc{SOu04AQ7l#LE-s4#kXeB>p+3j`x0+KW5*x$?nXEUBH9SGKepd0 zMq2g1;xYyYyhA0pTc@M1$Sm-bypW-+`}y#Zna3*01&=q(JqLPv_||Pvveyh^<%s$N zgzwA~h={k~%K|J7JG-<~A=eeBLsxA^U&J?@;0|K;ebR8L@ zD+vU7-ZrP`m1#0R?1jXhXhy_5GXkp|k>rGBl+m|*^`4*=Kw(gH z`d1&7&n5^eZX?-&CQ8I_WUFNpb!;Z4$i^A9f+?ad-JfJ0iN1l>{ueRHQc?HA!~)7f z_Oe)drB{^aVWS^DJ;TB-Wq^URKGcY`RRLtoYdJbRwX_F~f<+a%m+*V9z7UyW^kjt3 z94Tg@XFA5hO%LgKdz=hCW2|~{e2U$Q*%SaBIXNeizR?+>PwJ?qmcfvzbBI^e(55Qz}44VW+Y>eo@HP*0I|DdDd+Z@issd`eTGtx6XVwXZ$(}1R&xOKS0>AF^o~Fd`2mxZE1GCAUsF9g)7Z)JLfoFR z1&dms89Ay>{RU}_jFYnZ&mSTvqNqoKU$jySHmLG#uI|V~7eH5T4RLiTh&a3aICpBZ z;B1E~f}f4w1st8 zcVO16Y#An%LegWP=qA5ROt8Z48FIU(Y}qHyj;$J-Sp0NzfvDRJ9$06!4*e5i%QbwM zBI#)%luoV9E^p*Gu#T4z@U&ces?DCiNSJiP_-WwK5aJbM-su+?Ok~o&IkoS7T~l&) z7+LMI8HPk3ltYuXepL$8uqplFl{bK)}X@3($@B4 z2AFA&mX!v-YWd4whpwzr&el7#t;`ak5g@qg`>GOInmR$uZ4xkjafV#@p(l=_G*yMn zlM)>IXEyQ>u7a3yKP!&S>V!D#xNN!LT_fVkSpk4x;#@&vQDW@m)WXG$Wg7?<2GSV0 zU2mTss5{^lZ!PJyyf|Q#fQEIg>%8GPbWH^ibVl9I>S%419)?LPs9TGP&ikEPcM-n zQT>5{74j8xSsVnJWP9mhGNwtTZ~H?~&r`n&X;caSEp?t1!$)*#B;_SSg-ZX%&v;Tb z{CZ}?-8au=AT&V9MBUxShdJ=u9hsMrLyKtJ4%##z6M4N9s(m?C(;bPXmZ_*S0Uw(# z*Omf*TzgT_$juM+=Qs1QI{bf(f)F9Qs%v%r-3c{F?@*)A4!w|WoNO5x&G zf85WSt!4 zw?cMo1!7?VWAGCJs}|5DIXo5*#cS(Qm7FGK9H{9N0iW|YhfdrILdzlHZ}RY9NR{rr zwMN&$G#aH7mWlYS4wjrGv{yF+N2sdURV!Ve2Dvi%ZA-Jx1c!@N%;3e~uyr>|r^|r2 z30?DNZK$E4+ak)$$tc-5RXI)&iux)wn6<_mp2S!&D^j$X2ey8=A}3?kAAYrlX^aL^ z4MW|BzEg9kSI7O4Essj7Qj)2nx>I52Fi1DsK?qhO)}Dj8!!6)0?SEp`Dcz=@phH)Y zyO0=11jFED$E|3lg|a702vtB8%wtBUh=5_R{Agoj+k$Z5 z&YS4&*bV045k6AXCBFRLz$pKbqFb2*iZqgpR+Ux;*w6ZNo4FRtE0V+{R5kk1;R?1n zeK4*Ei5<#`>Kp0Nr0X(-mKXs#($NnGp_)zbJ2E4QP40vAEriDkDhsxF83pX6y8jm5O32Unf5 zeG^~xjj;LAyl)n1n?zKq#t1cP?74U;{yINv=rp`!GJSp@&!WtG4O-(&6?}!eW@8wM zckJmAYs9&io6?5p$O?+QsH_ZNz;~xSHH6El*8&M6{|`XPiB? zb)bpLp5h6r0e{T7HgiZfq^2gUn^_Ox<(U;A!|yaa9KXFC#3_4ChREr$!k78mpk&Bi zV?dZ$OCu8{Z}Y_&3)GU-3zcG8vHC#JTRC6g4K+SxHU~ZQYXZk1Z8z3`f9uOGNF`CY z*Bk44!SFSyf{znqGk#)japDn>w@OdLWzZh#=dZ$!4=u4vM#~9Ez@6n6Drmqf72H+1 z7-%VMmZtC69nO-e_@otUwOou2DlNR2ODXBRio3E=*STwtX1)e4SJsfzHp)&60mpZO6I-kY%U}LnxQNOT-L1XN7($Yx*7-A| ze}flI!||OHB}fJ5!1^P3@dUQX_6no1V#NUu?f!LUINZ}I7YYgWV@Jnn&G_QO`w|sE z-&R=Dj$4XXGHeh=yQ5@-XaMXbFZvxaI(GS?2r=yn#u7`yF$Eq zE#VOp4=gHIMOofo`~t=ch`0y7V)^zZ<)1H1tfh-3I4B&%HV0|cnYc+PSZGAd!fen| zeEjYIPc*rgM_c*9E4!Zuw2ykly)GHC#}p5}B9gsT`>@g)a>sdPrXVbNkA2`A_`KHt zNh;q{V5|PqQ^r<+e(xlLxtj^E76)=%S)KHJ!_m@5_}+ z?C8O_7rGxE3}F3#7iKJm68>GBeJZ2L{(7xyFH`-Ga*qLso;HH-!XA{Ml&MP-|IbfH zGz=ezLQS2HerU?qu~T6Uml+wxnk`h}%s?o?&?n-F>LyiNll+rPlaGu2fTRW-kNl_F zr4z^~Ie?^Oo&@if%p2-(c{?8^P015D&yc|kb#3cqTx*h#Y{5Bo@Z(g@I`hv~H%Bde z(xB9>*Qgl{4(CuYIulM2Uy&Hlf`cFcaE(6xGaa3dM!p~3)Fl|QWfh<%>&FQ*uYr5c z>=W8iuO=d;_vV>QG0Tp(EYdv-y?&NL=+^=EQ!Qk|N8Ztl>Nq{pB%$DZ8vYanl`cm% z4YvauWhJNRx|%~ID?vbP+(RrXL?PS)B-g_3T}mUfqDT)frQ}5XTPcq6K?=^eSXyzB z6U{O!r;X$tW)oH5d3w%~iz?|#VAUZABSBo4>ubl33|v0UH3*AnoPa8O@IP7u7?lzkkfT&k&y zlvL}y>dV>{y2(EIy#`v299OrbD7^=s{Zssb=ivhlkdtLXgGg=C(~Ja>2|ED*iXfoH za}oRR4n;)E(|mnujsAd4s}~?t1BNRhEnY&%-Zw$(sSs@@WaC@X6x6_%o-KU*D!CZ4 z)Qh+6C3FV+!ntT_y{G}9cXWW4UE|+joV#2v2XHB@Qsk} zg2hmtqp5U$@9?LdoXWp}gbq-+4s%oi)&o9$fT9lIT! zI^Oo1&(SLzkFuZO2M-M+K@IX2a0Ox_<+f| z@Z#U~5o8kaG&`DUzEIjS0E9bG)&n_RT#gWJ5iyfM<|7}TZ@==?YrmWZ!A&DN5#d}H zvM|ymFTJP+JjO*SUsB>Ig=9oE@aBfPuxNnl9dclJ$c%+PbWj$3?u*{xO=JBCUlN)m zP#yxsw0Ci25a3_Qq9OVr5i;1zfjHVJj&rP-keNPxLy+!|pjR}@Af*DmZ z715wTMX-1OCF))m_nRkaIDT16w3WB7jsk%vWIddUDp?iR4wYOWv3OwC{R|?Uv_6)q zxUN{M&}d&!{!*x2k2cZ~rb>}0d0aU)Q<)-oz9h6rLaJRWhPBNL&cf%w2I)w zL`sT*_gDR2M7N~yxM7Zl8Hv?)BlKPoXKIR)#H*YtqM!g3KLQg?=2DH0hXROiE`=1k z@YB)OW;_L@Np|CmHa@bg81#C~7;sy|-0+HwvG)xZ&5ph-RqtmhqpU5GsQ*C&W&;|y zAeJ~9U#hQ9OO*`)XsJP&h=mic&lgH9Qz3sYh)qe+zSByd-zyc4mQAvhGccvXOeOH` zoUSHD;UKw?hc`c_ayijpZmyIUd(iSo2Luw$oLCQpYahOp3JJ8!# z-s!9MH@t$3>t8J7p}#>%MroPO!-=w5p~)plYKy-xBP z7imgYg42#C2q#bsq;FGQWoXDwPYHcny02KsMknO>kRw|F0Fd;>Ub2f z(Gh%kHvQ)wo+Cp0c6Xv}ZVPDVRZ{PpYl{qCnZFpRq@;FVddCuvSm&WottuAyn)0cm z{$wFDx8Sz@SH7DezKbVmzrhGqg$j3*ts+%2L?8JsUn8{gnc}9ImE}D>C-wf|5FL(l zlXHVlb{M&}8c!8HY0cshfA)IqhPg@A`#u zR4{NC7Np_kBsN4^*Cy#MRSN;}aVsw+{*5UJ`sx6NovpC8X2w%Jv9~U3WDif!Pr>Ut z!=K3Wn%~<+DxrF_LuSWmxsU#7-G+xl3~?utG6tnODL!7iC7Mk8Q_#bhlXH=XM%vi_ zWyBQ8#_UH9b37W{KlohX?sd&~y#keCgrvSyR(ZojtMKuyF66JG<05|2JP#xFk~rsz zQMyb2IF?t;eYvG<%m%-hIVBN`&_H7|JrlIP#=N~N*72w?aHbE&uSqlNP|Zd4MG*C* z-jDP_c~8q0K0f0v?){MvK~I*vS6Q0lIxaJZEHm>C4qb*XG*7=>s43Os2()lk!0}3- zmC+zYH{%JP8gZdTlEfe#zF@A~d{1SHt$D^UX{%_+}G6_E2+f{6GRc<0>6XcLEYu1eW z)FYGgrPvA6e1HX;T9tGVBPo-F--5C)>gs9tl+iht6;c*(o<0?lhrDxxavX?FOzq_;~bJLIb)WOfH{02V3RVGY-^se3L{Mj8L28Fgnh*g z{3Z=VsjGAAW60E9!#(8AmCy(tX zlfg1LXkSXwmd-eqvyDag3OH(GG_GfcZS9gfyao_W;VIfm8n7UuNn8^P_)0mSQEZ_Ia^bE-(x>bFgEciI;i`e^L)-E?9KWl^z=M_*p&Vrgg36a4dxnR`Ju zB6TgeWFk6BXPGu7Z(i3%tDdv@AFFmXq=MNn?Dd~a{&ni$KhgaE*D?QzaqZ>{-{&P! zMAux~D~=qwkBh^=ZJl@op>cAA)yNtqb@^Dt(_m6o7AE>!XJYNu3=Z$jw0JFwtMQMG zQofMZj|v3g=~FkB-DXPk4<(*a?B|echn|gzCg^I9?;S%Ly_X$D6=%EH}Z^i;O8 zD!W(;y(slZ@W?y4A_8@i+Ihqq=Nf%o@S^0Hh4ON*WYYJ(u2P{C&mO*DfiCZ_O{61hKdFoq;)D1>{vLwX2 z%{!-eu-rxLL}ue$-wn@28NDM2`iuFPE)Oa?fns2vFp3LEUwLwiO*4r1U^9OT)Z%9h zN#mqy>k1!R8?6IJ&k^sG%GyG{-zQDw*0w;@y(Dpg*gHx2+l;73i(hG8_P%l~^*H^D zjP2T%q~X=lCGREptV}I4eaRG*1hS(bOD4{&Y@b050fdDDKBHOnD#l zw~-umo;DSdZ#SExcb4HGrir``*S;QScwy68b2D$5b#;oMq@~?>xm3~UALP3IOs(lY zPxOqFf+`N89WZhVyFTOnzp*9pED@U_SkA4ScNJ-0MeFkoObO z^%!rg9VfVc6tiVnXdHQtk{_eXx}>1+($sbr`P{lZM_Pkyo^7BexU+Wv9REkmmxkm* z@j4gUY0UD-(V;gRT7vVM3Pn~?`h?1aRf!F z)WmHGLGp)8v+?U%RPl@22i(^u50$LpdmH42*=*9XI;1s|5`{CR^w;kVULRq$W@;IG zUg#AhRC%Jteu(%hG|f(0^THf{lIP)N>(^NL0~6B`Cy>`Q$(osJs3%HP!?aZF=@Y~W zYY-aKUr6jDUwVFA;+>Lpj-B~LnjO@ubkXwdL?GWy={(cp$fX)TMaJE!K(b+i8as6Bd~c`0*2NtfPK(eoWZP-DZe6%roZ-Iv*2fd# zgjz*=NENEL?sW=LlF1u0U|f4m@6a+1QBmj`W37-_#MRI&7Gb3M$he$lxbC=jJ9sj= z&U7B9L1Ys+^h_<21czuK@JfYq?r-+On~O#0?G>zAgb@_5?S`AkU}X_$5`rP|%K7|4 zeJauGmsw7iPL}Ia3+EP16Pof6mIRH~x6W0WgUl44f;6CLO1COdEQ?$CsFhl1VsXD` zykCLEN0oejnLrlaU!NFFp7IOW@g8#DfLZ?bSJ2Sa)=8n7f;6Gr$~fijuKJlgAj{!8 zi}RWxDJ;{`>VX>&gcaYe`2n+#mCi^~eWKCxdwCh0zFbYgY1Ov&T9>`PAI4)il4aSA z$D*~HfFXRTCWl2ipve~t(aj6kVp~(7FsuSO`j@=S$P$|WP}7$hU&EvwU!uGqy5vla z`FX2-hyW5uZ|Eok)%>q%^x=k~;VbAMAgxV_$QHl!!=*v~$c*D@k?H8JD^!K2Hj!gy zRpQnI)S9LPCq-HOfm_;$ zql|^pTutL+Dh6^`oBuNl?^B+f!Bcnx>BXdn%>hx8RYDw#r zK*(Hv;I}Y0cJ7zZ(R2SK!RK=+3+VvYZx=N15D z5NPUBRKrv!F75$vGgl~C8YEAKC=lmk=LS8cO_6RRX$W6WRC^md?sIU|u|TI3az~(caOCBgH5x?z^H>3nvG`{R znmLLW(j_-x9QR>UV5Lk+#*qHi)6`xz5o(myhKxj}Hh;UsV!+@nf9r9%Ilt5}5dN#|F^9@sCW`os+NfaKL(Y#|I5%JXtGOgWcYeoIExC-s~I2x;AcRE<^W}GsDBwt)8)2!lv2JP^B47lH04BwJTTw0DNp? z+fXi^#A1YE>Ae@S<+gv!yz;hvsVK9NOEdV-ABYPoVo}@;cWJGoFQ!B4lNxaHd{cMU zduNSSmn49J&x!CvSot*NvfZ4(A%V^eV%UB?-viE^Jpi#YFBq2*lDX@977B@phl)Awg3s**sag60h);QiU{VxjPRAnjLl z_{%H)H8}a>a|I<2L?E9-qJ3V{b*~O9BSV${9-bxys?H@4S~GH_45_80iRsAS3nLKa z_Jul;!xvVFkLzHHrR$O}n>eZBRTlk??azxWeM^Vgk1j8ZfqE(JY|T`a<>%KFr@nUn zGf5;`Qv5J<5h`wiH4W*JR}=%i1UFNVBuH^_i4rVwpM_{gx@MF2FEMQPbCx0N-E% zWCn))W|^3EJ*;j=7#c?j*!}Z`Z!rJeP!#CI4KfM{w@qv4Pz{-InXNbe;)^n>O}ukJ z1q_=<0BMgzM@>drrLYo*X%p(|GQULvf7Wf_$H95BT=b0n z`lVV8uUG|F_K%)Axrs3?8DavgxyBzLL;%y-OUoxF7Z1v8)>>E*-RYUzwb#J`ol>3O zGmho9eO^OM@Jo!clvDGpXzHMK11)se;UCRtV1a-yN9@gK_X2g!Ja%Hfa081-a2lH` zf_+B1EiW*-gbBL)y1Y5islKXEI$+>aK0RQ$P?(FNGwuQtT2cu!0JOLqEuTPC$(`Rv z#ARDnVRm2CXLRk$(l}e$`J6WUYxYcyT`S~^E;L#uBJ3F7t)#|(ZOs8Q{ z6cb7}_5)g$y?{RGw~gpp&u`#nrNNvm=B1|0u<&7IcX()z8{c#bajFhzeyUGeM!>;D z%+9GXijf1ujc~HUC?pS3yB1kAU>7Wf+dH)88=G>EQ#5~&eiL&jk9<9$*Q*bgMa;8vHZD9I)zBwiT@sR zuFbf<*UPi`|Bk*#h7BzIYAeEfy70D<-%eDADyGS@kTV1x!9|L?Ngx^6sg(q^m!Z})R6r}*i{zbd) z(8clXTb4*kzzATog!L=maMjvzL>K(g-xtfn`>hq#-w8`1^&G`M>GwaIE8EmaPYy-= zYe6q0T%aKIh~OqvXAdSo zSgfMt{=d6~PAXpM$Sxc#@hY4C0@eQF692a{4qiOBg@mE#KL%H;;udh5L@+>5^++ED zeqGS!G!sw?(>78KA0A~LQ$C8ukXw^;3}H!)A2J{2)S_RVEDB>=I~mVdmkt{=F9Q`` zsrH?<14x4>hctac1yU3)KPLucAX*1+sE%2ZXYG$WuzL$630GovGnH$@is@Y_xy5KwK&Gju4;(cW_NOqJ7) zU5_p&?WCMzeeF{XmxP4(=OY3kE}v=b9$wPW{447uV#x0CC3ra{yfN1w}Gp7?=dp#vN>F1un}m3 zEOqXaL%&logVWaJa2?SPxqlPgEXZ!YIt%@W9pkHf)qX|l%2M;?8U~2`wS}q;_Q}Xq z_WfED$@^1(O{nV1sA*k)2Ja#&&uxPaG6V_N!pT$bK&VnH>Tdi@{$V z*!DVVpmNFd8OnxF9T&~scDs;U5Q2W30f6bZ+U~6TbmTQnW8$WT3WW-sW$x(x+wlnL zZ^=L=1JlA>kygn_kIaLQ?9q-wrTI(Ad}F5ub7k9;@WR&4S=-aaA{m$hu#Jjk|{93Nx(U&8fA@pT77cy|BUlREkusTk~rQzq#6n%fyWBahD zuUV?yFy)@@XIrtbz5uuZ1l7;i{#|4Ek`>_uTI+A+r^<3iM%!$#u2z^b0H#zpV?6X- zTsN>(@S@3nIGRxz8WZRtT{Ds)V6kA;0?lf~bUa)>xG*rbjJOENsVFeSAb;T`rvDig z>jnk#tzh*-)C4W`nn~Pt`6^i_*&fc}|I!@OOX;Nj163wDUCk2<5XCc2T+%(teGlv< z|AO{zSmkt5#Zjzeq2*>|CletGqcA9PztqBwfTC;A-F7|>A?6$S$pycC>skcQ+21Nb zt>GX$(E^Yc(n=VTcOTrvM#Mmoa`Mz$>#f`Q20jL)mT6eUhvUa3<{VvuVEKjLBxUa9 z+c*SxIDT#OXl0R;ck35WySoxq`=R9eZHeOQS9EX$5El1qi{KY1!J>Rltp$MM;_*y5 zWb~bRDGS8A7j4)xqpv1{MDTqm;|%A%Hr$9R?72t&!*Db=cB|@S(HCfM$0o3>>p_sl@)0aBwL0&l>(N8KkIXs%$^<=JB7# zyhI`q#YZQQIC%hx^yYYcYVz)({mIFFPzbNAe|J1$h72)B z!L(11LF$&-zRd>aifVqLZF|KbM0EmQQjw;M-uCF(2WWnmz+9K8Dji{(T3M%wM>A;WulxyjquOtxN)rT@-r%39{5l54PljR)m1r_RaOnnK_Gb|IFkZK{f8fR1@t*pOO00p+;H*qC|;V?+n^HN@0h-{p|(jsZzGG`bu zxy!T5&S$)gTMDr6@*BO1uEU6V4dn6)tWe8*SFXriiO!a?Fm*m8ygp&#VJ&c%!T5(N z7nwMB3FxefDR+6ZrL+(*g2 z^7pDRV}zTW1@1|4rB{V9r~kC!q%BDhOXr7WAw6QB_$X`fs}$n>5h$;kUbEY@XCj9bH<8i%M@t{uAM3c<&M|(A%&>nDpiX;g~H^c$=dGeP*o2G zX^o9T45=;AU$*&W2&GFkS4m^j`l8?dc5@yjpypIX)GsoE2G6!9tp0889d4R8Z)Cj` z7En*Fg=-Ck{~V_a88cNl^4lt}RxS{IDkzNxEG5UAdp-r#1DRh`%c(lS;=p z{pjAq=X*#9%#CW)^d@o{G^V%;;L$8MS2RI9ep=xh?+x1clGLPw$ zlR$d7%Jcbw2_*j!{ikz^pCEb zopNFg|H#|u(rprH6xSm~zZ_dS=f&bOI&<5dnO1+C>;+8uICl>9$X$a2Qt2Z^e$&MP zOTUE#HHdq2ha&Q0sxxGoTEiK9Yef}Ze5+XqRc(|Y*wex6XZbDhKbUB($@~oHUSZ`% zF;fzM7)S1OYT=~+gs#6Yn| z%3(dz34O#`ON>iQ;3i?#a<6&jY!@H?DZkFp-&`nUnJb0$v6VM_9&PMb{9w?s(h#XN ztAA6pm6aH7pl%>{@=4`|qT}vNZAKJF;v147mq7gasB`ry;2 z$5QA2THe8*(B{>{oumHi8Prl>AmLMZP?0Xii2HXeGrZFAVb8D`wwxeaL*@w2g3ny1 zg4c2iyx-AJtr1HkwKajuJtVT_y*%LW;s0oW1^&Ck>i=qhJ5`(h&z$@D5L>1F>x~%4 zf=vO*UB84Cvs?rm(wvk{x}obR<3P>a@=qDv2#koNEqqwW%R%KxfHAA(Jz#iI|FOV! zd-uKcn|Jh($oT6sStKm{Ml$Dj8c)F&qH z2y(P0PTDVN&7$ctjBF3XWD>Q8%&G6wuEBdKgHI%J>cD^fr`PND%R+9E*X!2^b>&kKCmmhqhK?S1zPw}#wZ7K=#|ilw zV>D#p(CJnQ9wi+6(-EdUfAAPAsp_I6dxT8G&@F5lm{l&UP^@Hxnm=M{%Zj{2MsV^8tf|_>7QBtiW^h&I@zclPK1Q( zp81V0xT;(LGmw#15@Hn2=G$KsJp873yaQNXXteK+UMBKh&?1&(Dmo-kUSvr zDGLB56p_K(ZcScAL0JbQt`3T1TM;v4fUldW3rvYwAs}y^F4LQgo|0j05K78ZTGB|M zjz>L6fRSwUq;WgrI}Z&%BG`9syQg3p+Cl$Ws~hCV;J&4+t}W>y2Kv#-iQu+`-&uRo zq8M0Mxsd1C+0Yj8WT(_|NG)+^QoPH*fLABL;I+5`|J}d_dZ;^g|;pbNdlam7Z9sDhdK&&Z(#uNx}j&WDRBi zV9Mg;1|=E8-Bd$|NQugd&D@7@(+#ZTH85&tf%kKrPi^SH8*mr&V}pC&mTdYyBiS^} z9h68x#H8W(N3%LK3NSF^*`GueJdDF*R>|y zI0(~rqI6A!)ZC98tEdHCmcSvfOlmR&0{+)m{<7}P7@+{0BOd9LyB)2g6U*T!6e!Mr zS4YM}BTVKe=KfJfqKd+HB9-%uAis1>9@1>l>WoCnM%E{&!9a7#xwt3{yz|PVBRc5` zdJF3&6!Z_ZWn-9nX#|A`!NyuU*pafbe}~k8*u;V5-#e1Be2MvO>-Gm=AyM+(qrI=r zFMUM5WJJ=AOh3qwSV)DMG?B3H<&NV&$R;}GG_TRJ|8md~{09P3VlEk%h_*wh4cYoS z8m;=Q=-AHLR|@8WnOh}cZrKT*><%=|f}b6}dd<&y;qOt-Smg(*D*5#ybt?hw(S7vU zSIN2g_~s^2Dz~nVo}lQ;KunVn&`#mq+wo|LX+PJO5TNO|cf4lIZy74j{Tf;fuNn#D zxN)zH0MwjZDj~d4Tevx#o_FwG?_P~XAN+-bp;yV*{+Jf__DmGir0eKpW!&3>IxNsZ zgGD7~;?~+Aped2Y^e;kbLwSq!XmYog>)n?=Q8yOJ0sjr~9gQwj*l1vWhoASV@ndLB z%fv#4*cV8pArFdOAu$`P-)O2JZ2p_OG8qkRs?G$f`7OQqB zW`F4G+f{vIK|k^_&KX?QiJxc6p3>68Firv3L($L_i%;L53}pO7Lms9Y^`Ewwnp&Xe z{-Hv~kIC@|@#+??TJQ5~GP>_=y9>+6k9?D@*)>|QpQBA2hlAOJNs{Q%5-N&o7}u4cSm*2m4=Q-)$r$aL zq{42D?cP|xxQiaoC1C^vjQYA=B0fDhSi9Lk%j3LK7|rP0nSO45>~3z~e;MM})!?{? z!>N(&KBgJcnv}>)K{wG^%lrYu@!gS&pWvjn_p8`USIXKu!1(#kw~=0But2?+k!zHs zC*V#h>C{8z<@U&Gi#8#~O8< zSf}eiu|Tp6Ji7mLdjQ=jxeuZj|ED5S-CEoH#x#tl0*SNf06^(+r68FwZ=N8Oo1{1J z<;kxO#_etIPD)!~F7+^=^BqzzV4HS0q-NDI7DYX;xwKwT03+(h)k&mCH&5)rz@p2R z({oPeIDF$E?pAl#IqWTn)w%4)myN*3@NxJ-5XotCC>j-Pc}IOs7)j6PrG}XSDov_m zVG6P2U#Gvw$3bm&GX9^@sG66=1=v$Pq1C`8Q4aZy?)aY_o*#HPq)1NONdPeZ(ne+D zS_=PelFrv1%%gGF$2LnD%PW%HI4Kydxe_IBaLU59=AD?R1;sb&_WKXVJsZb zT0lS>>g70Yf_{nM^6$}x-=_EbUE)6<*xYs>@9GuA@L~MhvePN|-GPk{?j&01&(G!8 zQRdFIH^ zgMdUcxY2eZ!sv~xa?9qn_jO9B69qPrcss}KNSp8TBl2)+^SMco7Dr+^%efVP!|Op) z#$C`ZYk*i44&>?iE_7by;((AH99|u~ewDfDD#`iyZ<-?|{V_W#i-AjAFnHziChRmw0V8Blw~FdbZa@+U2?4 zwk=RkNZaT&Aaa}yt{R@#u*qkNEYeHgP&leG=lw&(2UWq9$0Kuue2RplqXRLq9QT}P zoGU3{FKol}QNYc+sjljpXd;zVzzsPLN(a7hXfJhpnJcmLV_X1__(DTSz<&^5DNbju zt+5r#+FN`ulu!{1x0@Sf^W#LlEV2FSNSFNm%f#Ne;r(um4uh*UsTM*u#R#@eP4Dmg zLmf0Tb;9TM+0SuDK_?em6@t@KtM}d*7%Z=4ubnhB}j{O)exqqxq+w=#>cj)}-RYrlCW8yuNao*28~3B+2M0u^L#UKx478eby?cfigE;^`IfyNFLMk2sjQ%rhSB`T;3EiWRU-8O z(wz3g;`??>W2M*e>$DwlsRz$0p0%xxLtqBp==61z_>r8oX>0%T1M{JH6&IC7e+K|# zZiRkYGO6G8YCr$JigwE8?KJf?3%gqI&h&Fnfp)~IiV^N$ijmjH1p_oMYQH+7144f~ zbon@F{Fhfy>G5#~dU7!H%Pyh6)D7wQ3$}==96t1OPZz=`pc~^xZp|*~- z<6)UMwO>(&$}(zZ0dn4~r91j?^!3El%=HNc=h_HYI6+l#3W?5{=-fIc`xsKCXr8NZCD!)|*m~DC^CRU*GAINXN zs+X0b<5xM>WbW*Mbw|Rm;!DWehHUS@!#;2O=}ceXg7sI-`n9`RR>8il%L8RdipQHV zd0e^4>G3x090s0kHU~WP@Z&s=b8o8(?nr9eaXl*R${fLqwZA!BqIP?HGMR}%XOWIm z+Cs|{jz6qn+tbKXc7Lb832bi%!X-C{{RL>8_^M3vA!1gjiYLlUt<1GI@WY-{66$p> z`@?dfqIA9xpSh+&{6p5_YYzI$NZShC(sxP`VY#)n=d`DU-511rOizLznn%zLc8?f} z7#*BP=^8kv_ql+NOffW(cAx0jMC|J<(w{a0;MG3vA)9)|y(D7p8V~TSa%3gU+a~+# z;$?P6p2jpm7>#MyERalc<`3p8qB#hD7^b6_yr$`w^|L%m?oLAc!0NqF00+j!9L>_#C~nDnm}2Aksd?&;w`tFF}gsQ0hffA{nyAC;uvtf0gWa{ z4EgTPRb1l&~L-EsatqgE8Er2XylE9??U6A2B|1E99Ls5NSz7_!rRBQ18c>z_2gYtvmh9Qe8l9q zDT7FWxCH~EhkM{2T%bU`Tx>?h_R*~?WD&jMlevv|6I9hRNP9VCU@hxnAJTlX=OJUQ zwbs}B6i@>zEFUjv#5+c!J6C+-e>=IlnHfBnmO0t^iDD{1QYTB?bJ-yre#o~a|Jx7bm}l|=6@j&m2YM5H0qoCdNDIC}yUr4(4)=)yJQ;6l~f zzQ6o1Dda@xxhad0k1?pa&@CK<$&$*vuELdnaBcl-D;AfFF98q42_FkBV1VTETkNK` z{+dBVRFK#eM@1Jn|7lX{aIZs9!thW+C6edzw}K~G;|m_&7Iv|kyrlpM;^4M6oxE(X zDPTKEeZDMGF!;w;QUYu($blX*q8MjwPcP<1*eQc6;=~j|CaylO`_yYJBUB<-lM}JA za5zqT)%RazXHcmLl!XRzujs_N7nFYqsIZLt!}oB~S6bg!aU-4m&P3sr=X#d;=BSs! zHfOrC9gn_^USw|u4DvAQh;pA1+a9*KZ9QEb7Z5j*S`-XEcv#_UntW;P3b_N@>!Hmq z+Fx)`)E03<1ju?ezx_A@nmVKp&#xtB?Y)EIeM`H48mq6240Eqlne)mZ5OuznA4|dM zmln?>b-(B%Z!xX<*b{h5ThT-@lAg;7LzR{28=2vV-DL?h5;H&0209Vh5zJ1Fkj(A5 zfhG50x%8f@YZpEDS3N(JB_D`&6&D*gVarcEzJek|r>@U>SOWFTHJy3dyuA@Ll~7!; z^Vlglm$+L0Y_f2Y5WL{%5y=JQ3ORT<5+bmPe@NQ7)ns7mA*Aa0p!`ymOkZw}!@@ob zrw=U2{j~>U30_|Gq0UvTp_@F;WX+hNuE8Ex5<~A3r%Q}98-nX_a zsrkIL90Ih6zXP+$@Oo2Xne(|>{AP#!h{1;+hpCa#T~9){&u`nIV)5MoGZ9ke+3TmR zxiAD3U?V!ytV0mn()@0>FqX4Pogb7GHZI-!4{)m;0+^s!RI_~6e;5r7QjiiT37KXO zQYT>6aP7f%L=q60K0*QW?aUru2A_$w_qvH6ECWM&FM^@;Bhc8GQapWEx+Zdn*(#UO>2P+bZBgq%AH z-X_7Z2xR~8d-0}hbP1b&S!Swz_LX9T=FSd~d5-zT%8Fj->tp6*uC@4cbWgInUbm?k zUs^62G7QusOhostJR#m-Mvf143osOkGn0P;4PCpW;=>F#F zoejgvo1JTJh71G{LK41CCG8Em-)!CU*j^64_R{_|R;C&|%T}R2^^g1}vX&b>7Zz~K zvH{o(Oc=}3k(P<7h9d~0a|0XvemIyJiFQdIiDq95viH0L-{NAyKf2UTf`5hpa(JqA z=p&A?*aqSLW65WwDfBpl(zQa}H#PydxJVhtL00Kk_$w(c3qBki<4C+Rz{l!Idl`LV zwDIPEH{xf4W4K2rMy|Vp{eyHQ+`2JGvEaoM8%0%E%%^%?c)1{w$e4-@**0!Kmc9Vy z$|WaxpKcAy9Q_@cvb@)KhB7-a1Eh_*LT2SM9!347ugReJ%odl6pU2Yt{~g+^B*|Ee zfpsuuy>}ni-93VglM0K;#eT!v7ilX&$^FgY(>_h{SR*##=sC*Jp)7i5@~C2_hH$Us zhz|JCQi%Kj{mzO8$)br1ou2EN6?0eOCqk!io|UaFFI2T^)J%(D(E{JqGaA7$Hv0=F zja8lDn^XX$WR$Iyn2A%KF3WW8eW;oXQqQgHW)IK5Nm49Y|M^62UpoX(#8HM?j;lQ0 z;Pcqw_IOQGD;ifDn9bcL@1)@SNQ4ZEQ!9JKL)$GwM{Dm}v;l2fJU0$3A#)L*d+fJ^ zveYT1WLwsjEuYh^z9TqBYa6GHVW>ob+q==rEq&_`J6mEKv+tuZbmsVaUoWMdfsKPQ zidk5Ac)p}4IYhF^(Y?pBB}+FDE(m~hxvPJl_a;7Z(473j!j~jbatg7N6Ws@EU=q!; zOM`8VnQR0S(+I)y6_}X2thF`#vzqXx1!fmJh;ANLO|`Yi=c+tQvB704#robx7FKR> z-)#Fp5{N2y6Ti-gyKctZEF8$v*6h!fL099Cou1yTsCR?_pBiG%R!nZ%%wGgdN6>5( zMR)^^^1iRDn_U~SW`&*bUl1b1*VL-cHue=IWB|(ZY-hA+05yNUwF@piB^2BehQJnJ zab|n^+Zi!w%v`F!=FPtof_m@muSVdJd#NX8B4yX7;B-TXPf}!aTtwph+26?4_ zUF{GEPFfqdrO27tO|48&i;HP!Ju=Ce`@p}}oVeOx9LK4RH^Y7v=u3aeC+(B6^n&WI zC-hsvp#ZcQMh5p!e;6lFw5CNbUhRaAgmuvR%D;Qtxj5Bui$J1A7)mOWIejfGUodxH zKN}bsP(TfAgx=Ttg8?DKW2MwR%fK?T!fMo(GS06S&A|~xIIF>=cw&Zsf1caM9<);a zQXBe1%qzt2SJW?=c5Vyr9FC^9aJ_S{oTka==30%6PXdx0WQ>}_t+0*F z4i8)HI2JI~=b+1!>jUH=8)0y1N%p`Upc^Vo5m6)n@?)Kdh@q1o`#hZi``w{FGy-ip-X~~)PSh}Go6=tzzW)Mo21T4q%T zS2;f4=vyFsbNIciaGu;SL&h^ZeQm%)(mR~EUfpfscC+*QT8e1xPkP$L5M=bmN<$S2 z@^LAaH7Wp-0=<8JX?pcA{gP&O zkc4j_Lou3~3+lkYph029fC(GG;kY-v6h2KyM+@Hqrg1(^Zy5m-^D7Mik}%`aFqSzk zVCMCG9sjo}6u98Y*LDUg*Gu^NI%?>Z8b|2Z+{(!h6#CnZBNpO-SfqVyLQ5KDCl*(ob2VvwH;jM>!L}_qGPQY42^qR zGOYO)EBs7dGIR%ug5E_z2<)4y3pzqWbIzjDCZqZ$%qEQU+h~`Zd8U_y4HG9ZE+Yjd zoXy~@Fq`u1;QChi4}BQ??Gxm`#jikTn4D}xcuW8kK|Z*Ae24%qKNlCepp8iAI)X({jGU?loaNDBr* z@eV(Bo7XL6Z@KU-BO^}-W`mQ*r6pluVi*-#=E-NJwC3L%*o>`+-uu zp#y#5Ix1nkmat{><&4y!$cbbixY7^+h1Er0l1doLtzYi?KuoiVQcZIpIW-g4wmfN2xw4F)d4nyjiFvCGeP^Rj+|}byO}OxWbjf!}!(X zr2X_v0?W^k0_h$T=e%X~6Kw zfoljxL8i*AM_n1~*gZp%*4ME5;UEZQxN1@lW}S&V1;wb{V=88eu*A?W<<@26%3E%l zN32o0Ku87M@Icgc)z(7M$3JrRg z7z6rNX)A2#D&&%39$r;D{DU4wGi>S}LX5HJOwtqG0^3@5{8D8?w4Fm% zZa>(OPEHsenJe#)C>SdnK+1Uj^w&KI7ZZ~Z)gGOMom7LCrt>MuNjeHesiC)nuc#ev z>085!PBoA|E+vBi{|rJ2ZTTCwc2>@m{#CC_UAT^|Q(cMj-A}ghXNQ z+`-1g346JfO@mrtAolC87j5PE#acq($WZCA{E#`7ud`IB0S~K~us;(t*$R(FRCk6|eXuG^z#)cd!~iuE_yO7ln&` zX@y^ycWQZXAg7110}?AHmVegP-Mcp`Do}T(DSQ8}s6q`76aTUAKHiq=8R|PH?2^=E z9M?QJbC~4uRDplm@w!(LH4DUY+zmWAiAXH-MeF|b30GKLtmnV_QRr$*MpZ6!so35P zvCo95z`T%8cXt8>Hfo{?ggR#-&GBm{S$buVWMf)+M_L%#D8;7>!#KhgU4o(uPOfPC znWJ*?>Q|SHM2SpeO=DIH3@rc%->ruPs5-Q(lBz^bFS()se(J1;pd)AU#P5lxKdbABIuZLO+lff?n1OwV`8`;}Iybk=zsmH(^I zg*_g15q0&3{HTLu9|*5D^hkZf?8OdRTTLbVDV&WdO1&LpY-dm!;lmBlm8G^u(fMtOJn z_@7s;dv(3W$51^&Nfmjz8hnG>-?9Y%mdr%ZIw}}S)6bdPjiysau$F%sQnLwd&b;O~ zee*g8NvaFSeMxhEbgL}=HKnZ42Yv1W^(phm*pXMbf44cmR`J!XR^=Dv~e@D#w>ag!Ij`SpnPpL0&>Mv=G}yHSd{wGGQ9D5tHpb z3pCkiEM%=1Swv=SC(Xd+#H&;vRU@s~wN!di8=+mKUzMu$zeIh!XtH>6nM(U@i&mC` zbmJ^?$&=qWYfJwV-Mhq!g%x9$DUXOTq4Q-57C~Q1hgl#`pqji+Ue7sbhJC++z&BX* zJGuA%BtioLk&jKuJk-(+-TKZyEMMU2oc?KOCDu(^9;qf1PNd{=d|RjQd${;=V1!x; zA%yu-)ivedv3heof#sk45CW0jr`5tC#>*!tTOVoE0(TzMI%<87F#Za|OPv2`x=*+h z>N2?l1!KCvmV|0?_l`p40zNhg3x6&k*~-j4jRudGoNBQr6`-ICc9&#)BO7Bcvs}DubVLh7>kBGfp7d;IoJ%@j#y5<$d zk-0v=cQ3OjJVm}cOMf4l=t)hZ;4w9a$GPK3Dq1{otNp>U8G4CqdI^+d{QmBb=-W=3 z7{A2p1YuXfd?OMdo6|RM7o1R9D@)j&0c7a0E8>j=B|ai6e>FV!pVsFTcMtJ=H^0(+ zRHua{+Q5xtIQXj>Y)Z!h=qCYn|(1ZuX^QmBZGV$#IShA$X4g1Q$P{`xH%2tnK zp~$leBu$b1inJtsrfYe{|F==`=v?clV5RhFHfS;o0n?*f8y|8G;@i zbz8lAV4JdV6T&6fCF{e@3K)($J$ry$OqA3VdB@FJa_XfXDSsEP)d|%QNbG;L>)Z4M zDjw=+Q^r3*=DrFQqu)a|Im#vc!IXpz`q!m*4f5BZ-;`0pjZ?AJ@7 zprkAUmfma-jws%s(%-ktT>4cilhf!+DN|JV|+oB&{S-Z2as1 z{P)cNb9gh{{bKQn*voKJr7)Hhe$sx@0XC<0NDt;0e;QxHj__`DdG4!OF6zi-$t$L> z)vtJqFI9nT+w)Z}5lz5ek6udZ>i$=EI@g|h>1)(RyX)KL2&rldQP;Z|9`sFbB23fw zuw^WhC6;;E8Qg`ei{ZZs-@KoWMzuGyf0U?5mR+ezey0V{0?EA+3+kT(+VV{_=uDQr zs|TW6rTy>rmlTza*;{N`1O7i1gG=aZ6=B6X#3;SO$n8`m~}`Qtzsf)TE`X5_=dfrd^(1=7pLScC~?_JUs|XRz2*iAq(ulI!ILB9 z5p%Rp;Pfo}Lc1qYD(59NJO^O^?;^z|6v?9ajQzw^GbP~ELP0W(?6rZpx#G=eNf1md zuF5OSK9gX#RE0@1mye=a=!!7FBNW5X{u;IjpZURY5ZXvmtfR(grP$({1{r9xL}^qb zPv5ySy38BmBjjLiL_vwrLzpi~TIh_}rbe^y36s*GW9(@-+k1rnRZc$B*S+*NpRb=m z`^O$Jv;PlMUl|lvw{(pU1b2tQA!u+5?mkJxPg1aZ!1b26LcXtb}-#pK~ z?^pNlshX-eXYbv;cK2GVyUL@ZDvj7AGo<6qXa@2Oi)TTM2iGkWvFY#fU<3`Z5Xc?9 zSmlt^wor5=Dp;@NVdwnHOA(lT-+AzZ-hp)eL>vnAI6^EOE&Y6U~;O7ild$M}!nQmCq<6c4y>d zS>2bn`~|(z!dAxtwDogDddR2f?pyK0#(vhGCg%7_Nt(&@x>RCQ#jDnVyQ8hOi@eCy zgB3yP90ILq%*%SD(2;zU8v~W(p!Juhx2x4*T2vD;t&YB?f&PX_H!Vfr~SR5oFO^O z^?Z*xPv_8%Y4~=I&(5{~%PrQ_b~QmX`=*+`{`wFKH$IZ=Dha5Pjj;2Svi-Xk9Aa(; zRWYnGAHbOct^4?I?QVXtV^y1HL;X8-j)#Elp4q$k?G(^!(|9n~SvM z|G!0UpQvoC*<}Ls6x{niQ*t!&wmbU3+T`0|k_v4c&aYpuLT8lFv zxUx`o^qzG-+KSR5r3WMkAMdm0G#5d>9l^DUP>%X@!01hruhI;2tjyMXx}jm7eX*rH z6Zf>2uvO$vq4V|W<;Xa51LthotDJOr$r9VVbpLu84cC+lLv|7zF?L6imX(qGEIwK~ zo+T!qp(jaGSc9UO{IsZJwkUR%+V{h?VVM|C<9JL7aOKCoK9t?o?8n)YjTQ zJ?L*Yz8u{&Zbwiwv>aaGPZdNswko~|D5?p-EYS*zR<*yikPR%uBnWSa>-KpqI6G>YtbspD= z@5tCIuXmj`K=HgnG4@Rd8Hc4@gVQvdQt7+3r}HP_5Q5j-tNGv0lY;+Zh5w}Vdlb-a zYjz94!yDj}`uDORv3L<@SswY~NmS}Ekn#p1BxO`49PpuOXOQsR7(&li+5j6pj=5pq z60DIoYgH=<>k6X%1m{=)7r+0Ns1=-{9IphzICmxCgu{$yA*H2o)y2b!tYSR4$(ek| zGT9?r=BL~pai1dmNvaZUlfP9H#;o$>{X4Z8nBqxdMS=#use4?@xJphPUa^N{L}v81 zuh;SD@zm9S2gF3QI30{e+qMk07y+5Lv|a2%{x^YNqP|O#@#B=HcdyY- zwVtpR0EUx!7hT^ZMt}UgWCbA^1%`(lWPCn2CM6;}2qHzHz`CLSL_bO&F>8i+)gher zCvBu8+H8%}Q<1_m@NqEzua(Iy2v41!7Q_cD?Ho?XNrZOKKFVvIj(oK&oK{(7LgacA zCIYJKyL0_W2hEP1^kCgJ$`jNneqH=b0=tgd3jzs0Tg0nGF{78YsdqfDT{#h#-%^cG z1@99+rIexHZc^&QD>P=aX~Sa;dGm;1A9bny2Xj>t{}ZF3`VqM=qe!@ro+RpK`?|ZL zK~^_43$^}0_L>%CMyuSGM)pBPI(ZmzoG1(U0s8O^VuI@`@wyZ=Jdk3T*{Ca=MFQH6 zfHzV+Q^HAV9n2w*lE(sFZ;d(a16?dp^-kKEs64aPp532`la$13r1F57y>v-l8|26e z?zHD@MAneN0uG!V8z#=DWIUjWMRDvX0nNnZfLKVuDFXTJC-f#ik6rO7!8m==v80=9 zvUo;?D%grBJ3J4H1;_QrJ`;RT&Kv5H6}+0rKS*vv^=ZHUS~=w0=L4O^pOUaz?`d6=hR% z<7ZHyh+!Hv&mXQPqW8qeGe8tz99#j)kijN|U1N;X2sLSm+Mw8zH2%9LUME{NkeH7g z-7Zh6#f(;-R_<|ZVCV+lDj~>IOmYGS$Lw&Mp6T~#z%v?8XXz^=>BfwOFF7^TwGx)Wv^8KDiaJ1zxfM)Ye%dRLh1&v|a;uGL) zN}RD9DQEdHt9*!G-qiL}Z`0|8J4lE3rL&0r|BbQ&BB&Tyk+K#B9jbFb{URBR61 z?%2t8dE6rVVQQxA5EL8cn4FF8A>M@%XEsTN0`Yh9!HXNN9gTdxW-dnw*k)d zU_%EM2cqEZ{L|DZau2_T6k}}hE@!nQbb)ASJDt1?wv-vjPX>a2F%ySj@gCd)b=FpI z0v0=*yskwZ0SxZwm=f}z8IeH+yZjJ_kAfdlKpb(nN(2yrlM_rh+5wFZ+HnN=adIQA zeB2jAUA8h}Nj;B{#c!Ax=&;SwgX>ai&X3-}9^8ZdeYnsl3QWVNBH)N7X^t#hQQzke zXdRQJVO5K`B+Bf-@NeN8M}cDSxZG;^8n~>;qEBQ{yQCD!;yR z`XX9hNBXHfGA4Q*5nV^T+35pg;(5dDCL!4tY^j<+mXyTNIZ9|OFxg>K&kn;hJ_dCvYRO`=;9IH1t&)@#6%Wi zzk!D!+Oc%rM2f;I8fgzx_j$o=4fUFOBqGq2_L_Pw&dOgr!~p{hBN#G)CEAQ=6$;d2 zD+4x7$(jB)UC{-lQI|4Zso+3kebE5&lp&9_=6}MZC6T|xj}f1gl||vwlJ2U51R-Y&#mf22*qxcgj*5zupOKu{2Ei zoMWXoc~fj;ciLsEH+^_oyVN;%05~!BVaVym(^pdn2%% zlC3Mc!7Taa`w`R?pE+f~DE&<*=c&*2H+T45iH>o17a~h&Y~Aq7@&Vbc{~MLa-!;qj zR}6|m!~-ayf0R2dmIJlV3d&`zs2rgzXjryvM#ZvC%y)jbA)_n2a%SY)CV<>nn-5@a zh0d&R=itV$A^n6&S=$wn{PZw*Inn&GclZ^TNC2IaK8c%YxEpeEEZbQ)`qvf32_D0CXie8+lO z$N-)5c*X#Cbzir;58=~)uia&`dyoTU!Ftpj*S$LJ2wwN~ZN#8Rze@(KiIsY|5V2&5 zf*&I%^5*EYPnjZGCJ_jQw*5#jgcnCGWx24TO#$jyiVpXm&DdVn_{muKKqZ@J(UqO5 zFROJAzA5JpYimM5adE-5gS=MhO9H75!3~M=`|EEcO%ZvE{?QVo6HFAzWW8C?aoLDd}slouEainnbc* z6n3Wc57RSfd^Y$eQir2Zj;2YJ&8s( z%A4v+c9EAeEs*2zch*Y_Lk?DcnZY}j^ebW+jQLmOH0n<>pY$!LAchFpnPY-zY$**M z)ia+_Heub$vjFBo7H<1Llf=KKh(5)EKj;4E2Kv_0ITg_U^~bYph}!UBZi)4tl|Q~_ z-JCOMBz8@(nadG#g2mgGH6vq8T8_*SBsx-Yz9X9oi};Ro&%}3!AQQF1$)q~}k=Ip4 zX;y2l>v`d#`^;K9lO$`wAH5R8GN(1aw7nhoDt|SP7CgmPMT&3!iDkt8d^K__AfnY5 zB80A1w-LQ)r=58i8ve3BuGvgg*<@LFPF3To;?7;yu{CGmJX!QK`Iz7j`??z>J^^B?I9Xgq9jLX@(VS`Y;9T+m$jsf^%er&~Cv|O3N|b#>PGjJk z-v=1mJ`L{6Zew*M2wBk_$<8l3(82UuFCNM(n;sagg#0c80`CTj2z49&lGa=5!VWSp zT;$-xhbHqG`?%WX)f2F^7{*}pE2E7s>trK}!UN>A^onkC_oG9(WI9h?$3{6AxW_U? zR`o*S!h3U*^o-+UP2+k_ybc6r%Eo`6f!d;zHWvjLW2&SzFuNyR;WJ5glRL(mYxRl8gUzQv4VTJ_tP|Hetah3LKWY-$?$ zt+258^=G5k^NSbdZ0X@ZuE)8~#Sb-eT5KnoogTiwR?hIyO29$wRvj+QwZYNia=5z}W_G`L&GnR}s@AXjHZJ^%GNJtdKt{x$<~( zOGkres~I%Hbth<7+WE6W8#+!h`6_eUi-?x?vRW3;!JtqYXq{z3s7Y{U5%9DhT5rG8 z^}J{AJImUjlSoN%0OM@L#S@8R6_f)Vr^l~z+Im-l8hxkv^*M5a)4QpC1+$#X@`Bw# zGhg2ta(Q$!kpJ03*z@)#K^{5Y&bsiYPIdeF0XRAt)(E7@3$xMG-I z<+Q|gX4`N%74i=E09N3-8 zAz^Q-sqxM8y_*!{m#DIgbBd0=Ay;Wl+KcQan0dx;;#X!}Yw6?e#mk+)_D855Aih3J zt6xwONc&L@er|9)?Q7L`Sgya=yKjAvLP`P0pLY&xspRAq9-s29i@)UyWmcC?ENiz{ zL6BKrhAm4^9k-RIZUy!Tk zQ8RU7VG@DYtFLIz%uj9>LOH(1)@99vyyGglzZq?O%n8$M9Fhs}#atoTjKpH8MCi_+ zP~>khl^9D)0=D#K8C2MEsXH;dJ_$kQe{@(>CS^5<9ni`VQPHEz< z9UFbqYkKw@`iI^s(K*~B7>_ngRpNUnmUC;%^&D3agx0X{1wb%)mBLU2YJ{=RU$Z~k z7?9I^+lb|-6DTA8(-#Wqf-k@Rt!VX$+CdBg{>7f_d^7*0aQ^3>n(YKJ=unBJHVs9L zKhScleD^M)8$AyhWEefh2p)TF3-RXbD4P}l;pSEp!lzM+p4s{#3}XAW90YZF-`KI% zswT!^V^bi7A09eE`4Fi|B&CJYE)FvEh2C;GJ zl$%N7&Y}DJMc`3jXkoI1mI}icjYLa2nE(bs0WJXooOn*0Z5-gfOhvnVP;5b0(wX6b zoy|z(-vE!(e!cb!U_E^-{Kn6pF`ptZ@?+I+YEFc`5dImEH@W$@=S*8q`lD! z{Wo;%!@1VI9bVYSatG37G~eC7i%V+!88(A)i!sZm+psXlH>HJ(^?*kHj)EkxK0QG?N2&E)oUnX^aC#5{UGD7h;q1@& zj$=f#<-8IGOqpr;2XP9ep~W4!i6MXEHaYoLWd`C{nOIV#LsyStSsk@X#6q|znQ>E` zJeI2y#8d+GOy$rWRNB`g6EGw4QE;S|I3cT*Yu$1Tz}VWeZBvt8ZV0h2L#7mwTxD!I zu*ZA8PNus8mxly>=e>nFBZ^u5PF#e{qFyMD?IulZ+VM3)yy>7>aM^N{tjc(9Iivi< z-+(%K5Jh5~d~6#y@$=62j);>+ex%P`>;!u%Ms_jW-Q9bgr=!x0KkBaHVG|!(33iZv zKuHIsBZ$Wj0cndp9ISJ}j&^R0P}QyhTo*4;}(&lzEG_J=(h3 zh;y~z{K;gz+@;7db}xG2uYIn3?`OJ_KfqSiOzd7N;Rg7q3=sCyZX4e%O--W?b!pK{ zfYCdTRNv)(^|B$U0(N-tY!9JL$ue}+21~X56vMF`M7DxVA^AKV2>W3XIp46(SuM0c zvUd%RrH8sKS+DK*W^De`sPz-*yakBL|I=_pHY1e_F*AY-MM&Oh@HZrouEwv#3XGS^0$NsyNw~>d+f%392t!LZiDL2nU>;yzP663_`}N2>{*44e-RGJ>so3DF zS4(p3DPby7=7yu&?p(@pQft5Ly7)>mvqS}QNe#6XLHL9 z4H-^Qj>U=5_rz1(68DOTdjL|<8BM8T?MVcxAXh{4PjYQ|YM>Bn*1U5N<0miHhORBH1ZuHvCy*J;&L|Sp z5=(iQ&GSx!c?wHaX!P71-sXy-%a-$io4&*k0{b>yKv)oKuID^FcwWnh!fE52cfakwp2`K3Y;kH3>4NEQEF zX9)=tBMm!|`dch9?(_kF)e$n$?RO-bHN%)rB~V{;A|tq9zGj6P(3JcAe(z>7GhScr z$GfTqP_E17bwq>)V`E$b7B)gj|H-@Hys95%Jsh#uEsL8W9Wef33S(?zO0dnT!UN|C zeE4`bOA}=P$C_3mLLgj~$(5d_VVL4zC{)BnQH&zez)lLKOa|KC4mYSlD@dNH)`M6F zQqfO`On!J4`Lr+&PL_m;U88v|5E#;dD%(F#l0KhX+E?L_z}Qma=Y!?J3FX07$p~); ze2NAB3=M08|7mC3KZHQj^JR6IXbLs6Jm))NK@{XyI=jTfo{&a6f zy>64!2d(j#d1KQ%fs@GfdTqE3`}q+q_B$ZoSZ~&m)?~dm?>vlP`9z%$Ms+Q*xKkrX zb<5nWD1uNaF4nOFz7(-`dPQi-cKrEW=bCLX?Lh$Hj*t@6r9nVYq+NVQ zTK#-3k@l9}(UxOWtPhS_#fmd82_@a;zA3*;HxHb*Oq}oR>Jq+=QnFM04qlF=eP~VZ zgepJ`IlH^pdPiqHx3-r3J)2?G*qpz<#5}6yiBIV~Z%&S^?cTzn-PIIH3yN1xH<_My z@V(uRuJZdEyAO58VfD*Ta5jtTr^D(x+eG^Z0FzfIRM))0g#*aDFQO7Y!i4^xA-e&p zYeo^2B(F}8chl` z)C=}@&s1v1jiKKmqp27leMf3#*sGR*(5)Zp5|<#|j!MyLM7|y^e=2#;oW=iwW5_zw zOmnrlYdKCet#YmMD`;&momU(Hy|I8<0w#YpdHW&p;j)r^RJrJMAvEe9JTYZ#U50uW zypoW7hW`#i=6}qYkC8(n3tONze%jKJM+U$Kf3&nQ0A6|39StC|UMt|6|E3HsnD?mq zw)yPwL23_%YDlJ|*dhWR1Ok(3azSn)v1-W7M6v`^9ROU7h&$O{?Qz+_M6`&}?pk9V z5(&@qsAD=&osDy>vQFgPR=&hsO7u4xN#Y0f{I`hlODYce z%91GV&zLxMo@|LqklXUMsVej8VyW}b(iWpM;c7x#?0$Zo@urUj$W73J-)2_8@UP?f z5%15NRt^B<{kzu{-MgQg7gJ&Mnw!I^EGCY>C!=Ct@eMO&BZn5HjVJk=OO5FWkLjx_Z!B@6xyY zF0Uhiw?5z;K_-=4+i}mhOK+2>B3y783Z1*+-Vjk*d`HM#Z z8?hUh>SpACMf7dG{Fs3Gql)i=*)|aRS0{9Hm&f_RzSk1L*8*r~Bj*=&F4~hiXp{ui zJeEDNQ&jUqs&HU_MgdUSRa7#-@~u^wGEcKup7AR}KR z=H_|Yw<~n-(EeCfU4%8!)Xa(tX%k#tT!Yo8#g**Qm*jhEAd+6zCzmGXesoy`PWeG zfS18sIl;n`4t&ko<%?n8fK-k^|;vn~!^~eE2K)R8xEKjTF4ZG)$* zeX&Q3HyFd3$cd0W-Le=oGmMRgNhd8ZxtY6xa?Pc4f<;1bR--M(o6-p+JvrkTU}6~? z8v%8-jHt#?644HtIg3e1lyzIcfjh;{g6S_hotO&g=u{KaVWD#n8b2&*5TTc>7)L7( zu{6X176m*#t)0Zq<}6&rzS(b%PT>qFM4F8Y%G{#8ZeG%v7sis1N+>H$>lq{T7fI;o zI7yfRpEw3HivfO*^dASR!%~ zm=l&O1`<}0IFO>)+&qky$Zi4gxVA>AAoT}6VN z*2LiWy9u7kmV(?J*%ap6_zD@gw>yK+U7YN2sedrbXOEXW6h>(Wu;_g7858cJ19I0Y zQ}`B;=eK?nID8~HNBx{e{fk0=ebL+Dl#=K4ci?$zqnE5g)kT!Y$HYKwn6d^3>-VED z=PeV2^DV6y$#n?Z`oqX*sU^{B3baYvgS{RA0lQ`W?l32a-hh{ph^yl zZkYST8K0=nuix-mEKYN>Jw#hx8=;le%liK$Nz%2}wa~=zL@5Mfq;areF|IT$t-M7u zuFl3G)0Y#i!~!@b#)DenR<244@^q0fUHZj3aU``$!YG-XI{|cKkWFe$12rufT zfChI*4=cVQ*Zshm^8F%FaTP00{4gzUk-=grNGkXudndi;IYQie1scm_y0|={p0N!6 zY7+2ybX=$f1xuhp9mx}H#!ss~PVF%0^LY)YpgMk2u6l6lGm^icc2mz0^{l~5sgINh zoj6H12n~4SrLJ2Tz_~Z8cZ(fJcpVl_?_e9dXh9Ev*+3N}dZROwm4h5t<%JA=aWz$Lka)AhX$>)1YLlGu!U1kM57Eyg z(y`+Q{qsX!5mY{iqh>sDbrbVuMTgjNoN4SWwUfYJt7KqxkHoL2S-E6HQh3#Pv<8xw zBbwX2$C@0LT^{KkE631FIV%WhY3yGz{F3&O-E>i}>GKaLp zLUa#FG>6_=;KNIL%Lg4iKMs2P9Dxi~gX)2qoXnE;7mq>KtFjuRWv{lyPb{Fm3@q zr?MMWAMk5;p4bHQ4H>g9DV&p-;c}3$(!;ImrJ+yBZ&F5}0MvH)-`QP{GNFS9w&idx zqKX-uFYWLbBN=%Tq!q`8<8?IJS_pIq0`!YihH|_dmgT$$6`%Gpc_Vxk6>zRUh77eJ z@uLg$6v{TP^+xL+d}L&mQH&meCoh@F`?8H*_s*wKjeN zlT~2~rl7l70Oz}>FaIo)&3~8a{7fOx_zC{x<6*Rs5;P=#`|+$EoJPGJ#kmksH`R=^ zh%kdkoQtRR50mgd_1_<1V%cJDtYYeW%dh=0KyY(H(i0=2M^P*!R{O0fArSkASJT#(r`bR@{d?3x@GecblTu zUA9$8NZ)e^!dYy=GB1Kp5F7!_PT7Jlb$fzDZr3EcH5_&K9$$2k|c5IC{ibjWU_2>I2 zFLtyYf+4R0Q3Y!=e}!mim7jkCkqeAY9!A!5RIU)SbC!mlg^4r_j>CV0Vs0w%dY8cxCa8@MFFPIZN&p|uTG z-8V*jEz$R0>~9f`vwf4(5XVX+>JSk**p;M#Oy5n&(C4HfzG10`E>0>7*Pr6mG|=+f1^e zRcKpfr|9YH297pT4Mg4&O3}!*nPpB>Il;p_e~FJhwu)v9kSR`(rr>toxh);fspZFU z)pbRSZ+}c*wg>OiTz+XAiVF|xcRpUjV$Odm{%+do3+U@>-87>@24$c>SS zutQnCpZM`-2!X5$qTX8(R@T{z!Wi>z$8!W?$ewzxQrV$z(55zwTk|R5c=}LAUOqzJ zVg$!w4?LRx4|GXJdg+2%SdfUe8|(Rm?Dj)%$!X)bDmS)f==AjrmA# zV+L){iG%un3v(O?L1rWv6=RCpk8xN3EcPy5ZlEFiPb^`=$2b54BZ0$6tw2dRU3vd? zm>S^*lviF_AI_b18;T}JD{Ez$?XJ6*Ntd)X|dj z@GqqVBa`BoJtkYI4YBwmNWy0Z51IgdCX5|`PJBWVn||t+Dh!kQMhRG7VZAW7MTyJ` z4+MM-r_svL*SV~|2edXSgI5gNgc^9KGXP#uS%o|UgNqhnT;`%rS3F;6i2}C4NW6Es zAJ+3{!*lkd_`H)g2gl50q!`VT@Ot<&W9K+scvq2;Xgyt{J+z{h&7D$=5j#XW6BePOf;GS~IN(BHYc+o^0}3Ua{@tJ7muc#cgU>znsC zZ!W)nvt{I0%%f`|n!`v|e?b(>GLLG6S6L%lj}8Y_^>bYu^~#jVqka}MGZ=<(<CF2zaYG93u%d2XpY*#hsl-1d^6jN+kOW)l zFZ+BC&X3uK!{Nk>3CrU+{?r@&Ji^pvt*m9}e4KV^IPG+gUb%KK-Y(mBqqQ2Tdx~i? zDQRco8bKT=HN~9 zV26~~oMD%O3vaPYM{D0$U?=ZD1O{AOvi6GOs8hDE4iVC1pnKDBC@`eBh|^cwRkk2ZwigkVji^3z8`z z2mXT8HS6K*Ba{PS+ujekD++MMM8PyqfPqHB3jYEW#HTZ8WrpO9L;S5s{ucivm#B)y z*~^9!iGq)J^sH-g#8mVRL3?4P>=$G3<*eNS<9Jvl5y)M|qO660Vl3O?1`pi1!(vYq z;$TQl8>$WCEpE9)&fnBP|D$oP@}# z9K`mXq3svXu(~5pF!sRu+zTAAwBcnpovQ)c6b8LmshlMEWwD<{Zwr1p+OR!HD6S#^ zYR|2pQbUX&XHB+D{tF(y*mQgcmE9(=7*LJD3Lt8Bu_yF8I#W8$6gxg0DazF#DjDD7 z#^F{ftC`d2Uf7awN`d9K!5cX_*Q7@P8O9D!?$jm9j@$=d|4aGT4@Xl zO{J*QKp!n%7F-UUE(Y{syBT+L{SLjgBo&9&)y-o}Y^r8+c3}+U^0_3tXU43QNOD?e zZh37_mFWJGIZ7~=WqkD3PlK~d7$*OYKfx)?H}6TPkMh%@ogXZfPG9asoMrFIF9lza z$m4Un_^D(B6<#_2r^ILD&HLW3<1`I=Y7|zxP$Buv-VjS-()yynLU5JY2%*47uY4yr zmlC8{fp4tx5JzVun(y^hF7J*1Udwk!VTFyb`Fb=XzxVFTJ{c2>WvRFIMR~jJwRd?E z_PPDW{E-_WMDy0T?8T}38Y6?PPB3#40&$s8d&6qdigA;*f%SAd$|SfysV2lfqzZ5o zz;)=F)?&{&w3jxqf4?Bj*6IZ_7wWzAm}FvO%0D#zuHK8Uj^QkDjHt1#9$kmR{rfmv znR4yA18KnD7Y#X7Rks9BbguO7?*WCz&ih?syH4VafWC~Pgecg7a8^*ac`v#Zldc4+88lmRXp()RJd(s9pM1#8bN4KK6G0ZF zIAAhMLS|;V^0tgS#Dc0fwkwHFnk$P2zCCyUOCE*RLH{j={&ViWJ(q)h@BRgD*0Jq9 zxU}VFEn3?;W*;%J`E*s>WIKPn%tg^JkojdKt)sTTzAWe7YHBz7037CZGo2YnPRn;0 zcDuIL+|XQ-j+HTb&2U6FI87=^g5G%dP-z=Z8hOm$Ya7uipieYZ48{g%$P%bSw3%T(GRG* z-K=kap$M_>JH8QaO!+(kYZ3XJh00WAmAT-H;p=YNjjFrpYO}z09JnSaCRwpN$21@F z9`}_$Ql>nsBzuLVbQF=i*tDH!I;`Tg7Haw$RlG>w$jQS}N|Dtn?43x7>E)$monJus ztZuSx#V)Ffl*#b-WR`9R&`@<&)17|qH>*K{;e?6g4mFo!;`CNF>B_|5*CRFg)hLti zkiG|o+x;^AdNEO`8b%#R7;>!*)HiE@hCzs)n)LEN>ujVDkCc_}q&4W2H} z&Q_U+Wmuk%Vb7)R&A!1?*?Z}>RM|LuaMMjeT)0T|ZuLfG1;!Rf)OViQCTmQ=>4(J~U$8&U7r#JM`nhv?9L-y$#!U(pbs8wh)lv39>TOCXiTnptYe z;mRINag*{+A;LK#ZNu0BN1u$re7MY-u zfQ_&d|B_=xw89^BdKvz^3t@vhZN}T+!U3u_Je{}XGN$<}*Y$JK(UTjnTTf}PTpQ3$ zUj4ldptFz|ON=k1rJQ?bPfJSI?&RfCfFbweWC&CX&U_ZbxSu&H52k3i%yBR&p-A&8 z@}?9Gd8p;FI?s6AYS!X_&Xw|dKyNWPb^clk_VR3Bt7hOZ#3`OfHs;oo`Usf3Yi8%| z1Bz7w7R_?ojj!p3?u#Bio27j)S|<5NTHyo|>Et0pGfrr}g z-xq7gfj+<|mCaKHOGOECXw;L|ks<5prx%lpO@Drln#L2Q(AP5z3V#($H^j{AxXg0p z7Zz5)#DNv6NYAvnaIGFK+YCtd*x-(SjUt5bEn<-p0-Pq}>_ZU;!pR*x)OQ*R^VJ&& zD<^x_!P_r~4IQ@pK2IbR$@E$=l%2<|ug?H@2T&B=pEVo`rJ zGP-j$JYtp67karat3*#pEX8v}?&J{oP*-KskpAjo%TJkDl%a*#h_A{Kj3hwLLYVjG z_>aTXR-QI@N5sNH!b{pjp&1_j<%TfwRhEe>Ay=e>n(`pZ#rJZ8=m^A}ktjKwI3F@$S5$f8UJr(6rbSE-c^#IKz-5-I|3xGSLE-zWCW#^AX z%cLcd!9AfgPx;>igkxUDM(})5*|I6j5Do(Fh6SOf)$dX5N6u{}IP3hJFgJQ1oc+X6 zeO{Iw=Jzc(4sP5X>YK!QgF8+(J72U39oL#QprEpi{{Rrde6(}A@5s(vWq$=V$zNAp z;;m}togJ~atKZ_Yte=JP;qnrjibBjNs#OD%nR)o{^eUEhFBQP^8r{-$ z)YhmAJR&AWV>;}$aT5{DfeRRzh|TY6UCW#Y;Kq_s{=_204D{nI)98Sm%KwF);uAY^ zsRr?>!Zi0wp^B_H*IBY@P6c#7saR4FiW!ccIJ5}_Syk6sZW2+fD{jLeteeolFF(I8H;AB4I4>4bM zn=kC0`b+-#HQeLXeIKvl%sR(WP0ojhakBQ1b-yFxw{3Qy$xgu?ESGH7~98_tJRuXx_^Fu3%%sh)S2)uXqe z_BJ#&$ICLV)IEC5c&pFX9+p?FwXd2=FcuF9D~LZl#l3$#c2I#%G6Z%WLuNNgySSVzTl8~hE{Im;X>D#s!v)D##8=R9}o+~&LF zu7ItoQzF%CT8IOLgTA)XzG7d_R&J?SSXf7IX2JdAC6jWF#rrU?r|zLBc^KUB{>RT4 zWaVti<5*n2=;D5Gj`|%7yY3f@%Ju5`fiZd;sMTr+QDhtq-;rM2x1DGuvJ9-SuIq?W zgoI1SZ(w-Ec4+_?-&*@wzlm|CEbx$5mB7pT^iD1k6d+#I4WMa@`qnnrp{N*Tug17b zI_f-GR%Uni9WAXm!Xt$7GL{jGG%e65V?NrTb^=2b$y=c~Co1z}9L>z6)uG$hAdFfBMXc}Y>`Bg;#3-Ao%>pp)UJ`s7iCiwi4`t#f7=I}3#w!!N9L3vj-UM!Sd`Wu@IlvEMZnBc|*SAm{70Aw3_xmr7_?+ozy!wg3-zTt!b%%X&pzGbE zCbnEG_x+D^d%_|Ai-Go2PeQV*)4ZO^8)fkTvH(jQuEq%--F#QH>4xY5w`yFg zhYmuPNnqut#S?ygHRefOT;(WJep4ms41C>TLcEU2rVI^6T1}19>9kSAF-t%PNlF^H zF&n>`@#?{tFQQ(>%)-f#0f<9B4kdvsxCZD%i4Y&k`B+Cmhzxto5?#fCMAgFjT zeMvS?L%^P}s)I4LUujFvhN%L+x4Uo9_44FqU%oom=#EMe%alQtDW%jQ%FTsk1GKKP zCI$D7lfw`Zk>SB;CZGwkH-jaBv;%Y~!UIV8vu8m$8xtEa3}K*-z2o;f97GFPOKjDP zN66O*@JDV!ryZJfaCWrgvm7a880q3WonKvop|e*<2NL!}hH*|=VLLRldvlWM;61}o zJ$;aV1DVMqf~gIHW3Tg!h*rEE*_SMk5=O^yagYMtxGr?bo7>sny8{r!i-_>1kVu?}L_6$Q^-Ome()E7vm#*X~=%^9};kE^eYife1O1sWQ6 zcXxM(Cb%aMJb2?8LU4Br?(UEP!6m^VxVt+9Yux?yIrrZ0zW3G-2D``D(!Hu`)m~L| zPW}S4EU8f}aZ07B6^fBMz$Az-v(Z3c%Pxqswig$IsC_Aqq#r&zp}SU|LZ`0ll-;3n{siC zKsI=Ya}pp0tLycOwe2?bB$YH!ZEm~So=^hjhZUZSMzG|b^!p}NN0rr$ONK*$ z1N2)Yn+hL=H&OEAa0WiKlDlns`d+^Xw0t7{Ru|djIHLMn7~NI0B(KI>sWZ-TXK=Ol z+%U)O23CTGE2fPq*qVv5>Br6r^+EVHxN#N_-3mwQXngkczn+mFb{+VEc^VH9*3xOv4XNYbSkU-DjUZnsG z_z%@HGXrZ0&!HUOD1Q*xMJ(6^irL1*9_L`=fFJU)<`1>vmrQqzDAim5BB61F2wCpW zd9lGQP3J?T+Uf8HDqwh$VkS~TVRD1#16>>`9X!uEuCN00sSa7H0!#Ng`ngGBMrN9q zJ$gBlCA6U&G%=_*KAkhi!ppj0nrkBy5dW5-GQ}SX?nl7>C3Mo$;R!NWYO$s$m0@7m z3P|kY#tr0zA&*^NT%|53i-zw_A*S0P6OrZnHbw=fCwL&F79Z1t0R^= zVTZ&8C*kLnLh3RXZC|F|qa+r(+82#-fYOpH551`T^M%KsZp=Q>??2F%%Dc$So5zn$ z%AhQN4d4ZU7Aoh%st$ueU!GO^P1NGPhs&1@Eo;3cC{0ir$FWpf>G|7X^fMlq$>okaGc9e(jVU~%UB{u8{;%UcZLocs{YB4G2x$Z zzW-CrxH8FdnMPf5OgDK#2ix$K@MctEh)TH;x#lqrZ#NoJ1F2!D&2=5zevj}9LjRDa=m;6yKqF8a|Q zl?ak#Ca4noK8r8PGuWNB4{&i$=3UqCe~D2Qn3S|E(>$H1k(%xtWINd9DM3Cb=ClS|m}-DdT;V7+PLf?jTXQFNF7 zR0{UV&k{(y)AZ1ey|SHs`G2e&QUC9v5}v!~4>E(GoPMYs&u z1+uUwarMFmj}fxQP^`%|55o6S5{-D4#{!BIB}kuw{S>^}RVfZHXD@e`adXKq%py0B zLAde>3rfIIl0yZh`Dn`-ITWCQk`y;s=CR&S%2HABNuk|Uug3pFu8-h(u5XoxQG>1n zh(u*2EVS#GzUy7-0&Tt`O-_0pSi#V>hv!nNMEj#sDg}?y*$3`aBtvc{1yu7N5abm| zabw=vM2Nj{>eSRyZ6Os&%_azkdxMU)kHzecpkX;jfHYMgwSe8n;1D1)3o^TXXV^GXAOEZ^!a$Zs9@>G)L4lp2>B;_HA@+IX}8|{tNpT? z=8jg8c^E%}OpBy?uXLm=x(q7eINIYb6Lmcip=Y$`E_1F#5_Icq>${oinKOhHbqzZjWF^g zuO8d9^}!}lyCVF0J3LFi?A+c7ou#g@frPzy!)8g;4`V{TX;`xt6b+wjm?G1(oX+&i z7Pcy&ywbb1nlqnPk^~AiVAP{7DZbb~L6~I>Llv9Wp1!-$kIn5AY^=)bxjzv?F9V4G z(j*oBUOmS$V98cRXZOuwTh0Xr`NDIq0uc&|H>qgif>P~J?^xp6Q{)=ib4n>H5&dSK z1Q5Fl*C}9&xbVsRm_1H0Dw{f3q-RT~_{9e=%%GQeZC@|t^tG>d^O*rsGyoZw{%JsP z0&OqzaP@RS9_dwuWO`S1YiTb4NuRuVbNDx1ltiT9eb^gyD-L$ADcFE|4I(u89saJ~ zR)``Mb+R7-`tAN_j|gnH8=QlxfM(T8)S-aaU!gB^_~oO~a7KTmVli9~9*Z5>e>p}Q zRZyfEa@RLvtXxSmo62!5^*rs*Z|&ZLYdc9Q6DjD1J~&q+Yr8cQdL4H=OfeG7^&H)9 zU95BPCCk@JLUe-)y$Lb5tc!_lgd*TfqegXw*Mq}9OF{G=E7gBMJ&F=>h3wxDe+NxQ zjiJu<|84p^#Quvzv77vZS5Q0%MpU6X?s~<`R%})?HUc?lP`OE9VG(&1nWEj6kql~L z332e%6RXAc2g75aQGb83B79F^H*IZyZvENnR*C>AXk&LuRM&wMpHJlc#^+H`ClP(J z(%|Poj~#z0=%#LnT!O^)y2p<@5U6R-qO1Qt#^b?;6;_W$KzLz9ek zMF!ynOOnauXa_|Fe$|CA?GBk=yXtc3uLHl;x6;lj2Kdq&xLDQ)`pzM!@3nHqQT0{L z>2I63`D30k3hVlDBK*zi^hCHbqgRU!uVPeZ-KpG+Vka}!55Bqio^??`b%3DlFgAJQ zY$!3AtbRKTWRp#mzPmuhahH5CGHv%cV>s2|G@++gmiAL=65aktShN~ zB9h2Aj)F>Jg0SP70=N$X*6^%+DyRNePsY941MGn_0pr{L)ed-W0`uOK1c6f~p{<6} zUknJ(Pn~(vcR<&gu?_@`t(H231vJ8w1RC)BoEV9!G`o%VK7L|Aie|~(J*y?Q?i!ER zrZ+V_DqobLcFd6qQe|Au=u%B2W@^KR+aT0@4hqT&5{-FM3(`^;{9^)Fo ze$)MW%0$;s2+2K>%9XxNcJ11dtClVckBFfm$}%u8AP-u7@9$O8F2J#WI=aokJ&kqL z5EMYK7^gRc-^}wXFCrE9igbSS#72;6#Bt3BNSm@$@~yr`)FqA(&h+KPJs6)F%iH^W zsGA253Jw$^4-i`;BZ7-VBxu%Q+)~p2}1SkH!}}bXPYv1UV=r zuUP_@Cuu9(L9+U3ZfOKK8ps`?2hGx(J#r4 z_9w$V;GVzaMXO&FNYTb$(FLUq7_8&8C6!5N^cEb9)7iWj)btN-H9()v4Y_* zp5%iJya#-li$Ma5#>6g4`c!GoOa^-Y6zAIWp9KHiB_Xn}KUwo&B|P6UcH1kQQgCA+ z(^+kH<5`0j__Es@>&P^rGVaHRWJen}Snn!4p0p0%+6s^oLoD>lMKDQ&?+~hh4J6+^_t5@QT8Qkh zn)+8QY>;DCgoodRBFFocUD^9%Z`;$9rR9J2`O?CHxd`k_x;%gOLGD5O};+hU$2bDc@t#>=yN&5}W)PX&H# zGvnF(UH9qqK~G zYtzBuh}C53(bRMqP9iv#o~HpZYcx^Y9Eu_9YuxgRP+?gU(GRYxjLIoXb7qZ6dl$V4 z85?RR{p$P*q3RtD6mQ4K6<=v{ZzjJLv~)~c=w4kvhSD_RMA2UBe*jiYSvL~Fyv$p= z2bk1Id=d=|{ejlSoiJw#+fMIseoY*M*EiiaWTA7HQyC`>w(nnD=Wh7xDHd9F4)JKE z6UHv2>0MIqUBrfY;wD+rRPf@i#N*fyV@I6~q<);=I|j5EE;>KB5+;JjQ&y0ij39Jb zka%quR2ST$9}EJUJ{|mAbmSOnx5_iy1r}cZUs`}*_5r^y@~N!t)!}rPO*O9R%c4O! zhmBQzju9Ant@f0yozdxx+8TrP26 zZ;S^7O!mCgleZ)gth9T;@Tv+Xp?GiBpBX_tqig)|?^p6dNw-Aw_k4u#G@ba zq_ie(vlisJ+M#?pya=9w7)CW9N6($%SLA&COBn(zS3gCqnr2~a^C`fuP>Np&;dDYY zrZ?Byeo8RbUw64P{8z)EKvF-w?xt`k;Zpwu=b~j+VOe|%o}O@)9oGd3JDzJ*&X_>( zhs){%-N3Xo)<%c+n%TR6=efKcxFiy&A{AfyKIkmgaA_%YmCMIEe0k|6L6kUvQ+o9U z+2gAaB%aSCxfWI6!*$#a%^4bNXcD7$2DR7Zg;%>U!mY&H$;gXvdiILX>od$SE%~l} z0bLR+%V1IU&2E!Htn;GZt+1;OzBt8Nz+tSxwP1ML5MBKUR>Q(+;%y{X;y~i(AY3o) z+uy^9po$&UIv5ho!Ru4%+0xK_ib=b@7*X;XkvZ%`D_|hqxPFZceoyz5+>aTUY&l%t zdd%^regj~s>9bTAdkK!3`@k9*A{n88zbjk{vk(mRNQfjI~DD|qg#em_2^_* zk;w;HhxSL{-^?@d%(ZYrQfZ2C08m?f#mNgs)2cbhas=8-E#>aLxwj7QVi>nO%Tj-yIDm{olD*1E zZ*T8Dv%yCCxw#D(t6AAE{|e}XPB)%js%zI!U{TtH36)@WZna=zB^i3E4D8?P&wi+x zUkWRJH=A~7>5X``5Bd%Kjo}E1EXnEZ{pz8cUcNv~wg1{RGz3(cIBWN=2iUm1^*nM5 zNqovMln8N8L){8OaGb^L=^x&n-Xj&tvr`;B4Lf_gIZlb>)|K@8EOdheX}ho-A%akz zj-v^_%Qr$A`xy{=qIFPtxU`%d+Ey8J+Uv9>*&$TUp%5<0uE|RtXX5?Bxe*-I(la*lr3JTWuSG%E-$k4FJHj|tvquZ8r{A!#O%M)6 zr%yWu1^GbeYItw2XN$M@=E_EAaNkhv*o;-pyrF@Y6;7;R)?!QTU8x#j7WJfL@J)Eh zuac1oqaM&_*jY?Uj)pQ=lm#`4UY8a0553YFj(Rsm+PYbkai}$ce@5!W(ex1)n#!`M z|A1liQiYO8fz4{aqjq3dKHM&#-=_RS8VQ9lW&Pu>>LeZZ>F{IWl1MIav8(kFxuaSr ziFppFLE^vfx337#xmZUf>qy+<2pl&YLPv@+;NvKh`6s$hU9(g-si_LipZi$L$FB)* z1Uy`TH*>;2oc)9gYxr znNaU%SchFt#8n$o@{<-+w{{~pC@ap?7ooLfJz}R&lkiGhcrGGZk$uAa?{s}#SNUuy z>Y?R(RCR4H9*vY_L1CXfZFw&AIqLn$ZW)f~(Gi2XT`DY)NKnj&<~m5&zo+J2&s+kn z)0as7JgXi0Ln0?AKk84;u3Kh*5l`(tRB(H7CZ>o(;N zrX#95z3u5y$T6G4BKkgI~5svew5{Ym$VvhDEhf=6@amXDRL+I=H-vJ zEsl|;7`8cz$SENie%Ue!QpXaiR2pdP+okk*;#Wy6WhOk#R8^BCyhm*5woPmBfkCUx zi__i%jh?K(z2+H9+Y~3Hy-!D$KW)7ehp=!32po#796ny z`f}6tcnU&?FVlKHl6(U!*VEP=Gi>f{$@m0F!h5blB+M8p5I%9Zg90RlvIUByVCvba zXjmv5?^MQ`*8uf{87ER$#CabDf5Ysg2>%V>@pw2PEgz2gk>LmDbo)D48g=WsPtQ{u z3Vi8rAt&G>iqV#obZ-5`QHCDBvvDXI>R#3kT~9KbjJqriKFf~q`1mbSZXyL`6fxdB zAUpe;>{#Dodx%|JdCR{~!e5j40)Hj0wPlKpMY0Pgh4D$q6L#n8A$2W&jeA=baXI36 z!tc9nv|(v`vT8tQeBnqlXFiWOTag)z8=)vQckMOgk|=7Xh?bTH=0)^(K7vuZt~%On zIHC~fpc6Auj`AQfBsnUa^^0cwwp-WOeB*wWAr=lEf2}7*PIJ;?kzzJR5$i8Fqqg=z z)MnV&@#i{LQ+Efxelr9wX|dfwu`{&rzMP^<8AfXlzzKqVQ6UsX@Ck}Zfi}n>U2{ae zhUYNc=Ki*b9MFn_wCjDp!0P&EMl) zPdMh}X7_YoTI&}hCZ2tzAUo?h>X#d6$BUQwAYc%n5{l5?)k~MfFGBkfopVAkH6V7T zjlfb zwx25&I`!j|URiiW1)l^)Fp`(@pWStCzCFa_YaAjvDGY`1xt-vZ3xUms((t4et{bk6 zu4CjgLH*g|F3GE{sctqpAz3xMuoc5A?<)taF1xQH#EGaR^BC@?{&uI9E=))+?_Va_ z$SCr%Pn_PpjDa_0zgRq>k&#uaqs4$u#vn15i0^%`;p>AN31R_?0yUbDh?+u{a!%FKGa>2s9|!J5$n2dk1=it<{zw~X z?f-q{&d$jhy@UxA>en z_aeQRd!mf?IVjbr0`;1s73@++w+!eh@O3>r*d}AcWsSy*G5J0g|^b3kCKg^I^S`Pi5y9^44O_ooM|DL#U4CM_-kaM&+?!Og? z`MLm4EHioKVlzVpfjD0Crv~Tc&t$=Ey6wZ;JF-v2s7en6i(QiHisu>3HMX~^SF*2< z!~vve+-CvEoP%qlgD2}~r|<_khJkDCYb6;J3T{Y2c<^zI^B8vm1y54g)iVK8_-mal zsEFQK4s)I+vv%30de91geNzYW4*8r(0^jRJA6KV$TW2G@d%f8p%hb_zY;S7_&pQUoi=5HoY zo9_o);7aGes9l@?XFmz*vjzPV%!{wG z{{XcWciQnXK$jyw#ct_`6*AjBd66|@!iE&w+Vc0m?qb6R1-SF!Cfw+w;WNABaK2RV zczT2|9em9O%19Loy3tB6;+A=Ql;*67A3}h3o`9RxOAGlh-nbP+YVNI^$nxH4Il^!b zQYFZrBq$GjAWoB z`ZH#%5v%U#(y|GabVVPg?SiMzdZsQM_4Ju^6Ks-L3b`qQ+h4I+(i#HTD6T`YZZZDbK9f(8n3aHz!hWe|mDglu?e!Z9Dy zC}L_l(>V_2uA3bn9So~}Pe>z?U$pqjbkeoe0f9Ts@ zgFamx_<>~bOWu;h({)hl+Gka+_+AZ=-ZEcAZ`#ZQMrPFxiv<$!KJn*RH`Ms4HK9YLR}t%ox$sbl z2W?B@YPjR&j}z3?DNrMAhZdrI?32f?4+U{7GuTvvR{e0;`~n+;E1X3ZEH@iLt#L*e zszyR0A*t8S^Eh=s75w4<-MIO;$`6#n;i}W=^N){D$c}-i9x|@akY2+!>=Kki>^a)! z*c1l_b@6T?4H&yVOrX15kMHnn#GZEmw!Qp#&zZ8d=}27grM>%~QfWj()Vki{-rB3E zQKnFX2jtzM5e5BZ8cBk3Rlb#ino_`DORKWduzV^G5FY*e;TPt>(!~7~>d#VMGQk*h zV}H6~TT6iCx8{K*-IpJC!Nd7^V)6DwhR$W4;D&k}XtRjxlgxGD=ad~ndE`h;%4h`x!4Od&{e_yC*XEAueF=ZV$EusDkVUf6F-X-I6-$qD$ZTlWST>Qq zjiav@aV*2vSrl0HEm;BpOIFvKR23mw@?lBH3I54rVVvjGsl0l>8nQFA<&H~sCcBFr zT$P|9d?gIoleCMWJh}fZrLfrS5)QD)*r8|+BM!z5nsFK%jp_X+6sL_BNM;q`qo5+? zX~Up9RDG?m(W9UftqP5CEd-Licp2H1aB4-}1tRg^c-H8U+AxH^rRIFs=$wATlX64e z{V;{MMn1U~#xyC(e#GyEJ^7>{JT2@|6_!s(Rb$Aoq{(gX{?47;wKGDZu&r=s`|XZ0QeSWb>}9_J^Rkh_rTlUhon*h#6FCC6gNKd8knD>SG_gpz|mGf zIAmj|Uy+a_+mUjG%Fe>Nh^@`=06`06z+3XL{-k?Nln1k6h#ew)y zfsuw(z=|64v4UL2INl`DsbbY3Kd(BK;weCa^1Hu*zlCYOQIQAbKK*%rW*L<-kdQ4q zWYZprWmLZ(SWl^$IHx|BjIG(sczthqLR%3?1e7wbl2Q#?>A$ zyG`@`#u&V$mQ`TZ$2X7%o7N-@R?c*pq!Q0e9Xys&)@7I%)yFDn>I!tB&Y0sTF<^no z2zF^vf`5_(xhv80eJ_a7mp8cU--Qm$O8ePgvx8W6?vI zxm6q^XYbdLpevlV)t^4tvw<{g63Pdy#J9VA9J_uI^ z%w0&)H?Sd##Dq2DSO~qKeRA~A>O;~Eb`8J|pIEvRHMRIXM~}QIdZ$=6k$DSnCsfgQ{GZF$@ct3sxy1O2~rs!RSxQtB(`kU8QBg7ov&NQ?wVddvs$K?I6?8CT_m4> zIcU==Sf{!(GcVx@+Z>Ip4>E$5RpRHTdy2)6Ta{CwK$iefF zuJ@qaQo^%KrBbN^hDhmU<&a4#(=`C(T~P^%x)4_`-wA@?cNwx49NYnO>aoHHs2YDr zhZP!VmOn0&otZpJ)?E)CSLnCru}BY6i6npAdAep%FqjHf9J5!Q97-sWK~0n^z!RMX zN5`?@FV~+(;lD5ar_8^>ao3&z*9%?IdmYv4rZV3eLMnZ0MKFCV1`);vPNIZ$CU=AAO-gu^t= zM0A00+)7KpLv1V-k&30fE{=Upr^hE8KsJFM+(Sp}j#JlCy;ZXY095q$g=6*OjujqI zk+HSF`(bZEoqf?(x}j}iFBYR5?=DtC062?Xs+foP@H(B zYLbeR{*sh>dg@@JA)a@Of5{P987s|DW!uWaWrk&6IF zgGG@h{!szvC0cS#o_LTxK&~F0OaS#sR#Gm>I-O0RYz9`~81ppFT8=TR()46U^L-K} z=Q&Nj*DbG1{hT8|sZ^r><|fuo7CBc<%Yp_4W}*G;7alPZ$xOQu_-Uie=Yki=fFfi; zS*=yeQ<-3|EEta~v)i#g{O-9>v7K*7uQlL4UI9mKhNtd;DShE6iJWhs%jGE<*e;7!WKueK`p-{+u z=ZG3}xA34yQ!@*z$!9{Ic3jr{^tRwf5+O0zqj)>uFQWW>BS!m;%LpQ$V?byIw#IFr5xDT+* zb{&0BLC1$o^j_!$I9`*#8OxA>F1h z$J3UOeXImrmC=abMe&?-v$wWsQ)A3}^1J=DHuJlHHfZ;lS`4!Xnli2`6wbIsKUO2A zYcAN5Z|Ztu@`iMKYgzX~p1&tnI+5_0;p>Ss?;qOKlJz)7`F;I4W@ z%cju+WF(25Ng35tG7wX#CGrf>-ib4htWrubTbU6G?o^Ry9ha&s4C5T#nAfwgj7J2MPmWDLIopkv|S=<>E;yuJ88<{2A7dV5Tg zI%NaS+lJS6P}3dT`}|U6oc=J<6V6thob`4;_)X+M_3FCY>z`_xe>r=6hC6B2So}tq zOx!`R>qG{OOd^*ac{(rWQabz!`@unT<=ozmg?biaH_q@@;ef<=ZFMy;vO^?p1PR|T z`t8;DjeK1~IH>PpJc5c8Nhqiw5?@jKXB}Q*lMmT7t$vuHv&wL-nv6ti({DejUJ8|UZ>fiIBoF;cTUrAghW1g8W`{XY zu;a1=D&k)+Je(!gJ@4st+UDQbwCOF3<;sP=w*9b`gCbC~tIEeJbTa*$G zf6=dV;-tD^K=mi{XgzX%mRpbkZLiFtL`*){Oh=4|ag=Rc9xp)nqt3B!#grzsno$kK%6dD9 zt~Lh!UYV}(f@Msq!iH5dDYL0&%-6Yib2{sM-07coo%#|g4TB_q)_%7hRai!sScpyU z#j1e^J@k&c{C?e3$5UZ@x87dip65G0I`{k+kR5%cI6gKC8Syk?i>I-e{@7es_j^I} zO@jvu$)p>88vzd1dM~l>l)J?Xu3c;Bd5k!9?Xs_Vf=YDo!*nMctGM7OT5DqZZAG5< z;#EUy_vEmtydGOReIGb}>vnQ0`o!@Z6)k5&GGO|kCiVeW_plu~!KPW_;g+|Bct=%- ztX0S%VA(?JQ*F)DQkdYs?T`PFhw2;P8=+Vhl#w`Naf2fm#!T}Dska_KLv0u? z24-zsE&~{qsx#wg7dYO-G?|i%^Qz><+2^7VHNsT%#IyS?!gE)sc*>#peXsnnsT!{d zyFvwYO$=`g2={^AiK{ymCURow+R%4*Kxo04vv%%UEBM~Oa>Lasf>`T#8x@J3UNy2^ zjXrcLvFr)6?y-rFd7NeUxdVsG^7o4~YN^48A0qkw4(La$jxpo0AXTlMXA@37O!hHM z^sdX9>RdDylhpa#nt642Q~PZhtjS^RP~S85T143?9=P@TI@AXhScwfC z9#6R`&;a=ZlMujq+HLPlEbhvwG=R&x)?cP&1aWP`at=8}-hixfX7t%)oFS%y!To!@ zzrVt$mMk!6>rk!44IR2~dVFEiP1rm^UH={hKf3GDQiI-H5669B()(B8CVc7U#E#ps zD+VXWvVe(s@7oA!R!u7((dj;X(zbB@SF{x7(}2?Romi*p7Mg!XXWpcII8%bG-*E)a z!%3r7@?fD10XB3ztc6I3`1RtlAN)wAQf9cDBt73=Nkd0qo~*xwB%K&JH~;Q4?nI80 zczIM4OqJtR+5Z+2pn3=+ixx+o;%EwV)Fa(^4h(S+iwJw zoCJEWsyiTT5pZu2A&3=mTNMKp@i^r6^}nRR8h=Np7|*9}b?wU~%g=uI{Is{kO4fVY zUYRf{JR!&@i{`KnmzS@w=vy%HJG*%AE77tFa5?tc%yQ~H?8rfM{2^TLh-O4KM!0a> z9Vh7roWpPaD?pIHXS8q&5n9a?{p7EU@U{KRRj_J&W@-W%K78F#jG9vTb@FalH@-&` z_ip@HS2SJwua99rFw!vp>?cF~uh}80O(Bm$)NEx}5NEWuF}5-%1dOob%2A{$8`bpiX=nmy>dxNfo+Cq8_-j$zI@;r+e(J&Zd{6oVG1o3z%01Ur^HfGn{*L)MdS9*GNgay%AT-gNH>qf{W(P z8W{!>TAV}fYUr7y#Hcz3LZ4LseC)t7%cl0#`Qa(rAA}Nz>>SW%ruw~xuB+aqW@Yfn zfXk1WHOxd5#~j~VL|xKy)N40Dc&ooxpZNWCmSjwGYG9nG7g~4>r1ILXdGlg~P>VP) zz%cn|sQF?pB=EUG#t9SAx)UD%UrWmQ3rHC}cp|_5UU*&4qSd5N9R_a;jQO^KaFSqZXEKxer#Kc$4ZLcgIN}u#ygRM>J5~Fku%wYkr_uA>LwoKNRD_3={Fi1X@T`pt zwo@d;{;tBtCNTQ|rba2T4-(WiocjG2^T7|!hO99xqPz`J9*o}JB6CcAYKBRh&!OGz zPraB=%LTv7VQ7lXFHx(dG|X&27-1CerQutI1RfDAFABmX;qI(`4K->0g+KqbYw^#n zvp*^wyq95z_@(SeSvRjxY2UlegF!Bp7_{Wl@L*P|+BQDYRXk?8b{M7l?SuZ7WzQC; z%HwBS(o@*aRl%BEH~Gw?E9iwhNH4zvQZq77yb+Ik%B**D(>#`SM#NP-U`koQkM1pkNbTMKE z{|9`hI@+z^os!lI`e<+!?KW2P9Y=;`t=A2Rb|WvwM#< zn^L?&&q}pk@O_eB1h6CS{>~={q~rLH^hi4S;1JdMiS2n#dZJDAxz;Y_)M=~ zD{mEi5ck~}cd%~Go+lWbqGE}vkPa7(=6V<$O~f7`r5l6B5j32dc@Zn1X}6`(=~eF# z6@m?;?cQewOzIo9%72|6nfg8R3)Ty*q1vQgZ%X4NsDtR+k~RDZiO2FG$1>aWV~HJq z+l$(QT7yF1%}%c!H5!(mp#TX9LB`>w!#91Qk4QF9* zV^w(A*q*!|2Ey&s%Ga@zboc{Et?XZg)*=B zbNh4KT4%*y+nMY+U*~h%lij~g8cDSq`DvV$hhwV5t%v{nME^cj^#mtp!p%YT)6hYC zuKZclrypSGIeA{J`{FcSpQ|Jb@P~KB(on71qyP7u4U!Ku|9kjp2zmw2u^*j~vM(Px zkK#CcS~c$SNG2azjP{=+SvkC>^5%Mse@Om2W&eJyhnokeAE^IrbDV2u^iq9#rD%Ac zP%+o}Luq}XQ-I;6(9fZ)I)k$JhBD)*pH7qpSq`M@wtig=8&GaM?8Q$!>t+he%f=Rr5sh8DOY9Yn-V`uDR8rReAUKKL zk}JbPt2Qv{v|4`Zhm`~tNw~H(uIsiThtlp9b<}@;<>#a4Pmy9X_GV~C1Jhtnw?`>+_h^+^>QF zt9xP!?I9$h$|-B0h(;B8X;bEeokx*`uB$daE73Owzt{iE@;K2r**6SmCeYTEz7vPU zVGvAf@KVuJ_iX(|w)rJH^(w$6?Bk*wMLjxZ`qi`N=F)r2orP++7uoG@^BUsQ;#Vak z$ViHUI^8b*OvS?Rp#Pb9b|E>urNX39AtvGVp}n*Ri7Op1d2tgr7w!gKH8ca;gm*++ zF|d5r4qcV~y`JCL27Msgh*99wduQ>L1q;NFr;m95Yu3+TnaKZ`4~+}Gqz((b>*<-=u?FDN8OdZ%jJEOsz#5nf<0&gfVT?`ZucCWoGB|^B0eY zKEe&ZYi^%QmkKdf#Mq7(Ns4OMoFzOrq9bm8E?Jvq<8bEG&dZt*R`WR@Gb7`QEYAlWt0h_B=wz+o$|;5kB^rCsviBf z3SL9!W^<3WieR>?=7o>F!>^WgqJU`chp8fb1y>#h@80vvp*6d$u5{+=&-i}#r)Z~h z8%xjkh(hEYTPP|4zj_By*U00uutwQfCPO(JC{Mm`^Zgq@|FOFSP+b@=0Xu4~?1_S$>^-g}z_pan9GeKI_?}_vmLqnGiFS;ESP;Rfk zjf8Jye2@HYqiaB>h;a=Q+>K?hi0=P)KM}B#>%ZT9{(b6SiFwQkX{99W ziD=zhQ;~{8Sfs?eu3y6QyFl(*aEi5_h#`S_Wh}yNR3g;WVt+8ja@@90Pq$=0IZ{xZ zI&QiM`xXsDySi+&9N|Nr?z6rzIJbEA{~3@5%ebnzqQO5t4cFmAPW|GE^5WyM5dA3B z(sW?{Fwim5|B()8j&7c}tQTGr>)zN{*sBQ^nt1mg(QXxsO zyu(prK#Z(HUAlO-IyyZmEeEx5Ktt;%R;Iuz0^)-*k0_Lb0kecIug~T8&kPJiqA#}U zXDt8usV=V`9&nbx;C%dSltl+GVz19SP&edXlhkLGX$-o)$;sz$E1D+{E-)VdKC4H~ z^xc6Yzg6B&T=;|tN2}#pp) zTU*<nYXE?f9-c4>QYsfW&2)|k!`&ik&i)YINe*BC_k!^(AH|g5--%6M2YqY) zuSt33fUdGU)u5Y&c4C$f#^I6@XR&5yg#bxfIR6zq-t-vDiXTBgbkXHdbyY0uWnr&X z_W3J*OqnFB{NZhZ7l@6M7qKl6lay^F0%gHJEBh0T@+?ArL~^$v$ra@wuoE|0uay&i zT=R+B9Mn+h-Fc$;xJ4zxz^uKAiLHX<1QnU_cKCrGv)>D%>w}uiyB#iK&fGeamSrCPV`y7q41@$>gEeHQVu3eoBJ5-yn&`ae{? zRa9GTxUP-6JH_3dBE_Xh(L!-|3JFl4xVvky;!X<`cMa|k+}#Oo!GFHJ*Ir}%XY(W{ znPa|kJ-2+zS<>nsXF?irOofUlZ{ntD87I7NV#O`PW&tDbY5sv^dxF6o-xS)#P$uWY z;gsb}qr`-p$j>A^7PZ}py(q<*Cs7cGw<~OqgB2~!F}`TR!&zwLKhJXLMAd z>U{;el0RyETf%U7O&ovW;})FHCO<@~b=0u2;R|Wuxlm&{v#o$riyoGs!KPGYk6Et@ zr%uD{XFrrFTBK)FY}VHDssuEOF;ked)Xk$wTnfQv-yA3;^P!(b|S?4*7>K}sWzrU zH|$xjC;o5f74J08e(obXp@;X!`e7nrYOGI`ag!<-GT*(*ia!5D61=;U`k}$BkOVy~ z`M)o2h-;*ZC9x&9jOWmkvXXYbjrK8@IWF5xgjqYIN&fV#+e(z?u9(h^l0jE4)%~?6zag&c5}}^)|Xr9Lt?*Q(2Hek7R4V!!Y`Ur@qMsF zTBR?xIT2Q#x0c+mM1C3#PDt_heYn7AjoyhxLR$aR6xVn_J+;=8j{dlii=~AO>!P$M zx*jrJ>*a9;j-Fw9r&`2Zxt%_6&lkzSoBb=>&vi>%Yc*a-1~T`~b$m3R`V1PsAwhO$;`9d^Kb#{p0>h*y4vkTA>}SV<`-vV((ia@i25;Bd0rRaSua2>m6Iw zP&<)H&-B8vw8qh$g&n+J6CZ<7z60bM1Wx=uzD!hXp5bj3TYzm^9#GSMqGm1Ly|Bf{ z^HI)-O|BMOhDqNa`bDk~ccayy;EEK0OVD5OXdGU;@pfeU110QzF@E#Fu3aNdmfqZ* zd{cuuoWn|toaFv|d-8uoA_}AAB<~C$HVBqV!mUW#PgQ9MfKW;_wP1vjGL)~Nm!dY5RMVTfutP&$kUb!BFduI72aR+o+;r*oLw{iOUdYG-Eluj_9k zdI^>5?N~*x(|K<%S6A>$OCWep2KwA@9ac&>mS$(E$15Xg&H*`#c_1ZSl(xTjN22+} zYjtl+yuGSYD=$P}RN~I**z4rk-iTI{o|ONx$5_pagiUQ&`pIRf`ZD zTu0^m!oy$E?>bH?>F!xAfMG3XWpBQTYfxRsgZ#=0Z|&28?Sc!j4V3rT0uM9xc}}Ny zf3ZojWzt`?6xX$G3=#tW&rxBQI7|np3v%Ff@ZW1|=X}3=GSs^L5c;$s-N5PqTG)gh zeN_#?UL_IpX;?%A*DyR)8H2{0Chsl}s`)g6KcM!owr+yGy09&}zn%X}p*VDG<&)q; z=IG!XEXU4kKYFcWnl$sa+EO(m&%57_^IZJU36GSl$ZK!eZ}(GDe>nSWo@~>CM?dRp z^(%C*x77zFJ^};v0!goCPe42%Hd0Y{N$4*d3S860woMgfZ)H|93J0us&OsM{I{{E2 zJ$ApKL~2od`2(O6R$uXZCB>5ANe67y+FaKoLdoyzBWU9=dAjBs#FB#62Z$7mLE$nu z!?CoPtnoINHmI(vfqqh6h&c{lEjlex?}pJ^+29hcmRHJ(j1LEb6;}<%m;Lu1 zE|#Gn$Y$u6x$)r-ypHMqFj$}uX_3R4F7KHA#2~N(jPyxZzo9{eitF}QP`_zdI9Yu7 z39nQtVKNw&Vr>puGZSahkHyXkj_?`2ybJRW2@D03whT>+ENoT7lC zn)ET81U*EHHOw42x^&BPgKS@Q1O3(cRW!n;Oyp0;`4yfQ9_|!!asy2|L^Kj$wwfZ` z$1|efCFjfj4s-rb`PR1Q*ETaacG9@^LD1FZlo$9#Lxa;dAXgl zW9pDLgMV}4A>%I{rzxIgED=q*6?yTy8kXh#e4^NHs_tloF9Bz5K!MhF4fzH4tqTuF zs|v#QQ|HxNFI^F@tD4lx$O#xhK7`^0a&b=#^yu<(8H$8-J(T;lbE334DH|D}%sI*I zez=_FT+eR-nkmgp$GHMQ1$3@N-@?(Y{(Fh6Q(*VRv*fQT_=-T5!d`6Z)j>|Szjx^J z!)H;!;n6F$+<=L7Y?mca1p{N1+dV`$<1G3{vwJUBw6hWUge(&sUS;#3RwxMH)beQ4 z(h*xue{>CC%{}TcC&qUHg%HT;kJOkT>MTg=4^|`*7&sHV-K*XUrfs?z7cBwc`U&e^ zA;PW%{qSzl>rEQ}4=fl?{KtEUpADp$= z3ce+~lq@VJAp#Lyc5A=I=`E+fQ3$mK7i5Oz+H`f$?(WM4d2B~%U60kn38w1#)=zRFW)XdHc(??uY^eFH z`dzMpv1z{g!pb%rwl>H@lO|;i5nT#oSesq#^l0PlJRQ|&Y~^e+6mvMcvQl4eN&Rm{ zf^6y!u^SGvnV+=|ux||gBK&W|_3IrZGMc=%t7e0`ZdG-{yp9+icdiXx`y_P2i{$;w zKA*d?EXw4Gq=Z;YxoBzy%pjB*-j+_9{F7)VSkIO}cctt&DL#Au$)VAPAkK58d*LC) z233cI?73vi;nj5&@&83vzgrhR<}9z z#;jaX3o$O;+*_90OzSh#0Ri~U<*~{l`Tag@r3B^y+n@FV?foy~+Q%h`ft{d}Em~;i z^0SxGC+rXKcxxm_j?FfhR1nV<&ajGcOW>oQS*HKz>IiOA;37YZ&*t+J^RdUR5(&il zD%JL6U~+fbE)QGQyBEA?Yg;GBbLBYcaUY#(m_6qh{(IN}nfRr%YCLT}XWhEpWU}p$ z4T)%`UnOF!7VhTm_2;PSJCT<729^8rYp84VeIlCn`PY!6?609JSeoi$(#LK z{xT*sc8}MApQDOH>TS*0y%giov)Pt5EU!b?o}&XwtDnqyaLRceBY^XAZjxj&bMEa7 z*6(M1=sy4rL5>xa5St;35PQwXrV!)1^QlgMmw%jC`t7c94UN11R7o4|eSv;!Z1cnr z_3upVg*#-y&E%gOJ>-j|eSiK5SAnZ=ecm3Ciu7y{yaL5dD){y>Bg*7$fp*7&y)K+t zO?eG8{^>}2s>bxw!iPbeTLRlgBe4xmcl7sEoZVeYS*93+-iVbZ|9+yWYD5+wF8wmy z3!()(y*3(VTYiJ_C~f|?AQ4dW8fNN_%FV;Pk5if{B5`7H{vt{Y4|>vUOphGj+S%arE$ORE=Y;-s5bg{;fKmiJsOB1Xe6I<{gJTrL4KWsUNZ48dDd7^fTAvI`?=oD9$K1-M~UxHR&9iR~N3r-td|2h1udsv|r~Z7@9GaW^ z`9%cE#kKQ{8#4jG=UW=_yXm1>xDl$~1_2M?r$1X~-SOUwV$VGdc??xH3;j+FQ~wf|;Bx$EaLxMA zso;|kAr9*}l$6I?>QX)bLhkrX>ONm$V})05!mL{hs+rVBAv|2s;U-z$DzStvJ%FE4 z{5QK)!GrI_<|>!#T@K=B15HhC{IeVgzXT|j0Y*@GpDt@-XA1k|z>B-w(BVL-dATp5 zIxxdaPYD0u;^2NLQ?TYvA7kWz##?@sO3{iY0^CD2nQ@^Xdt&796|@!4x2_Vy%JYFG zcXXo98|Epn90h95(Mzo50VO#b!x?@K3chB^b~WlYkC9})uO^Z6s9byo)x(Y3up1Rh zyf3>6jK7Rohk0M~OsQ4f)rQ(cuKJUIqBt%1dxq`jQi=B7Ob<20e;i{KV|3v3-KxQyEtO=480xF&>CCGJsx$)Z^O8k+=g@U3f! ze&d|l_^^KY3KSTwO;P)!#k&G;Zf5N#05*XO*8V}8W+R?w(s@?q5gTgC`Q1JolTA)q zk#FoqaEKAFjrQ@6W&Hnj$mq&0JR!!-SUaj{KS8?-oe zJ5SI}U-IVJ_=*str>@=8KQ?H-!)KCMgJl3y-qZ--xqV!bGa)))!_dZ9GKcF5na=Lu zU{*v2IS>w62Y*OMXWDqK25X|#f-0)`^rs~KvIu0}9V7vlYc^c&VboLI^zj6Xq9Poz zJh1xZbKwz&)4T}b$nm*3XWge2+}wZtfHF$e_lGx@z6j<%HCW6DTuIf8Qz%-eI#t?& zUE5)1&~0q0kMsz=4`jQiLQo}kxdFq(YNxw0@p)`oUWY15Nbk`WI5^CwI-NbirOsk! z6NZxNOi-IX7-TwBejXUy%cQ1ypVuNpYR`5^w*~gYqggUc(3rh>ZsRh8$c0&Q2QD3@ z=&YgVzFy8uR4{YTjL6yxr{eRq<^4RhJ$7Rx$@uEc_4`2tQG`{uV_jeVPv%@j5z)t< zWzcJ3FWuq4@##*-YUA>=C85Re!EkSY_CkHWh%F|D`6|E{Vpw%rHWu1_(VqB+L08{o)tEAz-cgvj63u#FXW?$%%*Bs-;5*`E z^T~y&t&`7pVk{lG8EL@gg`$U07gn3RNN+5|<`&Vcus_DzwaMEf)D(W8&CW0i_qmWy zp2%&>)Q0kJojHaa-6CxrQ)=U;llQHv6akcph|=$h?s?RtbICY6JS@r5IOJ%?jph0G zcuS>AX0KKrcj4WPdggGMHWsiOV9=S70rUBs_^b1I7r zMGl^?g`s=mT1O?rp?f#ILEgrRZJ9%;7;gV-6=fx8tzGu_t#u?7U%6j3|GEza37=P} zrOf0@iD@_~oOAh#eKa*olN->UB9%xxbz#_J0kgC~^7{|ce`gyn#^{rXN+{1JsfO#FIdOq9`#%TV&NmN2THiJNWb^JJ2;Ea|x1|gmpDuN6 z^AC4-DuDy}X_>6eT;pZ11nOW_&b^gf_k-A04Z5t9%5azHSHj^ve2i=hw(=FGi$O;! zBejXJhn=0@P9og771_O?hrV=RwZ&s!8DfmpG-2H{QggC~G8ah{>$Kibns z*|k3qBetn7#}(^*L#n@vugDP#z74Zyo}hWJ)AW85f^_)sd`&`-3s!7w%PaA=`))zi z`FeS>zAa>GZJ@ZqoJ9`l1^8Q3r=itvlxfZJO9OROu2j}M?@$~NboESOA*YkYr9{1; zCF8IWNyUGm$uECQKL-s#uKx6MEN&Q-DaRo|+KW>8VSsT&$TY%J$&PW{G7ZCpi9wMW zwa00jqout*t;fWw)*t@K=$-V;_wt&KwLD+Oa~tLU^0=lEl`vu(R|%kYboT>&iO;ib zmS}0|YC;1NX2=zieqfAKOZB4W6CN0KK+J4&mj)SmJU>LQPm4yNT-UWpn;u`_>q0s* zaPYBIA;)_3Llw6A%ge!)53eNHq~wVU@j3noVoh}gGS2}#F1Nd!fS;*wl#LvxQYJqv zp$%9budY?K)Tq)vVh_X=={{ced?j*gK3R>m(KxM+Kq zhNg1UvkQFa^#T<~+->h|{cKz@pO7KNC*Mc3`Bb;2lCz%5)UELvef1X&6Q4^`0{Ia| z74!=UKOZE$AAbr()Hb)q53eUJ#02K-eujXy!O1xW-xKs7HfL)2%z=r}rPu}aUaB%O@;o}2t%Wvsk->y^*c>a`^Y`Ox~?D6BK6N9q>Xib9(vGaAtlHTeWI%3UBfTy)C3GQ$Li4jhjEwia5- z4Q@^^d*}J4C4agLj9|H6P*S#=yLA965PDJ<3Q* z2E><=rKfwjTf%EUvaZ47nVC6u&|ZIH&k_fY-yr86)()Cvfle#FEP8r5^Gzd4E!`V; zE(iV{XBO1sI0W`7Z}xR2 z&!Kz8=P0Mp!?}4lABS&w>;;ylNw{*Ji#JokN+AN(u!yM{X32bfZoTgpvmHA9UITEw zgsrNf)@Pj_uNrbsEE9SI-A=-!tZWG3zv4FYmwl=vJ9LV8*0 znH$iADLlQEyYF3iyeV{RbD)sUc0%c|Pc!;cZ_4KW4TX>=R-IOH)5^kTvQ8U(FQ1cB zt0&(GnQ~G`^*`jhi5%r7qCf!ms5X9c!I$bmY(1K@fEPaBYnuPAJ?ziH%KrzV{-058 zB>NZ3cQMs}nloAKH|nSHiO=(ex*Y4cgw-8gIK{jd?8mF*_QAhmeqVxdbq(}Lk8|Jc z7FcQn-E^g>jU_9<81VfDQT*M5)nQpBB^7D-<9y9ps2j5*xz~d&g~P_t@=AJ;le>lL z3_^uy8B+T)6Ey;y&+6B9I3we3Q>4#4<$j?TH%}7T|5UpdSC8+Og^F5v7!g5RRBwV% z>+}2!o{P!jm)G3Rz?93xj9VjJN(Z!WV@{WCj8WrgL<}CbW|XW-_Bsm#AcG&l|0;XW zApduQVP?~)YK@VFYK2TTv#BzQ9_!TB+{s*#Llkm#De0nuf_B4T)XI9L>;oIsak$oFW9IvM>FO!dbMS_m(jX^!S zs*~hnYi!Ca6anuO#ClZ4^2~J-=FsMLuf>d$&%)SeIqME)q}3j^I=GhbH-@)P$R!4v z^yegt>uahvW&ye#SDTO(2{Gf`fSM)3MSY6l80FC09lBp8`iRz>2Nf2tr5k=Q20P== z8cam3VcjAV?M1ds>AcAuKb-Lg>|74TqvYz0Qat--x>^@J#fW086-6p_RGZ&#w0;x_ zp9m7FEod^O?$p+WmP3O~iTOyVncI$TY*8NvO6Bclq+&ZgeYoNM_^n>K8~hE^&X8sU zYkr5H6k-YobiHiV5|rhVZ3qCqS1%K$BCb{9kB_dT=5QU=L{cVJ2zju}Ep0^0 zX}xxFO$LfjbuTO^eP7NJG0+W8TBI;Yq77E{LcJ+^{a+XS!~X0SRF|2*4?2P%lGgRe zpha-`?Yw!nJuO<>7I+^%JP}qdVmtU4yF7yh#QnPK>28O!DJ**#c}{K=)Dc{{zU;%D z*)xD0pU2rVG3LkZ>!eP&hhDavCP-}N;e5KI^OSI~g9=8x_h{kcZF>P<5?C5JK3tl- z5o(|5goN3Ej$a+5iZHjM3p6rhPJ3Vfb4IX8Oh6e4q*zIj@N|f7_zlBA+ki4JD@1r!j?S2(ropq1Q z_gu_=de>u#^!8G0EB#&&JTP^2AQt!Ir!u<_Aj?iRu&=9jdcHc+VCpMw^uIRg3|q)7 z1R<%FV@91}LMS0U5GOu_FB-B^92Jh^8)KcQeD>u{qt1E0JEQ&&&d6vxGEu)vOwV3B zkol0g*Cp-Ir@321rqwYu<#T&W2cs=^T&n9tOvtm}_xO0ne%@|}*XKf;sf04#ust&V zhBo6}4tO!*pTx%PhT*0aB>$urCG`INZN@fvc^EAQIw`V;XY9AWXYp%lEPOzh3S7JBI5Qf;>8(M1+GR!ES zF}#;J>i_to3Y4zU^o?`QOd4>$t$+IuHGYP=?KE*FYU$NJG4z6F4loH9HeUw@b1PgW zJ-&hK&fgGrj8vYuy267mS&adoSC7M)40^xW=gs|{d}%Nu0dzFgS7V%F@2f2!=R=Ga z3X_?t+d5rKxv{3ae=N{K;x^!e!9_#bts7*l?*Zr|%Qjf^Pt-VCp~u+xnS=1L#W)oB zWc%l^jHUiFtDo5G*MnalWhW`1%!-KP_GDx}p=~)ta_G_Zm`dMh2 ziD-vOHuiF&xu)XE>Q;}hf`Y1nxF437U=oFcc!H6{#cgT)me&`O>};FbRf@Hh4BL>g zzxiE0_bC6;W_#xcpdIrxx)fyOYhD<1DpoH_Pg6Q35vYMvFjY+}CA#CAL^;SdlT;h* ztw=jeCONTllCEA)N3Sr=8M<3jNEMAlOhk8}tvg8#Y05O-a$;)LpK{yyAT&}0MC=b-h|X-R#TXD&XTbTuhRu3hWfw7bNvfd z>Yfcr>D4@J&-kr52OA%kwzHbONlb)TxKb5YD$>0%vxV^`c;`T^Jj%t)^n9kSg^2ki zE9cZcb_Y5gY>jlS4RBW&zQehL@b{!R)1QdvZ{Vu*Yq<84s+?f@hyFF&(LO0%;s8}sJ zq<&t<#;JtVu7j5vS2h_lK{H(RjN*uPVWsj82Z4~NMZX79jBlkTJjZv5 zw^Jh4?1^#Z03^-K;ra&Un%e-9bVAr~>+s2tJz@m#4@JR8Cezjj#(ABKE9_WBgqa>_o4}j>JQkoW4;~L zL?Rmt8#OTXwlwp!KS5I%I=q9Z5UHdu>VeTfYPMjozqPb(Yv;_#4x!L04v{f>L#x0L zymYr$F6$cJhK0|ZoJV$)`Qos)zQt&XI5d`mkU2SNN9zkR6Qi?rI?*@I1j^!;s$o#G)B&$UBuFdT}Qnqq)GK9eeKT7gp$x(Y2nZ2YVdw$~s> zxA+&}!j_xe_q^6m4qUPD?&o>whbR$~<^ES!D9*iNF-S<1q#u!2l5wmX0&X|%d)3}o zB`PNU(C3wup#!U^aqF5-)KA(6$NO-rj=-wcR5%Ap5Cxq~!WNbG+BA9-`p$!6(+fU& zUjE;y8QQ@9{Y3W@0mI3W=C6MEwbvtm9aAN>Hm1QNy!--Ut4sb^u~xWde?F@lWx?XT zoMj3Q3@Ggey~|&dD{-jx8ranJp6OhWY|_lW`*rSU6EzoHBU8CahxEeCN1VuDue=MC z$+I=#HI>Ro>yp(oh)a#SH_h3r{zO4;lmd_o;r~eG#Uk5RDm7QReN%DbRCnn0^;V2o;p!S~ zGBp1orT9VEwtQqy0;4on)tFydq}?uYEwB2Yqm>1b*KY&1+8r8d(bBWKpHBM4hbJlO zsd$Oscri>~x1#4BP!B664!R2O)rP{uMra|Zu-fEWZEDRkeEIg~So7KkXQ?H@(hIT) zG+X-P&yPegjar`w@jb$=ZzkDct;JWXxHQ<2oWlBU;>Np|w`GmY2y`pQ{R6|sf;u2$wkj2XAPBlhd_tcj5N5*mf}6nBXwO5I<795v$c*RV3V}psc&~wjp!2g z5m@~BSA2y1y|w&r5a?aN-ZdVGmNO{QP{b>U#Xe^H6Fcbl-H$~>eLtrv1OV@gB-%ca z&V>ZYQ91h0M`^96sh(|7_E@(8A~RN z7%CdAR!E(CUS`lI)FB$Aq7VPnjhi$j*a`FAn}!};sGj%%F$z%$%~8EgvqnUV5R$aS zAp{?GK!l8RE@Q9hn-w2SFgw9j)nh835^s)}9J;Ihlf9B%MolI%(-O80Op>LGurr#; zMn{2jbiRGCVv636t`)LjvUWs)aZjmiAq+ZR_UXN)zqmoOr!s~)ZvKR+m64c)hruCJ zrkpx>ezv3tQ~1$ z_@EEOPUUl*Ck(yKWNx}Rnfp3lp*{Y*i#1o-f5 zmInFz?ja8s>3| z!leff`?h=dW87Aqnt1RCHYDm`?4#j7D+W?$WX$a$r?{6Vzd%g2IJD7&%f>X)jrEL4 z90L*jm(fFi^@z-jmRF047$*|KE&|^Fu%3~}M_V;asBR^t+3=KL4O;Y!?@_*Zz>8u3 z8Tv=D?hs7r?u*{+Gy z`^qB|>hJK1#87*uSGpD;S@;QprmNfzI~Gx+I~Fi5_||HuK`(BX+`sKqmN&w9YHluf zYK_8=0C0l6ty==XM23}QhgY|~dW?|Ox-8DlBgAYd?gf9`rkge&nBx4f`@+ZHgMT!dXQ$m4607FF^_Fk%?3n=<*K zrX>>JLMJ(*z{*o~y=EcNdNxA-DYRW@q*9Y^;jrAh(P!3?LgZr(bS2lF@8Lhk4*p!9 zX>z34KmA%H=xD3p-r&X~9r~7{dxP&Z1v6e8sH=tdp%TIKk7*MrG~c$5F|*rDP|pg9 zn8#ooD-%xlnoHXcA@}ha9=os?CcweRB2`MDP&IEZex2&Z1b-g$^bw#-k>O^8A3_wQ zRl|~m>r+s5o}De_q8JrEisc%J^{Ht-^gag64!ibO%3E{$Mb1&UeVsnA_bh>3&O_`; zh0)K&W6TT~qAL}%yyto}61J!Xb5orCo$C_)c?pPS?DOh{wme?tS@DJV93S53KJlMn zbZyAGw!R>(o|fbZ6qS!Nv-b}kK)!naIwkj?W5F6_#Kw5YdY})C93K)Y7RUT`3xFRS z`8go&xt{j;3zG^7*c2%0_>HVy2>P!uqY=T&0~Ce#!DYuhMTXrrL~|rTpC)_eab5hNb+4ezxcnucLsJ zjYUgt8)CIh$wKCH9SOtlwf_6$cblpdX~`Nb<+(OSf@Te$T$|-`rLrwb`v_v1O0ep| zJ?ld5HrL$x)v^dx)lOkPGCxTrZC-hyCLJ_@N@RWf?TXPcKbfKiDc#7 zZ?QgE@VSEP5&Jwl^Go2)xkG~0KE9gQldd%a_^j`0Am~XF3Jz(~|M_RsdsFLO_Cdw^ zroh0vVW+U1kMilml?BJDTm zm&cmmxUVnk7r(V?b0)8^8_+2@-oGpbljwTNGNE}Qv~!ixl&-Rrhu%@E%e}6neB}z_ zIyisZwVGpN@_`xT0!*B#u72g+>(YySRRB`vz`qadL_ujY9P9PH0PAvGasfJtL)%jE zuXdSQzw)q9q4&btpTCmxE|P1%Iy8WBjoHcs%Ewh9SQ-9%=1qm1O?IVLg=&7zjQ|}& z_4it$qc$7Y$7XXnfp9FKdPN@q{FEP-FEU8>$JZjD^jm1U@}uO`*Tl$*!>SHtUi`wu z97J)+OgnC}$YFpwa5q+`17t^&^xTRmp_CG-EH4(x4t6&W_!&t>)t|H-uHfkoN$OZz z`-`JrH9>rqNzQLsZ3{?y+=Z{ns%j-(3#8g8&hA#C@TYloC`JXxtr@q|6-A?h=(`+6 zp6xFJ%h2-U$?!p+e8AcMNM@RaUBMHI){l*7)rwnuZ`*$aH;u+Na7j=kw1a5acw2PI zyEjsZLF~mXkMmQ;A|}jf2h%60H3@<%F)gJH8S6XC29)Qv;u7C?T-M2Q$$b`IRud`y zvs?OfU#NgKDrL1B=z#TzpfJfN<4mkdqc!G>xNeEhc3w-vbiC^mq7VcFA^JyaT#%L8$ZEeB$T7`vGKfd{d> zGe0jA-U7jw!=Tg!iAeU-x~DU`=xHGUHpjVMd2QJUfDgu*EUdK zk9lBB2o&EAG|!$?6C@&4S%52?V)IuHBqLP+4V zc-_UtsBQo&^lDw79k0-j2cGAA#bZb8G)XiXxr-ZW(6yF|jOXncX@6FfhI9Fgz$gDk z+w&JYYk`gR4q07tQCFGw`X^ppXv)VVZ!51Q*P8i!yO=Kwd;Mb@*%zMMP8P!bMbt)A z=#G??OvLtU50Ya@MC3}e!MA)k9{29sj>f@}R_ioIg6~OR?9{(g(h?6PA-Oo;oXsMO z3Vww^5BCU&V9$+>M}j(r_Gpjbs#4jJ_9?z>7og@k1_&U_CZ$&|0Qb@R%`HKQmerxc z;|Mc;mv^u?E}pXFxevB3>g<1*$t_bvVPHNLD#}WIvq*eJ=%@XFfy+`+5Q5-&^qJmq z>*T@nd-b!?z~Jo!7}kU%+jv)>g>8hX(mL~v?GYi5 z-wi~8kry0z{t@ovcfwK{de$^76YpRKfe%EeFfhLerfgBtVJs5zS-j; z$t4m`@wiKHui{a*|TeZ6~FI!NgvO)B%DHn;gRy9aJ;qX zJ+Z7wZm9_ISGyhXnfcF#y9*!Yi2q8-P^-<;ym~WUzBX*gxxGK#Bu>1d>F)k+A82Mu zN){tx#~mKXQr+Gf7d7mg32zaJ)G}99!y_8;@r`II71!-Ny1}&c%Lze?j%GCKE^FwW z6NjZ|SJ;SHF&bOQJPb|C_OuuhzxlzyLeKmQ@ez-IbKJ}>*Jjh%hEus&Ah10;9QiB# z{slEI?$}DKDfM%E;*`(bb2>tSVC9Qyn)oRRd#=^WOuU+Qq$hGh1o!@X>6gOmQMBF%JOy>lD>d}F;hvsI;tv&s4DBO7JZmnT zwzsCpHu3x2R25}tt}kggON|v;o@yi1gPfDqHpwvQmZha|_lad`dorq+wyt40ONPdc za&hKB(mjd+*fsjLAK^v!$YiGyxxUa>M37f;W5Xx%MAxHzWJ$xkNyZVBrg~T&!7-S~ zImLrCU0_?&G4{oqR?aNo5Lhx(@Dpo-BoH0l5;KsM1#tOuaxa&J29VD2W(9pRwzYgb zw|Z}nY>N29NO?Y`s5mD7{pNSf#@AL8%2Z_31;;g7Zo?%I8HDZEjwt#)@}h@eE`3fp z$sv)+U@Yz)E|n$cClkLh5NlKA?^|F~I&yx)Xl9-kV+KN4Eww}swwQU3l{;@;znun( z9f2{2UKZdA_2J}z{TmH4wZ||C-dK-xM7VU;R)u}e^Ioo=6^_(zreP1Z>nnzJPT(if z(bn-etl=xXl^jOS6oR?BV#3k9b7c#5pm6k1DEey6Ga36IPjRmez5QDsG920kmiq%Wx*k z?>Q9g$uP5_9yUhnKL^7URvP=#s&}}CbVT}yGi6gOwQJKP5)P8bhEY!6Y`H)NkVju< zfypc+^V(y3@%81+P`uMh6<7&IiWHE*-Ovrc$T~fUlgLDpo2KsC(mn8@4J9`>$B$h! zMrd-Qe=+20E&l@N1?F_`IHT}|)19|fmdJXEJ*;aqwKW}HL<#N0z$(*a7aFqGrivlw zRvtN~TsOg(MDVYxvRW9fVt0`omLl|)(I^;T8B#x6ORW|}@H4r=c=-Tf%`_3tDY_htLPQyeYJ&|xBsYP#o zPFkZUV?3PyuDa%{bNgsgFUnv4CKBhzEJ8UP@m4|WY`Oo0s#M&|gQJedw1r+57z}mM z?DMfu!rCL`qS}nx1>C+c4GiyxrdT$)~4pg)CCUp0OczI&Jz@+17-5U$7ornvL|1}9K=AB7^?Lf$ChJ8V%oS# z#h&s)FVS!`Co5t6vv!sO`zyd96LMC|WV0)U>Ef9%!PD3-=SHL(BJ%ZFaYd%FUhytX zFH7RjkV zrbP4SBj9f`wKYVgr4FQ+N+@%68OW~|N0pcfW@k>x>M#wL-@W;j!jN!?A>bn0DQZ#a zuAqT)9mSYz00Glp_MC+)vAxz82r#EnRN|`n1lh&LjF`*-Yo%`?>m-a_2-4vu&4}K5^Lo9hV8+YX34n|moO@p8fqAPxegiWg&fO*2 zko8dkXQCwPTfS#yWv2~UXK1-4#HzSmkqT$eVw+hD)Yvdt`o`@JYT}|Ut{N#*bCG!8 zFMUImT258)MkEuX&W>ERk2wmPJI3%FemS@YROP+=@vY~slq?J zvZZd)PZwX4LP@>jaB82@Q~Gg2{D~doEvsG?emBfGnOO&D@h9lS9~Noo`V9*#qev_? z<^?cVCKXQVsfmMrjR6y+fkP;6G$rxFU$B*i=uBR^9c1z5qOJClo<;HY$1${>{libO z64POPsS_Chq*jk4|f_Q>oaA=H#* zIvPuLgX{w7?7*5?>gkRVFD2CJI?1q;hfO_89;rx35~{vPi_8aJXl2mS8P;frB9^<} zImuF%+4V_LLk@+H>@oUcW%%w2F};E{>VqX9;&XEZcxr9>7Fq&hJ3JI0|DqPGtt3{8 zn+2yJ%+2?SAAyf0`u?`Bqq2}NF}-+2j!l-J^qJ!;1sBNmDbyE|NZ zek2**MO1YPoEH92y5VaZRTWjr(NP8(<40k<4B&1ZF{Dnuh&!>rJ|XQ1;QSi^tf>QP zXpS2DN}YYH0~_%gkN=xXh^NBs6b@R_*IxT9{>eh?qvgx52Ev5;6TptJRHUJfA{+#8 zoDP|&T_$pNR(6(I9MR;}nAC7ga_ll|G21;<5?Ge|Ah!q-RaCTMQX8rSxH$%0L68w1aA~w{oc%Ak?r~Sri|1`WMkst^~ ztvWi$&Br~7zO*(&ueP&?abWm4!mZN6M|(f1k~B`RGQ7xouF~ zR}l$mv4{DxrsmnYc2Nn(PnAYu;hOi;)qzZo&tM~yqPO75cc!mc)~-xXxrvkaH&h^K zQJutdhVrUSwr^2G*u&D$N>>ecrrv?j_x4dDn@Ea}Wf?z#HJv^|yC0KISvq933zpVD z{1EBVkUz&eVWowVm@LuxxSN}$YAxVGEN&)}wUWYjBLq|Q2g>G5WCb1u9nLD;{zzas9&4!QPk zwD}Qz0MK&8v{~X5FZlS+n%dGZ+EI6iYvQitCkx6l-hHcF?I_r)i=eBe%TK7YSQ|l0 z-P`5EucE#puq1_S0ki*KduP?q=C(CzoZ@c9-3cy5fs$59(+RdX+Cl1r@a zdHvmR-rl)~uWmOwV!7xI_2e zXznKPMBH3l4#}dzj-E128K>@?>(jtx@kuRF@ND?`Db6gn4fi3nMQv^2HB`vH#O{f0 zP;+LwtWJDqU!DFUYsX!dytRRedX%6X=VyhbOQ;-ULUHlPw4(Pxs-@be+Q?Br;$!TH z4xKe>nIl~m&cY^{-Ee^r$IN!clKL1`?WJv^rVMt2?l|}TgK`Rynjmn}U}~-R%qx); zK>SU*uW0caY4DY)GtBMG$ck-7HftFWW;GxGvK>%!$+DHuaXbIkBNpV#zm+NHnX-_D zeR)cPlv(ijRLBw}fSvT?3R!=ye~ucr&_5z(WhPrP#_{4Ce>U|w^%57G>-tq6d{aZIvkDFU-75#_&I9pt#I1*1{^*Q5y*NGo%z&Bedye- zUrp~JT*v~B7TK0^cpR0{oVOzXq`hnng4bJQi`FIl66-YuBgZGD8oaxVx#BmtZ;x^m z11OhY(kNo4m=Nh)68TP*iKK@{C{Q z3C1~zF7SmmAbT+_Py^}nSVRx{y01BpuHjhO%*l9qPKJxr1|?a4f(EenA^^>m3BTl@ zB&{7wo-qoe-?o|Z)Ha!4&gSSk;BCGwGc69^QKJ_HNtg1bxd=*^+%NER^9`-AVrOMzv*SyM z5yvbZy)$l7yF?c({$mgAQ&pdS-$0IW%?fX@bYXqw2zJ#X;?(=G=Hfxg%r;L(S==N& z0GCaJt|uH18wdAy%c5$Bik&hST{-@XC@X{UL0JOu=jb~>{I8PQOY+YUfMa7g5_n|7V)Wqv-`1?rZTt6L&a$leid@!1|BZ+^ zX$jS`JXu8JoAQY-pI@DNM&=Dc-4^r)P|p=CPTbbjQ&in%bO{8}cwHSHV?>Ob5x{Qo z@?Fakw^HNDtGe~iV(0u$l8CiiLOS1rGx}X5k}K`Qxf0-vI5asn;PIStZxfWBp6qHZ;> z_%rZ8Ri;9#*e#~lQhY9&u2Oyk@8jF?+F)>uDe`JgD6h8rK`A>+@|X|Pr8>)QN}@x% zKO!fK(K=zuUXWKgN;+aT^|XzFz{t@u9dq^=IKx$D*61*J##6>lQzu+^uAV|wZD1A} zfYkO`QsM6`0soTrkq{su2-{RwPnY+&MSbW}?-Rdk^TJIg!%FOreTS_ZWk&C?_!IX% zCIY?3g}^(OH=*62EGIBD?=8`}|a)nMGn{@(0{hgAJb8F5)qLI41s(8pre5QIg z=#!Xkr4#?yTFww+nnanP1o;_I8Cf^S1M~`(ZYWBh(V4t`jUfHj_jPm(-A^@^+t$|$7o@3)(-{zGST5drZwjWR6*apeyMG@aU3H|1) zPkN&I@`^~p{ThfQox!2Ar^fo&l0)QI@~jhhMvroGnFDJtm!o-x&4MP=TCxwKtR?*J z9tkPFGJ(;$PG4Hk@%Nn~)S2(?PzIF}F)+nfcjRd!(JXoH*;*b{d=>_C#WH`5VMLij zzS8NvMG03a*Ot-6w{sR+aiDX$=@}ozO_tJM#)?%f{F&h+8sTWucr@_DHK!qExU{wB zXHIhW&eE920F$FRm;;9gC$dCeVW6eo`VE>A?u+oJvTJ`?5>5{ zqp4b}vC32GyIck#-N>VgGoiVS*2`wT%l#>{1G^yw@Tb!9g{ zEKp^@C5E36ln3cHB}S+uUoT%X>VALAfKlt0w5XM`C9e?zS$egbvm-Udn+8_VzADE9s#s`~vzAz%ju!rm)grd9aVb)d7pXrfg-gbQ$aQ+nY6FuAi}MS(zK~{m<5-?Bb+gZCYTBxV zoiQ%j!P}&{s*WLHLw0J;>A;q0vh86lB7ooFly+ghR}iVHE3`O1?y5#o zX%wKTkrnu|DCYC_{IGW~F)$|cJsb>Qwub+XF66(H0kF@S11{QhSKx`u3T{{7h~zd+ z26=*2MrudF=!CYuMqRCFGRpe178@-lrrO>;8f>r}uLCzBr?#U}9sfuV(BwRG(ykKpblEM`CjRX@$S`J? z*I3ZZ5t@ih@;L(&X)|@8zJPQ}4X=&DI4_^k7lQ8;bq!Fd=A2V<8$kofy+X?bo$gDJ zY|1dX2*h~x7x&8Dv67Xb-R%l<>HKP0Oo=8?BummF5dMIsv1i1gS0-JBM3k=Kh4{{i z7>qI;_Gcsp3L37QPrAx%q}4@svPOJ)i=UviRkf^wLdPmNsG?$>*)269->M#xz-_Hm zeh_vVrp>{wZ;0}mDc7b~NrhCT{jj>5NqNWI{kwhbAaQ;cPGwez-od{{okiQt3uXdF`&xfK)?*j$kq_hlh z%M~x@3PXB%ER`n8;SNQp7&H zsg*Q{ZT;4yOp9GxzaROnC&V_>Hv3AV8g6Xfr&pe9jeZ8tMJ7abc1<`i8}P>k<`C=z z_Xc`VpF7h*Pj68qaLd9BF=gK~v@NDqx8L|~2eL|eT^(!bWQJVF39nNaEz)JJf7vr1 zGFxhZ{}a|UhVm9X-u zC`ECS-8CVCB1t$s7i9CUY}J` z|7;~isMjFp@SQV=e%mxN6D_e$(R+@Zg3w|t*}m4kOQ~A6HGUsHMn3(C?6Pm=PV&z9 zfn51irb{ixUQ2v-MLLlpuawv4&s+$sJlVek+Q)d=&KhNooSCVv;*TI3h9Z0_*fhm& zT*6W_Xo*zNX`51>OVlrxDpcR@AecG2yNmN~axzFFJ2%zQ8epI${ybMYN_LDDLt3t<@C*SuI;a4a1j#leH;IBtFCh5A5S zXYDZl?qosg1BEAonc{u$&Cz4p9AruBLBrg+!G| zVbRGG2~wvU6v>AAowRQg=?tViqQjqmWEF%6klJ#%vC4CkszPNkY6m$6*-WR+>eD*C zsmdHRiIB_nIaqQzwY|qJ?F^_hqt-fXc^&$TevY!dlBySpaIDv5m}m?6_LHj^#OS@h zCca+yF3egBj-X@+9}+%eJ&0+`$%JTGwnLJN;r3W5u}qB!DAxMn0&wzH(sm5g)@Nid zDMd&O-Aji%oqBdCk~v*+e(yl1ulQttrTW;Fl7i>L_U4l7Aa(qE$<9d= zu9xXZ2hP^zpuZ^psWygbl`ZuID0)t?PK!KmFzR=CD;2>&DrUVQ@03g;&m-NAIG;H@cYC67j5(5aA{DU0ZI zi11wNRmVT9G(K_y#aU4dYZf=j;d^(5__k#vd6k2z$*LZqnNN#c1LK33w;rfY>N}K= zuNHD3uOh>1qR5fcBR9@Evf)0br==OW7eL>H`iL@?Q6hwNZ706ZYpTQT`n-DQl#|Z* z>2L=ZecXk^v0B7pDk`_Qm>xijRA+Liym3aIr>+Q+C}foXEea!CPQ7bFmHi=o9~?EzCJQn52H!qg?t2OeJH3tpLb zV|+5ANF8so6N+C9O?H2KzY2hEx}{|>u%AI*I`p0wkwcqfooKUIp2P)qjks1Yd zqW(!06wIyX2%%P+LshCy$Hd=h3pH7t1BXl84^wPT4fl z>--ctca}P@dyrZlw%a=vRYGJ0;VJciIPK11ev1B@HYD!1w^r6 zR7onrHBmSS@d!psw%Bm}DZ59+HVdj`7yb6tMLQ?8%de26eShO@_dCv|m_Bk$uJGP( zeO+VE?6QD1(AoPx(U26AirDoL19iKQ8EkVCv8h9auZMn!YZ?__hkaI$dre*+{k{0m zU1oksEZdU7Gro~PNYF(8QVjg&*7=JLnR1Y+#gS6s%G~+NJmu0)T}S~%cDjn z$(VYphGpb0D(1ZRbu7kukb`63h{sy6fe}W)^Cq&Ta2g{GLAL*k&fSsiO8-!Y=#Tql zAPBueDB4dur`zkR4OA7S$)73QULe@Od$RNJP2m?Nz=?~DXBEzhfiMN@S7eT_UAI~b zq!lyH%p)zoz704}hzBhAbyKJD`8r$RDGk}1IeDBIUwzi4B0uUEOVjgPSZw<>+lO{=Mcgw)v z=-J}N9@EZ7#-cTd1ggK?4_T}yi_;Yz(S8T7)(^dIdZ*a*%^7C3~vTVfbTjKcu;N*1FFy_kqgrp!qRG;=K&Zch6MV@+T7eZok`^zvpCb|ve zd0FD5f88H37aV;+`S*S$E8*`=2JvD^5buuOgjjN_SmS!wTzWT9;wL(Dxtw$ib@i-F z(Q@FdZ>C;c102I!@2PP50`sm3i&SVPApB38@H(5Y)=v-VTLM1KQIMo3ZAjmC!#;cj}m(RU=n< zJ>X}ba>@CUcfv5g^8t6HOQlih%1SiM0%Oy^I)1PbA|qrS+3_wNQO9(4cLt?z5?7I) zOtkq5zsJK#t0Dg^3Nw6RB-0PPlk+MsGh9u4JVRM_4h3jX~kNcpd zFUD!7=RQ?ch%#A}qLmUMk#kBauMCIPus$|+?uPt~vPAg`!4$sV0ax7n=w=*Xxz|cV zW2?{G-h9b;kC{u#yVZRs_Y+JUhf+oW$2qMQ)vzQMoOhu8S=oT#n{~fK<4isOnAnoH z?yG~O{+*<@n>*Yn=!ib+v0$6u-23lXA?%{FkxZs|KR$k}`hH;ALE(ylnyIm4QIL6+ zQPFTUyuU`Ncg_)w3_T@CLj4MS^t5m$Chlvd9T_*%(!e&6K-0apik86Fx`t)Ya1`JuN||E@rHB zrO-w_f<>~&s?`M@pQNX|`U9S}i9^X_-HSP*{mVQYovcur!Of*t<{hsyYHzmCR+KS= z>b~?AFSp|E>`sa_VDlx(v}QSd@Q$CUC8^Fds}`Rl^^K7F6mG3EiUg4XI;EL~fzKGCPD>&9>+`)G&9LkpiaypFVkz z$bWf!Tq36x=}I*Tp=-T-p59kCEvgitT|s5wgbD^l;DKoqkrDWY8q{;ThVFWv`aXTs zOYVArQGE5&4Hg4e?~McexMQ47<{6Yb=#)%dTzDp}5cbkr+?$ZCq^Ow6kg)&6AH_*| z-;Cz8i5Y}U)oD~l`0I*KFoMMNS1X2}SN-$KQ;IHB6uv{KJ%TFA3!5Davb0FxX^&NhiQWB7!R0o#jfrUE@Z z4C7QFtg_F)J&Q$=kniBo$yzBrpQH&uv}c^mSLY6Tc2gMxnw%l%o{TC$1B5xCkX z3Kw2gv0HPCwr&yNclMiUts>GK>zhs9_(xz}`K^ah*41=T=9^oz7K>nynbM;h-%Cy&wr^NZYWLB5|#kt(YNzZR~9~W+;GF^abvnPSrtht*kqqUS2NZaxwoOknY{}2lr0PyQL6k2WxaesqAM?ebz zFmuvlTuu?J7zuXxhW^0726qKy^bNl`qvn|by-WKWc?&HbfgPInv^^NAXW~;NX}qdm zJb2$t9Bp2E;Xtoz)hy3zu1O^M69Ol|Y zwOwH}xe(JP4u_hQZY%U0&Z_-R^#DI3^QGSr;X=LeJVuUAsoXVu& zz=w6aI?07HQjEtXAHmddJUJPbR3Ry|qa#w}faY+Mg5@;LG$1{nSY*K9U?u+CF*31_ z3ba&8)ya)^xw|f0$j<6ZFNMztv zw8(FJyN)pLWo^z=6`2{XTxz(Gw^G%0;@25Yp3x}G-_=j9X5WWyBSRH}Dx*JUB<)=d zOHP}{$R`ENaW066>1AXGhuvTulq-4+;I|Y60;ykhF%uC4w=(2PWsmzyyxi*-HHY2eNAXLh=k_lCmXV0eh%rPVPl&b?}l&R$?m3GP=_ln4zT>d z5Q=<%Nx;pOQxC<#0~uMugd#cd6Oz;&p$CtG|6GQS4oC)Ds9WOxIu7_kKG-+yCY3xorIVbm_k@ zuS55b&g-A~&JN2n|FtRn-3F5X+vN1$)}Q}UufS5%|KkTTjQpR6m6iPkqp|+`W^{D_ z|91cUFI4)!?983@-?9yhA7Y;&l$~w|GEZKmP4^R^?uV?5U-i#NEPyxd^rb25Rk8o+ z@s}c)3}De-@WL2NK3Y5Vs4{?_i}OQ$o1Uz3WOv@ng(n4exOsh`T;k96oP$|suVzCe ztAot28r7OKDQ!ofP>h$HU#x2Ks5QpI$;0uapoFxOBis2vNHOkH=PaZc`^Emx0C;x$GT(a6nUGpc?nC{2;iJk~p<(oG^DG`-tEzOsw0=lm+)+l= zV4e^A54r`WJlb^v4GW7?X&8^edyx@Uchpktcp|w(j@Rr;YVnM<>Wch5a!6@)Ec?vd zkjb|!*%iFHoJH|5N@=ehFXB0KiS|CUE7#yt=3oY8mrinY$~|!yFyYfUIk5`tx;zhO0sF`*qGWqFte%E zkd>IK-iQ;tuccuX{2-9oxw$zn;DxC^hnloyLCfEvT&=XRM~-Qit~W_5VJbkzpu?}? zbgo_G9n=~8X$dXJRZjsR5x!ZJpH`v>`Q(;Xe;3v(qwSm6sEkb56J;JApVp(oNy=NP z=Vt#X;pc;3C4x3-25)LU2i;@Ur7B0r95jVxBmuwdyRZN+-Lu{8Q`G9gpVgc2rnRJsb(i9#09AL#J^1#?B^?!XE<_YP0GeADFJfE7sG`&Yr!itnVpshm5}^e zz{{&*gY9AFVs8CRC(YKpQm?bJRA!BDJ1!IWIx|m;IwqZcODBtiRNwl1f;!F1Uh4+- zgNN%Uh0iQyDMc@}ze2+dZ%X4X z9z_uZuXd@#FZ2Hv(Z{jw>md8|bTG(OSQ69wq2p{RqCH>Q(bLt(47+ZO5>$7C%Mr7? zLLRnw#=9mQZTW5mk+!mg0v-L=DDa+e?u}B3q_qm#(4xdr=m;Emkq*9g;R}h^hJ0c) zPAHkb{4FqSJKcJq8MHs#4u$g~XmML&+B_UHw^PDgAR6o;ZR#g-=2QD(ytU2TGkHBTX#(-dcPVQD>71;DpJ;Gm9E+zC70n)w;x?;F&6ID{KTCEFiuT=2_=r>c{Y5fK9_*zTr^Rj}CH+!^DR_#DiD z0LG_4@X@j%emxi(jm3jlj^MeXs;TYM5u(H_qLMV^ ziJ_^#pK^(H9OH-k;%(uMwRdKONH`FeE8GMGw~MYKM|Q5&lm|+<{d@bDh4oR*X)AC( zld?Q+q!nu%_~_kyE+IyG)JnXMTJmPNSsUiDiGKJ!;4XmH{052dr-#Kd_i`eJeAx@+ zfwdff%_;Us+ya&!dNp~*WJ+9bZAwH%?d(3g4(Ag7&3F<%^Y}_bC!n~2 zpTIFnyuJ!O<81YiA}c)P9;BWgv_n+u4W$q)`r=Gd98}68IE$`w8x(%byxN;*iqrCZ zeGD*rkeWa0Bj#TnsQVo*skJ|m3Y)zj8>Vt_cjSk{aZ(IA?Jbj&45}vL5#@C@t}h7E zS`4D5GO#5Lh+JER|21S1)+KMZc(qE)$JB$q41JViW_*>%3D-yY4+^ zPfB}ts7w%&EV6JdYlRWFa*u9D>voVLuyHnZK4L_Smj7(U@;MxQm-oD(L0C46?W!kt zBaj?Vxam;6M9WqC%HDZ>L@_300?s8fA0g^f(g~IqO8@yzXz-$K0~ocVo?Jj+cfMnM z+PNlv2l~FGqM}tV4c^&P!F@@f+2w0tK_r8 zJW7k*KbP@Dvr-lX1VG0qOnJ<}v0mdy5W@(T8TtA`*hNBwJ5Y6*YG_M2A$-53AXl0`sK w?yLTHNDDOlzYM(oABtjqydt3iFY7M>0DgCx7I_ptI9PitrzZPL+BEq80NkAGMF0Q* literal 0 HcmV?d00001 diff --git a/windows/configuration/unified-write-filter/images/administratorcompactprompt.png b/windows/configuration/unified-write-filter/images/administratorcompactprompt.png new file mode 100644 index 0000000000000000000000000000000000000000..6e2d631dd9aefb10fc45e24a873f8b8689c069c0 GIT binary patch literal 198586 zcmYg%1yoy27cEY4S|}P^OK~ag6xY(?`r+;_K?;=O?%pEB-624WyStR&9yAb=$8Ybw zy;d@ryY8CF%-nO%K60Zq)fMotDX@`{knofgPNh2ZEC*Z)$(O>#lu8R5|NJu11|N0;+ePX;sLPGphl9T@IYjXOG zZU#6Cl7w^NaoOpPkK>XwTIpNrJB}o?H)LjIIgQ~SG$tf>ato5O10^kKw90^(tz z_n9K_X14%7e({Wa)miWbHhBR&52tw|?z)hj>b)2!2=VE83g3cH`bcqMw7cf=b#~pJDyu;Wh}Guq$J{6GU!SLh(Y5ApDTDS;p%_+6W53ff?lM8 zCs@WNVn(CS;{x&UB=PvJ&G$JP@i2uzYsO>heW32TUs(gfFCGAmjK{)>b z9Qfo=@O8Dgf8!oVa{j(J_<@vLm+z5uD*)MqS@PiyIM50|04^LvL3+2INnlGp=UhFe zzB?X1T;lN445=XaH0(mx+{N<1r5AzH^$P}zLIgWhP;!bt9dQAn8aoMy)3Gh+70x9v zvo;tkG9D`y_cM_c%;NJTYW{TY(t9u}rfU399exb;8YS4yYH!v6Le~oMON#ytzqPV2 z_@i^ZDc8EdTisE8aDION+P_vm46Do?si>H#=UHA~f2;u9?&;Fp%ESPlmw?dcsbG9n z`MK0wzKIEE_jrKtCw7I#g4FpNn&-oz!WL=B*jDggk**6OnjZh7cMll9S`g5HHZdM< z?oHG@wMrnIz%+CX$AMdNrnk+9D8H>|VP+k*0E!5@FokcoZfh4jLr5hqiO1vAyjyZ3 z2m<$VwqP+^kqJRy72sV&0%&;pq4{7FU3;i;Hr~761@WgqjE4tXWl7>{j|+kC$T8W! zUVV?4iK^*O+J2ZElE9OE7|igAd@5`$ISV(1VFX?jz+EdW05wMKJ+3DkuC6UlCj~*? z-dFF0jGW;x1q6mhwZ{FeSN~5R;L(sIjI^z>2_q(DfRB=N=SVc8GuvS283>(lK`hvq z+4y_8*HKQ2U!68D(Al0E!;kNQC|i#w2N~(sW{(hsUPL%B+=e7We(0&t>2$pperj`> z*9#lAwGq5&5$Ib##suE=PUG!Nbd-j)@FRqXHhz&B0%O<|KM z#^R{lO}@91JqV(Qb?qgcQc^Qt+tc%aEz~*Vvy>%CEJ-*NaX&sP!afm?H*Olq6?EiN z$jn<>?n2N5m%L%arT7=JTjhG*+c-KpZkv->wUZ;YzCGI^h%lS3+^4w9mzo-M} z5v{16t9JjhY+L@m1BrWKuj!I~lW15{LJ&Y+VQ3W0$i$SFIyXOmv*v#4-T8^W%*OKh zG75oXPdS{>)6!FiZ~8b?yQQBKav!*dc)Gqf4XHlqy}v+Qk{>$cKbJ^83-RxH_ZK`5 zY)$2}MU53atZ|7q;>?js-gHixM4V^esw`s26A!Vvh{%PG5aj9@w z-&}vjB1y0XE1RmRt{y0pxbw8x6@fhggP&7+5$F%`M!xhwL`9kIWDxfJfjb-`eqink zsc;E8+1j2xoxTRb><&jA!nP1OwZ?~4VG%YxH$F7I=(0E$5B)4Ipo-%OAbe;_CP-`J z0zL->dGN`KUOc~lSOLOT#uYKa)=jX!E!gWDl00a4FG8VBfd3I(hM-wD(1+dV!inHp zXMSY4z$JLa-vUX&8DuY~5@RQZ%cNdtD_5@#k;v0U@WC1oi>OQi4x`+P*y`j7xP~6= z_`3}KJ)7z;=yLgaI?fq*Z3_2qGRKB*Um$#Gd#NSht%#e7$`sdK3z`VSfw_yv)1{q* zCYjRz2)=_H)EV##d?Ch827li>cSli@IviDbX|u=3%)FUcf*-_iotm4Lwop5IL_-Ec z6+RxTmAF?1YXlziX@2@7^1iIO`HQe0fRNBtYch+^CRIh%-Tm6sv*?c`d~Y5*K zt}oiK1h=5kJ}y;#0g_K~G_U~{bEm)iHWD{zjx|AtQCrW^NCLHj6487C5b6YRf&N1<6QO}?VR-9PF?nEz@ekiFAvoT zJvJ71!VfPx^r6-CNd#t#P)?$OkI}?=HG#_DTHSKHn34~Z7whYxM|ig=mp;zwf#Al1 zuV*zLmm8!e56k_yV)vp5_y7<_T$Ql(a1&J!dEHqMyc2;4%iCY+4cI|{_-i5BTGLBV zQ=J!Zib@mqGyh5heq>`_X0c1j)rC~BViF8lNdQHpoz({3qd(-_I}dDwMenBQ5#XaF zYQ46bJ}$%=5CtRXYQ&>1=nC=t7ZZpj>(z+Z!r=mK_1weGG=j883^NoV-Abi+5QJ6zD4?zo16LWTD+ea z4py5TAXv_yO!$zb>$b`t?EXm}f9 z3L6sKsThe29g@J`f*sqGuB{cddL5zyZ!RurfLAkP0R>+Ro~O2AIgBHK5}t2IwqU(1 zh20evmX?GyKyb{~!%}VEpPBs7P|miSaZ>n!sA=Sww&0E-t36kKI00e@7>Fncrg6>% zPSGIFqqggFdhf?bdyoZLrVs;MCLxjm=k@o2+XOq|8jkr?WMAu(Cb)vnrnc)>PL$OU zD>7wSZFp^A`W_QwjlH=u)U~rP~2L<$2@}G zpn#u0eO}3zxje76_F~d(Y&@U!!e69*O2XYO>H&%)8E9=z06(nlZPGJAuSV_e9yr)G zMH~cNuH;yh4SH`E^r~nu%uW9riGkAi$Dj8;b3$@+Y2cSV7uDTvP}qSaB1rhyLl^QPheAh^7iuc@DP`Pvt2P-hB(8S^!_h#m2d+Kmn6zFX9U{o( z4OAD+7ZyVkgb=-qLp&}{1w&D2x1KgzcQ7U4#Q=K&*ekm{$-aodTLv1f_A^bq6X&$G&@wiHX^KkNy8f+^PzMq!fHswruV_%)on> zq=e~WXGcv<9R^_dFFnS?n{bh1RQmLy0s{B>l%uOW7plOR?(-~BGRoklRK`Lk-v8Y> z;i6|!DhJ;o06x&T2j7&?RD|EjDue&7>s>-T5B!kl@BXWOUYg*E>*+W8?Kr<}B%fB) zg-xNOy1|?WqLAkfyJ%I}|Kd6)7gGiNLMs)3v}F|)6{hNjhHDvnfL!&`|9@6TYW5`H z%QD7C+Wl{TeIn%I;4n_SjxmMFkjtq2cQaq8&(^Y-9z9|T0h=OyVdZOE@cP`B-w0T8 zZg}na%$uzLZRx(?2ZC-AC~z5`-*g1xH(YQuWe&LdY@{pm;yoy>H zw)~B)9BVSgD3qOwODGHG=|jtj3hA+OP1!z}pN#=g^uBzh04{pVb-<$X2{VD)hCvm%DOGW?tJVdi4@pIL^t`Z)x5= z4$~*jb%WPwcQL{#4OvRWkUrL_mn2R3+TY|NbxETZ8!D=Oe68rKHiq=eB*{jaI^*jO z*&-d1Jn2&WN73;3ozyVB${9K9beWykKr2gk-Y=XU`r;<3B^FZjWvnC7XW@Nhte1ND z>hJZ&e%XVTe)SX!)}gBraWAGiOdm=S3(wHK*`GSIMz=-caYZ4ETjrHN)LWsfm_U(_ zY8Ehilc$d3p27&Q52$4DZ4s zIs|0DDLiR4K6;~74p|^`^A3KIU*ZF>s;HBgl$`?k!xBvBAO2W#ns%X52C;yxW=c4c z4y34vM2TbA{%WI_ERZ8Ty-r9gd(gY(EvWjRXr=-PZCl^b8-D*qt^uksVdV-dX|wH)d| zw6`Kx&Djyn*T-Z}1r|zx6B&FvN)pXMySr@cx{vutO@h3xjfd!BFg(;sE=rTkc=J@) z1I0i@^ix=F=*|ytF$USih0vRQtSUf`p{BYC*1UkA7r(AdVceX)c#(s7bs0OACe|@I zGK~HcUvd~ygoT_k#_x|`f7)1wmKoDWw5T7vO;1cC#>d!f_p&4PPl!Z4Rvg^NgGT&p zF3TzGDsSuAL3_x?`%uejdw6(ubRM~XOi$xODaXusK%6G)qpM)>6|?TgI#5eaUgP(E z>ODT5l&n5R=8cS{HQf&dUslq!uRj43(f6p4JF_Y|X13do>amiChd z=X%BZf00zEwHMJnj9I+=Kd)m1{^NF)@b$4J`0%V8t3C(BLtD=(h{eusaT^`Ft1y=r z2T0V0{m)=<?ym zj;bH@$?*=GRMpi8s?_eS!Cyd=X&W#pQQtq7>0s*6)8o7Mo!5j%`?xF3-3eQ5NNGcj zZx~>qd@J!_Qt4pjz>P!R)A$dD%@k(2yBRIIbbrRm&Cy)16UdA^Q92uq^^ZojodnUD zGC-q$eU%MF#$B9c-BM!$+&R`eTJmyo(Rj?^B$edF?rb%ZcVxNM;_2Ch=pPyjXEF=@ zZJTSwsQC@>Tp&^HCl@O@zrwq;Hx8B*Xy@5|KmGt6|1s=lA(EDOs&GqS4S1BL`5L+k zn}j-%RZnQD|6D`;2Sbo^K+h>ZdPd4%WBt*V$F>P}wBlteuFu<4_iAW2Jl6?7@ync~ z_lqLG7 z&YNtl(~o(AH2M4FIDWH~yZX`H9kyJ@r5(rnOW2c(PDVkfN`kRu);8|4@=d0Z|hyv6VU(9HYR7P{GD6}!xc>KV4a!YIL=RnPy@4AT=a|L9yV zMwC%fPM2nCRQZx5E|Rx;@eIAI7+T$s(AUEPIN%HjibY*i-|4=8d@nk`e?ngzRXKj6 zEkFKrbK584Q?&TLtRUIvY2lt5@EOOq4|X8p)Oub%ByWB$Q`trJjQW^*r43h5 zM}+EDWcu)-A>WUzVniwwUoXF(k7(L3tB^fket<@@6ZOL1zO1{M%KJhLUHgjyJ9Xc* zWN-V2b%KxNNq`d6?gbBfH>|&6nmx&L3#=WNSV&?i?^`n-`yyuQ@OQYI>+69BRI;v%VxEl!j$Pk3~gZKN{(&Jw-eQZrD7j;*iyA`Q%CaXH{)RM)*ElAPrg3hMN7Vr(f~o{qZkZy z{|7Hp<)5@P$kbuTZ5Eqg0$HX$nfmwlVQG63EZwg~77N-s1<}vWWLr1gNbPsm8?%|s zYPvP;7qGMA$T1MW74#k|mPMfz0udMisLr|Y;dxybGN zDtlPFq)tFHdWxDbQ@_K_nc#SKAQlBvi3P*E^hDYd*C6p51$+zZ-I&n^)`qI&Z7j!R}G%x z;N*0+&(svooZO0_t}m%X8PT73271piI^O8Ak!obzR}IMcyl(HITnHQ*{(H>clv-MN z8ueJ8H!GoKH7GRk)uWn!(uiB_5*@q6yMY z)~v+0&f+uh9SN;nTmE{|vBPXikpGeua5kTW5Ed z5IRdE!^dzE$DSCdk>B9Z_Blg_Sh{OL0=>VvngIJ^$#Y}s7(4o_=>2x^)5Yo4SUU` zs*H1+!~7MAUcp&3wm3E^Cx={szEoKwaqGRbn)0hUkv!sLd~ur-Nc@++tY47hJBf1E zal1T|sJ)rcq8)NFXO2dZPHB}XGxu+NWG0VtRg87XOvEB(Iv-k>%$!;%WdI!Im9Klh zCVK?L5T4j;^(YV0<*TvatLja&|N%x?LC$NqD^sTLYM0&JyWyZHp`LW`OuWN9zo8KY0(IwZQB~UV#%*x6_S)nXX}gL|M7$UjlM%C>bhtSn|sv+rF;Co zuc#sjD>-}v%aJ4nRxP$@%fEK&U6(o2g({@S5hA0BmEC8tS21JB%qR^_r);d=p0}230Kg9i(^qhG7n(LZHsLsccNKBm~{@;!pD1)C3qY}f2 z-ezUXTD_vkD3RzUy{#b!w;tF>IY3f>=yeKqd}UlaG;>!bU|%Uo=P!Ex%7 zB>za6(zqqUtc8&%KQH}5EG6o1a{#K+F65g#zDa*URMgl<`a>`OJ&}!piC-m&6(gRQ zNt7v=V_Jin`AI_%oYC+BVOu$BEhjS|n+$oW9CcMsA+8WvsT?#Hq@NpKa321%eI=`1 ziB$z_5EG>hC;0T>$cjL;m(e4JO$NpI*okrgZ ztIJd^28Bi5^r}35OdtEwu1MnNK2ZVNU`KtAbZoHK>Gng{cn@|}iz~mYKYcV3_mO%P zl~Z4$nVM+|jBFWA(=n~=$KmrvwT48#`#snDXoJL&1R6TXNAgi6@8suMLZ=kI!_2JN zaNd3A&*$G+T*%Q%{>g0M8SWUay!MxWGxBB7pQ^newrf=c_30DkwH3oZOG!1=d$xG& z`nIREeisb(waYGw!zT2tnOebpeZvJYscNOCQc9XSYCXNQ(Xd$uES>!xR3&k-VUInv zqPs^oLPxBhg0}5L&cex-({@N&lQCmsKiRnn$Z9-|zPY8zr*lyX?P^ND5?Jj_9e8D94p@@@E8 zbkBT@8Ca?vnIaE1|2GGBsRpDDPe~$Ry~9w*OA0#8G%bLsp*7>6n@0CR$(A>3f(v?` zcp%gYB0fA8Cj#4|~PRPxMbi`LX8-`z5RfOMNx$Kz&?0foW299a9^5RV2a^j=@hs6`UN>XQpY- zzG>!)GZNaqH=}67x6KkgYbC9`0A5rj`W+eZ;3phvQmMf%f;uOA8_$mOz=I<;#LM1S z91Qja*|YWDbnNeIl%k=Q*vK`$MM;TqS?|F2)2cB*#q^J?JOYG6hzr8w z4^qElJ4m&Nsysevsw2gSRn8qr>wl=CQP%dYs+a2nnO*&Ch>;#M0`IWeZ{kG@d2DrHg_#i`eWoUnIk$&M5LbsflN|0)*9KMz( z^iyxgdX=s#d=YbnmX7SGH7^iS{mw-gtJ4Db@n#edNAHcDm2PqMT50~IE){UtoL##G^uq#WU%mwKS*{!1ohtd{j|09)8inU)Fs2DIK zKQMbWsm0ALo_oq3s(!J+D~1lGOBQCu8^m1AmBUMP5gDbS!}WLA*ye9aXH3BfxxwhO zy!x&fkyqJD;Vvs(!gL>tHbRZTFm~-{P93sQ$ycYjz+;fKk4X_1nrbJH)tRt^CbgpK zO@yr+8aV4~rckm>RDY{^GvZZ1yQQ%~s|bGfdf+I9#lK2<@8dduLjF_V(Yzhyx6$yo zSEDjkPi7@qxg}*o9HF*uvKBV!Q5@>dw;Ssc}bD%0ke{R@(yI zO5Yk?&E&7AB`a|{tS)z;WlUD*tKy(L0=ycY6LF#$-+#Ux@1NXSOGVvcY7#t*TlonK0g=>4c?RKeKkH#+!0BTzX(e>-4~<=3yZGyR z_N_;Ft``USj7Ppi{0Y^0@8Z#6QmyDzp%E)HZ4W}_qH~L)JxGQ)46ckIM?A%_zV^7I z_!P6ZT7Uob(5X{2W&&IFqCki0WztaaTm&$NOFE6ZN-j$f3kTV3ZCzjr~FW%jO zeiVAVsQc(d=y=Yu%3|gd%qlUAuBr7-P-8Jud?;g)j-_8|jEt_b<3yY$m^#0!M^tv=utV%lg%Il)^TL^Zij)M)Zh~ zoCQaMZ=v}Wd+n1c+kd5wh3h)LHYH3BjE*k;@o;eEU*zg+cnvA8#xO+6b#{K`NlbTj zI1&%%%+z0{wjak#VSQxU16?lDSGmOQMYM(4INse6U4$k`_}JK41HNm+$Qvo=?$^>_JJP`f_efa_5p(jIqabkd355 zy4YaMG<_I|NwQQ}#9nE$$1H|Ox_9QB0A)3Nj?AF#EDiAS!hrmJ#>FLIB^8K$ZNQ@A z&?p;X^bhziX4&JunFGWzv6CD(_gzT?(dKPYf~40jU>vsz!{1*DUNJe!F9~8P?T_SS z)xi0zUPXOs=Z?L`Lu}C5ncU?&t&eKxA3)ca=aHZo)tBX^X9}2n<%U@e*84n%wh-)20b<7b{6w5Mxy+k^RH2`Ria zSm@YL=_R^xrn~$SFQiguM~zakR3#W%Rp|INTIAyX ztE-7DvLlCK4zfc<69|;GMoIOq>Q{CtvfTy=Rzr@VOqX8Zw8pYYX)FiPgTlja1?vJ4 zaeH}b!4XfDv;Djd+xu~Owl-MHvP%@dm>T{#*`9nb(#sNBo583sR|mOvjflUpZs95z z#m9(?mvxd-Zx+T-t#y=A|4}&!3SXHCay=6B%vWWm@(>bn$Ea^}!dO%|ejfO=y*`l> zLH9w?HWP8!ctFR={(7*LOTfxMJiguMm!VnHcCJoBbb*|a#QLG6pY?r%he%&u$)riG*;M{ZZ_tn=3u%ppt z#Hm?XBG^$8`zoU3Y%U`spf8lvBWKXuqj+X+0v+I_vp0($qj7T#t<=mttYDYjub7#b z!EkkR6Bchl7XPULq1fLUd2d07Ovhc{Zb*HBE;10*OOvPq_RU-~8TCw)D!D!~T@N9; zQV+IEb2Yd4FuH}FOXUP<*Hvn0_ngd&D$3?>KXAbKl5WxG$_fOuG!q*rwd!P<=evbTHa8>rTRn_|* z*AdrS>Wl2uWLnwIq;qYCKI(m*LVB&~YroqLXy)$o(qvqCfAE+c&Fq};io%)vD9WlF}B_l<&i4|8T^~TJ~ zZ*Xc7dF*c#AymLu`rcC`n9&TNo{W?h1N0WJisesM;o+y)6h`IjzTP<4$0!2+6YTd3 zwZX$dm!z|=bVkT>zHc%xgKrEJ#MB`D^|U1^?#eFHB=_)yCbVyH_L5Q_{-G4n?dAVnv2KAc{F&TO(ae+Fpn@lVc%x-h)$96@N!C1$sP|`_=ju zzkpC%#jEjy4dIIc=(zOIr z!UEGKm~SV-#jUhJ%d;+BC&qQcD+H+8G4E5(wl9u(nws!eio5|Q+h-?MZ+u@()#m1z zL^N0AUm}s3-5SKL5HXYJBtNSa&WN(yj{U#H zk|uKLOAtcrFeqE=_Kw|YgzWhDQ~e*dStKMpN|6FlKkc_J(z57HyNQKzjJX%`aaTA| zULFxhVtK91?AYDbHLspnEFz6nl!dN5yZmktiF1ItwFRCiE42~X-gFf%g?ymhUEjkK z`sZ(x7(ww2fS3gR=;J~RU-BZf8%w05F-sTX))O0S;gogxVv<;kd6_GF@*5+zDHSd1 zt8`&&4upxv3+|r!M&IQ+Yilz+%odi)qSX^>)3DslkN{du6D=vb?z840pYVRADB=&T z@0|XW3^w}^7Qgc=O3=)zPJ$go8k?J_D~Up>eP(W6Bv&YS{Fc?W!0?z2b>3F0NBssQ zc*&TAX#%0{y+LF5Nt2h8lhN^3{%j;sbx}p7_9~RfX>JVFi}1B>d!zU(&MM}5D~uNZ zv9wA0e&v8W>nRk8RwM>R{P=i6ucq_6GfG#n6;m^`VKMQ*BN&sOVJ5301pV_nyppxL zY3;1f61W#Zcb|T!g*`@lY*<}|j1Gl_8P@LPed3h36=L;SdQY_+1eql)v?rK!3G4QV z8F}5eePo|8j=xQs(HwAwby%(F!Hu2hS$w}PBPb^?A6s?Smjzoc!SmqW$|{->m73a* zxEnW{K05E6{9=jsiBQ$in&pBH_cM-WOge>T2%6z8HrYw=G^DjBlWBiR2g4t|#Si zZM?n`-tS8ghfD(|>k?PhVYwv0#=?z`tk|HG6|ghgoxXsqO(A*_BaW)6cztO{}Y&Q$oLxiFCmY78Ig2XF1JB_5x#2}krD z->#i~tWOMXu<@v&1fX*aVD^LV)NQor3tR3KS)+!|jlSj%Zx7CRk=c#wN??gX_p6P! zzFJ5-V~EFdc3a%kchbN)^c=+~hz|*zKQvC9qnUrKz6hKm(kvje=g9(1uy7A=k^aRo ztT~+s$zYUuTvz-|@qy-?mRBd>gew_a%yEnJY<^Bgi4BdLtd3}pNO~NU zFK1V5hKK<~{FvYATKY#F5a1VJaLwpUuM^mOf0Nfeux+UnI>8w7X|-4#UtI(vT)T0O z@3*f_UTq~gStOn+Ysd_AuV|mQjuKDjUeT5+KRY`&B>tD!o&&+)-F#q6{w_OjG9QF!9pJ*%s4VRt(t&E8^ z!oPOb=(^>$l-Zftkx6&d>;2N9!ctmwOZ{(? zRoQyE43Ctkj&GK`h&0moLe$J)pRfzr`Q(LX&Pnq0^BNNYJvK~9ChERRYxMbkn;B0N0kjTYh+uWLYc@qgmPxm&sC zv~mdKBe7ICBKu=$BO9fx?fmQ$Ma7mS!y#&Ng1z(S6?U0<6vHuBn2S?8LyjluBCy-laPJ@X^;!U6x#54nQyg0K5Gzgy)sgko~r*SI>wUQo2=FKX0MW zKNzJfgU8r^Lz7M;UJh&LWEeuf?b_TPC2g^_JP#J~6iDxg788R0@rhMMCh_%tVE>K2 zqCZK+wu-q=Qo21pqS^cDGa~o(ztX(IiKDDUe*%3iWL~mBN5F#uplEi z$8VZ*UFS}|T~_sFF=ZZA+%(g(wzJh?O2IwHTAM_jGCpbACOCS)nMn!j}xAAZT zP$g&@!W0V0cZ>RUegz#dCnF<2v1i8+97#2tL-%OhecN77dx&QVEO$`(S4QDFeYhlJ z7+v3Od++F%ss?>Q5iz*7DSQ*e_T2sVAQ{3Dpk z{dzAqinf_MdNJWG~y zH@n+Nc!j>sGl6!9n|$gK{bp_;j{0Ni74*azlOY8?I69Ntq5Z;qb}gis>+3O{z}7SNsWou|2Bt zQd`Vl*{XmHrjE_YcIx~2Y+ujy@v;hc-QQ=BaXDP6fBFFF`_u5sp-D#WxE@+Hpa`s~-oa%vl7$0(nB0^^K<^g`Fx)U50$ojMsyLv=j8KEH(|z_PP_C{I*b1qQHhl z_cU3S@sLQ`drvyV=R{7SVI$9ujALbT)YPN}=3(50R$=^$XX(t0SC(pu2*Dqyj#L9l z4(B7ZUZ&-grZz}`KbGA}Qz6HLsR!!CU48emI%q>(kWx`SJHP4?n`T*@QY+!t;EyT8 z&BISCz{d5bdu#`MuEvCa*Q>#6Aum}_cXw=GUtd;JN8Pmm5Bh>H9f&uPQ3r41ZoXfS z?w3pWa%kzC-x}R0VC&-wA7AT|S=i zR+b2fzmevh{zyT8AisyPx4%bkL_P9D^&|7|@e!Dm{u@YCgYA!& zblLn3Qr=Sp=co+b@%3}Ltf~Ks<}Yj#o8f9lu`jvUI^ykw2zcvWt*zY1d-4N8G00KK}cuQ#&owS zta6LXSrM;f7fUu_omlpV=+o*ytx0oxPkbV**=bo8?0e(IUGMe;G!=%1k1yEkxX4YA z{66y~VvWc|v+Fy|u2a%zonJ^z{pHsAFagI?sLNBT9Y2;yT&hEr+IEvm95A4U7n^+? zj{7{Er3%%>CZJxoydT*x=sg`(0_R;NuH7Vd*8-4^L$=n9Z{m*@!|INrb+EKIo3C(I>U(5Hm|U8NYt$EB#duy#@|yMU(CveI2pM<7o7iqi zUioBCilQn9e3B=&I1$vBm*m3qvZ%sF2Sy}OJ33CfIVh$ZS$_=Qu*T=D2Z6>GYChv~ zX?Y~F?va#OF?iVTs9I%zl}R_h^$$-mWh4f?SB=9*3!M>tqzP?lyoJl7x>`mO$khy} zS}$!UO4ViQHO3Hpjlu}~Vo5$i%IwWGZxexB!qA(}gtuWR>Zo5;+ci0Qmn6tSUNbJk z8JW7iR#iT#<-0-IgV;4q9!`aTo*^p9E;+Pctrp+4is=E)VsBEVTwQOk>3tz~JB5** zlFaVAc4kyvvmWu%&i?dm23PHJD7=F0uR3+Zw#yRl29AkzI^Q&@!3PzZq+U$3)L~#=d|vM8 z$RpoI8xQ8P8@>C;-OY=JUKNfxQb@X9goxRv)Z zAmotHx3rV!ZMY4Q&4081Y=D;AyV3Ejthrs$2=2SF;lc=?3 zknt8PHs1)vtxoDcPgLc^(f|LdcsF0x6~khL-;Hy;3gtO_F1ybw*w; zobPBU3`$U#$K5_Uxi~w*kH@zzIOJVk2E^SphE-PL1ha)%dfNgvLL$!HeFOzv8w~5- z5_+WozJrcNmX^9wGL{7C1XoKJZ2Ls_eh+Szj;tD)-C#7Q z$?oV=38CwDJ<0mejcujRieX;#bR+j!cQ5c!WQ(rx(RU#)d~+9I8=w>qgwcVf)|>@G zXDoGsm)ADBx;6mFKT+G2Gt8-S#Zgh8LC)zX>ZvGQW*UnPbX7|_?CbACQ`wv4;MFAl~ zN#uQY{AMlfXqf0BCHi1t1~dBEi6}-PKWK-rJ~B>KssKKIe2+UoH8*g~1ac-wutodo z@|OEbOfh+d9-Gzx02&$^>SIKC_X8Z06!a`Bw(b-nUVLM#CE3t3Ym9$>ey)zsOvso5 zv}Ddbv&Z)FKx)_kpGdK*pNEFRw=I)WKdm{o=urXshPDU*9QH{yj-jUHKRv{?r6%JJ zHgVo}|77mQ(DZc2Kj-f9FQVfj<~P77h?R0B2;a-YL9ahA462*jeojo8c8@ze-Pt|* ziv$=_vQ|)hS8iX;g`yB>pD2m%mb?A;2sM~&X#~T2DYJdTONip+)ueMia}w%l;`*a` zTir70;Vy>rq_ zV>f)E;rd&o!w(r>S3^*NTj{}7xySMNbm!n=7oUFW+%$nxiG=du!M_BZa035BC3#)` zg95svcjv4M6^lM-NpgB(1ZDZv=-wZ_*DOagrf@ zINI$hQAfbTt`gH|Btv8PehUBqe8=@xOGl~zn<^X>i7a%UUX_4^FY8a(N`##c$u=75YEDIcp}u$(~gW3Yu+ zP+eDx_ffsg&Y*jMtsI-C&P(<@~? z<_F&^&2@26oeXrnkJWv6{);tusS(KfHYKQSLaS)%n8_afkV$Mt-)IaIlx7~`(Pyxj z#dj`=Te2oyoyFFK{>??guO0e0*+V;bKjThq38s(8yKN)Z)1%*uQgZVJei#i$b?}8B zw|msJHF#OMV2-{KUq|6Jvv&$|3)jmzyyR)veyiP9*MncOn=-AJ%y^8h$Zl)2sTZ2& zVJN%cw|z{lx6Y64vjzR_X-EVZ`-T-i5#D@q0RwsXnA!OgGjVa>dzq+=Vs)o0Rp&*H z;iy>?|6Z07!Kl)S$uWJS%I?Ho{dz5i!CZ$ru<^Ks)2Z*~?|IsWpU~eEt;KqbR<0U$ z@D%fH)-01A*HH7s| zU~K=4q@XzB`>OY5m$$hNLL&2Ch zl|vR5^Kn1L(eJ`ibi0Lh?(TIEnw6-NJHRx)(rjE`+lcPk->N-ap<$k!6A;Bd=xAhr z(2EEY)&0#vSY*=C)`dz=>?#@LMED~TF1CX@b|TNZDbT91R+!3kkZ-x65B}}1hMoyN zYpp`u@ob8cetSDB4-cB8xNTKNbO+c+6UNPDfSs%*EjI{7u$iCRlyA9pw3)VZ3Qow3F4 zM9sIC!(KrI%#D(oc(xAcjCbWWP}HU;UD=alB2to?JEb>{Zhlf+|7z9rrA|RKru!>E z*IV$H_0Dt?SGc*UV>uhUPJ#Z=z>;;=ipjt?M~$DZ zASroMIcem&B)tHHgTeLns=VUx&4wiAj-Y`_5uv2%!FYcmsmSW~A*k4^^TEP1ezVt~ zicT%JsRehHLe%PhGAf~ivpmQPCou@1^>_;HCfM^mNl>fYD|E3mopk6$dDCv%;bT=5l25& zu1PL6ne-0*G6C7cGkr5(Zp&-ay-&L@7w@yp&{^h{qstfkKkN7HQFhRbEsA`$KALu8&GYSr)_ zoT{XvcB_frOcbV|$MHCueE$)12ar0S*4nMF0$Ez&J^-NSaR<>65+bEGZpAC;O(f}V zaO+UjI^Tb4SlS(Th-1G9y*MEACsQBYP%IIoukg7So$UBbM&d_evL>pngTc0;dYw!* zOG2OJw@fPls&;y2U3DIVAE32!_JyG{n=DZdNF^gT6Y4`JW}0>w<6MLkIWT zcRbQnu872d=0_Af!w~sJWBI%`W-SQHf7)qDw9T32V!V4bVKXzbOzpJ{bYhcSMaB3$ zis6ao_opT-76Cb98-gm)ddvFuLTmHwQa&-9XrDCm+V1Su-6Gza_56&qJpI=A=GX)Ap|4 zL`-O^dn;e%nDWV1!?wm^;yQynuQ$Egn;TNK#Qc4%(R3n05H;WfS#9o~%#Iq>lvysK z?2EbxTsve&@3*FsgLl;D=oemb_Q}OtJCGm4srKP(XAQ`XgFeGvY;VW3Wydw#nKUh! zr0Mt*Eh{G{3}1vasx{$xqp|L!v8=4Q9Ax{xqZUU{DEP zgRk5-lJ=56sESG`!QKC{QF!2>&;60rkm|fBKR@gRfy)HMV`zTjWiPPvvD7}KiAZZZ z7Cb(qOL?JIlR!%2SCKwH4a&i#Y^OQ$t{Yx@O7K1-bq2htxV0n^8 zxrRKDyye$t0~a+v*iZEPKO^t<5Q&-ZwO|KI+8!sd8f@(3_L%uL=Oe?e@2($RsA`=x6=)G2L2=Cs7d> zE}g=jI@RUCBe}~j87{&AH9@lUHEyAmOr-c>4nDK}ut>$n_Wop_w_;tWwjK^J)Soty z^p|TUoUDAT2Mx+#fx&iRSx8(%CCtnX0X_dDs-Y zM^ubg#BSF

Ro?jYZZX_}d#Hu0+lcCRDAas5U6;Yef)~)bCiOr;C@onnjqcJRJk9 zs>mpuc{cpMqt?pWJD!l2^ml_N))1jaZ&g5V*k+PWviXqBijRz{?CTW-<=bl4Yy_A=+b{HVtM&c9a=XX z55&yx^E6IrNbXSM=n&R&)_L?s!Tm{mDVf%qb<-=9DqhlNv+D-`nE!+*5BeX>(3)j2$b?a(qP z)Wfb5ldg~b%MRYEgwQ_o2bxY#2fsR4t!sHIx9EwiFJzh&vF;y<_ctU@m_*_jP6Ei= zCY{@<6X0}6957Q2w?j^wRcH0hmS#Q4k`cO^>R?F#my07r6iH1^q_~UA5SEY@JO0G_ z`*$#3dZvHCww{W)i}TQQHDS4mzZQA{>Txdi9Bw|v*XK$g1ncNCsCN%|lurV*9zSsEamMj=HP@E-4(0B5tbbqpMgm8Rfk%{b^#$$W!ZcA=VPS$tyFwv^82- z&aGIvl}7PgTn2sC&X!+A$Q_b@(~yaNV|+bXlqws1^Db_x>Eiur5~k9 zpu&Ds!T=9Ex7ggYa<2)eCT@vr;zM{OuW$2Rl;G=yFdPdX4=)VyJF-e}nfvb(s4%9Y zg!Yi>Ea$5IA@ny-_Lk^(eFAJ_$}-M{Q2&Av$x2wx1`H#4B==4-@CUDu_g46I?1}r- z5@?FL){sVIm4WM=aa@yaUVp0q6bkkC@}mT5KZOqWDWicX7D+oOLu`jmt#IM_ep&QQ z#t9#h&Lr->`Fo-6d>5(pqnNC3kUbwO9qd)RYKsqN^>M#`QE>?p5`Rv^#?Bgn-!3d6 zEw~!cluSFcgCE)`mc{-%)5ZvmzOYFccM6LrHAuUcc9-oU)fIJxe!x0mQ{9W)lG4=BN@p<8EX)%@ER~k+XJw3gTQZjxZVm#t?F0CLD)IT* zCZ=ZZUsmdR`}`pd#O>E1oH}abB|@qEtsS=V`1+y>H6X=s#6)(9v)SfnPMplF8003;u&S zVsk5Lu8WPiB>!8(&eG7lty9W7xGpP_6p{>&lAJ-OgI?TR!YMG0P1Q07E_m;~b3|=s zv;xykh=>DqgtaNe&Af3GH$$$Tqrw=9Xti)~_NPfz6;Oja!u-cS%izz8lIpp60eg@g5%^Dt<^-wxPYz%v{kci27ye z*XjjBV6Z$mc5}1-Nhj_q2plWAKkIpq8lQjxr~IwfrqQZe2H&f=yQ2HWhA}PA@@HIF zb%E;ZJEPR}fRhvJm16DzJ{CGMac6NQ&d}@TT}wVRb~f1U#ntCjypl{XBC`|OiRQp{ zogv@MK%^4~YVQ_3%#X4m;Pf$g_s!R8k!cLnF2*}dOf56u2caAq25pJ=n(wlr0$0O_ zt`B!mANQZV)KZwtGL=S}j)XsAi&3mY3_YOK1RKT29=L5MNKYunDWNYy&534F18eLN zjQ!(CM8&VO^jyFw4JRk(w+%$@_yj+Gf{guV(d^xF&hdY2dQ%fltZDn9X%Z3{=}I3E z(=JJvA2Pmt{LWEt-W8ZRCMF@ao{vDnQY6D0C)lw!1rP0ao|#4TB*HhRK~eVFaX0Qq z9gh&j-_otf%?bxD7Ts_|_9uByc9sp7zz!pHviT2W$4SxK^Ne;gQ_t{BRGY48^ zAEc4Cd|@%<*SoR&LPT4hMaHzR$xQBb!$PP`%ZFZl^~Ll;7(qK(tvC4y$vjOI;990e zU@$%Zi;{jQb0|&>J|wARlRyi#tDL(F!*J&(64GL(@@#Gk=%fl_@W-=L_JKhbE0+-Q zF8O_&&MTnA6F0IVU<@TzUz%=3f5J~m_kt?cW61zZ{^E3%h3e#-1Q(3Cu7r*Mpg#m+ z*?KMY(%vi-;-+T9e24;L|F6iWX4z} zfo53i@@}ZKI>05Cp5=-z!35gILnSO+{k;#DUwfz?xAQiO#s=Q7?NSAP8;_K``9cdJ ze22`I^-zUB!P6Nt`0GAnzn@8XNw7_L3;VjTG??`hmXqd_5b=^VMi0=NFXU*;-f}Dt z<)ZI)|ALshE=9RX0C-9H7Lp0DDGll-xfw4Y!ma#=>S08nX&h@f zw(_;iz(o)1!&n%-et$qoOEdK*8S=BXh>lWiU|;vgv3naBcxr#HzbP^=F^2+K;Ks9y z!1Q3V&w#v+j#&DtnSmc9Aq)j5-t+=x;UNxI*EhQ&%WFayysfQ#x_bj_->N&B-zf$_ zieYaejoO4G8dEBj38X`=wVK{wX2qL zG9xIz#|-3ddMP10c&8}BSINu+^C$4nTRl9)9V%a*5$XF;TIM{+)42;-`42|Ksuz?V zxF$)6EKHultM}(*Ka}4F3OqTJ;9s!Bbf5vXJIMcA@U5M{GpOgwsA5W=#Q2uTrG-c9P9O(ZI zuZxC_s8@W;;-trw-)$!KlV0*uu;eqd--9gL;w#!aCQX{G`p@?njX>_4r9+6Vz;js` zuVF(tGf*{^29frW^e$aTBgZ}Pe$zS7-5Ud9I z%`cOhyE=iL=sZuRn%g12AzWL;BPPP*R94tqSWm+tCv*RRntEe;s~LGu$YKO!{BP!B z7Vc63I1Fgwy_vj-!=+iI12@tvAN%7_ zv3-E{BP#b&w~p0`V1Q)7TENxTd`DR}@1R)TEV0VCh|fo(5+ z4zn(}3~kQAS6#v!QRq^94M+?_Mp>B{EUY3;e^%5gM`DhkY}sxs5vPDpMIGp<=i1Aj zqAHjeHk_uJdfE*8AOsAz8u;-eghjFD{b2x9Z@pINfg|&6;2(k=d z<;Q-HyJr#u@kGQ~gC6J24A0s1T>BatnEx4Crkp0ArjAiQdKv~nHfA>1I=EBHEUcV( zZN>Rpn(^<-AJz{j^;7e(^vkM?onV(mRS}Yq_|tU*U3vI@^6Ob8V5jWK@q_DVj6>d- z1X{UU7C$)S%RP!nX{o7%YNLAJV;k5g!qzTyGG`2os0lSLz%WCdWhGyI6ke%X7bZ#?SfnfEc|L%v9mC4BL&qC$bX9Xl6p)MgB_iw%rG~5OjQ7Bf)}bg4 zKe1WUG5{Z^`}FP5O4;2BFcfB3gtd)fIPsK?X4hf>R|GWXv z2JP*y_-|6oJ5-%sogjyT_vlt$q2NKsu*ILAÐs#g2yohmQvOiNuztQI&+!-;W&Z zby+)6-b*<%@qhWUR8SZ3l(~?aMTVaRL`*uTY-iSxu~zi*{mguo&iJ*35Q-F?n5Tnn z{iMMWRg=5EJtxhgfwfNxpKTgko7-dM@Zn*4m=%S)I)m|)3@L#vLHj~nyjO17iMGtu zy`>xm49oJd21kzPZ6h3#qGIlN>%d4$^6#`%K#{@HJa%7FITaRrlS0RjnAR|Q{HLCc zlqi3hV1>}cB2vRVO;>ZIUr*6Q83qH#2g@g)&>URfJOI5dZ=DkcF0XHdqQOy=he7t-?~buSd_saj>l(7bO=6?hVf&iZC$Y!L?>#@0L5JkOhxpqk z2z26$0MaPEx%j?z1j`)B)a8O?x54K0e6Zte)RNGOE@xxF#ep?A)}6_w`4xHl`CHO( zwQF3Ga)E>&euMdDXV9rfr}v$)g)JQLi<(9uN9>h(RpGAy;sc~W_|YqcqwG!L0%8oPVwes_z1M>3(aszbQ7^i$CVT}r zB&oi~7e3%COM14Eop~8P|8B*Z`g+jZV$}VZ07;$Nu0;CIMeIkX>QjQYL{ni&BUFW? zm4gq=zedEz{J(R9%dql?UFC-r`U@w-!+(!xcT@j{$6BD+m}5KSa}k zV4hJ+r+~qQ5qL+Q$T3un8FRynhL|=8g9S04|8SPG3#XK{o#!cp?B_CJ;n7A6b0fP2 zlx*7B8$@+*_#C4@Jv7yqv5_K)n04R4{y+tvQe3t7Se=?`5qkX;pycc4VibgS;p)3z zl2H?+$-1a6~)Xjg>%vY*sing)>n$ zU~cSsTcheYzra}%>28P|U%d+_XQQ)k7LlnidI3MLV0f;04yBp3ddGTBlo>eq%Glyb zWuz6V+F&ixmmK~Lz;_w?;BzDyR^eHmlYB*JLGNGX{1Z- zk?=`KV&ot$@zJYm>2J+_UxX=GP^IM9a(_IoJb0cSyc!>Ns+GW@)^2K=$DS5Vax)Tg z#?WKi=&o`>>mJ_&R`$N!Y5j*doFWJQg~Haux z?xsn6X4bW&n}(6CuCPH+=LsLR&g7L>b}2HoG>ix}ooiR1l1 zsKP7`aqOuVCgL}KJW=f{ockc2uCnVM&#o*Ur*L_bNyHL|z3AkP16=dp8%JYML_k3L z72X<|=7k#7YK^ZOvcN65fJ|j~Z@591U*v?2brmZm>DIG^kZ7E_D*n5$hne0?YNE%7%OcDqE0bnurNI_a zE9*`Rieofdw)EBvJKqqh#p{*Exz>)32A8%H6Lk+5z4y{kADnbh4f#Xjy;4L$niCPT z(AVVY>f`(Yk4#g4Ix$H$)!aTl#~=3w|WGVt@saSqpF_87Cdyt1T^ z-E96;`jW)GyNvXv6+QQ~X4l`xX<@8PYg?>Ugbz+4#2Ve&Y-i6ZdQi8(_L#OmFdqV?z(t~txT#(){4f{RC zp@2B>o?}o-zHRIP-JaRtfQZPd;-Rgv7SS+yg-qCi(&A$^9_dErQbMYpyWQO;(wQ?y zzFGnTR&*Z(*365oo{<&w0g9fg7}R}j>ip8pF98?8Lse&w@zbZ>e_b928k85lN*JRw z*@`9?a&=Yrk!i|X-mHbwr$Qy=RK<#rUPqNdi7p?Z@hL_BJ$ zhO~o_W^IHrRcmav5q%duHYmrnBX^kFz`D9>v|)G@Yblh~c4Aj0o@r*_N0v-k8}_B} zUbnuogj=lVT2F!iDBvwb5eaI;XLC~Jek<6)zl1thXf9tFR4hEu&=D)8=oXY6iTXaJ zqu^^NQse@9Yaiy0EfEG1M|Q{$%YZw=3@{%hW7rg36UM4c%Scw1rK=;+C=bC%K;Sn5 zDNU~~Po5YC)WAr@~rB8o2J}+QC=3-Dyu$FX>zyU60a@6e74q;SN zw3XS3_-R_ZpJG5S7fG2BP!xR%ktgA&r*yvDdP~7ibrb*EHOy=!!ni$xl<$y5gt&+p!Og>eG^ioWlNZe<>b{oC;wqAYz=FB26Ds< zxkj_R`}s}RqLQ0Ccb-zC!)Jbbd1rh8DS9j-JUj7(RS=q?{{AOKXCYhS+K*?kb=57A z@;;rxBw%3;{@j80nT9clbxlunYaeX-#!e;%FcO*gEX^@g1pqN|5NK#=?maNl4IJm;W%N$dHQ9AgMJ$J87Uv;j9|g>Gs6UVf6Ovx8?p0M^Lrk<#0J_RT0Q zmkNZY&Df*&Q#z`1a)bKbM$@`(>5GCqY0*EBp#uRVACS|Vv_A1Au9XSIM2dFX`JV|? zso?U{SNO%lad-kW7EPKjP-;RTQN>}!X$oURhJ84Ylf)>;5X(`h){XzCTEjG!piCxOSHGR0-`(E%;S)Z0NN(9l30&r`wBS`A|VewjexURUZ9WyHb7;_E|e- zOUSU`E_AWPCj05g9LRGaPZ@lK7;eo-{Lz7;kkUaINiY&tiSQl|H(=z95R1}!0=2);WG1xni-{Z_q+8<$OwREB)L8XY3RjI^d~=oXgnN>qxD0nhWnqojB}iHb5R}vbUrV+i7{v9 zw8&V&mOoODd2%04e-jP>f+B$i`}Q|OuPlw@($Ox_b)S}(mTapgv2@>ZSC!5GtDk(? z89j#v(lc}|9D^Dafnrz9NCo<;N8ZN!asrNpu^AGOs2Wcp%$s&`33zPk^Sea<*`y0q zAMO|Z_+Y%;IY1H$R~II>jD~hi#~VE+>HW(7pUW5`Gt-fQUuEmfjYeZHaJq_I0U%N! zG|Av@*kRBgIPOL+tk9T2?>AFFbRCmI!F5}`mxMl3!&Yh^V7s(P{4Z$L++_RH{~*Sg zQ-7@f+X4Nx4f3-1|N9A=IpiFV|JSPYuTJ|H`ERn#|LW(J)&*I`7sbCfT7O+`oeC`` z&^elBRTd9Z2yCDJB#^)T=bwXKd&?t5uW?l&>Ai+m?p}HoD~|1fG4PK_Hg3*x(lGnK z=eY>??X2Nucqp(>v;;m29_*VC{P|=u^{;jX{eoAh`{U;N%mD=@Ng_Q5eKdu*T+TmI z-##^w2?sIR+6c#gv1Gh2DCu*H{MLA>BcaqFTq^IoZ(t14anHd}kp!!8a2!jxc+2Od zxc!2JCSF6^#Zy>Wo=kDN9Ll&-+!@fx0XfuH$vzZUiXc7{ho#-*`*;)Y&t-|xYszQ6 zW|(OUv&1JuM2s0vXQYDxj3t-H4{yguY?&4BdT0xN{=h3LW1LP5{HO0hgJCQD&>8!X zF;-?^Eu&{esN~W6Ihu{Q_>GWp<6M}f2Nq^Bj8I;@Jwn7Dg{e3#J3Ad{2A!QL%@z|R zCX5svB@>p?Gi*aQ$u#E-+X%w(>mel3N2v9ZQhvv$N1Y(#$)2r-r4K;O-|B;h>xF?w zEQ1I7%~<4~N6~zg^kXK!N?#LVKwLM@{qaf}ekivM3ZJ{6BEm&$NM^!801ThN_~z+a zDxq|W<;Z6uE4SoAJ*{J7YYzO8rq*oWQTPagajxXs$YxiJAPhpBnlWYet z0za=wli1#EmY4Kj+J9P4ICJ-bmY+pF`aOC0|9=nMZ#R@OWKdnQl=T^#|gLs^SG( zCl8KH9lpI<^vNzF;Zi|C7=f6t31IqhPEw-!BK2t;9;G43-sV9qc}-n!VYNBGe7=$P ze|g$}ydzvSBSG^%kgDAWXlg){CLDn(NITeOKRv4C^fwbkk^U94q0A&z@Yd=Ca|E2fL<*yT4duZ?2pB3*imusy(|Y9 zo^vdG;EyV__6}sZ*y!w8M=TxKUEDzcjs(CmDOZz54^QJ8Cn2$ODsOcBg`K78q=>#f z%#0+(lp`oAcpF5)O*o25bAyz0gi@yeN>xG1x!jSNjrNm)4oab(C zkVVqitM2azsud<{XUf(to%$fLh=^^O0FX$SP$^ixHw+2KGb3BJuo~oiJ4t){l^->f zrAq?c%HD6JXbzONp0-kQV!N|o(8*$b6?<(B!t-TxlpplAG( z)3eo)ULvpZ#-Qg=8jR&#qV^AI0>)McxCK>$Q59eyF>S_AHum79v?crhn#AvBto4P} zcDI%@O_NeRy0`GukCQ{j%xv^&`VEjN$Rs4)(!-_v$%Yh21PL^p+93k^m$p!-I8L9P zamtofLNc^r54q0n7lot(q|rpICXPP!WHIO6!VK4IL!@xdaEg4qFJ4^y@0ay8bhwr7 z!AVYjR#o-B{=SIaCpQ?zl>W?_g+0EAPh>TCGFu>r2MP1nUu!(gcY`*$LLXm=*sgc!Yf@T0}_yM7?dB!3zc8rmp+|K zFsg(kRz+V*1JiSt2mWiUTY0f_&^Nq*YF@Zt8QoTN)soU~I@(!OZ_#9H|EmO*>bkmU zK>2X!G}aCUj;^s0ya1ssDlHXFllVkD4o;qti7s-qk+MDj#uawAB-EAWCPK&PQ!o5C zJ4i+bk*vpYeEv77)U!EqgG-QJH>RYTz@i#~cGo8qC(p5!#DLJa|E%g$M@(2;6y>C;ZenLp{7+{XY zHCR)XC*3<$^iQnijMCt_#$Oq46HcA~;RHho`a;YslT^)e`cLw{eyywv^rD&YV>Zp% zlOWQcC+K8-n`u199_n3zBvvF;N)jL1VC-kdBIiEA67skw7Rtj;-Pq73K~d@clYF1w zwUh31)dr1kj`K%}T9Uwj{;l^$9RNORlQK^gQzDYL`Y6gvU`RFf3FI)xPg=3!Wtpy~ zGULJ0p{@|&-NNoC8N2>&=dO6^WUQPB?|4q;F`deYwyV3Z1A_rVOInN-IA>|gQZlK; znY8bFulV`D)2D!izh4_&}zGv!emfS%q)89UFeYBw)zKkhexhC^BeE%I3fdZ@7Rcv?J+Qh+-cG| zlaz(wS=aX$zW%bvDeG;z!5HIHriN)P#zm;m7H=Z$?zl4EC%jw160QEqW@wuPpm+}$m^B9oH2pw2$5RK!gHt6U0oziS;v$6aV<6;6jl$^5;26;)&~U-O z6-=E_Qe)Eo;cfg_gO#M;wK|lDjolLI@|hs@SCO@klwIRexTPQ}1w2xw!MMXCPmTzc zS0WX6L*S{~r0Nbh1da4&OvYR=*psG%{AcoXuH+wK(;OGra6Yh8ViL!R4;knMJdbWj zG+=2N7Tl5+bk0qJ0pZP(eZHbGq$`Bd`rxehSe)vy7!p8m%X*b7vd)egRXqsVQlNfF z06a63{Xs+rJQHmmR;!M$oXQ<|>NbjPf+Z`mwN9D~nS-wv#Rh%Csa`DtY_a(5kP!gp zqrqn2qT(F*Z^>ZJ^p|gHg)S(d^O^!%rJRjk{;K~K&nQ5}d^_bOF~2z@GH}Y7K}{ii zuC!tIc6!>v_%yZ`2;3tq$2tCh)Cb8m(L-fcy$xokyDGKT(n9!bM-0q_gcr4<`Y@rq z4G=R~km}aWq&M7}M}JfD`ZFFzlg+&jd>n9- zyW1e{{IVWw1O&u#Dvrp(HkQ_?Px*@S$AO>W1S@(5=(r*4?$W93$<>OQa73%$T@mIE zD2eg0eB<{xTygNJPj_hsBHy)ut{Xzrw4#tc-Oz%jptTuxpw{%38nSuo7Z3=gq&nJt z@A$zru^rTWrYA(q95+=PdeZeUsAu33dVt%Mp z{#v_Ho{6yqMrACh6G>mivK+1dAysE^BT^ILNsDehJO?=TeChZdv?=)8 z1^Dw>(Uzt~18i3;D-+FNlzXNbEOxg+IoU6oYH!t?&HjL&w-NJh`Fx_|Ed@o(-+dX{ z8lB#k>x$5?y^foVY(Gz`IB@lUKrW2U?A^&95y^HIDYc@oa(C%qT814|LE3)q7n|J> z2s}PuWJ&f^Zghy;y-3deVs1#{Du~LSf0VnCe;hmbBORiIjWhhJNdOH87eGP8tHJ3^ z1}i(xCbx?RoNb50@|36HlDOc?$i9uNh;)vIdD>Vqw;XX$GhuLdZIxo|7@ zJaWCItdPnzRcHO>n^RBxe^Wt_n}ss!iyWX2}EGe z!+8Jecl(Kbo_KM+WK&WAZOxD_E?%PmLix}^(w28EF3AAHQJW=(7*^1sowxuQh3LXQhBr|_l9$5Y9CTN+yIfSFHwWh7MvMKwDFdQr4FT)hOIcz(4E?7JJOJ}J!F9G z!gnG5@-~8t2GZ&?llVdgpjhH$pJ|zu__op!TwxQc+67XnZDmJbUe}fHWoyDl)2i3~ zQ5w#ygE#42!qpl62D4^W>MQJxc(| zRTqkwaD8A%DW#nLka8$@zfV8A3_4lIVp6*YiYKP&b`Qb_bBb?3Y_5ll@E9M5Y}3f4 z-QVdy9YD+?KDDZYzn5m7iO2u*rBI-KdRNXKaL4GW!Q>x+G#0|(?g-^Ad8T<<#0TSa z83PeAtwSuI#gXx2gtT-d{^g^LJ{Oim%{*fh7+}wR;)1(tGcqHI z(tzTM&?t>oBM%B(YR{>M1{5})LHH(Ip$v1TIySGP$gnUw=Kh4;vOTxVg^zn9vtc*b z>SBHA1_e2;ktF|u1y*gsk-yj~B&$Ij7T+Gt`u&f1u)7dCb`_Zfd}(orbAVqBs+06@YiY- z!r%haw@hEqiI#-*EPR5b2yh5)T>Sy~#<0i%UVN$5oV(Y&wT? z#|_Nn;{gUH(jN*2iyVZpvkE_35YUPY4k(uforF&X7B_-Iz12eMxC1KE~7*({p z{VfvhbfNVjRpiz%Vm9ep@&jvlc^f5hy1r z|0x^b01ie^PXBOkwu`ffg0s}%1QiAHHhjI1@Q!6b_A5W-$3&hKX87gxSFq#g~6bsg^DFwgxJ+ql3?6C9A2C= zi$K=N3R{B|1RpSmq(1(cpXZ0f^mt%}&I$+H1;2HJ07<^?gfUPB7pcQuC8d zjV1I>O#K*$z-iXY?O8#QKM5@)^2V^s|9NX>GrVx!6tIRISV4?Fh*69V&M7*Mwp=Nm zE_YeY&W)4insGsc%}+Bfp+ESY?&V2JX(vyjgcGgMzAzds90=oaB++B;=#R&L+(<=U*PHK z=xNzkb$=M)$j@gXf-P3)7X=MR9DE|;stlo?;HJ-9D33#t4xT=K$jJB#46@vOwF$&> zatiWMND*aAHc*`R*jxo?#vIG1sM@TL4oWz`9+71n!cxY-@NO;0vGP)3DY09Quz+vM z(^lNA0sZ{jq-~S3Puffg?8`sSJ0%1fBy^VcQ@in~b6Hr}39Fj7bel8RKHU(f6FS*0m6J33G%O$_snWUj#90_-CRcbDpI24!k$8-FvVuy9Ej z6E%A~MEoR(xO>Mmz%u?0wW=Gt)H_!}FjZW0K5i4e}lEr{RE3VHzKy$U4R(VNftnr(D~4x z6Tf<;_#_z(y-J2d^05xYF-y-A?Eo4fX=7>BhG}!u6AsS}iI_AsB4TF6rffuR?tD|g z1YwRiY*!!uqi&8NDZ`9(PW=4a0OkIYc+XhroB4tC_xZ2!7io&=WnWl@O8TqBg8?#j zE-i-VzQ|JbjYMT`TdC@DZ-FQZO=2S9fGw5oM!U6GU&w!D0dH0Q+Qi$)qjh#8v)BtQ z-J8oRNh>(EAdgjA?;9xZCh)3{{r+{rYACKV4vyqej(;O0J+5Kv{b>8h)y8Vj@hl5m zLDk7iPrY;*>q8_*#O0RtB!1glMbM8ODG5Q^CjvY0w#$7<4QIG999OzQIpKXHyAQVI z{XLR>^M(zZ(9M%Uxl3BeD8&N6!d!xV^RZ>^-!UW<5HWuH*ZzEs2TD1r@P4ZJ^6;iq zkC*Gb_=g^v4W14v>2>AP;BTckQ8`los>h&|t5RNw`3DsZw29$rya0;%{`vV5K#wDQ z?9QKOWB@A!k(Q4p>Br@37Fa6am-M0m*6)5H$d1T|tL?V`M5n(Lwn&Nh@pao~ZeJ~I z+WQPB+wp=)q2(EEWJ1n=6OV<-YO78~Dn5LD`jPr6^QAtx$K{XS#qU{Jmnx35KT87- z_8;kZp~XL{bgS`M(~1C+i|@LML=9b2|4$cJ$8>Chz96@}KS215Ei_^4+qKEYs25o= z4`NmL7Qmo|Dy~aSPZn$pe|ZsaA|uKO7IjKrmK(UO1o1QT4@p&Asa3M(+EjvE|5K7^ zt2Usv>ttjdx(WLe*NCqj!%vPc8YfdsU6B=1h*d z&jYK^07-@u{?9_Fh>to2FMXmu8tGB(S`9M#hr#X|#xA?&^qwBUtI|N_B_ts1_@bv0 zek|F4ic?9zDdM{gC$6-yC9tOnn%qTTgkJ3DN&#SM?5P51LIq;)x%h!PLayG<7WusD z<8F9vq$0A#k#12ft*nwY@`V6vEce1#rCeyfdw#UpRHJ5}_n6NxG{>9DqtOxABa;a| z5)3qU{RAo2+iJ95;&~uvEUWVR2LFi7JNg>y2&_b54HzR)7-I*xA=71bL2O(6Pjmnt z`y%Nh4<&z7|IEDifrR*xz-k^=Y-2WNn*2Xb}J1t@7 zLSlQJLp_mz#kPxQg)l$Q{HJg@Y_CgCJ;X73DnkqBbcs3s6!%AtK|p?tnEHmAE*IFD zs&>+$KBujgdb~GA`l6Lf{S)PNdd8gx;?!>+5nZ6lBhLFabl(vhIqm}%vcEu@m z(D>~&8*d^9J7&#oVA=E5<>t|9AURj1tu3qLf$oXi-rR5FfOXf0fbTqxj9hh6niWEw_%^cn-6oeI3f zHNjJAgSfa67y~|A>0as5ZDJY7|XyDel3cXmQsTcZyS_xVuv%xCeKNOL2EE5Zv91yHmWE=l$+? z@4x)WT3K1=oS8kdXZCIs#yL45Vdq`mKiL92y1ftEHye3*o7;F0eT+NM;BxETZ#^rD zuzH`n)Fs_R(d>ra2g+)THqWW%z<#g^`xSds)XJ#6zHZGJ4$M{}hU%&QrWEU5Hv4R&JGPaQ-urJTp@?WM$Bhlac=F{0#Z2BvV-2${>+W7 zh}wv+vq>veKGi(EyHjK7Z|IQOSHo!mHLLe1FK(d=V^%dB-bup&UzVzq|9{Wg8=L>c zC0*W)32g7z*TuW<=8HkpH3G92Es;_N}tRUd;2aH9~h9#jr zTq0_5v3qw6z_jJTnf$c1h1c0o3(K!M0Um~vqW)+Ho6i|(Jz5u_UrK5ChjLO6qcZ0I zz8*ia|F-$$Phjwx1b#L2PDg& zzH1HAjyW$rXc^C@3ef<9AO%nCGqpDJ;j?#mE_Y4V zFiJX}UAap+`?}V}_x%7jG;M9eu+PdtQU$=dUh_oc%g+%nX8&gw;XMUq7 zBS`#-bJ+BP1N^E>bh)PF<)>@R#dcpDoK;IS_I~xXvx3da&ao-03Va+Mo+ZPn@iTVw z^FllRsLU3F*`Ge$IB*U))NbS0j7KdS2$~dbhyP@6%-&V6MO+1Mr+pQ2hK%$##&Bsl zH=U;^D_p!Gr_^*z;J;Op@Oe)!jF{iBn&F5lF|R zq&@t@BVuAF%K}b#S&I?0#rg%&D-FT5oO@2&;zrz2-ekbmyZ&;V7$XzH)*X!hFR>cd z|0idaO^(T`q`4Tba7aW-a&8y2%Wkn?6j+g{Xp%@hrJXTYYc4Z39upS{u859a`t1r8 zOvy}61Wd=*@*kC9{Y?3ph>M_PTqX=3G_^4I)c^u#@9rTZs!O;(0e^t+{i2P(#3#Z~ zgex`VJ;F4S$4me1 zHGfQ&4gW2Ox<6>$QHWdO58sydgdi1sn{-K=G8vG*9Lgc|dtZ}F;~;2;8t}d#^nZcX z*)?%jRVp6PAcq`~4Z!HTmNR2GZal_{naFib89cnJAnok!;RrS;Sv*1SaW(}Jy>l`^ zDhn0*MazbF{-d*u$W=gzD^PaVRX|8`XV=Cv;8SvJj2j@-wdm@PJQ-ALPaz>ZM7W`Y zIF#UXAp9Laax07^7Hy!37@5>UkOs*oBCiD)(^5@LZQ-IDbBt998yN3A#Q!(%j#pd# zH+3-_g~+DtQ8dKW*lBoi`nM%o`WP#t+2L|SC11qfCWN$bWcnjTje{C=Y$MH%%Kt5S z@gT1==1&{^cFhReyT0*nP)2cjw*?A@APOYD(~&%q3ZS8e!eX5PuEq zJEHed5gORrXNzadiOuqAa*X9?A$By>xQ@U4DU_bmg}0_Z9JxC1FoDCCP2hq8oK~G8 zU->&;`VoMaum$~vM$Q3EB793r%Muy$<$mSN37#w$I~pXG&hS;W^aVq%hZ1^y`HR@| z)nggzd6|+{cg~2IEXbp(j35sO$4(ot7BGLyPVmAau%^2v2y*fJnKGnNkaD zT@Z?SFLHhDV|awDO0Ho5aE6I*7y83eKrVl6a#z;TV=Cl4O8i*G<9tR96(=j>>Z^~Q zr~lBl&nnad*N#9|1u)G;e$;8ni^nOcE07&c178k`G%~0R3g`<@j~$lNCCN<_3c& z7+oA++km~UhmT5;RpfoIThZKTYR8fmSTS5tA()bFLfd1_I6mT{W>I!7LP|JNqFg7$ zA-nvjCgxZgl?)`4JT~q54sEvm4(%*Nh*+!ESf(DKg3Czs!Nuc~a&`?1$MO#}6RYOs z^DgP#a%}I`fY%i+PzsX_XXb0ANV+cWPx%jkdzEcbK%0#s6y6YjcQ56nDFF%BfUEaCI`}-zRu(P4~)uf%-W08~L;E|&# zX};t^o*wpzjb1DgJab-D&_ARSud`lr zT%sUJog0QRMUTZCYcNjhm3aiB@Td>)i-c=h_q&@Egt@f@us!(bB@>Nyd*cl2Y(M-5 ziE_z5etYZOk}d@K@zI;j)K98leci!#M_|k~2?60DFai%HgTSbbb8=A>%XjV6nK1+< z-02<#ymZK3lPQaMIRy{%4)`*AMA3#+V6;6o>jVNbqY9jbqNK{pGnuqiIEd`9@bO4? zci>79V(@`Ay5n1?cvwWIsC1;iE66|p3?4s25C7Y^^#iulJjpC7BEq$v2-d~J$pap! zmS!9u?M}d}CC#+;D!yT5D!#XBl+ZWxJKP)zEe70@#^<0VjrAol)1P#XD|=Y(5`fDl zRZa$`qNeT(0`+VzF5AQ9aHf&!gLnishUNjK?lQd*D8S@&wYGfC1bNau!=I=7kITib zJtn>!h)KoiFAW;=?UvBM(A)*55 z>y3=QAdLt(oeY{WjD}y{+#xm+$i!YDM~7Zw`R{FHEg^bq!eDMf4oev>of@OerAtY* zJKLt#Kr7k_s2>+IdX{C8R2%?a0I}RyGQBOb%u`mkn=%hvF`6#gDsT9=o1?rwEK!JUPysTz#&UxrV~6OdL@ z9U7BJVMPu7qjV4|V{fi8!wyTaGF4&jluCDz=(-IPM01A25|$IxW>Mp^4MjeX!5K_w z(*G-{>Echt-v+=22I9-Yb=YZ_lTqdGymXw3#VYJg{Wm?~1$scvdx3bPCPPPBvr4nt z?kY77&&Wzg;sDn^BJi1NuGYTJ#OC<>E0O9w=Rf)CpZR>ZTH9T4BvsN$%Cq{nbgpSd zrjF3AG1X(6AMX^Zd*^m7J#2)7TWdRP*tudW);F>PjXZD;(G{Ta5{D#2-`cNf^bIW= zuZS;W#>vxl1E$N$jwS?ZF#7pY`UUb1X0a4J1W3C$&_X@v_TsFNn?j_3T@_R&n*&AXr_8`*}#deiC z$UY)lTGh!UrU*T?3^Vv$@>KpKIcvB;^mVMF^X~xWKiHqbf`;kD0Z7fXB_{A)Z-0gt zwpoSvbR(RRupruw^>@ZL*Ri8CeKvYO%?t83H0L?t!=wd$QvVv~RYCxY$&Zc>Nw2DqA22l@sE?c_(QM~puI)@LM(Wq}sfxO0<1LxF{$tOfcD`e*TnR^4h5Ei3!9 ze{Sxpn>qWTnT_}mO~=cYs*e+wWrJ>*1L>_YYbB|EpT|#;VU&fSQxwwl)xd$rqQp)! z8D#gHe1t>Cr;n5t=4S1@y9{*LAaxr;xF>PzI)9fr;a`OJ+YokJC7+2=( zm&Kp{;G5U+_$m~LEC+=h<9a`0VtW&GgxDQnkl?!Q}CdspWp%wLNhpXpP321Y6V z-43{D8>X|2A|WhquZniUMxjOx0Y@R&f08=;jO`C>z1)BzFHbwu*ECbs2tDo{vQMV* zVVBXNJ5iiz8QCXQvTz0bmS@Mr#OmY3)vkPe!m`K>685u~M@RV4iZQ7)UV%&>P5uq@ zUjE$l?Wk>nxeJNUZEk5B)HL=pe!Mh7=O}ooZ|B`Qnfxj0a|P@BFkBMm!eW%lCF3;A z?^qu~*HUMC_v=_MRP^PRB2LM}*t=zYh*`o{d}w=^5mMRBj_^h&45^klWQwvCl!duC zoExae-0tpr_O&oUT#@@T=C^#gHG9E^xgP+{mkNO)t%&nbf$S0&7lK+5ZkQ8|S zW?h;WN?bkgoJNHzK!%G}AtbyUobX#lXEM-85j?8gonbc__7WQ+>iduM&ux~2CMPNL zJu)d!7xpm{u@A@P`1mBRj%!s5UkpP*#P{t(G4W{si*4@qmx5fx38GdHXO#49_nzls z8pj@|s`DcvhPbOgT&!s#uZM4Hz(RrszpL55Q_08GI5a8?;xXOSrV-6yg*{9AuWUK` z;trC(ETaQ&;<~dg7y>$)mPKDKVQJ*Dw7jWFnK9vrQiC`8q-uby`rQFBT?;KnY&~3N zu+4o6T`+XjffGlok%2#2)+}*cKcJoEaFzU)++3I)O=gvubO@dFd&;91 z#%kCFThW@T0-KgbPQsqCf_xW}kbsL8%f_(mUe49n94j)3RwU&a~uemOLd1|q|zKeM_9YYiXUpVxIFQ<`w`aM)1A~V$axFD6cvk^juH2Pl%@hot*c0`2LyQoC zWhzn5qnyr9!ZmaMq-@>)dtU~<<|w={BfVOr74u7aIuoWy*l2vpOq18rPnF1d1&6VP z;y|SWV8y%4uB|S|2Z&VWoWR>|@29UtgF1?Ejve|O4M3*9k>BOd`!?i&MC3B%b_Rk1 zdPHGkX&~p$5QFONmhc3hn(iq#AHLknjyJY$ZxlTKBa<+S-h%b`r+9R2qI2yPKJfJ0 za{Z3iC8y0TfC%b@M!hY(jxoDB^ko_VO4iLcy6EjcM#9;;DC@L2WI=<=R(kvx;Hz%L z10VadQ|)-m(r&7B4`v&KCHR>_XzXeh?7s({Rseo3*?fJuv0)gN%M^Jg71`*DvV-Y9 z0HzUJmtI|bc&MPdV7yoi!M~M^ojoexWHPpY-15A`So&7x_&UJ5inFe=xwfLBj^+no zt-EDi+axw)J@{P1IiAIB>*J4^ z-+9+_<=s&x={MT5e*GErT6h%{Qa<_fTvdnHJKvKoF2!hNJAp2leMZtN6|2ib2APa6y9$+>kdZ`C=y>8Q@HF9$`Hi>&l zC3$?sAf>PsgM7Qy4~k0O38SCH+VJu zwDQ3fZ^*L2TddAF0UdW-Pq7Y>vDz}^v`%wLP~aQIFL+af3U%F*zt8ghuyJ3!JL{C? zj!tDrrVzp!D64Ir!zS5s3%Z($8u3sPsK)@x#xt$}Vju+yQQL zq;2nP_ZHTpK(6zjd5z)>*UZ`eTy5+5wDSB9}{2OS(5 zlrK0cooFXUpXjFGp#OSRJ~XwivbZt>u)3;UM+LGQX7|k8mOU#M|5EEsq+&`%hnfc= zuFlcyKxvs<5$N`LC{C3F;#5tdJ_dE}bT&59mX0FLTncQ_xJb!z+EV1$MlZlOsi?go z=~rM(hcaS+6MB60V9RT6j75{)T+7HzpA)J_peBn^SC^k!=67;yMS<0vj6;B4AusFJ ziE}K$8{M2bSv8;)s!3CkinKCcZ^O2pES*adRv`hM1%iqfX}%P1!W}m1zlUg{we^jSQ$$iSwvZ801Pu%dg(gY0H|XM~NRS|l+j!-fN(QzKZ+LE(Q~7&ta~SeTqavXl zhGRtJCbJuN^sv73{ef#M1x~OKX$&*#KT0Gx!3k1H!ISi#@2{#i z%A4O&mUTw_&ExJa>EiM{{fcTi5?S*&B=I~q80Y_j+(f_9vuTes)``0LZ!avlSEOZD z^UQ2PQg^R2XkEk7*1C#K2^gg_%rW=S4kjmyFuwq=U=WfXlBH#YbvBkch7lb z1=_wwTlOq8hnV(V?GV(6@PAFgMy?z0{#AsdOH9HW%Vt#ZNxA?>OlP4I%TuJpjW|c7 zjqto83?{R+!2z>L>V|IvV`u2^MIoYuukm8<1~C^;qnM;Dph;vM*1*oMKs8@f;Fd&N zC}h1c{;`sJ>1X@FAO0yX`fR@!##5yR9WGKr{cY4$dUl?v`4w%T6D&SsK2{a$J!Ky% zQ7CK;#d9dF_~PvX#oL4Q5~&SFO(tcx$KT~w9ZTEnmp`kRxs0>{MR|9#2mVigkifL! z4oTut4or+3b?EWV1e#4^7A`o^_NNYL3t;Bus0^R2VGB`T*H*an+BdK;Ah!GE=xBlY z*4?e>OIr_KMw5>#%HOtCJ>p-Wxk*+z4s8WGl2-ir)5n1n*#g>Q0*nR0NU^O3uu(|c z#(Y%47s8*LEkfD>Vo`Igo+vouM_E#+o;Ufe_+Z~h4D$p^n_g^f@5gBz!n0CC!5_$& zi!11drs(wP3Sw%e1+Wdoc506dzPH=2fn9=*eszg>-@|hI+O-4|jZ!=dR1pGGQ8F#I z|M;4CS|gKZ+tRc~=W=_;U5J9~?*^J86^v3Ro6sC=S>JDwi;b!^pCh=@$qJMFtOEW1 zUd%v_Ayym&s@%VRhnd8uig7mpJ)@WXUdG!^D+l|E08le-&NN0G1sUcTOaI@0kF%y< zglcT!Wg`_ZB`!k?2_jme>#FW~4hge`S1BbbIZA4Kd)|PC!fA*ln$%DOh~fOo^cq6J zNxPm&CCCav+Le`5)W3^o1@o~?+~^j=aDzW+x~r=A$r|a}O+&$`Vv2&0)+pm&=Z;i)TpAP)xgY5T0=A%Zj zHcNH^%FdSJq9$B$hwXWfOgP$=d4WK%)DXaDIeLzJx%f$yJ zgrTXi@Bt2q?^O!(Ku6I8qO|N~(dWM6(hqzNsGj|8u#G1Pl;(5;9m+UIT<#75IKl&% zXK6N*GqeEccPuJ88E5P$M(q6c@=SSc6%EC0A7)Hm72PSI%*^E#6`{o|#}AH%Se})J zUs2}rPEMFWR6UHc9NN)znSGYr!~x7}M)&AZC^vuMuG_V|KYeQYV&Dbeu&5R6l_~xk zR{AqnFk%~&!BEC=ocSA-<;3Vz0kbMv-2D{L&mp=~oN zhJrG>EJH_mK9An5^f-JxLFe0g(kW+@5m+ zdYvC|eT!{ZZ{y_8cHQ!~BS2Z7`CAj{wIuM$cO6X!Zg= zNdN{WT0l!b9-ySvlYJ+&n%ZUYh%Bx??kv?nh2LTLmJSnqvn2aOLWU~|7lK62VWQVo z5z2A~<*>RbS!pyEOV%$+#ymvv=CJGdyS|iURcXK39DX#x8=b(rG&l125;=cj|mBf_x!1U9vIl`KlmT<$S!`$Qz zC;~Ykk~g>$&?PYl=cvX<8^5($SO7lpkd?-$+Q_bFBKBj0uCVgp4ZuwL`#(r$Fli!; zvvV71ovfDuJpMmuUZr}=S~^-Y5zI1wChGHUd8INY#x%40h~e$&O@-dna9s{iAbE^x z8$Iz&Ohp+(?NGV6w$~FIDoB4ONlpBlhvKbp5oae^$^*w0YjWahREi^)%m{sX*mLg* zrT*FtcG=4k;%{l^>Q8M4qE?^10M=Abb!Pfz_Zx`gC(eWNtxj38ZSk87<3-f}yNRAm zmqg;5H-0}N^$j!N{y}Ww=T&wnNK6lPJ?+p?h#wy2rl+DF3hBggXw?XRp8MNCC>>;9 zk_%rPkTb9tJZz*%4zX7@iJ8-DTE8c#fyNel6Yvv|rp4a+tLTfHgF%645oV;!digjq z&S0~TP=9>(%nF+E!t~+;evmwk3q$>;P~g7;WM26J`p-(-t{|F#zNS~R?lM1jBWRZNM z^pD3SI`K=~Q$3~7#Y3)>I#q)+HKcL#(+HqMHR}HvpX)_^gt0)+(RmF8l-DhIc`9lfIS?J1aGVP5wd7X4l$)SFQ#%m(6h%7q5-CI5ZD zV_@XqA5vI=xl2G9E;HclG*y^8cCDaMlpJ2;t*;r8ea+GE!E5+fheKE^ZWZJDXWZF= zKr3T1r+EE$oyQpKv1iTmvve?GK*-B&JnnZJSfmwHQ`u9-8P^wSh#$3?wsgGFaD#eH;fYLJ=5%^>!Z+O!H+uo z;|TW}sLQGh%Gg3`=Cp~j5c2QnbbHW^Apzz8Mf&W(zc}}@_vPxlYimN6TI#0Ue*bz( zQV;5Y#JmMZM~K-e0J^$Nvn}<^BEH*E^hOGyTa_ms0H(BoHq1NA9dHWTo zibR%MHMpLP8uODc)4W0yPu|x00CK9x#o zOtAFfsF8uRQgW2UG`9d|$5FghIY*VM1S(##SJCUFqLCJ<3xi7IMXN}XJj!$E<=tng zmLdb@(&otBk+JGLkO{trPyf7P!%-U*g+)wS#lTyhXfL2X8Wo@@lUl*p+WdNIN}AP? zVy6=X8}oHRnT-U7NhvgThuib4_Jm@oh;4TSYvn^m>TE^oDUE6RVMJ1f(~^$0i;PgN zjDeZWH7Q(Wvc&fOH+|ckmQN>uyVqpjjeVQE8XzyzDOySw-H7QpZSH{;ov+mEo z2aOF;50^rO8RXa&DOaQShY(K4+VBkRR5ZgyzWy($TWpzxbk@EcA%1wF5cG zmUlz5Mh0_o1XU8SdqpOxzN_6t%H?&obAN&&gALdPUi0eqSY77`ywlM^)6b6*RzIHC zC-7x3JRD9?w=l!tVDKiL5nNrza8KQW{06`E8kaK3(U_oz0}2M1IOvd3 zBD|N%RJ>7f%iNzV8(GLKhY~Md?-J@u+wjis8VV77f(*D2Lc%0noz)~=fVgyk;al_T zrB6%EusyM<9g;g1$|7J6ma*lOqKDr8>|!my0Awc zJ4@u+ez1Ya=)FJ&asn>V83s~R$XEqkWMk8%$r-$j|0 zNLqRbLP9qi1nL<14ZZzvcyz=l7l%*~`(l9gYY>xX#W}#%w-Yt8jo$z12&heTQo%d{ zcfX_5Ycx@P7*LfG2~&dX8N|&e1owT0Q+GuGBs`Kz#=5aPI3hY%uEN9m_J81uM=4_+ z@x`~x4%TiP?3{OsL*uKYfm{uPSO3$^zo(~dI5ZZ!Z)XYt-Q)9u?HJS^x<>C#+hxtf zo*Q#5o&d}yi?)>v5N#hzhCXDK@AC28@9l`Lgj>vhXRBYiJ4p1$&G7aD+*cZe%udNX zukQz=Lq1r$35S#a9!}fZN#xb1rj~&gKJtP1@JVjU6t)xM&pm&_CNa0qaF;>X_oXPF zkIS>R6fD7-O1_StfFhb6P9`K=3ty`Zgo2BjK6FaK3s^8zP~;@jKEfDOJ(7_))~y9( z!L>EB(aD=oeylgQ`GI|`+cp{71Y+!&m_T4+$?a9!?P;mln=Nr{T^hFGGO8IQ^}o09 zY~zMAAsHItWC5Y->NJ5>HSPbfTsq6yQDljhPP;h^!O9{>*sKCo zGPb5rI3PMlKZ0bd`Cf9H{E%PP~)bT-X7rYcKN`@ZeO z)$lC4IR4|m#gpQb;54?eD9;&u8+I~tMuL!N)CfiHYVMBclF@rGi@p<8-rfGT_~hC4 zp*n~RN2K4fi33tLB6f;YYcf0XY|gBG3dvW@G0v-9#f*$TU#xKZ-d(pfx1*!XRb8+c%9z*GXIq&oXp)}xWtDLESR*_pBjIL>2a z=i-g6C5s|$vpcl%jbp1(fan?iQ872cF~hX}U90bpkInOr+q)Y@0CbWtJ5ToP%uZ!> z&i(2^WUhEn%T=krWb@x`7-mlY!icuJHXm+7?2pI!gBreRJ-rA1<7d9(is? z_8v_X(fMosFN`m@!^4LU*uGD;^b52w*H&%y)ZFG)LhI3TkinT2uiVi87zy+L^Ay72 zDD>9R4=gMav+uBuZ5ARZYn}rsAy#LRi%sO<1CI`9`>UO_9J>t`ZS&)7s zm#7Fj+kThHrjy0YGRj;Q2wAxmLuUgI?0-D`7F<3aFVl>wuhd?+7l5fCDzX;p*xY0F z!|42a6jP}!JT3yLF((*<0;+9M&Rwjc+6Hw3)4eow&hU5Y3j<4X;pgXl%ps z3$CMpiIN8J_U~PVfj^8ED%mbB(~wnmo}=KG3A=BB+36p>NAy-3YJOCMPz6$R{O*kq zR|EkfFa2@s>e$jl`CG|=DI={=qlu+sRlbZ9>;_V3>~7_aIs@8nKvYGSh;A@Qhb?1V zjBS&~(_o^L6W*n>Q=VRLYI&`>%@I>>RM)`o3b}$!+2Mj!!d?M}Bt0stf!e}km;_Vs z#L^j|H@k5*yG!@dUH1-_(eYuIYjps&X|?Bx$dv%VGyb!8Kik*+zP6!^pBsvNTavuX zOxao*P?(C3J~W_#)_bo_w*EjvRoA}tVoF>=nmSjHR8EHX$f9?7MsPrO_RaBe0P~fhziWS)QwX4YZ% z^RR!Pzi$g3$Rz-2%qr+LMDUaeHAYE|6&b|TGsB>w&^?QjtcG<>aD%tk+lDlGB)*R1#eX9|3eG>|iD`koS_Y|<{QV$j{eppnza5NKpx zL5N_FOBPcl5&1XfcK+D4`j9B?Za#3^OaA!m4;e0}lnU~e4MN!V*yvaB3tNWSQ37ak zSH}c0^=jN;Mt)#)gv8_t$=Y_zx7R5bkB6tIIO7JcUQ;LWgORIVF`Ng1&Wd~tt|my# zD_MBKnHW;j*Os?GLpzTmhs2@}SE~n*a}$yke-w3%E7Gvkwt}Wc#z8v(M-qt@?&~qQ zuy16ZnM;+E&D zP2ji33k6zo)#B=)j0=ly!1*ieowB=MzI=bgprN6Y_-&EZY0y2@5vc`=yy+zSU^Ye&qVy>mNsSqj@Ho{bk&!j&4R^=tAE3 zqqkUy87G0GfLi%MLx5(Djh$-T00Zn0QLdk#MJqRIO?E>p!jiwE27wuz(n-7bBQEjG zi>?KRag9j2or*2DSq-OiJf}SKRjky61}ZUYxf@EAW*Fq9cJyn%v-kENBZLZF))EIi zO~I(yUlv*MbA%raiEyRymp@{<#Dq*9==~G@zc=I41Ep_=rzw=Y7JO;VRt|9GAJ*g z-ZH7~LCpzG=t&H%^E3DV@P95ih37vb2l4-I`7_ooX+bIP!NOhN_3`z}1kcz;8PBLl zjpyrfRJk1=zsO%Fnv176K*@5T zq2CRB2j92x2uzr4O#;2yciOVjJqF+@9ywAPkX%2s>Hn97lw}Ro^_UXW<@&sfi;tgb ze5@3slK?95x*wiZ*B0n{yL=P)-Kt$o*@6IKoU;vFX)=dx#)iey$i%@}oCF zm0K4a-O~VPu$n_yUvXD`2}PflVF#%_6GD{mcY7b8GaNUFe&MVtMj`;)ON59j)l~e} z`nv&pLv&@Iqa>XVFdjZ3h2S8!qV4s#-=e0y)6bI~Gu>Du-x9|32R=1XaUfN<((G~g zb^P9Ps6K?NqcjoJc)0P--t)Eb=~37qmNRfgS4bMVB}kRPI~yaSW}Gq{rnN|^)*#aK zjqDYacXF4?p)d+8OHq^I>s+8Ik!2f(>=hM_XCp$9-H7y6*_&Ouy1D>S z>VK&^n6c6gkmXNoMo&&^1XfA5k|B^+h^`iYI_Jb-mjo`Wrc6giHt7i?HpS-?nfOcv28#g^!Z=@Rw;U-5}b$&P_|G z_@qBAy^uyPx;#A*Zq&<_DRRWs?MtN!g6ewr9tV9P4aE02dZZk4v35Q6Lzo2T^Y9qT zpvK#Yt6^+r7S_83Gq9!udD?1V3aPV?b#6>=j?~0k{SK`e(D)fTZekYszxLN8U_*Eb znDt-f+7+zI=#@YE&pv$u2o+w9mF`R+lX3MYPEb{IJN$ z@v*Rww)1*1GKp@%hu7#}OJZzF*i*oqcMv}V7wJo9ws{m@#Y4+mIyc&b%DR68zn*DK^ z%=`*DG8h_elqe3fY{a#CYE&OzgmYU_3q=3AzwCFqKWd&zKvc`dF)}$ymsx4#A5`ll%?rTu3FaM;+Y zl&~U3O@h6Pqh?98SkdOq4ltg}<8&Ry#AxOvf>a*?aIYOlboqKAX1hzGmT9CDTj4U{ zzdw4eikU7q7}W9k=2I0!gd?R6ASjh!etzGA4+#U0Mw(Dw@9?vA!zfVqNmNK7e;(c< zA%xqe%t%%))0%W8qVvGGtsjb#I?X!gv0H@R$JS#oLZ-qVk!` zpuC4C7!>XY+Z*79asL-^n#_}lShHD6&4yb~h#piL`T!!)x(Bv}GUS@xdtT(bKvqR(9UeacS8odi ziPV_vaGt_q4d~+|Owp(KD|(TdB5uJsMK!0v496DB1w{UkpS$tjVt=g1Rhg7TPJ?*9 z5NV__V=U7P<5_dmP0V#4D`*BYXRJSl=5zn&11waKd%KG2<=|9{&ZZym=c@lKjKCZlfV^j=46lODBx^%8PD!7Wtf$3b*W!dD=X6~BiCMeRlv}6K)J^6S zN46rB`mm^+^3(z0J;ig_J%No7%R~-nGX7C^s_ObhoGCX5n5dKFl{68omB>Ks`l))Q zY%Z>h%V_|CD=lB1c77I4&R8wU7WO)8X8e{YgMkg1xhN;a2;TI3Fi@lY! z;N_qsSA-SWYgbs9hb~AdDJAmMw3J2fO5aLNmG*EBkvO&U*${pF-m3}8MbBlDI0hAI zdtPfOuczI{hE=PX;#Ws{CYUd1>@tFdB-KstNkfKtUx&ddTHrA$;<3m&T}y5>JN6yq z6&PLef6DTVU#!^bi)R>_XN#6Uo}e-hsW0F(lh?EQa?@r1sl;8rp+6(ySP1z{EV1~c zVaySNfDb)>Ey7K&z-spe&nrX)?Coc`&kUfbrOj6&9ElK*Z2k}Cb<tUmT7(VqG{EpT;fGM{CNV#Z8x`wJf*9&U?DYic4jgUq5FTJq=ow zhGnWXH2A5aaUWTi+>cTal>TA-qkV@Qm*xF+)%)KU5>LduJ|(di&i|M2Jtvp5^C=PW z&79;9-4dL^&_@&P{KBzVi%lf6r^=S}yO@0h!{oECIn_E`HSt!c z7kZ9n8dk{P%28bcBc4*p70?jK9jKvLt79Mep^)@Wv)n$X=ig=(g7yGDtyLG}^F*$& zoW!Hv{}`G@gm<_xbY86#@8WzTrWil}urA3X<9@+#Nc_`qb1As$8lhegZKYi>Umx!9 z)VT5+8P*=h!rmPvwv_8zvbt(Sg^ZPD(3o_5A4zv}Wm#RG!-ij&95(pt4_ z;$yIWY6&*7WA=Bx?%X6!>0{BKAhx_7Swn8I64F+e7Eq{fR@pbTF3k3O4^fVZ^@7%8 z(*FcwO(BB~JppLr)fLqrG_3s2p{`4QxAXrVj^vkgbL>7Uz;x0K?SAchIldoJVEepk z8sx$Eb%9rGaq9N|4`1Qur$WuYea-%FhChY*14C+koO)Te+_H9+0y}3D*N{jq`Enl8 zAr5LinV*ADRQyhh7a=;FW2)p#e13PoW4A!EE&wByATHW0o*HseudQ1|Cg z`X%I4{(Z8$!m2vi3(pmBU41<_o;aePqmpBxQRkeaV;G|L8>ethuSiIi{zs{hXD6C) zO>Z|%Cv9)>1`0=nxAa}LMEWY{zjBs>!jT-e%QffChFp_8FV$=6`?L?dudAff3L#c1S=^{f4qG&;O_m8>FiTSta z?+0+B<*xaA7_`wxc$l`5(XI|#X7(+v`X2O-3fgZFCicDa``(48&3JUORo1&-PJQ9) z5={Ex){GnhxJgKytD4(he}Ik7P9I0aSbj@M zdkIzsG)Rsf<(l1FRyGrQvJ78urqeNO4tK{}PucF#9adED)A@U5(1Xw?{lXqW_)z_Kg)NwaDdwkL#`R03XFc{s z?Bb{=zN298>vC?r_mh13tU7^Cs}?r{OB-231HHB)f)7||s4dJmg#FcB^}jP0>{r*m zGWY!TI*_aQV`%JuvCLn73w@Wj7??L#v(?bGd%pu3XmQ`HC zfV7=OLhbBf|CY@1BJ-?T5hiwaK%=2|V}qZR8I4}*3GV(VdeCW!+`+V+Z^&vkb7A{^ zVAIjcnizvz#E|SPKrr#9GlrX;vvX>N6H$wv(?E)>hUte6k^uUy8{4UJBTP9L1II@O z8dMC?r?+r3e_u?^KGb~(THYg?E)oul>I4}fdcuBARDSK$ zS<*HX@V-LMiqS}ao!LJ1#grH)UM4~rzB2BRLVX<_S`X)mUwAE0@|@S9`T> zn|reR`+NS+l`F|P`JD59F%wO&zdR@P^MW0Xo>Pcf(A%y5af6SpoHRU^lkRi&c3E<^ z-Fj4ZbR``c-!8*i-hCW1f5O*C)0)k=-Y)Fn(V%4m7Fp5Dapo?;wY=O}U*S|nr>Zwq zCVG)Vl~?%)NXfdbe$e)v*1yBmEQFuxPVz65TyCAl*Z7ZH=FDQ%A#3gkxXxnSh#``P zwZc%Se#qU=@2=Z^w8^IQ0T0=Ehc-EL-msgBten7~%tU+AUOZSZk1nGqbV%1NZ$74M z=Y+XLA)}uaoDEMo2-lM79VCJ5j5*yO zY#vPr!onizBn>Y^Mgi-$cPKWb>)`Zq?vn^#>PHIoYA>Kzw`G#-h5EtM%Q2D$Hklyk z?!Ab?H-03Gp4naMFu#!-A)Gv-8=)Q;@3}K)3?1-{Rg?ah1+qnoV)>NR>%#a|uGB`o zNQaq>+PkBS{KE(!I3yNJF7TiPUDd3xSX!fIU_Cw4%n2${n2BUfMNwM8@5dWGzGjxp zZ>1RC$XyHZVGLbuzexB`~idE!F4@;@u!eAORZ26Q21Gd z-YJxzS#-Bb!-~dzCOHo>yj~M|mBXm#%Jo&m+ulkj$xNGBeJb1RBh4Dz9Pw2Gap#@c+$-TYkKU}^pqzV7u{pS_s${yHZHg10sdHVX=(ecrSSt;q(U_-$8 z{LZ~Or{*)GtYu8l@&WG2=~?gH(+8&yKx9yl4OYloDY&AT;@dSU@S;NtB_~R0{2#gF0KBK4?nnI9==T3g41|S{GGGw zIq_udVV)c3aD3Jp$%6Du<6a?;pb12g-ao5(WLG87GpbYEAFZ+T7AK?#%~= z%#P1yE*IS(727C<>_n2 z3T)=+A_oMzKT2OzBJjFz8KX#UhaZ=5kQKb;H=wk=G&B2M*wQDl7DfekdYMtG+ci~q8EYp^I(jI=ibx}J_ z+`V%uW1jHIqpNs+H;BhGxHJU~{<5wT=_!LGH*L?k*OQ0-`QN&ob!UhDgCN!rpQjQ+ z*5Kh0OgNWU6E!AX`~v}&Q_*ta?C%Z zJ``r`jS^hgk!eUz*P_!z7PTCAJ5~6Znh;jEO@O3uG{Ro{#|;Jr#|L@l)6CwoWX3@R zb%U$l?vy8r2rQ4NxtU+hOb}atr@TS9hQ%!ichjSkx@s}4)P0p|gPfWEdb13o^H0>7 z_Wms8asW)^52H7&ARK?yz5Mat3RI*y(W=)j)#6&PDUg|HhO!|AvG`S%YiWg={e=~T zE9L)GSjud`{CLf9kWz!lqG)%6pbuA-Lus5C$dJ0l&&?FXT&QwWS;O@e(UH+$fU^DF zv(CtZYql05nh;h%)|j6*Mw&;R_)KUe>e1}p|0c1_Zo~f;ClBz5P)ub5`Q{x~*1d3K z;Aaj;?BV=|8b=s-&$wndQHz2MoiR8Rir1>s*^YB#{H)D)r`B=nO-Of+P*Ox|i#iE= zPm9*f5K4*T_?INEnX{xb*oN^%tonA}4Hh6+7{QIorhLiPKky)|*D{dG3@*@iDoYMh zaFffwEOEU-x#B?4IhZ5oxdv5y(~=tsnUu&nOA^;aKlosPl%4PreL)veDW-18YN4*! z+6&cuF`--R+REaSWat7^=;q6@GluOxD_ecf;38_P;i@3qWbXN4{kJxHxU0TLscu1> zXO+%|L`YTfNWo+v(QEQiv6hDCB8nGhAgXfy=hZMPS7Rx<&m8xd_IGPkLzIH!-X9+m z#TV(899l&W&o&oz>NCoVvc>gQKFI7N8f0=MHQ?pbob*)eGI6tnq(PSVl5!Kq708B! z)_#mi{xHY-NnF~rh>uT?bx6f;KUVh7U1--%;S=-kWLbL#($c5+t=SDm^@D)<8{%X) z@Oo(;LX-#23nG%@I=7+mGd7aF?n=EyIc{?vzI{0KcNhr=rff(>5wUGMIH!i|w*7FAEwXatTk4siDiS0{vVVj2*%T}(g93A`j5Jk+b>{EJ9GtSczkuEtc7LKe zY%_Bgn=9=NC>57NCp`m}TqQ$^EY%8X#YF3+3MmUo*1^@nL%wM=k@6Y%SF6xbWk5q& z`L$q`S_>$PE+!g`=mCPZm9 zs*EXrb+FKhKK+_L8`}-Mcpt^O`Por7v<%%QG8uI$ zZNoMV`!g4%U!u$r!zm0OnxH5%S+^OdL9Uw1l4>$5e4e$e>M#M5#1-C`SxGXbw~uAp zu%aK5R3ITGk`B?s+7>66AX}8|;JX4T2va42GDL&Gp7DEnsqBu5pl>%}7!)jv0u=}0 z->{MAR>eydG%0Q*aUL7v9M)y;*Yd9()GIm3y}-K+hC*t!hiNNr7Zs zS}H4wC^b&~lZ{Gr_E0IV?K7x2X%EbSglpk2###`IdTvmsf5twO8LEU`E;E!e5k^c`ouJc{31V+B>OYyXEI^k?w*0~6+#8!a@N;G*LvHC zvZ?;5csR}jx<)k*>U#SmsT5iv^7%{*27etz0D1j%*$n+Z|CC+3@CD)j!Iaf2UsZM5 z#^8#WAXu7Q#(dy0JM($G&qQU4;URGp=DcK!Y-jD;q#QMK)W4OLoi(kek2R@VBCCbD zw%@k*HS$RY)yRjFcPO$DukGu;hp2UbT6nFvEwX4>gpD!RCsOP=L@}G=^B+&H49~3q zi6$0?Ss1xr{N0 zB!XtDPaW0`l@Z&Y(vXN5$Z|0;+W|@`u4XEAY5nIw2wwZpqH^+BqD)974VOw~GO|^1 zX2}Q8nuB}r>=!lKE_9jD;lLk*%7BVlxE=EMrx?kfnHEt+ORae>i+(zSkjj?1Zn++N zif2Q;4kVLf*&_+)ItUXaGt+mBZ|;86VL(Dl7zJfJ$6TGMu#*XROtM!o$N6o6@sM z;kg%^+jTC^D3j_mHSm9&o3bS)SQs;=^d$L0$2RMy&Gxquah7}0R0z?=bX}W^Vk(;9 z2Ux&sd^ip}%IL|DhX_>!tMTIlmpLX_CA%lYzud0~9%+=hV)ru|C2 z3%t5O2+du{A7uG$Q*Y6v+7~l}7*h$GO!02D=;Tvr1R zl))Np*Y449LBKcCabPNl{Zu`_u6?&6$#OR$ii?6lhXWnD0SC!n2{6|Do+c+qP=KGXJadlqcDn-Gsi}(I+0^e zeBdFo_xdQ{DG9#3LBmrEe=-TAB(Z>J`m%p_;}Cwie>dX*G$A3GcPh>~IeDj&L8^ok z!UcXu8y-OvYLq5%ycV!xvD;Vn=Dwe)&P*wI%4LITYd5wYl?B!eMcRW99QAREbdYiu zty;ECe!HP)LiKG1;+ya6@ z2>C%TB@AO^3XR7oU=tW?pQWSS@{6v&#|cCOZJd*dmL7~fJ;hiP_e2{fSM8#VEXw1w^UqPWcOLZ-Ues=cH7v!B!eNfDSdV@f>v9$yC_*oY#K?nN6 zt#kvF=Y1^QXM2h1V;OmL6~}7A@S$$~ZEKx*;A(!t;E#x}RoVig#x;sDfbosh_gwJD zZQ1u6lzl3?&@8NwoTkzPak_!wZ|Bc1SbyOIA9jY;j>s({+gRgWhz*5>+M2Qa?E7%6 z;A`uXEAdC*lK|J4-wusCL>5Det?%a}$a+T69@(U8f3|h{-QeF@wdKgcZpCEHd8=*S z_gzr)^zEB(h2U%o4n$4w5fq&rSDg8$Lk{yuXNi+!|9U1%0$E z=q3Q^SUk7tr&JU@hj%iueQ-N@?+wODwcUK{;S1F|Y&h{q*@5L4?2YA)5WqpEc^X-< z+LLSulh9`tGyD6EttXtE6DpG&cFCML^>@c%W2-YWVBbMhcWE2R{nrt00r8ghAXnIB zZATMABo7tmyxjc0sVOPQ7;ZkYh z1g@$_Z;=>UJQ$Ve4~yv@T$TXnvhA zHIWQ7@|hpz6oc7_jIhm;Q) zt7KHKIP4J>aG%IFUOw>-|A5^YJjtn#^^Xa}m_XCoKfxLGviNzd=OOg@`h?oyHoZ8# z!1@-{B8+rnKrtB>mnYAsC{#ru7cb^l`vFO<=At3S{#(?o-I70GJx}$~r?hwJP}35` za3UTsXM&C9>pdst2SE%3<*o`77Zrb|?UU}NR)&aTbD^OE`MBIpb`YTz6o&$s2ma|9niHLFZKVZhy?r2tpBnqR!EW|ZYyQ*)TK~LXkN2tC;-eWP6b=xHl%2HUN zJ-59=^YedvEv7*Bj0V8BR7y{~_B=^7z?-1S%up;3KEH4K0y*n6}p(h2KFR#)rs_OhrZ9u|>ycA^@JmLCLr>+%=G zE43Glm*c)X0F}M&@qjpi&W+)Hb3K8df)VIs&(=fw+n95Hqe}ZR<_-mFxH(_<&$8cO zj`i%V7<1Gi?+k58wT{ z`Ms2v`22?p8A9_{x+L<{nI++Qb@Nt{tX0k$@BL3Doa8i0Agq0mL<~G^B$<&KSwdyV zb~|@g!knB$&9+Y!CXJh+^}xC0#NdmlQ>b!a5} z(50Mt$iA-!1#M#7uYe|5Vn~%PQ9-Zx=~GwDke#u7gJQ7!g|EupDnwONnRKHq{+i= z=6=r3mUomghIAF)xTB}!J<~6vi}Lw>CP9L2T#vXC@lHbnv$&3-f){W%EE;|*e4_$mwWR#09iHzKFN@Jlcd-2&_^W}7CyC^xywuJ#O$U3=L6FFkInc9?I>?4Vj_V1 zgRdXA&aHskeY`Vw$+nQyk)51{shAWP%1qu^oyS9e7#vgW>(hYg8mPaYABgb!^>DJ~ z;iB%j7#sJ))kB^2q)D2vND~rw$4A0Cykw;;6aPz!O3Xh`0<31PkJj_+V2;j5P(3}? z3FHH>Kio4OV$L{b%Kp5!HZ8Er?{2f7fc&&l%25YlBIe>QvXb?v(p=x=@?=p$8<9@# zN&oeFb8E=Al^@B(QaZsaqGy6J@csoZi^ZK=OB*=3%uW(p@IgNGExehD1AcLnu)(iaqw;?ql4ep%fDDV+oEEwdU~Me!+U01& zs9j~Q3W6`s>=aa0V^CdStg#lm{LyD^-^go_u8KvLvYNpA4YJ<48<#@{wmR>87DpH3 zW?Vc4bUzqiGGgU>?8?GEo9A#bqJY(`BSXfJmhn6_*8T(q)}z7_ws_ydSsB#nePN9b zwZRPQe~sCUN0k86g4;uk6xD)y%4WB0f{pY>?HkMmr7sqV$~Cg`>TX|@1xTuRGTVX0 zXJ`ASLGas-;R=6y4)Kgucrn%kU-hkJQ8O^oA~uZ$3_5jpMJ zuC8Xb!4h2k&;Wq^vBq7A+3qQ<{4+`H8dnCL?&AG~)*oMhe7{CW6VaddiK;&O23Jw- zYzH?riD9}xmKrx__G3tFzh3MtJD2@P>DfXJg{(cEcRnFxDJMHJ&^`d<`P9#P@AF03 z$D#lg`j5FeTJP^Z=3T!#38{Gfp4VfkM@DAc_LulSLJcsmj!tURX+eyO+$b$|6ZV+@YT6OXFweF<#BAUFA`*d-! za0jYvom5HN6kLlc%VGkWE$x|qp4U#6zsR03dD_COR_BW-QXlGzB)4VazX_e7=GdY+-;6k*(D6e&0Qz$SZX$X z>=5{KQj|;Zy%=oW=hyF>Ya8flhh+H?mzU9*g-%g7o(POP(t!q1O!~l%TF!S&_^oMb z345Tz)Dh8_oNl6KV&JW z$L9VZkpCyth$R*y9TEh|FB27^dq2oi3XnAM+e1?dy+0A|l{03?q)6~AT`La*xw@%I zEi??SsuL}TEU-dRh!2OdTPH$9bDOS+y4z z0;Y@M+ri13l&en`NW^E+S9RbZhqsGA=&|Z5YIhA%wdtCP-~wASf7d)FRg7|7uItbt z{Usrom}__AkC_rdFwB6`uj&(OeXH?z!=d<4GlZmb#OROs{zsB;BMEp26k(;QX2&xW zW+ei==xaZ3FTIX2Ln87Dzh9c$RI$Zi+=M2ENf8%fL`1JKm}ZlFahhck_#JbFfiPb6smE zYZX=&P10vmcNBdNw52@b*~#{$BrinSm0dI|-2XKc8V9&r#53f*zH&o#09^(2E;BX{ zQ95^T7Kzq0+S^&B5g*25c?2`H3@<;K+qs3>GR5-iy%e@MJA8`G$R)2Bj77L{QSsu9 zEsh*OqGlAkSpC1P+^+n(hu>1jiuebO?a#w2)a05Ur*(qDHX+9Bo169uH^drqV&eKB zLf}cNp_B}vA&vvMp}=LAOu;^y1r{5`&yZPgCbO`apegbxfhZ0TcG*EYXvW3jDyHr2 z8K)7$M_vnpg7zbKk;~%qP)fu^{hCLi_%PwGr^Pp8E>-}cGyrW9g^3Z>z>FTJJ#U5f z!uYdghN>Kjla5Tq6vQ^~@|$+TNlT9#MBI~|3a#mx zOualzHiq1q*#763%e}omBZuo%9;xfOTvL%kBb)b)*BefS@ERG$ld+9I=O6>fsa9BP zQybnqIQ9w=4`#ZQDU&uZ4L><97kLORjz{DkbsCs3cv}3b_B}%tTH&2$E2j=ajCWa9 zk9;e64P8?svaM^C9AsrAZAsw_^G{)vuASkuU9jE!_~&dEonC%7O82vFr#gL%kxQi5 zIIWhyR{%BgLo_7^Cz)<|BgU+;eKqWWjw#&|!;|lY64z&*MeG_ZDzSVTh-NAnkhQp5 zx{;JWZR--VR-Y_UHv9N2CX>SL5GJ3mu_zpG%*BAU0dV|ez8FaSl0qq%qu%zUn+>MLvM{~k}gYsk0zAgITt34p6n`zWi!+bC^Kl!Qkl6T~4iu&=dk9m=3~b?SWQ zjIL_vVQ*H>Th(<+){A&-_<1>finxq z$lT{K$4?b>hN~?fRW&m4tbZke)g*c=QVWj9yilR+1^rusM;R0?x#ajKK7-Qf?i;i# z4svOuCfuw}`SLrqFL+|1hbT%ZCL6Mf5vDl1p>CNuEw28cCdg!gX7;nN-$&>qT5*}9eeq?`U=Ni1~CFPofbWS-{Zuh7I7zQ=!>AJQAF=Pnt zI{kf-HE#leI|kOpNeyYYoQ6sHF@}bw&5yTVt!pG`l!P!+6qeX7I;r1dQ*2eu9(4m* z&``g`VqMpPBUb8jJjzTeF4gVAu*5o)t{a2%a&+jIvra>zbTNtzGkG%{?JIu?*DU^~ z4x1H5#{Ja0aR0V2w4hztQ#p3>gKYhwcQ)J=xpu~|cXDhPm3GJqt!-A&;+`fu6R`aK zK<%=+;E;`N#Gt|moBC)c^#^tH-v@tZUpTE^2NCCxqWHz*0qffLt4K+mJ6E1?j)4JG zfeo@E{K!3Lq=YHRJ!@88Jt)h@>!{NfC1aUm+!rsPMRnZZRf64ybny=RXs(&#kQHL` zK=aEa$?oHWv^hI)GFciCs9RZ!eXzwAzC|G%&=R;q?QdsCzePA@!q`f5Mnt^i)j(L&8>7&Mg^)+h5@Wa)F2Re=qa~M~6e3U4p#casI5| z-cAq?-b+r+h%)0O!+5}thzh&8`K7?A3`*&Tg_SHcr#8pNCnqP|!Xl)7Y!58<+`<3J zwAciTneBXJz-eL%;_W zbetV&wS^=4m>DY6A4^ZIKYB)FIt}GFGMJd&!A|!5G=G!$ZRS(q$cmLV7JpE}GdQY% zcIytKSUQTSpfI8qi;9p$VW4PA(hP){8jQ^zGCU9q$V(vnia=5b#jISTCdtgi z-a0n(p89;>dyNu3JUATsD?@`!Cv-*F$hNzJbC|UaBVKVxB@PkE1VKc;hX2mAvpMWY zBRYWZz?0lsDYWl6#RCnAoP=II<}>@^QN+&8NwbSM(0i{~-W1Lxfte&R33uX7r6%#A zZvYCLX&5_r;QI(xvij*{$$(9I%xnFSba}j_)wPqxfFTZ$;E`QCVp7=eheMrScxJkq zdp8JWdM9g>e4ZCqp9rQ?KEWGXAuFAWiROg;X|7%PrUATHE>G7tTnRbM)W@dWfFo~w zyS;vff_A^V{QldzAI;>sE<){HZV}E1TLryw9Vn{GpAq{WrqWGCR>Mz6D!_+)wIkJy zKR+%kQ+q*6nCACGXZVkgQqDKu&Q=clB02SvzHQ#_Ah|b%u5NVWCbql!Q|(!oBeflM zkI?as=k$1)QkK_sAKbmR$x?6Rf9Q*dCnd`ci~oXOUL$@pn*Xw^F5Wvewr=)uDq{lrR?LR&9g!)^a$3t3K%acNk)Tgi#yb;$+EhM6O)FwpGQ zCI~|=A~Gh$U&7g|F@d$WcjaWQ2lJ1$Y^3FEcd>dvUtGN z1H#_G^A>!S8EO=neis&19{ZE9?4-@Fh)ef}qrQp;Fnse;-W4}WqJiuA!47t#n(51c z_XIV^G1v>RsGkL1&v?81giPw^BTY?_fLZo0`lvd^GV&wRzNpj=jSFkr zbMgzj`_yC14)x?51gEw14KNA^i*hq8U>x!Wn7&SEBK4VoE^3ry1V1`HU=0f+rz@lk*JvKkb)`QNgk+yW)-?{(DMcp1P zi~EB)`Wu240c)C*JV$Fpncm*rn9ff~E=IrR7OCs&J)mz5<`@W>%k}mTBKtCLk`jDfDh!d6XBwfAboxMJL-GD`eiS>SzP32Y_@IMGzt@-~+Vn zYk7n^1H1scC|+?u@HAIeXLe|c`QJmd4BP52=q|x>6-MX*-fsmg;@B5@_=vSn13Dj4 zrJQ6(QaHpy%Ji%a=HL0diGALn`*xULrQQgCp5jy627ujB4K{j{s55dq8|`N2dQ`2k z*Pk|o!`s-{5fGIDIHZMEV>B%)Qoy;|zX5u_Ab4Xb8GIm7mnf@w9$@@BeI*x$*?w zzVah9?_^2;ici1G0Ibq(3n0J=9vEbnoOAV;Ak85^mwhA+-bOc8)~yxI2sg$^n;2K> z^*6UUZsngxF_L&psZhOWK)qO+z&L!5pzic-3KdEDegQ~K>L%KTr*$RN?y90}-L_;FwN-VHYv|eIjA(W1cTug`?{B!1886_Ua;MD3-sl zg-v}(kwAG4YtpZ{8dJNbon+DmV;bm_n4bbK%+VDY^V2SArn{|X=iin8&F?>fkqM%5 zQZAnG{A7ybrV)wD5RIopX|Vy;I?A?)a_YMJS#l9_vJTd^~x z-1&{uYFFqmUAi1+@HE#F-`#3c4-39s))SRzYv|DlXPi#()M-V?v_^q4t+(BXvvIqa zVK6l6N4@hI*{(Qek)p1aPeYX(iLFKFV>zO(!{+QOJTkAjS8|nkpp$^e7{}?9^~%mz4~6zf?#XTF&n_!=va3>2wl30clH)TBP+#W+C@XO z6`m}h-(e~=>NPIb$jkZkQ#(5*XA+yjw2ML42Z0sCYhKsj_G$4qy@eBW|FWG-7{5f*#Xz#w1oSS`|S-xRnaBp#sG{&wJBMA{z8 zT_g5NNGaAKu1Ai@WW?tIFzs4#uB;AijcBcGHZwzM5~gXeHiOMGI{k&H2YdXDHM?XG z4!Nv(JE1G2Z&COoucwB#KDpIA9Ah|p?x}QiLbM6fxH4S%?RaoU-58xBTK$lb#neL6 zx@hFu@1v{;&|o~8B0EK>wQik&nnmQ78v|VJ*m?pYHOkn*Xlz2F%VEEov@8&W(MN1DMGTK%b>L}uD)xQ6iBE*stGrR>T3Osk zbvBOG)eY@_6f_o6y5UNV0Z;;0t81Vf`-@-r|3r*6Ghc6=y07Ksw=3>9BeAfyJEY9_ zUUnCMbFw;~jor_OI^0kg3WIZJ-!F)C>NRV_22xux5*=fk@AYPvZGJk8*DnSyGjqMl z=I;HkqQ72Q%t9i9B24G9f+yi@Bo&o5@+fjPuyUagsjE?J_&x1YjYDK zGPADK1i$3Pa;gTZAcCO9W0$l7%LaBeqi{llP(f3`3!Z-|Gon2JJ$`rYTAMK#&&9VrX~Q`j zy0EPn2qvuOIT5Q>h^?Q!{t(iU$gtT^T<$FGSIlH-@NC+-v89=GuyrDKeB;`#!fB9(nJ-l9ifJA9SJc_sQ>&TLhLA(lvHTOPjb@P zgH3{KmTbADljv%S0cZ-c(3IuuU%VKW&F7n!?5GU?~(dyV2E+&@o7z`{xQ{UDd z*1s-mz7#ECE)-1|) z9M*}Y8N98;GECi7P}|Ol)_zKuUx18!S4XD8hm3&+L89x~>m#bGT1-sTdVWaZD5#hu zs&A@czYi-(2Lj(A3X_)%0HQ%$5Jd?O165V}lKugN=az1}`!BJ`@cNTN(sh3yyd`NEgnOk*Iegp1kK5P<*}#)B z^!12|0Gu0|F@iM(q67Xmh~%^_Z*V~u;Wm9m+tr$gNPzzb+#?JN6&|5BN&E%K0^AU` zWZh2g_nl(8^QydQ)+)PUnv6{dxI4w}njim>C@VddD3y8e1Q~wwd5r$CTI)uO8t>YyJLb^rBNN z^k3x*k`}hC4bNWG%&EF1t58v+tOKnRoY3*tl=dHDN;IJ>jaYQy3_|&{1pvWK$$6?` z$-&rLv81R07l`6mWe#1)_)tYfCK7Jdc&LfQg2s5~)aKarK*`Ic)m! zh!by5O}p6LJc6L36;D=GPts2)*ia@ORy?%jjGTqIL7R_3{%j?8;f)+1m zNh4_5|90SmHKJggOlNgKz)np*8aFg}?{PdmFSH0M4@Bqt0q;f#F|%B%!Su3}H}moM zpa;|LnmMpeCKnxtLP1LEz)QNBd&-lYh%usYRh;Zz&|b;J@QaL2bHXYAvgu}DTsRis z)rREt^dLICclh{$N2RFPWQCkR37!D-1@}^SdL^5CMTjd5IlM)6g9`s>n-gBJ>D8pF z0g81O{toJTIAwMV&`147Wbh4|U^tDbIT@l;@#1B|s9^E#wK@%bSc35jfHuP-I#BXU zYCrnUJ7fwhq4?{Vv54Vz1cRIvKxQDyOZ+eRnHwRDL^o0j;z9mCi`H(2WWJRZ8w0E2 z_MejnH^UzF2tm`)29j{~>GAIi?2Sdb^v(b&as!=({0eYvQIiUCc#pg7td~M;KJWH^ znGRzng%pxRObZ{^ifKCaCc&uxR>$@r2iCV!s#wvUD!=dacsS}28;!@<>2H?!eD(c1 zGZIT)YJlYRpv811|2$heNycv{QhBuGv2gqx$I0xLh0j7( zoLLU-tC_3;J8^1ms!pnL{JvnC02>+gNf|9$*j3m`TZvApa*R2%$inP|-Rc^COcrw( zw*kkukNhb=cTyRc3G7AgrGKNJU=GpM!x5t=>o|ucAGMmb5o+WZ4N1QXYS68v_IxiM z1@a*El7}cRm=w;t#V68zV;i#=o4YCsGd5!U#g9(Gz7B8dK_ql4D&nE}&u;eMjMpV9 zs}odR{#zWV&})&%hT}@2@j+{CHHgUVGyKqOg_&nM?>hMHtQ9*F9pL>z^&<)}9Zp{F zlfF4&SOf#>`d|FOmz&n6Iz$MbluS|%p$=gwf<6rdauAE#JR`oasDTQrmNZY@g0tmj z4?qG@b5Ms_MT5XonZ}C<0r2n|x)~O{3P3~u7&4)Pu9_NFZrs}1Zl48eh}aP`!e9^LK`?i&dj;8Sb|M zUY{iwQcN|i}J3MaV!aK%a9Q}7;wM-hk1DL>*-LBNdb{1 za!kDH@My?g-r9?gc z(AdtW{Lg7Xu#kjqP!(`;WB+h>X)v)MA|jG=|316W)5Es43&Q|leZPMex=79$c!5p$ zOlsz_Z)aVL{sR6~en;6?o`AKSZAUH2cW@f;QOnuIJixrZLXlyAi ztrpo3sFK9(=I5)cD#d)4)kY;E0#5$byjO_vaHJmexVH$eXLz8Fjv8?#>~0!#i4%Lv zmu|@zY~gY@R@G;tPV1pw=@8!-3~Zav`-{9Twg@fz0H^DsNitwWHL)`#-U`)*?HY*& z!QLC#eYxiDw%t&UNZ6PHWv4aut{l$z$%bI(%wup+=6^^}lMFOS9or1iVxII>R{fyB;3;l$p@^YiBx?MiiFo-CTr3 z9^b^HJ6c+*plOkR@JUi&vxRMmCl_I0{@y6cNPaM!<(;kdcGDu+N31T1*q^8_{0S-I zD_e zR7XC}6A$4qHSuhklXh|wSms8=AWEKr)g8EowW3Ho{_-D-`sYFXf5sF7I@vwM`N2E- z8zMmgX@rv;CrkO=zJ8*0iivxv^OK%?XezjaFl5}N`K|9SQm0sU?SX&<-8^RBo{i{g zpP-4)Km#mh419L_JQ|0$RqJdG6p3V=B6QbVw3LwEmY@yX zQ87vEL@A;9C~s!QJ)>=z9OnRG%6-4FGJbJv6V$z(I4tQ?D;%mz>3gX^b3fixK+|P+ zZh_+8VC3?OkTd2h10R{iI-w2qHFz6C4ou1VhO+u9Jt-`5y{Stj zT-T|Bj*2lC>wBXypYqiJSU8y z4NXFnCz{MS1dG9zTJi+&M_BdlrXVG5(tbHZU}7GuJY5B!cQyx=w;{2MJ-^j9!8k}p zS1>|RJfXyVTtK^8`TJIL+kGbPD5UtA$(b!s*FtDv5^OU+v`&SQ2z$R?>i%h0%3jEf zpY3~1Bq!c}{wnHoOverv{)ZlxbQqFbA!b%2cFH{KNB!XVK43`N%mD^h`%n1)d@A2A zu~7e60Xk6WWhs|CBi=p{?W=|KJ-01VN7p{z6lcbNii%c_!o-4&`4vgT+c&j_lS4s8 zMAr=S>>+o|W8{RcM2jB`iO=EKX932X}3VAzmM zqQ~whbg3CT_AV@N;4q9F21IiHI(%{1kmbk__5ZfQtyi-{Qb*qyv zCBN9bb2?cQ$gGCmBg#_}zZ`nr4X#u~?kDb484)|)D7C#kd?x-e5x(&75M^eX*dfIi z&r!fSls_Gs5boMpCA}S!#^I z1v9}X7b8`tk?LZtYB&7B8wBo87u5J+%;y>)<(sJ(b@S>99zHQx8n_jl+4~I}%Yup^ zSgYq}{xk8=GS-qS=d!`F3-V?G;V@!xya{_4UhAfs-g5Ou2<~TUF)_Zud5oR82ptXu z7N@@#+t!Ixr;`~kX3s~8#zknHZSnUZncL~hw3dm+{I{q4^VrArQs={pL7p@&q)YZU zPfy>b+b#|)dYD~+K5G4B2ywh+#N!D~y{ouUMK(W?q+K0l{ey{!|L`0BC;1Ih`X8H? zh_62>>}Svg6bP(rJ9&4hIbr2v)UyP+*1{^JY z|H#ny)Sq$;R{b^-gM)yRDx1Wq6iNxVjcPU5XyzHu7}8nfhD{KA**Z?hmoN=z1TGc& z+HAjE!BkhrXV(?=P#Cl}^1;197$8pAbAY2*Qpz=jB%B*YYbmFRmp2*iDDr{86e2@G zAKwP7>uceJn)?Etaoytg(ldXQf;2@A8bEw25TLNI_5H>Wcw}gtYw}tu@D&^SMSGX7 zw5;{HY(_h^S;#bq&x>c33+lHUI3dUVuQYXxx=m(|j-Ji|q{;BcC*HQOncjbI(y@R; zmXjACg?A1SU&qF7PucWHPH%oj72u3|O50!TOo7AwJk4-Dndw(+gFukhcJ%unS{?4B z=C+l^g#pNbrDaBbuL7?A=Qu-xVH#&t#qir(`lvhJx}@`1K*u5pU>n-^u$=vCR3fzo zBUI}h5r3nZqx^fDarGz+eH8?Yrcp`UWi5{hQV(g zA>}QJVr?%GR!uM2?$Msx;+cR0R&~qmTN*#Ls_f9>uTB*v@Su+IOi*Y&@=c|`E- zX^gu5b*=w*d_?|-Wr{`g+tCg(E4^4ZE>(JvBNvDheiNo&E7E8)TYgLO}6c)@BjC_nRjz$ z?sINj*Yy$Df;Yuz{o9YFO*{YqMvP6^+Xv1F4wbLp(FZXq^5ZKU9h5mVDO1tlt&3i3 zs!7ZQsF;;ZRb+Gws5tD7ZtPXDx4a)+pZSIwmIlRS^aZd&B~Dz$&B~{5?#56s0Xngj zXtXYZ|94(ZI_4EByTgG@;zCYg69Egh<*FN}Nk|=o5PZTpIfr#VZY2Fk>6^?x>EzWL zwFHOkY?wKgX=VMb+#j=TDNN9_bF(Kj2MSf$)(LfnOG{Dm&>A8N)T+o^}iJgOBXSp2-&#c$OqAFGh@%m!3kZ7uoxXuYsag+}C-O+3ED_F%nj2 zILW9E4iwwg`z+}&AwHe!MBPRdCUmfemj`n|$Rg;)5jxEqNRhsZTD|BM3BvZMe1;d`WdZ`&sk9 zzxck{V~6;h{JNl)a(IZhWc~pB306C)_poy8%(SrPXX5@@jR9!M@7{s>+IaguKnlqP z-=WaxoTw}E$k6Ocswu@fCx@zrkV|FAI7#p{-K%3XXN0ZDjo-epb=;g!XNwaIC4YIV z*GL0e@)CyTUJgXJtgwV8B&HV}7X}iCYLpTtSZg@BPa(j(#{>dbzeZJacW6*DuoW?I zlO?bH(y9|CIbg?1_5q-qH^56-`RM!qVJ{Ff1UrG*KuGb5%tP^rMRvzURxCB zTqqYc`Juo6Q^tNocw&7tvu}v&CP{gwKhSpunXP4L5~3HBdrFCEKze;s0agxh!%+U{ z`Ow$O-l~#i@LDly6#U=0iIzS|_Wt}KtZ8L&G7wqo1s?>C z1&rh6qT)uJn$LbUl!T);jX%+wv#%>gtWI2Y#F%8@+atv<=O=_t!1rZM#+$#Az%|D9 z1ugU((T;l3ULR*O3L`cI{)`yg4Affrp2`m z+4rkkNvpXjUDrF_qb4=?VKVKha97TtVZ^huJl0v8P_^s3^11&L*g3uk|NR(##a&H* zWZdWH9%>#vi-wzYAKWB$@HfI38Lf!wGMZy~LQvEQ4Hu(c6Dq1S2o`&}yvc%*->)Y& zPHNaCj2uupz7ZIRt50sY5aE0`5_@{IvpeBIy&8I3|bgoH=o=O=Hf5zTtuUq)K%TDvAq^U%T>Xm{rOdiTbkrg?T`gcr|2 zAJq=X4Bv*^dVc+RPyHRW>k0Dq?*>Yyz1r`z(#@+u0MsJ4TJe?0lfn>W6rHhY?uu@R zf?I#PgmEF4T+d~RYVL1k=i`d4^ed1xEPK+YY)XGVT#%-*wiWM%MvSThKcf|6p00y( zh)PK;MPp$a;eKErbAF$Ke;(0~$9|PFKprs};Jgc;Vhn;@)N}|VcOb4vt3I0JtfBin zQHuYo!CTW<@v7yRM|9aBo}f4aotzTpY!$);R^l?g+4gWs>y4Q#uCC=DRzsIb&Q8Tvo{1X~!5|XZB%;AC2!@jPAN$nO>;J zsjhc;5^Mag9{M*~{zgVV`5Q>EKZ9Su{pKcg)_n0|f@VV+&fAzPLEXN-*?w8D=5vT z?~Xm1xPcNBd~nz=1ZR*uq6SXAR#iyC#JsA9Jx3FMfp}!Ou%RGhz+|GYkavVN(BPjq zL6?~wY;9V7CaprpM1^iNWjb4ns1+9)nivVsjT@OpA}>EMTgr2e$huMTy?K!g&ccl} zk}f1VOc1fIEk3<|o;3KBsq+<+Eh*EoZyIuxia8>!n!MU_WnM)562YZjt5(P$xOaBN zc!H)k)a7t79P*;R_{V65ClD^FC7_A~@u_FFC{Ot?i8QydG=m_Gs?jgYjKARS~xxVM1g8 zy&9x(Up}IbxeheD>pCrEJT^3K4!bj(z4wokeB6kOTi4pUk-Q6YBlA2; zIqGFw*V;Jr58OB>=H`}jkP4e*YP>IJ2qw*g&r~<#v4w|5>A7 z&QPu-7Fsim*gbvy)+Kb&05p(yXx>_DM$K{^n{~V`xGDOtricc-vxOCh1(m)$p|UDz zL&#I88gUKJ7UK__t^TZ4QIn9b-(uAj+2aj$rEW?kA|ZrNZWuORDSgjH2mTE zOBQ4uu^Jt=-Kf22c$8ERgswE?Z$NH5&2}E6O8=$QS!9EK?DaZq~Dh6f*D~OZ>?HEYm0y z+vJLlO$5Tbu8>-)1=Y#{i(w_}I^M?#Z>O&YZvY#)~ zGmr;Q0;y3z1U1r@rL<}%!cDMZ%;0k}q51TYCxkS;`%fD>YNhapo)8CMX|fl~B(RwM z#gRC2sf$aoD5`ZL@QBw~Lk~8`SuH%<7_AUdjd~%$rDrxbBPGg);X6kFeN*q$S#s2N z579%bY0Rs z?)EX}W3_g^=o++Zhd4{V7{G}!bh6HEm+rF=8$$oxfv| zqxUXBui0uJ;4&)e4Qyj}PHv#^zQ(pb!l7)@@X8zY*ERHK<6EB5($?wx&Rgm!qYCm`qe4 zp4Y?t8?(5tFZ_zKG&BOMK+!*PQBdSn{J}*XhZ_*yNd;M?QzRV8)nM|v=bDPhe!&u1 zp*rwxi!rSX;m8ZYK0DyWx)%2r&av3*A+x>uo z=JmBN=Ge+SqX}RdzL^j=ZXBXu|8tex6`p9~z!OWC`|iYGawGQ)`5CjzNr~@^B&cwz1Wr_+$ zE{W?vtm|kNTuj46NLd(hu?LuniLb|uf7g-x1nt*ApEkj?M6n#WZSK5%;Oqo_g$rvy z@R|C!`{@js#{XN-*Y<`k(ub$xeZ-Z@Nh2UN3ZU-sZvxwS@7>+_mN~cYQb;Q${F@OX zabVAheuyi;``-KRe!ifBLUY22lA+7@>poQ7ZOl*9uy|c_H_1K-RdTgi1{{LX#ag!R z;?lZd_GyHGI6+(6P)7}rKlYdYXS&hzJkr{D$@qNgnmY7lCQH95l=L-FzorX^5LHa3 zk9h#GaL?JaMqKL}Qf>4Qt)zR9D0{zcbI;!4=H(k#8g0z6pXdRN&%_OmW;UCnUytL? z{2h1?3|@bt`q)8-Agh9N7y1X``iPW55*kS~HHPrV+@iR+XSY9GfMZv9Bj?MjdA=%^ z8aB1{h$asH6_7`Jt9aW_sG&S- zgIwK3W*U4y_V|WS74Pl4LOc0=ez}9Y4%FSJ!|3HjhKcj0;b)*SoDz+0@_#BwBT(G%n5kY`F%2X@Oyiw{DOY)+k4_X zWBe1Y@w~o3y1T<5KqT%Nw5)re?H&4uk&|zh^Iv>Vd@VN%s_ndwk2jzBmP_skgOsng zs*e}l1^)S4iSz+$9F8Z6Ld~ZuIgj8RTo*i=4=Wgt$2HwQLIBiHaQ~t1|51iQ4t?1t zsAf16ewkv0t~%(m!vNLf^hydBj?>S_#%ysxyLf_Oky{UL{;URm)I*<%3T6)NZ~Zm- zp5$qICYLY$&Cs*pFnDshEVj^E+*5jgVA#+JdUX{8 z5T`4rF?Deih5x@A2jTLqbm%>@V8IenwDMzR5%b!L6f6f@S6`XT)o-gS@l}tI*m~P; zn&JbqJ`U3dNIh=nyUuxpy;IAex^nKO!l(U=Ya(Nu^i$Fsr$Qy5!G;{6_N^d z-fk@W9~}CzonjvN6;qZJn>Xgs+=Y}La}%P2`2US-uI1oQzb4%47wuot9Nr1a{(wRf zNs@tjn<`76lu(?2CHlPW>TvN)l7}12;)1Du=e_Fu+HEJUb7r|Y+^AqTO_>1yx-pmS ztml6PoJ?hBeIptsL2n?Sj<7CzS&u)i5_#lDFoBLxKyZ-0;P1dEYBR?4l-ciYGvpSW zP*wA~_AklHM}5+wsx8$Iva!yMO;FK4At$VIa6V2Yh1^Z2bsQgF2*oS_B~8!$NhInl z%0j-r2D2?Lc^ZBj?Ye(h;sB(9z6YjmK8hs-ic?++)p8GlESVY!uQ$cgvy31Je4b3Op<=O zHp(@Gi&=Zv(*`HET%{~ZF{>J~y=}!w)MJj7Fpp(_eyohl7pmqe0bhl|huEt<=rps$ zLy>yGM0H@L2Px$+5I}F34b3H@7D>Hw>;)vLaH_0=y$J@#`RH`FKAhji6@?*b*i1>WGwlEr@ppE*=I%%) z`C$J3W?~{rvyxldR9auvTVPUIL54-TBE5#YGMw$M`7nbaM0VT+qZpl(X|41hK_794_fwJ6rt!cUKAm zx))VV(X3e7gK~9cFIz*ox$ZAtIA-otjsVH8@p@F9Graxy^Y3v zv?$E16^CKZskZ?O9afY3@hDN%`p92;#;oD#Eu&R%G zMP$B`b&Dnt??soEV9Q5RfwiCEP_4r*jWEO13T6K=KB!o#i!8SDUbTqXwj73t8A%pZ zf~lUsVHW!vXPLO_dZ`xpO00pq+1cX*00hG@;b{y)o9XPT-jP7iKS2!Mv@d(Jq*oQInAK7QyrNn<3 ze)cV}kx6KmN^>niG57P8s{|LxbBULYfNjgzX^AGY)qq5k8~p6FPk<{CDgDVe@G%KH zZJpt0xL)K>aK!01%K|&^VeI9xOf=UR2K(?IMv$#QW<~{s7T)@prnPF>j$+D$UISJAeR$&ew$dNsa)TvxdAA+;L z(#-UuBfT$>a}6aNY{=h%8W7Y>bHDE;-toVt!_gNeAL}IOR#YivX*a2G81GnqunyE1 zP|Jr-V~RLspvx>=<`&#O^8*(>acK1;aCm2sbF z5#SS2&WUUMMp?9yv>Ea~@$T!^g{i$}L#ND8WgK{OVNH}sZk(i37Cvu&PG}Yu(YF>i zQdZ|#3s*&Fv<;ym$ueqRSTXvU0fm(2-^+1wF?2P=fgz>f-P^664f!yOUssN4ma-%_)@1<2)Tb1q0A*f+RA424n-M9qRMx2KoH zu5RH~*H3#SfuU-)Djah>Bkc{)+IfuZMfkiT9CbZYJ@76b5VAxk=zfOUokByaZKG++ z$<56zP4Mx-?ZK;duYoy{HQ$&IGCx1=6k(qj6nZyG(KS)E3dk6Aa^4Sm6&crKEYV>2 z2*FV*yixF7+~vk>R@%kOKwKGAPx;ild#fqiM1bUf|1S}Had|~}%`B7#vuFSSL#-^_ zG#c>i5rK|TM8eWF%+b---PVX$G}d;u?tNe=@}Y@%*|>NJ3~4FDK@)oZ`$m89;OY1N z1fV0gVUi)8y%{?tbp~HP&NOeL)E%glkZQZR`FnadquN+_*T%YMX$YE6^GN!J#}q@p;vC#crULcd8e08>JupuFQcw;>?@+RtIvmL6<(PQg<|iaT7Sx&VJCoD-%_ zeF(KNwATx>nb~*~MgOJkfwgq#Me+T|C5YhJ1MBp-1fQ@R&BE>CWX@a`hDIkb_<5H$ z@;i$_H+rIe466{W0>LmE6V4rA8gfmjMY7x!Z6jdnYt88=EvF~v zt0UqJdVm=~kqT@u+-y{5bEk#@TTfp6Q#v;e^r}Zze8T|g!KG^*;%8vU%L`9=W9x(~ zS)oOp?whHnJx8!MpSimNM*UlN3A!U@HZ7AvaTeF}qCevFW=_Al;eJ+GA|zq+D%tn$ zoziR78!zy6^r>Kj-})Xiq4zUvc(fzQOv0g9-t-(=WbM@Z{vs@DJMO0dB177{!a2_r zlG6JQ$|5NEa`+PE6W#N0B-CQilVdRx_SV0cuAm_FO#puK49wuM6{J*ul2%qzqYd5# z^nhbajwj$ur=e+wbdESpN~+a!_9#vGJ290JUV}qd^PH?xfb`P+K6LnX=69C4eV({* zR#imuA4}ic*M-}9Zw-+^uUJDk{_fc2Grxze!Sh60`NA%izVb%!)^$GHfD(AE)-AvX z-+g){KhPasaEh{eWWf!zh@UDa=GTt+b(2!tE*~sumS-fx8F=;B_%G6}?&l;|x(4^x z$0JXuRo3XYTVlfM__~Jy2^T|885hycz*mvA6}UNWdLZbrK<_sX0J^E=Poui2l$|6` zG5`2wOG)Xs$%r4}BdbIO^A47Jcl{Gx_adn1W4b%32--moAMiQc<7MHK{b}_b zda0`wjAW(1A(mYU%U@eH29hl=cNP==3`LHPI(inCTAk7qPbVNoh{#W?d~6m`o!EI1 zkMU=j)LbQU_j*5JSS)$=&)x8&fN$H%z&%?5E44xm7T5q)%U*`|v-DMM4JO5WO@^r_ z!@{#&@6wnj-^ihr$7w&?&(eB9<)TS(Awj`a46q@-@g#H^GpwghAz~`rn>T2-;qJCtHH+94RfCz5 zq0+~$0=sS$9A)L!v`9jj3{5PLNWHCnaROvFFQ$p+gr`a4sjWTf1^-K~1>#!+tkhI7 zPn=1sRGY(Pskx(y`woZIlD|PqIVD7=_r0=^BYZ#jJp*#61A_LwlRjMOa);-7LckLT zCPIW2aDfY-jL~DBQ%h`4>p-hg+SV)~fgW9S&{BA1&+@E_&;=U7C#_c-mV`Isa^C`Jg(``=Ue1Krg)r4jLqgg`P+qB1wW)Kle%Xcj zeQ|5&LvySON=E`{+Mp^&ccqk!Y@0BQpzR0w3fgU>{lopFROtE$_oOVH>(Ld^u^uQN ze$!y5{XXwvrNx9s9(Z@y&vk=|)^{^%?~+9yi&>*C?AnAi8CbU!REp`1BEl1T_;0kU z?oWU*$uacj=a-sq7oAh&Zx@22=ywS!6H-nFdcm($FBg5@D7hF8Tpgxx8WfTjox0jxF+y<78@BM`K&fsEuQ^Kol5kRVm?j1SxmcUkSgV|1kE zVLW%D&$y0|Bj+hF;baG1k~%~)c)a%xK!MI@*WCBGhs0%h!G0pPLI}ezIq(U{G1Z(|Zxp(Ti8(7R7wFm032_W}pb!cC#;bQ#*IX8p21z!b#1^&V$)C;hs>( z2ix*Up1-^~zf&tHtHz;!4b>VKDT;$UJ*J-h)KZAOSg_{}l_oF~$u?&6a{i4pd=U6@ z0`_kCU)u<70x-dWgP=|zq@6C=g@`>&9@)D~~*^?4`EuIdF zps!3?o=L8hw(jQ18SQB6$KZA!oJ!E@l~8?gvXYPQq(#ZnxVd%2N%F<@ZoW7oobkAH z+ycb^?b|v>$k(+L9HevO`=`_B*_5bd2!3WBBCTv2{H=+bdqXbdA~Z2Ow+)Q&;jWj2 zehFO_^dYwS6L<&b?^u5qBx!e}@WBIbN^5%TBmR8Gw8bvvF@7vrp7wjIi}#PHG256L zG*C@n$QMc2YP|JWHOJJ4?onFq^xzCdQB|3~zHo>K0;|8(6uwFVZ=_yxBn=8R-L}7r zN@yHxJ`9#PAIT6><9wt!A<380wlTGJLwvFk>8TKKxUfK|;bD6j!_en<;^TZQcY zhtt7sDOzejIafpDblef-vT@~wkiG6nR!UD#PED0R@M?!=z6QRukv&H&Vs3N3>MzG6 z07joZucrtuEGnaSY)-EZD6De6(X<-_qa`azi>NFyzS$4ow1A&jo!es=5|!!7WGo(n zz^Xb%VD^I4k^2aJx$EZty5k#w8cpn>D==Ys^`k2S^exaFW#-_L7j0jDXctDnNfPDF zIBfZYc6o*79zN=cZcwO03~S-N?_S!0^AiDoqGf<`k^c7Lqr>XVV(rGvJ4-s;p(9)r zIvh!Y6KqDoNnUmH^Mm5ujXExC$5z`T(gMX74pOkPT8EnZBf+wY8 zy97Cai%0h=je3T%r9+{D8`#BAQ;`gijRqe;I|#N(o>AGKTKFw}IE@=>HC|Kv9Zc{! zjVwV(*TPNFL!h2XT}wjgDb-_~(~}4n<64HdSz0O##uz#_>{`wX-P-yw_qxxqkxojO zg2XuGt?3k2oU^JBgI=7N|AsAfq^Zo~yEoSaK3HUMB>WLBTH;cbW;-!Cu#Vlc?8>4B z{REaQiFkN1ENIRr!vLffwS&k9H%gi;Ds`d})7xw-;e{Z5jea^u@cok?lsIdDPtP(DT9N zNyMwQK|EEVi^d1Uz%0U}s1t#Zb#6s#IYG2U_4xZ%>GQT{b;7-Qp}!7v2OtyXfOE%F&^V~E@MYJt-Fkx2EILJ z&@W7RhWbGorf@ilgX6nu6=H)Gj4wIGVpwTMuBw3!vK?!g7V$nZPEk3r=EHFqn6jXb^bQy0h{hB$%M5he1 zk>zH88p0;V7U%3RaD1P&5iXw-LQ)zUibaO;AJ7J{{kC5JI_Kv92WN*aynGHR92y7p zNEm?HLnkW#a2MY8-viX&?fHVBZT&{fd#gLD91T%7AS&+ZTKh=#&6a|SXBBm?(bhVz z{p6lLB=4=JiIPVpzk{CZ>=ow8PP3LN$(@$>8p17}O_JPk(Seo=d-#UFZ!J5wmP4qG zwtFFIcLANO~lt>jVXo+sVvylhI{5Xt)#3Et_V)Rw4r7t3HX@mv8I(r@eJ? z?c7Mh?#>L>V(b@`mil`ie;RPyKIp>IaPWI<`xI3h zx*F!-gDMOIyO)Th?qfl4v8tlRj8S74ru4-a{%kl*j&#N0Iw&Yv=&|cL_2!27dqC^l z!6QPP>bGuA^^yXEo*>T4u%}`-mv|i#hg0EuoIrWX)Dfuuanj}JiSc)cIBeGn7g))QHiCv2W9;IeM1pK7LW$~F#wTy zLRM8CWYcBSBt(FoiC5+ApA$-UIDi|rU+%MKYE;he_3 z0i?>*QzRKnu;W`}0RKi{W&BAT;A4@1;`h?%!UH&(^R!qew_3u?wNeLVsLi zhm`c(u$~2D;Sqggl0eSy{w{3z;?De@Ltv)a&9Kl8?~NynD1bY}qYaV05LR zdi#O=)?PSs$<`P2(VKq3F9>5Oy^#`FC#~gKuLX=BpE2R_c6QsX^wHV!ZHI)|;%<`y z71rhyb+4y-N{gZUO`KAhbNpz!inN#@>;bxD09H^gF0+Iy#}6|cgy7ngb@MF~(sz{~ zRhn@^spv2;5rLh~J?yF4>T`PRNN6ZGcXcpwdn-twk}LMlIRCe9H~2079IE33-I`Fy z{W^%>xIct_9!V*+Oq@n0<|@B-re*z4q{~z`C?OU{x`?Ab7d&A?FWO!9 zv}E>a);*n|Nri=H4k5 z>~c^ggnkj>V;5IT{}EU_t{s7?)`HgS&Ph+j6%bu?W{ZVu=C!u=!gdeh{OUhe=HdPS ztEZ$vS1#EMcZuc!EF2(OTbp2gp;*C!y+p~pERC(Cw`06wHC*mek+&~wm%n#behN~G zWTH>7pUg#H-qO)w-LsU6yP>-Z2jL;49IBFJJ~e`qr#r%qtzFcUA=v!VIcG6yLH+J( z8kdr42pXVS((EhgsAnn_NnW1LlnSJO5O~?1o~GpF(nx~Ss&0v)B@=%KvieiD+S<0rKI2|%4694XqyrR16f zZqR>EW!|`u85&W8?;x%|dPY03(73B?lyY|T_VyQ9Y!c1P9HEL2)9wByUS%}&ubWvO_IF2V zHx-KviN`NCOuB7}q!Y^SIPr3WWS(TyTe`qa0=wpz_+b6LO!~M0; z$j1O`bVSe?;&kKnmK5oSVMgN^YGB~Y_6)Z|7I}V^tLMO6rK`DL0TU%3K%{EmKJ#ac z5~Vr=d30(sC3`9k11dr_yi-0vLawtz4IKblT3I3JwcMJ~{uVRkXA~vJ$RCB*_Xd`V z1Oh&xMD+_3Hn?AJQNKu3dakdM=!p2YtipI^w$JLKlIN}0cX20U-e9H!;3QQ7c`)qa zUhxxP-hx~E|GV_v`o*0gv2>?;AwhZ}Rg`CCxU>RZV#m^ap3*6JF!48#%gL zIG1#g_}>5ar)FLZo{Jg%B#QXC`g#BI@NJXczu+5O319cyC)^1;ZazlLf^A8vVO*9p@Fwn6& z#=vnHTSi5b##EzcXDbQ_6!iGj6oUPu$@`7yWphPenY&0Mj|>422lDa9qZ=Ib#%w9% z8CXb}g{kd+54QUPV5=Qh!hNAAEPlOB3JE75Siyb$g0<%a>IS@G5~ooy?_^A+)fkz7;+O}^>XvoSNOj;^C)Bpq2z~c&M8vY;%~AuN|DsGT zZ)}7e$%v;@Bae%{qSPdMPt=Fp=Nr-e}70>@D@*q0lBq%}8q{ zB7x^a>#Xq^2wc*H&iQ6({p}G~)s^2EI@M+mQolP|ly_rhB&pB)J4#gYd5@le$Df>C z)d`B_|6IR$=5CZuR_wSVO&mVnm5KLWuAlU$I+e#=H#`o4SC{XG9^gn^StA!`u|6-N znuXjy4m?o?UTw8-ts`s-e%arDo?H;uF(bq*AFCTx67YL*v?@Tec5jp7ka)d#+8oEZ zxx2BIUG8C~vbw)xemJb$N7bg*Nc&XoaUWCoh)zgOEGn=VzKV5Ta3c1w_w35IV7vLW zMZvy|IQ{#n>vgRgyq%hGnMa3o#n&Ao6p2fzkp+{fHeMh!05o&QpVKQpHd$@i8wIO=ZjC-rECqHU+@N#d(x1&}#q* z@iP~YXh(F^5w%)*da3M zZ{6HSFmWf6=B`kF;53dI7CW7|5=U)6q~^`}NQK%zmcR}%R3VhJI{>$fyH?7QHtdVhd-g_y< z`ySNodVHa2Npkb0`;X~)^vN&152b$hvC<{1;2QENS~W$PSV|FdO>HX$A**z3=xOCl zmANb7s-UaVx6q@h({H~SE)rc|@16-X^7BQT-ch<%&#&tS!DDu{6bt&Uapj>?>nL%? z2$Q`vnLQ>}hf5vdub1mL3Lz3UT56{+WSGT6D6wp0eu13u_yfO2?98oxRdj_Ai*+0P z8)u9jIe)9uA%fqejktKc{jNzD6aNHmM-z{&Bn}L0M{UkV#*YBVG$(Fc;uvwa3ooI$ zXB$`WNsSy0ANCUN{6&ZhhazNcZzAB6bILtVttRTkIV9Wh#8+x`FZh#=P4+n&+&+J%bm5drA(iUVxw=~7 z0j{-5|0|^XKgy-OS8K|V%ea4`g%#Ctr_gSV{owx0jjEdkX$wUMNi~4)Zv%S^dSjP_ zX;kZao>}2kf+SePPzOyk5} z^2%p=_iaigDbXToYFskgaS>f(C`Z?%q|=v;K=w;hey3>dH8s#N)JFJHrw??A89txWXd6(6-#3u=Snp=iYf0#AW-%jI zm-bUVw-XOU@R}l1(xzb{Cp&d!mA0}iS78fptkSw@VFF0uC%Tx|v;qtX#=ANVpj?|Y zr;rqvbUWx5IF>XoOl^d;cNTw4RWB*^NZEPSfR%i7RnOT1FMX>!%dwP{;;2sL6n+y$ zuMN|+eLCt;jUToaOF5hrum2h(0BcIOzp`yvDL;?M44r=qfX-4PPBlew3LvPY<_#4u z;Zy4!?gchZE;cYi7~QoEEWR2r(!dE%GYyyrbR~9M*7>{m)bQaY<4lmPOKAV3&+nZm z9ZKh4SiuU;qyiTGgB&?>D-47pZ?0t8X=JA~cXq=gpN;-pLnbhyzIl@y*aFaFlo?4d zXO4VwWFTBxC1!vg7438*VY^3oSh2Bd)L6@sW z+9kcQV(@J7(Xp0|Py(w2f2;F(wsf_?VQMJK{1_@?+ z?@kFqUhZ)1YZYdWtCICs)>jm5`R+3Oe@i3}vxFVGT|A`bwtZz#Lr16vp8q|9R!PFV zY2ue`N}^@xAWxhZZbm_n-3C@xw}s07v;P@crp{K@PE7H4pZr}8^-z-!4AH$QC#Iv9 zqbJC;2=eY(D31EkayWJ?*t1+anh2l%gD42c{P{`ngjG$~S}t_{#Asy-agFp87$ZNa z{d2UoL~#F>0!)6KM>qUwuF0ff z$`?Mz%}v(do$?rxr&D6}h={_CPS1mNV$;r=92$$iFie9mfPG&6M6k{Mu7SHyrSu2^ z%RoxX$zK@%q8qnak?tnH1JKLio2hw-p78JAF9yYX);)<)&=|*<)!7LOt3A#}YV#z# zI+JcjzIO)RJbbA8dng%X+WU5@J%_TXi2Lj&$ol533F52QJ4Hz0W5A77&4?P=mCy1V zI=NpLqK1M5w0B}VyVSe=F&Y>DV(?RP_E@40hn@Bnt*?_ExG>yLj!?GP!eQ91Jf=EL z)7gd=hc9=nyAbA>ESVi3`b3D86hmWts8F64)C=kvG%I~#wxVnD#=So;ie)*lB1Ea| zVW(i0shc^gB}oK#=7YJB_V|*_1B<&`Pq8EY0l$>!A?6jDjG2;Sz)uF6lWkDyuHys3 zM-)BBMf`>gtYGFcI}M`K{&O^Z86SJn717n)h-T1s^QQlWoBFEQT7FnS$R7ivnNJf+*VE+UMe~+Hc_2Zf3jjx@27#Qx$#^>NB3i+*7GbwdB^dx7; zX`e*`U(&D@sJRR8f%wo4Yt4igQtiJmzyE#=RJ}+Y&wi6M?LGXz!x577u*>M~^*9;B&4Plm5=$P^!7|ac{!oGmK7_VXy^M4 zvFNJ9O?1=Cukca0Itui3wiAarq3%fqB=4MlgFgAi&qo7fmXI0RkeE@{3BKFgM+9 z)q|)ugeRm!PF7}mMmD6yhUjz_h)&Mpn;1R9t5JiriQ!yA;~Sn(TvPzj!FGPRm%qC^ zr=YkvKMR8FZbq8}0{pymQcu{Pz5%{oHozvP)!QIGGruT11w7q8`naA_u1KyKgX5(E zcY_L~b9A-V;GLRR3uwg9QWyf}2riu-U=i?ujagv5{79y$Y!BK`BsVufP~6 zEGbD0_X9yGNP7ak)yp@~*A8f%yx%>omU#FC_}e`|cUMl8N)=l*3}-9DHmwqnPxFy| zf+AufgTO3x0REvy;R;u{!WI9bfuqtdOp(j-6XDmm(Sjdv)q+YPmxEm4?8u29Gms!q zuTcv6qe{?#UT>6s{4}TqLHdS55Vd^BgX1?2Hq^&kNJhunTniXwOs3QTeO(HConL9@ zzaZ1QucY3fqzQ4$Gs#LsG3QSY0m-2S!)Q~hd z3+#M1n2|ru&!@~M{-6v-KwaO>(TKl+iV7kXm|h9+?o$6Xek)<1KJ}D9KfO!!pr#iD zQoOzPd8b_%OpDF?E5JAI`UunVPHm-W(Dlx@PMF>gDLa=cljbN@ywrOM){9g-Y7wi5 z&TlZPpi}@APb$Ypa|`KS8M(X}dS^)g#ZtY`aYDXfLT1TYYYu|L8 zhLN2;m(f@hQgfv)@C-U<{V0@5{w_MTn_tKL9^4$vM_KhCz1;YIrN0IL;}7Ql(%N+n>*7zWY`f16HJ2!7Bx z+t-w<0N#V7R!cAQ11yLJxv3Tvr9eFZ7GJNGfk2B-6)1{Su@CB2Wk6L33{dk*713d! zM5|%=B7N6zS9KDNnu%&TV7OMJ0G&tZ*yaip1)BL|uP87!CQyq?X}>7Y$%oKue7|!(|7*# zcgK&8&fMZ(J#ZqVCW43x`Axw8G$N7C3nV`u$P~e34G0beZ#Nw>L%_KtU*pIMWip}? zMV#V+l&B$H`x$TY-4DGC+k)cX3M9YYt+1v=PjrSJe0Ruxi3xenzg1zyZ zzus}ym?-@g!07x$hcPkGKzTM`pi&@wd@1=R_fs&MR5pte)N0JsS=x_78~96_mn&T1 z3RnD-$1hKjtBVrgSGkJp3>@SXAHjF!cgFx6V$}o(k2eE90?Vt>kavdvkI-qE*^7h) z6QkC7@Ox*pzZbdWovQwyU{Gk)L@ravBns7gfCT%{r9pUSDL|*?kBTW|OuEpj zP-t~>o`_(rm_5)u{oS8o)Q*Gd~50!bl=O8&H%l%Gk-;yYjAG}r)j%r}_% zdlEiho1G;l5;p^Fp&!f?|F%#(4?hy(N0+hToe_Q>a(bgX2@QJp>)5D&X7L|F?P0+o zJcPal?~K5SB60U)Wz{4%3ltB!Y*ac8+}ChqClA3>{ABRc*Y#326vI>MY?yQ`S0v7e+{Zj?o9Tj^OZlA1V#O z*YDE{YYw^CAT}ja3FJN=UJClxfqc%*L3(G{<|Y|@#LRkvbn5-JZ}um(r34i(y=ssu zng2q4ANMQz;k@`II!rLBfMncvXu(*;AXy!7{*yNe!1$Db-nAdPdMCBahm+-b9&*9j zKC-pRwpK`bC|xoHzV>;jwFCvzh~z%dczA)4eNqC-Smq$v>XLe)V{c_VJO|PmS@Rg# z-ls~VdXs*g2iaYLQ8`GLAuy5cJtkKROraoX#&S8~iR{CF@`}2jomyn}P%=8qY{+pn zEV`VHwGcNAQz{6BwBhhd1Jzv_npfCZ3E>f#!Crkz!c9!n620zCB`XB-P7M?64W#t+ z&7$3XK+3KW$bH;b=6$P(?VT$%_|vi1csUddD{^02w`y$9Nf!IP| zbg;=i^1psyBfX?3m5Fpi-dnqVex1hP&f*hEP6Zq6B%yZaK`u6z4ULhy0-{l|s6|ZSdber*xC3F z`CmVh(LPq3PDGJ8LP={M8|WtSf$y~nDGPz9EcWs{$r|&k-N3rE2(w5EqLP${w>l!9S ziA<*^i11RfKkM8Cj9#oDpLiLFXl1zt#NUl+wB&vPX?rOq|L6b1()`K53447;Y%=B( zO9qBnZ9dW6rRh-_ti7Mye!;pj305C;53=rBVnR~LuXmbRK`j{_Vd-H6>Ek;IAChB} zofMX^>Kamt)1)e5RWi>|(mBX_T8S^pES(!WB1v;6+kHlM`gj`8f|A(aFsaI6S{3>tx6KmMf9I>dGTB0?v@@6uOCJ{{dx{FO>$&}kvOvj~5V zD@AsND_r3Uir-?2tW>C>u$MhOCfOM*F_Q2f96P7kSO=-;VS97L%Y(Jekk`*yV>L;O zasGfSs`%2;aRr}2AIx6p}DwmD#k=L)-S6`Bsuh`ZQ z5v7a7Jfve26T;bx&&l&o*|#srtIt?V0qI+0)7_+LjGZnMyM;|{lhIDrGEXj-h`R?{ z+9h?RY;uE))-#oyymuJ;XNJRn-86Z1!^+c%hNpx|);Yz-J4sbH+n*;``z=%C^$XHe z!&0M&!ot?B$b1jW$RHsOXRCNKFX{9Hg5ufnQ*yG($_k06fn~Ro-+jwEyUF<_%kU*B z)og8+6jYJ3BNpXF9_AuEMOGWw&Qmhk%qqIb)(kW1$@nVktR-F3Y^9H=^{lX(l;p9Q zW3tr9+dnvLOS(lw0KW4ds1d&ot){t_oksqHqlk(eB7Vbf0j3w8T z{TZf2;w57mPj>!_RD=?*4EF4t*p2U{$V!$}MUKzd+!PrcVY|yDF@ddZlaeB~aYSko zm|r3}Ibo%h3tc{Dm?Sa z_g}H6pOdeiu}_|p;xx9nOS&7_&>C6qW}bGkeM(yD*yIseYi0Iuvc1EKipcgct4$?z zS^aKa9M-AAK<1Cwqf~-WiKKmstxuAw4t9A+B5Y*+Q}%q5v`(>$6=IeydqedgTkIj& zf!Kn{?g{I7M8-DRVh2ggVJDxE|Mw5}FJwlqR|XV}6P+1p~?j35?|NP838-z7H2G-+gK zn#85E@Bct1y4mVAdAZBn6-50nbs<^D6dICJ#!ipP(FSvPlFM({$pYz{V?TUDl61@? znd~hPoD<0uMAWgG339r@`s#?q`0is&z;6IRv`&)FLTNooQPxM+2A%)x*<_8$WcYx6 zdQQ6g$(KK|&Q$X7R(R)CWIfw@N*-UcuW+LEip6^|Z4mkDk8EX#OzyI;9}^!nORFN| zV{GG=><_WbTCy`r5Q*Jnt>fJrEi@w2`4i;valQnRR82O=S;s6HEOnk{temov5Q4Z* zkyQ$Uysfy8%(RiZUe;el-cPd>Dwf$nW;@yZ7HO?#bF-wmmwopQ>F;94pOMWj=j|U; z^tum<+IcooOnB%c*zqp$HZwsWUg2zbjPy^l*I$qf2UDrZeHoAJWQi=2JQ4*H2k_HKj0sffuz&Td(H zAd$$fDBFh6#7LPB*+=1z9bSWXZ@B({^2Df*1i__EV0 z5@BLNMdV`Fxd$_voo9OKZO(1MTT72f0yZ2_DOpMfIh$wLyORgEm+%|M@0aL9Tq&|E zT;U2=Q2Z8CWP@G}^s}#xl(w^)^;k4RWJ3l1O#6${QIx5vy=Lj<++*yadg zDXAnej=8CcA(UO5l29+_@0EzkNwU)~)dXV=<78%nO{|diM{Hw(w2!ijb%IKZjwh+9 zEZBo+!r0*+X=rBa<78xw%}lF)D#5ER&yMs+vPI$u zWXs279m%eAyXZUf0;Q65E|Y~;X{OSM6$6C6C7pPU9I%!I(zfXQksU1%!b6ycm7rDJ zPtbW4*~pHbkb+27G(xVInVUCx{JHZ-hOh|c>p^^?*{j#2D3OhvkmGTdT0@SfiBiwj zUXtA|=c(YER-xso5Suw0{mWBV&uU0bm z2y*y>oUXA5H}Wts^vZbng$O$Uep7XoYU4f$2WBbVx?V+2I!PP_U33 zaLc@?3 zU$LriBGVs?E@JQd8I zOD=K#Af0KWI_KS#p)3hS*QqKa-&g|RL6_=L2TIvOw~v`w&?VJ#-{k~d4m&eRxWP?0DWo^YoV`kmc zWPO$GZj-{8yXU3enW@xIR!|B#dCZQNNw^nFttF$)&dz;XXIO14aSvcC2V`}P%=IyM zGkMr$1W%DQMmD=eN@JMlM@}zTqMc;bvAtumvBK)Ih~AA&?UI9aws%0LTA0>AkY>T* zF+08{NOt+{HxEyo_^8TtAPHr`4M zNVTPyy&)&#&ii!VKSM(`R`-$aa_3i!zHDKEMEKGDFtD}5Hs?s3KeGmq{VTSyPcD&A z#*mOyf~@_UugT6Nb2pIWMs{^d<`>z;K8g0aJNdaQ12#kNEHXF5sv1al0~=W+c~PvY zkD$V@Bv=J%J(=1esGq|tGEqbK!@%Go+uWASve-bPdcUdM-Sgc%&nBt~g4cXp4m-Lb znB!DCF^FVnf#n7hWe8iIBX$d0JR?o1QsrVj>L~Grj!AZUPOi>bQ4EpGnQuB-nPOfF zqPcsFII5g2^bwPs22%eO(p6-cf-YS{bGEbT;^e2Wi~QRkS+s@-5AKOnrZ_IU%~zcygCdU_MAP!BhP z?>?N%JNTncCY!V7EhZ`k(0Y_cxL>Up&1faOwb;Fw(LmnMBjNsAypU*4CIb=F%-xG% zL3n}h7XeGnd-cM4=ifrh1kC7XdK2SwL9WKjhRGT*J1M8UFT?$q`~x;3FHhp;&b&Pc z26}}Oemg$WO1VJz`0sdUvNS~6UT9@W8Jit7iI!|oL@6-=gG2i^DBZvocf9Sp>_vjM7bOP*+>XokX3)t>>Wf}?XRix7xe4P*1pz%1I zWyad42JoTnj^DB19^yQm&Wv#0i;V5s>PdXOo%<8sVyQeRA^*Cx$T%CXswQ^ho2$RP z40JKx$6026!^!=8F`fI*PIn7SpQS1D+qhHP+4&r?U`5<#jSs&5QF2#`>KzL^OA`;oQw z4nAd?M6uR9APedcQffBINgdiayG3=bO>U&i;E8Ag6*6>ChS zp`WGtko%X3+>h}7L?rib4B?e8xKdT)7>D zRj3wt|E*neerTkgUsc3lki&bUy&)ap@ZWcb|K<2G@|}S{<1ZYUPxh}Y7?zYT?EQND zFr*hekKuX1M@c!v-2(n?7^Ew*fVIQ3qIX94pueIFf1?8Ph9oGQ_mDWRDSp&_{qqm+ z(aE)H8StF~Q=nP$7oDj2%PFzpINP=X*)F}HTP{~=^+veMs~-CKcxU84OLw8be{UIS zW`AaWZ-T$EoZd{N)&jjG^Vbc7UaJ9xT&~gT;V+*d#uSxuKuh5-Dwp1iPs8tD8X&#= zh(d?TlwR%r*UaHf@QJ8VFG>NVmxuCj_WFuHIA5yo9PSEN{0{^+bl&p+>J<4`d%GUC z2)@f!{RQ}#e^nUxdwHcj9Om`+@mA=t1JGEZw7Ih^Jp$B%2tTvW#aI5C-SYc^31|sE zIfr~aq}svQ&VT-FNCl&^Isg4v#0OU~&u>)xjueAg@9AL%oAqbfgP_+bK`VLhufLF5 zP=qCBKu)rQXN@`<&WrcaWQZs9AGz%Mwg;C0AGp7a_f}y(N~aXGYKYCrN(*-fQIw;c zQc*wX&u%YTK`=s2O)JzFCeu+}P~$koHyLU`Qj^xI)$YDAP*j-iZV*8F)2|&5x2d1^ zfpB)XZt;hv-tP2JJBT83L>})$bd3XF&Al_|N zqDo2Q;SX|!TB`$`AZOJNLRWblUvlh0q)QC^8*f6ItP*50nR6lv9O`IaAf4mNY0?;` z5&)y~k!gq= zUaFvZq^&3tP+*N#2PlM!Ud-$)1Yo*%1(s?@8ct6>Vn1i~9hsbl2u~$2hI!G^5&0E; zT`C*D$RWy^XLLSH54Gx*4Cq>dG&ZI~uXt7{FnvLz1qEX%l|9f`n|5EBd~b`2zbk_h zFqlu|?cl>6q7VgbSW+1*?;Y*!AHqayky)<>QFyrawIIltJ-!&G2AV)4XG%c>Sf!#$ z1=7M%RjKK62d(OdbL9W0QYw)Lg27kQ>11yW2#hI35zs35OR&+hq?%I*RBOCxzK2(` zT*jCdS~kz;Yf^wQl#0GfRiqFAo6LhRNr7KOwg&Uv zrCKy&Y*UN{XVk)EcO~yk0}+_o3D+01-U0(GGY+xv{-#8MGcKJLvv9Tw`I}2b?~Klu z7+VsW8MS0AkWv8JY>;2j=I;!Z=xmv&G``ewY{qR9LEceg#fc z$iNzsHa*r0R*}h+YLJTjK4~IUKLiuTP7G)ZRf?cD82MffQsJWqrF{(<`=`?_^Vmko6R^(NODSsricP*Az zzCy%wH3D51lBT6MB(B7iZ@6Uj4uL0sS*JV2(XU$J|B5M-?6AZ zw7+uB;6b3#Ku|`{_2~q7U<;I1D0X7}Bp(YQ&Ct0Z*h$~7==-wq=BL!T^-at|lD|gU z6ckt&9|~HnY8A6b)x+uKMpA$tRDv2UMQSY0CeD`#OUJiCX@(Tolyq7Vq|Lxt9jIa8 zJ6LA}km^BNM>I!K$pZ5`;9_UON23CjbY!FvrDiMG4!qFiJtKT~?3g(Yr z9E?>1b|?I>>l>MR@c46>YtE3ie&(0Za(%f7zV!N7sWP#RNvlajE9LW&VdYW-xWAMx zwKcxp=sQK-E5~y!K>w8fM%lN?2m1HUrppomh2s_K3RnF7FF8Za5ywlIH&iw z2(_q&=&Z7?{$7}0Kc4Tc0;@&|?m_V*i+gamHIp0Z3v!hZmRt(68{3V`w%u~yZtSC2+wQy{HK41-+%RVV_^caV|=AU4-PzhZ%O};K(-m3^#~>>XVwmP zVXm*vQ!NLL)zLb-1_%4=P5JSlR4QU~DxkZ+cVY7wX1mHvY7u-Rb0$}}U~6NoI^7=x zQJ3E`4kz17xp96#yD^m@i29VGW?0_dU7JUSG8P|Th|F(>*MIoWpT2ku>+@r25ndpu zHN`FCu)DuI)>;h6uwrr>VRB+}kn+vTrPiUDr{ICD|Pq;bRhRLpKvrYw`fypCF z>#()C*^nIsZh^5Ym#^Xf{J%dPY%N1ac?wTP!_!OW*Y;p{V77T7s z(bSO{;RTqNM_4k{l@wHTEWqXQ((J|t%=Of`qxor+IuHNmp?TOp+J>I8G_#vO^sQd~ z-~amGaB;9P)>Z~4y+*6m13!AvAyX9W(K)d9?EC-xx9?zYeX*e+4pb^lYFRsM?Co!^ zjzGMJg`cE(WWh;zz{$(27d; zh;-;`sWyo+z~L#oq6u;n0^-ZM;COc(Dl@`VQuxH>AAj-_{Kp@^M$?4Kv|#s$N;tnc zTbQ4K&E?5NUo+6T$lIYqzG-rUvbK?(gI$>EsqxmR;k{O&6$K+?SM<)#Ou^>q{y=RO zXccl>Knx5oVC~OALA0M-FhEX4L+|h~Z0;QNR3-sZnb@3KSlrs#Sek*%Fq6t;hsKdr zI9eWw^s|CW6xA9xC}|#A-`RtO;TC@{BjmPB|J#53U-<0t@zPiq1bOK+Mh|EjUOCv` zfYzb}rBVaAHGR`l6R>f#*I5_?7DpJ&9KHO%|Ncif-dX9b%?31OzK3xxF$GQ@kRj<( zN?X_W_F-#nB+6odpv*_TkFo*Tc1TVG^f%loWU+=IpO7VyQXl+FQ-!}GgG zdoa;n;->t3&M3{~*irKa|5vBTSyKEODKg#PB$t;=UH;ei7m%J%xc~Su)TKni`1V;}MKUB;4L!eD z0}s7<>hd$#=&A5?IKZS;+Cp*w$M5|3Fld=OI-F?+v&q)IbOJjQjsAYV;At~s=MN^6 z*&>D6WB@r+Rg7N1?_ckyCPu;h;Z18sIMfWTZj97HSW@Ye7q^gX*Op9Q!+(5zl#);a z$4{S>M0rBT_Os)OW(f50v6=Ot)#}V%{xEy^WV$gO_&N~0qRu}13WmzleI4F_9Lr$! zgrT*Ijo}*b^Yt-l)R0m=bh$SLVUaOAH_xFdIizgp48DD`5F3{YyXR+x5uV@?k#%u< z3)NW>;N$RCDg|g-xw>8LhY(+1cZ(iSwzS$Iczn8^5bg&)o^EQh2c+f|B}D{7V)|Q!lIGFDU^!Ej;P7|5e4%ervQIQd_c=ik?>r$06CHy7(IZ-Jj*N(!|m(Mmv zn;^v7$dsNie{eZil>&*C{Vy&zAi!Wqs~?5i;}wVv^R>I1K|inC z?1y&vZ$hV~mn@6c&Xt3ax*P}(3r{WYf{m&6s;&ii{bD;cB>^_hE-Pa^z#5!fm>CNZ z*;VlD)2I0XHtKxjw2CPLCE-qhcU3B&cWklob1GOzzOXb^+UiWzOqldQ(Z)0$lG-M+EzV zhgoNju7=Nk__nPe5*lU?*1C&8!DuZ%TxzXaz^NA$<)??mq`=|J&w8`NKra0N;vA1c zBbS+BG(Ip^Tw6!OA?N4HL4xF#*WtPh@FZ`$<+7`y)QyVEg9Oly1cbQhxi z9IH=X!_1>R=h`>WPcPsek^-lXpVy`P0k%6^Tp7Ij@?~XmB>31p^g0c=`G#+vJ%yqA zbRQo(XjHnokqy|HYzj*#g4-828NR+Sa{A4aeRdac^31K!JL>0C@zTAhjXn$Y3 zC%l~;Q;34nH>Dn~&Nfp*eWAE}Wq+~}!jtP?y*vOvoxXefG0axSMdWtD<-uHdL=ceip(ZO6#&(`AwM3;m!Wa+nvro-mYYxBKyYIfBwVQ(2^UL*SiJ>%l5*XkQ zJSQZCvzA;DFPobqK*2m!hlaaRbch;&}r2vnZ%InKb z2*#-@U9?f^JrZw!`Zt)bPt0hUf}`11@QW_HINO5MFyF$?CD@;8j!tTXZ~pkYDmfH7 zR!+t%6CgOV?dot5!XqNrE?>Y%MFJ(@I2VemIX_+mKZ}wNN$uSDKmYa$@>8;5<@|9^ zX(o(r9QBtaKtMwI+0_YT2by^vU(~a-Hc$!oDY8P)v`p{9eTwWIQU28Toxdu2f=z5d~Rs)?- z({DIRUH{f4OjO6qqHszx^#+H(P0tWSU+*ntsSFawQLP?l= z<;Vs|`7UJ@ej#CAW(_!!3KrIm;Cyo-KP40d0VnIUCwer#HB_Ah{B&Qf(Ir-O!rs>L z-ohY+`Pula8zy$fYU4rr7uK1sZszgtzqx?fshQ))H_($4SJ}M=IIuFA8;tEAH^+H{ z%pACLcnEQJInbj@(hV4%(dkpm2XMK)QkfeAO2z^*9>LN2s6oL18H}j&gzBET?X5-F zdGhJ)atB~J3%i$Ku`6FH7(yuMIf6g@_;hY+8uqUr!+cAQUa5eG2ilK?f!>5cVeyUb z7}$cBFV^CMbK(5!pKi8iVP{-JOlWfjJm%Dy(RkgV~M*#`Ms?ebkj203P9m>pNR8zjgp$ zef>DkR}X?C?(kq6LM&Lf)P1gVCT|D7(IT?A^I)MH=qF!k?WguE9gb82{;l&Zh109m zNGk)CMh_IyEdfk!ZdyKusj?{gHe-+Gx4J6JV034{F3buTSkS!CX=a!%%)`L&5pnDM(>1BgdHnfVkiUHW4ZKHon;{+r%!@>5D^gmiZCXLYw#hsI+O?mi(w zejcEbF-Q6%IN6vmh%!*B)Uo+(u(P*5zjFa!f3g=W$|0s|ba}iBx<}`la)W@Lrg{@- zM>^^D3L$e~b#Jf?P+&tq1?=xlmX@}{#(WbmL*D4ddRrbS-#T%k2BKiVr30NSi=l zYTN#14`2uC5zz`;d(%Tpt1w;~OVeU3D5DqFwx;IxHla1%!H1_lTHc*50j1isvUdtu z!D{CTO(K~JHcnjjJOq<#S2TT2s*En%7Q3sfp+AAOS zj^;~?8(?Fli|(dE8G4r%no6LsZU1-Q-vF)s+s80npUxBF%8A{@woFjUCyxZrf8Yj15q&9_*;~V#A ze`f@+uQ3MH!|CZ{pv?}Q(;F+R%W(VpOPH=mOevp+!#QX3rn-@uM{3>pzyE*#fAGcO zAl5F(L@oct4ePOTdKcC^3zhWhQU!+cmw-~88w_-Rq$^zUE5~m!Mdo*o)=wU+_mu!P zB|#|zg~kV#Pi{vVav>-<#LwFXI=#`;?gPHQf!)jJa6Z>)@JWHo$Cu^lQ4kUm>}4~9 zLdNoYR^W1TB-FS7uDwDThg`k`SmK8mCPfq3?4r@%ZmvD53Al5 zSP7qg_o6%@6goDZe|j(gBKC1DGjOv%9q#7b-?$3`m8v>1Pb@?!^h8{B{$aL?FsK+MMj87(iAwZH$J&Jfb{SH zn@I=$X^l7Mn~)gdQ#-r^$4lKGyoxNBtMj{8;e4SzIHeT6{ontqKQ9p~`Zl(PtHD1s zZu{yvbmWHe+l=}55jq`?)pi)a{`SfGC=4#1|Nherh_ISXHZSO1y@ZR!PB*g=1Q`p- zZ-=K>yUC$`U^8j_liJ|=V%}S1kkq?=KHUInCV!A3(?>ZIiuz9Av#a6IhYXQ|TO+LZehzp>OSCswo~qk}A$Fb|K2sXL9!vCRz%Ef+K0@rLKN-2M*^ugM&jL#LrVDc)--*)4qHwFt4<;$ET3tE`UBb>+0zZ zlqH2Zyxigatw2;MeN!6X=3+ZJ)CZ~uw@y}i!N6E_X*b-wycusP1+?IV@S9Qf4m>zX91PUZ|%ufu-KNGTr~&3|M4ou zCJgGj+rCIjr@>GqoKSE-&k&0-dV)%0fb@=ugXsYnnmk?^ zuLP4I^NcTt`~8*O(P6j^gBsA-LEa2@3Fo(akFu ztIsQGUx5ATX8)jYSUGz(P!a`lrFrh;DU3hL_VMvT{CM1=V30Gmv(=st5vcjo6^M_-&OZRm zIEi*7!2an$y4?T@wU)nND8FmvXr>8d(!KJcQpU6auy}OUUls?U$yHZRE+8wwVs!I_ zj>WU9)jn{u7ga|BEsJcZrSI*VQnj@X7L&krCq#8KbB0rS1((b>cB<>%XRp>eSN z>9?@flIfB-+7Awhn}!sbFhw4gML-QaK4@Vi#zO8vm<3G|jk&`G*n zsZ^SZJ7-{Rs>xHSg1=?j;R;uLD6l8tIoNL~MHWRhBo{xb&W#1>Sq%#QESg_r?##vx zY_6~NR;PnT=UG260~;IbOEdit@9!a9iB={TwXW{$!uIN1Sz0LI@M-c4hyKN#qqP~x zdT=i?|A~j+l8oI;QO_29^Uc$pwFPJ`O%_x#FnNUc&8@@6#^zjKEnt_CT+#p)S&>SW z8gx31M&|()o#Pk}Ru@OoLcBn&r(4`$@8IxgcO7c8B0%dF+%vNRo9k<{!z~c(ZsOM- zEcU43BH#f-2WPV%_s0Be#TcEUk{BVBY%i3e0_Txw&q75G1OBKHNaQpM?)6` zBkUGHLrpGggWbd9$@Wr^?nS0&-<>m)fuk-orRrRf}xLZgtIp=aaim!F)#*2-*g zatJ7tGDlbzOs!+vUxR`A9F^7xWesf^k#nC#Io zu&@CK2Zx6nvyc(t?G~5{6Dw$LD=^er=AqYupb~tda$tVvcx$Q~g1odEa}e~*tYO=S z`GI;jqZJD3+H)e!pmYmq?r4H=n;w*cA+K=|4i5JF>#_mGlTx_1Y6!a}$f@ne+J}w# zzHkom2Krfq*~dt+uW(qRCvm^^5!Ezqh(z)nn5k)-0L zwcP_aJUpE5s|AZr6O!8in_KJC6EiT}QR!n6fH7h8=u_D0%jReM&N99g*pM|Um8GCz z2&l!*c0+(cV~;9?)<-!yK?!kX4Ru*jAfg4mX%+NQP-;?2nxQH?kngX`TiR0n&0uhk z7+lzdjg5_|_7X7pMZv)IY)*gxa$DTQ>=dL2>s6u|-t4c+Q{KN9nfL7B?w>TZu?ss} z8w&&VVAZP>f;T)GnB6_tfw{qY@KEEZ6AWE5E7BtsTO+N-WdSUBumuHQkR-H#k4zx8DnM5T-6xKK7 zMT1H-@ZBADu$yy(5awx2ZkUCGnMSot4p@5rd}m}%sbNJJ$UfS8@2cXLBD?4O8a~^le^XXPf8s?;MRnqfpvlZ1+ij zu@|5eDnSHH1#6!-06q~ET&hay+kvl|H&fDK?b9vT7>(BlwgTQxcqL0)9$i$!a@_S@ za39VNB2X~r9Az@zd#kkB@docK12#4c16uVOJz)PrE&fffu2Me?Qoj**`>PLzvjOnZ zN(JUiC!_eJoEasI#5cL8;?gQdRTU-8SF(h9-<g-eJ^X&(WQPvP`1=oEK8SZ)EcRDgjR4M`ZVd)CcH^QN-d@WT7{GT*IElj|NfkwX zV!&HFSiULoZ5(x|Myco=lmA`XM5yYh6w;6npNC6@L35R%P1BmEoeD@h(!0u(hDsYH z)*V{K-HPVJ-?R$nZWbFI);=|W4{c(+>Oa(@g@~30*emNb0`R7Va=cTSw24WFs{6{+ zP@AS>B2~qkoj)}7}4XFQZOK_(blHASf^Pmw=6nFOd#AUTJK4YW*WU zTA<9>WdZG}ur{S-afK^>)%Y!@$iI#solv9!z<_>f)cEztBT2ZhCC&A$KWJz2A2#R-q4RFO@AAhHQktyYs zvRgXYmd=a*K?A2Hu6~hS@!JU;V*eRZWPTk;RR1l1c)?DGU*u4#q)U~5?wpm6f}Iq< zwD4!g|6uT+iQn`yEnPnb?D_b$I_L1eLD1n(P|-yqzEl0Pfg0ww)A7r7?<^ku z=MNFoc&K;mpL;LQ&xF*b=yIO(-+x_5HKwB8&H0ZE_rWikqB5P=l|Q(UQbp)!+b4hd zwyzeY>yJ{Id1Yd!#Cv4_xk+GNY5{OCK-B|%^WAX%1b25`|KmZ|W$9We?-BVgE&4xW z+^_4q9|4@hUGb4{{%qoUyPhk43-Mb{k#$Kzu9enJbJjHzH z?$3w8r*tDzZB(+{pvyt#i=8WrK3qtwH#G??GC%nQNGrjvdG5^`Inb{9Lqs-ojP zJRJFc*3wk(=0_8Dj$v{40=uUh(qsg3?V!X;=xZ-Fi!yj{QH@W7%0`8Iu*}jRX|i|A z$%owy#vjyboi{Y}4rNE0K&Hg8?5>ifQcB}WlSckxaD&pWxfj=mP?{Wg|AGcy2IL{( zC5_Nim7!4xa6jW;5;~1a&_PISN=|k*Bt!-p^jhG{D=o;wwQmEgeP;u>TYbE2v>eic zys3=$0)O`Kc7Ugwk*C@!g*vsY3tB5;>F}ncU*w%*V|?f8qQESiLq8aASEe*7{^Km6 z6!=UbeWa14acLp>Uumcm(i|nC%IqHlqw8na8>8Uou6O?W$tUfsAm<9@L+*>oKi~iJ z-H`sq=Oj%;NW7bN90QfX#yHrM^%;{B>Sq4;B+^2s8#?Xc-tv4c3BOb+`GWGL=^7UfP>z%mHjm zG?>0h^~tN0p0!h{{Nu{{yUM{$L)$)lxC~Nd^4j)tI6If5W~?$manoRRrZ33pRWff? zCa++=?tU($qKitoXHqE)wN-#cpqEVmUrh*%rB$owX#&r<&5L6wjoi)P!+CkR<0wpYG;u&O>|t{Q z-XAlPql*3&*qdo_ce8+AR7Dq$!O2#a!>R|X$;c0BQo-oKMw6R|r<)1X8V&EtO=oiR zv3r4@?q;OxNgB1z3e&|w5=<8N(y3iI9j{X}Iq%cp7X`kj6;#H&xT-3roWLV7^RBc|Z- z?FA$TnD|>!v}(~{@c@Uz+o%-*HDENMjZ^9QvSNO`=Wk~rABIjR-BP4=^Y8|24K|Ar z&|*z)fzUQGUY!{UqDs&k&EV;6w|jYlo7KuEi|kO;qJbH(DOrqKz$Qc2g5H^-R2Xa= z5R+9iG1>|ad|RqaBvE|&UUn~|P6PM((|u^w3X^XMeD(XU%A;)%RXg?lXJ?Qeo_hS* zm#{TIb@Su~I*Q`?O`py$zX|7+(fiHcV$kxe&fwv@xPJv*r7*M3GsD=g`4deGo3nD*B#_H3HN(j#zI@=ut zKbsEq3m@Fs(jEz|*eeiL53gDaBfw-as}v^aS-u>96ai>Le1C-`wHobJ9q~skIalha)1XW3}}I9>qJ_& zU^1E1q6*&LU-2vMI=-j1d3srmI=~<3Z?15KD_rq+4D2d@b15=^U??Q1V)O6_*48&W zE0RF1R6tZ#)za1>93O2r=R|`wBxCQ%x9}f-`tE3F4cbbR1QEFtB^JCBD3wZ(tMyPb zG~Zbi4OnJNa4O79^auEOLQVJh=I#!h?#@GuP4Ast1$!rloBNmW^kO?B$O8)6R&Fm2 zVgKr4ccKL>8dYe{BRIW&GS^-R3WY*r^oP;4>#M^xIJvzZt4Rfgpe|{dfc@i>XPb`z4&UTfc=^RA(p$IIuTD18d~{%p$lp9VgsuIvXICds zk>F|Z3Wm|8z1@RdSQ%n|0U9DeE1Obv3m z$MVzP!@+>F4^D(2s31D4g0KCfznn{^Q?%fa9ID_Oe7k?N@b9!|vhU z>cTW+M}Fw-dRhZy)(w9Dr~iO&KfT#n7=dt4Q+m@1eDUgX>*Nql*Tw>j3UCXIn_NAB zy~ACY>#jDa1$aA$qkIWR|BQ+r*gHKsxjBV_;zV0u0qpJ0hZ-4J6KeN2C%{*yEo>Qu zjh(&Iy+ug#w+N0nnA<*p-Gjp?*VoWp9z*>OfFpkYa32!mF z2ZLOpbaTYO(8BuW;RU>Yd6^Nc1+~%EJhBX1sGij^2=y@WrwN_2l0qY>z#fwWt4FuT zv+ZEiD-{X@)DQ38p6$W@_0`5uJy^8#5EWghybFz}u!R@F&9`5Swl+ai_wUzdDc6Q)&cP`Fhhl2K*KmG6jgwLOzuTS?u zsKX+N$QR!%h*nToB6DG7Va%ad0NQG4`zW-O=EL~jCr{3n;qc~WvOW`3Ds@iN7`%9V z*^n0jas}Epol1q5_g-IIz`^EXPPh&12~96P{}lH3SFcWYAUDjW5Z>yE4QJhIlLu7x zFT?-y@BjJf<5O6j==3t0pmyTyv#0y8eQ~in-U4P(7MNH73)q7k@4!G!Hot%3tt44G zAwY7RTi*{m2S?|xzJez!ZJ;;$4zKLO{t?#F6Bw&c(pvnWeeU3slNE^aGs)%HqSd8+ zs|y`jfc-}G*cMFG#9KT9V03BUxxX50)QfV6E$=x#+lQ^gCpY`E5be+d-Dv9ySGd9z zf3NuOq{!LuYoy5hCbpu{?dJyzkPzTd3k+1o2snE2`ABsVB-M<6|Md-oi7X(e1&)>n zjUodz{W?c)mUje2q@<=oVqCaRz|LNm*F87aQv*fCWx2&ou(>+u@9=>1tgPs`B-noO z1&kF0JF>gs_uoH{^>T-@{?);X6lk5lI-V>7jWuNZ;uP|No$vUFs~tUC?g5p8sg2>V z|LIo)xgKClsJYmk0w3?_)7x{1(6f}b4LDzH1bjWGbrv>;s}ynuN|`Jow+~)^auDtz zK*iMFY)u@PVyb`q-D}A4^UP?Rg^8y8rtv+vTr$$_We{m_=^4N1+jpPa2ha*!`* z)i@~IVgB-q#l}d`h2@?cE<#Lv@#*;v#F&^quo%v74iddYU`k#0!T}6cCGdp}&FZ*4 znFlu|i)o#K-JvQqQ^0@cP^J-;j`(6&KY#Y>Y!k{eg5)CEfByMcO$sDbjr{PE9eCP@yf>J|;Le)8U00WgcccPB2a9hPSUih8OGY7O!~tSo7bO1U8HwP^AhZhm3v2!)5AGGlM<+thr6Il zdpfOLH1zL3f#ZpG2({bz`6d1+Q)!@c@p!yG6{HuVP}RwqEVi;A=6lOTIfMAB$HQ^TU&(EoXq1dzJs%!&6|ru$cy!M-uU}==(M8VBM7o`vZ7-X zfZ9xL3ZQ}~Hcz1;(?=@)hi)HID+Na?tZmL!;nmF{M4RQ-+zvRNZwI3## zZxaM+Sx8|goURV=SC`3@f~YY=N@?55`WnoPw)hGfh%W3{nO}gtUH;y^jp?59kdQps zIXM^{nSiI?d8%y;`;2B$Wygmwgl}!5mU#n1g4(@#huW#4;dir2=VwiWAt59h(Dm!3%>i{;U zo6I^pOl}=jL@I#!$?gQu``Ls@*txkV3=seWTBf$4t0-J58cXk7J{YY4 ze9jx)f`gH2ktyK6lOh}R&PItf8I;@xU;gm8AT|$9zWnZFX&8D2Muz*EAy~(P^4j5a zeHcW1Mhut*bEEG2HhK_JimVd*mQP`zG}Jj~rYh^(g89w_p0xFE z?KUK(!tlYTug;gCr?($Q$NIBEJb`W}xC^Zy18Z{q)#(CwV|uaxSi86^2oNEzdSIZl z4JMYCa{cw-lRo(4A3lef{_cUX31}}%_6|*h{k>H{iYRLIU^1I{X35;bw|BQ7%pI+s z-d7b<&~>|icO&eZV zhN{A%je~WF@z6xqjKaxkzfGn9eE)6|wCdG@$~&qQc25t7hsWXZ*I!OlBmiTY*}Y4s zPj;RF^QZ3KzF|ZZ#9-)M*w~n!Asd^^i!)Fhp8`|cyLo{OSXlY#(K3V^X;VT}4z7*V zBmzF$V`|~)<1Ife11YGNt?-<_z14O=?Pd+F!B$t1iYegz6j?C3!_vWJWt&XfEFWz`eniIhtMA})W4xz-7)A!$%3>TQ+d$~Ob8peWZ#^7?L z8%(zFox@#-wriCFLCe$%a$p*-g{^%^3o`PSDeC=3m*%0Np>t!d14O3l+xrZ#zv}Jj zgVFJ!^gt`*cg`<%6#&4Zi42%R%Kb3@ILm6e?s?h814dqft%)$^x=jn$A69mo@RQF>b? zg-q&?QLYHic=Yw3ehv$}@4kWIg5aRMUbx;G)rbnv zYD5_`K=0b^bbT-|WBB&%1(bz&`$Z5| zP^0^k6*5Iy)c_oB&*$(+j-s3Xw7S5U)Pme>sOXr0XJ^aa79W^DzHLs{01GU?w#3&qosZ?y&2;3DlR_#0iJA)MEbjdJ-Ynr<`h~w+n@j8Kj3=2O2y>x z3sYq2j!d<|mY7`()fFY>Eq!owupaAegVxEd`H>co*1jKL?c2ih;Nsac7;36ciSh@X z$tyjt5VA9~7Y?ssvAy7fKeZ!NN>yR^GCV$6uPMv~552B*-~e{syj}0AGsz!PD~ER1 zCLl9A2eJ~vkz2yU`z&~$!D?gR^wuTJ57c!|tijplq(fjJ_@Ahn& z4^N@Bwm3H{0|IOsZCF0sUL8V+r&ds_K@`*;ju0s6nEc_#A7G-Tz^2zj>B#A`;{nJn z?Ed=qUqVBo4`WC?#m4!IKYn!tVR})e)xFybhE(%9y<0*?9^__bK+nSd$y^&~)TV^o zayWbS{nMQ>i1f25jKQ$}>bsly0VpXh3U`>n5uJZ@vJaIddHEU1;B7OhHM+N-cGK|( zYkh;Fp>cBi_uqdG%_WIC(G7;T9}ky$0kg#)-kw8&zeTCmfO7(Ry`W%;k0#-KrJHZ% zOk-WxJ%x_ChLca8Lr-;K&*Cnu4b&RtN}yHcoB*ZBDw#5_avnZ^xt^a@2{+$-Gh3ew zNcSI2AHc=-Y(;K5*gvo!8l~I>1Lxno+MR^vft~;Oeh)%CB4FkGx-wD*@~GK)xGs zPEZQ|?48jkW$*GD278*eKKmnlyVnCcw}_ML3rGz%^WKZqqG4sGp@)&Ta~^qdDy0N%R=+!d~H zg)4sT_~j{bbx{KR8Y!|`G(dcAW#8Zs^mjK#`?-VE(U8jM5nS8Z2SWq>wfTuaJw2&( z5SvpuJUj>`X%W0%0_P;9;LqflJp4+kO2OagnN?H@@gW{6gC`W$wDonjLs@PHg!;JI z{30MDIhsFaCr!fu5s8_x!8TAE+>-tNw>9%w90GZ@_=DI+7mT@6~V z;Pk`@@Qo`!zd47FvizF%HF)`C147*7a=`)_70qLV-H;mYu-GFZBPEiTKOioZ_pfR8 z3eHT82cz_i4IMso8c}VA%!=lL!685)Jd6g2NGs_b9D;$KW{3;)5JVFsq-TYC>p<=1 zmywwQHnm{$ON6$e;r_NN@HJzJ?NHX(+1=RzSj4=9AW$haak(`x*w>tslMP7`0n&qH zA9?ow&xX{Ezi9Btsc3?M!GXcv7KrnAr{3mNDx-T)ZATwq?bj6~fwcCu5S>*HwDwcO zKx1;0H+R9{;6QU#4%nQJfqkH8I4#qgeW0wRcciNUg1sz`uw+P%_EBq$5R;Y}>0gTcWe=&UVtH|qgYcTVmu)PmsVh=rDcp@Ggi2y!>_ry)hrkXl#<88HEr_6lmW zZr{iZ=o}ax?(2Z`NQY=4nHj0zZkBF_(9vpkgeF64PhUqz7xcB&1$!GoWecon>4vVh zrsAwr2=FrTEj*`l`(m{jkXcH}p|gw4gD1mo#)jcUMPm zPbcKY2kP7cpt_~Av$G3^dOK31d;seS?M-TO!$Vz-5Jk^y(Su#ic~M|9r-!>j6Z4>} zx38nK8@e79yPHjbO)NUV3~G~CYGyk4xf$QN7a6Clj?g&BNQ~5I=xJ50!JLqq0bzjw zxz#PuKQP!{R{-uhwOXeG=a=t8s}amzkXO~x-`fFYd6^M`UVvSQ$uk&gJBJ2atH96G z^!{^W{9($-jQqTW2(UZiDoWGAXmEqX^vpmHHE2A7GSlP1X7bFhYlEJy&Ytcr!2U`Q zlwfp3G0s9@lm=s8j43L)f1G`*a5{q}(qwZlCXfF4%m>@JR zJvP`4u)j*l%m9C@PGjSKMYBf;R8*JxnDszU7fbuAtV(Bl>uxCZ zFl)d!A~88S2>zx=7FW2!6|VT};+Ln$RfP%gE2PNIUtk64-E%znQ&#-JaU2(&L+R46 z02o_()s9Z({56>R^_0ea`-eGcy2z;b3zm>?Dr7RCzE^b`xStLhjlsnhZ6AI?c24dbR^Q#*?-VM5>W^mNd_@^fj~^76 zK7Rb94eOpN`F`oJ?eiBjQawxExADP%Ebv1MLLs2_s|29cEmMHhDBf)T2I)Eb5e6-W!BrV-yB_iqsQUHLly{p*KTgH4t~ZR|u?br&xNE#cH#Wf0>%0QzSQ=yTxRL|8}lK zQ$qs#&gE+7A3qp(R{{AC6mMS{r>W7(kb396FPl~?YV=kJ3XKTycYuld4mN?!-DWl# zz&Yw)74Kc4q+!wxsb;I2&CLSzk6$xTRlK8dlg$wp9u9uqHt8Doe{a6hgooMkKUJplBuyhI4eoxBnivhD!g)uHUZ>_AP0U`s zTx!h)l}yRYCTjiKW_IA}a&Nk)7Tk4AbW4QWuRpDhalm~qB9s?OW#CIe3nGB;^Ew3jA2D^r>opul{(_g9*!B)rl-5Hu^b zN@4O2f|U4henSz?l)WR$U}Iy#zT1>2bZ=Vh!?HOyf9ZK_jE{|zw^;YZ z+fQMxDHF{VFyZ^kLv50!&>k}BAlmfZgDV|0(X!NG2lwued z=u8Ur22oI(ZQkJT9}LOaIqC7?U`B$iBKDBj{DOQ)PfLpmwga*jo)z5(vU*Q%e+UVS z$|=f+a9?+%Mj&X+aq0O`T##-zszGhERSm4dcc0%tRZ&KKxF2Y=x{$bB=F|31JBrkV$w^B z^B}~_EU1l;RM!60H(x{lqk`nP2r%f>UcvFu(%D;`9}o1_J}KkTm^@SSiXlHc!KM*G zYqa_K20?5}dQL_nxEtx!gW%=}hU@~2oCZGb^ql28w~iR3x1D2Il3JEwf25c%8dItS z0q02Ckob&}k~|3UcD|3s9jn>L4^p%9<3qgR{U?U$?huW}WOFo4?7_D$PfPRCAi~e) z5m5z)hl}}X(U6uBZ!>5>Eh!iJn6;uuKoo3Te|fzz1es~c0p3>l(2X%VwMYV^lZ%Q=AUz@6 zqSt^zB?iZ3LP0X_6E^2VejG^#)tab9+g3WJ9WT7mu2rlCn^QM zWY{~|OYygWT*jcNdugUM6a3<{`+7QHbanG=WfVNr>V}0&_~FZ|#nnrAaXuFv7y}2N z{qc5Z0yfXD=bJJ?AsTa=M&OH2pVwpr0+X@ej1Ktfr=MVJY5e^95^CZ-ECCs?dwMoG zy9R&w-~T>U7Yj<2>cOF%F7_#8`nKg~@cqk^+07le+8X!No1mn9W^a2DX14bCC)**= zH+*>W2LABF7qB=rT$djQf?A(e)deqKz3MKB1}0O4XI8@6*(ZPe=_}Y-oT> zHMjy_zc@<@wt`%t5bTjKwSRNEHVcF8wLTUVc!niIcTacU(}m>|c=dEY&c_6g=C8j0;sTaduU=ft zL$If%VQ2xSMu(QSwxP2y9xOpcuYUL=9IcMhn?` zfHd1#*1Hf@@_^J@xVSp&?e2xf@=T*3hxnq#<>f^foSNI7=>?-k3ArsZ=SS<%(cWE> z8U%7t|7c_jj<)98+dCmA#tRueq}TL*`sqt(FN|a|IanMCi@S#~KRbDNeGV;2!6BJF z@a<3EtuIZ$<@Gs~$9g%R`gMgXT=6d)t`yl7zqv3N4D<>L#(c6`j#r04M>of+p?GBN zYI_-~GGg^=CCEfm)AA9VEKWjUQW*cPM|joI$r1$XnSa$VY>(6@C3i?ue!w6Jn|Rh8@wO!4rbPARfdZtPjRhPj4Nru2ce z!|l9`64<}kOVBf5%xm%N7OKM)hVUZTTNwcj{vy3q&TzMzsGrywsZ9YUQ`)?JA-i$n z`Qrm9jgJWmumkmSqVZjpit&^6JrXcPJzel*j4opvllIPcpeU{2;N}pb z^vtVh08ZyxwdMerzjy*GJuS)M4v;GatmL<@$RLU4tL4F@$Plo2MlPLS zz@rGWbSsdoed%JbJOl~`w{MqQfiZP?=MWUdc*4VXo$y;S&^Z0mAHnW?7cH2yP~MT1 zaQXNk!oa|+P9<8g1%ngY1mjm*0H} zeboi+OV{x2?IOfQmYv>gfUlB;)=$IHR0E%J#lYHdRSe+seUBE-!rq0bln3TLf~%X$ zp3*$(qecZx(AO{Q!`bq5NlFCZ zB!vIqgjqLF@4@}sKr^~mP9|yrpY6$=aJ1QfokPjIgS+IAy9cN=;%j>?_7zP^_SW1!mm-g$@d;tHB${&QojV{p2S>EUdAVm&M zZ-7s~_;P)58K!!w%sLU?K9KVi+0?ys27{$`W{QCI!_9*9V%WRbO*Ak-O|M@)f$B(& zM{*rpA1;6yMUqlvy^gYFM8m{(PjMt*{qQ&ZS>mdX_oe~GRcN%Jp_i+9!}894lAjjv z#k|fM*_Z?giNFF6QsHq!jb=5*|fbq=ZV3Bz{Tm`s zJrTv-aJ4grl#pIZh>R_|7LJZ)eKZWh9!>5H)j~qv$k(qgpoW@jJ|sp27_}OBu&TBE zb%|AD$8f$-Elm<3L$yKA%Ed^T4=_{g+4D=t@-bJBY{Ga$y0k(RDzr_t1xD76oAbip zenq*3*L?Z?7tmK*m|IW)Nl}3imRNtVKLK6>i)o#M!-;ynhFb_^_|7uD$r@&%3Awiu&)P}clSqYGeN2IT0DFXhX?B?x1Yn&Sf$?NfT@k6 zsmT!->TZehwSp}$xp!m?`i4f24mKbo#8W9~sQ2GDq2q~2<;>Zqr;AWfJP3dK=_1T# zhq{@gi>?1Zd;j_8xN+x=+Kgb%shizo=bUrSIp>^n&N-6ooF~s{Ml;HmW$$|T-raNd zIiKhC`NPh)s?a?>NtR{FmTmrg$-@Rgpior+3m{N60fSQqpFi1xV56aD(G9(2v8=7B zluPygS+IA!n`jk)CBNrrwI6)6{&mCi@cO$yzBpNhj0m5=j9&0;^?_O}$RFE)g}SWJ zj7B)QxZK;^gvF8eP=^WVQ-gQGH<5dmj$x$2A<##{#?gMZpACxImQRj1V8eB=H`@&s zsZef-fVI;{aJ;?JSQrlqwQp7T1U&odhc9mSp*STBjViDuHypXwL95bbRJOs4194rK=1Q6aZ<({YmjlnUybqLc_ zqa!`75KG4WVUK3M4Fx9!OH?N8oITuMT!hiCYO_)R2~`u%o?gMs`tjG#h(upq_2?!{ zw`L23Qc$auVx<8_)($(1qR7n&B91+!$Ei%+Q(LgMGBecI1KH7bute1zdS<{b7sR&B zfor0kolAu0x8FQ@3~S@PiD5qQZi3lvu82%8hmo<-;ps&<+?;Xfr4U=tzVF$E{{F#^ z$}CVSbdX)$F*?)_vm3i>L-n9m7)x9FVPv3hWzPjuO?h&)57hKdefISq;Pv%xVNw9- zeB;&+FJNSwQOQ7I@JY$YhNQSihmRF>T8)pNgD@NT zu8vhII*hu>;dB@@O3;{m9CjP%^w#*aOh`#eNKZ?JP=AYBZv~_suzHh^9SnMN&B7Tx zSnUc64~LPh&(2qCKp_^8&I;~b>cTpG{G8xx(JD21@OL^)8U=6)V{Cdh~TG--QUk3IV<*`qbb3b0Jz$ zHEJ17Qlt`tUuafdK4c_DnY2paRL1C}G)Rt%uv=_k&}on*V7Hl&V3uaqn}n~w(`MGg zUC-P~xlEc$(!goevB&Z_nJOeU1#+=R$A<&G=}8k5m6)BI3t6dgMztK|N_|8^DqtDu ziIJd@b1JO`;!-kFk`e*cl_gllNlkvCke#0wAMOvFNTRpc!Qp46JE+oP_Xj_#k&b(< zG?@J&qr<>T`Z6TJr`{Xh@W#JDV3+@yP2~LSWbpU%qrJ0xo5OFEg&LhMC3g+7Rtn$2lUPD~O`s3N(;(dhunwMX7lOte8zJKeMiuA-UjVCPA0p3WM0V{r3xg1-1CU-xZOfB zj5kgf$fz9r=*_G}C=_$?wL@@qdbF~#4BOkQW$}K%R(fw`Bv=}dT$W6vjL#w@o^?F; zHZ%EP`H$?lyA3`1FzJP~o$YDNJtjj-^!z7dGT@cs=GMqi>W$ed- zr2*x~|4jm~NlCF4-n~WFKn7oDfBuv}J>nNa`}|{RCJCl#X0-ydv1*L@-pkBS1uHl@ z`)wV&Eohp-STY%hn`{j9`)P zSE{>@lTO%3F|o6MmVH2uZOl2!|}`}tjr zpZd=ctf3}F+YIjK7wxo-^rB6>9HiZKe;6!hPz6a*|ICu5%TSX>BztC#pZv3fA4K|o zv-RVlQqX?DNq^f|>0iBGZ+OES-uOGj&u=3ChVDhCU$Nv{_TFe!zeuotOilKXjLc-P zYRLsEdgVe%zR&5P54Y=6DHMb=B0eoK0<`qU%O7o2zYX^5q*7;2$*+Xk;w-yG546!q zLMD~4rU}0A*w5KEXLw|&A7IV=QvTYY>D8JeqNBjasNy&FW5I4YQ0gsdg;h{fnBi;I z0llun2O8Pn7a9p+4jW50|K5+s{T}{l++9WfNRZMe7k*Is@UvSIY^VY>h*_%w+h-4q zgzz9ARyzEwzkyIG^$?Si9usVbpIVfEE?BLwI>IwD z62YvYS9*WyhM=8E28j@o-rqnl=z(Iz8=U%W{XY>h-iVOlB8xe(n^HV`) zVF_kwMzw{2u;^faBhX{g&kv->U=M_t@F4i;A&yrBb||&b|pap}-WJ49%4}>@A^0##)yA^6m#(R5B^h z1&|pHXnKNq#;Onp6wB&?+A=>1V+btkhex8%N;VuRpI%4*-E!MhZ`@=13Aq6i@HMdTWkY zAc3FqRjH86tj>5CUfSB*-GkBQe7#x*sA{*HCSW5S$b&4TAx6u8{Pil^Gk?zX!wh}Y84x> z4IvbhTQZPjHUKr*e7dphHOr0n0-5$+f>HXQR?7tfEli#~T5QXOyV3P-6GZ~+XV;fy z5)qI|A_>j6j|HtLWIF|dz>M~1&)pEAQ^=G`;G}5RlE5;sJHv-LjBM1H6JUI1JkBly zYhwBQL?1->1@|rO!2Zt8_RCP*Z0Ke;b!yDf4#@{f0i%n$u6p%t=@ULj=hsnvwn%rnm zaZrt?8J!#(?1rQe z!`&^3e5h1tC_-#r-DltZCvmww(AfY1Mon(}8o1Z{+xiEgxg<>|mx4s0$*t{$*{MOu zj&`!2!ue(13k4@N*rT9rXmWDA3*vlqYTp5r?Lh!1&ZmOKB>o>4?7XtqdnZU<*ruf$_Qi`aIC8u-|APIw`-Z zrVfUt$4gT}K`G;hQ@#tdOAVow@csY(v8x~zihEXn_r(e1CKMgr96*x4p=a$HJd?Go z-#z}r_kxX*7@J)+K0OVs<>?wU$Ytu(s-AEE?Z4s1v((#K0|7SudsPUHV}pM<6y|2= zl~O=kIWjRF5@U(!?W3vw8t5G!$_TRo+L0-xZLl;mnicB=8O~Q^Qjq(GxAu*})M#H~ zfF7Kwoks`D(9ubTngo9x&P~ZB^SeMxSFSNZcKrbS?oa=9wZ8y8%@t;~9-1cIn=>uY zJ~YZ|1x`WaIxAGPkIjsAL41Ja_QtLE1IJ8LKs2=Vj;x+Of(IKtpi>wU($b)yx_M%_ z2jT;CoWUPzx+dm^njyfdmC4i)n^lq(;}24f3ri`4f|L+;n{RqW$ISEy6eb3X>G;pi zhCMA^a2PpGZGfbb*5|KY!DLr;ZdwB9)Cx;L z1dME5Ua$9nR4fv6awr(tx!Ie6%96t5NPm!NE!kx?P@0|Iw{Z-|GaaB23WX{&Ol}>w z=7j>9$o}Dpuyy|8d}|zv^0VwZ6(rRzeE+-W(A8e+KEH&raJ{o+4F3Cnem~OL2M3Q{ z4i|?(LCfgcL>J^$b;9}KhEpep>dAxaok>VbPKypUfkGSNdhrLiTxn~c+lIrLW|Lnc z>>M3+)fPeTl6!xm1$1JeP~!u0yT|pJL4b^Q#+ShHnWwz843^JtV7@Nxr!|pDD@ZC< zR!+q!K7qROf~0Ui5E}xvuV27? zcXbMlAYZNGy(foMWV~hwh)H+fyn=(}0kn0%s#fN9?ZEe6UAMJ2!O6vGmQxQI4Z|C= z{g6}E4Cg0%ads_m_x1vIsaT;4ncY2xsjkYJ!9_S(9|;N0hDUFn<@!k>yn62O!5H}a zM6SBrP*apMzV3mk`ZSq61wQ-t|Av!=p~;PhaJkm35ePu$Nb(%IAu&LQmKpd)rPWs# zLsnV+^^;4;bvk>tAHaHRg4mn_7mqG;!gN5dI`hGP9~a8BL)+JIFy8~I$!U>J6B*H0 zp$<;UgVRSZC+d@7fXR{s9=IW(8#Ot0-jQ+}{WDg*w*x1p4CdPgKw*H&fa=7H6plh3V!DxLR%$$GoXuAiRCs)tchd?jq zoUxhUzIn0Go&`8SNp(KZzk7W!(+MSod8{X3XL9S8KYRz1-4!cGS1?i@ClqnOr+}87 zLam3W%yPJS@n&_j8S*ldv@$g`FFpF^$tE;*_g|fCL#R<(Ke_^Q{S8IULvXsk;IEMb zeXNrYRz^x=@QV8chFhu{X7=D>xdYVtkn?Z<3!d&x4$PdwlY>EvQUkH2ov%K70{P@; z8S+y>(XjiOs}DG-Ztmhaj1`3@7I(nT@>o`J4V<2N;(Zj5+P(X~|M59=whrCAcmb{H zzVKo3dBYpt@W!tfzr`jpd%!C=w`R|C23zBO384nyj2ZCo+ut8A55wrn(bumpAVDGU z&1eMILNDu;QzYRyxgOFgy0&(AU~#H5P%Z{%X6L163iRYhJaX)o3I+DGI=DI8wuuE` z4o-pmj3_d;fk40oW*oXVAkd=VpR?BcZ|u1s$&MvpL1LAf9}q6Aw9m894N|c{t`C8o zv&)i58DM?vnQKm=O)cwy`PuR1)5q{+ZwT~4p+IQ@G?80!LxFUrOQUXdYpf;?=wBq+ zIjyU^Gi89k8&^CqoEsEcJOCG4!z?jD@#%4qsjzze)w82{7#d%LH{ZUj4L3q?ext{8 z0_!84Q2_?vbTQi}hmd6#2&1dvXlpFHb_9-BI$8FLP1%Q6yO4;lKZOm@M6SyS0K8u| zx(i#qc{Hhl+|hMdZp!*;O=KD>xk#pl_`+tl`vIKp_d9(v;Nq+APgh1@Wa;4RH&>9P z64+Af!L>X9$S&@{C>TAKnmc~dDQAP^`Uhi9QI0kwhDyPPif58pk2(SgC^ zmtVutSmj67NN-snIg93gRN>LyGWhDnLXi=MHqQF;jUbSRZk-%Jet=ObSKJ@0P9YWf z=eNV!Sl`gxDh#)GOs}j!MPBy7vsbV>F}Se44xLq*YAFX~JNX6BP~yBh2%7pP#wVxY z`t|F%nj}D(jjbO-bs`z!521Yf?7?lQI8GAMDD=h?jYbZX#;Dp+gBW%7N(nILJ%l@mv#@KAjU>U zX%`9g0a<(QWk^dXbssE%uT<5$_c?s=aC2~I7G8Y&Rd1RzEH{?KQSa^`r4l0QtIIkTZ z9IyJRrGRD-y9d|T85*CE05MUaI;j}^Qkq}9Jb^?j8S@G7E$^4n2v?pJi&h5gRsqtX zlT-wTnBuF`JqSV*nT7xyLF2y69JF`&0BRF`L=riW1d9cb)G&Fv)(>bRbLv3YeEf2( zG!jH2PA->#&cE>So99rU8QHvg1Fw$8fZW)uGQ;ftWk*3c2!u$82<7Z_fM+n#c&+2Nt2* zz?@dNIoSY*Mxr3shE-~%Tq;+CZ$R|&(G%DnMP7aQQ#)xgNhDm?$|z{A3S;txEbtqF5~E6fy}Y z15!@Tjv<+}s&IC|)lXeK*zbg>#G02sd;!hzzCyVjrrnoMAM8VMm`xy60H4#Fl^sXLHHlzWX!cv(A^17#&JIer-Um}!1V%6l!hr5s(9U2}M z0=^a_jx@vvfxQoGskPTf8{nt-C0-MJbnv4Oyp;JQ45`~bsyO=P)57*R0w?ILK=3&qLR%kb*yYD{Dr9DVWCLR|`= z^*-f!0HYN#?_IdP7idG;VZim|dUFP*Ru5iYtwM4@0xTV!RYVFw6jgn7wh7@{xj-U= z);Z5YM=qe68$$}<;p;~wAqJ3e3Ubw5ERM(~pFDx3?o#YZ5FFrd)T!ZqDY3ix?Wv77r)%KQ zYwOn^z#I1fs7(Sq-SSnBC%Adkda>VG$_U6W5eKwHkdMAu*o;*15Ku1}!R3-y*s|DYxm9wtk zIi;q!cL6Ss&-d47ASFPhk1T-YnE|s_4(t(ZPAZGcsDiE22d`-yEcOTaXh0;D=QfSQ z^}~njBMo3wX>;la;Plb+H!q*UOjntb6N4k8(sg(R$FALuk{FPy9bHR%aI(L#y>kGI zeI;Nvg!C=%!Hbt~o}ceRX=(`RIY}(CN9FHbJc6^WxuifdL>KiY%7?YFE{}#M{-z7+CgPxDI#V;N%E; z3Sy-qDSV`rbU)~GlTwYnZeSkV?)`%!VyLkYryvlU)3keh1Us9XLk+n=Hc;z;p|vA; zaC*>Dng9xYVBg#Z>}+l9Z7)Dxl#}mc>w`dE1te8~=lb#S+5|-U8d9pqV5B)wB-KO9 z^g>On4;US(EAC_1+S-Ao!3L{d1@B(s!fPcbQD;|;!SU76`MC!=OHvggF^E+Dvz}9! zYRQ)iMIcq^YI_%9|Iod+z6iw$ew=?IEX_|qfSEoYr&OY52gVh^^1;RH*KgorYa-IF z1OKenqfgL@$!%dKu+xz%z3akbv^v^Ej1WP~~ zlD9b92Z08A!{{#$D;1@-j=^|c zCMS}@ySox;?z4O16H21bu0OdXN?FIfI(guw#&Ow^5Dk!lMwvSG>H@9G- ztyrUy!~G^Qs})j(wP|7puCMmlVPw6p9Ms0(>4iCnb?8_V7Drp3kTjUuIezu|8+hnm zN{jRb9K`|>tKjOT(3}REH)dM4Em2LGn-;H8ORs_GGsEpH2OZjH1_bjOs+Cp zeZZtsb5ah}TD^q^a>rycgHf+#g{9Q!t!4wTcF6}R`ms={HAb@qNWv^eAP>~juj?Nx zeWeCy>FYqP)|xCD`O{zrq2&w*-3Ymi0vwpQ>n+`Xci$;yI+)oh}-46rxf z4V99O`eCrxEJhv3xZ4NUaJqKefgt%m@-K3jJPKx_+YJW2mZg9NTO5KxVRz#Q5x(cq}~F~OWE^eB=6ZSMye|^kY5K2HbrMJ0d||)UCe~ti|k=^gV`tO*1!AV zyP!+C|1SND1o8+-eV{*>;4GP+ug4kTf>sk#?r z8o8O9o?DZLjp?1;bo*FR*hlDV@)ut-jRs_<39#Fs_yLL3n=C*wQ>O*~Gvrfb0dyJU zzdZkfw!B;N$Jm z_z5&&2uyiz=DX?q-?wo;Mf@bXT($@n@4Uo+{Hyna|1cl?4DY0YE%t6{^dJBjI~$C+Tl3pl`QWGj#K6bzFZ$lc?@gwe$WJE8BNOOketmQ%7G!yBwoeCUc)M^i zHx|M#i3EGe{vwOxXGGl2@zJ0Q;b(kzR<@A0D`2a*KlAN7Y&!o3i+2}`z}s|=w-Xg~ z=o6(isBd{6)<^2CoD|-UgZHsusk)2X#eOiIq=(@Dra==$XMVqW(?xtN*rxIGk>F>g zlkb+s{`y$ZneM+y|Dy3W!Q>_X_NU`*BFKmNRb%q~ci5zl23;iyyt=uuakXY<^~yNi9h zA#dLz|F8)(?$6CnxefNGH@x8uZ~R>XN1@+n6WJU8%E7Ks%1H0B$*Ftvp{vPM+Mr{ zdK)U0LaDJs%g{)1LJ%Ma?q>e8p_Fl84No1NTP0eGbZP~B*r5ESg57?j)H&KmMj$`N z$#HT}sg)e3g`|>}m5nv%tw~bJnBWrI0+4@RLa^|_{wEhN%`p)&aU<=GU6aAJV+rCfjKyL?`Q)O zeRce^cXU{|4>MDxkn`InL0*&LBxDkyAvgt==Em%50f@-(Y^0<`0(H~WI!w0aE5uU3 za>+Avw4hl(>sS{X%10y;0^VTbw~>LG)u=_Z0?^<%c1J$Ts&_-BU|lX|G_Rg+4?t>M zOsLZev;y*(#`<<7rG&~UCAmy$1xW|175u{P2kTBTzN~AivjlKNW>=}B3db)z!(bGX ztMS09E3L6)>kxFA=!%o5?hf$=<||H7F91oM5{c-A_?NTSk_kHqD>q;U}8=WFwRc*=>4J`xHPY zlX2;h0v2}zosg4hB%0&~_6M>jv3$5aRJ=VVkVga5K``fX)usdksw*3*>Mk?cdgWw0 z$bCxK5H=l?*^e+E&tY$P!yEsM@mDmFv$Mh5ME1rn9%%1|W!1o*`*5To8#uIDY11_z zDtBgc7xs2`n)1T|4ZDcc3Rv3Rhn>x}k_0PgeG|HS8^KQ_@yn=!-nv}2ko2ma9rqz@ zPIvliaYH5!{}`-Q@{L3NpyGMksF|+dpu_%6OYotpbTipb5`|WB0nlq<{~b$mH8! zVTSV7iRHyP*gHAsDNO>j62np}Vb$dU&*6G$gdJ>=dB-olhyVWLSMKc&yEgY zVW8fsm4MzqqHk&q4o~)aij%!zW zs#424VcT=y+M9z^AH5+k9Y&{@VRdWGwJ`&U{%Wbh1eKi=+b$2ROmv0XWbjVu(^jcU ztG5Ry!_3J;*FYVFIQ(=n8Q6l;rZ@M&bF$Y}lnk6$1{oF2Ba`E>6LK(=HLF~`_Ey2W3f2F0e(p>S2riHvbMOlItj5pO0?jhtYZpA1oM40MuiOI zDmA$%dOz3z<~m#Tz#^O-dZxNcL8mfQwDmzwghpbEhOXY$K%*W=f~O{6$8|E^oDE8i zv9z%hMyF>vkd2M$Sb{B_3tvbkRn)t(i z{@?J$)ANnlA&7RGZbwaj8|-0Ui+|kk(kATgBabsdB^7}sIDUM^14piv@}v+z12#Ol z3>J3wcegg6D$T*p>k{*uR`*@7y|$PesRyanw`pu0PB*7x1I>V%B3D?TrhmqDbO0N3 zUEnX5g=RLu{QTmEXCKx^Tm7^gywjbDH@xAEf9m-8P2_AE-X^j)e(^x1WEYciI~O1B zO@M+E2_*{X-g$Vj)B{0wUxP*tLZx}`;w9`1)PTdsM=cY9Ewc9VdKsd2f@0&PH39Fb`voHcJTAHv94Py z7q0*7ivviA&UHO_1dT~nxmpkH3y1tr2tu)vKFgKUJbCGwgD|I$kHrW|l}hIq4%=ss zx{D(LyQMlL0}gI(peZv9yBor&k?EaLP?(q>@(8!`JY~Z(eRMO+r~xDD5;t;h$FXMdJn(+?qV8Z zVrwrS9zs%}ZRy#+!SjvI_{<)-K3{>1q`Z@>Bgl*n?Or>Boq>w5)E@Zu`=@y^0nod7 zGF6)bO09L#eGL;$nY0THALDJeJbYSdNU)=egoVSqFOHWX(&2A5s6Zn3g@uEwvAT4K zE$My!&s5UDBkdfH~#qo2PpQP;%y>( z<2Mr;{&(lVypDtA0l?S1T*iSlI&Esn1sD4p)%md?kw_e=#jvz~0B1W(nK5=ShEyCJ zErEj*_*D$U&S+z5@f`gA4=+}xXJG5(Vx^}PGzv{_+c+HU9;{DwfRE|Jn`M*O~hdJu@VMXJIOXf`t@jWEMOLGWC0wz zR(!NlAeR>34K$HCg+I*f9oNK)L152xxfda~q~mCB0!(OXV_Bl$jq@`oa0)_82Ejew zL4G4A59cY_PwE1xc6{Ri>e8L8iHvvcxn1B|>_nPDC|4-N0+86_UG5zSv&v{TNZV$Q zVW}e#YeUcrz~si6sN9x4_YN#<9ew%v86+7bx`tl)!XgKIF`mcy14 z*EWAL*9>TdbCz7#KU^s9QN*^|+JM9)Nyj%M8*L$U$ zR!m9R)aGPK3}9WNfE+l!+K*ET09!n;c?O-u!O%A6>Mf20fk5UA4hEY+^WIft1gr2_ zt+QLB)j&6bL`3d@YrPXVfgp2e6&4yxO1cl=_upL2PtStu;$ply4U`fI+-q|x#X>a< zu3t{nh5{DI#`xgmj#<|^G$cp`mK4}K+=?Kp>*c^e|rt%fY1E#t&R3PKrI+uKZdq!f3|5jzhZYp z+z%xkc|_|7@15C#OV?g^Z89je#Kl)XJlJ1^*_GYX!!<~;$jtG1u(0Mi-(7*i)KK<- zV_078#^xcMY|W-b`-4=1b6h=4Z5~!7`+`8AXx=!4xe7LLsUSFe2=*3RtJn0 zH9r0UL4iR~J-qqiWFB-%xvw)2f`US!XXW&KsTCB~*o#LGpdvSY?C2FdUT$`T6~e{U zL0)ncM1_Z%^%~F`tbrk+5SEa4{rod%&JH1?f4?)Jno1&)LjJ(|!@~tg3Jrs>5C^#h zQYvkpJzVQ82DF;k9ldg;*5>DgzV(ZTJ7eH$HOj;SaAq_?gp+!|d1*DoJIQ+j-OcnD}YE~kATK7TkJ8JPz+-+en-9uIQ0F{x$%-n_WU zi3z*rC+iR(6F9Ql;L)`w zJ2o8reN8Hj0sN!W4j+FGbM5)82VALG98o<1H+$nYfe<*Q%3v@9Tr5~3A zm(M?I%L{{dOP_{HDG=$PW#eSMF%!^om8cvrvwtz!m<;hP%HfA+TaX$VV$mufJa6RkXdJX+LE*Fuw%hX}v)bYEcr7U=0;0o$ z3_1;b(DGJEMI025Y(4bML1IW)XpkRpoMvSE237`2(_2^J-@ZNzF&JQU=d!OX2FS@6 z+Jj<|&=9zHb_3O^{sNH{*lCg_qUiGa1WGevBEv&Lui&Cfr{KynfD=k6UpUll&4z zfj!UqaCa}%=EbwNY-V-u+RiTQEKj9}`+zw(eQI?Jwl-J$8w^(!SK1 zD|=?awYv+Gon?BJ6cP(+%QK@uN}l(kgViZ5<(*@&y}P@=yA8cHS?n<&PHw8`o&wL_ zW70(<`ux#cnP^X=;dsKJyfj*8rPa`y2BkkPx6z`o_S(%<|gOB8>O9Cx_S} zG`VbPdlz>1_SYslz-iO65lQ%MAX}l7D=kpk(3TdW0;w&sxuq8TnB$%XmW1%o92&7V}Uwl5aROcC`93Vr25(;5% z12gW!)@*;cpAMvQEtGUj?jyy!do#T?7L^?A$>pmX8!$ULGuT!MfflWVQ$l)G_pZwg zLk&4fl?7`0rgwIC!L_s5UYZ0_i7ch06E@wu8}oe-YEYVkGN8Gk5cG0sXl@l$XGHk~ zrohC?CQ2U$n~Tj#1$?CCqf$v_T1Y8xC{GFna?>mA$io(pIkmM7`#Vb&so@|M%OSU_ z8I5^h&z5~E`0hb8_NLJ#IM`k(P6`B5P-b&o9%y9J$buTE&5o3EYAEZRT;JY-&Do)t zKr`GviuX3y6N)mOrMh`JS%kRR)B4ajJlDIzpoa`uwanyy1<1!tgecz44n1jYci!B*3aBLL}j@ z=gFjEAq{~*c>Ao6iros#PZx@03MH_9d1=?Yqz3~KOZngB$;_CF&a@Oicf z*2%*szV+Cz?FuY_EQ730C?;tm(~&j_Cx?5Tt@2#~u&qFlUL)`>nL){JyL`JLs=Fx& zGM$r?{yIP=5d)bj5(9ZQpWfs^X5vG{I*3rpIWmzgLL`AtYzU^RBx2+h88uC#l8Z(7 zOM-?E%lX@d+@=i)rq8R1MPwq7mJPjO_cp-@A#011-h5?J5KE*gjRx>(w9|lmnuSP= zgpst-#gc{4RidEDG__hmN}o(Z!SP#7Iujs2C7}4&GH8L4**VGE1=D97(HJEY>2y*h z0PPr+f&;Nw3P=@J0Vprlj^ryAf|mX#@{KP&(%}NVJqCZUDGIriZUI8bI(%UBlL|l^ zf|%z=gBG<)feK6OET5To3C23)QVAfzY^#xJe2^-k0#;kz4KfXl@4FhyI;p@!g-ilS zu879nR+9wNE>`XmjAW6@L23)>p#0v3@R>}unq@Mrfgl!hWImGSw>t%Uixw)WnIBCs zTRy3QG)QLheXWpr6}QzJZ=v*A1>n;__kBRhSqmNsrprKxkdd?}5K>)Pdg*m=vPG;K zlgwcYrj-rzvK>JzMaoH%NHN@YrR=@Y!W-WB7m0t}Ci4BCp1tv}7AXC{Q3asC9J7_Z zvpzQQAE*-EZV3P9uN1%9@_*8DZ?}>D%TN1941OE_frD)Ug8%zA_^JQU+x8RV7u-fZ z)BeG0wKu%+w-4+#|9VYidf`ecmGYMsZbL4Uv1^JSUfb}--#Azi$T`w4DdNX}r2dOT zrDS(pykGjH0`M1Zf7wvbMZ^6iv;M8f8sE7x_nQuuMJ&xf5^p!{Cub(RLQHPer58l` zslP<9&M0V)%Rd$>rJUX>e6Od8j|bjY$z;FXfjqDwtcPGFKLL|Sf?1k>$siYo$&Ujl zX@1Ht7oRFMr9uwB#u`5wav5JC|MDG_)P0pwLHn8fvz6+dxZQTXH|W1U*lj$>%s;yq zc*7gsxF5giCNk^PT`tF0EqTRHCHHvBfeebkPK#C8{S|O8l=P$-bKVPnah%E&4ZGLp zwTS^BmB`ovef$G_%{pL*67LE3-z(@3yQBkuTS#0njpRtDQYi;orhMu1ZIq9dKC1xl zPp73%Du6L+`|1Mfl7l1?85uu8A-DMjz=x%eC6NAmvA%cuH~4t4HPQ-80^hEw)&213 z;e)~IR1k|LGL;Sr+Gn0Wx`2k92(efO{31RU?3PfnT)JueRJQ4uNT!o#z*v&m%q+od zW;W%nc|=~)zzdc!Bxh)_iDU-0G~_mI?8?-}lJ0qU@$jrVBLuJ=Y-#t>z<&xEV6{8J zZq>h+nRH$fZ&O1KH11|b;%GUOTEV9LNMJMA z%-AyaoNI7;<-x^c*cz^3BZIJpW?V_f)q{sH)siEj1GVsrct1#f(Cp!Z<{X($GK~b? zLOPwrUCm@)6PQA?R%v$xT8(NzgOx0l&P-<^nf6}((1~mzc!RV`)jCsv(;ra9F%`&s zG&MBi-2K;9<8nl3Y z+8&$&!&9SaAwIxya*fdj)4Nx*ZMk5!*ubdQ-X1}`@iz^*L=sZa2B+7T8#B`|J=GuY z(1JiLv-$;8;i(mSDH_Z+KqCU6D@S&bTyabyf+;1n7^XCMSP?0laFXh^8^ z;0OqE`uTuXqtwt!xzqyL&TDz#Rp1ODn2K1Tl1VmFX$ z%`mooG1ZU;NHDwBrPLT4$eh3+ADmr~<_%VE8d^Vv)qygL)dnVmjx}^tI&)xP02nlA zE|AtIo324Qg{8ypgX@+Ae-Pc?%lkHv2Kr5G^$QH}_W`u0lqwA%*+#1mIQ)GyN(JDH zo0F>mMVURY1~=<{TA>KgNV(r?!)CH0pl@2wg?k))Bm%iw1K4up8p}8>4ZN@fCxGYT zran6iEEWsiCuk0{OvdN#GMU`EuGWE{!yj7>GKG@eo$TWu=5 zb6{5jrJRhGhd`m&><$PD46vE?Kvw;3usM~Gb7@FidpFmhUdN5R*4ERQ1 zyO<0oS|%R|3h>t|<$y+`LdJnokLpd16@E4|JEf1zYq~k#hoo>HtHlgB0I~b~-KS_?*_jx~r$!brvkkn=a%vxibH zjVSGdM@P$GQuAXmk{$c~8jIcE049?e)eK=a8*#1xsII<_K=Ai5vILXHIIGysz(A)z znDpe}_|fB|H@xu=8rZ|w7sPL%&LC(@c|rOpH5V! zgHK%5^@D4;dG^_ZiwijO%#_x4z|EuU>qpPw;my_QW0vRprgTbG?@#}_424Z>O^5t_FEeT|`Q>HT+)q2RN=)Eodv#FX4 zu*Fnd-dw?hr!R=}^YepQD6MI`CZ&IU{rLIA>nk|h9&%XC&@i$4@^TMSLQNux5;E(C zzWL*S!B@|(wim`AE}OeELeAve61dKe)&?5E zEa&JGeS(6XrOn}L5Qrq?Yfh~aNx0_eJ(z0BBz+|dKhi|T_qWpE167?Pu(r8%ezpSz zK~{mn1T~Y}kIs%@eWowmM-CEGVBg9CJUBU69Bu@&Qe8K)0bPZDLVXxaFHL8p7r=)5 z^wDQ8;Ni*HlP4Z1ij5s!T!sv%5EQW$Tg$`XuiykyIdsgsMr%`mjD)PUKyh>5>iQO( zU${!6f*`KE>&@@~4}AOT!S?bbq=cAtHYW@(?rrbwf@^WeS1krpP&_Q{o^0)(!gt?2 zt%&r6yJsu!LN1qwr5D4@!m{V$80K1vb?N|^b3eH{T!)jJtI^6t5OIo%&S}_pdoEsm z30F&PDxnD8Hj(M~IokMTH1`t}~mo^q4#-f9g-o?wy18^NbIbH7un^vA#-2>~} z`$q>`P@5ik`|#Oqs8nLP8tTSYdQ0N~dx0@56Xqv+qmnaW>*#dfa{`ZVE*dlaKo^t> z^X}`*^&v2-B%IL!?X&Lx`mg^356@f+gNzSSSe2?}U@hag9O>v@xiXiUg^RQ?NhN$_AI_mvt`` za;d>T1$NFqzd750^T$`cd0`+nhR*LD!{L#K9vU7^G$ff!K`_4Iavgf$^k4;&{p@*d z)9{D?_@9@LPGDnZAjGBwYhc{Wx*K*~duzkZppyxeL8*XmtILCZ7_QH>1V+M~=h^@K z=MQk=-WqPq12n#~s=Hx*$8~hD4Rz^}Ado7ndS+qY<+=L&OSqVCR-%1;zlp3;io^;i z=w96(DFYl^%Ez{0u_e=HPl6@)q3iev4mT#k^(qjF1b!I}aJoASMzu&HLvdL97Pe}W zbs+RfT3Q-|q_i^6=>D7H3JNs~SxK*7J3Ie&VWpowx-Mh1`9wW5J<#APzUG1+09X^SqK7S zvg>#c8v4dgc4uH>d2eTK9@h7FCwF(iy*Mztbp)%EbBAa9kZ6|(1cg)}cV@%s&2ffR3<5*q{?R@( z^o^eG&cOKMHtf#LukG!^M57#E=;PBj)>X3jyW@TqzHEB+PL4llGkX$|R`t=p0*!U}yMZL@K zHIc=fyme+Dex!+vMufuT4;eZ6keCp^c=ZA{Thi>w&2W9Z>{JUtD3y^hMFhf>)`g3$ z0nkeYVopj3b^Ys?Fka;l=pte3V7sWe0S=G0M#g91Xk&eG=KzM9s}@`yC`6&spFyeW9Hq!{$-uj7Mn5a);n~!sx@?jS|JDH7+ zO@ZUr-%ggKLDTpyEH)(xgk~7u_cSH=!$+FPN@ZYd78ImMWwlJf=TG+|Y%$<|@v0?J z3x@R8lg(iWjwrpn+=c*|z*f=^M+;qAkr>`@BC9mv$@ws~cm2hqBj|3Zi1e{QN!Rw) zSS|>}+M)eZ7|041$SknxI?4%C1M)#4wZY{6b#JZ_1hy2EJT4>*W{&c+!REqGK z&1EP`%fI;S1+?bImJRK}H&1u`IT73&<^?BFD!xelv3uFZYn{YJU!2Zr`T{~QE1)W5o zp!cZUg;K#817e{dH!U`+0v>+xswu$%_+V&Z7rfU*=EQ>Z=4tq`CbCRo4l0C)Z(deJ zDZvukdUiMiPXDmWFTaQWoDjdbCRm#3Y8+gIy^$)G;JmIaaLv|A=wL1*>&H!*en9h0 z2Ys6l&R04hIvae)hpwNWLQ#Z& z>&h|AR>#wXOFEX$7TePS>G98Og1aWNnDd1h_fSh@%I_JidmoV2@_g+yY3`NPM9CH}zDhtMa~z~$K*j-ccqDsV1)4q#wvXlbGYT6*S2JG)@PbvVDf z22C_^Ef}uCR~iZOoBX?h z297nf5cW=vV038c?DN+!UzMCvIS*$W&Fr%@WYCC{h0z=!6GTD~33UVO=R~1dpbUrY zqwT_?T3BBhsc9I5#i8EejU$-oXjs_WgH($EBnfCDFMw0d_gmLAwbNG;1$b@nPlt`8 z*njrKc1zlls+RthxqS|)bDy)iMgdIE1Au7&#~z^Z#U#YX_DwAO>QA;>5lI9lrlv=8Ds zm*8@>_pZTlzx&X5Q>T1jZ>>KK1OnxV`xN>zg9R!-*f~DW4&(r{ ziltVV-oI=~Q2wtZTm(v`N~6^PQbPo0cy^b;tQ3ePwCg?J zaM#Hhr1|sZDAB|nz5Wi)*2lVf24JAKCE6+nfyP$aH~@zSCzD;pz;S4yk`s#e0y|Q1 z-zsd6l(WSO1d8efH>@?Mv%f>~#?IV>V3lE?!g&t+D3+y?ie*VEf|By&q^ITSLoWe}C2{5P&kQ;p|`KgtyHhO{!Svo`bD9mvdt?|K+tl&vm**?c)!8#R z)CmcWz)9Bw7%HXTOGvPUlSzf(msEa!um)CIs}QEpn$Lgu7S?Y|zojYC*CyMbZ+7c&sUH$6``Gtl&*=Kx;1Fz_oUa`262oo7GutrMH+ph& z3OTWX*|mM}`nx~4rrRLc&&2xaEb3W#aJmc4<%JMvH@Aj$P+3rU^72bqZ%fw)Wx(O%$20A%P+O7jqme*Rb_2Pm3yr0u)91AlY7s;yy+~K&l8? zzWNL{2P^7_Jn+rS%?RHl*u6Z-J=qS;Jqd? zg7o4m7RNSBUvBgRPMcUS!Z9U-&mW&aQ{UY8KYRt9nLz@v1_m}S4%eojDnCsn=b&!f zbA7M?9WzJ&{^dD@oAl7XaW+zu2xyq_&pvAG)0>Ad-rHDMPylfucD^fOK1C!@`VgGa z@Wmg0fS#(_$6x;emYU;?(N%DByk^mIpir<|VHN%%vCurV{fFv1DNdNOFt&S z1iHYiqpM388tOj#`aj^sddK@WTHJ?;m7e}j29o=yC;H)sp z7yQDLdsmO)kKcX<%_S-1fgX-)nm)R4&q3GR$sb?rLRv|iXL|xV`WIHmhGFI8rmHL& z`WIbeJ@rsjm>&~p1%<&czpN4p3yL;Qu3@r1Lnx90pGt3d;~zhMeiOO6C=q^*CNg_0 zPa;<*7uLhTK!0^!0;o7C=&TX--F?v8RvlnafZ86G5*Gns5pmJs5fGQ05}TAjM1({{ zCqQIaL{f4h1O|mywRA#jOG|fKBgBXJ&?kW9YMs5Pu?q&-9urI&g|+NgwBSt0IM1#_{vWyhTi_c)~YjonYILNp zGZ+#RqJu-DAR#I;Iw=jpohEZ&5_I-=L0MjQLU=G3^uC34tnEBk`2=h1P~Oy0UtI(#$w@&r z11Ro#u(=H!W-MXJ(9zRVS6&KfabYHdFC?a>_!;D&wuh!CM}tx-3rsA8zMkgH%nV43 z3}z1=-D{}vK^~}7D6BzIsd3?;MP;CaBg(Zt`PD7Z)?Aelp8!FAX7;R-$v?88djL9X z3QSr#sIB1*on25{R+thK1!jW|!sAjR0&Q@2vaR5xM!!gC=4ZYGoap`RYz7wW zX-J*bKfkmP{596Jyh4ZyFsZD8kd_>$(>*Agx5)>J?&63FLS+ z&<{2Fi8{3$WSl%OE*rZ02Ws*XK*mW8_6Wdv|3FU{6s3j(C*eYpih$PGbV!U0LZycf zb6-WCICMf$d6Cno0dkf^hY8HAXc`>ohU_?}NFs&sl*0C|PH0AEVh^s$L+OLYC!(>d z3u;OWk|V>wHy|`AAreBuV`3vCATA|6*ro=ZJ*u&*4^Un65`sW!@Go!fgudRMx{@?N zRZ#v`dqVVvH-29HCY#7C$e3FKHf)wq%mKU4NvXK~$x0xQDOGgPESW^g0ggUWjw4uy zKtMV=rPE{_yLS!WMC4vPegP!N#Tyzp;NQMQ{`KBy@%IdV&^1~@qymu9#ojM{g$nMM zK3@Uul|EkqNO!lS0rZ$z!8*E)wLY|4&p1R)5Ithb(T# zFhkvxiiE&VC%?d=g^kt%c_8U7@O4ZF@%nJdBw4_ZxP}GOo8~z(R2vC2M(6?%A~e7N z%ittJIyxT7HNZ5rQU-Ji8GcMG<=Ev+iG+2fMfMOj3Lvrq*$HH3EL4n*AY+@MIdPW; z7G%6M+LQ6yGNRpA1KALImV1}aC?;|ZP(yNqpCk~n1glkYAX8b|#1iB@e3%)S!p6g+ zpXLXOqrIppaAJTp0NO_^=dsZ;i3l(+>-qp&K^F1hauIa8QpO=?fUcXOn?Sb$>mvOS z%1DRMBoy-7iXjxUP6lu~!%rYNOrCpV%>`7)+d6i)HuCYeOQ2PYEta2y1x*#|B*_<4 zNIC)>U{S0;6LJRy^6%}u{D5%$LP^}!3JvRMf=nZ~tV>9O-&S}U*v05?7t*_86A0M> z_Puny8}C$RDIG)*=%|(?grbl1vd0Iuj&|6>=0u24jo49tc}(gqqTkyW z@NGq_5VArh6#<(Fn8ZdIWOE{JcmKD0?oX+)x5Y<}RCIsAZ1@%?qcgI&t5ok~CgQHf z-lhS2F01+EnDG8LshAyRmG`SFCx?4`$8A3FiSvdx{(0gz+(h<y^)3ZG^?Uy)cr z;JAW6{+5|cOP_RC%>V5TZ+PQZ4sR3L8~@;OdsRj(mIAq;^ER|#_3a{nQ|(rqXB~!4VJ<>}1{9{vsu%QYsBLe~65X@VA)& zm5Ow=tyG%r0Z|cQ;A=6EiNAEs!1DAaGq9Tc(dD!0TD{5F*9N3_>%S~W*4?{MD`4F! z|GW}J0$G~P20eTyNjGc3Au#-(W};M)2#l%QQ@IrGkr1>Nbo)AlPlnW3G8|* zxfDvTcj72Po`sYM1@wsV?m^@IU^5ua7NcHEJIhz;3}*24v6ABpKi97tZ!?n~%E%wy z@P;>j{lNatj!wV1CNeoFupGUG}Zp zKiE9%9};w4_O>_v9>MOKK(*4SmB4Z2rUj78r0j+nkx;~X+Lud3THg@JOo;&iFG0}0 zeCx6PNyx1QVjoz4^m3*y4a7nb>qD(^eCPLX9zuSMk4Pe;H$Qw3Dy2liL0oEfkW~Tr z1{Vr6&@#0*SQQLx&mrrg^%0duDi(oIDE_gw1-*xa{)S0@^c9IjcR!V~0S@qab`v3L zAZz{KJ}0ih)&nP#)1Uptkx7{m{yIR~*tNQku24zG>_r|T*MN2wL3bmSQYsb#Nie<7 zT5XD1-rIr900CgJ>}S?@(k7CC0<8ub3K>Tx(%TEjkM3x=i-f^(X%H7|VOjJ`-Lu55 z-eD7vV4BHnFD65>-PHg`0Wt=@G8#c~Ad+r_w9pCYZG$g&^Hg_ZVv4#^=mOWX^ZzY^3&fxwyE{OXGfNHFt5halN3 zNmw$!cYL_Lq@{0ytcvF0k#VA@A=s(~EP>q^jjce!NZRNkV&s=26s z4;d9mtKm=J*=+9x`}{}WyIl|uaX0+tj|W?wH-60^C8AVmox$PYuxb@r6NH3?So8+) zcZ9|!r9x?WQJ`53YNNe%#tq-Sx`Mj0yrf7c$d#Jt^fDM8>`n={gA7e7+WCM$W?I-g zh3Zr%=@t9ECNgcpDm1$Av=Vso#rNBjt&p3Uq?7BQdHP_!zW_4wiy%J4mps%-9*|eY zWE4YnX^x*k4Ig>d6X$z+GXw^PCuL+oNl~_+K?P)xIg1kt%WLvdB0w&Y`h>(mN=zW& z`_~Z>2Qi_6fl=vj{@Hg&%YBfSmF{oT!-r2+p>kV%{lGsUD7~NzGGhbDV?_9Zm8;{k zN};MG%SS5(nLcLYzyr;t36NV*;54Z~%1N}A04ON0F3C#*6WV!btV<;(|A>;R8puzN zR^gjoBJ~YVbUpeCZgwZ~b21^wZc@-u2KhAotU&Wot};VfL3veK4mk8GnbH6Of#C^h znNV7s>oBQ7p^&rg{JIwp2CEW4Ae7ny!XYBa4obO#4WAYh8LU?+;KSWpE|UeuW!EVCzhNp-@y&lb0S1I&x<_T5qTo;n_u1uzdMwtu+TE0@9|x zO*3i#izKS@fi-yGS}dw+fWx!XiWoZ>ZO*9J1VDmg0<1u4kAmF%8ecmO?zwhyyRKNQ zwK$?9LjgOGLTiP{m?$5E3huR%`2p?Y%NG8B|N9JL&AvnDZ{Vxr86!$lAkaIaD^Sc; z)hUqncr{4XMk9gx}1uBw4A~lb0UqF9>MPNw;*XeGWJqYG5zk7AM z2y^?#?#V{5Iin|cAHertK7*OD{))^3Y9Z?|S*u^l3-hX-j1S(S; zA88`fA!_AXV^&Qcy!q~jv%N*=Z>zGXHBdWs@!hKvnAzBXYxj~v!$D?E@5;h73`{NT z%=Cg$$+3&O{F2FqGpW`m8P31_)6Mocte;#ix8(q*vyU!q!f=1j=Kel3Wk=c~tKq?u zBPdEs-F^HFdh?^>v+Lm5m%o2_xCVorjbRQGeApxn}ng6<&Cjs(5ReSkADZxk7i(O+jFqc4o+j>*oGTc=0?|#&tR@0*JO=>71!b1 z^cd`4oc9+cLuh*W^{emT`Ni%~Pb(NEFlRU-CfW*IC6D;1o=T0kw`#>D@(6G-J1t9X(E#gurjeAreY8d zR|e!#5pZ%Vv`=jAu1&$r&cV)bJ)~C;9V~T$N-R~H9k8(DDo%1h*VM*He-CWz@3-bg zgWMFdynhUn}swlAR78sjz2$N178Cg^Gax6ee%1{j$wLj^Ll>) zf{dhjPA|jrfhMwC7Xj`EPa4w#Ah~}2YJUKVfI?oy*-BaOgM?3f~SL!k!h=1ms>lyM|nUu{pH^ZcbJlIw{=S6;u+59FnX1E+1aP zNKe=3>@K)gIwM0PV0L|{r?(e8o?XZaGTI_@VE^cNU}PE|zj@w~>I97=c5Leco*&HU z)f^x~(~6+Ct8HLm4KDWPgSB!X7npBDE)jrlUf>Q>l)3nAQSlB-3%A-?-OA#{W_G0uz}J-+DLLGFkAGK8R1f`y(Im#?K1YM7E4< zoxzKUp2-{Kw!^0J>7-?p}>|>1N%$;K<;alaG+5s=y#~7bHUwL z9tS_QiA)1+GJ!}2V{4xBI4#iKg#6^%v2?!D5eEXX1(pw81(8Xx@#xFL*;c4*oB96V zzJQ7lgIJ~jexbDOrSr>#!-uD776GWzT8~!xAUe70tKU6`&dSoMqnGf-$s}2yKoFGM z1OM^=|9{py^Wg5@&91rq)@(n(Yj(Zx!>dSAkua}+6CUjhvaVip>)H!aa=`WMYu98W zRCO(W|NCc97!tR9dI^;=A`pn8cTV=8tz+pCPyooFm3P2ZA0ausX!9oEDghA`a2hdhu zKQ++@J>8?7jZH8;7m$AF-hx1jjMdog)rnW0eSc7Baurz}0=v(?ef8Nh`0CkN ztW5;!(7G?a{{luD%6iwY;df6r!G}{M6x2dvef7fG6L1aJWK>VX!E7DNsFc2?we~!? z-$Z6t*|ou`mlvlH<;Q;srPhsXj`l+D%F$%C6R_p&SH%J+Bc#`e?C$Bsff3j{bN953!}7vVbN>Q-`Porrc{#XWeg}Kq z)s3TDu+Wge($=uFJ6sSAc&&~qg5$jYJJ5u*8!+0s-PZ+*Ppqd zysYB*%@1%iR3Z}y!TW{e4R8E{fi@o7`+mbsQvD)e#&uj7B?3WM>FMzXgm8kuf)2QJ%>r5kY)omiMg;;i zCdEBV?zX&Oz-yIE0s@JCZs!mRqVc6mZs7c|WvNmrr79CF9Nx61`vBcdG|;(tGF}}B z0(CH~9q$)~$HVINtG$UP$jHpjNJ|8Nv-ZQQ$a+UMxK8)t%>pnN^c*b{(Fv`uzj_SK z#aUT7Igl6`#Kwmeg6n{_Ab=NG^3*@q;H00f5IgOhEjXzV%Jod9gVF02|3kJg%c z$H6n#N^?dKls$NLJPRhVpmF{P7F*NUTkN*%51Pp2#$t^*01C=$o0{t(GcH6Um&5%% z3(ZeZhZLM&yCF^~5OCqJdwE`!o&n2lSGrvQ>h!it*9`bd(b6C%NL>rAj)G7i4}%FL zP}DgKCzr=dL(O24lPEB)GkbdP0`^y?m$y#Awa}iL)B-QRdfZZy z1)15|5rIx9>|gebRsd@6@bOdF?<@ZBDl*Gna%Tw{T`%)+e-+HgC|YBCmQP139U#z# zu@-0f$C}7;T@)PL+!Vywp=0gwdUp!w9K|occ?rGMd6_vm5FhRYXJp0I(+j9C&Re+p z4EBbq^V%0-ufLeykit!!Ki_Q61(skw%{cu~a6&`q`q?!!B$`n=(7k%S)L96fbMF3P z8<5lEQx6mdnE=}pTQdgR<9rjG6A1%S8^CjYzPCCB3BD?+ObKjNG*n_v0i^@WBlYRv z;};N;m=6o{Q!V|o@al=HBs&ALv(v$859-}If~le~0q20j&psc>3kR%J8(jiN+cQdu z00aWlz}gkK=9)@c=HTnEFH>zA_^^o_P}b*O>V>wxg~{GtSlT~;$>k;YQV*a6ZSiez zYFD!P?Uw#W%YZ+PRc3p6)RN zBG(ir!mrsxW=GVw$JMv5-i^C&UOEGPL+@njp>s42 z&%>*4e)#-q2lC>aYHK)j&uxAE{U716XCXDh4>O-2y{+Y0IxSe1XfF-Z%aJdKc zDpUW$KCGqd+JUMdY=?^^+%CQv;9~=0nHxdM|C*cQovK{jL{< zx6eMl6Xe86D%DkYuffUb*52U}tPa)~_0h2A+0XD7fF`Z^aAO4gwD#JeIe7W?53jHH zpg1K=A{KzkFB`u4?>}~>hrq`M15-&w9K_d5Ke*n3;i2W{FR!2`J}@M?6xL3k{PFi+ z!(xB6QLTZbqDI$)&*2Z>yc%iB2L-2x+Ww8><4tfKpDgxNf==bT{rdMXS6e)^as!Wd zTI32N^w00EuFS#Ya9>7*4fKBLu8SMk*xh*Y<=3#IoOAikdHQz$&D6!mp2tLYS6_tynKERaX#w$;dR(tUmPDE zgo1bn7##WT2N$q3KI*xA3LAa-23tC~uWr_MH{r!sU(MI2!Tqbq^k0=!qDU+lfQyHR z>)X3!D-b(_d@{ff0qf16h7HNUdl;dHMzX@a5BL~fng9j#3P)HH2y3heK!Bt%BQ^yb0L%p^<>v_h~|qi%JJ8t;u z>(81J0wE}=WcB1R{PFkSEDuzJUSX`7bit*2Ze-d6ubylt_~?LiVtpH|iR>)t-km2} zdS=JFdtlk+hO(4|f#pNk-(5MsI)(O}Xq`0~_AYKV_cq}1mtU_mrGeHOvAlN#)6xpZ>Z$24}vX>_E|u%4}0U636)BrHbP{4VoZ1-SdAvVP7gL; zy9sScy-KAs+U-7|BO^-4z+?}C)b#X-KwnU4Oi>BR5Em1jKqJ`SqBhtdE-588IvSD^ z;sbn5fO6(neLv`PSPGRsEItL&6QfOf4H&JyHnR>?Y66Kc>C_;Vse+>uAU!=jJ~9YM zCl|Cb-3ygkYXD!nuU?}9jnU%gYXzlTrZ)OQLP~l@Y7zw4Efz-z1lx@u<)mt}KSYE$ zwJIgZ<(lB=M94^vvzc`8;f5duMvD*lT4@huEH(6zM44O@5|aoS>1lBh0f0As1479l zTd5gDR1oVPKqAE|qxQKSUL8}6_!EE=jfKF?Uj8BHU(hqgoq#^CFH!wLZ1JaY@!EVt>IVA*y z$0f#ug2iez>9k;@rB5qBY*K6l7_@Sk)(o+Usc})E;A=7KwHkOggGnN^CQ?7aV)e0E ztl;bC2YQuUZS;rajEvYYe~?SDi;+9{EspTiq-a3t+ssCgb5fIEFr=VBlH$PEtpDqG zF>iRo8}9{<6+gR)oCLpe6PbKbA&Gozmp{*ahK%ps3 z`;vRxM8@1W#sK{ozczxseHSE2x1C_ze%2emWUyc1NoP(nGWvs@3}!(BRgIMpZ85zw zJ_4F?AR#?Qq47s*0qYm(F60UnC8-tnroI0--G@OQ6r)`?klw*)bx{1_)!kZz>N3^Lkf*zN8{w*`e>7;{ zd_c>SbUH>dnJ=T;pjiPVA8zA*>GRc?PQEK6mdRuo2--5f8-j!`nIsqgv75{9X2!=! zbtjwpK{?*Wr_zRrcQuw@23hcjL1!R?to224&4q?;Yk{3@x7PBd?wTUArojIBkp#b_kw($R#7^>H3_(kC_ix*! zIAD=(4ZHBnH<9tBgl!>U8>3Tq_Sijo8ROw?mZ2V`DnDlY` zXO>HILwPp}F*1Z7-1u)7GzlclzsB(j3uF5!**MaPGe-;juL*K2<|Gn))c{!*J-llT zX7+0mTIFw>zaIwOS~Rg)XXk%)V!YuEZ~RNd&u=3C+K=nu_{X2Mqv?D5lKjQDZZQl0 zTOnT3t2Q{$OIYidenHWJM#z%ze|X7`v2?*K*lc7@Is=)9f9vjVx^xn3It{iIxmclx zq=Jg})<#Huf(Q$dw+W59E|LHkM_B?+1_5{X>LGA=mi^L1}GERbDa}b^PwZ&++#Tj+28U zDxv% zK$$25qLLveBTlDK0GZ0q@P4pCA~e>}%BFT`t}1j`HSnpcyMJwvad1emRyfHEnqUZu zN&PjBS29lSADIp<9i0_9@t{+G^1|w$3z9CC$^emZ2?0J@cw2K+{E+GIRDRkZW~I+6 z0K3X-v<1b-g#&8e&rOUsyy1<1q4+H}k?GY99N=UuWp^P}s6io;3{o!AV3w=HrK`RdZq?h;K(x#%l?u0HpG^29m%W^px#m#i>D? zo;1|>S&;@bf|N243dLxykQR%AV`IhPHR}wE&Pdik+AQ>GHhvsF`UXNG<+L^@R1L2G z{_`t{b7-Y91)z#!BW|~Y10+pC2i3!#LVsdWve)F#k0hDDKF#(c1nVsebFxdMbQ%d6 zX_Au-5#8HAFcGka8k~i&e|b7H)D9JSNeZC=^g#s=US2|mpB`C3p7($E*BAub5R?U< zNR zdo9SJfpql2;z-9lO`FcEq7UbeAQZOoFp8UZAB1F!C=l3s~A%=_7<< zsZzm#NMUGb>wq8wCgW`pb`LgBZs*F?{s@@FI9`$ZasPOAS4OCOZ|mRf^pDja)Dto2 z9r=3~XD~}jKN<9D8Cfy=yhsArW!R|#3iob1P|9$B!SokIxl9=dtEV@$iE<#b(oIJ0 zzqk9d(g(k|{FaIg;NK7kf-`!~k0!x4HS3666N|=H6MDAM1#)s6gwCn?L;w{`+??=O%}sDkoOX;b4vJySuA`{14<3 zi7q4=#>S^-hPxm>P$w44A)~x=VQCrKtFu8PRXAfZp|+-RU~UH5D$Z3qo=HAof-nb2g1SIA} z*W(A!5*rwn-UQFyJjxBwLU2a)(!v~6W<`;klsROw%r`g@y2qzsc5*By+5&1*Kw)Ve zboTd6j(0<}ua@2OD3I!BwvV7H)ybO3a)mOnupVX>7P@M(K`m7!7ga-cv@h%0A}+Tg zKfwudg}Jn~A72KJw+QD{cP%W5lZ0r!7ixNRakVQS}eajXdj zrl*P$0ze{`Sc8(FZ*qQivKyk!YI8^`?A(0yr*EIZ?D#-_tOI=F8jg-Op|`Jdw6__8 zO-goN$FIyA-tdMu?!|AgiL4S!dm|v1G{iy?h@=uZCk2^L#Nz2ASnaCF&P)fpR-RZs0H^NN zyuu>bI68;6tjNM%H~jI7^XjS^I5=_TCqzQs;M&)J{1bfl^uhM>D8!o8M!yi~Upu?m z=mm*b$SJKbwR1MnRswAcSKmL~1Ya$GN1Zp`4}}z@=J<_MHx${`YN3)Hr;))c;slz9*H_-y|aS2Yd98AGQZ~pWDf!)#at_2Sq&b4aA0ubun4jsZS zXz88NRn_H?mYMB-^cdPx!t(m|;Buv2EVskf<>R^pGelKSzPQ?jjKm~}4R>nQ3b_Bf zExW?1FoZ4cpTJm4aas2)oNkSW24}*7@!l0CEy#CR$Gw|X+<^HPj4VUz|pyR z0~_s05=$yvK040|(ZV}@$I>63#WF?tqzf)LMxiJ-J37b$`hd*+lOt#=&uN?4f!)!D zkjN_d>OcQ|vbhi@cF(38Ga;t9Dfk6ZYD$p`mpXVBC=}W>5JzzX%0Xd;)?s=%(IeT zkPjA(K{@v$3*oALvLa>0G-sV~Wa-sOYs{!-A`6Q2M3{{_c$ zeM1Z9;9BqLUpa@@j}Jb3{S7>R@c4MC0sMj^psGASwXg~?>d5k`hx1g6*yTR3G#75 z`~1PPvrQ<@%MAB3f=^7%=fD3RraFtJ_b*_!F0>3hEc*7gsxEH_4CNjOI+rNFe z)SUwn`CaGRL!h-J!S&a_J6RutskPHDKRbhXxxhEG4fdCM*iUQ{sf<(TA-$?^Z*Lb? zX1appQV7WEymU>1mi*R6fBF;ayLZoEvLuq_MNH`=?9A5JbuGYBSCT-WfWd7~PgVd3 zg}SyC7tEF?%fwPpX~_K^5MJ8vS?C5Sn#dYo*t&e)QxpX`t&8r(R**?0?2@)O-jBCU zWDk`1>jVNB3~W7E@6801PIAK}Y>zhxg(8s26lu*vaOgUMm7x}gSqY}l@`Ix#aBu>d zUnQKLuY@TDAkg?N?Hxl!vOl>MLnKm~LfVICVQO~%!56P#sw`4uNCnryYEfQ2Y^)BN zL;^6!X0Pm@f@gjb3e&<++koE$8cL}UOsS2RCyU@qsufyej+K+s!cZMlPi%A+=R(iI zZdN9w_)?p7wgroBV2-6Ccwn)gyjMYj+AoEXjAGjdFsigyo zi4D%Ak(qgzm|J`G^>e6;G8K1=X;-H(?M6AfjdNV6p)uLSb0>5FD)!+Js_IXfz730K~p= zF3%oBlan9v>w4wL9-J(<2gH}b`Po*m(FonkC%yS55NIP-J-d+Vt8ZRBgxSUvRx6US zvIERoh%0PcUYdr*!-p@AXF!X+xM~=-C+gWIkn;g02LjFj(_2S1DgGc3s9HCUV6Hrt z%^6-ewma7ZRqb;t0~vr%_iP`*P+p{1jMMIS`@x_$dmyud3%bCwJRp+@K&}mg)uWT5 zAOQ#h3Qv#LAzUSr*wbMD%#~x)0nXx+yO!W+ichV=uk`SE9%5tTJ*S5dp%F>*C-yrB;Jv&=&1${t)=Xe!D^^(+<1vp;o)#2nuD3q82w~lY1J~M!QH>cHa zeExV5BE!>8zx*2JYZC=@c(9h4y;rZVpgA>+jaIFY%d|!tq*V;So0k_+b~Vsjf%#C% zC7=n+KDj=I9EZ{pSq@hZPZJFSFeO%P9lBs+X*5_P0c%X{vlo|8k`fUb5&}MYg&`^* zE>89##Hu8Hm(kul_~*TX)6Xx@AT2~s#~zk7%v?R#>wt)a>X(1`0?zWofU%i zC=6~~%{0b=IicyzS2vJo)wM4i!bE*4JGsSwGGjVizkbz`9|;wcCtp2S1T@)WYR2H& zHEmVNfNmr0xy%><8%H-ySwSEaN{a?J;BdN$bV4hWways9tgy`5zjdc z=S6&^iA+N-6(!b9z~%OsN+txkHXJt3uPP&jAd0HKI@<)Cq=|gf;Na#k*Qx=5P!w9& z3pWSzcBL3nYG=>42f#lh`Q+FIVZJIh^oc;A?b&j}SX?KYZDm=m$cT|L)ZzXh?N%G9@6v?0A*dGJC#005Y*q8Irg{M z(Cd5>UGUh>8C;zlAMEWyLvDarq=T}~iHk?i;N{Z?qm4PBP}!PCmtc2i8}@dW3uF92 z>!0)R+wbA(aQ|>)8Y29RTE93L-#mE!;uSnPTF;5HfiXC5{lE=7>str=8&H=;Mw&$g z4RhRzmbckO=tXc4p`0jl0dYoCmhIMd5v&vOYU z?%np{7?5(BimnAXzC1iX-h%vayCtLuW~SP$auGyU^-i`FfK((3$ZCMu!Fsbu3=*j< zB&h^e4=-7QPu50)EPBZ9oQI2po$1*HaIG&UhUy?7wejN74XkhM?#~ZHuvu5yIRVWD zF?3jN4#x_a+75LSYjl+2?TroB%4i)JIElg>29rByH;21WlNqMAMZ?&J2cErn`S^GP z^5T6}x=f@giip;bb1<3%T_J$2U*m z<%=f^J!PQPIiPoHHY->H(%_uA>3#@Milx?A7+;u3GHZbxqU1Jc99}!QIE1sq)yzN> z$nEj7(_;{5<$DMgDUDVAqtIAd)YIJu<+WWigY^)aQ3d-)uCe`SQ0cunH#M~%^8%37%I+!17 z03*kJSdrNMY|hNOxuHg|h$J{Tg5HvdnhnU|y`_HeRmnngn_#M^O2%=(FXG+cJHwV+ zp?mr8>YO+|*sjTr0-;EjTRR3vS4Zckdr+4VO**j?NmS<0iS1LkIohkq34#sX1+0*-A4;{!HxRlP zJZrrrppb}^wC`<{G_58kqXCsjhtIO<9}Bdf$g^8oJ!Vt`$8oG8lFPQVGLZpjZl{o+ zFl2IUBddoxtrq(yf^}DYa^x3L=w8J{h#6DJPXG)LL6$G|cRs z4_Cy2L_)@({#3BWic+Hk6Y^811=2>LV~gmGCY@RdnCmueeCqxmE`{4Otgi9deVN<=!7cjJ2OoxTLBWjil#W zTGr$(g`A8uqfi-X=xLoH)rJP%XGag6PKzT4;26g8T_wi?$nO$l6K;E^V>cYXdlvLg zuzjEG{%Wj(R7tFYq=JlkLpGVD^=&!czC~Y=zv&fjtQdt4T9V;x{E?58KA#v8EJN@g znM8*-Ar-)A&;lynZOv4nVj#%=W5B!Qn0a@+y3H0n5bp{g{bQ-=^sFd_+NjWC6 zW5wMr#!4RyD1E*fzfBch(!YMns=eV2Z~Th}4pOv*{2RK8tmKqxNUrMI-r0fOo$a2g zbTG&{puHs1<|=7Mkz*{rl*m^Q`M#!KXrM%TaO}GqADUk@!Db}0lIQt=etYrgw+`uu z8OUPkhw+`qzrY%4kY(K--1#Z&A56Lng+it^LUH@V-u4!3Zm-v8M*_Zs*$Tb!sd$^2 zG^6>cbUMvk5^Nqe5pg$_w0Gq)lOwsKvkv_AVwqe;hkoPZon_n>1YHlALVAnE=e3sV zp(WT|>6_=V5~^UJ2M*d#KQP9jt9R!tL$V1K;x7J`2K zZGy?~JEUb3mQ@35o4eT0VZ5{4S1kuRlo_83Ea);=uqED$+XeIQ-f4h*klWsSkyd-~pGVmt*IO6`icP|k4rz7saW`QYpOW-Gc@F@hF@?qS*OFqvM z!KRSFYy3?Y4RittwmJk}vl;mX&`JD++nL$R+rQqv`?2`QJZuVE7lKV^o`0WbzK3`0n)kYb2|>oj~WIlir=(8{Y7SH{J;xBYtKRxwbeFeuaCH(HbR}eK`pm zVN^^)!jbzgKY6Y0w;F6LH?k3=w*kChUDo4!#&59oe zJD-u${$wR|Y{Z`tDw$LQC_FUR;O8ynlX3f9&;R*L2kHM9^-V0|7C+FQ?H1nr|EQEh~FYYh*woJ*%5^+04snP4SS|F!=e66^x4WweQ ze|Y>tSPjA=P=mZ z2#wHMD+EL!wANZjAS5&hP?JeAlUZF=U0v0E=FIHu&YXF%FLrk3?Dp>LnclN!-|Pq3 z|Gn4T5g^FyOeV7uth9$eBHT?}yC&T1F>~{4Y#v#Eg7!qPad7fOs(>Lqeb_6C^&!DZ zqd{s*2BSAx7zJBZ_kHNB%942=$RO;?AhwVgTHduc>T9*K=)}hGj)Hos6GA@{Y7y65 zk9X%xjcbd;OA9Tu&_at}LEw1sGgIXF_(TW@2>1)7$mHNek5nW{V22jy-V1MWo)#1o!! z|F%OGd2?VK%q`3(1_;0zjgln>*3PbK(-h!1p8N<%AT8920uS`2Ur``0*iD>25-f=k zd5kNP;pp?LL6I;TDa~TBsO@Ky+jU4I4+gz~-I0lrMA-z2EVA!6=*^I%JG;9_mgsv_ zg4PBwMT3z8bY#x}Gs+5WWsZw1ZeAYg029wik_jv%jV4m?u=A476Jd|+h*X(2%XWY9cs z1dAfmW`FhcrdG_4NPoeF$|-b$A{G)a7yvWJ?)lDZ8J_641v;G(Su#nKJ^3#ANT{C& z3%g`)#Ij{KvXJY3bv;G)y7uxN8134@N=;#ZB1kp7m0_XwL3p}*hhY=A{>~e8Kva`_txhgU zkpW1M5#I5)9_;p6vwzgk(kc9>fBC1Y<87Get+H4`V0`Dv(dGnf9v$|Tr-8w!kI62F zxy?g3+?pJ2*Iko#ly)FdKwrH4L;B0&>m5)_$nZ40Fd6!2Pk2 z>9s>RUK>velp!pu^5MiN%x^w|-Pyr#A0B){lZF@e;OJnrxiA6rg1dES4%U{Jb{_3Q zOMaw(Y!U3d_~t)-|26DyuC!HT05W#A<DRfz7GGaEAbrBd~j971p-TfAj5Ys7(ph8$_U+7v1Vjq9nVZwr6Z@aS3)$kA`k% zg3-W5WZZ<=)dRr7EQ75`i>}M^_2mN03<}A7W3iUbMR!NRHK@3;MlK z&wRAdLJKXl_*DdU^&eh}OoJSR)bJjU)L>o7L5Lo6)UIR*wTq_@d->;wT0Wh?J3+d= z7v4!Tvfk{Pha(Z$rB@ldkY@!kZi;utF zx|0u4H(O74ry$rrVdwG+nhWCKX3xUQ<2mr-jgrZH{dNpRG@2uFVDIX2OKt?XeSH<9 z5po*mPgYw&uhX@z9K%#)TtI#={Nq1v%otB-e+!-HXL_o6jD9By>Z?Txp9!xcMwZ~$$Y zA=gr55*9@eg#cK5`kVdxHy}Kx@$6s$BHR({XP3}jk_3e<)2~mL!Oy7N8eD+0!1(KFy+m3oUMkPdDj4(xYGv(pU^cVKU- zBO;*~9=~~08Eb?5{*{*pvk({JZ?{Xp8O6?(GdN$k8xiOSHjBhov1GOPFFbnk8Jeu4R+gQDD0SAdr%MbgTuM~eI0(8u=nP>=LhpJ zF|)F_GYk3ADbriqP#n&236*eixDcY}Af}@KV2&V zm)2ove*WU~k72qxE3IM-Rz}L$gEm@c)(6VV;Lhq{SF$f~oMr6b2--43jRqNz#gV&z z2uU=B!Q{q%Z3+)uV8QO*9Aw2;J^S`MI9!>4>80(R)nSO0InERd&;Iehf3ea7B}oA*mNlId?*x%hiWUdl>U?;xbpR_P%?`yM?(KX6pFiK27@vjx)1<$YA%_VA2&s>oCzqp1+7l>6kj1X#>0# z{fc4tXtAcO2{x7nz`}8veRHsL_cnd3gqYiKXMg<=wq|;feuISlnrH+arx#=eFemhT zAcB6vNU)h@+n5$wXrYA`|7HSvcy>(ra8u+T#2N^rR@~H@#eW|4;r-LDevKyjrw+M{Pm1;y+Acsf7b0lghcd61lx;4&E@rnvXz)h1*WRz3gCcQ9Ta6JFd0ms_JI(EySt zvX9EmzNLfd4$$chAR&d)+hAznaPeLv#KkAZgt$Po#cy9-KxI5M{Cv}Z|14l)}@&W~3hFCiv4&PqscEzhH<( ziMdtq#!MWOc&%$v8N9u5fr0j)!X$ z(FT!m3GwMS;q1lpj-p7wDO7Yu2RwPTpXF-;UY6PE3;8^f9e_HUKl+J!`{{fD(m*Z0 zH`Lx*XrYA`T71}nJvKY;f4C_!yJMK%G^`$;)CACTtf8IMP&<1E@bUyZN_oO_5c3}G zuDwF2<6MikqtM^+&{RgPz}uZXb!O$T6q!wx{hpqTs1Ac*gS~xEgLFYj z*ZR^f?}VpbwBP$dhxuT`M1L|T#TV2rY;415XSvPl3uSdpsUZ>wfr(9xmEbEHf|G8- z_|ht@F3h%;rh_0}e*~Hu?4n~t&h5FSby%9ZpA}^XK?!Ubnt_Fd@!sZU$d2*zi^+k; zsv`Cf3M?~86d)$MwB}|8cz+itOFZ}lCJs(5!t&D6{k9UYS^UfEn;^m8Acdqsb3=u{ zSpZ(J-RisxJL{{BC27D*-dokN%E(vw3MS_h22FRyV0mGBxTh2H5`!a>ZbEfQ5_{NN zW>v$@ST~6F*rDlp7#SVvY-@(J2s?YgB;8bPltobj;AUNOMz{pLUu6YQcsrmzZX zvXcBmGvUGPB4!x+8gBVWGVlT)l2Q%J`xEKD77)lU`N%JB74ic_Ps8fuvxr&s?4mru zy0eel^-z0jp@kM&Xz^hO_Sio&MUJB3@9+PYOOe?T=bhx3g?jK&-;slpC*F4U4)eAX z33imCf!7}N-a_vyZ+~?h#Jkh?j)^J1or3zxbIfEJFa7Zq8;O-ci&4k-zCdUpy7Z?PztwX#eaI-s{)kWP9%2;^DMTl3QL#lNUzP zrUNgqx1>Z`T}2jj7@ZYj5CF^Dpcg;x|aE&0F$ivf6Kl~*R!9kgr5N!y; zXf#R+SWKj1U{b8IzyqBL608jkMZ^*#ONdmSwn2d&CX)>;W?3DS<9NXYD9y7O(+!l& zjD_kpmiJV3f+9qQ`Elz(f@h^Tiu@vNQn$u`uY!wCH-UNaWiCGDR#|vO3?cBfKHa zcaY(J80uWBh0tMHsPDDVLJKXl_%#If+w8dTC#T3cGy((v673?Z!7f4J_{y%_sD~KO zA;{aG-tXu+DAB*PD{FC;CNFBTNaF3GiVRA}C4(bxu(G=*ffa&*J>#kavW}z>pg90Z zay{vQMV0{RE=!DQgSTo%%EmxJtV$?BQba&1!LCMoQ)HIA&|@)yLg?Qg%mAxDX-^j3 z)_|rzKstJ6olI06iw2z&GU%^1)EU97{M=B-|1(PXBLfSXtt_lSx>2&OSW- zIqgE$6zZdHf1`t{zxO)D~p*VgLJBxKHG>;6LL+Oq{A%K(lG=n2QZ~;wIIl6!!v0% zFKh;_q%<~b7>X65&Zp-?1nMyOUmXO!*%ptttXK?AgG`HLuw;JN&}6xg*O(O~%Q#)} zR0M<2ppz!p;sW$$OO}-fr03g5dy;Ob3=1*^Iw1a6gT15u-tj?&TGwB&T4W}F(E_#b ztR?lG7FuZWuN3&${mc~k|MEZo&ybXq#2$*JmiLPWJN#M6A)KMX_Q9k-J>a1`$xg{5 z{*1gp$0Nrr?{Q8|GTt7`FwYeEhZTiF$aIibutC)zuSw8BC^8bAq6G&?a^*=N*X>wo zq&--$SuLU@15#GC)?_RdJ1i?E48gwqwkZ}QCggZanQSyLs;J07s-dRHq#m?tWDx+~ zsksozZ3s+5tG(>jRqZp-S3Nh(z9yV^QEzb>9Bul zkom?EX7^5DiL0IeVxf?Sl*>jzVA~Mcmg&v51{s)?P0MAQ6dj9BkW7a)W(2uPoGAo|#&GU-Q5GKmb3CUKg1}T<~L2H7uLOLVpq1KEHs-~l? zbbLJ6mQSkXIn7{Gp)csHU`(qFBxtME_;9cfgxyA?9AQbIMzT!yopeUX@t7qEDbVy zK;atE){nubWZMma=8uJF>Zq(0fuI|EX}=1>f`O=O{3Xs_LeLcEFc={ zLi@46LX_>k5EU6tPkBTGZ?O8Oz{uo-ShpT@yrkxUWH!h)jy1}*a0{I`GJC8)(6o_s zr9m=T%pbhy|l7_?39z^9LQGh$s}Fd&&DwL=l?R&{(%STlKfHA8nA zGlAD}^uvK=Xb4O%g`G#Q4yU^S(_ts5WHFO1l-wK6_9twOk#$8UfZ4KGY(VBt-D1fn z6u~xEz(m-lgOR*i)>wE4DY}QHY^$3v+4d=n6T@C(!Pb`wL9Q2 z@~AQWPJo_Q(9aF2rMKMo0@HB@ghF_*FMGO;(O`_uZHCdIYP-Mz)(FODMbJe^wjuVp zqTPNnyaRhbkEA0Og*vBXhYfg1zrrB3ri<yZ4hz{;=idDVD7ZHoqj)g^aYA zya*1D@^_j62bSv#`Mp37x|62ycJA;Yr7ILG3Daj)`{CMuzizBMhR4ohf#7sl zLC+flLSi90JXGc-K!%gwF$&N2=i(!RAi&SXcJA2mutO%@wUI+FxiaK%L3C_FfS(0q zgJgHP!9f-WWpjYr>0(VjIsHQ8;$pyQ!%-9`^d^hlFR#2E?sVODDgt14B=QEx>zFxN z8U)^GAm3r5yR3wUB|>Caps44-9$IpEvJLt1_Q0SJKxP8SRYZFLEbc$RdhrPyPL0g39>US)aF9s= zlOwpMV-Py3^UQ(>CU{~`QtaPW_X$LGkXFv#Gp&`P8{Mf0~^(BN&4}q;B zscHb8o$aP4gn^&SY7Z)a-AB7c33dnw3bsiyxh5&{$oC;CGBM282@<)dmTr(J5J-MZ zH)nLS+6YB<28Kd-kUzUa$6(Z%odFON9p$hnfW*gPcY?2fkjw4^eu4gWiy5$41&72# zOn9J0-~mg=$1f5ZyN95uB!!)GBC)gKV_`N01cil%1%ZWp2STo~21aHL-MbG3iGhM( zqL<6T?=^qmn0odq${hXjKTzocJicDt?j56;Z91F405jIHx zN%HY=5>~84`rV7o<#d=WAjqchh(sdPPsRx+C}!V~6zINlzcf7pc=B^dlAH1Fa9BOL zs?7}sPAB1P8>~M5u`%)B>%>0M0F{H=s}FBMK%jr1%L=^2%YqT2Z+1O7SOk|@&(2^B zg3%oi39*qO7RdgvOGK~HW;J**HM5gi+YEjEg6u563N=1R8M5Uf!0&_(3C zX1g1rV&j5*?SRu{oGXB!*utV>AUYz{X}18jAh5auS+PD=LV)8PlPu`zDD8L(qgFJinGlE9lBeh?EI7ar^nbitYJ4j-G<3?_@!$HxKK z%+%+f+nf=R;XvlvWC0uI#>Wq$B0_Cu8A#%2wnJnz7N!HRFtNV`o7E8#83n<9PQZXZ zLD8`G==pGS9s~pg`PeM*{?b6uG+4&bitQ6Z1KnhsFe$ts`iDkAba)VHYmr>Yz}hEQ zcJS$7t0};32l99wvmLNPW1=F#*TEWhF^9zD+=V5!K+MqK+^~f&FwPxG>BcSiW#M0(EoNP_Ux~ve8Ub=Gp81|>y z6j>llCPBwRO8xNOY&Y;m9Woq9x>Y?jJ`D#K#}kb=z{iz#`08u8IGEqKIE9ghd@$+s zI>ioS>yJ8aL;$BVvR&c8`06rg4PfP9Yce^&2BIrrZetHtmY0X`)PY;l7j`bgXRofd zFSg-ie>&bGf;%ba{>UV(9_+!^M4z8*0DDU5_VGC!@2vON<$}PA1+_h}ytcW!Pjr=J z8hOEc6U$#VXo}3c(^ihRA>YDrx**tm`exupIK8a8b7g&RG_MUtRj~^{RdUgqSN|TKkUT@Ibg66i4p*kysJRaI$wD^X$435CU%F5~C zGNk(X)s1Y!Tt_yiH$&h2UT;Yx_{HAXI6Q>8g(bMtRODk8;QGOc{pignGJWdsHT;L) zeY3l@0e!XECRZ{XzWnCuXbw&;uLjGLK`)w{?##l<;>N+=GTcgxGzbcKb1X(S>U@*S zVej&MYv%}FJictr4+d9A(!|0pEUm7rjx>YKKW=j45xo5P)zh;Jc=hpQCp&N> zIZ#g{rl9lb%h#~AzkYGN1%(l2Yd|V2?3`?EAH(;*|NcQ;9MA?icqIN7#R^D~*`u%n z(sCb;PQvEV-sV^*xa`R*#|KaqEgJ&zVC!f%%ijb^w;HA7cXv!SvQ~O}0O9I)maH3M~V}3yaHecCwQ0=Yaf{#V940$*hCbgXsPO+1bnz= zrzhcNqK`c^9}b^>d3CZ3r%x~Xieo@D`_^>dh54nW)3Y6@j0xam7c`Dvjv$C-cn^OY;RvARH1$l#PN}?#n-)My6tLIAtm4J_hYz>FW-ItG#R^Z_3 zYPzi$L?oc2uc=}S>K}jhJ$(P=tIee;xRDqTlG6omKL2EQcNs1p?G{H`z~l~p zFt-KEYioOp4_WbS{ob7EsXukz!lRw;B+_;@AfiA3Ib#)RV z9QMZ14S0Ncuy^zv4(B_aPG1;WKD;>HgOk%2>%+If$7XA}HwVkBYezc^kP+w;n%fCa zU%uMiTZ4+dJzs6C;opZQ*S}&^o&D z$>lEO#JKcEY;OivQ2O-dK5XvooE|Mfn%kDuFb%I>T#=8=(canSRIFPDp4e(?=#+e1bIJkAAC^feNE*S;cR=_$7}?g>$4O&t^OfPkp*5aNmhtT zFT9nT0%iU4A73s)WI*Q5^A}K`Y!X6B;qqz|63qrqa=_^NqxKu&fC;76Ou#2Ex3kky zVgB-qI+sqTn^OT3G8lAV4#>Ou^b;7Y%(&IJ0^fah9BVSd^~Z4hrGll%uGE#2Jtz-# zuxGIKFI}t*6$9#-+cpK;<1OS)Wu49-JMQg2fxVF)NC@%8FbH={)zeR&!HqE9H>Cs4 zPiDhp4mfM@{Pr;*MP_-n$sJL6;|648=WV|D7$zzbd^0-W(avyaNEYlIZN%I4MB~Vd z^If==6b%-WKyx8vdFo7fgV%A+v|`s$-xUn`{63=g-I0?rgJH|{`EM(NWp zzJR`_#>LGIxHoubZ+#WU=CRU}Hz0Ebdb2NqGXV0q7eVol$u21(GOK#ue0l{LZg}Wk8T9O-D*f{(cWY9C(+lhdbiK_VX0{*I<^%$#<4vvzD7bku zJtGg+pT8b0ONX4Mh0C3OPz+r4=pL*Omavvj0&*IUH>bd9(&_k6SiJan^-d+Em-PMS zx1T~;gbfS=`PQC(6F{yXgF$f(A3cNJ2OaStZooqGi?4xapFAlDHbOvp@7duv1Xyhu zg|{F(D|7n%BUtaq56WzXi=){fg#%7+;5ak1&z{56?R&}TH{tPbemh#82nN0Prmwd_ zu9IVB)!aXv?+4z%$+mdddGV$z%K}nT&Dp^`1e-7qKXNfy$8m-2ldv?TZYSuHaO*C- zc)A{H<)D0YbF3y83OiOmI-P-(wCuxAzk`*wT+%QKr@vON$!OrAZv0^DUKyZ3+QBF) z;V^f2-jpr^7jg6Wcom}Uwg)Gl!trpqs3gJ6@?=tYFs!`z&0IqonEi`qXYRnwTb-|8 zpTdpw$QRyYXHuI8LP2enhXFx{BL8bW!neAtv509eY{|NZDLkT)1^-d%xb z2TS>J;UM!IZ%u^b*Po3yWM!K-G0=6QIJ`qcgKZ1qMny5e@ z&>IAH;hB?t=XXw^CMyV^H>jW7-RQpsSmw9-*I;?DqN;Zp&Q{w5qZuCVKI+Pk1X2$D zu7-Yv_OGxL*FuYbJMr^V9E492|AWQ~>06j}*&rf$?YGz@uDFYM-arOCc zHphFQy`!(IxduWcF1Df%j#uxqhO~5gL6mKPllbZBDHy)f7^aBe8&$e@dJIGT{f8fa z0qea;yvPA&U}mn$9^k}uaZv@_a^QJX31hBlEX?1Y8^nmQKkSiz_ zwj5*1hjzxA0j~um7={-1*JlRd&g$u#({YFl&Rg4FfH0mjy2|0?VgnNF7)gY?3y1ZY zet`G6t!wb@mlu5+pSO|CT&pbX^fjB>V<(*9!t_x%P_uiG``z2{m z)I5H?GYvftSK+hIPqY1_VeaHJ~ID>t1Z4YiHpeKp&%;w{>J?QNldi>>QFj|$!=>lMCb9;7X21YtdNJDNq zgN_#x3Tj|xehZG)9|qVJc>m@;vV?;lh+d? zQ?NAJ6X-O7D49vq(jY7v9R;%H>WEPpuMBFyR#V* z0xclQ>g}^^B_b5j$U6d{qH*x(=mZApvwWhfV0-fcHhFNS_nd6rhnTRujguo78t6az z_*0mz&(5fvg!7Fqmao$wCsPCKFX7XxmCm*f=1$a`M}6pTqsmwyyp@sK|=X zskjFlGmUIv-k#iqxu!gpj85*Hx90i*DuVP9e&o&&ldKmMNWayzw6X_VGi`Qf2AqHK zo1Mu4XzS|jYOR4NJI`7D0XwV1!xMPWaT73U*)I|r+8>-gI)V1eGCV zo9u;tMvA;m!)CLQUv~VGjlLR6igPs8%^Et;*0MuRv$uAxQ}mC z7Hl8vcQn^Pb;Zpf9}Bp{Q|cQUpt`a1(ZvB|g*(ayw&2OhOlRL+INqO&^6`hZh0Eim zPN;61gKxh+&vcm}uXp&U?eSTOvCQEXD+3NWx@Xf2^lI%E8%&vm+TBxolhtaje<$+4D1s9&Z zegO}A+Lm_?pszYdu?0a{=e^Iq{XHDc_QnKQA-R0wqnB$?UD5jVi_c-aE`x0qSxqzl z^iQuL&)=pqN)Ve~TvuBS4gI5Vb+i)YYl8Q`fkpam2}y>v%V*2O{ZN(_V+$;VgNuU< zHwOVFLyy<*g0D}+?9LI~>29d5DucLCA9lYGz5SB@%!?$GW(g^BVH;fT&$&%JD6%Br zyili4E$KeoS%KSCx6AVqK@3e_+h2vwmOGo%<8W{BXz@-H+}*s|8f}1a{F4`(a);{t6&`N+vu z9|(G`W^NB=Yjb0Y+u-!{Vt-=|?zP->T1~+A9whr$o2igEoe%VHJUv|Ofa;F<-+Xlj z*}f8I4T712$4?F>Az0>kTRLpMd^y%x0e2QIK7KR`eu_Jd|Zw@uv0tzeZ0GsRh`XMaz zl-fdXz{Tt554u_b>0Rfo6bMZ1dimxM8Y}9LUVjd&UHO*KOxStye0HD@S{up(tUM$Z zx5NJK%54@mvVCkOc=ysF7B%*b*2J8fFnjd!x1V0Z?Scf8gV;DbFOT9tOmDtAS%RNR zkwv3Ex~LtVJiEN#(Flpbj@Xi6INcs(U+7g%?=H9GKyX4SyA`Ugrn;siAN+hQ5^XF( zEslm@G(uYA-N)z0Fx1{reKQ@{4=_5XAD!+_!_ea8_pde~*ybGFI)m<#SWYhhxu@S1 z4cm_{%2NYCXB1h}>Gt5%)!jqrZL6=TxCOy>C9!G}PS(5F*MRl&2e8yyK(kYQ&G5$6 z(K>WgmxTD);N3G}@`;orOHy7b)YVkB-JgSttx2cZ1g*m>ixY!TSy7dr5)PutRaj9A zbZ2z{t9NQZH2L1DX@IJVs>Op-7;VU757sH~xc~XLzlVdFp6Ea;#N@W0o$WzyZ}+3C zbErxVE9={Wwflt}?*pTUXLpLC0CRDxdmH}oA1@%4v$<Q9pwc{fZeRf6H%E( zJ>5M}oEc3UG9s;2c-plvSxgcLiaoWc3c5R+OR_Q{D%_X+jD!4;Be>{RAp|%rph%+N z41`;?%`Ht;P>>q$>*E8FX@xDV%~03S)KHlZ4zneppbVOuo9i1|pyoyry=8g2&aIjlkIX7=ZTUS?8Nj8`S9?U-B<@L?bP*>N|+yEJILG)`zLs)V_XID3L zwAIB1I=~s0+|b?y-JNZDDPh2IeBHx+czinF(pUpYVSWZ)1WQm%b#oikRh2<@VzkRH zf?l#@mefOUPghxPJdj@jx+CCrOJ`4KJCtO{vphy!L4VPpzj2Yw&eVc3XzT87zI_8+ zCeA3>A@f#sYfBR}Hnmh1B!Oab=2tX87mcRdMLwdQh%CE!^8&^O$eIJeV6gi~!R@BD z#)f)mZ>~>{a09RS@ax@A)5+{fXM5h$!b!-C@5(~mC%7jQC$pvzV5i>cnA-PPL7L* z*u=ENNMEpqBsRCVL2Y?)W_$$Lt-iUXHPF`31Wk>trJ1o{w)m!`r-RGP+k#^tH8#@W z2!)FJ=BC;PXlrgri*SQ2ASx{-8cebfoR|XPfk9Odx8ZDYAU8J;=JsE0j@$(H16E{T zr13U-g$~(1C_yo|TiT(vvNS6(2AmEvZ81WMOv=g4hz0U&L)y%XUqW_UcPmsD+74F8z4JA*z632^5#~ktFLcqs)6JPKVEh~c1cZpTO$-@rib|ZfIB3i zx~Uy{+8Q$>eStF=qtgqarL_$OLrYbW)2;xoIB(u=hVJgJ+R_{#d9f8cSo(`H@}n}O zru2INtAAltBVcoFtSSVDpmWDm!quDSqy0@#QII0>1`tg4)WRz0>S!s>$$;4K0QLwK z-~QJM zk?qSUh5crW+>Swi`oJRvp~INWvR==FWU>Nzwi#_VOHb}uAavNxn-!4A)oIq1lmf`Y z1>OkszA_qmqdGnE;5Ra`&R}2-@2s&fdam7GdwiIlHgBaM zSx`G*FmmNZ(CbX~4|ia=HGy^KN$XzZ;+!I@U!bG9TSd(1qHLR^*S9G6vwUhVR-!Xq$V*0jJ(LU6G`x_Vj4V>WA!xb zC&N1ic^n{Z!^~h1*!Q-IEE|kGpa}BNZS~1^sEQ7W0zMBw5@fO|sSToGTBPwaSu|oS zdV>Ob(#3;K*5sWLPG@S$vwDFC#iEEh9grva(aqba z7Xh2R!6<-CZfPW$gn``ePkwE6eOU;s*)^Fr@)Dq)>Ky6i();W1>~LvtpdS{ucG`<# zfIVp(v&K?n@)STCm^-yltbT(4Br~DQSro9|Wgy8XT{0r?S*6$#Xv2z%MJB79E=Lx; zi1d_voYnW9z&Q_VnjE!cU9fw=#}07b!@8gt+OP*U6w(p!xmEj+TU1#yb4c~QMUcyx zWVN8qq=xGDfz1r)F37vZl971c5SUaCdpqL+0tcusS*2vGYoAbq0kDMGB9gpMlq4Sz zGq9zhesD;4151Y9-!xIKVAO*;BpDVTB~mx+U@@O$Ruu^w7?7Fx$xvs9g&>iZ`G9^{ z$V_AHvKDgi4j*36=anj1Hn*p3(5-P_Vw zYZBzyktXm?0e#u!WL5}*R#<>*6($4F3X?G51A#h_VM&EqoqrJMLOvwd7AA^SN2fbd zb)M-C_TBvzT@JL_3Y@n5;FF8>`D6Pl^0gA%6SC!_?gl-dHD18(f~;{I5=7Yqs0I#L z^q7SYD~i=Z3oZWG`1vXFH{X5>adC0K@Kt2gNfN-~3e3&F0XJ?ILO-(}nbXr2bTSD#3uKaHs@KQ+l?A!1O4~J6-@g}Zv0Lr# z(9mG8BY~j{mGuKj6nH^|AHS4Bhfyr{_>4Trh!2sG8XASSN7_FnP!gfAHfLp;&JsxE zOlCXKw`8kenJ$n+BO3@C5gnba=(lT+48?{<&<_IH7QN^&7>Sj^MkM1}Su2DzOC!Oi zMp)>@H;T5xt)iXCcEidcqacrEJxMQGH_xc}pMEUK3sw;e&3FNadC}~EgtWX{H*Z2} zTrj;7D&Q;@WZA@8fK}&!Kt0K{Nd;N?bXEw9jeYvaqN4La`;y9#A!(51L3`2K(@K!j z2ik=$1e_j-1|wigVyg(nu?bORNN;%Sgk{JYKPIUXt)59?Gfis39;rXraZ=3hbPJW{Uh@{>%Rxl2cNC z=@u;zV+$V(V%|aOb?6XN*X(MlEVlY692Q~7I|6+eY!8rTz?{Ph*FPNk=B`@y)YtjVoz4i;MAYz zK~FB+(l2L8HE3#OwUO3n!^50N$m!R$7?`yJKq|_@VwGt_&PX5GglU1;~$ zG(zqEfd#2G@;h?5gKd~J=#^U16N}F69|S=GzHDKtn8pv#qYQOq_Uh)GOM ziVg)kvL+hp0Plo}U41q3x_CB+P)L1zt#g~)wktrb~VBcG#cy?EYtGd16G{@FmvqA5Uf19vFO;n6DY^CklC#h zNOVM#GZ-2kto`ou=Wr{T{FDceVkU%`8QxUu%+ug}&@tPSldEeY%RsjVM2o z*3fZq)+V{bprj}Z8yui|j=((F*j-6-a)6-Eh#*N8xmYb@3nAb214-7{TBCuFga>At zkR&V+@?9e&bCRF`1&MSPU3I&jrTk<|l^(W`y0VjfLUay3{jOvV3R? zE_gml1~PY~3v2fvx}g8#HwO^wAU8=6!rQNxjl2w2i_N5nq&*1CF1-+#-dqagO- zR1x7iBfBhuY$Bdew^)qN>PEI!_5K8P)sokw zF><_?MIJCL+cHUC^=dJBMmyOKv1aJL#~qyk6T8p8yjX$&J61fq+1LBMypG-WfC`bb zKXOk6))V%Y?6w55JN@u>3R-BPg%*FEz%HEb>3>Fw{Gb0bBqjX?o~}nPIEjiQ>sBSy z)mE0?EQII)GZ-XGUP%KqRu%c0crdxbx|dGi_n(}%)|EqcQUv|22#!47>p0}Vhd^E_ zI)kC?c70=YDMSa`$SuiwV|ZdgOG`84rG$elD83=lkdmBPg{d_(=A}lOC5c>ylC5b4 zx1hPDu{bvltR_=rd@_Xi%Ce6e;u4~LeFGsmB_lVl5Hd5;^9$0z?evR?OoW_*lG{~; zzgYrDNc_~vNATt4W_4vHB!~HmR-&k)^?q*yLcyq`twC zkdl&pyP*;C62p+W17=>vVb_yekt~873O~G~p=<<$Gj;!?*Dz6AQrk5JFJA1WxMc8; z%k9521h)&4=npc<)5EN;5V&!>4jSugk|Ug8viZiuCPCh<(&~yL@VAoopnww`Q=7+7 zn;pthWTYUW2|3Wv++2_v38GPsOiF|3KnMF0BRD2GDbgQA!JL#=0*y`0a5FpJW|rXk zx8v-FU5h)o?%@Xf-50OBo2nrsm?*5`aF) zk*qJ0OOkwxtwVBavLYD35)@lq*G!ZZ2H4FI7@iOl>IT#%B0d3v+*Y?=7=%a17FRaH z&9oTyL(+ht(D0ZzD5UMG<6F#gc!kuIY9m_}g#-iBkcZ+tRR+3)kcUB$Cl!^^bW{CSnNn^gR}if*1Q@rPc|;r8M_us&Y{gVh|8~h@#XihJJnZuvjC7tHxKW_ z{N3`K6*Z6*7e-DC1W_+5X@%9$R9h12G=s>SfUG&X5J-wl&v0;}U~z{-SzU8&WdZog zf;}h}QsTo&8+f8*@eNN)i3h7-^a)LX+QydRjA)Pyyv;WdA|k@m3M-(dB-?3~ft_zi zk@-ja>k#f{Cr8Ns%_#+y(A-p=5aa`b;!aLW0W3pN@qxIMvN$k(@HEws==i@)Lc z`6=@MM&mE=bUhQj*FY%in%v)-h0*2nfB)OZkRB{SRqxp3gF(16KD&6Q4&1?sBb$%m z+mEjv4D~@pUJ|=9cm2miB7OKhZx8BUdj#hzqy1gY5bGyLWK_f6;r`wG!*FzV1Z8m{ zMcrHQ`>$V(OiaS%>0WYx08zL4pPcPMOH*rkQ5-0ObA102+Vd4IG#?HQ7V=8k;Pso2 zUwr;4eEstEn^%WWo}G2@`G0~JJNIS}&S7=13PR)ame1e77f<(w`g$QhHbAiWL0Qk( zmmfWX!ZJPfmF}@&YjI9ag#(_P)y(KG5qeckH+o~LRCSW$(aNv zpZ@-I?Jg|tJ)ZBr34%3nba4avJKN?rx1pyZi`}rR7U~W1%lrhGKD^kQz7Jh3H35nU zx9{&R4rT(!J0}lLpgF~n+&B;4|Nir-i4A!9>M?5)_}1|8@4tBhBV!vcUmiksn6rLp z8pekD;NI-QWN#^$-RX~i^Y?JFcz^!z9Hv?d1LKL!tIxi;+J&K>&g{f6z^t>RP)!TT z&k*&#$rW(^_@ck94H_!)kc@#(STYPQo_umN3oeV17ZgYnc>DL?zJN4=b7!~0#!NT)Dv{>J8 zkanYf8S}3jS!gAa&fc>zT``F8hT5|>LZx0O=lf4YG+_|q`tam0ahOrar7B) z_jisu(*hwhzw!9w3?4Mrg!$QkGXzcSoI+c+#06x**7i(cWhZPd-EZw3gSopyldC(> z-%z`HatK-eoY7GNr9>T)FO;!`0mrSA_IN3e7bpoYHKJq(B# ziiS35YU?B@MTa!To2cb7xPaZvj2aS~w5ol*w-8&~7^gINc zm@Tdpc2`EMdJYhdpj_CyILdN!V9ISjnD2+A%$~1)`x<(i>Sm6=fG-b6{B#_MCJVV6 z))RtGmtH>(k5&d*R)oM%P(Qpo+noxW-hO{`7a9|tIbBQeWc4n)KOw)qy&x_C8m5mA zhN}TfxU{(u3Np(dfBrSh-)VyG$)n%CIe?sq+^w@+NVIacqFy*%Mrq`;mf1Ew*HZ|n z1G~q=N-vy}P*1}wvS4&46~gBE)l6qQWJLSwMH$H2#g-adcD%I$K{g}1Jqe4-6p#1Ie`y;l;^XUPL4W1i09Jz;B@_lL(lhyG#2}or?1`5;{(5pE`ost`tt^g4x5} z(%1}Gdi?p}LO;~^F8ucQUqW4!9rWbk^aM$f4MqsNHF&u<2ILyHJsbAUw^D=rVQlxX zDkTZ-uI@Ld`9fUf%(q`(L2F&@+VijBYN9$Iz7(E4Jqi~&2ui)(UXugt4Dfo2%vyVJ zhG(>Ov_eDQ=qH~)g~C8fO2Z_q-mlB6x(iDWt7U^8u!m6Z!WYy=9@ti=g%(<9@wXN@ zjg85)?{ zIe~$ewz;(h2$wiVP7jd9Pl zCSb72hkLNpQ_;}B2s2&D9PbCC`v+~A;lLZ;YnY6s%pY2?6xp4&_GlLh$amqXaQgan zdtNYLX0w{dVfB6uT|%5$5m_5sVevUIy?M4VQVWjo(w&`2aC1m%@4@-b2wsy%!0|rQ zn}<-!?gi$!)Qa(!PgbCyp#1cUFJPi3m3|Lz9a`LZbh-=u_q#S;Qgnoh(<0XrxvabH~n}H5Vnva*gM%wadO~yqyKQO7vj@eKK=4J)Zfa^$ti%u z$Y8r!1cf#$MpqX}1bNPo-!u=ej_zAHjy%^9xhmZ%8iu!*`*VR4BR5|>gZg+!e&;-p zB}VRh*9&^&$pW-bZx1(T139Urw+KuAdCx!p93C{^fUNAijJdgcyaMqKE}-%b z94-&y0|cdaR(2jX0BXP*eY2X?6xs7l1^L~nfi`F*+Jg$Ky5XZ&m$woEfh-X$<%HYE z8?#_D;Im8GFcf^_?oN+EZm7D4GB{Emz5W7b`zy1uvmre>-p?kHhdHo~nJgfMj%|#o zd~mr%V4?V>w!+2bT8PMjGra{)wnoTf8?h~rn}tawNrlkY4j^T&Jf3J1wGccx~iU}1JRL^MD`<=7V=A45e!R!(jXL{`LaL1-9$|a8hKXNKUAqT)WuWgq78mk*;d+F-uU`G`zF3 z0b^t1Z57!d7<6X8c$j_k_n#$7YeX6oV(g8wmFwpxfM8WRcF}Dv-Hg^}M?n7Fr z$sJw{o2QS~x7OkGXdY7hokgAVFwv9F@irJ*-DpmZfY|)HiJ2*wTwYzA=mj6Mv9NU- zUOYQnSbqc`ZI5IXH^b6Ie^c8qjP>`9u53YTRoV87ui#*F{_tQMYKjuUU@-b6+<@Ju z&raqi;bwBEEg%Vo7Pi0o&G+zRdnzN!2mGT-x6jUCb$jd4!8|1TI?MW&VYDqlCpckv zZL2XO1b80DXd6KrpCw;^f0&n(X^L#H$1h)g1Q%QDn_I^)(OV!Jt#Gqx;Oy0x@ZD$6 zduwt)G5OZ_kHF;ED6H;m_m-uBHK_3F%dcR6b>Vn_18$~}MWT3Ug%iT(ha4DZ~G zOv5CLvQG#M?>su++k~#FG^<}atn96&xjFDJ>e`>{2CMAoo!Wwpm4(T%2T+(CBJc`n ztypax0-siLJyH>QlYaz^Zk%1LZo<@XcbG#@WVSth`2yzG_C9_72+E>u*^Ohcc&D2D zw##TxObTm*qW zy%wDge3NeOJ$nw17A9|IMFFy8wsp}BjO2!*AjYJX!1(O!#Oyq5td1x6+aWr;0v3;+ ze)pR%Vc}H0Ra9JEv$l=9ySpW5aEHcS6D(+gySq2;?ivUZG`K_K?(XjH&fm}bynFBe zJL!`itLNx7R@Is{tM2OtM8?YcZ-b&Yd|%-3iua{Ft-6@5U|k*z?fk5)e?am7sW~#! zVb8SAd0|pWh+>MxXEt&>crbLc+j%`DXt6CK=7oMV;Q@h$&8w#%*oO`*z9}BB5jpcE zvIMFQ+mMAs;-`*)1@y*T3qp&5TOkD5pKweY8|8WwF$`u~+^XS!?x_1j^Z37&jPI5b z%YDUxgjwn|^Cm_^*Ng?5P?t1_PM?UP$@tw45ffB0QqX_N8s9}B*INcYJsp*9`N|-E zc`4NBSwC)C`RpIa94H8oj2QbI+6)}%d^u~Z{xW}VS1$&bnBKdhLW#BUyUiLzuH89> zXwk^^ao~r-Q-V(4kZkG_+?%Q#_C z?JiG4_+UgDItjg0KP^B<%G24HEv^@U({+xYm6HKEmH!?g3&Zg=gwaf#K>7y|4>NTd z7?f0ZyGwI900>!sKShfgRZtE!Y=rtnv8eaH>8Q1oNR-uK8#;spNr^dRQ5u&*bWy`d zv9l=Fi5e>(6^n=pLtZvEFd+N*%c5JXCVYGIKM$-)uVw!4D{(YQ8z?&(DeeWb;Z1mF(@u# z!xRJSZk=VK5NUZx4td?I@1AP0OU7dn(Qjc3;v1hH#l0Pow3EI}$%Z3>I?%e*&`~0R zb+bXDjmRXfWgv>K=<`0{l4~^r$vl{3DDh(@;5NzKeno}@F>f5yn!iqTaw{*R7`k{V z+5l*I1D?`>Juw?QtB?mT-mE*~vJz6#Gmwk|dRK( zk70d5uuxde_bcjUOj;zimrl)#*gVFv_sG#f<+F7deg<7sKlXq+<>gI2;uL(ijGtf! z+3{&Ekz;~(3k%aqv}7Wp?X__2pW&qk`o+~Ob;PWBwV3D%N<<~Be@J=q_ezHRE!B$K zC?mJ8v4%t}IK2!`idub?@l!c`dqjv_LuJ9Y@FAFGT(7HSN~9fPVn!A~m+Y4wB8t$V zq4l3BTGRz>x=!N}kKq}J_+88JM@nKOO_sn6Dok{Z`aid$zIo905n0q_TrSl$QBpEf zf8mEQ&M8i<8qy>41%NgqB}FwGm?H4ZAZQZLm@%Q&TwAamAD>#Zhrq3Nw~+HLd$2w_ zA|^a|_mSW$fqNn|KP4>IPwKxsP??h4!?y0#zQVehFrL>qWLR2a9RVPW-HU$Pz|&9v zfoZ+dL5GH*Gf8R~uWtuFZv{)gSXDPP3prK6cH6Ma{3>kdr;T%+^DpY!RSD=pw4fgv zl&4DgNy249qA|znB|8aCZlRbgxUPU95s(^Ch_ag(Ciwk2N{L0$=&Pg@Qr_f%iy=cB z))D$Tpitx!jpA+X#$%rIa$7=gVnlr0p!sdF$YZP^nsO3Od_(!~Mi}FM0;yCO$uD|67H^Uj1VngLfG%vrD5k#f$S0u^^36T+Z0hU50S@dz5g}%4` zW4@IK>8tR>gH$q3ZpM7mp%m`uGnUds)@MHrr=P!Qv@hdU$<*R@s5Tavor{(v&k&kW z?9A9rZ{P*YYU%mxdQct1933t~ot(3R=7xS0RiT=zYtvNA9W_~2*MF#k8idQq?%CL^ z0q)ZLllL0_rs;)ikcBGN75R9lzbI@fBEP0_jRf;p8z=Nl;>zaG_t-M!#R4D`5nZSg zsUo9oT?>c!Jf=#HgVLYc)Hx#3iVzeri zM+W-4=dr)L+f6@4dE5yxZUg!RoisOUO~xV35W6?e;Cck^NMK!!!U6n9fD46}%(aS; zyv+3D`KQw;w`X}l-71)u+bQ(a|FqUNYz@iZ1AY(k&QBin{s=waxrX=i6FI#HynVqS z3^{-Lt6U5(lR?ID8Yblkn*pr?20G!b2Mju732*w7G-`>|!+Xj17cHa@RwN%c9ZJNU zth;HDyl7FbM~O0vGY6rTxYkhE&_BV}ushmB=(g5Q#j7y2Zc3O2#E5N7vulh0ao_qh z!6Bc+ZHQ@YejQ=*6{eKVXF64f!E1|j&yLbOLM&x}0x5Fl3>l4anl#IM$}IJj5TrrA z#Qtr!(Ilyb?1<>+3hMK;FhNj-3_FIl$0;glpmX=?Uv-M-^;*=)X<5GG;i3<088U4n zOVmZfV~L|K8uOT^1`Z3EF{$r&cg{cjhCX&{K`ofpRE0Qqb9a}<;fD&LMJ~R?X~=iR zN~r8NocX`iP4{X=tfwZAe>}O<{VwV^mbkb@WG5q?S2$<=AvtLx>h(p0u&|MziyMzH zeoR=~r%v~^C&cGF25GSOtQPHMNY>V-`q27EJ#f5k?)>Bg4q0jZP(5QV=imO8I~05Y zIOj8q!>Bvd^W3 zWk*277K_A+6@kQmZ)O|zVu7FgCw8IbcxqZ7$rzhk-imu4;zIhTft}|QE7m2I9G=_7 zJy1;6I&i6Vi`k##epYP#{kKCqj0?eCEdRQ|7GXSCvetA0ow(JWJ!eQwCF56L>}IbF z&z@Brdtj(ggMZ<_P6>$YRGVbpTSmI9B;p#(Y~0ebtE+9f77Qn9DP_grETg-aHT+)K z@~uWOGg;DU!|LdwUUNZ8Q#>0&KVEIIlz=o$DKVJ;*YiYuyl=U}1lvM42d~RnY_Wf% zPkVmHw}Vju+Ucd2{cNx#b$-j!Pb?d8`C!)6R%V3x0a6CzGm{?B75B ziUcKai_RixIzUMBIQM{XSFH>r`7tYwAprH41~7&_J8sE?Ri4Su6jKgH9pTDV2l^4L zI}G~$Y4n@B)X(U)zojJxUWVwzTLoy}%mzm9B5Du;#Lxb~F{j*m7rS$3!3z-7B73jL zEXd7nSK*vuRXm5lerL{ck@)y9a`*HIxx2o-vOTg)U;Nd!!i75B!*Tn4VI*&{%TAnB z!smb)6+ka1POADg5b0tz>wt0L;%=68vPJqL{Zeyz+sw`6CCTG^t&ck45A#xhCNr7- zcyxLHn=!_Nb&##M{xaz`gqT!!A|r^D7~lPFKMDz`H%b$&yt;v zXt(F;E7?gZ+0UT$noAUgkUNw|;3dko&x37ssY;IKIvUw2dC1%pwk72S4C#?hNkIqd zb%@JNlSaowEFQUUHJ6*v`{i+~aP{($GKx#YajR9n(vx)Lw-=9BnNad@k=2Ej+&ATq zHlHisYW;QL^}mCc7cj&hp?ZETFS*!uWtU1*IS&_eir^vqNwG+DK6~r8OSN4QmUnv{ z(HS_bV=v{ljXq*)ce@fjKdRXP!F<=>SH7vaNZf@yvz3EuReE(d{mQ6L?FD$`rqwP3 zVrRDpu+3D8JP`Gh4-wy5-&co9slCL`p5=pdw#oIj$j`dPd_M3aPsqREot}}$h&ZzS zvoJEV@MYKg>q08kOu^iWN^1wP$lS$1ODU-TGGzGK9ji;rFv>HDDNyHtew-iP6@t?ycHcgggNh6s0W2EwyPZw~6O)bKOl zWxyCnX!O$wkyo50FIimH!HMX_wbZ(HNU^gg+dRgb9t!yC+~XUi61@+@*LdLD*J?z{ z*$181m1w^`+_y-D6INBD76RYGMUhE89~Wj{%gs)eS1YCe(udJ$s&78x)QuCc4dml3 z@`f#A$~)9r6IDV7AfwmtWZwU5F$cNax_06*Tvy$vI7F z;FiF)Ls_JnLCZvA&e#B>D{N~*bO2nB98S&@E9wg)Ql77XrS#lvB*u04A{) zSh@HQQPzK>=RYCj`#XRnmbT%a;gimH)(_3F&Z#<|Cpa`7eEJZ03O+3?>wJ4Ri-*%G zLXvV+X{~5ORK*tUG+5OkK515cQFV`{?k&D@W(8s4PXGF|g7kBwrp}k4JuzsQP_xr) z15uMeWR(Ttwa9AE&YW*+$GJ|gr=MmI`qq#2f;B^bx>`Y4x4$~qbr3+U3MZ8N%f>T} z+aEUZ#9<%7Cs4eZM?|4<3cZWVvJpe%cP#uT68{ay1@ggjt(+$?MJ>Rs6Tb7b=&i@6 zgheSbG8$5Zoa5;W=|Hft+v~u`R%d{h$+7ZtV8ZA5dsib%+r6=aiM;%BYiC=mV=Ene zsSELe!{uXp0hDoTZd0T#hmIL|v&n2+2nPBp8#ImcRnxxbUM|1;x5jEN9`@!s#F4}` z02TVX_MX#Ct9^q|VkQaHFYw4H8QU)q18^=dSoFOA(s(H6k@{LcgDg>H<6ofPf1cQ@ z6Le!Yris@?_1&tEo)4HWJOWBAEO}cRQffb-9t9L)k{o&6>!viOk-n$m|Gr{jAQW^5 zYiSD$7dqbWf0~z8W~}H2oHul2_h~nA_%(5?Ljs-XIo|qIzOH$BRwI3JC4Q8YK(7!A zS&+U_HL}IXiZ6r5pZu;4CYnJR`3l#}!Tud8QAJX?FsMXHf;62w&O|velb$ODbrDOt z9xXcEY5gai|C`f0kN#;hkEec62NmP3pEn^R-#FF&6pzC?ieNkoe9u539RR3Fx*3=t zr9l^XktuZV9?ICM)AsiF;ij$!-p)qV5KG2=)78()Mtk7SX>VHfZ;pRiiigbO(AmZc$MDw)cmQ0Rq3m@SUy+_U}TGT{xA=>%tR6Ks}B<%h)%vg z0OwCJybiPEjEY(x8qNjtpu~z*KE=!b=YMh;_#S^q{WF!Uwjtur$Qu%^3@q#|)JD`t z&(b#}EHd15mO@mhDM1UH%r65Z(M;P1gBZe~-mGw<4iBI?UX)vqPW>MQSs|?w#AZ*9 z9%-E6AQd!P2Z=?`h8^Glb!j-F!Gie(W1#rgdCLTdc8Mt@)9FRn5uZ7QM;)?L#rO?G zJM^;PI)VYBzW=1>e?PW2q$oCi67J?^QPC@WaPS81;7lP{dUT3X#Mg`Im@0XfVAE(T z>T46pZ^TiYHU2#xR2fo#V4?}eGf^=PPu?RP;$T9Y4~3I;RxBJdnXY7SrcO8AI{toZ zMqRekj@s6!!X)yJTR51;LuC2pHwH3={Qn2a<8SEn{t1Qn0=jp??w?q+pnsN@sFvQp zf{RII7ELhlluZ)?n^9nTA%tbzu+t&BgUsvsy7sRB#v!*A2LI$@!|`zs8=@)GizAtd zw`d)z;|>_sHnimRP7KF={`~H4faqNo zWD0oyeE>xaM{o{m9Xdwrko?u`H!)g$Ar|3=*=@YCq5EN9fzR2oJXq~k{?A(aMNH)pv#E-2%tbmkl0gUeP#gY z5FCk_E^|P9M{}+0oG)`tx)G)eO&Bx05T{a)hoLgPeM3G7u)mAdUH2_q= zru}igh*HDisbo#C7Shwq61fghLbabVT20^PHd}3+F&kZ3L7t1FXorhg?*Q=hRZ1H{ z(|WS*L6aZ0vo8Nfcaeh+`0}!s@=aXN0~6-aFq0Fqv}y@8-J@9*z|vKtTKs?a`wvw3 z2KYId@O|(LDQS`j;PKa4XT{`nVCP%)MJt2)2OzWu(He`+n=Q=rTM}>Axfw+1kc9z# zQcO<^Db@9wR?dBiihy+c5bB@jFKU24*p|2WM!`ZU%r1xm1?@wsfxI|sx-p3mhKLS9 zqq#fHDN8cc>%VWI!FCO2W=KOrFY%NHgMnjZ4j#u;pmJnDKtXiT#$k(aGpKo*_6R z&JmFi!mEO8Q_|$%^sJvCvg~4j-}bei!)7^XK4W6-P}|f%M9d9LEFj`JhWP)sySsaE zTOPgi<&WH*wRRJ?7E}A7i}LuawFr%-h}PL#XpC@Q56L=sUhTdp=*KnX0o^UuljVv` zQK}i~MJ%&Aq)q_c{VUNzBIvP39X8ZJLT><~PGjG&6x-Cx{3{6!Ek-=%7No5}Td=xx@7MSit?t7`1zn=`Ib`uJG=eqDijP6ZAmj&}(#tgH9_C_=kP$>H^>K`W!j_%W!g}p&ulxB|&<>u;psX zNe6K(7{?~t27_tQENOCA?d|K!!-2xv?qaw@LihP6?f8p4%sT}za4E-w2oE`9s zLZx^b@$-u+_l(_0*e0M)@a>BQ#ll)qbN#MV8&+Tt_r%$_R7|;vM8)pqI!81|1IIT5 zh?k|6w5jvjDMO0F@G#+kM6xk15bZ0AUFTr)nIxw!c?V31UWmWio=|nt?O`s(O zZA(ekTXltrY3{S^@s@%E{O7d-km@RMade?%9?0_K-QGmFqGQaM+&}>`W(}bX`Ya ztfT7>QKh=LN9E84OF~Px=-{iMJ7?!7I=mrWo{se7H81;?lDZL& zuV%am^Scn=sp*xse%So9F@Z&k$+3${flT;0ZVvqWwovU+EWw(VZ{}Is%s>`#F&_Q3 z2x8zZVWaYYOS=!ts|DrwB@^z%gDP3f=r&@yhH?HHg|23&7#8k)3SQ_CJWaR#Vj~L+ zFEbg$fXEKHW7<8aI3M=V)LEq*7?@F4Q)yUV;(qms(;tA1w~ zvbI??C$xX-sAC;cE2GnFFG@wo^ZBmK#@x=*`otQT#bBm0hGDJjN^r|h@xU|_xuHen zyQEkxz=OcQYuiTbS#%??QfhAxPFDak+~qjvw^&_fkrp{ z;n>8_ia44uNEqJxdYs-zx@bV=m?7Dvb%aV?&G|KW0m1lKOq2;FR?wdT{$w=x0L}Yt zC3ee5Q(az~em2Fpb&N{4m8fz&Om@=A6F(~3;J%+95*9u8gY?fopk$sMl}9R>nf{;B$d~qtvT*QJ^LyUp zKCN+kKG^UB1p1n=P@?v;tGqPgMT$^Z=`Eqc)pYwe0xh$|FCudK22CSmST-N4I- zQ19XbTe@Y4L0h{d6_@EVqzL*IWD6%PvpzrdDN2xFk&h3|(feWCh>@~#z4VYPHZk@! zra^=>N29s56PkGpH9EO(^Q-gF9rdNTh01QUs1mOPcCQ&;?1f-J=gTvfvxW(yBU==S z@CKn>@IAbjfnOV{g9bHyNY_05hTgcVfA|b#-wPmR!1vSP4!PdiG@Oe|^mqE=Nj;LE zh(m#6Z@}?+Df2%p!73uH>kNRo$>AMofyo6e!u<;fRh+@s$qJPTWD42&q(C`y+dn6s zyzs>*1-=>_g?O4ax;}6l9l{l(k?_zL9L~3h-agH+LN;f=wN>+Ydy2qD^X}CJ`S;v~ z67d7QarAw<$dXtfLL84)GbG`UhmTuF7lLUq-7g-B_P%%K?uU>h7gaRyI+X2JcOSQY zujtimi*RE$_2Gbb3>+dt%v`vi^b=@goc`i?v*ZBF|2Y}y{PS2=Jb2vq^J}lzawP>H zyA?FRAtYsiN7TYdU(A@3*M=@kX(Af=9=db0u)N$|w9>Q&R_uqGSl$?1gtcSnfS9hc zjD#_hL~y87f3K+O#Oll%A;aM4DWO2XftOE*D=|%P-|{GX99$4?Um*V!%m6FRmZ^ns z&>~aa7sT|`a_zovlk3YGK8(a9koixrPZ*Xw_6gAJ$hQ5k3>3?+BbJu=_2AijMluNn zfDk1FvJC?;iwXgbl7gQ!W4ZM+GB#-RrVxaHVtX~lG8(Fqn(TrZrS{bmle4~oOEXn0 zY-JlE%D-?C;oeG+NlTkuTtQ0J$A|RmT4nHY=8{IDD9peDH@Emxbl~nHLiLDej8oU> zRxRjSW)mexs;CN952a>}r@XKTQ|EhzydyS~)k(5;Y$yF!~M{oz#Ym!>m z$SJCp78{^RA>5u<(}HAqOqBn(lCygNNva@V?SzDY6rXStdb{3{ckR^jM-`o_z@ zpaCpRQ$ecnFs?%y#RsT?FcC{ofdD%kS_<@i4h(`G%LXXBUF`yE)5zrdGSOw^pR5v& z@Smvm@7L&4L)pA9)<>UNR;xzp2yXqG4K2#T>pHCO=H>9B`IXSI*uUYKCISW^5!)e0 zBSih`OAbu#imeYBc^#0K&>FDha^!vG7Vuyjcfy= zoQ?H#_ja_|$~wrOU3JwoT`NF*S?U!87j`D|=E311Bn|jGrTA57ah*ST0BJwBc`d_p z^AUREaFv9vpUxU)|8p9)y+GhsfwPpUR6Sr@y$Woj0%Y#|9%A=mfgjSas0PgD$9dH# zU{^7j634wDp-63d1n5iB#@-tO6T0LR(>a~+5)oiMJW6FTDXyfJtRV~SEccJoF#0SutfG zqdC_*XS#?_yK8$yn5Y>^Uv22_Uy9cd_(*Nf~IMTp{;>*iP z(ctF{D(sxsH2u+fEyP>8)SF4P~h zEi!)yb>4ry+}n;XtT8yD>zD$O2TmijZT{i_)=Fs+7b`nE88IHzv8m^L0S~utA=7!g zbF!F4g!(M9jZ_xg;LUt;=gGwNSc~7I47YMB@qX54;mSwSerORnbbcEdg#=Gt)}pkI z&Ru9H8kakQ=4W{If9WlvD?XbR&hIxdbDX@2%vW>%sIOYwLr|A(@tO*T+(T^v@Bym; z|4OJa!y!~$s2W}8#K|SpJM@Ner4&Q!YUXKXXw#^*T*J*c+wisz^l@-pkO_Z`hhM_OBQO03V~lp=GPEYq#@fOZ7nR0?B%LXo>`;z z&y+Y{s83nH2XE1*?E#zqFi#D+i9o`X!El@Zt>J^xx&UhEGW0~oL-GPCW=>Uw|McR7@>@r{Z0 z87Bs>)&mTvRTluy z2BuL6m?F-$r)?MoPLV~-jhZyvBOe=}Nj-xd%ms0g zRbVlF=@+OEh-rirs_%+Oild|P;h(l3kz`yof2c79NlS>SiNW|B2Y1QuF9xB6Im>5J z#6jWTryU$o)Q-J*ne2 zGhqsqG(=RB*EeM~VVZ$Lj5;2MV}5?xrk8{03QdlY30L|Ba4I`>Ufo-sWZo4OM29aX zZRX|cNO0M9h=dfH*3|TCWlTjq%alXjUvOEZm@q~|8bo(<`rt~}+FJ4lmtV(Dx|J#K zG04<}1~@|_cP~0PIE-@r1tehedn!)y6UArT4pUpT;BAm+@G@6QKFsbWAQJ* z6V^vl(p6hZ+F%X@lnbdFoX!ZyMp8_fypefjCXz9qG_s?hR!}5fFeT&QEL^|F*)wTTNfu0GepiLGrGNJFN%>GC8B$(5Z^rfJ|3#UHK53lJ}<) zAFY85ZqYhVi}Ydt!O*$d!TkyIwMPWJwS6bM<-s-MQ2@Bl8XqW2NXUA z?Y&8}E%H3>xB3O#ftbFl@p(VHeb|~AVcoOn_Y8|dT6injQGiE2sq82_QFbVcE8Q$? zv4~nOPOG85q7KKmujyqpKOm6i2;x%Qb`;RIQS}a7Y5%diDyk zvJzfkg;bO8_Zr!4z-{yjuMZry8~-215ePGc_rHAAZGWd$r%_hCR#Z~RlD}%9vx>az zyStz)6aQJayN%XOUm#W(?^^Luzr0&87>&LK=*fl*B_nuE7}OPNiH29T^6LdGPCf!B z-l@Hv*-&;erM-44HXUJvbXWb~@Ar@DNt-k^4LL9K#-Y0l4^i++GFQ_o$6#hDD;&^r z&Q`B(kc0Q9Dki`XrQT18@DRt&pT4=}W?hK+D3T`a)5{8?uVH_GAY$A+pPm|aCJ%Z^ zqX|}_|Ia}GKikY#x$UYPs#?}xN2K|jajFC`BJNGT)9QxsI(EeGL2H!(b7LkYl{UW4O%NJD-nM&$ zmPp`kkfpna3kIblMw}ydM%lHN{LdPi>KFC+;bT+~o7?@|P5T$~W1_d?i;jSE9Qfke zp4}z8_ZhbXjGsHanqW-yej_9LN}k>G;R`DZ#SA5ZF>>6-lj<-1pjWV^Lbz1dbG7sW zXllwl$PcHS%x16OxO;j_DMdb@2EMrS$(%SNbA`3zos@}-W*`}@YvxThdQqYzXtBsLxPy!46TJ z@D&IU%{OxYAR)=qa?Kr$?&y2!kYlg_BkzV`K?&794p71QB=&0e^H-n0rn>rEpV8ZQ zR#?1l;(9x9lN#=Bp0Qq3{vNy;gZ2N^x7viv%6gFPiRK)T{?dAau~$}|=}KkGNtPoR zcy;d?hI%)36g|o9@x1Z&@WFhFS{947YvS@U|G#ym-c`P?q|~$+%XFaZ7os;K=a;rl zUWh2nWLAArQGG)sl(Q^Srl{`KpgFN!{qcTVR3(a-Y7|jYuPO>EfR1<6rFg$_(tKVyF1ou@4~q^?VvI(z+KBGE_jN;2c5LB=HVoa?m<{e_%%*kuF4PM zrB-P7N9h#Bra`=5Yx+S`UZ5+lZVS3p3n^#61c^|oDhyDmPE2>X0$2u~1^SNwz`lmQx3w3|;D{lwy2;zRgP860Mgy!woS(!ZVa@r7DLV%m8 zEs3pYLN>IO<4D2VCmH2ZpSvdx^Nw^`%eZ(zI2D%0WxR)OA$;@oi$Xe^OSq8$iF;Qy5tj8UCG zA{1)2tqvr7>kWgk4Bud7J1(f?eVs=T${XJmmD==zur~)IP$@{0>=-PfOFYn zf{mok{68IU5EM{3T_2Q1mA^l{UPC1%YgSz3cHM7ZFOR~kD%?BKrFM@`H+4!v-18!q zEtM~X$La9huzvI$s2tmIAM%BbmM`-2`j;*>Z^g*5!AnJx2+|Ex=}kr3U+q%Re?@P0 z>G5h^VG|PS^F^XVkcqTO3SNyXPcsguw^r>Lfd|`d`gk;;*K1#$YMOUknM`!LBi^N} zmPc~XxY*u=rR8QeZ@}gYds};ml*hVMxBgVE8_c9AYjZg`=6bz9nJ{d*XpnRO^z_~@ zjWa1QlZf!;1TkcGIS5xjo}TRdC1P{*bV1bvi^kJw_<@NR3gbOsz|;6Wdr~ia82HTG zfKN*+E3_GG5*%ZHa&&QDV;NGJBLuwr+p%a!jsatQ?KydJ%al)lfKmgkGr*mz3l6{Y z&*YI1BxWssmvH*Fx7($=`2D=q&d{xee$XhOkXVu9=7z1Y1!)9b zfRv6*hn%GmF9dLV247W)md^$zc_IBjFZQbix%l?O&c- z#Rbd1fqj4cXU<%;6b);hn^w_8LoB#jK}S13d9=HX8+6WuH|@1Z(eQamT_yhlrq<44 z9|kDs1lvpxVT6U7FBpltwyIYYkgAQdnTVH9fpf>V4{ng{5VB&Mk{_E0GIB~0kw}nb zGlVz<5QV>C`%u6G$Ohyb1QN6~>_`a-SX5$x5W!vG-M0^w9uWH> z7Nz$kP&H2X9fU!QkBx_i<}ihcRtBpJnXk3)uMI)2#@sz{bp1Cy0AHeW)Be&;`-pHd zb~NvQ_v4iC)4)!-h$ut8Ed2L;9dnVaTy$Tm`*N zQ07V83iYAMS4kP4{>{49=4Q-D?nYep5M;g5#x>0|%CA{o5D%_jo_W@|y52Gj%XUTvBxJJn!oyqf&b^NV0D-DxK zb~>*$v6IBN{O3!%SBkEx=^0@yRoq(ji@%<*QtKSdpzjxoIQAnN?WaRgB-qGc-C8(1 zp~Krx*9z7YF2;Z|CCk`&Evi$GOS016KVX-e*qOt@HpBvSgAzwg&h{?5A{>Wy6n~9p zH6mQ#ASWfy-t@J~xyj)JV1r?=Kr|j&S=?$oXcKa3z>3f7=Az5!ex4p8m|6~X7G}VB3VIC@Qfn!Na#Hh}qUht%4%Az^ z4Lt%>ut$AAIYUeq!?el<_2Knh$Z~veaq6?if5$_7-vV}s1b+F(eX5Z=>x281eF*Uw zixxw63sq^3E@yc`9tdj4uopp&>z_LmHFnk@sxk5`RW==B(=Tm5qR5f;L@Fj^A7XC% zJxRHN_WPc4ujW!ChVFuM6d>lowepDRuYaGX;jzp)5;gLmkmf9n4j$BRDSUJBZ4;>RX3F(_}f7LhHvi&H>!z%%I=$@Lxic zPKYxQnza!P)n`x6tx1TS`!REH&!QA;E=U855}5AgRi9(dzAe0$&+S>6arG#J2l9$A1r{-p^oTD#?{1%Hf8Xndx!_OBYe_60O+? z0)%*Vl$YyiKf%5auo>b+!F_=tE6=TrsTY@&Rm~HJ;I^}zlrG;|WFc_QbEV0aq(L{F zObo5{Aj{~FAN4o3v#byV&_(a|y{PbmA#eL&>Jdd2QV<RXVn|d+3Lm_a+(bi9z539|XW{|h}=;_=m<))rxeD5V@#B|!GW1~av z(Ka|v!^nbmP_n+QY|+19xXYrsHUKHY--)EKwI?FN$KjiQro*zv37CqSMd*pN1{GzA zwyVO(s&)G1MUF!(QY~ibe@`=Z2pr#?;jqWYT7wfc15S|_p^>@aXa%5@;CKC6lvqcA zn+1l9Q~ZsNz}JQk0wjDfpsSthM)u4j{i3S&Pk0)J6XIj9Jp zGPyyvB3KWs$~k{prj4ViX@>f=K!R#@5Nj*l3X)k!p&v}ZgHgBbqd3jU?cQ2;SIa|z z>su1;KrEJS6(D9*$;2OOXz?G+n%Z+&)XV;)gao1Aq+k9&z1`0{&vVW{NS!8@1~ng(3-%5(dGH1 zs1>4?$4@B_fl($F=BjeQ#Tm**oD4%%YUv54&%#d?*iF6c0EPJ{5ln$YKiN$Jj4i9ITl<0rR2Hv zDJ2B;-N7~@^Utz<;SdtLtF~pMkm(0bR?kKrF3nX95HvXtkwgB&A;;_Sl4)etNUj+W zrC$wgiAgG=0>5!jkDS+Va28#xgT;x8DfA(MOWBj_+UWVF1&5gkV>XKM!gyeSX|<@2 z1v_IzQSUFJG+muc65_x*738tHr@ESy<~~>g>(4OSDvsaDy4*e2k2}9%+8_u;az4y5Y5&h6O`nDZ`}<%aVV^$kR4I zp8~GDatuKJv$KY2L?Gnrwo^zkkCAN~WZ#wnCFSUd-!Swo_Pra52wpltyE9> z-=c7PLzH6UX;RI2$@~@={#Gnb%d+|E6r;qG_p1gQt&tw9n~IW&^LBk&I0|JRh1CGm z`SQ@|=h=h`9WD7}BY!zJ@;0NH+jEmxJCf+ZFxvUouMN8Sh|sI51Gv{!=2o#pI2gh>2SIk^>LO$OcjH)blihS5x62N__~sn*KD2^qS$g;qaf> z?xr#)HkHPr7Y`ZiW%^5A;duGAC@)OI8yI>6V*G&Vm!^GyDxg*X^hLLRxA?Yt(p-M%Y9nBn=UvW*_M0}d4pq1Wvr zqFwq8&!?Bp(5wEy%5i2m5^GLs60q?B(4 z4Y%6Y3FGAILFT^QuPp2OAt-!m_q>OKJ4UAXLaDZY#^(L_R9ivTG&TG1Xb<~3>OHZZ zdKp{AW1D=}lb9+U?C_VZ)@j_5MY$yc0YH4(FT zi! zt8}1=#On9bnz;8RO-I1Pr5^E!Wr`uwdZ%tk-XCX);ZumbzE7XZT{jGQ&{x0nSr0lu@2lcP8KNqA@wUQA z!=J4E9-<%+yHHTG+z9355xZIx=#@R{wH1QznT}_Z(%HEiUiMW}n6N zg_i6`f}P#jm}uM}tmX!AW=R+sk4ZaTc!qdDCHq`{o^ilrPT5Xr0ZM-XY-Av#E#|pK zpnDek+c*_8HKgH~2gyt8ZsUdSC?4&v>JB28T8PyFdjVvXwhnxcJH95=@`Z65!T!>U zkxP;pw}h7K^RYI6%D_Y-=li-X!VZi#Mq^SMm`9b3;u z&uPWJlQ%*mSH3huP|FtDJL4>T&%Uh|%X&w&xR*IQN0h5Uh7xA~;bFKy_mXkhJES_Q z^K0LVuE$4lAS9|I`C6%#HQ3jG8YB z!N2Vuxrwf8Vhf81g9w%69>iK*Y05Zmf^@B2l7sdOgo36NKxtd|v;UwKT*>le zYeY8a)Kx~60oLQ^3YN(9k7a}*psZHOkDLnvc@r<8QZ>P z(rk{fi-e@pAwF?^oZsb9eh#WOLSnJd=y& z2kk?5oB;v>Z%@Tb=B2R@1=Am_oDSh3Bu6p8$SFvToHv?($e50K_rJoPzAA3vE}SJM zB&o1r8~!$4AlOl`*()34xEe5X+rKs}Hpoi8oMQ#gVTa*^ZD?=IHfI3|Ju#5nC}t-< zbQZ!=^8YpW)n9QfO|-#na1Ty`Yl3?S5Rza?kim5r2n_Bn1A}{lI|&eUaCdiicZb0t z*yG;&z4te~^V3p>?>3 zrjlWOB>HGwD{$&gON4#Wc>9-dvkvk>AOASIGNj6Dc5yzLt_aP;b`iRzWUg37nMMhR zmwh8(doK$<+J9t#*c9PUll!uU9!8?sz{AS@cT1=e{W>O~&zD7o#8Lyqc?KBQ06Y}b#{uuc zxNG5r#{%&;f0pH*B!|1W48Q(!EJ&4P(O^-;(-Bj_ zgo`^4xh${-7^%E^);Dpq=Z#rTh4Rh9@Z`cA{2ePk_c#xAcFmoSVa~mJBotqwv^}NX{q*%jf0fCKFOgIWq-4?i3qJM-)JdFLws@~7XZ$e|+>jA^E+1V=VByp6l z$XX1=%qa0VDU92Rl@af&vByPuR}TXuvr*%s%kX?RypCy_{VGoD6BAJ>7Ch?45-?)@ zJo{c8qFcz76{KY32fy{x${cwjD{I5_C+y|3g6H?LcSnO{$oh(67T|kl3|vJFlUi}` zON1}-+}qA-RLy<}$r*rHjxnW{e%yg0?(3>Kjt%I|xbqRoS*lgNMcLsS>IeR{K|e@# z@8n$1=0oc)q{BpIKR1OG>*AY1O!5TF8eD!gvFwN2H$M6dtn##pq5qelTJn>jRiKfo zC82D?>%+WkdTFyV4wCVDFu;xH*YP*5r+pTj?H`})pbfs}s~FtI|8enZDsuvyrbTxd z!Qze3#%N$E?6t;~ss14U2}pJtdl?hLpp>IR30m5HZSDe) zv-Bs)*mPv3l=xU-Q^}gVI9`3#YxNA|w|>=8k=qlWDDa>~R~Cx_{EP_8>IHpd5tRPM zF`p6M$E*}9uPqX*IF57kOWTnZ!mKe!F0w>~LVRWjvG+E0qdaz2uOr2hby_nre>;(w z-33Bx1Xsz~U6i1Hqxtr_D<1!E*#y9!?EOw~=1-GL#wR4Ulwst%ou`#$H;JB@MYrbq z22T&y6RtI+c7oSySpK}I5}2b%uQ5kkJ=#6m$D$?%ZHt`wV>QTYT62 z)+R(ekYDZ5a$hwkY2nI55Q-!VM_yeg;rAUEJzx9jtu;7vNq+GZ*=XMSMa&*bw;b&S zXGDca)jS>#zO~x##2++nvaZ_jJu}6>5Vf*DHp8&|=`q(?P`%+zO@y~2@&R~yKdq=6 zAWJM2<9_ctW4(wELV2RgJiL4);3+?Qc{wx7Fkz}!Z=I4N0=nkr)q78#-rgovU|1&r zgI}<5N9av0S>rGI5Xyk4DBbV+RVOvl2uVid8$Z~_1Tt`tzDZkw zfW6Gr1*?-kI5h9OzKO*wygc6>^_5!`X6XD2PkjWci%P%Ws71 z^Q89d7ce{QO;TF`z`c%cJlM-pE)Xs3gE;a{`s zjI^LkmhHcl9n0YFwg?IG>({_~n)x2=5qv0^tvUmu@Ts+S_9ng3FY-UEK`7(L9kuaM zHt_YIr!H{4eOaE@YgVMCKNBDhFSqR_zcc*VRs8uXD6C%`Q5Jd14KKYsXoCP*(F<1uUM!^}&op#h0@xgBr!h$^80UM)b z4txU+wl~{>`SiFJ%Rd?>;^3kj$x$9Nv){HGDV@LI6!M|tq(R`=+>yJy^_*v19-Z~C zMF;TMuZ&7jgO1wel4`#+q764|zxVz^7&DeCjPs-7C$e0{VC&<0aM6QtLE z_X_m6O@lso=7p5@%6RagM)hh3XzY{VeXLhPSRjQYQJnmXfLD^;YN|}1KKbVy=p;nt zwIh1XTjYa!{f#-xa}O|0TltmVgwJkV2Cvm&ax+5M%8OFCuk>C?zVMBzUL1Oj)?6)XGZA_oJWK;oeRmp#e3C=t7RikFia0N|YC2B$5 zS7hV0a6&o@CMLVIz4S|g0Ku-R_EQFZJXA4e(E>^cp;1j~ffq@0h4>4-!3lkQ5rN5rN!TBeF@>bJzbdML}1M_x?@kOO>CXMS<)w5G;LtiCo08Bh}Cm* zlqo_4rQ(#;)N&SZvNbc-!mGx<5n#Py?C9cH#~wPSp$R0Ni`hlzcTx?H{*cf$5QGx8 zMl8N@+^y_vdwOLu;wr-OMNWK;iV|XQ1qi%9e{Z3O(`I-BW zhL$Ex&o62QY-HtKnN7c_HK%5{iwy`F*rnA9D73^`;@bKmkS!`tX1H*A6J7MOww5>6 z;v;WaJ{aVTE2*0#?j(%c4{6&+K~QC4Zb{?PT(6G*ouBV#<&4A}E^0u+D4k++#v-e{ z08|2HY9?H&J*c^hxmB+81H5G-xr>5O;$&X&rPx|J=hKg2SjCd~T)frII1IF2VrY&c z%}|{d;>Q(o(XgIQcy9n&>)rH9qy+J;N42$OiLpsDtBuKXz}9%kwA3e79CPTni%XiX z+wyF43x{_uTH}C!&B(XcpdJZ^i8DH5%lJMIE>BxqV)$#&tl^6rf_wxPD}4$R)JFo> zXEK<7RzSR>q8io4pg=ak$l}xa;yAkQiq>&{uU|dkf`~9axmn(7|5g9(8Od&#Vo{wq zrhzvizxYgeP&vX5U9JPii%%@finrY(raXk-qVaN?GQ)y^jI zY3|NU<)D7`RDWz)<_f~Yc(MR0ql)3W!SfT1Zwz^X!G1EmM(z3GUmr*1PgicEBMV-k zgu0N^8k7QH-)^4e!!Y1ynmDOR`y$$&fOyg^m&m~ms-6B3r;#?EmPcbd1RkVdkf(_s zJ%i^`sYu)(Cns(|AqQU4ytUTPd%>!GGTwmjHYrH|ivP?lIFoliVW@sblG@@iz6X~M zc+C-63usuvDOG_CU-GwYF4kX5J`hYZ-N{rOte#B|Z^-K)=0g;_6#c_gR_eaRp@k{0 zc-$TnDLS(yPhb`E;SGkRYB+3+eUl1zwv^-YvNiq1#Z`kO=_8r3iyPR)5mg%B)semZ z_^cafWIvyE>mup5^z&1Qz!E~r=Rx1@JtKrlpH5sAl`tlbU37I`7T@u?Fr&0ME!O42 zRiAy(^7!v+7m?yc&sE7`t3uaU-H^-L8A3$0N=DGTBh-LaZ`u%~zmapqwhN>Y0;hNQ zO*aOZ0N29OLMkU6g`3acq(Y=h`e|KVj*UF@uqRUwt3@5%z3i|;ctw~**cnMgsjKUc z-D<~uBzw1Dhv}|r47$t9MW0S(3>M3#BD6GgMNBh*_M>LrKxX5>;b{YWeoiOoter zxAWLJNl^6p^iwRl4VU+gflo6Uv0f~RHrC3+e&N)Z{_KR5=)4OJ7@ewM4@5kP7EOcA z+4QEmp+23Zj8Jm%Wh7r3+{E_6v4ir)Fqdbsq*e8r*6Y%qW_hn!;>?gJU6MLw$rgqC zLJySiF4o_ch=F00;nSEY`D*`17B#C_nbY=A1sC8>x8cg*Ro=;9yRclp#i1WQy8Fom zZrk5Q)`lXPH;EdK+Ts0}N`94{~!J3d#Q)F2gV;B&ia?IJ{-oa{#5Yiq1F@~Q(Y~%Jt>f&X7mmtm)x5bKWAIJ$;)mJ_5kIv7sFmx} zID6w4H%C`6@^;{-Q9XNahhsd@z_lD*AWj&{G-#wY>F&1&loF}PFz%Lbx2{H=Tpcb> zZ6qlI#|nlB)v;$XN`V0$nV<@~WP$*2I)6KskOJrLUTScb77*`jMa7J#?h*T2TJW%mPKScB(y+ zqUW98Up%hkWaoOdjJ_I;HPITw2jeC{2?7lsK>8o8Oni zocFhPI&g6z{W0RT*|4afg#n|fE{v9YPu$%4*YdVxx_@s5;4-mF#Egt#=G%@b z5J?NIkp3dAS+{3W4zj-`Y5vx8@tTu>8d`3(AKM-6i<}gPf;RyB`M|d4o|@;UKYh_O zCjb!>o=4F;Hx%un|DXX69kJa&zE{>)l5Eq23N3}$ntLA{|NgA$QfB7xodDcTt?yci zu8_k-;dn70R%H}CqEr$dhv=&aq|QSoJd==);oWiVsK9Rt$N}!Z@?=(&@b*4Gb*PmT za>=>HbhJRv5F8omme(|JC(cN`Nq8A3&RQ`Og`q+Ci3<@<>1$B^AaI4ITX-yFGc+BOqB~pNgF_Fo$szZV=u(IZXO2%9lc>>=ADnCy`>HYXYf}h zGfr`b+s{UgNM2)gkevn;nTP9<8B%Ge7t%55>>wcYa8P0y`>qFOQzO)hnb6jd+2Bt! zV$cMr$bsH`V@)n_j}&xiZEnkYOtIo+TBJ$;1~}+HSCWBZx+d=j-l}uC+#R3HJ7sp2!Qe-hCelafGe;-A&u?9q#7SblPQ zsxt*!L&&x!^VM{t%Ny!!5GJs9AZj~=Fg~n}HWk*DN#=`fuM!4jb5e`9XA z#0L|ntYBNaq71Ix6&~lm`^?sG3W*S}7Ca3e1erp@`m(D(&iZ}EC<|@DwOsK!JZ8ij zisFW||FZ?4p6)<1GHvu^$y#&;o#ZaUm9`I}vw~I1mC6fWPO4#yQ-Q<~bFZnLgN_}g zN#J|UYI9lno)2KwuWpK5{2?$uZkgcshOn(_dFJ`7Zl;vMy1Ake5DnBz_ z)s(+cmoMq;TF0WsiX8!$&xGokkmH_Uo17S1Bx5acL-GHP0y=Q@>bc{w_?Kv-27F^> zj7u@Z0(3Y%Yg-&*14d9k94$>{6ytRyCnqlur`XmOFRGFBmKbL0Oux23lG|S*O)%qO ztZ>EEclk^82P z-M`&ZepAZcJ3RP)n?5Ia%VjSA1sOG7>q*M~apw9y+3d3St>XhBg)#fIu8j|xrd!AZ z%Xmz%gRouMkFt*{kP;Jpo-b*AXSun7U0apaX+dswZRG{hwCm5&;0KAD4ymyG+#2{g z$ziSMvs@1{Ohmn`8GRn7Q+63Ceb0?S2R)$SuGN3#h9qlQl;TdoQRTH)yoQ$L`{wfM z-6eeyi?EaiH{*d4;Hw>eTl0LwB=8qP!1o>}VuiCR^xN zb~uTDvq0beMpbRA>K}x{-&GG0cZvJz>}eBZYT86YnAF9i#OE*b$`It5KeOSFv4J!~ zt=wT0S434MC?e+4361omo62|BFY}wlOpGG(V z!b%YaFZ-;`v)}qBnx`5_XqaW(9fQsV4*9P>L1|`)XBEQbSA&d82~%1V@kz=;yU6hT z({{NIB7Yuh@&;;fa5CnQrZ+A%3`~Zwlif3!ZQWzp1WHs}oNm;qtH-F*oT1kxb9-a8 zTK`_4jxNpasm}6yH(j&O2nnmpxK7@}@mzhEo$H5^ZJ@aPVj;w3@NXECCO*!%ey={P z>8?Lpgu26o&3UD`m1=beUXuBApAsO>q_g1aVVv~yoz;K-oO}~A-9}%E@wu-wH8qT- zjEk({&pA_D8Iq8(k&m{Gcf!JS0Ka`&j{4Kz1*bwfhaID8y|8jboGgp1tVsftha-Dm zSx~KG4>Y5#PCPMT48=9CDZCdw&FnF%`=(2u`nsX2)SUUsa95O$70J%sGX~#z{C-(V z=P9b?>#SvWzxtAGIVo_|L2~77#;sqan8{Iw((6F0>?jdRfJj>7^=FTJWSHJ>2A zi67Gm$cb&RB_DM+UMZuxwv@$>Vgx6oZdoT#kz)(EGBtiYWG`1nG&I%{tdo|BQ6Kj* z&Purp@oDBup9iK2Xh6If4 zkbYn?Z9S|M?k!)dd9D3xJopBn`6GjLeJtx3@cHxS0Plp{WLk=ZM3Q~MtfHh(Nw>T_ zd{})iy=7AFuYP5*Df^%fva$9nM#5l4e>-xXo2Y?{JdSrVIXUfFS^dihVa+dzbX41c zA6NBT=-ls@11>ldV+i_Y=s?%*afPL=#dCL~#Ui?x6~W=TNk6^<9M0c9z|fUkTxHcL zF6i~@n|Rqp1v@wVIETs?w@+)E^lLEc)rPk4gCO9j=KzcHP=gf15lxxw-wIhADHMLG^m!MTFCw6fM^-`>qrT9V=)#333b2dbCs$6N3{Hz{5p z^}PI>S1$Ugk+e_~?<)>`vdx_yIaC>xwUy@*vWjyDdk3T1l`XuGfTaqtl$;}8E(xaD zNkb!(r}0_0#PsAJBy?DItoRMF-Wemr8S%J$amD}{KfxffG*8TJ^6ge$I?1wHLrq!7 zU|`U$x2)?kD*~>ZOUDlxk-E7(UN%8d_C3~AgOt+#uz+Vmaqm35xg-6Us3gt>MxL+} zVfXjOM$%u6zP-ns9LtuXSbu_rry?g((^>Dc$9at#ZV1iJ;)eGAyIJQpy2(DW3`Y^f z;L2e^(@X}ew%SI?(xpx_>C(+>G0l3c(f{C?s}5dy5F@&~=5cCvR!4kpZ{M%b%y?NTaP7SK6m(?66O<}oO7cD%kQTL zqt1%GU7A_JNZ9$imQ@>EKB0#QGq^tzqjG?sI5*V(EG#HkVwUzSCv-_B4Qlbacyqu0 z@bgcxT&<)VNB5-B-&5iyA+fd1{WIur#b~kEK`CxW)h*ksQ(*(67?G%MR>H|p`?J)* zaLSC4el|zhFC(;Ehny_`K5x8q;r1=JOcsTN?h^sZ$95}lMzPZnF0fQ6P z&dnC`!m^D%e>!OIXQbBAgoP2;tS@FE`ft|fh=eNTXw$V)eUli#TXPMz-|d_)`*sim zJH(WIl(uWPME4sI>GW%unc9j! zUDLg-g*B0N>Bvv!yR0-Wm0_FCFppcs|8|m;8a~E~-!kst>Jn-k|8JUYi~XqL+L{OxYWbq#EVY+CcM@y9){T7f_PAZEw;llGoMd(u}Hud~I!G zNAmU(h_0Ul-`vEF99Po%P0?%^_?%*H|5fX9EdL#W!iq<^ zop!K5+k$))OQJQ4Cq&i|M~t(!Km1-tP#Gx<{8_)CU|ndc+176@tET>R*75lBs3MS% zm$M1pT#h>J3~2T&!!$`uxl zWr*-!2WEEe{9*HptBduWaT)PvBPM*hk@oRf&sl*oVW~xYc@{D7JTeZ^eVvlf+Wmt<>=K@UOwXrxL9YYpB=Hkqr80s<&(0bsudxj) zX%D-Omwbv&%K!YSXMT0?Y;yCX6sOWfUntTouhvzH$5n&pBd&mIOl35x=7OW?&KPq*i)nV^mp zkw=1b?sxfeL%n4~LAXhja4%P<>QWm0eS^OjOKgddkFhTS_`s_6z~2#Vmbjzfia*Qd znr>&~-P`Dm(`tjud$E)DX5NiC$f0?ewQhzbrC5x58MOMo5>9(qTQs)cZwlBI6uX$~ z##aY(j$p5e&seQn-j>-Fo?;%RYm23v1bo{Zi|E1O<#>HFypLgPW&}2N1f&a7+rVgG z6_$KK_e21R=`u+-V)TLXHnRC{7Q)6?vw_uOgY{w#wtxHWg1vLq76S%e9aSmStf`$~ zeQIa=#vRUel{y$y{wu_VWVvSjSzlf8pXkY^Rfi%bhTK%s$7K61H1)mqA8;`HN}baailBdH>)T8Y@|k5lyz6!pknZ@Tyn z7Hn7bch05-8{G;3dt}|T*3X+n5B$hgFvUr_yvr0g!o$<1Kt5t%UIfchzRSuLv-R3c zF3BfI(opr{ZTMwjxQBH=H6j%Nd^w=Vg}1EjUCrxCsoz|2b&FBK+hvtd=_>qCkzs?c z@9PQ;{#wk~@J#s#GN7Nl%zO^RaE=g*b2t?T2Z-?)exM^ms+M-0`z^A#&tH;o{Obi$ zQVl&ix5_4fjh=aM7+&C^0%RIOgn5kpV{`QwLuGaPz0FCha4KaZ^Q_lKo|0tz+uW>l1K*gMiDk$$Kz{P>2#r zPd3+6cb)}~O0j=fN(%gXcqk$bcQ!S_zVEd=-U*OWEH`7eNKk| z0P>-f=M(t-TE=SBnUh5ImH!$bRKz$$|-d7sZ7?RV1`Q>m_2L1AsGfFszeRH!B+=;myuTN|l!tt(xQA_*X z-)mrrPc4pXdH_BI)ixU0@xEe{jE-8&-40}{W4gR#F*J4JD&pcXJddbLJ?@>HSB*eu zYT0SO2RKsot`OR~KDf!tAy>{hMNOdG!Zqy7#`&FS+-24yrv+NKySvZY)pkMWo^UPh z?C~=dfvVQrzb_LBXe_+?#)-ARExk~gp^XAuOQ(hqopP}RbF zG!^|(aEaWAAm#>ziU}eMTJOmmLc>+#4%fF-l`@S1QZjRccHklF7qktWo&1h%~zU-dpL3~#7ZY$$JK%+7=z_9kjAC-nR*b*_Plz*NX z<+)CEaL6CG9K2Ssp7wKI#(l+1(HV)~VSYcw9Mt`*{l~A5OOu8W3$U>oFX)8xF;I$_ zM1Cd%F>wc7RZ3hlS*83 z-@)GAsMYuC7{BNL`M{nrH1qrWv|~%36EOV{(t6h<@oEAG@j=ETk18S>;D@5jX z^#V=wNai5(nz0Ok+Bq2gs2n?HZ?4#8t}T~gqhhun?}|cHY00l*bpm|=J4HXD<_lzY2N(yQ=J)QPQg!J z@dZbmOLsvm1O@43j9q|TmsrXY;`NUd!`Ib;1?>C)S(*6!xnB^n4~Dt=GP;z@Xk$i# zSX64DLg|oF$zYW?p7FvL!Nuym2^^InBUJi=acFlh=~GU_akB+z>~A7sm}a%fI#Z(g z1s{C{p3}opD1Al=UHk5?s=ej7p~-?lP!>DqJe@|LFJOoK=qWPG?ostYOLAvXd_bpM!jc3Z7wO{HMB$LqR^^sGBOr`E^V zw7!075$<&t7BYVo$;v1Zo0Q+iju!bU8Qx#4lgsH6CeHJ>P1Y8G6XBaBEou3Ad&yar z*p(oW0dHqu1dCL&5qzz3yThd4UeaS-!3!@{$B2?;LDn-t%g)H>N1+V1sS@;4JJC|?2Uc;fi*7TcPiP0U;bF>^;i(B?bSLdJm$KNe(KB#~^= z!mNj5!hGX0;2e7^)N6+oq$9_LQ)rvf5OoC)Eo#pC%AqJW$4U|JJ;&vJaOJXE5uiRN z8tyAFOzNR^Y(2X`YkNJK{f3}c@;{_l^5**;l+m6{ZnGxj-P;e3>zZ9F*f@H~&ErBC z3^;evZ#?~b8sCu+Ym#!wn)bGSIJmWb<8sYVSixcQQ=)vc~uY&R{py)c5b&3Nb`>xi$KZVNE8et8x%Wcs@h=1_K^PbAZJZiiRxMC@CXc7!`Wb z5AxAkb6o*euJ2Z4LVKlXWHpEn!_<+Gf6hMFB?v)IKgX~1 zT+bLjC%s2na9mbfSH31)+RR85e?J*eYaoJsjM1E(-f)bTckRwrb)IyHIENs zzHxrr#WxJPKS%VaKdC@(-$TI))>vM4x%KyK&{~%Qc z)c@gD&job`ls2?6K0VKrxc_e;_X4Negmpoxy1JYWMOXig=(z@Q_&MfsR@T=~Z!epF z^}lgu2tWUO#NoMP>*>CsS2*$e+v1&-fIcA~V1yL;^q@gW)k%-2&`zQJU8JNTv9s^A z!@u)`xz4pZ^qeeM-Q3z*c-Gs^-cznwK)Z$#U^Yo+%pCcz5MoQvj$|BLw+RU=>BW=o zI(nHf;Rwy2x_avKL}lix_s`oN6d;oh-Ato+@hGc$^71N9V~xS0I!bo+>A_Sj8{y*m zJSW>JPXE2m|K_XfdGLLUNYeMdSPmk=bSq1#8Po}rhvc<@-k9Wq_Y-^Lq+*I(Qeu-s zj)iB<)P19-pX@($49ASsUts3v*XObmeAg688=X|&1%&nv4f`q&MT!zMgo)KQmS8(g z0#t&ogV3?p7r%@Z{U~CK+})Jnm0%bIyS#g43tSi#AoNsU@@))vB7T7P6F%Mg@lSZM zvXH~v)fxsnC2@gwhCLzFDN2FLj&ljB>zRzGO7(YL%rdfW zdNcIMjoGU_&U=g8ER!V8jyGu;IR9IUmKV=U@r1ZrX)lV66WS44vwyn80VZ;qI=*;; zk^V_mTCKF*fn~toky2Em4eJvYZ|BY%T(p-Aa~m8AaM2-4pi(d`YbfB=hH6EWP)86C ztpGScrZ0<`hTY$^%gu-z*CLlZKI6#k_VJab55Ewf2wpPG+TGvCc`YV;QEhjMr0>{Y zNrDf>>i3r_vCe4NYVS?+Z*p79az3Fug77fF2Wwb!aOZgWw?q;efIuf`$Tud0^0%qH zp*}dfXTzV3iDl&h@yfOM&*2x*b?0(bhfZ<>Uj>JzGG#H@b|Gl_>Sn*iKp80UXA1fD z7(=X$?!3{g-GjEAHxXzJI3?b^8jN5~Opi;*_=)UQFN38N0CcyZQ^JP!&IJ#xcwwad zYq0(|4F7!pK`l=hv+hrQ9eR{w;549b>nP!e-CMIOFP zowO3n@3q&qqe<1#KcGtY%kcbL$v%dkV;{Nn%&C2sXGVTk+TJ;<=IUT^CuHD*mnVNW zuN?ob>mq(KBXCK`M#)Az0J>wT^vQqu0v2?z!8^pUppNofe{p}Y#j~1sVhy-*Ztq~r zYO_m1Jl;S~ni_0Pol(JoDbnB7ZQVAq5}P;dC(7V(L)QX_dtl2Wscr_%QL`g9%uW4M zgn!dH{=xup<|h0g9VC3Y8Fnr7VRiNF?_!z*uP)!`e^J`I=(?JXk4r-!1sMUN~<8)>%C@2;fI^F^Dbpp5j-x5XGvhYk0;?1 zF5r_?Hox`nj>-ocMc{2vE^sH^nHCZp*79k&b#8SUI@bW}(E?f5c#d6t$ z9Ehu#>waZIYA+ur3Ia4;>&=Y5AF_*kc^#gs2pUHA;6WXfA*IUgwq!As;4jmie_y$t zd{*5VG`VT}tOD;qqH)%-I3lf;9HYse%L2tIuju)j9BoZM#%j-0Axrt#G~de7K!lx$ z$jrLS&SQS9b~c6q@7B)KZe_-}SuvQntgYM2H6dp3lUFaNVIUnZYSq>yjcHC`$p{b)5KMRD`kHa7p?_nFU#|G~nN?0)`j<&f`YcznoE%MX?{+t_Cdu`0Z@CF%T=3#@Eo;Yr7Hs_Izm z%tZVk60WGUKe7-z6jsI0xj(Kw+(7hS7A7;8P1nT)Pg)C3v; zf5c%C8@DehvveY<2LURSofjp20Lj7o^;Eg!v{w0r0c>Rq5Hf&P$mgL#2|J?nd`{@s zwsiQ7qNX~~zyOFf@qFAB9D!NCtY;BMr~UJ%lzRZ`jh~@|m!SGH4T}je++^A3O&&hb zTUsE2RXAX;SC6t^GU|W!`I$_m(LXNXC5m1%Vsq1V*C|>0>nX2@;Nk_W?cxGd!!DCj z)F~_9;d58xL(DVF{dC6j)LsG~Fr_dS#rvPFDcv9uCdH-2z1o&@p0#prK-q^)4B3g` zz5ynm<_QU;<#w+*BvTgUc5s8mG}NbT>t}!1!I--rL^c1Q$CS;zHn&bFVH>rs=qtec zYHW^OId=$g2B0|^(Bu_bCL7hy@^?enF^SpVx(_mYZP0+XlGzvLv@#W8yU_3E1bN*G zM+IQG`~9Y~(A@1W8xONy!7@Ox)bvG{1u~bR@QiJM51o zL7+MQdU>$dDSha9>C@lRryyw2y^l!C!;wuFAsZv{f4-GqS)4I!{@?p&SIhhOu<}F) Yu!)(~@5)Pj@qB%fQZAL;uuEj!mZXq#o zet7;tcGpyRhg3aDcldmRW-Iei1_`My5f^Tb{(O(^qNwkVghcW3p9@(@lLd-|^z>cn zy^OYx$#E{GH2tXg?d`X!npyv|k5>suFR+!qun?hO6BUIXbloN(c^;m6tS_$n=WH|F zwz8{Qq_93r++?ml;YHnxC*b|Jt1 zyLq*Y518*m={z}92|k9t)C-)+v|`Uy@|J)2yxLJ+KDp9H^uHzI4RxKzn!>kt08e+A z-q2vefK9M=<4Y5JI~-K7?#z#h*(N<9XZWSm(`5}Pz7uw_DX41;f~V&9?QdKW+|8&3 zoelsV@UEHj?~YC36JSj+wBJ7uv}$VNe~f;2+H?2W>BO+N8T2^b@x1~Jhv`A}dgPb< zU4t%h??RvMk>P{J6!3Y%r`reUeh)14dout|$;Hqe+rD1qS0hj&0lKDD1S23%K`1?! zC&2!v`No9gFjNR*|wjj{NV#+rKqL`Xk}HRDrb1Avx94T_fAV|RdOi~#JQ3$W?KBIus`WMX`07-|XZ!iW@w!Tch?h|HP+(-+?yp4IrS|B_G~ zdH{ZRy{^V^X#b^@W;GiB5pcIcSRi^tzAI$<5D9{9r~%dgQ>f;)YPUP+*6HbKI42ag z*5-cI)Vx+XiYay1*UV>I21eX?oA_*n7Z#e|UFJU-8E*gW<>cm^(L0YGP1_ad6M!%D>FrGy5}QywQ#kd+o%B8ePR&W)5Fmd zfz(4d=zfqp2o|meB0;Qz9;3JrsQ@?@f{qVyvfx_aBI4hNcp8>U=5bpU88)`x46QFxKcn5bNIv?n~7@*nn5ML8;b7>0e zF@@6wou5hGPl4g4O)ULSK|A?UkC{`5{X`Hp5WYt#1z!-_w3T{zeFp?1B=xr!r9$$b zuGlsk#%HrB!G!ZVJ^tm^L_zRXq0Mx#m$Tzm6?9nY{#*}nn7^gh^T2nvYKoX*lR~)O z{RO7{3A%ZF`W|%o^ms|xeKl{2IDUZ6=EJW*2qb^mpchD>3n}o!EeH;m3cBvu|5!P^0gt8?B4UaL8l0ZdWI1w)VQ_a{lAe8{jnJ7#b=mzLJu4e)%LX&E zU*GO|+eq zz~8{5uG)GF5)-kOCHKGwhI{TjW1|qD&(mU|;K#qpXB`+*Ij1xdT9{K3x8gtI;2(thXwhsgy{K0Cv@HzWrdtHvuZ+$D_a`$Um>hY|m%=CUKwae*S zd@=9~_^#!4@vQ1gsHHLV)5&iTd{gX9LdcQr47LwZ_~$xf!ymk*uu=lP|V(_XX`ZBt7yOQ z3ARO9{)jn-$vSLk0NYwcT;$>}x9RL8s`uPmdXE2V*-QZNZOWb{^~?_1r|(6aF!tK& zi|*SlHUFB6nZ%&R@87LI$z@-$UoNzC#TyuS{p={+r)6L1Odp+y3TUq;uIAuA(oUck zYX&_bE)5F?=c8179>g|2>Mif(($bd>RrlN0#GOb9JTw6V^F#%1koJNuAmW`@@Q3_- zKqz77Q6-e}>3ni%me%7say1eRD^HZANtU`>z9r1hx<|y*LQi%qq0v3}2h6gUPzeBH z^)mYicz-md-g7xyV{-TjvGCmIGI4_22o8;>l`8B$tHYF!Fc2ML_>vEsUadB|TZ*SO zExt)hLyI(?Kt54)9k$Ir{Kp}+Q*-}QZ-p0kPdbSs;o|#nF+8=cA z6=5saJ*zm#>&^-2=T-LbmYpI)a^|W$f8&d3&>nnQVdHXPf*LZU_2jeD0dSOjiwO$c z8RB~kP z>RFH1k28IrouR1(njysAC7>uFpYHJ{p7sf`NA2@>{mjqi;uwtR0jt|<{O7~IY{((9 zd+uqUkMX|bZCgnRi{F_}_LalMfn_3oVw^hYG8+s(8J1j_TSI99d<@dBjrz^R8$0sv z<3Zerugq?fr{X^FyYq4OrSBsnBVRb>6%-y|FgN$h&Dkk&HN8SOWHsMGRKEeX$qe06 zU=VZP-hH;-w2-!LL<{I(_9&j*Wox;|FUW>O^0E)u2Y}CtMbL0F$M;8O`Gc=!5__+Q zuukesQp-q{}I=z+mEOqf7!7 zd>#&X=ZUk$tvkF}1HwRDfSw2l<~<(g!GR2tf)WqaQ-KhNRmSU@?u*!(&fDPgKFUoX z5Pr5&-q(XTjx4t%pE!ffl~&{9_qGJU_!4h(^g&y*bNThQ$^W`|N12{#?~7ffUxQ8+ z6%`BtP#LFay-c-0h}OWsfYfq`D!dm{3X6@6?W|NG_9QANBL_z$p`l`$c1W!6eQ0td zcjq~$2l-fH_r+*SAarLXn^vg%S`BpB%^mO!Hlfz-Yi9x9{yV&7i#UAqY#n++@*i#i zz4=dz=^GDeiBFIr;8y9zO&$mi(c4l0-z-AGh)Xa6_7PCv9oln8c^01ku=sRae%lEM zx>q*sY!{ShxgxvH?z#JG`|Jbv&Rcq)5843eA-V=}BP3PY{RrD$x`M2NpG59<00EEN ze@3z;ADkd+h)3B}X3IB=8`z+mY+6%T6&yZb7cZR6J0Nv-*AXdjGQ8ZkV~ zHWdWXz&H&bu4{I{J1#8eR&91>Idg!7og^{#ruyT2b0u zcV>a0#h!rur|$dmmfpVew?5~8iUId?dW8mk`S6o$Fm}&XRle-A0+>o&=mB8A^a@uV z&w)>WWv3G3;s-u+2S9{`oCCHw&q@$SPjCpR2R_;pa3<|7f+HOb0xgm z{VhBmXS`*#ccdimMn+ap=V~64t}}oCWWY$u6f$i zx3@6!n!t_1Z+^tJ@B>h}I7NatLKepUC#3(4ALdgR1+O%Hgj}+lYRKsRxTkUvu|F?* zB~$gEb^T|KC^6;>Ztd>7LGCFHhrM^e}?rAGCmtNoUZ14CG~iyW-p2H|6A49wo9&y zL=&{E#J-8BpCi0qS(J2D)ZbhPs^IX`TopOifBHRVSo_JUuS^JMPRs`UtK?P8paYX4h^B<^Jv;z?g1= z#>vRcv|loqS~lov!{$vzMRu^|82ZO)Ik`kZ-}NE{Q<)&r&j4-o{k%;jV`UnnDO-5sgC_N3wthbbt3GoPaaulSkpLZJ6I@PVf z2>jgq>4k&LqR?v+{tg&9Jr{wC4&$Fvj_7Gl9_lo*6R!qny+s6>97UBgacz02gv75< z6Z^H3pw2;-Snbf{p5h<3F-+Lgr`brf{+J4W24)VewA^DWB;Lq|#bSX9?vD3jZATF9 zzF3Y*Cv~zx=uZ;i3e7qp4I;TR&ZefN@nyz;cX>#;j*kg++W~&uWs|zkq?ExOi5fY? z-g2(<-<-R^Fv`t61y+6u=3*_eN*2%(5S;^t5PMSUgDzFa@b0u_IcUzBj0 zLt9Z;Brncej59`Ly{kHC#?zkyLsWFl(Aj=rDQ4#_ku_INv12(X09w2@$~rpdJ913 zlPF*5?v{VTJ+dps6!9R@Rzo%#i;_2y&LsL+xJb+BWJ1RDp?+WjH_e;7|I)Hl0}wT_ z3Vh?Hv)dxxRrc9N}wCLX%t>2w-0VXQ!C_4 zL9bAXux@*Ks5Wip537bn*~(B$amhn9_#p*`@0Ks#=@kqr%0c8plvfOq6rm8)ctVa))!-geps`jBkp2+MEC6f1?ZJ@84{d z=t||&N+q2eI1H*T9G#`yKmtE5*i!sZFxN5XopaAolb;_`!M#ek!a$wzULFyG_PZoFNmLZuhagM9zW3Mp|Vf?OYA=W6TRbLk9XPV!( zSyn$TYbx4xh{EdJ2WuO~Z#!2E$>>Mfmppw_oLld2-#utlj2`E8i-|F@U^R1?WRGpCTrifiA!|X)5Z$M z$E6Xi#NTr0u-=8trgjO96}$x5ZYhBv^QsO!(b)d;?(4jI7j|15D*a6ENin2IHkey# zin)b06~|}#vkGnw2?4BppB-H2pW~%NOJ5#~+w#x*wh^{^n{Ao;t+nmiDft+~X}W*l zC$$Ck#Cf#rd`s}nJnAp|pqYO>uM@BNO-Q+TaUP_Sj@Gu4L6k-y}3-|p>O+5?nLmi5I*}L&Q*7IK2 z9P50L(7*GawulPXjH1_I|K zj6QbA_ttB2TovoBtthj(_(`*uAu$%bhE*lMoJRb~i)8?MYmL)}A9Xy8w3UW6K_YYR zMh7!|xF_GW8%Aq_%-pP60eOLUGvzB1Noih1w$+6^Dcux4#r~fN=yI}xB~XhAySKJx zMTpg>4h#B-c{^LtZX-L6@Gw#ps6745-;OGD%sbQ$aZ6mReZLQKusu8Ihr2|yU>k&x z8ul4AYQx~NuPZ{nMGXM6%nK+PSmqEFFxJp%mZ=d!`ID5Mg`33-`7 z$peMIaSX=pTH#yKwMA8xHQz~9E>n~p0&f>@rxqgFh4jm^N^IV=kUX=hJ%aIL~-Iosr*pima^Kj`=iPv()0Z*+8AjdA`CQF?LQ$h!m9?qm{mpKWwM{sr|8CU z@u3kZ2W0>QNX?s~hzNzSJKtBVxK}rX1Ozzj&UD2l#>ekjZxn^GrcA{V?p$V-cK`j+y$adk6%=s-EhX9#%TwuT}Fc_e#Ds|WEDD+c= z4;2jCbqk5iBt_laY;&(=-$)cJwndaTMW>N^qPi56BNJ5R)Vv-GuHwu7tkvMMtMc-S z|48KaQ)_cwGVz`j5017*=QVA*O)Bhw_ibBAU|@v=D=W^;@BA~4@q$AN3hi5?u5Ob& zdVG<|)~7i}BRYpKTU*4*eL*2In74u|lg;!It-pg)UPYxWua9FgoMeP9P7z=}2+NMr zba*`0?S;C|txtdu!N+6X&P=WN70NO=TGP2h4j5w@)rWH1#&XtL|;_;MTsugoBkPHR>^^L5&IOn{VS5PD9-F+y4=kRmOHNMP@&6rzN;z+pV1|ImGFp( z6eCes*^tD3sJ|fWof(`@fZ%)r3!>|>(sW6zZ59qF$aXqjRi>&-xI4?8j1u643>RkI zjAmjldAaqF(m3JXZq7ANwiB`O{jy4(z-0Ig3AKYDez>Vcq7D4H0gOdQb~09&_GrDI zc{ZG6beS1n3cd#rer0*-pmu+Eht*V7clh2lA+{uv&X#_ub;Fk>B1V~|D(^pBcH8^- ze)qT$ZRI=CW1vuhF->LH>kQwngbKd3mC-t;*OPg3QMG2-OtjacQM@Ddor(h4R+`l@ zs-=85Bqd$^uj&=|$_N=1W1_uu3+81?2i~JuDpJZj6cdiaBEs%FL|(^4vtR7K#&sl2 zL6BMnr%B^zc)yRoV(p8{KyS?Kd{t@9M9;oLm#|t*>y;3sKXDA9C#J#TWFl<(dxcR} zw*JwK+E4l0WUq<3^^6@)jKd&j$s24X8FvkQztGP0d})iYJnvl0Q zseVGuHmBkNe#~B(&SYf*i!+adhAS4rh+Q%yKjxE}cm0S;TNLA1GN-q*k%{wvu?#3z zY#LevdFB>+0jef_wFe%H5N%Lvs`Se#q__Wq?lrzB3Ik~yV(S0p3IBtqMd1`lrmF9| zr;y7&*1sorrk)8U;4iFmCkYI!S*sJjpdnLg8MytHG{>%fhD<_4?1`?yL^$>5*B!5h zH|!>U-E;d*+$c*H2al_oedPx&M$cKUvd1V*FkWL#4g?0#JXE0D4ShBxNs%KpcwcBo%mm#W9Y1JG77$a7IaIRe}|@d zVLXGv8$D9)>X(b0;$PuF^1WDm?fS($=bZU#mdti?fD$rF+pvN&rRJdrZ0@*A!SHA4 zji|z@xUg_**9T$Pmb!L3Z(7usFC@ zzzp*jA{CiiyZHtwTl*#9&gpU3r_WAzI2*Lz(@9r|rdFw%9&T6O-J-Qgs6<*6_UJ5O ze2grP5$y??@5XmL+p}BsEB5-Z{u9k!&W!<4ZMc1l<;3q+SC;4Rp;h87eUU1iNG0;A z<+!FD$!n+kX1U z#75y}>*=Gz)T5OU?gSR9!(RUW2~hYc%Dp*1RT*TeyjcdW7Ez|rf<6yw`F$md7ybu4 zy19a65y2E~rJTVPMP%D|LtQVC?40mV$*4w_=q04(?mQ6$|H}=!H#L36>!~$I)<66n zd}M87vDsNWfYOW}-t{A5$w`kRk@);H#x$&Yq6yX-=n}wppU94RF6}NMdl1FXFXtD{ z`3(k!g%-DxOQZuB-x=to7Acb8=rHD@B&jp9E#1uX)2m`fi0L7J8b94;I5<;o$|B!9 z-a=gPKZjl96KFCY$5-UHV6g4X3yGK+MNdL-OOP|y%s8F~m2qe@O-0cCttnFYOrX;hIdqm=v$EE)CPB(a_A4c66l$+{=$Jf@ycAFkK$>IFd5&NT-6 zGFi-zsvoB`%k?zwwXZ$*8;x0KfymeO@3^0kiehsmM|V!?H;=YhMwbMb2vSo$#qP53 zL@jOfF+Hv8N58R1VxO*)1(BIl4#L`d8%Pv7%>0hC1id!w5`MUeDScV`jCL-u`65{KW;)B}gkFmeI zKOEsBlT6tpaQek0%P;(RY-%b(hJk=&yCnvU{d(m%E$N%`glbH4w$k?(s#KKV%_wzH z1-Y16bJ*bbKDdN`N-=5y2hMwauN%D4jRwr2NI%&>Dj~!x5+U`MxFiFCn-Z-4|0Lcz zZy1>tor3QkiUE&UGWXTbxx?1D{+Q@+jf`y~Mz*jUZjOO%<7x~O*H%CEz`!n!kvF@= z6r`c!N7=Ew#bqSiIDV>USp<|qHYrAN7^Ck8hriiMzkAGN&7goNo#oFwXx0yI0f;s& zgi?cLM~uyQXRKVMZNVdx-`t)2EelkKWu2aW+e9z64WAer(v`x*MrJEt4~uSj__y`a zLJQTdug*Q|G7l7IbR!r0V%o=K54HK!s)E}X1w&X!<}k#c~lbqv$&zFM}2Zu5ECOJEZFi_g)AVho}N(lARc<2cdPG!v=p~p+NiXfZY=f~>zk{KbGZ`Ma+=qMm0vLk zl3(d><^4F19Z#)oXrLF&5#OvnD9~u$A{kj-kB%8o@atr4QRh6}=r(ayHDLH^#b2#w zFtOYwcwoP4HE7c;T2^?D?iA1V&WQY#GKC*#WBZuk5#G6OY?MQ1W7n|aX!A27N5QRP z-iD1kDVw}rd3ttub?}F@KJR(T!4|#B^|@QR53@u-xi#nhzTdmR^>PMP0xN#oL>Hg> zZdYJRK8!_>xHQSC`2ij69k*VG*Ili5i83%YGBLlj67`R8SresPvhWP4pbB??`xQ|F zsk!T=ikeP)sve7H(4&!(d{iYZ!Phq-d83e&zyq|VYPWn;YP|`QC^hs_1qy%mGQX5{ z^6UnHxY4Y-ZW0!`$(L4!W#gG9$z=l6uJwYB*wjIrNI^PMx755VgM;1OFM{Ko<*AY< z_)Y|v`e_!;q9V&J!`MR0#;B-pdJ5|8B!eo7veT|@$lskqi();}>Cp*Xj0&H&j!k~v z)irZOvV%_r{}gK!k)Fui!1{20j1`c?wcC)fVtaS*@aRNFE_H(;#X6c@^x?P$5(vu$ zhM{7T*r#uKonZ+#x;b}(Jlq2*Y!rNEHpZIfbwF7XSBNau?A*A;Vwn`nmb(V283u6D*xwAEB?`3)OlE6ofIr~Yiyh<6JS z(U7N;at_E^GDFvfn1187yx}6Q{cK@V05r37LOxZx3Xjl3B#8YJ9|V~?$Bz7e8TwO_ zWdHsBt-i1_*vw@%F7w==d-h4>Y+MM6Hvrh-<=Vy17E-Zz8I(M#W6TE~9j<9iOSfhV zQ=cF>tLGyntWq1;Euf&}ZiuQGJdqoUGrbKw6cj*c_RI?@USfv5V0a zxs;s%EP~B=!mTE@id6-eICw@@Ulw=Ld+GgUOXqiVoUOq2W9tHLCu2nP%XY&F;Lpz_HcZAb zbtRh(TjwiIE?s%Fq*2hV{(apm?HwD1i)5l8S7Bm8Md-2j0(dLxWdk`m^AWq=UT%91 zbcHI3F@F8Mik}$BynnrGjwg&QzW75xVsa}2U!HUeKlwUQr0Zp zE?)J2-rv9dj&{((vkb537_!;7-CBWpboacuihi!ZbD3mj1Hhj$LzW9wrx}k&G`T5~ zY1#Z}2pOsXMcw$3_D;<;=Tshb&|rH^$^~u>g(JcXl$s4y0orRLNL@lXpS8BOO45Y= zOHb&Z!OK#dofoR_4k+_`e69~$ByOp4a;d^zQg3zJe{-?#99`}WC!gyZJ^gUN0;V~x9NoLOgxNw8+jVZ4BSauN30K~uPh1iNlFN;yVJC1#s`a#yI5PItNwN} z5*7PKY!SXOgHDPY>*C@=wvbkmiT1+6`?b+}C)z{B#o?z@6yT_&kyHo2g7KP>y-0>l zT|_@(u=2=Vc6?u`3_tu_J}&_GS-HWeK4CA9xnG}TNZ~5Pq=;NAH@10_x*V#!2ujJC zlEegL2|K@aa~U=n&zV7A_~_Js(dtyAEdSpUlTJ;`h0SrA*H0Jl0Pc z^-Lc+H23BdZEwSZl^ag90bLAw1M>8kGC_~RIc2N3=gh}DClv@PS900(Ef<}4@AZW` zg+E0{zxZzK^1X#FOXQ?b;D1gqsJCa{KsrdD*f$^u?Z*;&RMZ-u7%m~}%LJ2llia<6 ztnHYE{fAB~1~<`xy2<4POKR-|zB_qV-Mq}O#AhmziuLm8*H;yCJZ?6(-OB=>av_xf5fOM7lko#Tneg(qa_OOQhF z(nB=ypa>JtrI|s6tSp)i5L-nxz7}oeWB%-&JW$UienThTA+Q+qXCUd7C4kvrUPnFWOfI2VRq1n|) z+J@89zUZyM%2OGJ?>v6t3I?Tt0H+zu|oZl(wJl5EH|Q@W(PQw(Xx_(+JOzeNNz|jD9w*3tv~2PZF>{lnTwX?skkRU~k1{g;e3278P}e@ueelIIPI(ZMM_L++RC z{hCApYvsp)0yxx9CS=2}?iVJ>Bc)YAF zpt~OFcF0E-HIaE>S=Mc95EBq~|AGSi+t0_|lHXtNs(jQPI%b9X{_Bvd#gyT5jbZ2r zC+rzS_2fhaSa^A&oTdnmxCT8ckJqwre*f&oJ{wtlQ8!rW-W41}Y*Cn!RtH0M)eg8~ z=EFu7ak2Rki}zqdRu*Hm>!UEdME5(^t*9mTCdcH+U-|gIAHpp7?6D7#g9PknCTuikX1@NELmW_M-g;ukPTsfvE~wJ+85C;T z51XAxvTxw{aapL58_@%kiJ9Ii4RZgT(*g$kEbXSrb8xH{&B2tIK$$zWET4`#jv6yG z&I>;`-^gP)CCJYFAgP)=z*fp;-kM#u^Zmr?^<62K3SoP;XHtOs2&apKZ+sT{d)VjM zQF9l_iq?MVin-@UddD&`;;qA1XBi=$;jT%ixfQzKo!*r_2fq8rI-@osj4> z^Q@!X9!nq(`zgC_pW4$#7Jus~Ja3NT@aann7w{2Xj-=3>i;2q}%kC;m9sf*?C_`E1 z*Zt*sGcF>Ndsy9n!OygVZt>S{;061Jg;(hUb zycJqsQV8{pHfu&zWx68DB(Q0$l*hVpgarjLOZ_U1Id;J)M0IEUIgVl8MCKf4+%*JVfe@}`_=CvlgKp#VG!2%LX=NoVJ!b`?i1au1|+ zB@>Yg;&^4W?kj42wgeyR3(tCBjTxE-{!_snI>Ll^RH5(sCyu-xy{{^+bosd>Ebdkj z==_sB!e=P1riK#DUHfhK6@1JrX%KnG?S|Xfe_+0i3sS9aI#cEz!x@sDy)#oU4ZG0s zY`wSsrY&(5vA?C_?^_T_4jVcN#*O8}yxH5cWtC-1{pxdo*I6r$rmX7Sbs_zUmes+Ha?j1AEldGByoo~|)2z$M&EK5N3Er+ibHl0do zTXyLBBIHy9g4u^g0DoHq-XzB&!<(>kwVu~0>$m~c{pPSLym-^Ea)d%FIL(!g)ezS4J z&-byf`cMS|Qv>mN-uMgsj>6sYxu4r)KYsNw)ap!|XvA4ogJt;`U2Iaa^X&>=EFmCx z_=6iWGvDTK$V&Nz?4!GFd9Jm{R=I#JrD5TEuXU3OCqI43c0i2Cil=!aHq$3)$|xUW zjvv%xif^j3u#N*$^z{b=IkB}*61cXk@(JX}ya#wLPlx4~%AruZ9sYoEcfAyeuiH21 zOQy-F$=HXZ7W{H5Ccb6+znme-X@jK#|~CEm7;UOBt@{Y=mM%9=I4SL zGoIJ=ud>V!s;?w`MWE92)IRpszrcfZWa$`UHr#!-3`Xm@R5;ek(!;+DOm{RKJ`OK! zt9SM2;p9lQWI*~v+*Gw(A0aOoqc-A3mgwdoyLn$tn_<5VH%Z-dJ3=H1)z%nVgYJ#y zX9l#C-#}e-h3~6KhtXeZ59~i(jLHT(3!9t$DP;9Aw}dUt;Iww~W|PE4RT|5mNWQ%v z5~?0zN0~eP3QuSvd>nM2i(vM@yyWZRV5Oomp=$B|ay} zkE@VPD5G>i?{{T<)-H%2d$T|AvqUj+kYH!l%`JAk{bAL-y@ike^zIMmKlssvZB6a{ zq)LqDaUay>BmK`BNt!+T@Xq6uuW5VxOd8~gn~l4lD6=ttiy7&A*4MW~SUlC-T3>z8 zy_L>LOWU;3Orj{CG%QN&w$V;XB|i4rF8K{1u%XS!ZDBb zR}~WIt?%cL?L#ttv@~C8|GHp8=K0%6!y|loaF~`>wJ)bty6=@; zSG{?J=~bOp{CuQ)Vd^qTs{SWqEx9Uj4IPsV=eNsd7kLBo^K5E4zeE%`MwQi7RP`|v zWmKv)U;mB^7H*U4qf2+k5){md@KrLu^5V5kFzRx11%AbMlh0hc4YU&H ztga4Oiv817u1*}Mn)h~Cbx}(#{}ql4Z!`sWMoQkXb^1?9;<>95DlwF|&4oI%amuA z503h(;r|d~UTc0-PF_kc?KROGt%HwRvHEXm@b0o5(&PdxUfZBMC$`ELT9&@pl@1LS z4~%LdEBTu{?(nkmF&anggGPsS(u*$pu(0Q9K{Exb-9u@J=AmMcI*^RmYo1qFMo_7Q zO)I*+iQ+zP4|qx!97m=Iu?vCg3aFF)(k6RX`sL)s?H7X;3J<{CWB8RWmoXk=(B~u4 z5h9OO2|T;mIoo>cKe%81rs?nMHI}#|l`v=@*`OYd26~9TqURnnEJp1XcDSz9aq=WD z{?ar;r}3Gek|A`2ZSYEMH^)I>UVEKx<+7{y3N6zkW|Og$IFKbovZyN|AfAMEt7 zZNlTSTEjP_<(<}+CH*vtEM}^b$$)~aCq|j4xxZ+)ZZ_;Ez6ZAu^(E&-l1UtTAG5AT zVsB@h(GesSFtFAJYHG|~PBcDB@QmHuM|jD-6;l2~9kPA72_1vEd`zCV`?5=8A!fgU zO_0h|4qljzc4%3tbIzKRUyK z^9c+e4N$(KA4C2fror>%shv#*bTvo$zR<7Y!y}|?Vr=!!gvwr_ae)j>SS^9 z*Lw%LNL{2&hdS0Svu6kA zujN1vNI?$As@jnQKLl3MM&sD)hoMKmX8iw;PJdEKw*bigXWU-NDAS%J_tOPtShndDMHTv7||( ztVNT^ORlf}b1rO`Oei*Z78jbp?@G!`(#jLnwnbfgm+WbN+ZHVX7pa9qk!q+#p`>2O{Vgc1b4JO)4&Uy-}r7ax%P9R zcC@^4Rj_R5l(G>gIeZ4E(Nx#G7c^wRLebr-V7%za2%Sj5xgTdfMCkb4fpK08tTHYe z&vJ8ioE+$Dh9E^Uhz2l|GCkV+qi6(P{iSHGctb7X@1p7HL@KVML9%VW;kRZmL@hnE z{#P!gc{Cv^iQs!YEcpmc042qK1wAA96%M3%q;7~>Miqy*pRNrYIild)R^Yk2AxfV}G`s zEVtJ}{O%Pd@lI@mf9XfdaKdl@MqLtCX6*l zo9QjrTXH`!s8;c{rotqJXQ${&7ysm^YrIym`ml-_*^gPO>VOB0DcQ`NFk$TqVf?qm z9mpDQ{A`{J_?}E6Oso6i+TJUQkvHliH5MZ-Ji>B^`t6TdMiS*y?`Hr+CoeFsJDG;j z_rpe8JU!4(aozR2Bmb#ugBBQ}cF37>ySe{;3iU5*erJjTjp2W!A=PE_Y=1wpKLm>( z2thtJS%+@tWPDSbnE2o^INUgh4fAz3i|m*sHR3=aJ8|ZD*;3N|gMVqA;3f47Qfm1Ng80z3Hj&q(N{H&}+7f#j z0ztCl4@!}5gHP)%qQ~D9OJ4j+{WyG)x>Hmz@PVOo-e8+`mzi|g9XK&!b!1+lzw0yF zWZ^+yo!CNFsr?lYhD@LVygkYI6fEGId%7b?!Nt@jjt^BIG$e~x$~%QGuHZ} z_3uUF5?0~=eRlr?sNzZLO}SdhzNqt@j<;*y#{=0uY;KK_Vm4SPftoA23(p^J_7u>4 zq-V;OjExE^)5YRcMpdH;O1dapTm2)^BKv-KI#TT&aeTlUQ{~~}1X!E}(CNNXvLW;q z^6o)$@LM=_0Z{rCeix=I*Y|JWvnUgk0eW7SQ%m9kz*OTCD$!8y(hsbLDv)m2>^B~+ zX=CL}d4_hF!X5<~i~POpg<^cLck4YGT3GMboONts!HX=w-W)A8wV zvIFz(4%#0-STNf=$a3g@Bs2kH)RflAA^5II z1G9v^pA#j}J1THfcPtOEpdoeytKV>L%UI;lKaE~feVl4B<278D5Ep+8DWhIqHkX{- zO{Sz{i*>iy%RAmxtk7XvOcvBL%}7g4PfsP@wJuEopy~De?Cj#fj+CXhS=rvjk&svm zwMcQ-v@D$X+4>MEE#)ot)p~jG4bLwyDh>wy6;3?&2pB)Ki>~O^d5APV7WkW2f!pN@ z1_z$IP(5+sGsA9YiXi~)GxGiaVeG7;+UmM+UEHC#yA~-F*Wy;(-GjSZp}0E~cTI42 zC=My^?k>R{+8#dp&$&F88OhjtW$z_(z4M*V+MssPbvPb7AX+145XI@0!%~+g8`hI5 z9r6JNql{8>A?RnDZe3G5elsqyG~Fd}&!?iNsC%7hQ#oRC`b4`v>NgDZs2K@G$mRVZ zh=#vNmTt2FGtTYk)oT6y`ig?_~Q}XmFnyL0c`za&vDYCjqofRX` zjI<%%h(gLsFBZONk6a0&$J@d?GpnovYk>RlM0r(hQok%NX3U_Y-J4fF;A3NG%GUPlN387hDd42Lv~B+$Mk(Tb0Fzgc)Ai}+Q{khrSL4kq3Pw$D;IeaT+Z4W?>t32?&r^o; z5=YmYppLLE(cS3y3oN|=4DKghTtE;PJY#d-Obp9Bnf{Jz^XIC|9}|R~72khI_IY!8 zp^=9&f-znHUejIZY6`BEwKshBw7}O1kHkRx>=>fEtRIHZ*JWa7GCZp!j2s@;&a;T` zB9>ENm;kn#eh3&LhGu7?3!79vow&{2AeOyAy9w)vskT%{pch`^*y}qrvY2fC&I@u6vvQ?*y|5%jKR6(!BCEMvv?s7^aF&B`iQ@+Y_Np?xK#x=TDw0%?Mgsh z(=`CL@~MAcwl!f2#}&D#&h4$Nb*G^6HhFWSBxkz-M=giNvW4_4Qnv~oFUxa5*PJ|z zhu^)npM&9gHLZ|FY^#~VKKh`$&}~jH4^|@LN9;5(B5b)hBJJ_64y-Jni6D$sWCe3n zwP`~&k5!Yc?oS{&%q4;{49IA@dpp)dxwGJcp~5Wk_DlOB2kuYP_-xE;vV z8B5qm6sKd0gr62h`j{(_wR;iJn8#Hm!NuSdgp0?0cfY{ZA9|OOjB7A!)})R>^TqdQ zZjD49wXw)ShdvxA*JTc5D)V?QU33P0|Aq0Q<>zE(gGeSHtr0`gI84sh!oN4}oRDm`b^CnX&8tLE*KyLs>cEP&AD;_tU7QXdxsMX!y+QReB8ty9)~fMB*Rq_OK%Oh;?+ zO{mk~gJ6aCBM8{ezy-g6YImEr1UHX~x<6E~U;fjKgK3s+V@Nd4^*qNYbTIOqUW#>W z@j&HMS7+VF-c@KAY-IF{O}&j4k*?;oa5c)pTBNw(q`@9?CRXsbIIq zF@Tu~=e%&2MfIPMoWp$4hZjjejaBPwPrv!qd5|r#oeg97231@hjE4dLY5V=b;`)KgcnBb6hfykIv@>E{T=uhz3|-}$stlc5dH zc(-x0v0DV~3UZ%(z^cN&-Y4qZ-*?x3DruRQkOidWeXT6uZK-t4cwP&h^|x4TZ&To% z*H0!>_>Eg2f!iqjE9_>_o3GXuGL0bhvmommQRnT{J`K+_%L#>`LFxf{8~#VuyI!^* zDH%;*t1Kik;&xPWZJW&;E$AA-7dtZt&Hf{-CjLR(KY~q@V?Bj3N)iAaEKn;^=jspa zzqVtK*a&%_bw#=#BC^|GF8jVCY+XsvM^Mq+L9GSM&D_mXlE00SgVyD{!C%(PPEPfk zd53$o)N`?1Skp=9Ej?}Dp9y#^D$+IPO~e;>Aht)x+T`H@w@0dT)I4x_pOfw8HU$@Z~}AoGdXG z{&1uafvoEtN7vj)l=}GzlmVnzTI&M^+yu+`(2F*u--HHJq7(p(KB^n8cpe`PB}$n{ z7)~dZ3Cb0WLdnU@2r;P!=AIjmV!68qp#B~^zI{)~cjL7vF^b7pns6Rwu(Q3^wr|G+ zBe4*cgMzQLZzE2HFa+pZ=w2=f{BqQMy7l}s0Do9?BIzCe$4bi=rvz8oTtl+pD>^cl zP8n(!#rYonaPC~TRv{`!At`7SqSR{ng#6HRIOxg;yahDM)*Ps8@E$y(>c!~E#hnJY2@WQ$+ysc&l8(D@>ZrHB%T zm8d42oe?^=?Hu{m)Mofsn(q+Z@8FUUA?C1ndN1`2T zTt3gnbEloJ=NO5Me_7sV+?8I3!frqxug}-zh1uG9}w7EP84fRgOHgn|06mA~kPmK%;$gb6RABv+f zjKW^T)=@k64)&GM&~GVsUyU6byZ$Pd9?FAz9GQi_9*r1r#*CC+-D;{hG%@mB%{V|N z*gNp+w6}05&*JZ{o%?nY(BMjN+ux_8&2lKYOixVouN4D6IKQnkTs8V%{$pcn6pVpA^d&={WgIJ#FoaJ zkp|gEP_hz=m-{hzHs+JBZTrh%^<9^qpRE!P>`P9(Rd7-Yomzg~Pr0(rMd#>Wn3qX_ueHwe@`}RR({_GB z;n^VP#pvz=*#T&I_D70O%@5F~xhv**rj+q`W04j`;kObRj3uyO^00LnYNyVMpOl&CxgQ zG{)KGe0k>Q;Z8I555bWCc%E^_9FlD)BJsIF7(HnO?A&pG_iIo(H^|$8yWc+e zGBLO~_~R8qD*iCms{shTC8Bpe8trArxG%Q|C5`;s@9F5d>#oQsFyDg=+FI-H+u21; z6BSM7l;YJqC}nCFl57Kgd2|l~Ny49nhz5Rzj1#E6Jc19UuGsc<{)%$}V>9~=#Ir?3 zwKbr=MR2CUCoxj{u>;gpHSFkGe^1`Bzl@l?olYKgB|8BX^U!9lQKzT2CT0&5*{6<| zjqB62H<}U-1csFx#0s=V$+Sj!?mfx&X8pe)W##3-wyVIT^$Qtyp~|XivaGzCiRglB zkInPC(70wPZO?kap+)F%Oy8}OS71$p#E;wv`|^I#>rcKmTiBC^ED@InPW#1+p){l+ zYBvpKit~M$)V^m?*&dD2J|<@E?xqk0$5z;zAg5*4Gz|Tc?%m}!V}0%{`MsCozt^4y zDDv}v)}EXwZ4rlNI0@SR*H=M%fN>y?j*yzmHE@IaMXwP#7 zUhzskY&6R@qZipPKUr|r+7lh|(o=hU3eXo0g3b|wG11lZa8Xs&)TMIsXeA?D3OE(o zXA=~x_dD1gtoEB)2E+OI@_u+T=-y*oI@Kq#27z?5JKy%)^~r?=?MPLW9s#l|i+82E z7-}p@qN%jOR$-V(gimdJY-@{fNx#vuzY5T6Zbg4Jh|dT1H+#RpdA0NB7cywlYYCH+ zmzOCi>uPGMV%@XyF$sZ($3GI>snh3OW_P|;?hzc>X^@<6{N5l_zuUm`2z1k<{1TTw zXP2Ir11)67&YCH1mb`twCYYW~c44ZLPlH64mF5wnYMLJ#b5oMw_^_=13iF!ZFerZ> zHdCIwfdTk&`S`kKcameY*kDI_1>X>@AAo$(&A~Coj!5k#`#A83Hn{d*NuWixQ?5*6gr45Tv}Di9?FQe}R|@P;g{ zfEs#;OW>ST!de&1Yp0Njle~+CkBy5>yM=r$7!WTnA5NH_or;c41x?W`IogRd0h5J& zi-G9WY`acB%fhekr^en8`PeI~Sj2W%lI6_E=#%*|>)vd_^wdkMa6dII3AQfE z?g_ix+h?}TE34TA*~bVQ)M3f~oXGfNUbT69v(a;H%vWDVVY_R6u~4;3Z;8t4kAfEb zB@R--6!mDDX(3ntD}(eZ>uQ9_$C7)$MRO_D)Ikfw`lUFFri$lNl`YQqShbuE~lV?lG(aW|Gm>`oI%%xLl!8D*kzp6!yhJ1qEr`Z5)K9igkm}bt%HzSal zYsfe?M4=!(fy2(rXHU)!o4azodW=wQDt)`Pn2fMcOmygV4Mpyz?zcsu62K4i`tBn;u!c zDW31|KC>M7z7TFN4L@-nL%Av@O^S4F6buGO-8P1T0WSBKZ^2FAfxzd*3nW6lIL9x1f4z$jS-JYB}WoP8mXMq2t;c)4sBBzx>EOsc&rkw{yyS%hpY4F zK=+#_#fj=w|LF;-%mvkpH~((AqQ3>nF^3kT9NAUD;+x{o?bxkXIzoqaz5d(XeD9qU7aU1W*^O@c7EvdZ0a z;^ijzE%5!llt7-n`i=XaTGu!4grb~cf_fu6K@5w-kSf=15F|o=>62&KBYCtPYa5q% zY~#vnR+3(i+X*B?ZxueHs?O{H&n+az~|p0(6v#i zDxM+gEG;%1wGo4+p?VkAi6L3hb~Rp1EsC4|EnK3Zc;0G%z09}Nj)2!)o}|SqUxCFG ze(2czTYZ7R**Vj}u zQqTM~p2m%}1U8kx8BWm2Qre7Oyz@QWBZrI6u>sXE-!^A~YWBB% z+orZ*oRe%XG@QtuB}*5ZJ$j=0IFD)*a=b_{5dQ8Y-@dLHNokR7Hkv;59rnZP%K1F1SE8&0cPkPuS@I!tu%eRO zM|VChKhh~8>J62*Ky@gWuK+pu2v$`N2_(;AI24vZoWfM&Ey;*2z+916M!8IoV%ab{ z=!K^Id(Vu7VG53p^ZjM`OF4gTYcsrAm!uWWMJ9zTOS4DFTH<$kItH^O(EuxQq;XRm zkal_*SO1UL}iR2-n)TJ&Uk6E>RXj)5nkXpEKNCvHM6{J3QS{F1m3 zJDd@|{Bp&`a?AICq*DdDB2fe|35*g(c7#+Bv1+ed<9Dj)1WqVA?^0&Rk3BeA$vc-5 ze7e$pXU`>-$|yoija@5Hn&|6V803CiuicfrJQW#HUD$BfwutV&{3@SBGY98y6e_|f zJ}3*AG!rc|j3{Hpyk}*`!`?%KS4oQDZ7v72Rf&0JLq&x&fqEEZ05LfAcpf?i+Jh7c zHWM3nBH?$8t9k6?j} z+q1;d->cd~=jnU7IJuE1j*rc!6^rrwpzzv~v39q;Q2&M^kLoc)h@(9#fT9G69mush zenpqBxAM5oPvu6HSGvb93l$CC(@@z=#fRko+;C=r#G2s2G`>jAyDKT8wW!RBb;T6Y z5b-g1ON~#A_ZWP}+Iy?5p^-uAM52QTeCFiio6>=U!G#O6Am!^8#=MsDbCS9O7rK@A zp=8jy?W2{Ve^= z%f*2hZy~|hoF8?9%{HSD0Pkyj48~@g81}HtPO3GMnh-u+nvvnaaVJT^X(YjbY!e#5 zm|??^&aKzw3bK~rYxE|9!QIWf8+0gK{1w24A2s`K)Pl3FrL7cP91riCT=Rdl9k>mP z&@HRE9ZxQ7k|+Kg(qN2-@*TyNy@u>y0Z{u0X}D zaq>DENi0u22L*Dl(T*V@7y5lOM7u8zdtl&0P9`)_NN%@@PX9Xe*EBnteLAIyr91|(MKcyy}q66q3d^C^sWy( zKi$M6U`e_z!|Hx|F@zoTm2KWtpPRif@oR4D{xQkj-HOcRTT;&+Irg&8bCCXYq+o8p zJC``rp9n&jFwzf|HH=G#iLHn>oBJI(c$F%~ae*pOnyN%DFUw+GY^Y6k`zcb;F(htl zFEo^p;E=j^m8#x&&&1e=Pq0HUlL%YW!-6O-=VOS<^88|ryojePAD3T28BH8fqDGtG zIw>J3!tkVFrToLq&+3xyn{`%ooHOgZE>!7qRm_V{)p%vCQXhSmARtzDdILQR@(@G- zs>aYT&iTR7s126b<3;SyVE=Ftz9297$Bjw|B%+gj8j6&T>}MfGD{Sxi_fesJzQk=4 zb)GD&M5C^5ws+WteTp8F?h807@ekDodZcZaJ-bf!{@yO_9p9XTef*stS772RKRWh2 zor@caCe~62U`iF^X8Rtg`Umg`@;U!X9F$5=cSU@I=1R1;FWgS{<|f0jaqf;RHzc$5 zj>qhp+@qE$vM`%>0VL3wfPr%T3Ko%CfJhscn@t1dS|)Z9?#Y}y;8<9cBmdW(oC`93 z=S%HVtT)##EVk=UElUAoC$FD_!+HFpJPM%yIY24=A<^n=8WhXSd zyqUH?C_3@M#KoC;15j*QA*-<->`q%-UeNNq1deR`bkgk?nuX7EUtH4LyIfKP+E9*T z2(U%zKZmw-M+y6c`CG~`Ory)y$x@;jI5Hx^m_&6Hl3#$Lq*7B8@8%J!@3SQ+NVMDM z{QUeh4Epw~uRU+Xd4lh9hGR01^x}-jAm4B!Ti#jg=wiZ%o$75W#?Co&yig9Bm(GcVW-5pPdZj`bib{8Q`S~cz@5lE{BvIayBBED@e(tRWE zSw)AvX}&9`(RXCa!{-W)QG^uZ#LCC?oYzS{KK3&?qf_$!K#%jB@2NkzZ%^{Fnj=0( zRr8D;37X!*)r02I4DZA}L%wb+SKQd-67mtmHZ8XW91nbDZ7QkhDt{F5m1Y&x-QaCv zUl-Vr7Si;pt!cQia_7+}tGY)0613iLHc${Lo!8mOO7lL|b0X)bYiKqJY&hP~1I-zs zK}OIAb_Bk~R?whq`kBL%5EZ+(3(Obp&HAwJ#BKl9+a79;G7s?zBYu4YvIiC3WVv^! zC{Dpwp?6w5^d?_)H(sypl4?l*${u$ockrSMD;}(D*A=}yc%pl#$f2j8HFA;Jk_Gic zs;CdiJL-8wAZIz9Zss5gW};?=F$l^&?F>U<1Pi zS&1Z2D$jF*^)LxP^wL~op~^C!kUIoma!Zyq%%N5))31K{1rrSICzww&suFH<0KWo) z7@+(be;K1w;_dXQyK=G+F=l%!B+>9Q>__~zXaJx_9jysH#Pbms%tq&u@7pi1iO9~- zUVEp-THUC5CcRW#O5*UNb`Bqx2vHpR*BCUudu?R<=Z&CNR@3mh*&sWvtip%9Qp44B z^t?!= znR>OBXS52=xz+okRmYPAnmE(OcONIh6o_5|{wz0(cPBJR_kvphK2#y{Ux+srGlhDyCo`rdl< zqzMImJkC7ao9b2-(C~7#unk(~{Qig`>LM^Rg^{L-U;3=%yPN|&mS)5_upnb$32%FnoWGkdp&tc3Wn>J? z$+8Qhk7f8McMplHHyK3`|8bN_^@67G*EoOAs)-a&HQQLI_wv;jRVCf2(8TTK5QKFaB z1X#_kT~nm16hYVztS;<`H)Eu5wg)YZ}=1oRKaa4>@|ggfdHmGH~NRdC>h z4iU!#P+ZLt{^iaZI=}61F*Du}v;VQao7>);-pP25Q^ypOC~wwM_@Z}-dRIyKnC~MC zdx&ES7e+&5HG}grqL6GJlPEr4QKGq0?B9+hpZ@CT>)Q%!e~Na!n^M@yp9oN}Ghsi5 zGleX9w=St2A8y-d;!sgh{7i#w!r%;U=Nt8)5#yrCcYlax8%0Tym!#k%f?FA626a&+ z&}t+k1+0V7=*TO({k_r7uQ9jR1^hU`ZfTO7p-~Lr_gtSoU`ZsK1fQtQ!X}I1EpSV{ zR3%F?5@|E34N90YDRBWqjfs{q@03MU2Bf^Z6dhe!B`nE8ZkU*yj2g34Qt~yYs-_e- zUtJl=+dJWBJ>f(xi8C|wlYo<65xNkXYjfe`cF%WeSM>HuRB@#=NQ}IV=_Q}>#fxX_ z0#=#}nUR(K{6ofiyQds>YpFRew+Y0UMd`|wCanZUi0|OZcG8zf9O~M_K^XcS>Dc$G zIo+X{_uxlj?c;RgZeIHSvVuR#p>Tw zYk!bDA2ki1^_%CgJ7SrTPPi z>gYHjpUBDx$9>&5)Zx^#CP1=z9US*zWI8UuU_7|LmfaCQrG=lYn@Og3>H}MKoh1o+ zqec$}J~3MN303itfLv?Zb2p7A-qX%ndnI#}Lm*P@FYLL%((89T`-6Q{NwsoT>~@g6 zBYWmMS8X6xHE6`pu4Qe#0EUSlfqt$9qh~v@VBy4+yaEx^UN#=gn&<1tf7h5V;Mm6{ zW32D6xWs8ET!+z~0A(nH;IT6E&lc3*(f>!pE3%j)w;nT{&J4UR#S!c>Y?HY|XtgN0 ze@`KR;XVKHe6JXM?fZP)PcwD>w!-i3MvW_IBTo{rf0(74zUeiqyL_jp@6l>D62Em7 zYHF`aH_ag4ub;+(;vhq2q7`;GjI#E>noR#Fy=PkjMCX+^RoCx8yM%ds@ zhb*I`PYCR#`M;vox1d*NAuAL14}iw-OQytrlRs&hfp~N zkzsB(6B}kt!^rwLNK_@nF?4weh&FC+3H>w~W9UbK2Hz)G z38^sE9G0Y@VtW@6dL9fdOMD=MMJsL`OXi7!1G5jYuJ3>1tl`63TreT%Wa`$8FXcqC zS6us@38N=UVlkxeXF-AU$=>ZFs85}gwO@RG9mQ46l3x$h=6p`#_=Umo?RbR=1yqkc z2|g9?$=2znw_}Q2oy=|mH=+PQ-lzWLE|hpX)ZynhT!*DR({VujXBXUw>X_=vxH1Iq zULg&bO9e;&(eLwoOPksd+q6#88_+J(p{8$K7J%&9ht~bu`q~bayQ#Z-@l}NQZ2+WU zkxV-ydtFePl)p)7hc9OX!J|fq``ZD<9-oi|^TG<2sLtr{17YHYpX@)XG3rpou%F~! z-_OK0%JgkO5Q(KVi4cl_ZH2{016$q{vGFPr|LwZ{_Z4W|%=(#j<#G3(Wu_GiJ#+i9 z3hCR!yH)v%D)yovE%I;m%oEt{LpW$2TB7)*2z<6vd#@|!YzTY2;u~NjFOvc?M*ef- zU)PVvb|cPIXX)vy*w$ermJ;U!+`w~CiEZ+_hYEss{NCXBKB^MT_uWo-ytL?<9g~Zd z{Y>?W&kT9(ZM;}km~R|kaZ?XT*k_T3ViA%o6;JHd@@H+nhGSD_C;U-aR3@2%I zv&Mo?C(>wQLEB_&5V9(N~UC*0JHAB;R*QAUBpud!>E%(~&}y z*&n~Mx;qyL_lf0Z(`5pZ?E-H>=2(drsqwuN9bhlnud>ala~uB~OB59NHg9ZP!RXEw zm;K)GEfEbgJ7WFp6FyXyLQtV!<&UZ`pDhs;AGdtKeL$OJxEwl}Ri17ky5{~V?!)tP zgHzLs{QT7ntT3?#@)*Cb2j$QzESzWp98&v>R8P`#Tv?v4e|Zs!kHA3845ioI4yvGz zpN+M%Am0?>i90g$X|AvU53~}=h(}#!u-PoAYB$T#zn_{OWj0@@F^y+(EUsDgls`O; zZW4B>-(>Up`nSx)dmR~}4t^3FuA^JBTHF2Jwp1|&7oUh2J4(^z!e3p%X;CB02>*_+ zPQ$|L}Zc2xSB>8jzIxayfvd58_zm-#IWcb@DpfU-G9TfJw=gIjnoAWSoQomq}Qt|*C5s@IfVw8${N1TqsifEWd2!g6gMRi@)!DYGA#<= zC^Pm1%;i>=gZa_^%)SFgdA7L0I^Q@jb~Ux{RuR=5d(@)U6D3ucs^BcokHb8BwTm<$ zWtHk7>`|I@CeT1#!yAf8Ekv=67BXM2=)F3-!sCK;;Fd`)th&p#HL5U{RXEz(6b9H& zOp949?Pph3bU`f=0C(#qAAy3Kxr8bQxbm#Q0j+oX??enk-S%FkgQ(=3UP#RTS=hZ| z|L#jftdW3sXk2*Ze3uq9Lq;n(T1kwusv0WEaqXOm^2!|7_j+9Bsw{}^dj~a96dC!0 zrolFsjoJxevJ}l9lHN(mhSA_vK&1fb6by0JUxQ6lUA{)-Wr1mwa}0#Oe(kD?LMjJo zjRK3WZ#SAsb$6@0X(*Dv%4D6F)lM!_zsQHN1i+4)}pzOxWE%IefEr%O?J+oNm_DX zFZTL7F8pKc%TIWQWNAhKOj%L6lDU)3V;Vq|6AUEKfksC3v`7y50V~RRecOv#L?I3k zcq5GlCLnO#cBY2RZ+xUdk}K2~O2N%QT@M$VKSd&%Xvu=jqL>U&_9BDJCk1k9+Q8r? zeLffqQc;pz?uw`~1R~MR{9?PLLI?I57oUIGBs~wsjuZSt zHJYTNZ2U#@6>hPK7xcvM*~-6fpv35`x+&oAMhkY9+gzHRXy=lI^K&HbwLW3 z!Qn)>n5Hc&U%$SZhyc#IVGxXqe=y;|8am&Bg`H6G0K>}w%o$6;>|cE-(Q!EElfi+x zbP-lE=fYW2oO@)q_oSXQhJVsys7u04Y$|_Pr34r50()~kXgn?wtO#(A-bkhWN!P%) zi8I_=;EIY6wAw$+O2LbBaK;prQ3thzXN?#a{lOuWBL|n$G!p>cIm>8zU}Ij%LlRO! zcn~4L$2Co+1@e0Lx3*e&RzPDGIEv%Z#OD*V{&>9X?dpJ88&`+*jNdXC49DnCVK6FE zL6T$1H}rpfdfLc*tyDicJ}1g?CHQ=Od*f96q-|(XAFV<6Je;DjfQ2$kQUAlP{s~T^ z$3PZzDRLDkV}u`JOE`Ft*!J-LZtHhf2Zx$pHjS0b_4x8PVDZsAF1it1dY%qE&&?;N7ZJvTG{9BP z^$soe#+K<)r16`otnk;}hWNgTxaJ01wPh73wwg|~&zEy3lZI{YUVJmLx=0-;!E?>v zCb`)=yk$f*cy&}1M5Pvj1iT=`&Er{jA21e1Vy)q3?k+og{98NETa&WSo zMVf^o4^RL1yFnq!ZrYrRxe^XvzThHT2$9_yDNcq8r{I!Y70~{#(uZau;~`LFi{KxM zv$O0F3_&LcqnKzP@17E}(~w!n{%u?bP&@g7?6Z!PT~2!V?0AV`ukTi91ye^hFM;+H z>g0HH+fR6zZp1d2111cW9fA;wd6~%zE`=l_Vw1|z}3$$yaED=q@=A(Eiun; z&cA8}cdhSa0sfy2j|bf^ugda5UB&I`VI5K`_4%5M}f?(v{$nVcF@eR;Qx6Bi$%_%7)1*KB0a`lz-x&N9IJOg1% z-~f1uZzAx&P6T)u3Q_B~m`P&q)~l)|u&UJ;MNbV1Ef~i=D6BnzJ4dk8M8&OBW}H}8 zUr=Mj)yInRj-$7}mzGyMGvGvOzoiFMUGMh>a%(@O7`WXHZcunJE9hr=zYtT&%uOCH z>fcR#Bi6geOa^62t(08V*UJM%B%&hr?;)7tAGT*KD?bRnC8UF zs2hHgBw~-3M_b+FeW`hh@arwLdr7$Q&DeYyw?IJ$n3Q`WH^;$#A|4|Q-Y~#o1`Xc( zG5xHi@F-?tuKa57{?|6mq>KK}b}ncls3%?Qq;D=G;xZ_7@beLiZWbO{7yGK1klW*J zk)!`_KoI>HpHTD0Ha1TL8>mbO zhvhd|#@3^Vf=xX7mhZRhC$BPTM6VDbx+@{ru}#ZYfwxFz=|%#7Zu?Or!=tu#iY9Bg zE{X);Y+fwou$tyRMncoCm@Gb$j3MEDQt9IU{1c;90%>QvlIbc9^!m5$)rLW&0 z*{P9{cwRx^6Kt7Y{JGE!l(e1;rDg4$A~O%ZgeX=oZ*{(VmL>N819jp ztjr5R8Y1So%!v&SgB(jn7s_FsH~g7>%$%y4s;ZhAme3ip;1chO(RU2%buS5%jI{`a zy1^=^!Y4LArqv>P9@duc7h$xd(U*16!PQoT`j~s!+JfKk;vP7AmFW}j845{3EF z-Z_TOL05zbiy!qF$D{Ix$O*m9t^tO+?DBF-Xb%rtk{nHb9u0KEc?+URG}Gs3(pr=K zh1v*oN$+gAcU!%R-!#{4DVey;qjf%4yj0pOio={wKLpV|+d7)Yjre$k<#GtlzQkW~ z6U8LVq6AJ`3#nOxW^+o?%hR(>B))!4&kL8;1g?Dimui0Y4lMDOnjuZR_)hvnu;K9% zcdISh-KVX zwmKlW`)SvZ1)gT(M2IhiohlQvs_72`t4wpVe_BJBY~=O| zwbv)uRB|V;_T>LOCDRKE%uRkum?bO#7t186DazvNw>|TIJ+EWp3ZE&kLbu8^)FZG7 z6)GaWeAQ15&kxTgsC^B?-}2Hx=XCNZ-W6aC0L&B^euZQ>EG;Z>3kc-mZ!3N`p!T81 z?`Y>Ymi9A$E70FyP@YBSF=}=52R^}~-Zh_k6P{NchvQE=-sXPZF=^;o%1(-mMc6`7 z5{4J3xYto2i>1D~v`T_=F$7_A{9;?6&bI(KyPIb7vvYb~8@DeXphw&2uITAWS(Jj@ z5oTkh6jOG$LOp+Ywl$0FxT&Z9dqCP6_>__=*>Fgv2Cux{7zfu^!cI_r4fotajRL|m z1{PrB`@}Le3nf`(?0FY({t-Pw`*de}|AbBa?h|};|M>VI7?}kb+?g9#FxR@Y6j2LY zGInHmre`(s&Numn!^P0KwMMO!J$4(AZ5$gJkA8Jm$iJL3rdiRDh2U0KBy$&u)U=2` zBh)a@$L)YGFE4|5=@FI=-M_nog}vJ!w3a`DG9`bm=WzEBD7B=@MzH=hI5{~fKQHS$ zj}58OyN3DY$;nk4c2Ul33K>ID%(;PqVuM6Vj|wDy{SkC=dlt?*@Ci8)oLLdIi5I}l zErMJf(0g{)#6*c12LC9gWf?BZ`CiClJXZ(>rO-~9eoaWkw9I~jEYTT>?ZYR^fk_2O zPcQ>YVSoQOe8$xD6axJHW7Ea<_#x2*mcT@3S?9#5d2qR5HW`e20#!WS1QTJAOEn?Y0m|5w;W69Jg4e5B?`hI;YVx#<8hd}<#$tVW<7Bx<4 zcOV2oSs@A797*c)^5WaZzy8K*|7X@b-{OiH+4I;_m=~=4oGjN$m?-O(BC%mbgDiN> z!j=JGki(jcJ_(?V`aVF+jsp)tShTA%=I(-$_d#l=7>o*%4MQx_PTjboDqu8W)goO*<2u!+euqrxkn0`J8yd#BKvWpBoLH za%!}+vI8^Z4;2@gw>RLmcOqMdR%J`^QwfolFmb6&g+r=7 zp(k?74v)5c=A)3KQb$;%wnJ+WJFQSu>4l3h+VSW0-PYH0##6tQqGH*1$j7uY8nmI* z+hs0qkii%~(cT2EO(cFfVm$c{ecY>?6#)}5rub!f12eL^8kB3nd#l{_OHnh)2`#YH z9i@^y+bEZ$6kTz`BYW+_8aKb4F|JW&eT8Hh`gko<$mrkjg4UabnmzwRL@REjEMvDM z7L|2nsCGhUe!qPJ)a?kno>7D9#pl_XkuAGD;X-&Y7@&^Djvaj_qKA;BLS2;AK|en{ zI$jyk2^6VECcV&IMYL(}V%$h9oUZ~A({L5nR9Zxrw->j=tcZDj`Q7>?wHgp*ZYkma z_KxfnKTgfAYhX$i;z=2`BxrJMAAQjDWOXcWDI>mSb>URcO8d8spPzyy0j<=u7YW7v zRS}gGOjuSDVVtbuO|V3z;9t7z<{h5Ux`MJQCz@|;==mwR104mrJ-{7a3G;^}83+F4 z!jU5{UB2=YgY&8u9?IzQJB@y}j1oye)BOp#8|7=sd7^Gq)IEHi@_9%yk_}(Lfr$%odZ9vhq$Z+Ha(9=cdr~vz|Ky0U zm&g&m2lB)g73=~$JR@~nE`-^duYpy}pb6FKR85$J@#Q_V9LbG@mX-nw9WEqC7DT|E z$EWd$hxdt|wWM*@$1CdXYb;iwRu12bW&cp@;QpN|cuN3a^uNh7F)1NAm`|T?NX8=o z>jG<;?)V-bixs?(j_O-nUy8G`s3-Y1L#n$Vq`=k1DLVTC1r6`I`3q=+>y0$af71$` z$bV&!H={;$;lCzkKby`Pp*4n6|9-#L1lKJ7z`YWawzrW6`0vL)uZ9@9z)uNYS`Jxp zo~!43v|m~Ucu?A3GTp98U7NK!;4;5_@MO+cKv)Us5IyJ~c{>*x9yBfY9i|cP-!V?` zO<7x_8%&B~H580y8q5z^nXt-i%Y9xR-y<`43YlZge zzPXu4)ay7x{-i+z%dg;f$-KOV!QZE1yxsUpy657}xy}oeGT}l@@(-Qo1<6v;D8#rm zqF1?^v8zD@pi!n0g=%Y?(-}VmcZ$5DwbmSM&@;1H(~l5|rYVX_h_nghIZWOM-{z#t zYc_ywD3j_Qj-=GD!V5j>Dyu|o%cK4r)6{>iVqci2s^?E0vTJA0sBJn(JvsUJf5!+z zpL0;zPEw7s6DBCA0zzfPcRUy+mKxKm^n%^Auh5~?XK9k>WWvYP`VY`$F>ft6PNb>X zSwisST-glJZM^60cJ6$Ntb$hhXh1g5Sm_!#l6B>YL`fh#9nKSA_C^G5Q;)pImc;>W zXhK!u;U_?Hu{I8H9-oW0rRIVxasJ_d4WTqeVD)4GySOSEuC94I z9LsC+OqG+Z-v8S4`7J$WNfW{sTGn6iWZv4zySS=}4)cF_dZ)ljyCzz({Wa8+crA3ZQHhO^W^)_-uq_VzBjYxs;V*OGcqXrH}zO7P95*Pv5(!nKn zElt_m5c|KWhr8hYDi10QETN)8@`4ynIhD%>EVJB;&^2mI9mRoME6O{x*cbz_t{|E_ zE}Px(+P{`#G_yIR=gD1+p7Hi5@Z%d6G8B0+yKadr#k}2rP_1hD?&tT2nEyT_1 zp2cSVBm%ZPwbiAugQFWU-@P0u(Suj5Hku&?PHnxbacLn_uyb<`V0mlZr3*!a zsavPJMe&6ZN_pv32{kuo9g~zy6g=l98xs=~^puXbQ8N#is408*%_V6K?d6P)M~~6x^1oROSVr`Sgjf zpbue9s;vQA@)PW7@n+fQhUP^zzc>2{+3*=x8Nz+p6Vp~dA-GnxMlg+dsyx`H6BhcjJ zuI6B!Rzpm0rA(7!rLUY&9E)nuaku6ANsEi9?dDNPi8XlG*pnD4nIA<%sOG~vfU`36 zwqx*Qhn;5k{NmizLBWrD>bS2`-RMo7CrG5TDB`J?OEo*iPo8pIt(Kvs1&23Oyp#m> z&YN*kVahH?q^sK{gkU%imDCm+${QcH69`AsX81d&sR&L9T|$Y+(k*!VW_>x+`Tr#> zdq@0NUos&HyubB@uE;ae)67bj!T!c!rz!EUu*+oPTuCDV9U@13jiG9p9FQ=Kj^x9m z2>9hS?Dd?f$2T-H(p%cv^Ad2e(LI_w-R&Krfh@eDE>o(Zp{P;P;d_yo(>YVI}SRF0qU(8~e+3CEB z>Ut{pwl>CN%g@il0yL~-y>jUCrD(L}7P={!epHWCf`Z#3D|LVw>|b}`G}a|61yeK`UzHy zxAMQzDPot-IH(z6S7Usa!B>3gTonFrOHp>T$98hff8;wUvYRk{A1?IyBYNvKuK(NX zM2G#?MwzcplW2Tjb$bngUR(Ea0T&EY7FYkf`kwpxz9X@3hM@kB)uFxgKlR&-SHwsH zHCH-ls*Q*ivyS{)$zOr^3ddVd+GrU&i@o$Z?;bUHu>f$d6!1h)jjm4WKRpcV>W|iK zpkRb@yI+#NwD*!T%;YLNVunru(OG&_zDl_KtwTWGTFuggNuayv#1zNTe*GFWiYFC% zXD;aIVi@KG#NNrfdn2hedi}YcBI1>0a8hO{#u*gW zdQaoP4|?9YMGRBE$4jr^_NM(VGEC!2g||gm=k3TX>+_3F&V=j2Rx=hOq0E;Zrnf1Q zeNyJU;h_{7SFy~=jdZElJR^0u{;F^?Y)6f$>2%dWjF9w6rG`-uWD958ZCX8Dogt>K zT{+ypIFMkCPiS)zsCNj#FTKcjR%KipS(uxffFaF`fjW%zu>FI=qn&D#?8p*iO=OAQ z?nzjR<^{F-^388;S~YLdUX7{?p>MA1b*!q1U{g-YF|(uQSaEXoB*ZKP7Zf&b_)*KF zE*&U4Q`)AC?`mrI_6BmAiWHQ%n&@hio2hF(+;E&YWMU{?HnR zk2hlF9Q2(&1PDqfU?WIF|B9K0Fvm+ppO;#zZ^be)ozIP=U2g1~z;kQmh`~NVL>W;h z*-a5rk|v0RRwf>;RiIk=wm=63+Ig)d$1eX{BSb{RV8(8#I#xT-wd<%YS)E$S9%cri zL8~5_C04&#@SpVQqM+l9lKPJJx3<~cMNkfjy=?+iqRS!mgO8+m>)!YyYMSci5aGyth`)q z53fU8u&y)E7fi^hOD}2*Czx%+T7|^!VhHO_*B|UzEm=`mo>_o8lXA$cASHlWKRidA zd94KqD4_S&Mpx2B{2}|u$iUxE`R$Rwy;p}-6kb}_C&{<;9a$F(D;u_3SaY*THa()x zej|$A)bbN!+Slo7p(zHe23{oM z0&pd(U707>z=eekOl%1lB;V59X~8b-wTXt2At3XYb%_=MV(Nk9+`< zY)(qgQmUnB10YUm=IjJ~vJal5M>MM=i&+8h`H`8yo72=*HV!Ah(Ttm|6zh*3uDruJ z43nE*b~aE$uhdUaUm8p0=Hkl1Ev?zL-NVmHsm?fziPtYjFB92JNtrxg;n<5w+?z~# zGi~G$q_fF~$xQEIn^5!hEs5<@?=Pp@shRhRtu{0_x2a>mK-xOIsC<4mA5 zO2-is?(cF@Vqnl!RW;q06PMLEXO^T|;;tRBuuGYMj188Zq$kwboF1_bL}j4FV6Tj9 z5U^p#bL8MGNk)YQPESlM4Okc9-b8<=@!`k3OK)%O(#fmGMbH72@j`on>=tj&78}0W zDrIoO3z4EAX@4h?RVz6Xo@4#*Sq9Yw1|$OV4>8;DD(R>C?xCI2Ctxugj+aMGB;x!n zfX#7dN)3Zt>b7=6{GTe+h(x?N|Jmd!+jU5pF0w$wFr&kga!+2=Io3DY$5aDqH!xJ{ z;pL_#ClJ_v^Q#`Mhsizl4(;$*Z=8 zMUw%*SXOLpV(w*S6rz!G?$7*t4Uv)L)lB#(N!$Ij!p5V|-`2XEfoc}*wMeD~YfmRl{-|{&}#^2Sd#u9x+W7EcgYhS z4**nH+;z`YzN?uH)ix&dSxnJEG|7R*Nk|_4HhixbSkfU7zG-U99!Wg~7IhEM+!k+C zw#P?A_M*6Ut8NJs`ANvSI9!bQ5wogG4f3f;XP^%L#U#+DN>93tz1^W%a1p4JRS_-P zOdBIV+v?!r@q8Zuzhv|pP)OVHjQe>P&5wU!^?Rv_-KVx6`kW)A z;>^vf+>vQ+ua8%mM4=I*Fhrp0Vb4_#H!zM?Y#XUGCHqgJ} zV$a6=9bBW9ECSNEdZWY&Q8+1JyT5j!1FW{TX2zXizyQggs!h{)hV+;xUf=64FWqpK znikTU77kD1T? z=;6PIZ(in8WhzGr;Zrfcj2B3-&;v(F3L{FAABz^41;3r%nb;8 z4LC6m*CS_pL&yYZT@QzC1B3Vi1F%aMV}3e_ULLlBZg7208BhC{5cT^a>)GqNm$c-c zBM4Yxih@zZYTl1G%O4R1rCzres&a-IjlS_!+b{7@z-V|iZnfZy9}1=kYlK(b%AvHJ z9wcN{09L+MhYL_ys!RU`hO7M(HuBeJ_zHpstYGAhP*YQd(1BjO2SE|K{XMxXRf>K$ z4Tx>>aI<+|=T}dc)~-_<_Spvv%o*Zk1AP~BL`hODt{(4~T?8KM@!){n$*WFxgccAL z*@Sgdkd+l43G{c;`0bhQS?4Y9I+l4EYKJ`oSWSkcG z?pE&N=8p%du=ec@tMi;6Y&(gPfU-wJM^RBp;t9b$`<)4?7gXwOY2yVpC)Eus=v^H+ zldR2NkcJHsIm~LW$&-UuML&wzK`0BAh4g7|+@#DX&o3%}=keR@bHt1bN=M_o2%n{bQW}~RB6zNs_fqmSwxG%@}JMv58=U+HB^>(;nP~N`g@%D zE3&YcPJb(|DrB2{iKW8Mc zFWsQ^5qB!SIqhER<;9NWCRP@ilRxxJBCk)7h?FU?tU5n2Czq&lY-}Ap3gA$+AhYXR z=Q25Wd-O@OJ}0daBCIb{`FPjK{yL>nMyZ-Qa06n?-c&K$#spGXrT!d1TTSrw*BR%J zF}gNkm%1T(Jq?h+KR!nBX0>Ny!I@;4Rw9Cg&bd-n>Jr9={Qx@LzLt=sxS^k+C^PZ0 z3TU`d4H6a{2a-2GKMw5;%yj13F|jS9Uhc6rw<96d3fY?Z_nm;J;~<=#4YB1kaiL6i zPEg?x+FVY_AlP`_Yx*!w|iDgSaL9BB0cCMMJRFR0(nAN3l3KGK%L?<0K z$u5bJtPfRMA!X84f+8*!;^XTW({jbPv>QWfj2ikx?u&DO>_Ty9;`ny@>aWU-e6s1p zC3>Ej)QnOR9G{1ly-C6NMSUX-qUB6ZLHMOWjK!!N$bZp${WT>U4+lfnL`;S&$5d(u zBwg18R3PO{!pU~QwGDAI@^F2ezA?N?8FuHegSIVWJg{&R{5(OJj5_gD4h3UA*W?eJ zeBU1390)B0^~)cnx63L)+J3kC8A3N7ui<@IR| zY{q&OE6TYOR4`cebn#-ln)14-hHi(a%&*Zmz#?2a0{GvsD6)IJzE#NvyS?fe*yoYb zxPQN}zBhV4bG+@}!Erq5&?X&I!6`SHF{{DaxT4@rZ!6n-V3URFG>>j%JJhqXfIJN+ zdw}fNMgv9SqLM{))-SGszD5nHI^ov9{_zekF5JWT{(Pqz9qbl7L?toyG214jNLKNr zXKU10k^6M)5#Ij{O9|ADsEuE~m1s93GqgO4bXCKmFc>~x;oJ@c#g<>_s$0|rr_2ZW zPE}rBgY{)@Cav3X^v27p21|r~Jbt;zjAJC22~@qbk)a$~>^aN!QcJxgz|JHl%S7tE z$RO4f2*;$;*hKL9R}67m<$<~K@qm!*EH3+vR70$D`phe0!Q?TZ*}k?d%j2jbror&g zQURmt=^G*7SWBrKpMt#x{?Jx3pQm{ORk(yCl}NgNcKj2QthmVWerS(I>Om`5V-9AC zweM^b1^0){H6C6$9%`#&xs-;EgmYxakIvTZ0~u1&vbN5Fn0_AX`mw6gKdFo2Su0PA zE+$1;OHm#6-;<{Pml+lJ@Y&8ZENxVSpbAh{!wLYMv5A>xcfE^&^S32A5#74cML-fL zC~IQ!HA}LRZM7?Xx&^ffYco%^aNptK_5*1w{C7t=vMwjc(b`6wjw*8VxLNW!#U zXe$1K%0E(#H4guzDxTK_nEl&bJz}yOL|fXX#+B+o^}Op9F{=Ve$f`Qn+k?#G{b8Wv zy`8EkyKgQ~w7UrMYhLVn&-*jC3h;6Y$;%WbX=QU@po1QsNB$DrAD`#f+dld_mRux{ zzjua$j_@R=vQuQU#RHIP451WnW`EdNn#ygd#SgQOo7P!dhNO*T69NKtB(<GRPv5os;+nY=E#m+)HrM0>StAj%DsLTB~wX|U^39^WS|4pA97cecFh4~_IN z33EPk8@ADOB!U~~(&D;W0;DUmC-1jxj$MD#JDcPl`4oIpBxw@hVL%RF-j1C^Cp1NM@~Fc! z+~w?fQbzOpR!y3AXAk|_iA_=e@v@RSp?GH7I1j}k&=Ef-$L|KY;ao=iYjx=~`v=|| z6`iwWZ5>l+@|XrsV=K?}cNP}gYb%v*Cl_&OCy%62xQt0c8O3p!Lo<7$Yb~dCW;P=})87kC_o}_@qfbzm?9Q_XOLR@*T^gsjC6J z5Wd34l@*JEIjlhyq~Pl{ZmQt^0GB#<{*7i9k^gGZ`mpH_>D(H>3wS@9BT^J1^TPrs zqQs9$a=|}48$Gc#u~{bK(07G(>WJCUF3ZeJiw}U_Etq)--&Oi>b@cJj7uEuA7e|*I zUglLK7oEvs7Y@c{Ikz`Rjk8a+c#5@ts-d&hRUa)MGH~!&|%r{`uj46 zo*YE$nK@cD*YQzLgKctd%2&hGQl!i`Jjp~nVv<9G1xH)9W5@mxzf?I`b@9m9>$xO& zDRwt=R9lcw4W(3cfF+@yPdDjFQc5bH>`ptp{Or`}{so7T8r!Z1LA$&>+})QZIV=ee zMaD<^y5AEnM_=bB0%k+0CY&&Q?p^{L8{fBk2czRb=I=R>8tXHKp@1_m%{@JJ|M*z1 z^tNmqGFEnZdFH>_Ng_aUTx%Q03{41x@4j9(bI=A^PGnlQZbXK9t4i&}rfT(bfV%^| zU?Z)4v%QTi`Nzm})BFvV6x$8ih99OGN4l={>7OL2Wm*aXCeV{4MDt1R(AehDK%e4r z>*q9GSlj6+6+=xkVAo-kjdivevxNgv)=Xtb#7ytNGAB-Ubo6$mV@o(wVR8e8sH_^L zR$g>e1q{ZfpT%{_LLcgG+WQ?$!~x}aM418HA`;y<8M=dU!C1ipy})h4UTe1PX7j7(BfmIXj~b2*g*U{5Ndoe^Y>*eG~HTP2@}vU z1hitHO7#sImaQ-!Hw+qwGwA;10QFn~;1TP|#hxV~$&MXg3tOa?v1!41SjILfoHg}b z%*vZS_ySxxK^UZb*{PDZ0!M1}i@yPwQjC6kcW*(W!H{hdI=|%wJS;@*SqchFs0NFY zFb~jlg9GFwYh^$WQkcKDanx!azlrV%xDkr`*cn*p{$E2wd9XHkN_n-You z-3B}%EG3x2ppkQ!iZ$khEa@yVD`b?HVVX74BA)AbIDL{bl)hGcw;Q^frHO`@el@|$ zTaG(cNv^xwUU9RN9$*Q+P9lLr`W zY6_0V0D{}It4&98_7#qyZ9`;ZhK7Ni3-QYy^i6{*2`iZNjLm1}M8?Dzd6zF}qAsQYtW9 z231!si^aZ8Lcr}eROsUa3mb(&3o`~!V zDM8L{PbDTN@ASRuT&{VCU{wZpq31|ak2amY@ip{bwHJOdUQC%3s3Rm8L#p7(o?z;q zNF$c!R;(#;U6~()|Geg^;dxARvVB>{Cq3#a#f(CWRDQM-uO$2fiTdk^d8!VoDBj-s z>nEgaP84Oe%!1(M9)kakAYm~Ki&S-J^Vx*ewwjGIHLlS--j6ZytpKoxB|zIGs5>T9 zdaDw8{*2xOTwu^l;N1s>_(KEe5dCc9EXK6tb##_f4oR)D;nI%Y-ZXPLN|p)bhF3+N zS(1yt!oJ{%@1PN5aRTCx#EyeaQzl@-?%`RQX&?jlR|TJ_v`e!7NB_)@->t@9ftBd` z%6nL2G8!xvP1?Abewet_?WV>az3Of3p&^!?#jZEjmWs=`=r4 z#5aTwH&(;3hzY4(7>KLknH8y@G>+O4rqGrHpLd&X_vK$aKn38>}qn~)Y*sLZ$4+84G?1AzJkzE>x)++rt4oY&uJSEe$h3YQCsfzs%Ux=1MWwfk!^ z0#i5@Oy-mj0x4ls>E*fHN)i|CE|G3$=7yYf87y0PU2&$g216xn2(0|usBXzxcbkT>nvgtJPU)+i^lS}!b zg~fX?s{~C6Ulm^{m65vbi}3H24XBaatQ>Y*A1>WgxTMs-0%@xqLuv^F?V>WZe=w{A z5EO=xH{RrPlN!!V4;;d{e&P)Si4g69qBvsZwkW;3_B?{TP{RLlqi0YG2hq%U)Qn|NSwUzFsw zsM=qvMj<_MHCrE~>ObPHP0k$nk=Nn*QuSxvd}2_jkFS@n5CY$|9M) zlgiA+MG3}vJph2(*CY^$O0W2jRB>RC25+$fQRx6AH$zFIPY`Dhyox$#yiTwjTDyev z-grrt>{cygHJw5fpxDk$ZxB>6PFD{Z1_q)35x69P{a}$R|6IMAR4tMVh`u>)b^K!? z$!ISse;8$|058Rsj&TlbTRHvFXrYqcjRXBQ2V&{(={oZbD<3JQRm21d_c#3g^Pw1> zc})#PJY7f~e>IBbNBB5fl3x&w6SF3V2mP;`b2-=ujiB1Wjk=t0G4#_?YJ}Y{tC&|5 zza+&KLM!~Iaz;#<-d@Z^UZtI{b2*#QPXpC$z>+_A22hVivQB^AdjaW}6@C5o4a@~y44@4rA z8gwhkM&bZEw27n(yn|So7e#2%Kc$vj^79itqJ3Wrt_lyH4X%kIv;QsGkRY#&EPUUS zlZR7N)g1|{SA#I=yr-(uQNcER(oCBW^lVxL*!T3Y>OD(DjKuYS0nMv#KQf6D}pm z&^c`oc<72Ath6t03E*Vp7j*osA*%By04t@OFh*So`{E$tn=Ki%C~Icfj(2DXMJVO2 zY(tGq9V-%_Uv2k#{=%o8c^QplpAx|X4Y1{$)K<-3?C}uMfl-Owfb-j^o6u(4;g|et z97}G+6Cy2b_>RxTYXKxIUCr*67s6e*I`5<|pZ!xtTh6AEMjx%5)~9H(XVtONzI=e7 zMjN%4c&3Yu4_p44U$p#b=$=to-J=t?-0@ot?);Hqxwbtb)koD#`j3&1&J+ml4;8jq zC)9GuLL@Wz!-$b%?j(+PdAznJs3?4}A)FIXOBJ;;h}=X(_k%3Ddnn{b8AOAAP`Kh~ z^_#LKy9NLBYpXIMElE=pNAs9&JVth8Mmj!bH6tCR$`^=se3|oAs|N=%Zu;s7fGdX8 z%|v_853f*X%q&N!W$@n5!X867nx0=ab^76G>2ibfgF81pl=q9qGjPO|KQTagTr+3( zE6vnhCW~3748sjBu9-j{{SvC@Y68`gX;}^zF!kGRx$b?aovcI-V*hIgJczprgeOO5 zC5`C52=r~t01Cei;z{Hr{x~9!lF2dfLnDU!jc1GtAkpNo>azj8Rqsn=?(;#$JxNFK7ClKYtM=MV+%)@S+ zLE1nNPVFa;zZ1^BMNnIBq*i|dPp1)X0MpMZSfCEy)i4Y@t^zXSC9B~=*vcgeI_kcD zVkoWV2dL0HPdV}MVoJjL`nd3J=pU`PmAqp|R{yfG4rPHO{|aEVkAQcuGGtjW68P&| ziU=Wju(JkG(B2U_ht#*p;zuc&`p=VV*^#!jxs@L%pFkiUUozIs9h~IEXcWu?2;3=e z8G*b%nmVTAp*Y9;dvtI->o!IllJ3_Me^Wt!)J3On#R%oGXYG@R19}FaMxL~WDPBQ# zc6DBMtKfN}u8+1Tiuf7csPXOh_hSV&kK)Lq(3Q*k+v>L<5h0+YUy%$b&^{%xMU5o& z6+_T`A1@L1jiEE>p$957R01gI)B35chD#kSCmFb`=bcVmmR;#WPs~KY&)qkq4+4@c zTPZ0k&xWsDO_-%avU8J~deT4D!pyy_Q;^QraI%$4jBX) zYz8wiDHRn_UY`f~-UDloozol?TJ$^=7bk56be8ukg>+LQdH;|b*SQ|!F)<_0Pj(uF z_HTdv)&2dCWj- z2UlHR@JUpnr}hRtr?7s(`Ifp}JmVqvKY->1Gy7;+JRS8ghVk)Gcn)?ts4heMy{nry z^YIwZyKT{Ub3&W+vBn_Mi`N5lSeY-K!bj4p?w|Ect1vs9%0m904&3fWmgO5#+xMbq z^9YsW&dNV9Pzd!0G@-^|=n0+^9=dz1isp79{_ce<#_z4Q;n}j&KyJ2jbA1dDoqwWC z#B1vEZUq$R1?$*Qn`sblc|F|BuFlTovx>v9rE?^x7yrG8z@fXQGzE>w%(!CU3mSx) zu(fr)uI6xdF~++rut$zr5qu)LsZEiu2Vj&-BD;PyTODU|KYvW|pYxGhoO=H|EqTKIs}W-a4)yu0C;evaMtg zogmxD0VnIeS6yzc^_?(NPmB4PgV*C0OkK@9kIy56(nQb8*Dw2`HvwGJ<1qHfY~p;W>B-4RwRt&SpWuyb9#I{L^EW|A~_3sNn1(GVZUGB5pCOhJJnas3|R*hk5i{;su5&n z1ul%}1e*p^I|CPh- zSr9ueafAN-%LwB7gak;@Kr#C(ADPPnyT z<4_%erMg9UBF_f{nA_Vh#I9Gn9sQs4(bm0tZ=sU>hJ%j>6_@S9O;Sb_lwhh0U9Gd4 zG6weC(MxZBeT#Ic(&)}djl*vL(Zq0eOcFM>c!Rzu$d+rk9zk-dHJ8nuxGzQN z<#34FpbJ*`8kGeewd7c(WN2rkr1@7gpd1rvUv$KCHGlr{c(ligl8uJc2#_cX%O5Mw&ba#dFI%P^{(Q{j{4UrHqQZ;`)zoUIM~nzzUPYj} zseBFw;cjY#sz{L&LV3#j8ONm5uov!hWNs{e@SWDC4SG2`bs~Q%`e~T=(PGzi1~kRV z>Vol{*BZ=xxa}Ee@OUmBp&@s)bT6 zp%~Kjs9V;RD?PhZLN^WoH|@PSI|?LO%KYXqt8+crv{lTd(}|!c(fjL7e=}YPtfG90 zEMO%dLznzz?^CyyN8n=xPB4?&n1QzwWeClx+RESTH?*uDeQUwfiHBu-etJg>XN~91 z^!4(jH8<|02Cg?G=wfQ8ShUVr3}l$?-6cMA6Xph}oFXE#6GtE|U?f&IOh0 z5gqMsXT*}__ie;*+!qY}{haE@URNKawYha<8nB@k>33%K2mWy9$kvH$adM|p{F=GJ z<4#BMBE{y+e>*cPUmtX<>5UsDR6iuAk+#zMt*T#LJ5fy$*ygXvI2TvI?9x3vc(_rJ zkeewtJTR!|r0k?EL(vb>EDS8dS+%dVN*b>vUdhwfH|?UFEC{EjdgGpxP%tL)d?Jtr zuJ;rM-^NK_Go56h1Qro_PnFC0HNBB(icF0zBJ%}T%R^n13#;gjRlCW45F7UVGP?`^$i6TNdfCe4Aj{^@tf-)_YEuL=kL8=k-NpLGC2_pnn&ITVU+;(!rKt%76)t66 zNWW-`bf?s?l2vos6J1Xy+F#vT;iy5)`~kJn!tcvG_Zz7ACyYeEai_Us>omO74D`H%W)o0mtITBa1K0CO(5Oc=exi70qI%Qt2rIs*HSwF7QCo&M& zh6v^_C*%!o1;@kdJ4U)Q)$N;m$UQB^Ev~49endVKUDRtQ!D7q`c_peoQ=1~c90nv; zNg6qEmwnIlc?WWkUB2_6>NK$p@1?)O{UGAt&bYWWaxFbD5miM!tg?i-tG2Bi@Cg~p z>7v+tQ?ZEdCo5f#GH&A{HS;Hz`50=>X!2q-BgWZNj2+oZD77LqJKU5Jh|NG@QM({LHs4`=AEe`OX%a24Z0#QTB zpIf-6lWF2T-|_%C!XsnkX=~@2gAl}AL}M)#U*PYpP*FEAPLeF?q*%d33WqXvMvHhYwzs#h z$F^=@gJ2zt~o(8oiFv@ck z6)p&nm;#@ONS?)v>Vd$f`lsH>85RAMIriK*tE($ueG}^z1C&kKw;N8hwQY4Ri1LYz zNGKqhm9MI>tS-?}mj0X`@kM~0Cz)H@r8Hs0-yv|iHRbHj?-&~8di7k`q2O#uF+lbX|IcpI4pC`DR7Le?#i~$hLEW2C*eYZIUjliNx<; z#xUVi#l@9@r?stJyxG!|a)P%Soa00N>FKVKm}@os_L5(X}ndMxy55 znYeyJOQ3Wz4boBv@AkgW&c^K*3y@00ZOrjglY-*|A`@Jm1BLWmMFa%}U188rwn4se zuwgR(qiL(Bv+V*lG}sVOY3@Wze)Yx&)K32G7JE8^t9CUf#?0UF~U7GfXci=__%yB67ufk*D3o~kp!iMd6gtV zj})TyW&~KcHoCB08phV*c2Wj@qR}u1|BiF|FL6}N{m2evY!on%P2g)5X{Njg4Aq`k zGJC&p;EXC{BH^saRd-Cx51X%Ha6oafZ|N;Qe-U`baA&S*{DGy(fu(yb`C3OGS+9o` zo1dE~i(RD;08rJDoQ?69Ej7gG4mv#K+BU_PwFup~d{-YiL6o+fJWd!$1zQJ(3Kv!; zdHcaTzKw$ok?Tu1`k^-7gA)5mh)G5jyBx8eb~;-7u5{f^y18sO`l8hjk*iSCDZ6=o zOQxWJBCCLU(HWzurLL@ua8lE=4IMTq9#RiYxy}2Vn2c^<${f;z3tDQTw5-IhIpjw- zU(YI_Ii7LkU6@`b6uzIPl^g7T2%>veRBRW zbb}Ilg8iF%3>K7!c65p3-*WwWZJYssTB%^Dx(ZvvlceiiM_nJ%MVx0Cvnpg5fHVTG z!oVK_50^8UxB`;<_*B?CMA$=ykJ%_kwEx`l#>kRN+n6%%cRGqH9u{$Z=Tyvqr2YsC z9}a)puxA|7H|dw}w}C&id+%R9n|7LKC6|m5L5Z_FcV}r?noG{UqMzsi`kQ!t3(x2& zcJgv%C<^6)35P4Oe6jz&o4^V5e-o-e{r7NcLvcT3-2PR^uzqsm4TKEKl!*roN(Sc8 z55RvzzB(U`8#EMTu@NBsU@EVMiKQsXSo^L?H~Ebx&Ga@(4W#`+B2g`bPi#{?hs0Xo zeGzh#5@S~kv^Ff$T2qX}O^uosAR-V_2+led&30W6*wBffHDbWCQaBd(z%yTaNdYo{ zqU+U=P_B;3z4hwLXc?Prq9ZUlG#E}hQXZzu%NxjVt$Gq-Arv6tJ2BF5*rI9Eswa-o zvwONLn-anOT=U)Zw4LYtxDpz84=V1$)PBXjtyFuw0<5W(v zGFfPku@Ow+RN;yZ1jdD%Or$ZURLb#=nM5%wsQ=Rn$te$EvJB)dztk_!gFdHRaf@o5 z&3S9O!LFqB_hE|nq>3iM)?+%kcO$qE96vLOA71z=VTFP(SwEB*ctoehCIQ-EFN>bb z$3#miDI|D8jXf4ELyhecr7~yoYY*DsZtiS`xLWbvk(;kkhWsGUW{|cnoyt%Ow2>jJ z-~kdJJB4gx6Ndp(oe|X-<$hihE=hiW9xg}yUi4g^E4viG&n2*!0X06hZ*>OYu?FXu z$@4%F{*YqN>>u6K=cs>>YsC5H?BxN-LCyHyK_NT1DQgwoqs~KkL^9ft&LX9rwiwOR zI;B}mpC-&&QTJpXvzn~JADwy1RWqx)6pBU2MX)mi#u^Ka7q%R7y%BX^X{mmdn2T~v zeW{}V)NpU(>oL*)zmv6LRgq(`vE?k!>DcO^k~AjCg>Cm-eHPLm0AQf`02+SgqS;)! z`G2^Gyl|~dP%Z1$FE}`rM}V*;$ZqXGJvFmPxy31%Oqi7NIeg&D^mr+)s$#)hi>Ef# z4qw77geJuPJSUk*2-?zM!WHDz9UJ_U)_iE4n5f1MSqEYzc@TRWgQ=6tlUF_X9bQHR zR=KJuWLXZcET%Lx!01%59M2L0Xd!%oY>d3Qnura(ovO&RWwwI8c+^DO;~(XsR$D#_ z(S$2|52mLuZ9?t>5*VXL^zrd*3*6s4HmsEka}Jzm1rUg^U}1*a6UCJ+nq5tQ$Shl_ z=d(9aXwu6+mbA9B7_t@OK5m;VBmb|A&hit7H9nz)Tf!GBY_dEVB~M7h+k1vvww$Xr zb-f?d=xY0AWoTj(N_VQF7N}t|ditA}CZ(w)!TkC>GB6dAcBU%W(j`A)4_bvysH_%F zPg@&p`Caps*+3WcRRfvIM16vG#Tqabhq`)$iVPj(w4o4RkA`;e`ch@3!)|g(esPfWHM#nnRd}oqZTD!`cuX6 zB_f;3B+%H>aJ`lCdWM_uti`n0cnce0uhD*gi4JsGFR2n1H;|U^tVn*c;3l?M;Zg5R zW9mB?%9Z7wZ1hknwf*hvyxVfpE{iIUhz`E2>%$Z@aem5o>Tmyb>qHRIG9wF;u+GLK zl73uTVaWoME*YA-v5dF8g}FS~74)?gQhPIB?Ek+;vMNG_)bb^AfEMS0>rvH+0y5s` zN$~))T~tBzBiMQDEZ9UMhrfOHm{JfEo@-G;#MVGY0`siKF9kdS`dnp>bZT%8PeHeM z83U24mDK-ZC}cIQ=*h{+6`;gZ!_DK6Lz^YoG5z~zvKex3E9s!2bEcSo%@1N29@B?E z^xwlBIa{j+NRFckS?NxKB{^fOJ-`0z8RuCtm`leb4O2%eBgXtr1~Im)xED+NNAtv( zS%9WzM+aJ?p9N0gJZ2NI1xP+m=j266C1oLk1lpXLD*w;D8oPBN^Ikkhl0%dy`*R`m%OcA<@l4c2-Rv_;PKyJh3(XIOSEB%`23Hn)`6S*>+Gw9Pn zBr_z?OGP`{&XRFDsMTWr1KJFn)#_Kmwkd7@g_g{3#ZL2R_-BRZ$^V)MWhsg2&r6^;C7(iCd|2pMlsRf*9OS;fzvWrMvz`+F?*P;I zJF7Jad~Yb}x~z{U)Y#k)l{SN;Ch3buBOAEdR}i}FYyGuQuWL;ufrP?tn&Xu@VZjpx z`5mlOlS?~TApSIRU(Xk1mxsXx9Ap~XGEqJNm+9}k`)}r!>n;Jl;vaQw4K?_I#DhSb z8ohYo=9fiDRVr>zpUyG&A|U~oz@D7%)04eg2;0<3^hl{jtkx^ruHQ&kxq zo@HJhnl;nU=iuz&_}rw{INCP#A9Z6*=Q^6EXS}F;d)p$G!jACdCi`qGO#-3?Sj%7r zl+HRI?+47sW^O-TexfKzpV4)aNr~|)!{n^5^%T&5a0|ZlOv1E=qnC<@{81`aE@L|8 zI(KyfPkNH};68P+$~aRv-ce?iAkz~08z1Tar6cz*!ueyo0)VC?LQuS4I_WN_rr5M+ zEn!ZCHk*;)s&iyf{aV0uZh_nQryQ7%Q(a{Ky0%A=>C!f6Yu<&$wav9}Ug&+^P7e z%RNJz=IJYxNj*e2#<+W#iqD-@U zzfVwMWy&Cl3)-igty zcxW`Jx;_r2m=?CQG&4pjV`2{ad(#HnjAi1b_6%W~`qCclbc6a`L>I7hfww=3JqBm6PDFip?FaBEU z@lW53S{>D#YcGPaNO85{wm2Sniu~;$I6vggon4M!5v)I9Hn z(>&E?6&v2HBdQL~V$(!0rQ&(m$>koqR@TKT{U@Oi84miI~Qx2O$gR38&RXUTn}c>}`tN{A4J6HPd2kqDol zPw7l31mR)+48a_UO5bUp1bzNt3PH(Fr)cadg=2G*^aE+^gXb?cG)YTzW0qsd6PX?s z+41k%)~>G?DQrv2jPGE_L%lSfuIIenbLnFp4-j1*Z7YjY-zEMJ7IngdY!yLZw5;hW9x9nfckvPo->TUvBd!^wJG&-+o5S_n$Zt%HJJ>fWx&`$2~@dn#eCoo9+vj znvb{Zgi-Uf@ce%?eN|LjYu9cmUaYuFarfd{+_kv7yIZj0Qrx{1C>GqkxD_Xb;2PW= zPP)JUjFFq{j}hIeSM?ZajfO6H9 z7(tg&SQ)r+?1nF*Ng27ro9Cn)HrIbqHK2=`Z8g0)c