sd/LAPS/2504.1-Preview.psd1
|
# Copyright (c) Microsoft Corporation. All rights reserved. # Autogenerated. Do not edit. @{ Metadata = @' {"name":"LAPS","description":"Windows Local Administrator Password Solution (Windows LAPS) supports various settings that you can control by using policy. Learn about the settings and how to administer them.","version":"2504.1-Preview","settings":[{"name":"ADBackupDSRMPassword","description":"Use this setting to enable backup of the DSRM account password on Windows Server Active Directory domain controllers. Supported values are either True or False. This setting defaults to False. This setting is ignored unless ADPasswordEncryptionEnabled is configured to True and all other prerequisites are met.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/ADBackupDSRMPassword","set":"Policies/ADBackupDSRMPassword"}},"schema":{"type":"boolean"}},{"name":"ADEncryptedPasswordHistorySize","description":"Use this setting to configure how many previous encrypted passwords are remembered in Active Directory. Supported values are: Minimum 0 passwords, Maximum 12 passwords. If not specified, this setting defaults to 0 passwords (disabled). This setting is ignored unless ADPasswordEncryptionEnabled is configured to True and all other prerequisites are met. This setting also takes effect on domain controllers that back up their DSRM passwords.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/ADEncryptedPasswordHistorySize","set":"Policies/ADEncryptedPasswordHistorySize"}},"schema":{"type":"integer","minimum":0,"maximum":12}},{"name":"AdministratorAccountName","description":"Use this setting to configure the name of the managed local administrator account. If not specified, this setting defaults to managing the built-in local administrator account. Don't specify this setting unless you want to manage an account other than the built-in local administrator account. The local administrator account is automatically identified by its well-known relative identifier (RID). If you configure Windows LAPS to manage a custom local administrator account, you must ensure that the account is created. Windows LAPS doesn't create the account. This setting is ignored when AutomaticAccountManagementEnabled is enabled.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/AdministratorAccountName","set":"Policies/AdministratorAccountName"}},"schema":{"type":"string"}},{"name":"ADPasswordEncryptionEnabled","description":"Use this setting to enable encryption of passwords in Active Directory. Supported values are either True or False. Enabling this setting requires that your Active Directory domain is running at Domain Functional Level 2016 or later.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/ADPasswordEncryptionEnabled","set":"Policies/ADPasswordEncryptionEnabled"}},"schema":{"type":"boolean"}},{"name":"ADPasswordEncryptionPrincipal","description":"Use this setting to configure the name or security identifier (SID) of a user or group that can decrypt the password stored in Active Directory. This setting is ignored if the password currently is stored in Azure. If not specified, only members of the Domain Admins group in the device's domain can decrypt the password. If specified, the specified user or group can decrypt the password stored in Active Directory. The string that's stored in this setting is either an SID in string form or the fully qualified name of a user or group. Valid examples include: S-1-5-21-2127521184-1604012920-1887927527-35197, contoso\\LAPSAdmins, lapsadmins@contoso.com. The principal identified (either by SID or by user or group name) must exist and is resolvable by the device. The data specified in this setting is entered as-is; for example, do not add enclosing quotes or parentheses. This setting is ignored unless ADPasswordEncryptionEnabled is configured to True and all other prerequisites are met. This setting is ignored when Directory Services Repair Mode (DSRM) account passwords are backed up on a domain controller. In that scenario, this setting always defaults to the Domain Admins group of the domain controller's domain.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/ADPasswordEncryptionPrincipal","set":"Policies/ADPasswordEncryptionPrincipal"}},"schema":{"type":"string"}},{"name":"AutomaticAccountManagementEnableAccount","description":"Use this setting to enable or disable the automatically managed account. False disables the automatically managed account. True enables the automatically managed account. This setting defaults to False. This setting is ignored unless AutomaticAccountManagementEnabled is enabled.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/AutomaticAccountManagementEnableAccount","set":"Policies/AutomaticAccountManagementEnableAccount"}},"schema":{"type":"boolean"}},{"name":"AutomaticAccountManagementEnabled","description":"Use this setting to enable automatic account management. Supported values are either True or False. This setting defaults to False.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/AutomaticAccountManagementEnabled","set":"Policies/AutomaticAccountManagementEnabled"}},"schema":{"type":"boolean"}},{"name":"AutomaticAccountManagementNameOrPrefix","description":"Use this setting to configure the name or prefix of the managed local administrator account. If specified, the value will be used as the name or name prefix of the managed account. If not specified, this setting will default to \"WLapsAdmin\". This setting is ignored unless AutomaticAccountManagementEnabled is enabled.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/AutomaticAccountManagementNameOrPrefix","set":"Policies/AutomaticAccountManagementNameOrPrefix"}},"schema":{"type":"string"}},{"name":"AutomaticAccountManagementRandomizeName","description":"Use this setting to enable randomization of the name of the automatically managed account. When this setting is enabled, the name of the managed account (determined by the AutomaticAccountManagementNameOrPrefix setting) is suffixed with a random six-digit suffix every time the password is rotated. Windows local account names have a maximum length of 20 characters, which means the name component must be 14 characters long at most to have sufficient space for the random suffix. Account names specified by AutomaticAccountManagementNameOrPrefix that are longer than 14 characters are truncated. False: Don't randomize the name of the automatically managed account. True: Randomize the name of the automatically managed account. This setting defaults to False. This setting is ignored unless AutomaticAccountManagementEnabled is enabled.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/AutomaticAccountManagementRandomizeName","set":"Policies/AutomaticAccountManagementRandomizeName"}},"schema":{"type":"boolean"}},{"name":"AutomaticAccountManagementTarget","description":"Use this setting to specify whether the built-in Administrator account is automatically managed, or a new custom account. 0 Automatically manage the built-in Administrator account. 1 Automatically manage a new custom account This setting defaults to 1. This setting is ignored unless AutomaticAccountManagementEnabled is enabled.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/AutomaticAccountManagementTarget","set":"Policies/AutomaticAccountManagementTarget"}},"schema":{"type":"integer","allowedValues":[0,1]}},{"name":"BackupDirectory","description":"Use this setting to control which directory the password for the managed account is backed up to. 0 Disabled (password isn't backed up). 1 Back up the password to Microsoft Entra-only. 2 Back up the password to Windows Server Active Directory only. If not specified, this setting defaults to 0 (Disabled).","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/BackupDirectory","set":"Policies/BackupDirectory"}},"schema":{"type":"integer","minimum":0,"maximum":2}},{"name":"PassphraseLength","description":"Use this setting to configure the number of words in the passphrase of the managed local administrator account. Supported values are: Minimum 3 words, Maximum 10 words. If not specified, this setting defaults to 6 words. The PassphraseLength setting is ignored unless PasswordComplexity is configured to one of the passphrase options.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/PassphraseLength","set":"Policies/PassphraseLength"}},"schema":{"type":"integer","minimum":3,"maximum":10}},{"name":"PasswordAgeDays","description":"This setting controls the maximum password age of the managed local administrator account. Supported values are: Minimum: 1 day (When the backup directory is configured to be Microsoft Entra ID, the minimum is 7 days.), Maximum 365 days If not specified, this setting defaults to 30 days. Changes to the PasswordAgeDays policy setting have no effect on the expiration time of the current password. Similarly, changes to the PasswordAgeDays policy setting won't cause the managed device to initiate a password rotation.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/PasswordAgeDays","set":"Policies/PasswordAgeDays"}},"schema":{"type":"integer","minimum":1,"maximum":365}},{"name":"PasswordComplexity","description":"Use this setting to configure the required password complexity of the managed local administrator account, or to specify that a passphrase is created. 1 Large letters. 2 Large letters + small letters. 3 Large letters + small letters + numbers. 4 Large letters + small letters + numbers + special characters. 5 Large letters + small letters + numbers + special characters (improved readability). 6 Passphrase (long words). 7 Passphrase (short words). 8 Passphrase (short words with unique prefixes). If not specified, this setting defaults to 4. Windows supports the lower password complexity settings (1, 2, and 3) only for backward compatibility with legacy Microsoft LAPS. We recommend that you always configure this setting to 4. Do not configure PasswordComplexity to a setting that is incompatible with the managed device's local password policy. This will result in Windows LAPS failing to create a new compatible password (look for a 10027 event in the Windows LAPS event log).","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/PasswordComplexity","set":"Policies/PasswordComplexity"}},"schema":{"type":"integer","minimum":1,"maximum":8}},{"name":"PasswordExpirationProtectionEnabled","description":"Use this setting to configure enforcement of maximum password age for the managed local administrator account. Supported values are either True or False. If not specified, this setting defaults to True. In legacy Microsoft LAPS mode, this setting defaults to False for backward compatibility.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/PasswordExpirationProtectionEnabled","set":"Policies/PasswordExpirationProtectionEnabled"}},"schema":{"type":"boolean"}},{"name":"PasswordLength","description":"Use this setting to configure the length of the password of the managed local administrator account. Supported values are: Minimum 8 characters, Maximum 64 characters. If not specified, this setting defaults to 14 characters. Do not configure PasswordLength to a value that is incompatible with the managed device's local password policy. This will result in Windows LAPS failing to create a new compatible password (look for a 10027 event in the Windows LAP event log). The PasswordLength setting is ignored unless PasswordComplexity is configured to one of the password options.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/PasswordLength","set":"Policies/PasswordLength"}},"schema":{"type":"integer","minimum":8,"maximum":64}},{"name":"PostAuthenticationActions","description":"Use this setting to specify the actions to take upon expiration of the configured grace period (see PostAuthenticationResetDelay). This setting can have one of the following values: 1 The managed account password is reset. 3 The managed account password is reset, interactive sign-in sessions using the managed account are terminated, and SMB sessions using the managed account are deleted. Interactive sign-in sessions receive a nonconfigurable two-minute warning to save their work and sign out. 5 The managed account password is reset and the managed device is restarted. The managed device is restarted after a nonconfigurable one-minute delay. 11 The managed account password is reset, interactive sign-in sessions using the managed account are terminated, SMB sessions using the managed account are deleted, and any remaining processes running under the managed account identity are terminated. Interactive sign-in sessions receive a nonconfigurable two-minute warning to save their work and sign out. If not specified, this setting defaults to 3. The allowed post-authentication actions are intended to help limit the amount of time a Windows LAPS password can be used before it's reset. Signing out of the managed account or restarting the device are options that help ensure the time is limited. Abruptly terminating signed-in sessions or restarting the device might result in data loss. From a security perspective, a malicious user who acquires administrative privileges on a device using a valid Windows LAPS password does have the ultimate ability to prevent or circumvent these mechanisms. PostAuthenticationActions value 11 is only supported in Windows 11 24H2, Windows Server 2025 and later releases.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/PostAuthenticationActions","set":"Policies/PostAuthenticationActions"}},"schema":{"type":"integer","allowedValues":[1,3,5,11]}},{"name":"PostAuthenticationResetDelay","description":"Use this setting to specify the amount of time (in hours) to wait after an authentication before executing the specified post-authentication actions (see PostAuthenticationActions). Supported values are: Minimum 0 hours (setting this value to 0 disables all post-authentication actions), Maximum 24 hours. If not specified, this setting defaults to 24 hours.","provider":{"type":"csp","name":"./Vendor/MSFT/LAPS","path":{"get":"Policies/PostAuthenticationResetDelay","set":"Policies/PostAuthenticationResetDelay"}},"schema":{"type":"integer","minimum":0,"maximum":24}}],"alias":{"get":"msftinventory","set":"msftpolicies"},"context":"device"} '@ } # SIG # Begin signature block # MIIoKgYJKoZIhvcNAQcCoIIoGzCCKBcCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBxr8kGmGwXxrae # 0bFGp74gmTZEJ+pgPaIGvAj/TqKA2aCCDXYwggX0MIID3KADAgECAhMzAAAEBGx0 # Bv9XKydyAAAAAAQEMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjQwOTEyMjAxMTE0WhcNMjUwOTExMjAxMTE0WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQC0KDfaY50MDqsEGdlIzDHBd6CqIMRQWW9Af1LHDDTuFjfDsvna0nEuDSYJmNyz # NB10jpbg0lhvkT1AzfX2TLITSXwS8D+mBzGCWMM/wTpciWBV/pbjSazbzoKvRrNo # DV/u9omOM2Eawyo5JJJdNkM2d8qzkQ0bRuRd4HarmGunSouyb9NY7egWN5E5lUc3 # a2AROzAdHdYpObpCOdeAY2P5XqtJkk79aROpzw16wCjdSn8qMzCBzR7rvH2WVkvF # HLIxZQET1yhPb6lRmpgBQNnzidHV2Ocxjc8wNiIDzgbDkmlx54QPfw7RwQi8p1fy # 4byhBrTjv568x8NGv3gwb0RbAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQU8huhNbETDU+ZWllL4DNMPCijEU4w # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMjkyMzAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAIjmD9IpQVvfB1QehvpC # Ge7QeTQkKQ7j3bmDMjwSqFL4ri6ae9IFTdpywn5smmtSIyKYDn3/nHtaEn0X1NBj # L5oP0BjAy1sqxD+uy35B+V8wv5GrxhMDJP8l2QjLtH/UglSTIhLqyt8bUAqVfyfp # h4COMRvwwjTvChtCnUXXACuCXYHWalOoc0OU2oGN+mPJIJJxaNQc1sjBsMbGIWv3 # cmgSHkCEmrMv7yaidpePt6V+yPMik+eXw3IfZ5eNOiNgL1rZzgSJfTnvUqiaEQ0X # dG1HbkDv9fv6CTq6m4Ty3IzLiwGSXYxRIXTxT4TYs5VxHy2uFjFXWVSL0J2ARTYL # E4Oyl1wXDF1PX4bxg1yDMfKPHcE1Ijic5lx1KdK1SkaEJdto4hd++05J9Bf9TAmi # u6EK6C9Oe5vRadroJCK26uCUI4zIjL/qG7mswW+qT0CW0gnR9JHkXCWNbo8ccMk1 # sJatmRoSAifbgzaYbUz8+lv+IXy5GFuAmLnNbGjacB3IMGpa+lbFgih57/fIhamq # 5VhxgaEmn/UjWyr+cPiAFWuTVIpfsOjbEAww75wURNM1Imp9NJKye1O24EspEHmb # DmqCUcq7NqkOKIG4PVm3hDDED/WQpzJDkvu4FrIbvyTGVU01vKsg4UfcdiZ0fQ+/ # V0hf8yrtq9CkB8iIuk5bBxuPMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGgowghoGAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAQEbHQG/1crJ3IAAAAABAQwDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIG4r5G9RuRaOmzyGK2mRJ+33 # araYq1NbKAppCfeqy79oMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEANmc2v2w9NDRSoCS4jp+sKokZhVzhlFUP88qZXFsPfZaIURx6J/petfOD # RzkYgG3cG7nKQCQfUCfd4r7KNJQJBke1/mvf2P3FNgv+D/qslRrJj9AWFShZmDem # Vw3PCbKiZQkWpghhZW+iewCRsFx3xT/e5PJegtsnOGMX1l4TuMYRwJCONomjErdR # YIEjUAAlae0uGxijdSjsbBFkRW2j8mH28ZEbaJCcSBej3W+SscnsW8x+eW0kb69e # NB7CUWjCKPQW70gsbeSUUsjDGBLA0YSObDFWqUZ/BImATsvEMLlv2LMKhJk7yMtD # dS7y0Yw8ltMx/hLgIP8jBrw02hZQyqGCF5QwgheQBgorBgEEAYI3AwMBMYIXgDCC # F3wGCSqGSIb3DQEHAqCCF20wghdpAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFSBgsq # hkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCDhwuQNg9n2hbu8dZJrTbQ0VBCHAr37dpu8Cy2L5Cyi7wIGZ98I8w3H # GBMyMDI1MDMyNDIzNTMyMy40NzVaMASAAgH0oIHRpIHOMIHLMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l # cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046MzcwMy0w # NUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2Wg # ghHqMIIHIDCCBQigAwIBAgITMwAAAgpHshTZ7rKzDwABAAACCjANBgkqhkiG9w0B # AQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD # VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAeFw0yNTAxMzAxOTQy # NTdaFw0yNjA0MjIxOTQyNTdaMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25z # MScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046MzcwMy0wNUUwLUQ5NDcxJTAjBgNV # BAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQCy7NzwEpb7BpwAk9LJ00Xq30TcTjcwNZ80TxAtAbhS # aJ2kwnJA1Au/Do9/fEBjAHv6Mmtt3fmPDeIJnQ7VBeIq8RcfjcjrbPIg3wA5v5MQ # flPNSBNOvcXRP+fZnAy0ELDzfnJHnCkZNsQUZ7GF7LxULTKOYY2YJw4TrmcHohkY # 6DjCZyxhqmGQwwdbjoPWRbYu/ozFem/yfJPyjVBql1068bcVh58A8c5CD6TWN/L3 # u+Ny+7O8+Dver6qBT44Ey7pfPZMZ1Hi7yvCLv5LGzSB6o2OD5GIZy7z4kh8UYHdz # jn9Wx+QZ2233SJQKtZhpI7uHf3oMTg0zanQfz7mgudefmGBrQEg1ox3n+3Tizh0D # 9zVmNQP9sFjsPQtNGZ9ID9H8A+kFInx4mrSxA2SyGMOQcxlGM30ktIKM3iqCuFEU # 9CHVMpN94/1fl4T6PonJ+/oWJqFlatYuMKv2Z8uiprnFcAxCpOsDIVBO9K1vHeAM # iQQUlcE9CD536I1YLnmO2qHagPPmXhdOGrHUnCUtop21elukHh75q/5zH+OnNekp # 5udpjQNZCviYAZdHsLnkU0NfUAr6r1UqDcSq1yf5RiwimB8SjsdmHll4gPjmqVi0 # /rmnM1oAEQm3PyWcTQQibYLiuKN7Y4io5bJTVwm+vRRbpJ5UL/D33C//7qnHbeoW # BQIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFAKvF0EEj4AyPfY8W/qrsAvftZwkMB8G # A1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1UdHwRYMFYwVKBSoFCG # Tmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUy # MFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggrBgEFBQcBAQRgMF4w # XAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2Vy # dHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3J0MAwG # A1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwDgYDVR0PAQH/BAQD # AgeAMA0GCSqGSIb3DQEBCwUAA4ICAQCwk3PW0CyjOaqXCMOusTde7ep2CwP/xV1J # 3o9KAiKSdq8a2UR5RCHYhnJseemweMUH2kNefpnAh2Bn8H2opDztDJkj8OYRd/KQ # ysE12NwaY3KOwAW8Rg8OdXv5fUZIsOWgprkCQM0VoFHdXYExkJN3EzBbUCUw3yb4 # gAFPK56T+6cPpI8MJLJCQXHNMgti2QZhX9KkfRAffFYMFcpsbI+oziC5Brrk3361 # cJFHhgEJR0J42nqZTGSgUpDGHSZARGqNcAV5h+OQDLeF2p3URx/P6McUg1nJ2gMP # YBsD+bwd9B0c/XIZ9Mt3ujlELPpkijjCdSZxhzu2M3SZWJr57uY+FC+LspvIOH1O # pofanh3JGDosNcAEu9yUMWKsEBMngD6VWQSQYZ6X9F80zCoeZwTq0i9AujnYzzx5 # W2fEgZejRu6K1GCASmztNlYJlACjqafWRofTqkJhV/J2v97X3ruDvfpuOuQoUtVA # wXrDsG2NOBuvVso5KdW54hBSsz/4+ORB4qLnq4/GNtajUHorKRKHGOgFo8DKaXG+ # UNANwhGNxHbILSa59PxExMgCjBRP3828yGKsquSEzzLNWnz5af9ZmeH4809fwItt # I41JkuiY9X6hmMmLYv8OY34vvOK+zyxkS+9BULVAP6gt+yaHaBlrln8Gi4/dBr2y # 6Srr/56g0DCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkAAAAAABUwDQYJKoZI # hvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw # DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x # MjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAy # MDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVowfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC # AQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX9gF/bErg4r25Phdg # M/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1qUoNEt6aORmsHFPPF # dvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTamDu6 # GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byNpOORj7I5LFGc6XBp # Dco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2krnopN6zL64NF50Zu # yjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4dPf0gz3N9QZpGdc3E # XzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgSUei/BQOj0XOmTTd0 # lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi0b1q # GFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU2LlQ # +QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzFER1y7435UsSFF5PA # PBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQIDAQABo4IB3TCCAdkw # EgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6CkTxG # NSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMFwGA1UdIARV # MFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWlj # cm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUEDDAK # BggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC # AYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvX # zpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20v # cGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYI # KwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG # 9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaTlz0x # M7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN3Zi6th542DYunKmC # VgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f8449 # xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVCs/wM # nosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzskYDS # PeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB62FD+CljdQDzHVG2d # Y3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+kKNxn # GSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+Crvs # QWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAoGokL # jzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRbatGePu1+oDEzfbzL # 6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQdVTNYs6FwZvKhggNN # MIICNQIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEn # MCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjM3MDMtMDVFMC1EOTQ3MSUwIwYDVQQD # ExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEwBwYFKw4DAhoDFQDR # AMVJlA6bKq93Vnu3UkJgm5HlYaCBgzCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w # IFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA64wqUzAiGA8yMDI1MDMyNDE5MDAz # NVoYDzIwMjUwMzI1MTkwMDM1WjB0MDoGCisGAQQBhFkKBAExLDAqMAoCBQDrjCpT # AgEAMAcCAQACAgo0MAcCAQACAhCWMAoCBQDrjXvTAgEAMDYGCisGAQQBhFkKBAIx # KDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEAAgMBhqAwDQYJKoZI # hvcNAQELBQADggEBAHO+Ps3xjg9ij8Bjjw9JVbcBSZoWKj/kvP2tu5jGVDc+oxhU # Qma9rRLN9G3nRAxLrAgptNRdhTl56fn7wRJNxISWcWslsRQG2zwOoZZO59b5kjwK # HVzFcyEeXWHTsxZMc8Ocx+1ztyvh44LcxNE2pzxBjWm/fNVDTu4OiXHy2A9O5LN7 # 95uNGz4ZaXwvhiDHxuo3GnPDiKYM/z22olgX8LtotQa5a550HcfbDamCSYE8rQCq # cVuZBZSs1KpdfggEhNfsNP8ul94+qdAodx1YtUZpCAYjuuBRWfIyPIii35I+23+A # 6G0tH41G13E0L1Cfga51AF23RiUsXB97L5rzC+oxggQNMIIECQIBATCBkzB8MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNy # b3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAgpHshTZ7rKzDwABAAACCjAN # BglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMC8G # CSqGSIb3DQEJBDEiBCA8ddfu9fU/qYJwx1shs0d73gtolPLUbKkt0GZ4F7nr7TCB # +gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EIE2ay/y0epK/X3Z03KTcloqE8u9I # XRtdO7Mex0hw9+SaMIGYMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh # c2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD # b3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIw # MTACEzMAAAIKR7IU2e6ysw8AAQAAAgowIgQg/7jtJTxs32wf2jIkU2E34UqiGRPb # yFnykT3NwrS9ZB4wDQYJKoZIhvcNAQELBQAEggIAcwR3V4oG+P0hgvKHyzJ0xPh6 # zQQYIaQLXdMaK2w/aT63ybELMk7arXrJmdLHWDgANSQcANcbPqB2WRAMAJYz7SHT # 4WCsccp8WdCfPyeyMIoZ2McG5PgnNXSJ0hSZqWlwFY/mYoaVzQxTbAb8mHdwPhq8 # AJI+DH3GlJGoTci7VgusH6yVdrYoGJYCOPFy98pcqW/ZeI99GI8OdyjfeRVebfF1 # 9lkQvdugeIlsMCDCWKMP41MI4Jmaxo41zRMDJTWPBtMMfNJaCunc0vwH5paZ/UUL # SmU5itcQ7w84sdBiL0LaL9n3iegxRq0LilTxBOxCu3V8OAwPbrmKSu+VyvBKRfoH # exYLDj1rvMMS67Fu5TvCfYMFB7LLuhN16wxsVzcgXU3Shz6yc3+XT/OT8Ms6gBKr # nwyT4byRtE/qf5uoqVliJHqWP4R41VK5gtrrhqu2AACF1hrjboL4jZ/REI8i6lwl # y0My2jppIlHK5xpQmE3QHjHz4r9feW97mQ2DjxL8pkFXJai2qskjLNndWc1zDx5J # cCsHy6U1RsdsIUblW95dJfTFjVsYXu1AQGLAoai5uc/b9g5Hzbp+QWrsmP/t8JFY # 1Go9v6rkitMeRdDZdCBSgjTTHPhNMmjbFpP7/JCucl9hvBwGeFieuUN/Yhh92fKi # JHVCepF1O88xN9sDbpY= # SIG # End signature block |