From 29cf6d4c424d5a1dae21021a57f0ba58e470b328 Mon Sep 17 00:00:00 2001
From: iadgovuser1 <iadgovuser1@users.noreply.github.com>
Date: Mon, 12 Feb 2018 10:53:35 -0500
Subject: [PATCH] initial import of content from
 https://www.github.com/iadgov/Secure-Host-Baseline/BitLocker

---
 CONTRIBUTING.md                               |   6 +
 DISCLAIMER.md                                 |   9 +
 Group Policy Objects/BitLocker.htm            | Bin 0 -> 166260 bytes
 Group Policy Objects/Computer/README.md       |   0
 Group Policy Objects/Computer/policy.json     |  17 ++
 .../Backup.xml                                |  18 ++
 .../DomainSysvol/GPO/Machine/comment.cmtx     |  24 ++
 .../DomainSysvol/GPO/Machine/registry.pol     | Bin 0 -> 3438 bytes
 .../bkupInfo.xml                              |   1 +
 .../gpreport.xml                              | Bin 0 -> 43830 bytes
 Group Policy Objects/README.md                |   0
 LICENSE.md                                    |   3 +
 LICENSE.spdx                                  |  16 ++
 README.md                                     |  53 ++++-
 Scripts/BitLocker.psm1                        | 219 ++++++++++++++++++
 15 files changed, 364 insertions(+), 2 deletions(-)
 create mode 100644 CONTRIBUTING.md
 create mode 100644 DISCLAIMER.md
 create mode 100644 Group Policy Objects/BitLocker.htm
 create mode 100644 Group Policy Objects/Computer/README.md
 create mode 100644 Group Policy Objects/Computer/policy.json
 create mode 100644 Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/Backup.xml
 create mode 100644 Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/DomainSysvol/GPO/Machine/comment.cmtx
 create mode 100644 Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/DomainSysvol/GPO/Machine/registry.pol
 create mode 100644 Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/bkupInfo.xml
 create mode 100644 Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/gpreport.xml
 create mode 100644 Group Policy Objects/README.md
 create mode 100644 LICENSE.md
 create mode 100644 LICENSE.spdx
 create mode 100644 Scripts/BitLocker.psm1

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..92bf031
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,6 @@
+All contributions to this project will be released as follows:
+
+1. If you are a U.S. government employee, then your changes are exempt from copyright in the U.S. and will be released under the [CC0 1.0](https://creativecommons.org/publicdomain/zero/1.0/) [Universal license](https://creativecommons.org/publicdomain/zero/1.0/legalcode) worldwide.
+1. If you are a not a U.S. government employee, then your changes will be released under the [CC0 1.0](https://creativecommons.org/publicdomain/zero/1.0/) [Universal license](https://creativecommons.org/publicdomain/zero/1.0/legalcode) in the U.S. and worldwide.
+
+By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.
\ No newline at end of file
diff --git a/DISCLAIMER.md b/DISCLAIMER.md
new file mode 100644
index 0000000..3f84d42
--- /dev/null
+++ b/DISCLAIMER.md
@@ -0,0 +1,9 @@
+## Disclaimer of Warranty
+This Work is provided "as is." Any express or implied warranties, including but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the United States Government be liable for any direct, indirect, incidental, special, exemplary or consequential damages (including, but not limited to, procurement of substitute goods or services, loss of use, data or profits, or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this Guidance, even if advised of the possibility of such damage.
+
+The User of this Work agrees to hold harmless and indemnify the United States Government, its agents and employees from every claim or liability (whether in tort or in contract), including attorneys' fees, court costs, and expenses, arising in direct consequence of Recipient's use of the item, including, but not limited to, claims or liabilities made for injury to or death of personnel of User or third parties, damage to or destruction of property of User or third parties, and infringement or other violations of intellectual property or technical data rights.
+
+Nothing in this Work is intended to constitute an endorsement, explicit or implied, by the United States Government of any particular manufacturer's product or service.
+
+## Disclaimer of Endorsement
+Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, in this Work does not constitute an endorsement, recommendation, or favoring by the United States Government and shall not be used for advertising or product endorsement purposes.
\ No newline at end of file
diff --git a/Group Policy Objects/BitLocker.htm b/Group Policy Objects/BitLocker.htm
new file mode 100644
index 0000000000000000000000000000000000000000..ad31302be5ecc210e245e21db809edae69572e66
GIT binary patch
literal 166260
zcmeI5`*RdW^5ExJF5>=#i<rZ)YkX^oH){*y_+k)i;)@?)u)P<%dk%vDvk1XT!r05#
z|N7nKr*l$SRh|8u9zC!^0W;HGU6t?5%F3$#fB*NB*-x|m*^AlsY(CqXJ)7;$Zp_Zg
zuYLJ;R<8Y0-P@V%%{FE~SNC4aogMkLH+v+{K9>7G%J((-d?r_RXD{W~%h?m@VNHI&
zl<Pdn2=w=K_Da4#n*AUxAItZb^0_~|D?L7w&u7xtw*3EZxwln~_N2P9C%@0mKArvd
z*?*e>@ngBVb@2Oz{N9%<^9q-J>2*!6{A>1FdQzDGDp$Up-IV`tRS><B){OR0Mx*C>
z1?i4ldn}ObS0mq@ZOZ4SK>J!+(f+Z(xjFl|YJYyf=#1%ougxCJeiay-#$}veWVG`K
zoVi}X_mjY|E3^gI8-mS)*&V^>;_O-h4|wfYczrtitonXW#(y+>E>G?X_0G#(Z=n?Z
zpVHHsjB;P@{aQV{C%?F6G~YY8Gq1h@Ka%3mJ`&jW<cdBqm*?C59tuobGM2S@E8iXp
zhQRq$;Cv}m-;ow7L)-FuSLEnD!P)<y3;pa$J8;_&YP=HK%_|8+j<)3cdqN@qQ(C?h
z9IeL-Gymi66S)Jo)}$Ae#0`1=quC#3`CTLvnco&HHfCQ4?VumBxh;S5*=_m%Y4r>m
zvMb-8NxvI1+K1J@i}F9v@{69|EHGIUoY0LQg%TU`1aQ*BcG2pMT>nve*ht#19rQwv
zzg7AIhmFcjpJ<Qjg0^@oPegP8<_il-_%mw)+mAv8c(yO_JP}NP5e&8#5W|Okp$z=-
z=Z8SIB~+pZhwi0lHaveKW4{!vu`$mojwv4CZ?d^oQSX^>0Q#fxSSMO&ALzrQs!iT<
zUwVGEz~LupLw`sG*5i?UuXCqAPV3T}X(3oa@ksu=WgZFH5oo{%d+U;YdFFrI#l8c*
zatpbkEgHvNBo`Xt4>o3(W>=);FV&q=eoboi6C0FXp)V-3RgJeJJ+4WQP;w*b6U&c&
zK?UI7sAOL4ELL0bSysmWEn}l~*oR+ajH?wsL%0N0E{M0{d9c#Huq!T$5#Q=|Yf~)O
zpT#O%t6=D3w>}g5ZGX+&y(K<P@8X&9y;wrL1+a3bo$s#a{Vke5<2EwYZNL9UDCbfI
z*4qoHN_krsnY${jUsN!sGKWQcDUyN|5lxuHfm`0rbQ>!hN$;A_#-Z^xrM!ASA06~l
zwn=+(xXV^!CI5}Uxt!HpuQdAN1hRWmsQH;hPq*ZMXuiDcy2n-D_eea)sqCs>!uGmk
z=JK7&oVO`u?%k2z3nIf!w)br%iCqyR@!uVZ+V2QWZ_B^B{LUMqMzg$p@>J?u>9t*k
z@u$re7#&J|uiMMq2G3jLN`K0&FxYsE<t=hMtU4T9;<?CQe_PBfLH$28%B9uia4wd;
z+aAvaa%<Hr({qW%n_8v%!I<Vv%HGT>&s!ssx!5G4d7Ud-Op;pWoZ1>!SY*)jX?A%E
z$^Ns@{$q(MK9flARI-U%4_~s;H<QO){&Q*cR;4tidUCvFyU$$G<lE%`Z7)0hp2QcY
zQ3i9e!-|kkql~%uIc6c3L_+niudLn@S-maK-ImCrZg=A>R9igJ6-~6o68$2Hw)~Vw
z2_8rEi6Rb9RxkImv3)FTKl|DpIe2!YUnV1s8dBO0%|%=uEUULALfDk}U{fsYsjNbQ
z)n*>9OeU)rlgPS^8PeF|_)6=Q!P2@Z(Y^gUmDbfu>(x_f6&cky;EGs=VR3*-Dxas)
zdKl8$Cy&r44tN)A>$8E<dPgDw`?nftJ^Yo1e8xR|o#1M(%v7^P<s-Uumj2r3_?KF|
zy5*&gD!RNRs}92~pve=Tr!vL5@`l9PE(f`Mrcv9;mMNPtH+`x{y}FR5=JoAzo%GbB
zB0+~Yv%Yp3|A~y6w4TO)W#v<vt7!IVtB9s@%bEMxK5I_b23z4i6)98Yaju?vTG6}1
z=W$+_)GsQ_WzT(ksSg&twXZ66ttqA&*FQUWTWV9kt1MYssq|8=yp@0H+I2nG>~(U~
zNzs<dLa)q9E6ff*!uRZSzJ^^^M%MGN)HG5LwO!REYDHNZfkA0ox$B~VR-;mJNL{Jb
z+m-cYtY8xb_vf2>o(qkfbL`{X{E(4=oBlqmMzdd+i{Dokzm?Nkk4@zyksh*S_^%at
z)QjRpuQjZ=TRj%Fu28)Egl4HN=+k}(=5<^i$l6U)>>6DM^HSgY+Jz>W8-jsxYc6%)
z!yq?oA`F@!OT8Q!!aod_YJ->cig6H+g_oMw@$izd2Hspp^y=rW5;GQFsvgI~3$&jX
z&??Q#tA>MO7HI_dfdz7HHT7lfWxTdY4XXWJmmW$@X_B)c8n7o;{GoUyt5jD!%B#LU
zW^(VJC2mdo1q>5D!6vm#)Vf=po_mj|0ywJN&U?!3N9v81p-U>i5q0X?2wh5!IhHA0
zWvi60-Eq<7%JxU{kyFCkwfUNh2fik?RzN#kn@T#RT2<aN?Q*%|TPa)P^v1n?SFF<%
z$EMtBqn>-}VbMxS4d%{3O?@^I8F5rjnetbiQWiJ&vn|W$2E41o8(Wg7WyI&hgZ>Ah
zG?6*`-JGgQ&w3p!_Gir6f4lX|H8qvC+_t6m!!5%yyvwmSD+cy$a_&~5v|TwSZga|Z
zDJE|5%T}o+yqIJj%629#KHiix(FmokVL7h-^z0~X(K58SEB1$Z*{;Mxx<541)-jae
z8IOmIgZ-#D1S6ffQ*TW4tWy0v(R9~&zQN^qUe6B6>vFeiPMgl_n|EL=j{&=pY`<QL
z!}1u!v+^Mj?^TfxyZLq(G>v09_Cr(8ukFd<kST@AsdO|&l<l>DzN1z7cKA7#ydtXE
zs^{9%CkuN;W@DCP$vs4BF`MnGY1{Ce+7KyV$11yar;>tPv(i18<9O{mXWMs#G<ia=
zddzt+oS#=G;^)v6?jhX7Dx#fgN1dnbdR5OKMw!|naOjS<S5=;jc-<k1Y)rWl+Ex$W
zXLdnduttSgsoYcezF^%q;=VrLe>A*mm`Yupe|ewzTn3r5okwMKl*^;Xjqb@jAGsko
zsTGE<;5ddiJ3=Fkr|aJ6xKb&NNHq!>ian=rpd*U=?+<fMx!?qg!^FIMS6-WDEX(uv
zsvWjg-4jKRtCM!eywvyQv0{%jXOkewua1bH{jiE{m{9-?PV-o9NBdi~_e7^3&i*O%
zAl`l>|FegjTtQvV+jp;~`%T=AFY6mz4!qB1-;hTt{i4ORRT{;{wD;Cf-`m8ipz&Oz
zTmigPc_Kf{#ZPG|*DHtcRqZvow-@rqX)>Ig16SK)n&D&Ex{aPWV{5?Ej`bgv#|3iE
zY<eZwFzSAV5jza~>@u`@WRuKCv`M4#{*<wiu+HU)MR`<J>J(2{-k@n_SUxixu63bY
zd6LZWfQwmW*V!q@2hxjTFWb%<I8Kl@!P&>sAC^?Y{fna0`q%A&4im0?$7dI3<J|hD
z>{GHo{KsL!@2i~0i>|COA4h)YJA1nLeK=Md{kS5Q`#91ouiHL8^tviG`gqdoxbbm#
z9P#t)?^1dGzl6ST#g;u5O8;1$sfRXfRI|tJ**RHLBsyj$z^Rz~^7}hEqvqc11BrWm
zOir2f6C>>mNk3(hb3&g<<VVbhkMNTwiTys2XVVtsu{cNWwR}F6(K&bWXMr(oW#>+Q
zGSgA$=Y45;y#EwRJ$F;1;HN^3vlZ=jtJ5Tz$9*oeg6iianmRA^`aoLPlT;4gkbl-@
zE;Q2fCtp<Y>SI~&wzg23wwzK)zfEo7TzzzX_Ts^rlJ5)GIXzG_a(ZGbCvWmB@%&Ty
z&d7Oh+6x#e42p@iaU6j1th7+P(>4bC%>|a)(t0zD(kHCf{0Zwjdcww_<}vSoXF>TC
zUO3||wO_rKLa~{gANX?iWi^xgTJYnX%x$5@9ibYh+ieP`k#QT@X0h5A^yJ?id45M|
z@AI>}(#L&y&aZtgzbxx~PWmP@@Im#o`RMj%6ass4U3x|jIpg(9`P7`L@hOh;&&qi7
z*;j(uTx3@v=<X+q!pHO!$MfTQs>j>o`Wf@oC6T$|bi6$3sVgI&`f1d2S4TdjqoD_z
zq6M7AS?Yu7Nnc$_wUcveKa>2*ZP6e1b0)v3R&{Apcdw>n--sp9lUJj0BAuaT>7GEi
zBbs$Kn71M`NR4V}EWdpz_`dXGR-8;LnKG&(UsqR|`S9Cq@PElKx3BzS75Az9k?myE
z`||8VxsJu!FYMNRxuRo4v;glCmYfej`<JR;#wE(u)vt0zQ0<XgOg-%wJ7rIB&bHgq
zb-6Q_9Txi%Q|u+JST|;sk2pq8;l-b@3sl$otT&)ATTDxAvHE4GVfL695`O9ZRMOUE
z3{F?x6__}M+)lJjpH^C$KWpxZY_-)dY*rk>mP4I&k$gNlSw_2}(L_4V_Z4s9BvxJT
zpA$NKAkRlW;uAR$9B<AnBIf}zn)Y1M0ebvN{%Oo%cfYS-+p3;SpEmrJdbet$DMeCv
zc{=Uku5hj{U8X~+44;*D4=UN($$BstwWlUX;HI6k4$ae3nQb)7Rd$VJBerW&BvWWo
z8HZVK_KAF;2`QEAo_&rT*(`)cHrAVcnq`NQC7;@$%B3K+!0d%;(k|X)Kn2LwLNnIo
z7drexB%FA=gutL|ml(5%eR;Tyy!a_#F+B}p9V4d;*jnw}1HqcN4=AnF(ta-YiD;Xs
zVEkyOhV#2!cXCMUdOS>f+9Y=jEo^QO^;^oUVNzbV-|7X8s(iX%{7LNBo5C|j{xG+o
zV|CFb6)3vlGl^h4_mZoF&t<0{d=G?r7H=FDjJbbkhx6oQCh+!;#X8KZXiuXWygYAA
zcrLzycw<MRWmcQHOH_b0@kpwSDKt~gN*W#ryQ0w&@6w=tm*?@rM3*`q{*f5YMy1`;
z${G>t5mf+%p6ljO)?;ap1qXU!8#r<@=w8ldpi&-}{ZL`;6ggK!Qfdb*mf5S~Mzcov
zKq?K0A+a&*LLtsJRw`**EV|PU%JI*7$Rj}Y5&B#l0qPtCZn~{_AQ0$VYVeMlBk0=`
z9*QVdF&O^5zK!Ua$cE+<o8r)zieQsN+8j~mRD;I#xD^@xO78F;89y~#<7?+I8laM%
z&L#F1a&4SZ5B#OH#Dllzcg|&4FjusQb}k;^mx@2lGiw{M+0y1zDrKly0<j_c)m&#s
za?8Z)ujPuyBX_FbND}>RR`hI!@nmQ_{P$XaX1;Da@hPw5H}BK(tH_(?2)S>yon+@;
zRW|dy(8o2zXN0<rW9@7o<y=~)+OApKlR>+>rPP?t;u(t@)L!1I=#1ZLvX}bwXF^r2
z^g!23+q*8acfG$}N#k~A8?hNs6H7Oj{i9?|kzTbJ7Cl=0l-dW=D1YWc*0bHW&$vg`
zlYGW(PuOQnqpn$i!G2Tl%W<}T?emV%hg{00V9(6TW}nRG?~2aaZ=-WW1?$T`)v|S2
zG{uZugj=&dz1t|p7r5xY%HVz0$`9+qtP&8njs2yJ!AvV^<1*0B$u=2im!5GlVDx#H
zWx(Y8sARz8C$%KVh+Qvj9{2cnGAy=5?7aPiSiSDO++U#|<U4hp*m9|9&UIhnS3DpV
zml&38m3hlNP9j&y72dw5GX=}*oD8~^T+d^8^>0Sg(!1pmCXqj}clxePXtq<)dR?ev
zwsS6TnY=5%h?9v;iOhH!kH%X&b=JjIb`$6o?rT(H{G!75q5QGF`DXE~XXLrMEj&rB
zAn+=e>Fuff0y<WkRbupwoM6Da?C`F9XQmg&!`~kG;d6mEFa3Ky_gSwZt^L_e8ADgL
zA4)vRjFoklA#XFa6&cHiKbU<Z^xc$RjNY0{PAOqN1&Uw~G&WSfp|!tI-#u0IEWSi5
z0-jWBTKn=ps}|>Ebn`PYU1-HB61_$}1JzyOOkJ9g5Qhq#RGDD5?`vvAo*t*N?si_D
zLLMwe<(kG$x+0{rc%zDa8fC^uZxMEFQ4DfvQ9++5X0_2vQ}3Gvb(>c;$45-lc+2ip
z2IIATS|kGRUDAvv(?)9Md7C1-G?I%XX<V#jl=WCE>btaFtS9BUqSBtBn~^<ZHE5VU
z(-kDFA~W=S-JztJ{Vx3&I7N6FpY7Ay@p&>lHrCOzr>yejwwj3Kp5$D<5v%u&d{RS)
zU(~%f%<uQASS7uJ$K8^(V_SJ=9}P1tdgcyude*V9$iG%}JsGqrrJ_FT)(Gco!IX@M
z#vi|m|8i=TQIA^1<~$SoPSU>0swU-F>77j;?Q<IMYQ343n5D7bC4JC>@)|J{H7oAl
zb#|!UK3^wF?`Xy#jRn%X`Eyv?=In-!6lt@?8Q2(=`P^C<{`P4eU88|-MBW*dI3mu-
z0I|Ne9IN@bqQai&*9Fn3b>Xu;AHim0n!hJY!6;N#J`f498Hz)(UO_`-N{p*-Ky2&T
zMlh^)1RkPVMkz5Q3u7zKc;!C*D!<5XX?>pdtfR16>O8|**a~l-o>hmuC!_Lu1tZxD
zyc4xc#6#e7Rz|Q|rY_wvx|E;8#zQiwxM`Ot8^bipG|a9yeYQ)y)4UHgZH!bKn$B(Q
zhmG}UpAqHmE$CzXnXYH&wDzrXm`0s_DqY7??mf}XXt(Qh_@Rg0GTsM%le$!z+MY`z
zO5?44rqZKvLp#Q1bxKR4JS(Hcw7TNdmYT<Ly*gZ5>b5P<5tuA=eLCDjEq9xA+NdVg
zzgJtjdV6P-j`&zw-?KeEp!J#Bk)yPwF5^RFZW&8za$ELc*UQKnxcGN6=2Gt`vrgYz
zZ<*9ITdVWSXA(VWCikgCZdwUK&MnWYXbn!8uOkBh|Ew;0Pa@D?t2o^&OW8BSTo(w?
z7@et-sbSo7mrq$aME05Z{p8TTl$<C_Pqn<x+sT`w#bnIO*{jV)n%7Y4o?G+0krrtj
zukq3|p(u4F@m`*k!!Ik&Syf2Xui28ae{k9nJbkv2Mu?WXbD!pUyS}T?nk%>Q%g<r(
zSf*_ZJc<i>?HD4nDL|A`Fpco6O({LJ=if=OJ4$sb@nY+t5ons*$A0AbEnO!ttDtnn
zejrh41&rwpyCPT>X|^wWGDm0SiS?Iv&6fCHli#N$G0jCb%ue;UC1!_Gy<E<cq}E^z
zM21fUky(k~gC&_uUTI7I(0Vdu&&9rSVjIy5J5aGOujRL|J6k54iX&<UX!YzJ&xZeJ
zMU}4)s8YrdYLA;U;7Zk7VjZ!wmLIw-@3qI`ekJ|p@yoij@=D?O>5Fnc=rT`V$YPGU
z_&z_Om&$SWu3_zglJyc@|9Dhg$0t~2B$8rPq_hVvZ?E;1;QU0|=_)gA$QMVt*G0*w
zYI<Chr8R@PUSCFdQPuZc&Sq%iQc8!inwFLL=9Sl}an56cy#Cv5H?z`{i#_|KOpltf
zlc`^DY~$8Z-RkrlFFlL>j^feMKbF7I9zV@P&jInXJoF@x@|p5Ceb_l3)V=ugbJ6<r
zw2(e0h5S<_>Sy`aby^5*N{hEAerQ+zwEl_p4Q4f*oZ;88y4NeK0o+f-FHuQFMUvL*
zvxek*k$i9S<H{cK%-e;{c_vSvlm46LK#Z?BCyNuzT4@hwTAsBhE#^^(OUfG!R2sjo
zDDqhF(KSUZG12?4GB4LPDwTC0PWM2t{{WAoW1Oj|4`sDiRtck?w6DG+V_koep4hW#
z<Lw=csL{YVxqm}!`gQsIq+|SiO^@@up2^<hKP~*hnFWu|%+APl@)ow&Eym_=(&`@-
zAJrb{%9zbWjC!{3gkFt<d~c(Z^^6?oiYFBxDMiixd?vJ^66Cpf)a%kKl1A@(N{@Zo
zsmZzv02@s^&H&Q(&C+NRWwID^`&5QbvJ9bFSiC+G<flK?Z6Gy5SYa|k$QU;9Td8`v
zCwj!G2HOigQ>innr1ntn&*fYvwZE+8TYGD1(yG7Bis_Sg1q0U9wcb^C*s2v(P0?1Y
zdvPX(-qCpn^#dQu8ExbZ$V*UxN;T_lQa5R~|BUDie<{puBQv&Ig`cGFeX*Zz4Ya2m
zC%u-(@>;#Z2_TBYhtkInf&(^sr_%cpI^~h}Wt!i{H>!~KrAC!1O?rhc-&g+=o4ye~
zLRm7vHuuOmXd|UjXuY<_YHagLHL4ZwifyCLR<n`@fmJa4AP@ji35#ZWxP$ESK9~p9
z8D-Zio3;$T_XS(Ex>T2__dPm{Q)pI+GcthwFc-(3Q}uFBKFMTrCfrfb0V~o5)#~Vx
zYlF$+QPU&V5Ql1Y^dSF$Z0yUaN#tU&l-Q)BkP6R&rm(CIcj|w5Yxv`1fIDkCby$|g
zod_V7_?uN+PXul|Nsor-I|CqGmKr%FQcp-+;rU21O0IiHLzg^5nnScK9gvDT#%2qT
zlVl8may(URW|zx{(Sx1#oZOYiH<5j`$W^1z`<ai+>yx7%EspBitCagr>lf@bLb9l>
z4H}CBG=`oI8tZo$G`EFPX@19YFPbr_(|#PK;!zw@ojEJ@EK3k^GVaG`1oW8p6-SuE
zdY(({M#MDKp63$bv2&A*lvZ#G`6&DBNAdEhvGk4lNvS!+!r%#pQS@`+*$eTpO2@O3
z$6~&ySIGP9$}E!g7S72l*9$Z=MCOgV)Y^P1XFOAnlf$5r<RkrQF*9W>t=1X(9D6az
zbh6V{XSZu|<zM0>sW7@BP@J9pRr18&N*;AhX49N}`>L8*ux7`6k``JWPh_b%NPX_E
z*wGvEPj`XpzCf;hym;pPU@V#2=q&crYE-B-Z04&JhCAn_C+}?-wc&%#E~#|TH&oq_
z6)^Cp4w>DNtZTl1fT51t1?&BTes$KGLhEA=<?;E^(qZRk3>^`9|GAP1VooRlbxcN~
zifMvMbd&%5leB|V+TS!#sPz6+@#YheVTYxgJMA-BY(~m4`euY(!N5m}Fg9Px)5i<r
z(x&FIa(`^gepZ7ivs+daT<`kY&nAiGoXJ#PyJRGeE1Rh{rDQ)8J^3|*Hj=fbm<C%q
zz3e>{i?*|XsShu@=-Zsbn4<UQEJ2^%bLwHY+<x-Q;sI=d_Ls(v=cNU^^f%>yR^6!T
zB{t>!K2CPP_D~<kI+fMX*lb2KereSm8E14(>*y>7)SUN@*yNw3-=~!yr!He%+A`PJ
z6)z75@Z`F-xh21TkqQ&mJI_jP_I?E+aot>On(n>(<Lr;}EzR(<M#qX4K3^kz&CB1H
z-<pGZTIHRhF~FF(VnfDb6wSW#2ID@lc0LojEqzgE!WuAdIk4Cat)qH@_1@2AEZYZn
zLuya1$y$QG2RUs;27xyi{v_~RlUCLS4FgN)cSGp*QaG#g8$BK2hG--+p6dbupU-Ch
zmi8Js`8_>Rk&`jF&wDfMDNgj@gtz*gNQR8hMune+W4gi%MYSG_nO4p#lcKV%QctM_
z_kmlhI5#Q`Z0&;D(6mQ>tK})_U&ho9Z#i~-cl^4Hf$R`t*@<`-2`|^L=i};8e;b5#
z8HdMQWrz1U(HX1SX@bvsZ~9E_gSAO1o!5D#Yd7CjWBYl04ohyy@^vPl#}1_9zRi9a
z6eeLYpH0t*_#)jhiK%Op$xg0QTqRqLPHAPC>YBEu>O{3o@1cpRKiqHDJN#Wv4Z|+Q
z->w<P*uz(gwKc^v=ZLTMvCjtxY*p-gp#^g~g&IrPS3lA*yEKDQo8+ylpFWz<)yHrx
z?dowjRQN|u$Jbd@&f{F-Q%<M)gO4@s)#p8<QeQPU3%V(ORlO%8N4d5SMSj1NHoKKA
zMc24;SL8x{I`-atCgXGWd%3nNE!4|%WmA45^PKtv2Dy%!q^fSJ)alAAtF)$@4l5BM
zUJSpxC+pHaHyfId^QzN(0v&!=>#K-1m?txST{<-?IhXm6w4Up40u|a)V)BnFKG5i6
z%+p%;sVgyF{o{PM6P3&Y<W#n+srL7SdcERxKlvPPk$;g`VOuPVY5;K~(VTMq8=)lj
z>2@V$KMFtgq^+LM%ZXfntybU5XLJ2AyiLlS=Wy3&I^-{j9<g@b=7C58Fm<(yXDNN2
za!KxL{nv_8aVyT(aSho^>L(1Z<)~sS4t=Q;x9>}(_~|D6)7IT|NLxFfbDL79u{||!
z@W3WrM9fq(5WkWoA%;!)l8<A&$*KB{Jj;$I-tg<ypzZwQgdQY`9{1%07vf&(S8`ii
z$BU82K5H~l$WqT_I;WPhNyFRfuB?Z*VKirVoqw?|s}+gI&(ANppYYANqBBUXO(Nsx
zwYTRJd+@i}e;mBGjI5#MoVC6UTXw(VjLx}!NTdOn-<N96x`#3R?9=gVwnxVsSA%;f
zzI`pm@y0&JVkj+|?BDUmU7;R|Yi=j&cI$ZKoI~Fa_ioR19C7}Oc)8TS^}}_n$2kfL
z<R0{ggIKimwEZw27auH-H`&_M$92ah__b(0gpXVOjLTMP+NtVuT=SIn=^itV3@mn0
z%5n+{wcl}!rBO^*kL`8j23LDLV>8RHv6zvuLeD&tlL~dWN*#i^WV*?9pOfgtX8JKb
z;vVC@F!_!a%d3~OPs7+g+cCFRU2x`n>uNm&tG`K(oSij0i+SL85>4wHLSm^fh<_9M
z@)yOwdG5xZ=qFDprsTj)M)Oq#>$9D@U35yvBLBB}AT6x$+?Fdb4f^PxMSgW3o{wty
z#Uqt8YwoqK1rcZ3=~dUm=J8?~t3wg#;?Q1?QXiXP&H3oE*8D_FvlzSadKvM(pGG!A
zp5i*4R`wgO)J%J78SRW`Ce!L_-!bYs6LD~;=Jp*umdQFyksdEMMlAP-<7N9op2~fi
zAMN{mOx+msqtN)ic%*cgPXEV@URr~=kKwkV^t8=chvoBkbwArQS}Z^Pv~yUWu}mJ0
zHa0<;N?odbP3>c9#h4w1wl%@cY-~EMY8oY{W*+V8iqdec>CWEdqxOk*yZfxm|9Fqt
zJz6YPbr{@3j_os+)K%(WH>5fLy4%OpiZMGp9qfiX#dBF*95xyr?JttmVC{-`Q+_Sq
zI8W)3ti<!qKg(e3Ej1s-PqwYOruh4;yWgy|tM9t5jMrD6XLXGlOJW@s*V|?Lj-`B+
z`r9AkoWK2_i>Vl6dU*QWAN~~YW%YX8s8Ph~nmF9&j$K7aDbY{E$BsmHZn`LWEEKWi
z)**BKpLV2JM^<SK#=@UV#@JqBddE~aJWDYao0KNY+Knk-z>3^nRJ+U<^)9@r+bUj$
z+Yz0Gj$N5sUccR%#+5(1Ml}vT+mD>@5Z{wiC4Q9}G4>kRE^Vq^HV<N~6q4rplsKDe
zwNSQyB$Xhzx9m>SCJx8r)vwylA=}@_t~cxR%)zdg9O~v?bf?SF?MPiM<Ww_J!=zQ2
zYa%ncd$f5MEp2sAsnLux@ANEgJ)>)1=J?-APj_U8?nT+1qJ8O}!#K{ip8E1+UuF&U
zeYaf|lHR*XNWSORC~a$Q_Bj-~bbl-7Oh$Wip@~yccjt1=_hQ-T_Bjj++v#ObzZD*_
z8-Y{(o-XEK)DN!76=q>nBW}#z6Q22>@-@ACLDo?1kGs@}BRy+^rS25k5Pp9&`-7|}
zrgy1fX2;OBNY_TSYm3u4(N8_G^|pLIt)8LYoV`(0S#HQ!A6EZ3Uza^l{Gw;x-Awi5
zn&3p0{EvdwhCIPldSInLZN(mdAEgKO30eEKgI;L++ku5JirMEdx)bl}ZYq8LZAJ&D
z5*S@r(8-@!6UaFw({?pc1@MdDx3$3MnS5i<*G6^XusuH=>{~)%`gho0Rvu$lIE{?F
zk&&sL2M@&(+L;`$Rg`Cc4ZNd5mba_Xf|)&Ud1kH;ck-6(q<OW#kXi@&L!#Ij&57J~
z&Q68#dL@Gw7x;2^WfL}7IJJ>r0#1Fj>6Y;LwwyeBTRg8mqjF0h@DQ11Z<^*osQG_S
zJh%VxOs=1%eSGR&PVl1#denDXs<g0M&`(R%9dgv*Kd+v1&F!z7{!A>#exI`rZJ!k*
zgP%f`?!elR6A~YbzJdqmvC}Iuf=$^Fe6S9>`vm!+)pUGMx%r^-XT!KZ9VGkJ=yxg(
zV!QT5F4|$4QnNVs3~jS>&8MU?dyL)txo3-VV#BO#etI+ee(QUnuqt+XGWAjH-F-We
zm1jnwRafa-@7M{K>YS~1;Meg@oGHoo4=Ovu`M6G<=-GMInkS~@itXT08S4v03jdVQ
z{8pW(k)FUbt(;gK#2mo=EY{mC@r_F3un0sWcpZO(1oy5AukEgRCEW$W8PVGF?qrc0
zaN>d4WoT!WAOl#=i<Lw$B9cQUoxLbfOzSCqrWscOK9D|$-L3l4G}L?I3gbH$EDo~I
zp_)1cHdYDKR=46YeNLO>iBY_o|8C)jzUdy$Y4DoDZy?>NuF|KUGyhC1Z8VByJaYZ&
z+t#GFZ~Is_`aZ3z;(c4&e80VY?$<nv)c%xHOJTw$wLg)M^O@K-@)J5c)hCr-Wev+W
zV%Lb1^Br|f8R&?^Z$rMD%_FkqG&FxN0Oxhj#SW*{8hxO^cc$+Luo247c6h9HPA}(+
zW)ywra7=aU#Xe&x-xT^2rQ1Go?b~@9V{LC6u=8{BKDx4#NQ!194L19XcxU(QvtD&X
ze<dDG(&4Klj$`z^W%m13>c>^x2C;qi<GQuZ;Zwe(@;DUg;kEGwNt`FPyY^|3XCEF;
zL5XEoBl>AgKiuoOWnQ6_%frww8@oC4Z#=Wlx=vXiCHzD5s;Q6Tq+14K$rrm`;@<}Q
zyP#o)x6<Qy>sTB~l^iQMy9$pML$Zwi#XXj|4bjGaJ+{erz2;yQeot+Zd%qa&lB;p6
zl3s1tt;^h*vrMM+3y-D0@`Nk1x#j0rpBQ6)67*N+4JD6C&aOgVb>wCAGlqSLKE^$?
zN$BC|pKG2%Sn^{y+$UADQv8p%C%h-~H&#)$YxAIzd#lhUAAK2(@?J`dFhr}GdpS;;
zWqFyBJL8}~srr>u;p(KGx6drpW<BK@d2oeVIdX}dY576551&;gt6@(er{z^?vx-=#
zJp*L$ts-KvH`bk#wUoQE4xu?RUBT2fTvqyrQ;N6dy}OjkPa7Fd9o|L#?o!9kk!+$&
zn~rfJ^MA=-TN~c}{jN~3uLUD--DW3pOV+2?u`>~km&i-P-+aG--m{fVGVQ#3pntqz
zv!&tdlj(Yp_0sh@d=zjl*L3SuD6I7AY1R5Z4}Eh<RBOa}<hqWV^EO{Kp~cz7s<E|q
zFQuIDmD7FUO!LZb6HVR?T6kXTc+exN3p!lsXv!NL4Sl>;W=fr)l7fnloj~i-$~&qZ
ziS$^%<D}er&7JawiVU=zO2_A7<G7kvBGt7pwTfsfr)7I@|0$#XDtje&<x}5WGrUhM
zt@o;RFvM(I(&sM%B^76@)qA%&if!MD0Obu8FaF+|e$lL1tD)AZSsrpbt5vC1(?vAA
zC6w&u?%~oouk<l$HdVSC&C1WAG^EPnFg!_F%~8T#{%&8Zi|@u)$56y7!;$7;?_x1L
zbUr%#gztF9&>qEM8@A;i)!6y_H2R$?9&2e#%_!zPjQ7vvbbUA8Lt{9#bJy0RwN~!7
zSg+sXdufbTMvas5ej0~+=zD5PyVdk&j$tG8c_T(!k5qW&Z)YOf;cC;HYtD#G(!b%>
zQ0Ja?UK88Jf02EPEg4WZt>;alkyHWO&WiNyP@MA)C64wDHcfFwL_eeSSpKEYt&61a
zhBDqB?{B#o^JbgzP*K63zvCi*L)1{sOY!UHaoLxy5Jc~pG0c7wNlE#ka;*Pzy}pwI
z?PibNj_m4uB^1_ZLZ$i4BJX=nGT-dnv)K{)%g(^>MJAbNuy>3YnRyl!;p~%uK7KdF
zk-Zwga%S-+nKSaOsqNnu^RZ||&U=k)(;3-GME`AA+dFiqK;<2?x_<+ln2SMYosWUR
zQ`zB_o;nl1YbT|fal@#lemJF8nkDNV@g%+_=ky&p#{FNax{~reH|nRp5ltEUj+|7_
zONrB+AZRK3?vU=iLbBO+TA!!mX?RNy8hx+Q-{-Q|`=>>If;U34*DrofcbPqxy}wxN
z=KlM^W*NH&VtJlRZ#&g#5zJfSxrb33Ys5Mgnu~U$(`Yoif7qFMSLhJK-}R)OwGcne
zUc1t6*g9eS1XPCimjAVAuim;H<9KA=UdRqPaIW_VpX+>R$8cYIq*B~DQt!7N(y>((
z?Y$!5<KEgs?v8xfcA*>EpGjaHOQ?rOdQ$z5FZn`#k-uY}6}@k&9fOF2xzG7l`i7Ih
zq-P_1DX^mrz|#G^`MKBfblguDglLeS=9a%r$KdGy{N}+r`d;B#tuJr_H+a*u$4JLp
zg$?w5bRUkgh4%c16~%VMdbL?ZZ(Y~N$Yz^Vx)vJMtfzKPbXmFBK3d<(nRW}?Y(>&u
zBAIQrm;Pjbt7*@)(<6qX-FjNjP@~SZe)#vXrZ!GH24k(N^$r$eEn(WnFpFqUw&NCY
zr>|wS5x}pzpKc3j{VBx0udvHf<<GTQtnSF`yUJU!Rs~k|h%3L}N7sivVY2N{4d<U}
zx%Z*C#L-aRD&pe<@rxeo<n2?rb`SQoJW-F;G`aznx=yz}(f2KXoCEau;KVL}N@oJB
zH8G3!>uv9cw%Is6QZLE*H+<i!A_Sr|?`M4f%!|$I-;@zvEq?i1WA6y%c~>kkP&&Fw
zMVqYiOsR7bm79Cg^^&I9)f6YYv73JQ97^dO!^No(y7I#N2=7<a)Avo97hlzT3;W>G
z{=O!gV|H7qdc=GjX>wnrxqY77j~;a^d@}IAS4m$Qo%X}GZXJiksmD<k>QQw+TJ-U-
zCqo);i!OBKO{SrV#SrfXT@0Ikw29*vJ(clf&?EBE7SZ*iLH`-takLcoL{FluT|eAo
z{-^QlNtS{XkAC#1`x4WqlR<~g>cpiqMl|^Q;om0<a2&N@yuTdxrt_nqLB5+~*>}gL
zGtuVR=gE-z2Vw!c^XC0DU|81ZDCEFqslG;hzrx<$3IC1E=$cjn`q5zA3dZuZIQj1t
zwmE6}nPwimnke$VeY1(nQ~Qf*HDgC+{hVio<wv5<C#!S3wb}d!Z))z6JX;ltVzL~s
zSPq9!#$ah)K{}2UDxn@qDW_0ZmiIVf-zEd8hLqZ)nYD3NDXvDg5#DCiNp`jTO!JQ2
ztA$GWanP<yPLo_J5!`-9g+U3WQfU~h?bNXm`ccVRrx4_}#d3;Dp|o8$RhOZRK~|?w
z3|~L0Sg*sVV^8&k#ZPfEOAPhc&-lJn$dSF>m1+Uci{}`<zo?(HQTu+5!^wK@n@d+Y
z7<zJ`jbfkF820;XvoTFQOu?tR)j!Gn8n(~Bq^njzmRFm8ck#9lN83ki9wF-6YdFt{
z=Ji>_sL!Bm{Z*yE&$~Ovjs#VgUw2XsV4wRqeB(D*)gepI!kluX_+42|r?|A+{(g3G
zETwYE7~4xs@0bd93eApq5F$!nt-jtG8O1u~+EMEBm^Heb8h!L+%qY|9$QTG>ezobx
zbfd&lu}a+-1A8tBV|s{b9Am!<ohbFeen&p0&-!gnkv_W7r`Kt9q0fjhU)p4Ue6KOL
zS1Id#V9hz%=ZTnRF?NR`%aII^TZhhR(MPJsjZ>Ge2#0oGZ&A@W2x1=A;qsVh%5h>@
zS*0e7gFcssaec&;jwx_lwZ&%sQ_Lm0sMtJKT{>5%HO)}O{H(*)Uvq|z70b?1YELr;
z!!)S5pP1?~C5}pqqSX|u1ero}hV@^U$nn}TY~+|%b$DDurszMGg;i?BFsO4)81`&T
z(HP@ZNI#MjNl$dGe>GE1kv`E@|Gw+e7Qxyt!s<V2%%?gmF8Ry$9m~KfrM^GJIe+^<
z7gI6DbQRKWb7T9ABq!G2wBBoV7QcOzy0k^`_mliFSjOC|L*+U!-6*k)tWq1sz@F>H
zm>yyp$Jif+hNz|>XVI!eb5xg8qK^lt=cJo^pEjE`WaOAXZ91@g?=kmRDf>fU&N)5g
z$(WWgwyTi!$a?mvQq3{$Bins?t;<jZUq9>KXS|sDbtv4LkMA|+=_)0-53D&K`#cfT
zEXMAzBsTIgc{P;Pay*bay!=FkoC19$d706MS#7UJvuMroqRYS#bFfY7rynhrmv(Ka
zQ$sBQCrTN8>~k52bBS1{r<l?)?p?Z4$FXgd*yzyo8QIltOv_4}!_lVhQNgl*B}Sc+
z{k5tamYC;t_}r&VLHBsnSkewt%ev_`RNK0H972ofv@X`PNYA2c%bx1dzuIZ+NW*k2
zriQ;~W-JsjZ`-tM+L6X+R1+=Q<5+uYEd04%jqN3-cT9yYT{4Wy&mn#+(w(t;t#S(W
ziTuWn1jhaSQ%N8DZC+|D6frOBkhy1?cBEKp+P#tCUViq|ow4xek}<ZInBFlJj!Jii
z?Z?aM(nn*4^$(Y))01Ii$K0yJ<JvJr|FJZzQYVH%opXHHvoS?uj1Nox&&d4$N%an`
z_VWg(mBg;yWHF`MWN%!LG3{3=ZC!BY^3~Nkrc;d7DkO^N<BaSIVzsaB#9XiQ?h}{S
zs}hGj-&J$O8IRNUXsZ&#dX46}RzWhXr>51`VZFrgr0b9E{Y9~;T9<LV6Q{8`!=-Z^
zwCmN`xBGJP+`jxlwTJR9t$o?$z?o+EJ9Xr)?7{p`d4`khy59`gts|?z;+|lYpXfRa
z>M@$R3OsI$z3Mvc>89*Z*{b%&a<XwZN4jupvJpptpTW|NRcsUV#HP|3tOAp-g#+bT
zm3kJVofqDXLtpE-8u)$hWrRzAEMiWyS?AT@Q|Cv10%<ot()nXMb;zf4nx{q$tHH-1
zh))vj#;3l%9dX)lDNiO{4l7`OT+xUf{Cl&{<b8^qjs5iCBn`aJW^FHJ8-&dm$C)Yf
z@x!7(_LSR<Io<`?p3@lS*HwbXX8kNG_qQlTu}&Lxy8QLB)adG;6XnO9J=GU?%}7Ob
zu^DE!&&@r`vNY-P$k9At)l`b;!-=?@tPtI6*MXrJnidS<#CjD2arW_#)q8=?$(cR>
zN8aJ8f9K^S?zT5sx9LO|^cJNYu2j@VMGoIBxoE<%T`uZRtxh)LXeWw0m$ef8M>-lQ
zQ0v(*hFz8x{YE)TI>g*+j)Iq^$k6c)hc<W$&D_o<yD&EXY|3*E_d`Edr%3UBJp7p1
ziR+<9(>P(Cyi<>7;@Epg4_{|9#rkRdHg5Tu!_J%O`i=UmcRPC*xq9CV9nbNeL*6xb
zPUb%T1eF4FdAIWTw=?A2CX#(N`;+{AAm1X68=cxC5NnlF(IlXpohUwI<@Ij@F>gKO
z9aH<2#EhBw7;Me69K*>zbKGJ{Jr0->p_T8!7>i}IHXS{t&9IHd7Og*eyy~;`zeom|
z_ulr$OQVHzg(WU=%Wc7Y_Nmx_3za4K<Lr;}-Ja*Ux=fAjt(k9QdyM$jgj<|rFdetg
ze%8)f_oKG0ygd<K?uv)pmy=C-ODyk_Y+KV*Z`zLs%Z<^WGs}$=@oQL*{kUlS8OBX}
zDvx5+XXV#Qd2PeNPgML)bZJ{Oy6GLBHh$A*n>?gYE-x`t!`v)iDcsGij*{NUYzpO2
z8J>=ov9+mN5Nvq61#f?*nGfyHDW%GKrC}OtvOi99?de=wJ>yOUY0>yUs#8t#me*S&
zVe7r=vrRv{VTiSMIfxuvm0<t<r`g4hc}NqMc3q`WaW)-cw*9`m*Ze~9w|4Nm{ag9m
zZ_?X1`7tP$lOyXTJv(^Vo8VH*(X3a?aXHSh8thG<!=CEby1i9=H@*tg(X7<wVn0a~
z^+LR<txhPN&&mwh?vRNg-nt>t^IYb+{AMNj^}%Y{`l5y2olCn<<zLJT>op&*ewA?)
zipS#Zw~`*u96;8$4^}>T&&0fXa$n|lYjWjZ)tumG!Rzlb(qHA;w^DPmc5qt0zMb%)
z(B^T~f~<_b2V772*5~fZeCLMzdm+6M<L^sru6?|C=KRVbXWt5ImI~FHa8k3oU=_nm
zTTW^{e?UpH7?0!^XPA>k+83O@m7eYhJuc3!1-O*jpjNE^3DTu^i)6Ij<_sNCPv5pv
zklU?c`^biSU23u0^{Xb!`=Up>M-=@~ZFwaWFY7XHR~)c+R(J19ay_t-&dWIISg|e|
z9?h167LP@)n^x7VhvP)AK09)!q?1w)`5kVV&_J_qpHws2Un_gVo0L_H)ylZW5-03c
z`Z$%1eJJv`C8Ien=Tbe#8s&4z5F(wgt5|QXvVW{>?9Mi3?}=^jKeZoJfY{wM0^u&%
zSgh2VK>uv^Z^3#)?8-;8KZu`5?{cdA3u&<}5N*u9kb1wl{DVr{@;8?^y>AOtJVV{t
zu6!pJ+mN{E!|LBf`TvzzH-6FTO$E`GjQdbpL+j_#nsbwPs~)zCR&V4wnVOBH{n|k<
z^!S_TZmdsr&2O^@cqH{MO8K|acSI#Hy0D;=KeHxu_)%yCclHHZaw5M7eq`Oj`k8#&
z7rJeT{r2algMCXVO#cr1OIeBFtp-m7GOCz2<Tw6+`b~T&aG4yh3G7r_Jgs=g-6wL7
z7TO2a>rvGvZ%M_|s|AK+e&`R0;_Vxc<a?d7Q(?Sb$>4<rzH^Dq`)bLi=*gc&Zm(5v
zqiwsw8z=>Dkkz?hpw&~%kl&NqBmaXY#9!d397i&tF#5?|mzn;$<IlJ@rgGx<-w34e
z3E5_3;8YnyC;iSPSx>k$yDHaSR8XbbiSF^HFSz$YdLgC&Z=lcHnIxdkaSL6cRA{^n
z{HMwkTkur+_kKP)=%;Lx_T+GvtyJPRW>=DaURF|#jAGL^gp*h&jTez$@LIJ7sytql
zkz50bPn#|9$&ezIpC+l8i-gS&IFYw9PUUTwaU$bK&8_`PYtdrf+V!lmZBIn{_XVG~
z@~_)2p!MpNuV<~zFLPH{tu|x?B*CvBk<(d1#l^GmI$9Gpu8sIn_e=8wE0E&8R#^#V
zXnoqIcBS7FuJvVmvnDw-tTJd!wjnfhI}JtimZ|n}&$%@{?TN=3j~v`s>c{x17L~Ly
zd!1uECH3PGju-Vmkr}f?G*$flNhL=_;M4V}5z&sw=%Y#wnKS520<V4XVE&+U&|$kT
z%h@J*8k@^%6!S=M8JgYm8JWSZbL1%^?N6%6;O7QvTqvl~wO6pjAF05%{#@}d%468P
zz@lHxvDwvne;(z3DtS0E7A_fW{d-Ss^A37U^Jx}A*k>KCuHI}O<4{^(_Bp&ya8^h)
zheZy8*lcGZ$Cnmd`=eZWSlzoW?a6z9n|>?lHVy4k$lMyJcI7_nYBg^o4+liFWj0NO
zs<MsDNBJMi;N25^ABw(iAG}e}Ih^WC+ON}Knpvt#i|KehUuE$6x~#S(f7{LxlMnk`
zPEMBR2GMi$R`%n_i6&Uz1uig;doFn&qGfU#$CLgglqa9^-FtzKBPY6{KKY#KyT{`=
z@~1ECIhRhJ_vpfteNrcpKjr?eKS@M$(mZ<{XQlfcjw5Hfq0V(i*UVQNbJ4p;{B3ez
zQJsB`iSDSWwRwPk^RX?$C9a=3w%3SVXB=&_XyCK?Z@nIWPc%M_m%C#b)hwIq07Wx5
zjjr}NhQ3DKoVIn0oAZ}iXRx}t-?m7b=P%lFj|xejSpXT-J}aE*+D-dBuFiYgA8~x_
zN;6mEY+_8$ag<X%j_1JS=Bd$nAUt_4pF2x>N!6Kh_HSBZpR94|{-B>_T)vT;W;Kqu
z9$JxQH7<JHVO%-VUIDR;W|DQb9CTNf!7Nb|?9^?7<39vH&med{$Y|648QEHUVmPLn
zi&A(L?#*Q7VoRh#rNcSUhDDwC2AO?&y@p+}Pb!Movq26VAGa;m+cTQECD)ZkgRNfA
z8_{T$GE(Mwr?Hc6+m$~lWm3PEQ={GDos|_+_iE<DjR)oD7<n3F=iG~@IQHd!sY`vO
za9M1-V=;xqV<xA(!x*(;ZAaH6xNBT+FCWRbR^*WbWnGFIkUd!k*p)vjRsL4lvEAAC
z$^E<1?jH@6$!*#~j-EAsGU~e4K5WEzRiUX4F2eP^P-R|KdSah#RhKo<M{->&PJgOs
zs1+Lcmp!2)R8eiA8iv&va=_#qU(3JsFpgEa?g$mBsCg=%$mp)Lel2}cNpe%JYW?T>
zg1W>bUx_{A)EcU&s7Yn_o9$7v(?(NnvEz%n60Kw)Q@vh|bYK2wrbOoYob(Zm0p@UI
zV=;<WTT<yU#$TF8)_CEz^vy{;$kJ26*lLtnb-_x%l&hc1*j9~lV|H1pZESrrZH4S<
zUDOR}arvMP<A62vydikLlp2mbp#(OLb@Uq|zmMh0b-BVP6>O$cevi7f9r?#66>jOB
zAB7*$9kYLtjG1*XYWysmL@QPHiHVgGIS)<B%C<^Hr4~{F{8l}ttJUOO&q`fau2KAs
z`S5|zqaE%N1}eqN+HorGw36%Gft|5+j%h}~H&O+{34&vKtZRi<{JazzZb_fiU1^PM
zSMMpO`q@V1aGmqiAN2o=xD;DEWD80~PqbNNKZhWe71P<YYAn@Lle)Tgn*8PZ$yKZ%
z`pJxh{R!x;wsy_cduX+4F!!5v*tD^vY(x!fGnS|6bL#>*K4hn|*Q$e@1~gybgZ(Y7
z;PkRKwRWZ$_LFwb;Z^&v*P^Sr<mxZ|e@*I!KCNVzs6{RKGokE$auo^G9VKv;e_nwx
zm(e*(ZKtvrw7MZ&_@}hT2B-Z|V}-wCMfzJAK`jfCg%{bCtN4Ah3)iI=g-gf#p91Ha
zwD??RH($tX*JKiVyemE9W9C&G!v-%#1q0fp^+-U*RiY1aB-Bfz0Xy=vk7rV9pI!@r
zC!`M|1?>UvWtR7cMVz8>9P=FAxd0x25g38=mB5qEkmiC5^uSm9i4t%^p;ufC68jtn
z(ftEDaHeS7bDP%M=uMv%|8k%DJg<oLidm~)_j~;-aMRjFt9GSk-D=m<&$8BxO0>9g
z_?kpD_NPzPvs_xce@&{A^&jof)Tmy371i^mbxoA-x~`S4=w`{8=2~UvkaLfHO;%U$
z_xp3OiDqdX;CnL0RoUf0{r4@=%D846j%-Rax+xLv9oacn=XcEQt5x5Zr0+}BGiB{^
zR0W;--wk=r>zdVqE~7K+BE5KNb_KkZf2oXn6{t$DMdxKJd^)=?knpB9Y2D$5&_FB2
zoA@yWURXwCMDc2-v%|bPXngghl>bz=ea}Y|Bv7$yC&I@fjrNCBE>BC}GosL^P?Y-w
zVyQQH_yi_$0PJR56WNRRl=R^j`}TYWIkjexVKuvkW<)vkXirr?$jer_ez;7MX~1sc
zjdh=dX<OQ6c^<C|e)}?l`OYQ@j5+5O+Hg0wAr9}gh1O3YlXw(PC^vZB8#H^ARBoI0
z@hmT?hVMMF(<Kkx%BNgxmgbzIxvZo+bDFp|jeOXSL$sl3q#TEf;zutXaJ`It^F2}Z
zy=ZAR2f6yU*bB6PY|1a<Z`6YxXT2OFam({c-@SkwqR%C_u1PNN<0{sNra8aZ5q9z5
zp6gWXrTl*X2rQRmw;SlAMFmsXhySSZxkwym2vC!O<mk?wWusa13fN5531~c2y6ZbF
zm*>1eR+oShI-hk;L2VnijPvujy4+vfS9AMlQQ7zMwCvwQ6n{@QgC?`bK1}uhUoWC{
zU$0{(eLri%3}0h<UA2Sv>~x6X)VsQp-j-X4a}GHin+JIbG77+q4VsP?uE(EAE<<;x
z?lk5S$PsxfPTXgoIywHcRgI5Y1TuC&d8>*<*`dpQ{F|*$F-J1{LC%OLn4@dXXRoS%
z_;t}M-1tOB{ZvK(Z@$^H{7xZKjznBBeX`H#DCl|hWhn@~G(+Eqf<A6L1#eZ{R0`fY
zprDNuQ_!f?^chijI*MXRUG9+@%g5cUGLWpX*}4<b@ujralWaAEmud=HNET6Zm+6zf
zBFSt_TjiEveL_9k6S;jQf6O+C_|s~BwKwJcxvX5WuX<X#-mk&YO<R0?oqi=;>2GQk
zjYD}I!r97(Sr(OhthH<lWzsnr_ToZi73{v&0<veAIh);AeP^_EKa%=Ls~)87rA1%J
zjaJc}m0sY6Sul9;ne@Idd1yUVfE8tMD)&+$`!-^#2UeeH8D%nw<f*ZcuVnmBB}0V;
zCwfu{nX^2SD@cP{Ofo)~WlSQs^8)n+`F2gNeJpZtSt5TT^h@&lrsS9%wmKA8%+d?J
z6ifL}fk;>1k$9qhERFI?tusE!shjiEXrUC~7gYCO#&Ng84h7b#q&+(ELjG8{`n95v
z_GOUg&k$E%nEfFClc^`e4*Z;E3%17XQrggHXsmuS&EU7;{TF$P6$ENFwkt|o|BR&^
zOz}x!dRfu*CwZ3hJfP)!3mDJKlRTfV1T@hI86m#r1SEw;F>R*K#g)+Fw&0;quqF!h
zCxI4MglbAJm2Pyclnv<0j0+twJ2RynVz#X-nn(ewMQ<vYZp$~Mp7C9a)qW6pelC`1
zUDlVrlJ`oc_j8TQZC=w@U&)v%J!wyB({!Z2i(PVfuq|5x9k404+w7m&yr$7_Ra$`6
zLsRPzsI9w_*}98j;h4K#mj5q^%_H_st)2GbmZu*bv<8D3qGy9)xm-bXMWC4m7CW13
zKKn*su~{qHo>N>Y&#32wE4L+1X5C(Y-=F<&k(BR5M()Y=l(J)_<W?mCRA0d<a)5mx
zyC^F<Ic#=iTIjwN$~>!1Dny6x3MEo}l}c}`^(EGru8H=1B!8R@dP_Vfrx{+6>vx2U
zYjW?J$kuK7c1?c&S?+%<?Kr9Mj<iDRe#?3vL(RX4#C|1^vO0_GQ%_ZgcvG-4kD2R6
zJ|@4cUG6>TQ@w$C;n+85RT>s>cVQFzJ%`6#jZe8(*_Y=Fy1Z-t<nkmQ#bQi8Sxd}q
ztVWP{IE`2H+yGA?EA3Arf%reIwJ;g%^Q7@FlJP#zTQ)_tLZ3*b-sYVt4TzByYm*ne
z>Xk~OnE~SEQZ0-7%e5(woH-khlS&^P%m-OXBZk-LoYVMpUj&iqYtcQeP@xr7gUmDe
zMr4WZ=ozu*>FI;Ydb_7qBA;WPT#Y7Q#%Z`@W~j}Xi#=twt^Ne6JgvB6ygSZuw8xGQ
z7t#PP^V~qrYt0^*-KTaKDL^JwW;m0I+yr!C6~Uzd{bT-{Rz%x*lbmCP$G7@s{iQP>
z)dgmj=Ck)CUP69=xvv}{rG~A}z1-KVGFndcy3MwIDU>9?sCu2-iL?)P&wMF*OZ3W#
zy`PK!{YD~%2NEUyU9LeRaAiKFXDZsP+hVcYL!0f;aozjcTsQZ+{k&<H7jB#Tc0JoP
zhg_WpXI4l=p>_D4l|HHZjdsrk8>{KloFO@eRR37rBNIkjv*Tcl?en<>t7F7k%%aFP
zDRrWJqgsr^(AsHY60;GOZ5yh)(5yL<xp`m-H6!+QKt<EjK2gS9(RVaJeUi^Wb30Pv
zG_@_!`3dtWt=6Mb9w~bvl<4C%^VyyDM!ci8DL?0F7%rQY&D<1A`E_M2@5?-hvxUEs
z`Swk*o?ptZTk;Fb`i*?vlRsMD&&JO2OQD()R-I8kkn!_efR3?Q&4Y;3N-vH7Bu>Lt
zVe|R@La2uYe^U8lo=78?<uDkQQ#r2CGc(Z0P1otvIyPm7jvkA8RIi%go*Ay1*G|7{
zyRq|T@3XBRY|vq4uIrf`t}xGIUl{SZ&lJhs<XH%{H7CJ`UlhxJIBNl3+fU|D{m;pu
zkmkP))-s+~yGJ~Xd_0g(UzO8Y0JAo1XSyQfHb7^_CQlj@J&@MSNmv`few-X?*(}Jp
z&0G!a(H!!RMkyjg&BuNr?@J-7(><Sil84nDEM%mS6=*{I=>FbfM&^5ZvU`0VS7roa
z+k{Oarem%*Er;)mS0v{FC(lbXpc!h`N65XBqeeRPTxFw4-*%c;rUxkG>vAVgPMCe#
zys*?P<b`?t;m6#m^lBW_Cr-XEy!Cph{?DneVSY}ukUnSg=O`X+mRDUx#dbhJ%c`9f
zxofgVnq%R#6y6iUimR>e$Gg>R^?UQ6s)~`YTGY;S=7m;*u&dB?Io`*nBa;V2j<v#R
z^<z@A@IuD>LGVm@W_c1aqF+~Z!1llu%}7Q%YxziQ9BWW$IJONMV7;~Kd|$3JXCv!`
zMND&;8WpC`>*~y&K*3x(hShSvz&a#aIWKb(Tbb<Vd(O*D<tS`f8}`^!GWpm)c4Vse
zg%%GMvZp5@s9ZtuoYQc^@`Z3q-+cnt$SUFqEEmDER4ULD{5RfxEmvL(ca*32C$6w_
zQnMTEhIu2u(I(@kw|ykz;Ndljq~1JjrK<_*H)EOlUZAlmK;Q>9ttM7~sq>E9Yx0Ck
zFu$J4`uMyz#jqaO2p<VqM{aj2sfRM?3+tXP=jyAuMx9VIKU`mO&XkxchjLt$L#YO>
z%iA`|nsYW6s}X+`T=^AWy(@mkWdMBKCjpmHw;6us!zHBl6cS)|q>N;8Jd`JOY}nO6
zy^&f9eY09AT~Hq?H%k`%l0PSd!kgL3RTh_U(+2d5)<iK#%JOsqN^<&W6n&FJpm&vZ
zDpuhydx61qcOg$uSLLWnihdMMK9MJhiNKICi2V5UILUO_`b_m*>l*61=h0_3?CQ_V
zbL1-({jpv~hQWDHsBD%+WrO|KR2xHcm6UWw3m5uJd#Y_v+E!~gW4!d1D)qMFLWSnm
zLaMM()U)xw*<)?35NkA&YtO@l2UYHMS(ZJK+|rYjHKO>9n-xv4!@vW5N`3yWqA6C8
z`NDCC4~P|Q)}pIbnnNP0CZoBTSTb9e)=a0~e{f*i)K-~3q`Xz%m1o`IFwg3{+|W~Y
zLSS!As+gJRiX3;*U*A)u{8g>U`AgQ6oGH>kB(3|+RXSK9F>5&=QDdq!QTWpH|IZ%G
z|1>&QPn_3GQenw1MAN4q#KtgVCuT>sR#Eka9nayU`W7xb9E_aSPnK}50=Bl5hr`y1
z+d_Yfk1WQr^WeHyC%%@r`L3*M-jcr`sw$@oB6~Xjiq-@2>}b>u-q@NBmaU104}`be
z#TTe|RgdT%Smy_+9_p&K&y@5{hOBq1XU40V{@$;mg*S5LmW-saApfIDcm`}O=Ukzc
zFJ;b#exh66!*^Ai*8-nmL5=Z_v|I*nDjJAC6x-nuba#xi40Nn0sn=m1tM%qs1E`}X
zqN!JXUS0WCW<{S>(!)9rm1>-e#>xuq{jTXJHsgupwlptgcG_n6x#WB*a)|CDCH0yI
zDq(a!Y4Kt%C(1?I@H8^U=k`L{bYGxZQuVr6<Q%Rp|6y?3`heS{+z(m16u)*0;xV@J
z@-*|}v)m1l3Eg*ant8!mMOISl3|uqF5a_HF>xYF@&2TL;s~6>AG;2V-nEG1g!1&hF
z+)R{3!z&+cZYH&dmiZ}p2>0-U?Db{lLEeUV)+?lSXAgeUYEpF8d`|Whd@Hv8wqVIx
zg?Wv9RL+2iC9j-UjLj3^_ld&odAFQ~Gmw+zLBdad?uJuFqnyt2SqVJ$R9vwb#b>$3
zgLe5yGdy|A*apoLDYPg-GdpE0=TYTpUgtEg)0Tye^uY2udBljsSyi8BbL!Onedczk
zG<L0T@&n68AjHShWPi+`VL3EPV&>r)8;g*bbABzeo;BI?lk+-_j#$^n+mI){BRw($
zd9(P$Uk=OsXuf#(o?>Pk@f_UN`+d%mLQgKR%%hy<d&p!kbB8*b)tDj&+NLKKRcTIR
zSZv-u2lQ5C<cjQaW5?acBJqz!wpl4)&p78-U6lJ5<=aEq=k{>18}5SKzaUR>w$NpH
z?vi}|xplwW(PoZP=_WGA%D+o_B)48ZyTj&aZW+n3+!q$9Pi(cSEYe$%m8&vu_)PM0
zoAM3Gx+dR05<AK6%A1umt;z43a-H3kpGm7L(&CbQyCSV<ds(ji_B+lb<=SK!C~|Y0
zB?RyMyM9YG01I|lRbSK*aq1syR9}ddU|l&q&6vsxGK|QoR<V2i&}l7~t$uW$R&ttA
z^x9J9pX{PMt>x17IbGYewPi9R#C^<NbRAiLQ-eU{drmYGt9)OqEU_xHa{LF+nWkD~
zf3Bjmp1+FTqUXQLQ^zwixSTC&!|8TKJI_)Nuf<{}WVR75DAhIc!*=SbjMXi~nHtUF
zsl6rc*I9<{`RwAlb6NL+rg<~?kN?nmE!!n(ITj)cmkb+6>t*6>ReW_dIV{B<indF=
z&B(yc=X!^Wv#zb#3cK-q%8C`0C$*27?~OS}ZX@D2Qc9Ls<4N`EI$tIS%iMuCHRyWo
zYHChyiVe~|&Rrax!j5(27j6sIUSky1m!#26&R^HivI3+&)1NQA8FK7ZSkT)nG3&MD
zwTSiUnd{WuYJC}2Ig02{tE#76Pi$HZ`%-iQUaZm+vsZ>{T%v1}fKyL=>WNQ1@$mZR
z+)|%<V%|JCmovifcFY~fe6Gq9$9C-Z;farPUZ<RM+*-^Bm}^^p@x0{d%9Bs2Xtnj9
zc~y_gJc%ke+p|*gR%1`A8pCI5bfa_DqdOJzis05&e@fg%-u`sQ-f3)k__5_J$<^=<
zM_Vg$y+cDwz0>&tbHbNZ#HjkkypJ7a%=*bZVDVW?po)gJWQa;zz?)L$@<!tCs%QM1
z8crW(1&Q~gTkq(#W{QqabXwvwoo!of*2ptH_-Cta(Od?(i)e3))xtiN`^X18<pdey
zPZ#$!qrwbBvxj3W{*byY%`aFDu<cFqe3fHu`)ixl%NZ370n?{~xz&Yfeyfj$@GO)j
z4@VZncUm#yPS51?+Bd5xfLG`dXZKhR#Wj*S8>^C<=hMDoh?E{WzbA7*6+8X1UwN7R
zQjF%gC!|70YO9uUnR_Fx$;==XDq*(os#zN0gXWT)4mw{$8n*?nSVA?k-)*OC{hV_Z
zei5jUS>1J|tDt5bbv;;D_w5u4m5n{&6!woS3eV<Gn8rYTcJc8}Q^PtQNAohwF4(iN
zCG&OF;9sj940jgXPvNyOhC|1yo9_P8EGGE}tyhA#S^;djV>x2(@YG+Ws`9?90o;^$
z?Y{i3a|2y6cw_u?TG>ciz5QCa3pZ?B9cN9nlXYR<Rd}hYG<YafA|I<-QMO_w`I<m!
zt(rBkluox{sz)y?E2#c1T^&c)om#e&z_ReWRkbYjvMMd57g4WxuF)&96C%!q$5-<V
z`ReDWk!5#E=DgFljzKHWo|73x>aYpQ$0(MFd7bl?bttvGCZT_<`hF$*ng1nRfPdF3
z+kO<$kI##v>cRU$0o%np7rEwbNFP<UzLb|g%gR}Vm;2`E?qS4y(YWpVkkOoTm1d+G
zgdU?`yMigSN;MXrXc|WRx?kBum3cIdStgbs^|J1p^hBky2gc|p#U@uk_e9{pLScDg
zAB<G<gvQMZQ)x3}xwdio^c(HT)|ktBQ95Z|f4bjbefB@*u?>l@+9}C=mJutxLuY&2
zjOMVR4XeRTJB8KurLrIC2CbM;ABGH1Id3U57UXTxUB#OstriPJt3v(OVsr)0YCv|X
z)q~?$xvB3sLmD_=!0mq@8Mhd1SbSsEjVaAb{mVT_KZ;L*NgBPyQQ&cgK91#x7R#7<
zN-XlcXT&SLW;$hWDM;(w((f8!qd#dDk=WMs$EwE5Hds_YCF4OAw;<VAMXi=5+QUnD
zz0s$&e8_b9gY&Yhma5}?UXq?hl;&4YE9T5vo>t5u`N%4JpQwgwlVIYi(~7yLaz1gq
zPLC(kypf*w#7S42YD|=C9!yuph?0ny$|x#5W9=}{Ei303M`xMZC~{jYTpGU)U$xgf
z3bk+W#Ig;|xu^E}x;npe?xy^=Ig95Mm?IORM{|#1Gk)U8T<)6TP%ptr@o5ZZvvi%K
zJgR!bm*C^@Do_jifT!d=Bz$MLtVaE`VD}qd(PyDrf0f_EM_L7_=F`ZXy^xu|p5a3D
zzazbJMaSieWw+ED>$!nPl^c#{M)B1=6N9u^WTMe;cji>F*NiDMTTUv8W~$Bn*14bN
zUDC{JU3Se@4U@eug>%RVZ<6Fsf5S5!O|y#WTSN4mN9OVD9`jkF&Z2WUHkefUe9oY?
zaOCvJ<k$?HY$=)UohqNiUKXU}ZgpR24V|<Fd)k44NH))WY6ck1)a<9~hU$Q7kJ@rw
z4FQWZ`-|?-<8$eo%q{s%)s>iU=mS(3M)h2>R-fZ*mX=hqEaR!UeY14KFq=NdkY*P=
zv&PB5?9J4iaq0j5T;&^XRx*sYXqU~{w=);9`9przOV^n(mL>3f0pH>`5Yn@aQqEGe
z9^y2@L&K;zCJMtYVH2;n#$IWJM=VsXkm~y?pNXBpSDByJTo>A|em$0pwg~4m<||Jc
zKKz)E3`WUc;+8sJY571T3rmL&WUWfiw%uRE`^bjA36xAR(a|}1g7=HERuOycql#?w
zj1*vu;eslPY5G>8Zfa>vc}4ogPqCt|=c`#%XXhs1Z#jR6*g<22U!<*RSk3|MlU0(u
z*I~XU_o8FtGn+*i9z+zZHtBwT!-gopu}NcGTdl~cqjQqnliGeCESbi2_5C+7@0Ov<
z>Z6M^!ZIonla*E%xrp&I8X{9fb-A=a#eMPO>>q`8$f8N#vNCj>;+3gA)!{@iCujZQ
z3(??Ii=%mRl<&UQva5#3&Sr&qlxQ*E>4|{Q2g>L9^wVsl&Mebd^_!aS*{Zy*)ld`t
zV*8@^Q+iDm^Xc5qp2n<1a$cdn*E)MR{Ft@OQ%1RlJT4)lM~xxgeTa0hmXF;d7ehQl
zyk>O<nn&?mPbx(^o>rEX&{_nQ=15hx<7}5_PIdNfzh72ztr6GwxcsQ%?>L7TUrn=a
zUx{VZTow@%{LtvwxH5*zth1X`z&VS`G#<?*iCK?k%5s}Q?(*eAHg+ZYA_Hg9y;tNA
zt&!;^E2lfyAIWIU*O#kP<&7d_0Fh3ra5ct^<q5i})YK(7mMvy*;0H#;nt4S-R0oyj
zk|OPl#xZE1F8ii+2C4JMXbkw|*+)IG8fm^;;fFkE7F6Fy2`|_gta1YFiLZIn3N^xS
zDt^FQ<qP-ptmd@BmAowSQJ08%?qf}OK%SEmB!Lo|!xhu?D7x1gUMOwSY*oEHWqDYo
zk8)A@4BX0h#__sg@5ifj4F{wbTy-9=z1gUB%z=r1v4?O+bG#{)6w(~uvOmWLD$)xQ
zWi?a|EjCxzJ!q$xSzmQbV*jpq*}SLiX&=j^PNgWVsWXb?7_jC89ZhODCze?~Ys};!
zO@>vbo(Tti70&1X%2(>Tb*%_VF?j3psds2&egs|eH51F{r&b`gl#yP-Vf0W>M#fr|
zwo$oJatH}eHD%Zg{41ebmqp6&M>YZ(g_c-TD5z)3BSGpRVmYxmFs)wXncN4so-uOj
z>CtkNQQdi<RqSf}i8z!adXK!BSJL=8d9Jtmgw;tQjc!9sGR#`~$s_KMbgdCv=XjV$
zKo-=0T2E?W9hNpaL1UBVw0F%jBXhZJ%(dKTZTxT>`=rtr>flo;0(#(O&WN>0?T%xs
z98k?nZ6`Ek9YLiS-NRm8k=l6AJsIcpT)*_Xu6=RVK03WEPnPFCBOw+w<m<TPJ#{Tl
zD|(e;cqnK-OgE;<+9~&SRnH__X-j3EzPZ*U7W<`d?!vE>bS~`yJaKy!*%Zy)DVMNS
z|Cau#cwUAM$0tkY`oxLh`1eObkCIBXQfcPxZl<%?8H<EeI#m~kQ6`O!b7?7~!csTQ
z0=R83Eh)LK(hQ6`r%643th;EUc_`1MM>5weGZtw;Ctx)FH@MXX>M2oMqSsp0g&gCh
zsIkz@IvUIgAgrKckIgD!jhQc)hp>Jlh<r92@7LDoSXZ}|tK;On%srqt!z<123ug8G
z6@6BLzmX^NeE#rRbL1mWv#YwMt>+KtCq+c^W_BT+<*U3C6V_))_?%q7(Hiu$9z&`>
z;$Ere7T>D9>eh07qq(i%>*sCJ)28#EEX!Np2d~!ADpj?vU*BwnET`vRdZc3X=(4AI
zmfB!QGtJb@-x7;auEAJrl+!8iPq8lbMxWFQ?dYvhxis`2+g9Hr7}8mH4zWFz`kU23
zs8Tc(LX$m{d{$`5JgkC-HkSD_^>1S#&U+b4<7N$rD4^GDj@h)9f~<R+_A_zQy#n!f
zeV*9sXR#gmJ_6!MW})~UJrBhDXnT&C;{|!oT6&rZ^B?V_sn&;>(&teRWbFNFY`kal
zj)ZT;E&-pt|IB0GG?G78oyTHS+mhM^Xl;-{Y3yQ-eG2{2pT$B%Xz@rILlOIcGkH^c
dvzKyH<;T98oG@cyU%uY`Nhte5sQl^d{{x9n2Alu@

literal 0
HcmV?d00001

diff --git a/Group Policy Objects/Computer/README.md b/Group Policy Objects/Computer/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/Group Policy Objects/Computer/policy.json b/Group Policy Objects/Computer/policy.json
new file mode 100644
index 0000000..e663c80
--- /dev/null
+++ b/Group Policy Objects/Computer/policy.json	
@@ -0,0 +1,17 @@
+{
+    "PolicyName":  "BitLocker",
+    "PolicyScopes":  [
+                         "Computer"
+                     ],
+    "PolicyTypes":  [
+                        "Domain",
+                        "Local"
+                    ],
+    "PolicyModes":  [
+                        "Audit",
+                        "Enforced"
+                    ],
+    "PolicyTemplatePath":  ".\\..\\..\\..\\Windows\\",
+    "PolicyTemplateType":  "OS",
+    "PolicyTemplateVersion":  "10.0.14393.0"
+}
diff --git a/Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/Backup.xml b/Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/Backup.xml
new file mode 100644
index 0000000..44c9a07
--- /dev/null
+++ b/Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/Backup.xml	
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2508026330-3077189028-2444564301-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[SHB]]></NetBIOSDomainName><DnsDomainName><![CDATA[SHB.GOV]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@SHB.GOV]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2508026330-3077189028-2444564301-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[SHB]]></NetBIOSDomainName><DnsDomainName><![CDATA[SHB.GOV]]></DnsDomainName><UPN><![CDATA[Domain Admins@SHB.GOV]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{87876B88-0C9A-47F2-B61D-627990E9F413}]]></ID><Domain><![CDATA[SHB.GOV]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 da 71 7d 95 a4 2d 6a b7 4d 17 b5 91 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 da 71 7d 95 a4 2d 6a b7 4d 17 b5 91 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 da 71 7d 95 a4 2d 6a b7 4d 17 b5 91 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[BitLocker]]></DisplayName><Options><![CDATA[0]]></Options><UserVersionNumber><![CDATA[0]]></UserVersionNumber><MachineVersionNumber><![CDATA[1114129]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\SRV.SHB.GOV\sysvol\SHB.GOV\Policies\{87876B88-0C9A-47F2-B61D-627990E9F413}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/>
+            
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\SRV.SHB.GOV\sysvol\SHB.GOV\Policies\{87876B88-0C9A-47F2-B61D-627990E9F413}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\SRV.SHB.GOV\sysvol\SHB.GOV\Policies\{87876B88-0C9A-47F2-B61D-627990E9F413}\Machine\comment.cmtx" bkp:Location="DomainSysvol\GPO\Machine\comment.cmtx"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/DomainSysvol/GPO/Machine/comment.cmtx b/Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/DomainSysvol/GPO/Machine/comment.cmtx
new file mode 100644
index 0000000..b756c93
--- /dev/null
+++ b/Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/DomainSysvol/GPO/Machine/comment.cmtx	
@@ -0,0 +1,24 @@
+<?xml version='1.0' encoding='utf-8'?>
+<policyComments xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/CommentDefinitions">
+  <policyNamespaces>
+    <using prefix="ns0" namespace="Microsoft.Policies.DeviceInstallation"></using>
+    <using prefix="ns1" namespace="Microsoft.Policies.PowerManagement"></using>
+    <using prefix="ns2" namespace="Microsoft.Policies.VolumeEncryption"></using>
+  </policyNamespaces>
+  <comments>
+    <admTemplate>
+      <comment policyRef="ns0:DeviceInstall_Classes_Deny" commentText="$(resource.ns0_DeviceInstall_Classes_Deny)"></comment>
+      <comment policyRef="ns0:DeviceInstall_IDs_Deny" commentText="$(resource.ns0_DeviceInstall_IDs_Deny)"></comment>
+      <comment policyRef="ns1:AllowStandbyStatesAC_2" commentText="$(resource.ns1_AllowStandbyStatesAC_2)"></comment>
+      <comment policyRef="ns1:AllowStandbyStatesDC_2" commentText="$(resource.ns1_AllowStandbyStatesDC_2)"></comment>
+    </admTemplate>
+  </comments>
+  <resources minRequiredRevision="1.0">
+    <stringTable>
+      <string id="ns0_DeviceInstall_Classes_Deny">This GUID is to block the SPB-2 device class (aka Firewire) to prevent DMA attacks on BitLocker</string>
+      <string id="ns0_DeviceInstall_IDs_Deny">This is the device ID for the Thunderbolt controller, blocked to prevent DMA attacks against BitLocker</string>
+      <string id="ns1_AllowStandbyStatesAC_2">Sleep disabled to prevent BitLocker keys from being exposed in memory</string>
+      <string id="ns1_AllowStandbyStatesDC_2">Sleep disabled to prevent BitLocker keys from being exposed in memory</string>
+    </stringTable>
+  </resources>
+</policyComments>
\ No newline at end of file
diff --git a/Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/DomainSysvol/GPO/Machine/registry.pol b/Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/DomainSysvol/GPO/Machine/registry.pol
new file mode 100644
index 0000000000000000000000000000000000000000..197765f12b369b655e7824c6f1dc60d4c00433dd
GIT binary patch
literal 3438
zcmdUxUuzmc6va<VX}>}r`y5Eo)+Cia8Lc28X3_Ky)DU*fBoWM}xW*)eeE0tDY$XF5
zXu(x0%dFSCGkfREx%b?SdhX(dq@U{RNNpYKyBg~0iw25xt+7TLGMq9zhyLFLf5tf1
z6kl84m@R$go-%i$d;Q|ch#4s>9QGyl8E+nW`v>=oXqjL2D!9MFK3T(F+U#x?>?7aP
zx^~lB@@~Fz@(z{_bL=^D*nL=uVQ;D%_%l93W-Ld_V<uKYW;yMvMb^yoqDz(>lXZuM
z=r~G>o@0MLN_iN=D3Lnq77)E$3Zetf^nRtWR)fxz<ub_C2qj4iILqVDbS`CFQ43dO
z<Z}$ZUXVdk*IW3S{88H6?&FzqS^Nv?bO7oEr5);nc2ree+xn<oRrCp~=KV2N9osQ?
zn>l-ogc(-VJNS3~JFKD`YEtK6gbs1e@Z1$n6URa|w+?)*72-41va>T5ji(l;IKwyO
z*G@I_dOAku2J}<wpHsND=kwl}_di>gQnlgwCaYprm`)eF<f3`Lx}6(tLwyaJ9QO=Q
z*}Y|%cslU1Sq$Vm-kg)qE9dVOu%#`pRAc|uGKQ7+K9j5(=HDvsuowACDI=5q6;CzT
zeg1v$0KOW!ZVFyU!5wPuyuw$!u2*?p#Y#~0#Or?rl^-%{bcmR~ut%4Oxj+85=kQcd
do6YAFj*!Q<p3{gf)Is%|T&J+pWHdY@zX2TbHm3jp

literal 0
HcmV?d00001

diff --git a/Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/bkupInfo.xml b/Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/bkupInfo.xml
new file mode 100644
index 0000000..b8f7ccd
--- /dev/null
+++ b/Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/bkupInfo.xml	
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{87876B88-0C9A-47F2-B61D-627990E9F413}]]></GPOGuid><GPODomain><![CDATA[SHB.GOV]]></GPODomain><GPODomainGuid><![CDATA[{8d113a86-7f83-4ded-9ad7-75122a34cf7e}]]></GPODomainGuid><GPODomainController><![CDATA[SRV.SHB.GOV]]></GPODomainController><BackupTime><![CDATA[2016-03-14T19:35:13]]></BackupTime><ID><![CDATA[{9D614C55-E361-45A1-87CB-09A2B1EED0C4}]]></ID><Comment><![CDATA[BtiLocker]]></Comment><GPODisplayName><![CDATA[BitLocker]]></GPODisplayName></BackupInst>
diff --git a/Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/gpreport.xml b/Group Policy Objects/Computer/{9D614C55-E361-45A1-87CB-09A2B1EED0C4}/gpreport.xml
new file mode 100644
index 0000000000000000000000000000000000000000..937e20da7ee19ff5d65e01534177172a0979bd3b
GIT binary patch
literal 43830
zcmeI5`)^c9cE|6}k@6=*YRylKv<BOlhZ)B!kL_WR03+;SHpxUQV`CtL4WaD;GTMJV
z$@f!-GpFj_y8ZBzSz0Z-yYH>nc|YpZ?f?7VmFCaQ$L6qk(+rwln-|UdX4t%L-Zn?g
zzc$}A3(fUrUhf0lIcoNFeP4HvnwRPBNpsvBG;?ZoTW$W_tTzAL{8O{i+;5&VTk2!u
z9%;mT`aD!$#(bq-$IUxkyP?;I^t!J9H#OH=&HqwY7d7j=#=X(}wRzM$Y_>J`E3M(M
z*-fiykNo;vMxINs4Yj)61nrB~T>Yy*RL?!F{jH#UE1Vn)7O-_F2=1rrCxZBiuDnSt
zKk53m-~khc&!Ofr{0)S;mF9u41<tvDpg$-R_xs!ASU=zO?lhkS!wW&kN`GtaHh0qB
z?dE&E-xVLsH|x!Ev!+i=y7z;qIH!BJMaK<&x~=bbbbndxHue7pwOSC>|1M~6Oa$*n
z!su?o*k!@F-TXx`To)C$nrCUH`6_}U<6&579*eIIg~3&g_*#^GD0udoUlMKUANP?X
zr!jK(ra4Lcu%0l$7;wf=BOQw`PW0X8AKf-aU01IcTFtTk?>9SIjjap0Lz<!GP5oaG
zjdt{ZS<(uv?&<p7G*{mUF~=jV6>VYMJLxPp#U=MN>wKD}e~g&tX@X?(@oyzqmPFIV
z#EbLdN;vu7(~RBGVkRVZPuPB+sP{=+jWi(luO%7Bg10N9+iJBTN?!)Qnoh}Ah@@@_
z-VI6R{m<_kdViwt51MPbx7K_oseO?CKh=NuVOKC6=>4w#&*|@=dH$Ij7Ibw%*PbWY
z-A{ZnulDomu`Ir!$FkZkYozZq_K(fCnuR%-WnJr77cSPN`+jPkY85}}Z$ljRP%8mb
zPj&Anz5k@|^!ZMo*M1+v*LjuWY$vIhYi{X%G2voSpOK1reZMW(Z|c)r`VU_%=nfih
zQSbCvO0QdLxs=*~&0A`<+=3D;fgvyhRty`P!iQtjuu*T9WBx2y+iw1?nD0TN%jqb&
zuD;)j%J)Q3<GmjR6{~w7sJ0WAzz@(LXb%#8Ug-aGaTm5^Iq@RcUC_%p@wTvwuEJyB
zb&zOrQy9LZehV6j5y9G)_|a$FYRy{C_gr#t`uUzGDPaCxz2KC2t@edh<SPe;-NX}i
z7a2l|fMi~rv8>jMr(8KQds<AL_sX$Kt^vbVnq}LP&vzs^-(R6_bluL1Y*pKdFD^q{
zqnj^En=B?<X0ViaHz?iHxI8%VqJEYf;uE_Ew<f8;b0$Kl`#-kY8<Je-l@c0a4ZLo=
z>&t+pZeeF!6!F+a#vJC0pPq|?SK3_kB<Ue|aj2KYzeCv~yyT(&@V2jxzj7acl9f&d
z-POU<m6r#?F!8;4)<eaHNcEv8u$yQA{#RvHcNGai507@n_vy~HqY+Ou3bD@%&A_Z}
z%9j{4+dx!a_N}+NYCEz#QuhZemu&+c3wr~3c|Yp?FVg5wWodWhU;eCY0QWYNzsuEa
zeICeGY$^AHulQKs@E&RPRPPV<qV@I&s}XSCP_LZgb*e#I%WohT=zx3T5W9j-tMQ5V
z$TK%SufMO1?71rV-stsK_6?pMHA~;RfzQ_2*P@gzBD~SEWG&i~14JuY?>oILi?u7y
z{B`;ars}g>uN^^1^!!FLT;?pwJGD7u1dq4T$3&@Ug)Ob&zclimK9dhAbp)eN(rfy8
z$;2?f`7-E`b~dJO?t0I0D|oFL49XfjL*d~_*o6u;3{2j;whlORTDq@@-j+v&QtuPb
z)y6jJTE;l+GaR@kn(hf^Eb^wHJCT-NmDH2B+E3Cld9T{cKsDJK;rdw1Bh5cl)^1gi
znqj7PuRS9zOFdMRb$F=T^K|`OZpQ0AYk75%4>=N}2AO~^23Vi1@yoGUWJb0{(M{PX
z*6u5-uf9wDzILw5XI5xtg@W&=vn9vL-!U(Fx}I&_(_X>kcH|%13T?^)v4is`=_N9I
zZ}dkz!S_RX2Db0<N#BT8@{By1U}m=>#_rdHU%uTs&;0-Bj9ti~+nLLV-Yr9U`pjLd
zy6yY)Q+*bLSq@}o{epX@vtcvq7nqwYzM;KW?MxDb&8*+}d|^9RIBB$Jv?wFKy0)~I
zR~fY}{NbXuHDwWwQ>K~R4K-U{12a%w5?_rx&Mcm@cy*RloMjcij;x|*H;LH70uGdq
zkBZG%<W}yE)~!<8?$ujewe333$n8trZ}Z)9a_8hG-fQ26*a9oZKHMa=7tqOQHH+Y8
zyJ*z9j@o-0mp!y<*?ffhUf3*x3%Q#`aJ~n4nfq?o`bi=-b_S`;Cl^c|+e`KOGHQm(
z{QKxthK&Yp_UZGCweL6AtK3&qt3wTdS(uF!PwfgTzv>g$sSzMMUheu&+Q&7@it0b8
z2YQ#{H*8s~+3eFZ%@JppHZ-^Ims6F`zW9Rbae;4qOP{qi^0vkr3OfA4zA?)-<!D%A
z#|d>9xvp#9Yxn$^uuQe2Rj4_(OI+BhH&w*~O`>(4F}~OQxA1YkwR-SPexB(@+N*!5
zwGI=MpFW?a>ekk<mV2Gn?eY4mY*rF1oM{MOy^E31s5YDD(N{l9EN9>FlLlHZIHPuf
z${g|ohV6mIKhS;ldw$h5(@O*0f0bIX^FwP+stxq%NSxw*EazaJSKfb+s*Nq<&|X(g
zeP6xN)>@infX1t-J|egZF7LJ(H=aqDpDkL|-uA0RJ1{a7BnCqXzpZ~DydY)KhQ24l
z0I<H727of)c2A$cGSz)xm%Hqlp(Fe()P5T0t^VV$f@`PDMydw`x9}OKRDMY-+m+t6
zIvnUW=s8_w7->T}4lBqJ^-eZ^j+J)_2Kd1D`GWgdqt|tTyH9F+@;h8ZjfjrrY!rQW
z^+!dOt=_ooiLRUoF5@I{!j;|B9)6>u=0keNo2PDqdEh$Qf@id)aj$9MXyw$(IngOh
zkAY51AO-sx<wF|RIH05lI}}jfDmB}3W7hDxS_B`B#uyakEF3GbnUFBn$f-7<e4BUy
zJ`3qGuH@Rd(OpVQ%CsRp)+}vUj6ylKuBR#;c;`XV2~J<u>T+n(;Ft^DWP8HFEAW4N
z72Yf7|4H!OUFkp+d?lDn_tZHD%!0vwu3=p2{;0je${L13-h+D`6P$|k6NYfX+400G
zk2Dg}!r1Jyqy0=HQIQ4hI0pc%??3Yj*mcb{nnQL)$piJYoS)5sXUAMzE3JT!naeV#
zbdiaiQ@~Zo$oRE$){}9}78y7CT$4lH$DhD6%sABOj+_rPBlvV3&8f|o(m>2P4JWr@
zC&LcaI8oJ>E5nxSEY5IHD+o=&B2{+$cRgxXZN)WB^gQWCV6dw2(Hdc>^PgcS+gg5{
zRoE70kOx*{>!p$x>|xVbc}<HxOV~%x#mu#l#?8L25t#L5njhcRJWj50;(SBz?x7%g
zb$@2kc7x=Z0TB^ENJ8$lbXPPEhKHYV@x5U9C<yx6=N`}1`D|^BVr}nbRE(8P0>`#+
zX%sx0=a%EfIT#8NjXu*1co2ApWh`iZ(5Uv4z(D@c<6b<p`Yhd6lZ+i}f0FbMy6B^1
z>&Aq968%T>Rf#_&H@x3b>!e@aH{!4-={)Pt`oG@%P4&U+`diERBwCIeKQzQ<(kYXz
zEP73XgJ?aeG<vMHBU}+*j>fOI4(Xth0}F#yF$pkx9{xiu#=?f1UBu%bNZaAje2@k=
z?G_f^?{HqkA`P>oSQ5AunRuJLYGRU)DfYlqjS&KGW(kp@L$&x*M#X@qkBWiW@tATf
zjc=LrT&#h!7kFld$?4;U@!nrR6SIB^kYAH#Gk*YX<k=cTYF35$Qtw1C_&dKOI{zrX
z;S4G#i5@AM+R}GUAZ@np5@m7b;BOlJK<CDDKjC8FUr!zjynQ-rxF)E1?hG7Yr*nuZ
z&3BBPghgas?-YLtS){jldq{~%=zj94=!yO3I{4k65+^y|o|o+lo}3JO(f)}rg}xzf
zuj?<D$nh<6$bvV_YDM0n#2>gWV~MuU%<06S7G4))S=<%W3d*|ns^yoscAUIb)1k)O
zMA?CnSb4uxck@Y`;tG#-?L1Dm&A9Q}*_a*iqQ$=VRgXhfgO~yBZQLArB8M4k@I-RM
zvo%WI&fy*C=?`QVh`-1^!`&Y~zkmDt=w(#F2}I5xA{S-8$>PxZGkpG7S*D!xJTGBq
z>9M!QD+Ad}tmbolNB+?*<n~@G$B2Ikg&2p3)t~lbyn0Qw6h_6N^k`%W%USnDjXH;)
zS5^c+AvkMv7T}MUg&L&T>FoKH^UXt<U5=PO^jRL8wrQW|s!A@Y>oKZzoWtDuS&nL!
zp~6xiowE$p=v=F3s7fmhH(4${co=NvTxt2KS(XYfC|>S8b#p?qELHADpUn^S$j797
zI?r#Gxte9J%ukJc)Nj&kOFD;5mBez&*3Zd$@Z7cT^VXiHXW8+zvOWDRrTpSe^;?wA
zyz}{ap6&7bA_3PM5siH9`K~-}Ax@iRznn)nrDS{+5o?+Ka&OS0L(6Iq>se%nmLy6s
zi(T6CzUU|TGUn{#<!C!Tm*<d-Zwd6?I@T~M_w}13@s^_3@0IJ?Oi!2O>AUNa+8-1r
zFDa%)R_FA6P1kug@Aqo8q!x?%w4_$Fy{T(|pXI-V{n9g><-bB6>%2)m(w=FAR1s0*
zN!$LceLt2YB8AtKz2OO{+u}Ad1jK*HDE-JZBDo$pUQ-T&JLDno=*ftEQm>G@kdA%{
zHT{uiAvZKb?1`UOCTsim^`mFX89bZS&Np>4N(1GrUI<EX6;%Z6r8`#0e3Q{Yx3O!^
zbt=)UJ^~B{e%jf#aai&_!f9)t$V?vTj~qNJH>#SaN}Y-22E5*&p5?Jz6T3VHm*xM+
zj9N@PimQT)tX`D76t%gLGxSOqP6NV6jyLjy!FkTTwCSs;fLlEaYU5kJa#WV7mT57_
zz}9GqF+3Pt7XeSnt4^!)tPt_M1k!BT#5%@_z-<pMuluzsOLCBA%bj{)j@&V_@jlVS
zs21Gc=H_wSU#rYm6Tf^JH6H9uARF-RqfFj>pO`vs*P!Ic%i7$)N;gWc;U(HL@5Sz(
zT$J@-Z;*;gw32Jene~`i57)Tpi?CK$(V6v_)*8;Nhev8N>k(1HWm*ra0p99meq!t|
z`7apZ5%XIez5|cF#3SLEU6J#rhVEU8MX;}UWMmQWA!$q8()L;xlnEO&|Is>KG*EQI
zuRAO>|Cx=>&Z_yHXSY9_ng4m(*rn|m?Fh#4UM$%1I1jz)mEY!};$a^tW@%Ru<Gs_*
zYFDXLe5Gh*a?G2b46Q7lti?<lqL%F_57NmP>dkVhUsvx*VKh8=U5!_GM}!ejQ!9<t
z=&KH3R=AVch*MEzL;`oU*J*Ja7&7jpFPJ8Bf}f*ao%n^bNwl?Hs=$ClP}cO6^WhN@
zl~`nEW0fsjUTidrGKpWQrb9NUm^#lGDfo#x4fxD!$n$8+stLQC29EnAeiZjvv`y48
zTK;|a#VS+HpS0R_VwTW4mc8Xv0-icj?{puEBhf3w>D?ZdF^O{yzpAgF;;GML5iItX
z%I|%7x+a~UL=|dYjI#N9eU9l@N8Dj+vpCvf4rCJk1InPDN9@j-f0g9%s~2mM%x$&n
zQX^k4oW(hh5`O1x!>&u<Fv-b@IE9t?yf)9AB#&$;`q+MnhbLFFPQy#P75P(st;JjQ
zOIMpaLqC~}<mVCEd&hw-ue|e|2+uw|(#yG}Zf&mhS{tesiR1VyD?={cL#t`zz*0#U
zazkbVLU)migQJjlqfyQN*6CQ%jf|pcOy|CDk_NsC{~*qO)UrRs=YC>oAP!}3?QYV@
zZOY$K#`Bv5msKZR4n)j2Dx-x}x|X;#*8#{DJpW#62I^dj?A#;rjems?hTI#kA_e?1
z5Ym}jwO9dmm^oc;Yy{?*jQgA)SRJP$&>Coiy3H$nL|ao^kJb6n=b2>OTAhyhI6jI&
zY4v&e@6KIs{$=3O9$q)QMt%;s?cvpOJb5nvbkU3Xz&S71c%4?Uvf51JR@cp0wWY)|
z-S7*1WP5%$s=P7ISB#Z*XC1dr#>Tqxt4I8Pk)N`tR~<X$Jc5kf3@}PAkF!^yCnw=4
z_fw{`@n2SbNSw$RjklbC19xpXEiFV)H+u9@)y8*;nq*Zm`t+ROTrhplIv&o>L%Hu*
z_d#cT<1*ZS4^H^{_@?f|6D71`r5XRU`NqFr4*$d~m%Gb@C9}MUJ@J8OUGS?<czABX
zY*&=i*7!fM((!uRHR*QZI3n(|ox1h$+CJ5eV7Q2^+34N#F78T9<+yZjIbzg^zPf&M
zM39>u`t;9XnGT+hock&s^_lOym#9rX1doRJ07?_<`Y&C3+zYL3#67jf|BXzcRhZB_
z?%^eQZHQ$D$g><Ol4RG?uGlXL**>vd@k|IFIBO!dAR3vJqMl*1vv+695#oLDS4Qnn
zIWj=R1LHXj-`jFPWDGg)RF97OX$iieB3zPZ;JQ5L@)|tzSQv-4_tc-4eUBBjD=^>y
z>PCnQhe^iq-jR2U%KG$!Wm!BzvWgn=HpKYemy8&m_)*F$5Di$Y$$i5kIItF+bz%)z
ztunjibts<UGM+ZxH6ArxW!Y??$TNKKJR@>`nd}@nEXx3QCC?*bxIZvja>T{war&v8
zbA)HC?D-z9Sz^_0!FUg?-PWCbKDX=IT9mk!=!?Xo8K7l53dHB_W>t8e#iCkU=C9qy
zo)PC&Vy1tL521g51mY|0Mv3hi&M!9QcX7L!<@}TdXBZ<}8u;(7vPOYufARhRSZVJU
zVMWM+9!g%2D$_Dne-nFgGY<hjx{WL3qKhM1?ua9hQ?xUga(k}W@n=s9JU<dG&{2#*
zUT;Tj9;N!sx~;e>TWJ>BGKfSI?i~iFz&WNH(Au1$#sZDQmU$^lYKN9(ug+`6E$52A
zaiqKLF?Usq8QfY@z{VuATaFr<vefUVwfMdp;%mf?aZcCHJlCPmJtEJ!mXQ1DYw+hf
z-s?KSgn0_FyXE${k6-Fu&c)j_Tf5n8#}HP&t$E;)`q~{oZ~%TnNoB0yvHT?}m%$4>
z<lf~d+Rv=yAJ<BnXXEEmuvB;*JYS;UTPXY3e%GpWY-#UmanhHYBe|XVchhCL9!sZ;
z!`fx~B2PuZQfJ1quFw@kRmgSiw`9Cd!gj$+9TG5neOZfIlvCO!+s~UG)A;{L3OgfM
zUu=}yAB*7PsnNMsxB1MXw{t9RMe~fwsCeyzW@b*0D*QW7eI+tEo8NU+{*_zlJeJ=Q
z|67ENB!Fx4Y#ihKHZykIE9@qb6?Uh*JydbaY%yiYC3vhg*&^E!wHDytvqkNlYqT@5
zK9zkubJ(7B-e0}MQ+CN2z*W>6nGaFVrGOKoc9-+&Jb`D;+F32WM7hWJjp}5)#;!hN
zZB(BdJaHnz{CM-?*~!my5%wH3IP5`MJ9M<1i2aT!6y~&%(HES-%jC(Z`1+9W2u%#1
z+_UFw<uy&7W$99~8@tU3zhpg#=KU-f7<cKbd1h9%1s0tPy^f1so|Q3d7=^-zHJakB
zMfF{bv!5)v#SM`u0#=KiY&4&>3ps0wr`_c+cw1X(32%G6fClMc6u8BoJQ}M-4_fw;
zb_SV`)rF*PzYH$-Sx5Dbxtzz0i}H$%5=!R-GPf3$8P`zjM08gEVu171Yf&)j$s*=5
zx>84K8Q-G>v(-O#`O_ewjq7$K$FiE}F@w95@VbWUvt&q}J*SJfpsmwv<Ti!c)tV6v
zZV4yjG)Z~CChhPacp~2jN7$1B;SST<bslgZCa-(x>gAB3nm%^^vl>yWNko^JeK2g>
zJ@OFoRN2_^DP_`n_`Wlo7W%=t)b(DR>I?tNGX3bWurIF3p|jaEAIWrOtYs9Qz_Iah
zIXaflp2}D1y;6c5*G`Ynp9kuXmc^^cr57l%M|LVR*C_!lI@HgO=6VsFlIb=MMXu1N
zOR98?c;6{!PkzX+Tdon9+y`zy`3uYKmYiJ&{CeAIA&+GFJF5jVjA4DidGP)DWI>Fw
zlf?P^N$=Pb=CNaK9Jb{ce1jpA+?p=1T!>Ks9rHiJ33YINFn&2%kB|e-SYvbd1Zx`u
zv_gi;-(x{PxG!Q{Wik{{=U!w<<+g{_mKVo%$g6X1n_8YBcKen4BXxN~I@}^ew$Nm(
zJiX9QYdD@<D>z_{E|b1)!<C(i-j}R#e$sqrtO7few)cfpaXOLxD=HIRQ=lQyo36Ee
z+}esF-(NrbV4kKw5wgyo5vR`fY0jgD@S^u=@@&$2(oAQ2maIR!p~hb><9TH3x}fHP
zp!Z98MoN&&u8(Fmq2I%Y|J^Hc&$2Gn)19lz@wYAA4jfd8Y)DSe@?;3F6`Y(VzKgh{
z`A_qF?QQjor`>^RkFcCZ?i=;#>*?}~p()0%*kMCMVN=dp6}z6eq14gtx0QBbI+*&n
zVN<;4H5k*Lw9ChwBsWU?yw79Jj5ofTev2W`O&Y{OhiF;b(T#DPHz!$5j6OZ>u8!)y
z3;2&j{X82~^0-5rdto!)V279tTi36*oXXe28=gUO>+N_6$)4$rs2*@^c@$w$#n;9w
zCG>wpy)xb>soB`kzcUjOGkWxBH@bF;c0^gnvhL({Eg#g~IbKl(W$pvyzpKd@aW}X7
z_0czyhr65YPty*6Du2>atYJkteakq<HN)I9t(q*0tr~wBU!QCqzC6FLU}wF?w<}j&
jwzrBl|IO9fh-Hg%tkQ3r>=#$TM+q}m?#q^J38w!C$XmU-

literal 0
HcmV?d00001

diff --git a/Group Policy Objects/README.md b/Group Policy Objects/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/LICENSE.md b/LICENSE.md
new file mode 100644
index 0000000..4b97bdb
--- /dev/null
+++ b/LICENSE.md
@@ -0,0 +1,3 @@
+This Work was prepared by a United States Government employee and, therefore, is excluded from copyright by Section 105 of the Copyright Act of 1976.
+
+Copyright and Related Rights in the Work worldwide are waived through the [CC0 1.0](https://creativecommons.org/publicdomain/zero/1.0/) [Universal license](https://creativecommons.org/publicdomain/zero/1.0/legalcode).
diff --git a/LICENSE.spdx b/LICENSE.spdx
new file mode 100644
index 0000000..f126344
--- /dev/null
+++ b/LICENSE.spdx
@@ -0,0 +1,16 @@
+SPDXVersion: SPDX-2.1
+DataLicense: CC0-1.0
+SPDXID: SPDXRef-LICENSE
+DocumentName: LICENSE
+DocumentNamespace: https://github.com/iadgov/BitLocker-Guidance
+Creator: iadgovuser1
+Created: 2018-02-12T11:00:00Z
+PackageName: BitLocker-Guidance
+PackageSupplier: National Security Agency
+PackageDownloadLocation: https://github.com/iadgov/BitLocker-Guidance/archive/master.zip
+PackageLicenseConcluded: CC0-1.0
+PackageHomePage: https://github.com/iadgov/BitLocker-Guidance/
+PackageLicenseDeclared: CC0-1.0
+PackageLicenseComments: This Work was prepared by a United States Government employee and, therefore, is excluded from copyright by Section 105 of the Copyright Act of 1976. Copyright and Related Rights in the Work worldwide are waived through the CC0 1.0 Universal license.
+PackageCopyrightText: This Work was prepared by a United States Government employee and, therefore, is excluded from copyright by Section 105 of the Copyright Act of 1976. Copyright and Related Rights in the Work worldwide are waived through the CC0 1.0 Universal license.
+PackageSummary: Configuration guidance for implementing BitLocker.
\ No newline at end of file
diff --git a/README.md b/README.md
index 102e4d3..bb0f78d 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,51 @@
-# BitLocker-Guidance
-Configuration guidance for implementing BitLocker. iadgov
+# Microsoft BitLocker
+
+[Microsoft BitLocker](https://technet.microsoft.com/en-us/library/cc731549.aspx) is a full volume encryption feature built into Windows. BitLocker is intended to protect data on devices that have been lost or stolen. BitLocker is available in the Ultimate and Enterprise editions of Windows Vista and Windows 7 and in the Professional and Enterprise editions of Windows 8 and later. A [Group Policy Object](./Group Policy Objects/Computer/) for BitLocker is included in the SHB. The Group Policy Object contains recommended security settings for BitLocker on Windows 10 Version 1511 and later.
+
+[NIST](http://www.nist.gov/) [FIPS 140-2](http://csrc.nist.gov/groups/STM/cmvp/index.html) validation of Windows 10 BitLocker modules was completed on June 2, 2016 as evidenced in certificate numbers [2601](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2601), [2602](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2602), and [2603](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2603).
+
+A [BitLocker PowerShell module](./Scripts) has been provided to aid in provisioning BitLocker. [Microsoft BitLocker Administration and Monitoring](https://technet.microsoft.com/en-us/windows/hh826072.aspx) is another option for provisioning BitLocker.
+
+## Importing the BitLocker Group Policy
+
+### Importing the BitLocker domain Group Policy
+Use the PowerShell Group Policy commands to import the BitLocker Group Policy into a domain. Run the following command on a domain controller from a PowerShell prompt running as a domain administrator. 
+
+```
+Invoke-ApplySecureHostBaseline -Path '.\Secure-Host-Baseline' -PolicyNames 'BitLocker'
+```
+
+### Importing the AppLocker local Group Policy
+Use Microsoft's LGPO tool to apply the BitLocker Group Policy to a standalone system. Run the following command from a command prompt running as a local administrator.
+
+```
+Invoke-ApplySecureHostBaseline -Path '.\Secure-Host-Baseline' -PolicyNames 'BitLocker' -ToolPath '.\LGPO\lgpo.exe'
+```
+
+## Common issues
+
+### Conflicting BitLocker startup options
+* **Issue**: Error message: *The Group Policy settings for BitLocker startup options are in conflict and cannot be applied*. Error code: 0x8031005B
+* **Explanation**: The 'Require additional authentication at startup' policy description text can be misleading on how to correctly configure it.
+* **Resolution**: 
+    1. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption** > **Operating System Drives**
+    1. Change the **Require additional authentication at startup** policy to configure all 4 dropdown menu options to **Allow** *OR* set 1 option to **Require** and the other 3 options to **Do not allow**.
+    1. Run **gpupdate /force** from the command line.
+
+### Support for pre-boot PIN entry on tablets
+
+* **Issue**: Error message: *No pre-boot keyboard detected. The user may not be able to provide required input to unlock the volume*. Error code: 0x803100B5
+* **Explanation**: BitLocker checks if the system is a tablet. If it is a tablet, then BitLocker displays the above error message when trying to use a PIN protector. BitLocker doesn't check if the system supports a pre-boot keyboard. Some tablets may have a BIOS that supports a software keyboard. For example, the [Dell Venue 11 Pro](http://www.dell.com/support/Article/us/en/19/SLN293013/EN), [Surface Pro 3, and Surface Pro 4](https://blogs.technet.microsoft.com/askpfeplat/2014/07/13/bitlocker-pin-on-surface-pro-3-and-other-tablets/) support entering a BitLocker PIN at pre-boot with a BIOS software keyboard. Some tablets may have detachable keyboard that works during pre-boot. For example, the Surface Pro 2 with [firmware update from March 2014](https://www.microsoft.com/surface/en-us/support/install-update-activate/pro-2-history), Surface Pro 3, and Surface Pro 4 support entering a BitLocker PIN at pre-boot with their detachable keyboards. If the tablet does not support a BIOS software keyboard or a detachable keyboard that works during pre-boot, then configuring the below policy will require a USB keyboard be plugged into the tablet to enter a BitLocker PIN at pre-boot. Contact the OEM to inquire about tablet support for this specific scenario.
+* **Resolution**: 
+    1. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption**
+    1. Set the **Enable use of BitLocker authentication requiring preboot keyboard input on slates** policy to **Enabled**.
+    1. Run **gpupdate /force** from the command line.
+
+## License
+See [LICENSE](./LICENSE.md).
+
+## Contributing
+See [CONTRIBUTING](./CONTRIBUTING.md).
+
+## Disclaimer
+See [DISCLAIMER](./DISCLAIMER.md).
\ No newline at end of file
diff --git a/Scripts/BitLocker.psm1 b/Scripts/BitLocker.psm1
new file mode 100644
index 0000000..b31323e
--- /dev/null
+++ b/Scripts/BitLocker.psm1
@@ -0,0 +1,219 @@
+#requires -RunAsAdministrator
+#requires -version 3
+Set-StrictMode -Version 3
+
+Function Get-BitLockerStatus() {
+    <#
+    .SYNOPSIS
+    Starts the BitLocker encryption process for a drive.
+
+    .DESCRIPTION
+    Starts the BitLocker encryption process for a drive.
+
+    .PARAMETER Drive
+    The drive letter, including : character, to enable BitLocker on.
+
+    .EXAMPLE
+    Get-BitLockerStatus -Drive $env:SYSTEMDRIVE
+    #>
+    [CmdletBinding()] 
+    #[OutputType([FveApi.FVE_STATUS])] # throws an error since the type isn't added until the function has executed
+    Param(
+        [Parameter(Mandatory=$true, HelpMessage='The drive letter, including : character, to get the BitLocker status for')]
+        [ValidateNotNullOrEmpty()]
+        [ValidatePattern('^[A-Z]:$')]
+        [string]$Drive
+    )
+    Begin {
+$type = @'
+        using System.Runtime.InteropServices;
+        using System;
+
+        namespace FveApi {
+            [StructLayout(LayoutKind.Sequential)]
+            public struct FVE_STATUS {
+                public uint Size;
+                public uint Version;
+                public uint Flags;
+                public double ConversionPercent;
+                public long ConversionStatus;
+            }
+
+            public class NativeMethods {
+                [DllImport("fveapi.dll", CharSet=CharSet.Unicode)]
+                public static extern int FveGetStatusW(String volume, ref FVE_STATUS status);
+            }
+        }
+'@
+        Add-Type $type
+    }
+    Process {
+
+        $bitlockerDrives = [System.IO.DriveInfo[]]@([System.IO.DriveInfo]::GetDrives()| Where-Object { $_.DriveType -eq [System.IO.DriveType]::Fixed -or $_.DriveType -eq [System.IO.DriveType]::Removable })
+
+        if("$Drive\" -in @($bitlockerDrives | ForEach-Object { $_.Name })) {
+            throw "Cannot get BitLocker status for $Drive"
+        }
+
+        [FveApi.FVE_STATUS]$status = New-Object FveApi.FVE_STATUS
+        $status.Size = [System.Runtime.InteropServices.Marshal]::SizeOf($status)
+        $status.Version = 1;
+
+        $value = [FveApi.NativeMethods]::FveGetStatusW("\\.\$Drive", [ref] $status)
+
+        if(0 -ne $value) {
+            throw ('Retrieving BitLocker status failed with error 0x{0:X8}' -f $value)
+        }
+
+        return $status
+    }
+}
+
+Function Start-BitLockerEncryption() {
+    <#
+    .SYNOPSIS
+    Starts the BitLocker encryption process for a drive.
+
+    .DESCRIPTION
+    Starts the BitLocker encryption process for a drive.
+
+    .PARAMETER Drive
+    The drive letter, including : character, to enable BitLocker on.
+
+    .PARAMETER UsePin
+    Specifies to use a PIN along with a TPM.
+
+    .PARAMETER Pin
+    Specifies the PIN rather than being prompted for it.
+
+    .PARAMETER RecoveryPath
+    The path of a folder to store recovery password information.
+
+    .PARAMETER Restart
+    Specifies to restart the system, if needed, so the BitLocker encryption process can start.
+
+    .EXAMPLE
+    Start-BitLockerEncryption -Drive $env:SYSTEMDRIVE -RecoveryPath ($env:USERPROFILE,'Desktop' -join '\')
+
+    .EXAMPLE
+    Start-BitLockerEncryption -Drive $env:SYSTEMDRIVE -RecoveryPath ($env:USERPROFILE,'Desktop' -join '\') -UsePin
+
+    .EXAMPLE
+    Start-BitLockerEncryption -Drive $env:SYSTEMDRIVE -RecoveryPath ($env:USERPROFILE,'Desktop' -join '\') -UsePin -Pin ('12345678' | ConvertTo-SecureString -AsPlainText -Force)
+
+    .EXAMPLE
+    Start-BitLockerEncryption -Drive $env:SYSTEMDRIVE -RecoveryPath ($env:USERPROFILE,'Desktop' -join '\') -UsePin -Pin  ('12345678' | ConvertTo-SecureString -AsPlainText -Force) -UseActiveDirectory -Restart
+    #>
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWMICmdlet', '', Scope='Function')]
+    [CmdletBinding()] 
+    [OutputType([System.Version])]
+    Param(
+        [Parameter(Mandatory=$true, HelpMessage='The drive letter, including : character, to enable BitLocker on')]
+        [ValidateNotNullOrEmpty()]
+        [ValidatePattern('^[A-Z]:$')]
+        [string]$Drive,
+
+        [Parameter(Mandatory=$false, HelpMessage='Specifies to use a PIN along with a TPM')]
+        [switch]$UsePin,
+
+        [Parameter(Mandatory=$false, HelpMessage='Specifies the PIN rather than being prompted for it')]
+        [ValidateNotNullOrEmpty()]
+        [System.Security.SecureString]$Pin,
+
+        [Parameter(Mandatory=$false, HelpMessage='The path of a folder to store recovery password information')]
+        [ValidateNotNullOrEmpty()]
+        [System.IO.DirectoryInfo]$RecoveryPath,
+
+        [Parameter(Mandatory=$false, HelpMessage='Specifies to restart the system so the BitLocker encryption process can start')]
+        [switch]$Restart 
+    )
+
+    $bitlockerDrives = [System.IO.DriveInfo[]]@([System.IO.DriveInfo]::GetDrives()| Where-Object { $_.DriveType -eq [System.IO.DriveType]::Fixed -or $_.DriveType -eq [System.IO.DriveType]::Removable })
+
+    if("$Drive\" -in @($bitlockerDrives | ForEach-Object { $_.Name })) {
+        throw "$Drive cannot be encrypted by BitLocker"
+    }
+
+    $tpm = Get-WmiObject -Class 'Win32_Tpm' -Namespace 'root\CIMV2\Security\MicrosoftTpm'
+
+    #if(-not($tpm.IsReady().IsReady)) {
+    #    $readyBitmask = $tpm.IsReadyInformation().Information
+    #    $message = 'TPM is not ready for use by BitLocker. TPM must be provisioned. ReadyInformation bitmask: 0x{0:X8} See https://msdn.microsoft.com/en-us/library/windows/desktop/jj660284(v=vs.85).aspx for more information.' -f $readyBitmask    
+    #    throw $message 
+    #}
+
+    if ($RecoveryPath -ne $null) {
+        if (-not(Test-Path -Path $RecoveryPath.FullName -PathType Container)) {
+            throw "$RecoveryPath not found"
+        }
+    }
+
+    $isDomainJoined = (Get-WmiObject -Class 'Win32_ComputerSystem').PartOfDomain
+
+    $volume = Get-BitLockerVolume -MountPoint $Drive
+
+    $volumeDetails = Get-WmiObject -Class 'Win32_EncryptableVolume' -Namespace 'root\cimv2\Security\MicrosoftVolumeEncryption' -Filter "DriveLetter='$Drive'"
+
+    if ($volume.ProtectionStatus -eq [Microsoft.BitLocker.Structures.BitLockerVolumeProtectionStatus]::Off -and -not($volumeDetails.IsVolumeInitializedForProtection)) {
+        if ($UsePin) {
+            if ($Pin -eq $null) {
+                $bitlockerPin = Read-Host -AsSecureString -Prompt 'Enter BitLocker PIN'
+            } else {
+                $bitlockerPin = $Pin            
+            }
+
+            try {
+                $volume = Enable-BitLocker -MountPoint $Drive -PIN $bitlockerPin -TpmAndPinProtector -ErrorAction Stop -Verbose:$false # 4>$null
+            } catch [System.Runtime.InteropServices.COMException] {
+                $errorNumber = $_.Exception.HResult
+
+                $message = $_.Exception.Message
+                $fix = ''
+
+                switch ($errorNumber) {
+                    0x8031005B { $fix = "Change the 'Require additional authentication at startup' policy to configure all 4 dropdown menu options to 'Allow' OR set 1 option to 'Require' and the other 3 options to 'Do not allow'" ; break }
+                    0x803100B5 { $fix = "Set the 'Enable use of BitLocker authentication requiring preboot keyboard input on slates' policy to Enabled"; break }
+                    default {}
+                }
+
+                throw ($message,$fix -join ([System.Environment]::NewLine))
+            }
+
+            $bitlockerPin.Dispose()
+            $Pin.Dispose()
+        } else {
+            $volume = Enable-BitLocker -MountPoint $Drive -TpmProtector -ErrorAction Stop -Verbose:$false # 4>$null
+        }
+        
+        $volume = Add-BitLockerKeyProtector -MountPoint $Drive -RecoveryPasswordProtector -ErrorAction Stop -Verbose:$false # 4>$null
+    }
+
+    if($VerbosePreference -ne [System.Management.Automation.ActionPreference]::SilentlyContinue) {
+        $volume.KeyProtector | ForEach-Object {
+            Write-Verbose -Message ('Protector Type: {0} Protector ID: {1} Protector Password: {2}' -f $_.KeyProtectorType,$_.KeyProtectorId,$_.RecoveryPassword)
+        }
+    }
+
+    $recoveryPasswordProtector = $volume.KeyProtector | Where-Object { $_.KeyProtectorType -eq [Microsoft.BitLocker.Structures.BitLockerVolumeKeyProtectorType]::RecoveryPassword }
+
+    
+    if ($RecoveryPath -ne $null) {
+        $recoveryFile = '{0}\{1}_bitlocker_{2}.txt' -f $RecoveryPath.FullName,$env:COMPUTERNAME,$recoveryPasswordProtector.KeyProtectorId
+
+        $volume.KeyProtector | ForEach-Object { 'Protector Type: {0} Protector ID: {1} Protector Password: {2}' -f $_.KeyProtectorType,$_.KeyProtectorId,$_.RecoveryPassword } | Out-File -FilePath $RecoveryFile -NoNewLine -Force
+    }
+
+    if ($UseActiveDirectory -and $isDomainJoined) {
+        $volume = Backup-BitLockerKeyProtector -MountPoint $Drive -KeyProtectorId $recoveryPasswordProtector.KeyProtectorId -ErrorAction Stop -Verbose:$false
+
+        # TODO: test that the recovery password was successfully written to AD
+    }
+
+    $status = Get-BitLockerStatus -Drive $Drive
+
+    $needsReboot = $status.Flags -band 0x2 -eq 0x2
+    
+    if ($Restart -and $needsReboot) {
+        Restart-Computer -Force
+    }
+}