ࡱ>   f2ɀ\pMatthew N. Wojcik Ba==)1V1/8X@"1Calibri1Calibri1Calibri1Calibri1Arial1Arial1Arial1Arial1Arial1Arial10Arial Unicode MS1 Arial10Arial Unicode MS1Verdana1Arial1Arial1Calibri1 Calibri1 Arial1Calibri1Arial14Calibri1 Calibri1Calibri1Calibri1Calibri1,8Calibri18Calibri18Calibri1>Calibri14Calibri1<Calibri1<Arial1Arial1Calibri1?Calibri1h8Cambria1Calibri1 Calibri"$"#,##0_);\("$"#,##0\)!"$"#,##0_);[Red]\("$"#,##0\)""$"#,##0.00_);\("$"#,##0.00\)'""$"#,##0.00_);[Red]\("$"#,##0.00\)7*2_("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_).))_(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)?,:_("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)6+1_(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_)[$-409]General                                                                       ( (     ff + ) , *      P  P         `  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d (   !                                                                                                                                                               "                                                                                       " " " " " " " " " " "                                                                                                                                  "  " " " " " " " " " "  " " " " " " " " " "  " " " " " " " " " "  " " " " " " " " " "  " " " " " " " " " "  " " "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "                                                                                                                                              " " " " " " " " " "                                                " " " " " " " " "  " "           " " " " " " " " " "  " " " " " " " " " "  " " " " " " " " " "  "  " " " "       (   (                   #            "    $    % & a> '  (x@ @   (<@ @  (4@ @  (p@ @   (8@ @  (p@ @ +  p@ @ +  (x@ @   (p@ @ >  (0@ @  x@ @   8@ @  x@ @   x@ @ +  x@ @  x@ @ >  8@ @  (x@ @   8@ @  (x@ @ +  (x@ @ +  (x@ @ +  (x@ @ >  (x@ @   (p@ @  x@ @ +  (x@ @ +  (@ @ +  (<@ @  (<@ @  (8@ @  (x@ @ + . (|@ @ +  (<@ @  (x@ @   (|@ @  (x@ @   (t@ @  (x@ @  (t@ @ a(x@ @  (x@ @   x@ @  "(|@ @  1 (|@ @   (|@ @  (|@ @ >  )|@ @  )|@ @ >  )|@ @ "(|@ @   )|@ @ (|@ @  (x@ @  x@ @  (x@ @ ||rUgU}-} 00\);_(*}-} 00\);_(*}-} 00\);_(*}-} 00\);_(*}-} 00\);_(*}-} 00\);_(*}-} 00\);_(*}-} 00\);_(*}-} 00\);_(*}-}  00\);_(*}-}  00\);_(*}-}  00\);_(*}-}  00\);_(*}-}  00\);_(*}-} 00\);_(*}-} 00\);_(*}A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef ;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L ;_(@_) }A} 00\);_(*23;_(@_) }A} 00\);_(*23;_(@_) }A} 00\);_(*23;_(@_) }A} 00\);_(*23;_(@_) }A}  00\);_(*23;_(@_) }A}! 00\);_(*23 ;_(@_) }A}" 00\);_(*;_(@_) }A}# 00\);_(*;_(@_) }A}$ 00\);_(*;_(@_) }A}% 00\);_(*;_(@_) }A}& 00\);_(*;_(@_) }A}' 00\);_(* ;_(@_) }<}( 00\);_(* ;_(}A}) 00\);_(*;_(@_) }<}* 00\);_(*;_(}(}+00\);_(*}}- }00\);_(*;_(@_)    }}. 00\);_(*;_(@_) ??? ??? ??? ???}-}/ 00\);_(*}-}0 00\);_(*}-}1 00\);_(*}-}2 00\);_(*}(}3 00\);_(*}-}4 00\);_(*}A}5 a00\);_(*;_(@_) }A}6 00\);_(*;_(@_) }A}7 00\);_(*?;_(@_) }A}8 00\);_(*23;_(@_) }-}9 00\);_(*}}; ??v00\);_(*̙;_(@_)    }A}< }00\);_(*;_(@_) }A} e00\);_(*;_(@_) }<} e00\);_(*;_(}(}H 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(}+ 00\);_(*}(}- 00\);_(*}(}. 00\);_(*}(}/ 00\);_(*}(}0 00\);_(*}(}1 00\);_(*}(}2 00\);_(*}(}3 00\);_(*}(}4 00\);_(*}(}5 00\);_(*}(}6 00\);_(*}(}8 00\);_(*}(}9 00\);_(*}(}: 00\);_(*}(}; 00\);_(*}(}< 00\);_(*}(}= 00\);_(*}(}> 00\);_(*}(}? 00\);_(*}(}@ 00\);_(*}(}A 00\);_(*}(}C 00\);_(*}(}D 00\);_(*}(}E 00\);_(*}(}F 00\);_(*}(}G 00\);_(*}(}H 00\);_(*}(}I 00\);_(*}(}J 00\);_(*}(}K 00\);_(*}(}L 00\);_(*}(}N 00\);_(*}(}O 00\);_(*}(}P 00\);_(*}(}Q 00\);_(*}(}R 00\);_(*}(}S 00\);_(*}(}T 00\);_(*}(}U 00\);_(*}(}V 00\);_(*}(}W 00\);_(*}(}Y 00\);_(*}(}Z 00\);_(*}(}[ 00\);_(*}(}\ 00\);_(*}(}] 00\);_(*}(}^ 00\);_(*}(}_ 00\);_(*}(}` 00\);_(*}(}a 00\);_(*}(}b 00\);_(*}(}d 00\);_(*}(}e 00\);_(*}(}f 00\);_(*}(}  00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}-} 00\);_(*}(} 00\);_(*}(}  00\);_(*}(}  00\);_(*}(}  00\);_(*}(}  00\);_(*}}*}}2 00\);_(*;_(@_)    }}3 00\);_(*;_(   }}4 ???00\);_(*;_(??? ???  ???  ???}-}5 00\);_(*}-}7 00\);_(*}U}8 00\);_(*;_( }-}9 00\);_(*}(}:00\);_(*}(}=00\);_(*}(}?00\);_(*}(}@00\);_(*}(}A00\);_(*}(}BO00\);_(*}(}D00\);_(*}(}F00\);_(*}(}G00\);_(*}(}H00\);_(*}(}IO00\);_(*}(}K00\);_(*}(}M00\);_(*}(}N00\);_(*}(}O00\);_(*}(}PO00\);_(*}(}Q00\);_(*}(}S00\);_(*}(}T00\);_(*}(}U00\);_(*}(}Y00\);_(*}(}Z00\);_(*}(}\00\);_(*}(}^00\);_(*}(}_00\);_(*}(}c00\);_(*}t}d`V@?}}e V@`V@?}t}f`V@?}<}gOV@ef}(}hOV@}<}iV@ef}(}jV@}(}l V@ 20% - Accent1M 20% - Accent1 ef % 20% - Accent2M" 20% - Accent2 ef % 20% - Accent3M& 20% - Accent3 ef % 20% - Accent4M* 20% - Accent4 ef % 20% - Accent5M. 20% - Accent5 ef % 20% - Accent6M2 20% - Accent6  ef % 40% - Accent1M 40% - Accent1 L % 40% - Accent2M# 40% - Accent2 L渷 % 40% - Accent3M' 40% - Accent3 L % 40% - Accent4M+ 40% - Accent4 L % 40% - Accent5M/ 40% - Accent5 L % 40% - Accent6M3 40% - Accent6  Lմ % 60% - Accent1M 60% - Accent1 23 % 60% - Accent2M$ 60% - Accent2 23ږ % 60% - Accent3M( 60% - Accent3 23כ % 60% - Accent4M, 60% - Accent4 23 % 60% - Accent5M0 60% - Accent5 23 %! 60% - Accent6M4 60% - Accent6  23 % "Accent1AAccent1 O % #Accent2A!Accent2 PM % $Accent3A%Accent3 Y % %Accent4A)Accent4 d % &Accent5A-Accent5 K % 'Accent6A1Accent6  F %( Accent6 2@ Accent6 2  F )Bad9Bad  % *Bad 28Bad 2  +Blue Background@Blue Background  ,Bold- Calculation Calculation  }% . Check Cell Check Cell  %????????? ???/ Comma0( Comma [0]1&Currency2. Currency [0]3Excel Built-in Normal 1PExcel Built-in Normal 1 4Explanatory TextG5Explanatory Text % 5Good;Good  a%6 Heading 1G Heading 1 I}%O7 Heading 2G Heading 2 I}%?8 Heading 3G Heading 3 I}%239 Heading 49 Heading 4 I}%: Hyperlink 2, Hyperlink 2 ;InputuInput ̙ ??v% < Linked CellK Linked Cell }% =Mine >Mine 10 ?Mine 11 @Mine 12 AMine 13 BMine 14 CMine 15 DMine 16 EMine 17 FMine 18 GMine 19 HMine 2I Mine 2 10J Mine 2 11K Mine 2 12L Mine 2 13M Mine 2 14N Mine 2 15O Mine 2 16P Mine 2 17Q Mine 2 18R Mine 2 19 SMine 2 2T Mine 2 20U Mine 2 21V Mine 2 22W Mine 2 23X Mine 2 24Y Mine 2 25Z Mine 2 26[ Mine 2 27\ Mine 2 28] Mine 2 29 ^Mine 2 3_ Mine 2 30` Mine 2 31a Mine 2 32b Mine 2 33c Mine 2 34d Mine 2 35e Mine 2 36f Mine 2 37g Mine 2 38h Mine 2 39 iMine 2 4j Mine 2 40k Mine 2 41l Mine 2 42m Mine 2 43n Mine 2 44o Mine 2 45p Mine 2 46q Mine 2 47r Mine 2 48s Mine 2 49 tMine 2 5u Mine 2 50v Mine 2 51w Mine 2 52x Mine 2 53y Mine 2 54 zMine 2 6 {Mine 2 7 |Mine 2 8 }Mine 2 9 ~Mine 20 Mine 21 Mine 22 Mine 23 Mine 24 Mine 25 Mine 26 Mine 27 Mine 28 Mine 29 Mine 3 Mine 30 Mine 31 Mine 32 Mine 33 Mine 34 Mine 35 Mine 36 Mine 37 Mine 38 Mine 39 Mine 4 Mine 40 Mine 41 Mine 42 Mine 43 Mine 44 Mine 45 Mine 46 Mine 47 Mine 48 Mine 49 Mine 5 Mine 50 Mine 51 Mine 52 Mine 53 Mine 54 Mine 6 Mine 7 Mine 8 Mine 9 My Normal NeutralANeutral  e% Neutral 2@ Neutral 2  e3Normal % Normal 10 Normal 10 2 Normal 109 Normal 109 2 Normal 109 3 Normal 11 Normal 110 Normal 110 2 Normal 110 3 Normal 12 Normal 127 Normal 127 2 Normal 13 Normal 135 Normal 135 2 Normal 136 Normal 136 2 Normal 137 Normal 137 2 Normal 138 Normal 138 2 Normal 139 Normal 139 2 Normal 14 Normal 140 Normal 140 2 Normal 143 Normal 143 2 Normal 144 Normal 144 2 Normal 15 Normal 16 Normal 17 Normal 18 Normal 19 Normal 2 Normal 2 10 Normal 2 10 2 Normal 2 11 Normal 2 12 Normal 2 13 Normal 2 14 Normal 2 15 Normal 2 16 Normal 2 17 Normal 2 18Normal 2 18 10Normal 2 18 10 2Normal 2 18 10 3Normal 2 18 11Normal 2 18 11 2Normal 2 18 12Normal 2 18 12 2Normal 2 18 13Normal 2 18 13 2Normal 2 18 14Normal 2 18 14 2Normal 2 18 15Normal 2 18 15 2Normal 2 18 16Normal 2 18 16 2Normal 2 18 17Normal 2 18 17 2Normal 2 18 18Normal 2 18 18 2Normal 2 18 19Normal 2 18 19 2 Normal 2 18 2Normal 2 18 20Normal 2 18 20 2Normal 2 18 21Normal 2 18 21 2Normal 2 18 22Normal 2 18 22 2Normal 2 18 23Normal 2 18 23 2Normal 2 18 24Normal 2 18 25Normal 2 18 26Normal 2 18 27 Normal 2 18 3Normal 2 18 3 2Normal 2 18 3 3 Normal 2 18 4Normal 2 18 4 2Normal 2 18 4 3 Normal 2 18 5Normal 2 18 5 2Normal 2 18 5 3 Normal 2 18 6Normal 2 18 6 2Normal 2 18 6 3 Normal 2 18 7Normal 2 18 7 2 Normal 2 18 7 3  Normal 2 18 8 Normal 2 18 8 2 Normal 2 18 8 3  Normal 2 18 9Normal 2 18 9 2Normal 2 18 9 3 Normal 2 19Normal 2 19 10Normal 2 19 10 2Normal 2 19 10 3Normal 2 19 11Normal 2 19 11 2Normal 2 19 12Normal 2 19 12 2Normal 2 19 13Normal 2 19 13 2Normal 2 19 14Normal 2 19 14 2Normal 2 19 15Normal 2 19 15 2Normal 2 19 16Normal 2 19 16 2 Normal 2 19 17!Normal 2 19 17 2"Normal 2 19 18#Normal 2 19 18 2$Normal 2 19 19%Normal 2 19 19 2& Normal 2 19 2'Normal 2 19 20(Normal 2 19 20 2)Normal 2 19 21*Normal 2 19 21 2+Normal 2 19 22,Normal 2 19 22 2-Normal 2 19 23.Normal 2 19 23 2/Normal 2 19 240Normal 2 19 251Normal 2 19 262Normal 2 19 273 Normal 2 19 34Normal 2 19 3 25Normal 2 19 3 36 Normal 2 19 47Normal 2 19 4 28Normal 2 19 4 39 Normal 2 19 5:Normal 2 19 5 2;Normal 2 19 5 3< Normal 2 19 6=Normal 2 19 6 2>Normal 2 19 6 3? Normal 2 19 7@Normal 2 19 7 2ANormal 2 19 7 3B Normal 2 19 8CNormal 2 19 8 2DNormal 2 19 8 3E Normal 2 19 9FNormal 2 19 9 2GNormal 2 19 9 3H Normal 2 26 Normal 2 2 I Normal 2 2 10J Normal 2 2 11K Normal 2 2 12L Normal 2 2 13M Normal 2 2 14N Normal 2 2 15O Normal 2 2 16P Normal 2 2 17Q Normal 2 2 18R Normal 2 2 19S Normal 2 2 2TNormal 2 2 2 10UNormal 2 2 2 10 2VNormal 2 2 2 10 3WNormal 2 2 2 11XNormal 2 2 2 11 2YNormal 2 2 2 11 3ZNormal 2 2 2 12[Normal 2 2 2 12 2\Normal 2 2 2 12 3]Normal 2 2 2 13^Normal 2 2 2 13 2_Normal 2 2 2 13 3`Normal 2 2 2 14aNormal 2 2 2 14 2bNormal 2 2 2 14 3cNormal 2 2 2 15dNormal 2 2 2 15 2eNormal 2 2 2 16fNormal 2 2 2 16 2gNormal 2 2 2 17hNormal 2 2 2 17 2iNormal 2 2 2 18jNormal 2 2 2 18 2kNormal 2 2 2 19lNormal 2 2 2 2mNormal 2 2 2 20nNormal 2 2 2 21oNormal 2 2 2 22pNormal 2 2 2 23qNormal 2 2 2 24rNormal 2 2 2 25sNormal 2 2 2 26tNormal 2 2 2 27uNormal 2 2 2 28vNormal 2 2 2 29wNormal 2 2 2 3xNormal 2 2 2 3 2yNormal 2 2 2 3 3zNormal 2 2 2 3 4{Normal 2 2 2 3 5|Normal 2 2 2 3 6}Normal 2 2 2 30~Normal 2 2 2 30 2Normal 2 2 2 31Normal 2 2 2 31 2Normal 2 2 2 32Normal 2 2 2 32 2Normal 2 2 2 33Normal 2 2 2 33 2Normal 2 2 2 34Normal 2 2 2 34 2Normal 2 2 2 35Normal 2 2 2 35 2Normal 2 2 2 36Normal 2 2 2 36 2Normal 2 2 2 37Normal 2 2 2 37 2Normal 2 2 2 38Normal 2 2 2 39Normal 2 2 2 4Normal 2 2 2 40Normal 2 2 2 41Normal 2 2 2 42Normal 2 2 2 43Normal 2 2 2 44Normal 2 2 2 45Normal 2 2 2 46Normal 2 2 2 47Normal 2 2 2 48Normal 2 2 2 48 2Normal 2 2 2 49Normal 2 2 2 5Normal 2 2 2 5 2Normal 2 2 2 5 3Normal 2 2 2 5 4Normal 2 2 2 50@Normal 2 2 2 50 Normal 2 2 2 50 2DNormal 2 2 2 50 2 Normal 2 2 2 50 3DNormal 2 2 2 50 3 Normal 2 2 2 50 4DNormal 2 2 2 50 4 Normal 2 2 2 50 5DNormal 2 2 2 50 5 Normal 2 2 2 50 6DNormal 2 2 2 50 6 Normal 2 2 2 50 7DNormal 2 2 2 50 7 Normal 2 2 2 50 8DNormal 2 2 2 50 8 Normal 2 2 2 51@Normal 2 2 2 51 Normal 2 2 2 52@Normal 2 2 2 52 Normal 2 2 2 53@Normal 2 2 2 53 Normal 2 2 2 54Normal 2 2 2 55Normal 2 2 2 56Normal 2 2 2 57Normal 2 2 2 58Normal 2 2 2 59Normal 2 2 2 6Normal 2 2 2 60Normal 2 2 2 7Normal 2 2 2 7 2Normal 2 2 2 7 3Normal 2 2 2 8Normal 2 2 2 8 2Normal 2 2 2 8 3Normal 2 2 2 9Normal 2 2 2 9 2Normal 2 2 2 9 3 Normal 2 2 20 Normal 2 2 21 Normal 2 2 22 Normal 2 2 23 Normal 2 2 24 Normal 2 2 25Normal 2 2 25 10Normal 2 2 25 10 2Normal 2 2 25 10 3Normal 2 2 25 11Normal 2 2 25 11 2Normal 2 2 25 12Normal 2 2 25 12 2Normal 2 2 25 13Normal 2 2 25 13 2Normal 2 2 25 14Normal 2 2 25 14 2Normal 2 2 25 15Normal 2 2 25 15 2Normal 2 2 25 16Normal 2 2 25 16 2Normal 2 2 25 17Normal 2 2 25 17 2Normal 2 2 25 18Normal 2 2 25 18 2Normal 2 2 25 19Normal 2 2 25 19 2Normal 2 2 25 2Normal 2 2 25 20Normal 2 2 25 20 2Normal 2 2 25 21Normal 2 2 25 21 2Normal 2 2 25 22Normal 2 2 25 22 2Normal 2 2 25 23Normal 2 2 25 23 2Normal 2 2 25 24Normal 2 2 25 25Normal 2 2 25 3Normal 2 2 25 3 2Normal 2 2 25 3 3Normal 2 2 25 4Normal 2 2 25 4 2Normal 2 2 25 4 3Normal 2 2 25 5Normal 2 2 25 5 2Normal 2 2 25 5 3Normal 2 2 25 6Normal 2 2 25 6 2Normal 2 2 25 6 3Normal 2 2 25 7Normal 2 2 25 7 2Normal 2 2 25 7 3Normal 2 2 25 8Normal 2 2 25 8 2Normal 2 2 25 8 3Normal 2 2 25 9Normal 2 2 25 9 2Normal 2 2 25 9 3 Normal 2 2 26 Normal 2 2 27 Normal 2 2 28Normal 2 2 28 10Normal 2 2 28 10 2Normal 2 2 28 11Normal 2 2 28 11 2Normal 2 2 28 12Normal 2 2 28 12 2Normal 2 2 28 13Normal 2 2 28 13 2Normal 2 2 28 14Normal 2 2 28 14 2Normal 2 2 28 15Normal 2 2 28 15 2Normal 2 2 28 16Normal 2 2 28 16 2Normal 2 2 28 17Normal 2 2 28 17 2 Normal 2 2 28 18 Normal 2 2 28 18 2 Normal 2 2 28 19 Normal 2 2 28 19 2 Normal 2 2 28 2Normal 2 2 28 2 2Normal 2 2 28 2 3Normal 2 2 28 20Normal 2 2 28 20 2Normal 2 2 28 21Normal 2 2 28 21 2Normal 2 2 28 22Normal 2 2 28 22 2Normal 2 2 28 3Normal 2 2 28 3 2Normal 2 2 28 3 3Normal 2 2 28 4Normal 2 2 28 4 2Normal 2 2 28 4 3Normal 2 2 28 5Normal 2 2 28 5 2Normal 2 2 28 5 3Normal 2 2 28 6 Normal 2 2 28 6 2!Normal 2 2 28 6 3"Normal 2 2 28 7#Normal 2 2 28 7 2$Normal 2 2 28 7 3%Normal 2 2 28 8&Normal 2 2 28 8 2'Normal 2 2 28 8 3(Normal 2 2 28 9)Normal 2 2 28 9 2*Normal 2 2 28 9 3+ Normal 2 2 29< Normal 2 2 29 , Normal 2 2 3- Normal 2 2 30< Normal 2 2 30 . Normal 2 2 31< Normal 2 2 31 / Normal 2 2 32< Normal 2 2 32 0 Normal 2 2 33< Normal 2 2 33 1 Normal 2 2 34< Normal 2 2 34 2 Normal 2 2 35< Normal 2 2 35 3 Normal 2 2 36< Normal 2 2 36 4 Normal 2 2 37< Normal 2 2 37 5 Normal 2 2 38< Normal 2 2 38 6 Normal 2 2 39< Normal 2 2 39 7 Normal 2 2 48 Normal 2 2 40< Normal 2 2 40 9 Normal 2 2 41< Normal 2 2 41 : Normal 2 2 42< Normal 2 2 42 ; Normal 2 2 43< Normal 2 2 43 < Normal 2 2 44< Normal 2 2 44 = Normal 2 2 45< Normal 2 2 45 > Normal 2 2 46< Normal 2 2 46 ? Normal 2 2 47< Normal 2 2 47 @ Normal 2 2 48< Normal 2 2 48 A Normal 2 2 49< Normal 2 2 49 B Normal 2 2 5C Normal 2 2 50< Normal 2 2 50 D Normal 2 2 51< Normal 2 2 51 E Normal 2 2 52< Normal 2 2 52 F Normal 2 2 53< Normal 2 2 53 G Normal 2 2 54< Normal 2 2 54 H Normal 2 2 55< Normal 2 2 55 I Normal 2 2 56< Normal 2 2 56 J Normal 2 2 57< Normal 2 2 57 K Normal 2 2 58< Normal 2 2 58 L Normal 2 2 59< Normal 2 2 59 M Normal 2 2 6N Normal 2 2 60< Normal 2 2 60 O Normal 2 2 61< Normal 2 2 61 P Normal 2 2 62< Normal 2 2 62 Q Normal 2 2 63< Normal 2 2 63 R Normal 2 2 64< Normal 2 2 64 S Normal 2 2 65< Normal 2 2 65 T Normal 2 2 66< Normal 2 2 66 U Normal 2 2 67< Normal 2 2 67 V Normal 2 2 68< Normal 2 2 68 W Normal 2 2 69< Normal 2 2 69 X Normal 2 2 7Y Normal 2 2 70< Normal 2 2 70 Z Normal 2 2 71< Normal 2 2 71 [ Normal 2 2 72< Normal 2 2 72 \ Normal 2 2 73< Normal 2 2 73 ] Normal 2 2 74< Normal 2 2 74 ^ Normal 2 2 75< Normal 2 2 75 _ Normal 2 2 76< Normal 2 2 76 ` Normal 2 2 77< Normal 2 2 77 a Normal 2 2 78< Normal 2 2 78 b Normal 2 2 79< Normal 2 2 79 c Normal 2 2 8d Normal 2 2 80< Normal 2 2 80 e Normal 2 2 85< Normal 2 2 85 f Normal 2 2 86< Normal 2 2 86 g Normal 2 2 9h Normal 2 20iNormal 2 20 10jNormal 2 20 10 2kNormal 2 20 10 3lNormal 2 20 11mNormal 2 20 11 2nNormal 2 20 12oNormal 2 20 12 2pNormal 2 20 13qNormal 2 20 13 2rNormal 2 20 14sNormal 2 20 14 2tNormal 2 20 15uNormal 2 20 15 2vNormal 2 20 16wNormal 2 20 16 2xNormal 2 20 17yNormal 2 20 17 2zNormal 2 20 18{Normal 2 20 18 2|Normal 2 20 19}Normal 2 20 19 2~ Normal 2 20 2Normal 2 20 20Normal 2 20 20 2Normal 2 20 21Normal 2 20 21 2Normal 2 20 22Normal 2 20 22 2Normal 2 20 23Normal 2 20 23 2Normal 2 20 24Normal 2 20 25Normal 2 20 26Normal 2 20 27 Normal 2 20 3Normal 2 20 3 2Normal 2 20 3 3 Normal 2 20 4Normal 2 20 4 2Normal 2 20 4 3 Normal 2 20 5Normal 2 20 5 2Normal 2 20 5 3 Normal 2 20 6Normal 2 20 6 2Normal 2 20 6 3 Normal 2 20 7Normal 2 20 7 2Normal 2 20 7 3 Normal 2 20 8Normal 2 20 8 2Normal 2 20 8 3 Normal 2 20 9Normal 2 20 9 2Normal 2 20 9 3 Normal 2 21Normal 2 21 10Normal 2 21 10 2Normal 2 21 10 3Normal 2 21 11Normal 2 21 11 2Normal 2 21 12Normal 2 21 12 2Normal 2 21 13Normal 2 21 13 2Normal 2 21 14Normal 2 21 14 2Normal 2 21 15Normal 2 21 15 2Normal 2 21 16Normal 2 21 16 2Normal 2 21 17Normal 2 21 17 2Normal 2 21 18Normal 2 21 18 2Normal 2 21 19Normal 2 21 19 2 Normal 2 21 2Normal 2 21 20Normal 2 21 20 2Normal 2 21 21Normal 2 21 21 2Normal 2 21 22Normal 2 21 22 2Normal 2 21 23Normal 2 21 23 2Normal 2 21 24Normal 2 21 25Normal 2 21 26Normal 2 21 27 Normal 2 21 3Normal 2 21 3 2Normal 2 21 3 3 Normal 2 21 4Normal 2 21 4 2Normal 2 21 4 3 Normal 2 21 5Normal 2 21 5 2Normal 2 21 5 3 Normal 2 21 6Normal 2 21 6 2Normal 2 21 6 3 Normal 2 21 7Normal 2 21 7 2Normal 2 21 7 3 Normal 2 21 8Normal 2 21 8 2Normal 2 21 8 3 Normal 2 21 9Normal 2 21 9 2Normal 2 21 9 3 Normal 2 22Normal 2 22 10Normal 2 22 10 2Normal 2 22 10 3Normal 2 22 11Normal 2 22 11 2Normal 2 22 12Normal 2 22 12 2Normal 2 22 13Normal 2 22 13 2Normal 2 22 14Normal 2 22 14 2Normal 2 22 15Normal 2 22 15 2Normal 2 22 16Normal 2 22 16 2Normal 2 22 17Normal 2 22 17 2Normal 2 22 18Normal 2 22 18 2Normal 2 22 19Normal 2 22 19 2 Normal 2 22 2Normal 2 22 20Normal 2 22 20 2Normal 2 22 21Normal 2 22 21 2Normal 2 22 22Normal 2 22 22 2Normal 2 22 23Normal 2 22 23 2Normal 2 22 24Normal 2 22 25Normal 2 22 26Normal 2 22 27 Normal 2 22 3Normal 2 22 3 2Normal 2 22 3 3 Normal 2 22 4Normal 2 22 4 2Normal 2 22 4 3 Normal 2 22 5Normal 2 22 5 2Normal 2 22 5 3 Normal 2 22 6Normal 2 22 6 2Normal 2 22 6 3 Normal 2 22 7Normal 2 22 7 2 Normal 2 22 7 3  Normal 2 22 8 Normal 2 22 8 2 Normal 2 22 8 3  Normal 2 22 9Normal 2 22 9 2Normal 2 22 9 3 Normal 2 23Normal 2 23 10Normal 2 23 10 2Normal 2 23 10 3Normal 2 23 11Normal 2 23 11 2Normal 2 23 12Normal 2 23 12 2Normal 2 23 13Normal 2 23 13 2Normal 2 23 14Normal 2 23 14 2Normal 2 23 15Normal 2 23 15 2Normal 2 23 16Normal 2 23 16 2 Normal 2 23 17!Normal 2 23 17 2"Normal 2 23 18#Normal 2 23 18 2$Normal 2 23 19%Normal 2 23 19 2& Normal 2 23 2'Normal 2 23 20(Normal 2 23 20 2)Normal 2 23 21*Normal 2 23 21 2+Normal 2 23 22,Normal 2 23 22 2-Normal 2 23 23.Normal 2 23 23 2/Normal 2 23 240Normal 2 23 251Normal 2 23 262Normal 2 23 273 Normal 2 23 34Normal 2 23 3 25Normal 2 23 3 36 Normal 2 23 47Normal 2 23 4 28Normal 2 23 4 39 Normal 2 23 5:Normal 2 23 5 2;Normal 2 23 5 3< Normal 2 23 6=Normal 2 23 6 2>Normal 2 23 6 3? Normal 2 23 7@Normal 2 23 7 2ANormal 2 23 7 3B Normal 2 23 8CNormal 2 23 8 2DNormal 2 23 8 3E Normal 2 23 9FNormal 2 23 9 2GNormal 2 23 9 3H Normal 2 24INormal 2 24 10JNormal 2 24 10 2KNormal 2 24 10 3LNormal 2 24 11MNormal 2 24 11 2NNormal 2 24 12ONormal 2 24 12 2PNormal 2 24 13QNormal 2 24 13 2RNormal 2 24 14SNormal 2 24 14 2TNormal 2 24 15UNormal 2 24 15 2VNormal 2 24 16WNormal 2 24 16 2XNormal 2 24 17YNormal 2 24 17 2ZNormal 2 24 18[Normal 2 24 18 2\Normal 2 24 19]Normal 2 24 19 2^ Normal 2 24 2_Normal 2 24 20`Normal 2 24 20 2aNormal 2 24 21bNormal 2 24 21 2cNormal 2 24 22dNormal 2 24 22 2eNormal 2 24 23fNormal 2 24 23 2gNormal 2 24 24hNormal 2 24 25iNormal 2 24 26jNormal 2 24 27k Normal 2 24 3lNormal 2 24 3 2mNormal 2 24 3 3n Normal 2 24 4oNormal 2 24 4 2pNormal 2 24 4 3q Normal 2 24 5rNormal 2 24 5 2sNormal 2 24 5 3t Normal 2 24 6uNormal 2 24 6 2vNormal 2 24 6 3w Normal 2 24 7xNormal 2 24 7 2yNormal 2 24 7 3z Normal 2 24 8{Normal 2 24 8 2|Normal 2 24 8 3} Normal 2 24 9~Normal 2 24 9 2Normal 2 24 9 3 Normal 2 25Normal 2 25 10Normal 2 25 10 2Normal 2 25 10 3Normal 2 25 11Normal 2 25 11 2Normal 2 25 12Normal 2 25 12 2Normal 2 25 13Normal 2 25 13 2Normal 2 25 14Normal 2 25 14 2Normal 2 25 15Normal 2 25 15 2Normal 2 25 16Normal 2 25 16 2Normal 2 25 17Normal 2 25 17 2Normal 2 25 18Normal 2 25 18 2Normal 2 25 19Normal 2 25 19 2 Normal 2 25 2Normal 2 25 20Normal 2 25 20 2Normal 2 25 21Normal 2 25 21 2Normal 2 25 22Normal 2 25 22 2Normal 2 25 23Normal 2 25 23 2Normal 2 25 24Normal 2 25 25Normal 2 25 26Normal 2 25 27 Normal 2 25 3Normal 2 25 3 2Normal 2 25 3 3 Normal 2 25 4Normal 2 25 4 2Normal 2 25 4 3 Normal 2 25 5Normal 2 25 5 2Normal 2 25 5 3 Normal 2 25 6Normal 2 25 6 2Normal 2 25 6 3 Normal 2 25 7Normal 2 25 7 2Normal 2 25 7 3 Normal 2 25 8Normal 2 25 8 2Normal 2 25 8 3 Normal 2 25 9Normal 2 25 9 2Normal 2 25 9 3 Normal 2 26Normal 2 26 10Normal 2 26 10 2Normal 2 26 10 3Normal 2 26 11Normal 2 26 11 2Normal 2 26 12Normal 2 26 12 2Normal 2 26 13Normal 2 26 13 2Normal 2 26 14Normal 2 26 14 2Normal 2 26 15Normal 2 26 15 2Normal 2 26 16Normal 2 26 16 2Normal 2 26 17Normal 2 26 17 2Normal 2 26 18Normal 2 26 18 2Normal 2 26 19Normal 2 26 19 2 Normal 2 26 2Normal 2 26 20Normal 2 26 20 2Normal 2 26 21Normal 2 26 21 2Normal 2 26 22Normal 2 26 22 2Normal 2 26 23Normal 2 26 23 2Normal 2 26 24Normal 2 26 25Normal 2 26 26Normal 2 26 27 Normal 2 26 3Normal 2 26 3 2Normal 2 26 3 3 Normal 2 26 4Normal 2 26 4 2Normal 2 26 4 3 Normal 2 26 5Normal 2 26 5 2Normal 2 26 5 3 Normal 2 26 6Normal 2 26 6 2Normal 2 26 6 3 Normal 2 26 7Normal 2 26 7 2Normal 2 26 7 3 Normal 2 26 8Normal 2 26 8 2Normal 2 26 8 3 Normal 2 26 9Normal 2 26 9 2Normal 2 26 9 3 Normal 2 27Normal 2 27 10Normal 2 27 10 2Normal 2 27 10 3Normal 2 27 11Normal 2 27 11 2Normal 2 27 12Normal 2 27 12 2Normal 2 27 13Normal 2 27 13 2Normal 2 27 14Normal 2 27 14 2Normal 2 27 15Normal 2 27 15 2Normal 2 27 16Normal 2 27 16 2Normal 2 27 17Normal 2 27 17 2Normal 2 27 18Normal 2 27 18 2Normal 2 27 19Normal 2 27 19 2 Normal 2 27 2Normal 2 27 20Normal 2 27 20 2 Normal 2 27 21 Normal 2 27 21 2 Normal 2 27 22 Normal 2 27 22 2 Normal 2 27 23Normal 2 27 23 2Normal 2 27 24Normal 2 27 25Normal 2 27 26Normal 2 27 27 Normal 2 27 3Normal 2 27 3 2Normal 2 27 3 3 Normal 2 27 4Normal 2 27 4 2Normal 2 27 4 3 Normal 2 27 5Normal 2 27 5 2Normal 2 27 5 3 Normal 2 27 6Normal 2 27 6 2Normal 2 27 6 3 Normal 2 27 7 Normal 2 27 7 2!Normal 2 27 7 3" Normal 2 27 8#Normal 2 27 8 2$Normal 2 27 8 3% Normal 2 27 9&Normal 2 27 9 2'Normal 2 27 9 3( Normal 2 28)Normal 2 28 10*Normal 2 28 10 2+Normal 2 28 10 3,Normal 2 28 11-Normal 2 28 11 2.Normal 2 28 12/Normal 2 28 12 20Normal 2 28 131Normal 2 28 13 22Normal 2 28 143Normal 2 28 14 24Normal 2 28 155Normal 2 28 15 26Normal 2 28 167Normal 2 28 16 28Normal 2 28 179Normal 2 28 17 2:Normal 2 28 18;Normal 2 28 18 2<Normal 2 28 19=Normal 2 28 19 2> Normal 2 28 2?Normal 2 28 20@Normal 2 28 20 2ANormal 2 28 21BNormal 2 28 21 2CNormal 2 28 22DNormal 2 28 22 2ENormal 2 28 23FNormal 2 28 23 2GNormal 2 28 24HNormal 2 28 25INormal 2 28 26JNormal 2 28 27K Normal 2 28 3LNormal 2 28 3 2MNormal 2 28 3 3N Normal 2 28 4ONormal 2 28 4 2PNormal 2 28 4 3Q Normal 2 28 5RNormal 2 28 5 2SNormal 2 28 5 3T Normal 2 28 6UNormal 2 28 6 2VNormal 2 28 6 3W Normal 2 28 7XNormal 2 28 7 2YNormal 2 28 7 3Z Normal 2 28 8[Normal 2 28 8 2\Normal 2 28 8 3] Normal 2 28 9^Normal 2 28 9 2_Normal 2 28 9 3` Normal 2 29a Normal 2 3b Normal 2 30cNormal 2 30 10dNormal 2 30 10 2eNormal 2 30 10 3fNormal 2 30 11gNormal 2 30 11 2hNormal 2 30 12iNormal 2 30 12 2jNormal 2 30 13kNormal 2 30 13 2lNormal 2 30 14mNormal 2 30 14 2nNormal 2 30 15oNormal 2 30 15 2pNormal 2 30 16qNormal 2 30 16 2rNormal 2 30 17sNormal 2 30 17 2tNormal 2 30 18uNormal 2 30 18 2vNormal 2 30 19wNormal 2 30 19 2x Normal 2 30 2yNormal 2 30 20zNormal 2 30 20 2{Normal 2 30 21|Normal 2 30 21 2}Normal 2 30 22~Normal 2 30 22 2Normal 2 30 23Normal 2 30 23 2Normal 2 30 24Normal 2 30 25Normal 2 30 26Normal 2 30 27 Normal 2 30 3Normal 2 30 3 2Normal 2 30 3 3 Normal 2 30 4Normal 2 30 4 2Normal 2 30 4 3 Normal 2 30 5Normal 2 30 5 2Normal 2 30 5 3 Normal 2 30 6Normal 2 30 6 2Normal 2 30 6 3 Normal 2 30 7Normal 2 30 7 2Normal 2 30 7 3 Normal 2 30 8Normal 2 30 8 2Normal 2 30 8 3 Normal 2 30 9Normal 2 30 9 2Normal 2 30 9 3 Normal 2 31Normal 2 31 10Normal 2 31 10 2Normal 2 31 10 3Normal 2 31 11Normal 2 31 11 2Normal 2 31 12Normal 2 31 12 2Normal 2 31 13Normal 2 31 13 2Normal 2 31 14Normal 2 31 14 2Normal 2 31 15Normal 2 31 15 2Normal 2 31 16Normal 2 31 16 2Normal 2 31 17Normal 2 31 17 2Normal 2 31 18Normal 2 31 18 2Normal 2 31 19Normal 2 31 19 2 Normal 2 31 2Normal 2 31 20Normal 2 31 20 2Normal 2 31 21Normal 2 31 21 2Normal 2 31 22Normal 2 31 22 2Normal 2 31 23Normal 2 31 23 2Normal 2 31 24Normal 2 31 25Normal 2 31 26Normal 2 31 27 Normal 2 31 3Normal 2 31 3 2Normal 2 31 3 3 Normal 2 31 4Normal 2 31 4 2Normal 2 31 4 3 Normal 2 31 5Normal 2 31 5 2Normal 2 31 5 3 Normal 2 31 6Normal 2 31 6 2Normal 2 31 6 3 Normal 2 31 7Normal 2 31 7 2Normal 2 31 7 3 Normal 2 31 8Normal 2 31 8 2Normal 2 31 8 3 Normal 2 31 9Normal 2 31 9 2Normal 2 31 9 3 Normal 2 32Normal 2 32 10Normal 2 32 10 2Normal 2 32 10 3Normal 2 32 11Normal 2 32 11 2Normal 2 32 12Normal 2 32 12 2Normal 2 32 13Normal 2 32 13 2Normal 2 32 14Normal 2 32 14 2Normal 2 32 15Normal 2 32 15 2Normal 2 32 16Normal 2 32 16 2Normal 2 32 17Normal 2 32 17 2Normal 2 32 18Normal 2 32 18 2Normal 2 32 19Normal 2 32 19 2 Normal 2 32 2Normal 2 32 20Normal 2 32 20 2Normal 2 32 21Normal 2 32 21 2Normal 2 32 22Normal 2 32 22 2Normal 2 32 23Normal 2 32 23 2Normal 2 32 24Normal 2 32 25Normal 2 32 26Normal 2 32 27 Normal 2 32 3Normal 2 32 3 2Normal 2 32 3 3 Normal 2 32 4Normal 2 32 4 2Normal 2 32 4 3 Normal 2 32 5Normal 2 32 5 2Normal 2 32 5 3 Normal 2 32 6Normal 2 32 6 2Normal 2 32 6 3 Normal 2 32 7Normal 2 32 7 2Normal 2 32 7 3 Normal 2 32 8Normal 2 32 8 2Normal 2 32 8 3 Normal 2 32 9Normal 2 32 9 2 Normal 2 32 9 3  Normal 2 33 Normal 2 33 10 Normal 2 33 10 2 Normal 2 33 10 3Normal 2 33 11Normal 2 33 11 2Normal 2 33 12Normal 2 33 12 2Normal 2 33 13Normal 2 33 13 2Normal 2 33 14Normal 2 33 14 2Normal 2 33 15Normal 2 33 15 2Normal 2 33 16Normal 2 33 16 2Normal 2 33 17Normal 2 33 17 2Normal 2 33 18Normal 2 33 18 2Normal 2 33 19Normal 2 33 19 2  Normal 2 33 2!Normal 2 33 20"Normal 2 33 20 2#Normal 2 33 21$Normal 2 33 21 2%Normal 2 33 22&Normal 2 33 22 2'Normal 2 33 23(Normal 2 33 23 2)Normal 2 33 24*Normal 2 33 25+Normal 2 33 26,Normal 2 33 27- Normal 2 33 3.Normal 2 33 3 2/Normal 2 33 3 30 Normal 2 33 41Normal 2 33 4 22Normal 2 33 4 33 Normal 2 33 54Normal 2 33 5 25Normal 2 33 5 36 Normal 2 33 67Normal 2 33 6 28Normal 2 33 6 39 Normal 2 33 7:Normal 2 33 7 2;Normal 2 33 7 3< Normal 2 33 8=Normal 2 33 8 2>Normal 2 33 8 3? Normal 2 33 9@Normal 2 33 9 2ANormal 2 33 9 3B Normal 2 34CNormal 2 34 10DNormal 2 34 10 2ENormal 2 34 10 3FNormal 2 34 11GNormal 2 34 11 2HNormal 2 34 12INormal 2 34 12 2JNormal 2 34 13KNormal 2 34 13 2LNormal 2 34 14MNormal 2 34 14 2NNormal 2 34 15ONormal 2 34 15 2PNormal 2 34 16QNormal 2 34 16 2RNormal 2 34 17SNormal 2 34 17 2TNormal 2 34 18UNormal 2 34 18 2VNormal 2 34 19WNormal 2 34 19 2X Normal 2 34 2YNormal 2 34 20ZNormal 2 34 20 2[Normal 2 34 21\Normal 2 34 21 2]Normal 2 34 22^Normal 2 34 22 2_Normal 2 34 23`Normal 2 34 23 2aNormal 2 34 24bNormal 2 34 25cNormal 2 34 26dNormal 2 34 27e Normal 2 34 3fNormal 2 34 3 2gNormal 2 34 3 3h Normal 2 34 4iNormal 2 34 4 2jNormal 2 34 4 3k Normal 2 34 5lNormal 2 34 5 2mNormal 2 34 5 3n Normal 2 34 6oNormal 2 34 6 2pNormal 2 34 6 3q Normal 2 34 7rNormal 2 34 7 2sNormal 2 34 7 3t Normal 2 34 8uNormal 2 34 8 2vNormal 2 34 8 3w Normal 2 34 9xNormal 2 34 9 2yNormal 2 34 9 3z Normal 2 35{Normal 2 35 10|Normal 2 35 10 2}Normal 2 35 10 3~Normal 2 35 11Normal 2 35 11 2Normal 2 35 12Normal 2 35 12 2Normal 2 35 13Normal 2 35 13 2Normal 2 35 14Normal 2 35 14 2Normal 2 35 15Normal 2 35 15 2Normal 2 35 16Normal 2 35 16 2Normal 2 35 17Normal 2 35 17 2Normal 2 35 18Normal 2 35 18 2Normal 2 35 19Normal 2 35 19 2 Normal 2 35 2Normal 2 35 20Normal 2 35 20 2Normal 2 35 21Normal 2 35 21 2Normal 2 35 22Normal 2 35 22 2Normal 2 35 23Normal 2 35 23 2Normal 2 35 24Normal 2 35 25Normal 2 35 26Normal 2 35 27 Normal 2 35 3Normal 2 35 3 2Normal 2 35 3 3 Normal 2 35 4Normal 2 35 4 2Normal 2 35 4 3 Normal 2 35 5Normal 2 35 5 2Normal 2 35 5 3 Normal 2 35 6Normal 2 35 6 2Normal 2 35 6 3 Normal 2 35 7Normal 2 35 7 2Normal 2 35 7 3 Normal 2 35 8Normal 2 35 8 2Normal 2 35 8 3 Normal 2 35 9Normal 2 35 9 2Normal 2 35 9 3 Normal 2 36 Normal 2 36 2Normal 2 36 2 10Normal 2 36 2 10 2Normal 2 36 2 11Normal 2 36 2 11 2Normal 2 36 2 12Normal 2 36 2 12 2Normal 2 36 2 13Normal 2 36 2 13 2Normal 2 36 2 14Normal 2 36 2 14 2Normal 2 36 2 15Normal 2 36 2 15 2Normal 2 36 2 16Normal 2 36 2 16 2Normal 2 36 2 17Normal 2 36 2 17 2Normal 2 36 2 18Normal 2 36 2 18 2Normal 2 36 2 19Normal 2 36 2 19 2Normal 2 36 2 2Normal 2 36 2 2 2Normal 2 36 2 2 3Normal 2 36 2 20Normal 2 36 2 20 2Normal 2 36 2 21Normal 2 36 2 21 2Normal 2 36 2 22Normal 2 36 2 22 2Normal 2 36 2 23Normal 2 36 2 24Normal 2 36 2 3Normal 2 36 2 3 2Normal 2 36 2 3 3Normal 2 36 2 4Normal 2 36 2 4 2Normal 2 36 2 4 3Normal 2 36 2 5Normal 2 36 2 5 2Normal 2 36 2 5 3Normal 2 36 2 6Normal 2 36 2 6 2Normal 2 36 2 6 3Normal 2 36 2 7Normal 2 36 2 7 2Normal 2 36 2 7 3Normal 2 36 2 8Normal 2 36 2 8 2Normal 2 36 2 8 3Normal 2 36 2 9Normal 2 36 2 9 2Normal 2 36 2 9 3 Normal 2 36 3 Normal 2 36 4 Normal 2 36 5 Normal 2 36 6 Normal 2 37 Normal 2 37 2Normal 2 37 2 10Normal 2 37 2 10 2Normal 2 37 2 11Normal 2 37 2 11 2Normal 2 37 2 12Normal 2 37 2 12 2Normal 2 37 2 13Normal 2 37 2 13 2Normal 2 37 2 14Normal 2 37 2 14 2Normal 2 37 2 15Normal 2 37 2 15 2Normal 2 37 2 16Normal 2 37 2 16 2Normal 2 37 2 17Normal 2 37 2 17 2Normal 2 37 2 18Normal 2 37 2 18 2Normal 2 37 2 19Normal 2 37 2 19 2Normal 2 37 2 2Normal 2 37 2 2 2Normal 2 37 2 2 3Normal 2 37 2 20Normal 2 37 2 20 2Normal 2 37 2 21Normal 2 37 2 21 2 Normal 2 37 2 22 Normal 2 37 2 22 2 Normal 2 37 2 23 Normal 2 37 2 24 Normal 2 37 2 3Normal 2 37 2 3 2Normal 2 37 2 3 3Normal 2 37 2 4Normal 2 37 2 4 2Normal 2 37 2 4 3Normal 2 37 2 5Normal 2 37 2 5 2Normal 2 37 2 5 3Normal 2 37 2 6Normal 2 37 2 6 2Normal 2 37 2 6 3Normal 2 37 2 7Normal 2 37 2 7 2Normal 2 37 2 7 3Normal 2 37 2 8Normal 2 37 2 8 2Normal 2 37 2 8 3Normal 2 37 2 9 Normal 2 37 2 9 2!Normal 2 37 2 9 3" Normal 2 37 3# Normal 2 37 4$ Normal 2 37 5% Normal 2 37 6& Normal 2 38' Normal 2 38 2(Normal 2 38 2 10)Normal 2 38 2 10 2*Normal 2 38 2 11+Normal 2 38 2 11 2,Normal 2 38 2 12-Normal 2 38 2 12 2.Normal 2 38 2 13/Normal 2 38 2 13 20Normal 2 38 2 141Normal 2 38 2 14 22Normal 2 38 2 153Normal 2 38 2 15 24Normal 2 38 2 165Normal 2 38 2 16 26Normal 2 38 2 177Normal 2 38 2 17 28Normal 2 38 2 189Normal 2 38 2 18 2:Normal 2 38 2 19;Normal 2 38 2 19 2<Normal 2 38 2 2=Normal 2 38 2 2 2>Normal 2 38 2 2 3?Normal 2 38 2 20@Normal 2 38 2 20 2ANormal 2 38 2 21BNormal 2 38 2 21 2CNormal 2 38 2 22DNormal 2 38 2 22 2ENormal 2 38 2 23FNormal 2 38 2 24GNormal 2 38 2 3HNormal 2 38 2 3 2INormal 2 38 2 3 3JNormal 2 38 2 4KNormal 2 38 2 4 2LNormal 2 38 2 4 3MNormal 2 38 2 5NNormal 2 38 2 5 2ONormal 2 38 2 5 3PNormal 2 38 2 6QNormal 2 38 2 6 2RNormal 2 38 2 6 3SNormal 2 38 2 7TNormal 2 38 2 7 2UNormal 2 38 2 7 3VNormal 2 38 2 8WNormal 2 38 2 8 2XNormal 2 38 2 8 3YNormal 2 38 2 9ZNormal 2 38 2 9 2[Normal 2 38 2 9 3\ Normal 2 39] Normal 2 39 2^Normal 2 39 2 10_Normal 2 39 2 10 2`Normal 2 39 2 11aNormal 2 39 2 11 2bNormal 2 39 2 12cNormal 2 39 2 12 2dNormal 2 39 2 13eNormal 2 39 2 13 2fNormal 2 39 2 14gNormal 2 39 2 14 2hNormal 2 39 2 15iNormal 2 39 2 15 2jNormal 2 39 2 16kNormal 2 39 2 16 2lNormal 2 39 2 17mNormal 2 39 2 17 2nNormal 2 39 2 18oNormal 2 39 2 18 2pNormal 2 39 2 19qNormal 2 39 2 19 2rNormal 2 39 2 2sNormal 2 39 2 2 2tNormal 2 39 2 2 3uNormal 2 39 2 20vNormal 2 39 2 20 2wNormal 2 39 2 21xNormal 2 39 2 21 2yNormal 2 39 2 22zNormal 2 39 2 22 2{Normal 2 39 2 23|Normal 2 39 2 24}Normal 2 39 2 3~Normal 2 39 2 3 2Normal 2 39 2 3 3Normal 2 39 2 4Normal 2 39 2 4 2Normal 2 39 2 4 3Normal 2 39 2 5Normal 2 39 2 5 2Normal 2 39 2 5 3Normal 2 39 2 6Normal 2 39 2 6 2Normal 2 39 2 6 3Normal 2 39 2 7Normal 2 39 2 7 2Normal 2 39 2 7 3Normal 2 39 2 8Normal 2 39 2 8 2Normal 2 39 2 8 3Normal 2 39 2 9Normal 2 39 2 9 2Normal 2 39 2 9 3 Normal 2 4 Normal 2 40Normal 2 40 10Normal 2 40 10 2Normal 2 40 11Normal 2 40 11 2Normal 2 40 12Normal 2 40 12 2Normal 2 40 13Normal 2 40 13 2Normal 2 40 14Normal 2 40 14 2Normal 2 40 15Normal 2 40 15 2Normal 2 40 16Normal 2 40 16 2Normal 2 40 17Normal 2 40 17 2Normal 2 40 18Normal 2 40 18 2Normal 2 40 19Normal 2 40 19 2 Normal 2 40 2Normal 2 40 2 2Normal 2 40 2 3Normal 2 40 20Normal 2 40 20 2Normal 2 40 21Normal 2 40 21 2Normal 2 40 22Normal 2 40 22 2Normal 2 40 23Normal 2 40 24 Normal 2 40 3Normal 2 40 3 2Normal 2 40 3 3 Normal 2 40 4Normal 2 40 4 2Normal 2 40 4 3 Normal 2 40 5Normal 2 40 5 2Normal 2 40 5 3 Normal 2 40 6Normal 2 40 6 2Normal 2 40 6 3 Normal 2 40 7Normal 2 40 7 2Normal 2 40 7 3 Normal 2 40 8Normal 2 40 8 2Normal 2 40 8 3 Normal 2 40 9Normal 2 40 9 2Normal 2 40 9 3 Normal 2 41Normal 2 41 10Normal 2 41 10 2Normal 2 41 11Normal 2 41 11 2Normal 2 41 12Normal 2 41 12 2Normal 2 41 13Normal 2 41 13 2Normal 2 41 14Normal 2 41 14 2Normal 2 41 15Normal 2 41 15 2Normal 2 41 16Normal 2 41 16 2Normal 2 41 17Normal 2 41 17 2Normal 2 41 18Normal 2 41 18 2Normal 2 41 19Normal 2 41 19 2 Normal 2 41 2Normal 2 41 2 2Normal 2 41 2 3Normal 2 41 20Normal 2 41 20 2Normal 2 41 21Normal 2 41 21 2Normal 2 41 22Normal 2 41 22 2 Normal 2 41 3Normal 2 41 3 2Normal 2 41 3 3 Normal 2 41 4Normal 2 41 4 2Normal 2 41 4 3 Normal 2 41 5Normal 2 41 5 2Normal 2 41 5 3 Normal 2 41 6Normal 2 41 6 2Normal 2 41 6 3 Normal 2 41 7Normal 2 41 7 2Normal 2 41 7 3 Normal 2 41 8Normal 2 41 8 2Normal 2 41 8 3 Normal 2 41 9Normal 2 41 9 2Normal 2 41 9 3 Normal 2 42 Normal 2 43 Normal 2 44 Normal 2 45 Normal 2 46 Normal 2 47 Normal 2 48 Normal 2 49 Normal 2 5 Normal 2 50 Normal 2 51 Normal 2 52 Normal 2 6 Normal 2 7  Normal 2 8  Normal 2 808 Normal 2 80   Normal 2 9  Normal 20  Normal 21 Normal 22 Normal 23 Normal 24 Normal 25 Normal 26 Normal 27 Normal 28 Normal 29 Normal 3 Normal 3 10 Normal 3 11 Normal 3 12 Normal 3 13 Normal 3 14 Normal 3 15 Normal 3 16 Normal 3 17 Normal 3 18  Normal 3 19! Normal 3 2" Normal 3 20# Normal 3 21$ Normal 3 22% Normal 3 23& Normal 3 24' Normal 3 25( Normal 3 26) Normal 3 27* Normal 3 28+ Normal 3 29, Normal 3 3- Normal 3 30. Normal 3 4/ Normal 3 50 Normal 3 61 Normal 3 72 Normal 3 83 Normal 3 94 Normal 305 Normal 316 Normal 327 Normal 338 Normal 349 Normal 35: Normal 36; Normal 37< Normal 38= Normal 39 >Normal 4? Normal 40@ Normal 41A Normal 42B Normal 43C Normal 44D Normal 45E Normal 46F Normal 47G Normal 48H Normal 49 INormal 5J Normal 50K Normal 51L Normal 52M Normal 53N Normal 54O Normal 55P Normal 56Q Normal 57R Normal 58S Normal 59 TNormal 6U Normal 6 2V Normal 6 2 10WNormal 6 2 10 2XNormal 6 2 10 3Y Normal 6 2 11ZNormal 6 2 11 2[ Normal 6 2 12\Normal 6 2 12 2] Normal 6 2 13^Normal 6 2 13 2_ Normal 6 2 14`Normal 6 2 14 2a Normal 6 2 15bNormal 6 2 15 2c Normal 6 2 16dNormal 6 2 16 2e Normal 6 2 17fNormal 6 2 17 2g Normal 6 2 18hNormal 6 2 18 2i Normal 6 2 19jNormal 6 2 19 2k Normal 6 2 2l Normal 6 2 20mNormal 6 2 20 2n Normal 6 2 21oNormal 6 2 21 2p Normal 6 2 22qNormal 6 2 22 2r Normal 6 2 23sNormal 6 2 23 2t Normal 6 2 24u Normal 6 2 25v Normal 6 2 26w Normal 6 2 27x Normal 6 2 3yNormal 6 2 3 2zNormal 6 2 3 3{ Normal 6 2 4|Normal 6 2 4 2}Normal 6 2 4 3~ Normal 6 2 5Normal 6 2 5 2Normal 6 2 5 3 Normal 6 2 6Normal 6 2 6 2Normal 6 2 6 3 Normal 6 2 7Normal 6 2 7 2Normal 6 2 7 3 Normal 6 2 8Normal 6 2 8 2Normal 6 2 8 3 Normal 6 2 9Normal 6 2 9 2Normal 6 2 9 3 Normal 6 3 Normal 60 Normal 61 Normal 62 Normal 63 Normal 64 Normal 65 Normal 66 Normal 67 Normal 68 Normal 69 Normal 7 108 Normal 7 10  Normal 7 118 Normal 7 11  Normal 7 128 Normal 7 12  Normal 7 138 Normal 7 13  Normal 7 148 Normal 7 14  Normal 7 158 Normal 7 15  Normal 7 168 Normal 7 16  Normal 7 178 Normal 7 17  Normal 7 188 Normal 7 18  Normal 7 198 Normal 7 19  Normal 7 2 Normal 7 2 10 Normal 7 2 11 Normal 7 2 12 Normal 7 2 13 Normal 7 2 14 Normal 7 2 15 Normal 7 2 16 Normal 7 2 17 Normal 7 2 18 Normal 7 2 19 Normal 7 2 2Normal 7 2 2 2Normal 7 2 2 3Normal 7 2 2 4Normal 7 2 2 5Normal 7 2 2 6 Normal 7 2 20 Normal 7 2 21 Normal 7 2 22 Normal 7 2 23 Normal 7 2 24 Normal 7 2 25 Normal 7 2 26 Normal 7 2 27 Normal 7 2 28 Normal 7 2 29 Normal 7 2 3 Normal 7 2 30 Normal 7 2 31 Normal 7 2 32 Normal 7 2 33 Normal 7 2 34 Normal 7 2 35 Normal 7 2 36 Normal 7 2 37 Normal 7 2 38 Normal 7 2 39 Normal 7 2 4 Normal 7 2 40 Normal 7 2 41 Normal 7 2 42 Normal 7 2 43 Normal 7 2 44 Normal 7 2 45 Normal 7 2 46 Normal 7 2 47 Normal 7 2 48< Normal 7 2 48 Normal 7 2 48 2@Normal 7 2 48 2 Normal 7 2 48 3@Normal 7 2 48 3 Normal 7 2 48 4@Normal 7 2 48 4 Normal 7 2 48 5@Normal 7 2 48 5 Normal 7 2 48 6@Normal 7 2 48 6 Normal 7 2 48 7@Normal 7 2 48 7 Normal 7 2 48 8@Normal 7 2 48 8  Normal 7 2 49< Normal 7 2 49  Normal 7 2 5 Normal 7 2 50< Normal 7 2 50  Normal 7 2 51< Normal 7 2 51  Normal 7 2 52 Normal 7 2 53 Normal 7 2 54 Normal 7 2 55 Normal 7 2 56 Normal 7 2 57 Normal 7 2 6 Normal 7 2 7 Normal 7 2 8 Normal 7 2 9 Normal 7 208 Normal 7 20  Normal 7 218 Normal 7 21  Normal 7 228 Normal 7 22  Normal 7 238 Normal 7 23  Normal 7 248 Normal 7 24  Normal 7 258 Normal 7 25  Normal 7 268 Normal 7 26  Normal 7 278 Normal 7 27  Normal 7 288 Normal 7 28  Normal 7 298 Normal 7 29  Normal 7 3 Normal 7 308 Normal 7 30  Normal 7 318 Normal 7 31  Normal 7 328 Normal 7 32  Normal 7 338 Normal 7 33  Normal 7 348 Normal 7 34  Normal 7 358 Normal 7 35  Normal 7 368 Normal 7 36  Normal 7 378 Normal 7 37  Normal 7 388 Normal 7 38  Normal 7 398 Normal 7 39  Normal 7 4 Normal 7 408 Normal 7 40  Normal 7 418 Normal 7 41  Normal 7 428 Normal 7 42  Normal 7 438 Normal 7 43  Normal 7 448 Normal 7 44  Normal 7 458 Normal 7 45  Normal 7 468 Normal 7 46  Normal 7 478 Normal 7 47  Normal 7 488 Normal 7 48  Normal 7 498 Normal 7 49  Normal 7 5; Normal 7 5 % Normal 7 508 Normal 7 50   Normal 7 51  Normal 7 66 Normal 7 6   Normal 7 76 Normal 7 7   Normal 7 86 Normal 7 8   Normal 7 96 Normal 7 9  Normal 70 Normal 71 Normal 72 Normal 73 Normal 74 Normal 75 Normal 76 Normal 76 2 Normal 77 Normal 78 Normal 78 2 Normal 79 Normal 8 Normal 80 Normal 81 Normal 82 Normal 83 Normal 84  Normal 85! Normal 86" Normal 87# Normal 88$ Normal 89 %Normal 9& Normal 9 2' Normal 9 3( Normal 9 4) Normal 90* Normal 91+ Normal 92, Normal 93- Normal 94. Normal 95/ Normal 960 Normal 971 Normal_Sheet2 2Noteb Note   3Note 2fNote 2   4OutputwOutput  ???%????????? ???5$Percent 6Style 1 7Title1Title I}% 8TotalMTotal %OO9 Warning Text? Warning Text %XTableStyleMedium2PivotStyleLight16` 9winxp8 CCE IDCCE DescriptionCCE ParametersCCE Technical Mechanisms Old v4 CCE IDDISA Gold Disk for Windows XP9NSA Security Guide for Windows XP (NSA-XP-C44-026-02.pdf)!CIS Windows XP Pro Benchmark v1.3FCIS Windows XP Pro Benchmark v2.01 (CIS_WindowsXP_Benchmark_v2.01.pdf)<CIS Windows XP Pro Benchmark v2.01 OVAL (cis-winxp-oval.xml)2NIST 800-68 Windows XP PDF (SP800-68-20051102.pdf)INIST 800-68 Windows XP XCCDF (NIST-800-68-53-WinXPPro_XCCDF_10102006.xml)GNIST 800-68 Windows XP OVAL (NIST-800-68-53-WinXPPro_OVAL_10102006.xml)KFDCC Windows XP XCCDF (fdcc-accepted-content-20080110\fdcc-winxp-xccdf.xml)IFDCC Windows XP OVAL (fdcc-accepted-content-20080110\fdcc-winxp-oval.xml)YFDCC Windows XP Firewall XCCDF (fdcc-accepted-content-20080110\fdcc-xpfirewall-xccdf.xml)WFDCC Windows XP Firewall OVAL (fdcc-accepted-content-20080110\fdcc-xpfirewall-oval.xml)$USGCB XCCDF (USGCB-Windows-XP-xccdf)"USGCB OVAL (USGCB-Windows-XP-oval) CCE-2682-3EThe required auditing for %SystemDrive% directory should be enabled. ;(1) set of accounts (2) events to audit (3) applicability!(1) defined by the object's SACL CCE-254.4.3.1 %SystemDrive% CCE-2796-1ZThe required auditing for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be enabled. <(1) set of accounts (2) events to audit (3) applicabilityCCE-899#4.4.3.2 HKEY_LOCAL_MACHINE\Software CCE-1840-8XThe required auditing for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be enabled. CCE-727!4.4.3.3 HKEY_LOCAL_MACHINE\System CCE-2483-6FThe required permissions for the directory %ALL% should be assigned. ?(1) set of accounts (2) list of permissions (3) applicability"(1) defined by the object's DACL CCE-211'File Auditing - Must Have ACE (CID:269) CCE-1849-9RThe required permissions for the directory %AllUsersProfile% should be assigned. CCE-39%AllUsersProfile% CCE-2620-3cThe required permissions for the directory %AllUsersProfile%\Application Data should be assigned. CCE-83"%AllUsersProfile%\Application Data CCE-2787-0mThe required permissions for the directory %AllUsersProfile%\Application Data\Microsoft should be assigned. CCE-854,%AllUsersProfile%\Application Data\Microsoft CCE-2673-2The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Crypto\DSSHKLMKeys should be assigned. CCE-783?%AllUsersProfile%\Application Data\Microsoft\Crypto\DSSHKLMKeys CCE-2782-1The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Crypto\RSAHKLMKeys should be assigned. CCE-713?%AllUsersProfile%\Application Data\Microsoft\Crypto\RSAHKLMKeys CCE-2676-5wThe required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Dr Watson should be assigned. CCE-3876%AllUsersProfile%\Application Data\Microsoft\Dr Watson CCE-1815-0The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Dr Watson\drwtsn32.log should be assigned. CCE-527C%AllUsersProfile%\Application Data\Microsoft\Dr Watson\drwtsn32.log CCE-2728-4wThe required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\HTML Help should be assigned. A(1) set of accounts (2) list of permissions (3) applicabilityCCE-6866%AllUsersProfile%\Application Data\Microsoft\HTML Help CCE-2763-1xThe required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\MediaIndex should be assigned. CCE-38%AllUsersProfile%\Application Data\Microsoft\Media Index CCE-2768-0hThe required permissions for the directory %AllUsersProfile%\Documents\desktop.ini should be assigned. CCE-356'%AllUsersProfile%\Documents\desktop.ini CCE-2561-9VThe required permissions for the directory %AllUsersProfile%\DRM should be assigned. CCE-85%AllUsersProfile%\DRM CCE-2706-0OThe required permissions for the directory %ProgramFiles% should be assigned. CCE-24%ProgramFiles% CCE-2085-9NThe required permissions for the directory %SystemDrive% should be assigned. CCE-411System Drive ACL (CID:2000) %SystemDrive%4.4.1.1 %SystemDrive% CCE-2702-9VThe required permissions for the file %SystemDrive%\AUTOEXEC.BAT should be assigned. CCE-816%SystemDrive%\autoexec.bat CCE-2623-7TThe required permissions for the file %SystemDrive%\CONFIG.SYS should be assigned. CCE-987%SystemDrive%\config.sys CCE-2565-0`The required permissions for the file %SystemDrive%\Documents and Settings should be assigned. CCE-419$%SystemDrive%\Documents and Settings CCE-2115-4sThe required permissions for the directory %SystemDrive%\Documents and Settings\Administrator should be assigned. CCE-1202%SystemDrive%\Documents and Settings\Administrator CCE-2741-7rThe required permissions for the directory %SystemDrive%\Documents and Settings\Default User should be assigned. CCE-7141%SystemDrive%\Documents and Settings\Default User CCE-2745-8PThe required permissions for the file %SystemDrive%\IO.SYS should be assigned. CCE-540%SystemDrive%\io.sys CCE-2287-1SThe required permissions for the file %SystemDrive%\MSDOS.SYS should be assigned. CCE-602%SystemDrive%\msdos.sys CCE-2798-7VThe required permissions for the file %SystemDrive%\NTBOOTDD.SYS should be assigned. CCE-399%SystemDrive%\ntbootdd.sys CCE-2578-3VThe required permissions for the file %SystemDrive%\NTDETECT.COM should be assigned. CCE-192%SystemDrive%\ntdetect.com CCE-2234-3OThe required permissions for the file %SystemDrive%\NTLDR should be assigned. CCE-561%SystemDrive%\ntldr CCE-2750-8cThe required permissions for the file %SystemDrive%\System Volume Information should be assigned. CCE-971'%SystemDrive%\System Volume Information CCE-2160-0MThe required permissions for the directory %SystemRoot% should be assigned. CCE-645 %SystemRoot% CCE-2475-2jThe required permissions for the directory %SystemRoot%\Driver Cache\I386\Driver.cab should be assigned. CCE-579Driver.cab ACL (CID:4083) CCE-2387-9fThe required permissions for the directory %SystemRoot%\$NtServicePackUninstall$ should be assigned. CCE-505%%SystemRoot%\$NtServicePackUninstall$ CCE-2647-6QThe required permissions for the directory %SystemRoot%\CSC should be assigned. CCE-134%SystemRoot%\CSC CCE-2418-2SThe required permissions for the directory %SystemRoot%\Debug should be assigned. CCE-293%SystemRoot%\Debug CCE-2329-1\The required permissions for the directory %SystemRoot%\Debug\UserMode should be assigned. CCE-94%SystemRoot%\Debug\UserMode CCE-2105-5hThe required permissions for the directory %SystemRoot%\Debug\UserMode\userenv.log should be assigned. CCE-152'%SystemRoot%\Debug\UserMode\userenv.log CCE-2752-4RThe required permissions for the file %SystemRoot%\Installer should be assigned. CCE-482%SystemRoot%\Installer CCE-2757-3ZThe required permissions for the file %SystemRoot%\Offline Web Pages should be assigned. CCE-147%SystemRoot%\Offline Web Pages CCE-2264-0QThe required permissions for the file %SystemRoot%\Prefetch should be assigned. CCE-737%SystemRoot%\Prefetch CCE-2175-8TThe required permissions for the file %SystemRoot%\regedit.exe should be assigned. CCE-795regedit.exe ACL (CID:2001)%SystemRoot%\regedit.exe!4.4.1.17 %SystemRoot%\regedit.exeV%SystemRoot%\system32\regedit.exe Table: 9.19 Value: Administrators: Full System: Fullregedit.exePermissionsoval:gov.nist.1:def:146oval:gov.nist.fdcc.xp:def:146 CCE-2325-9ZThe required permissions for the directory %SystemRoot%\Registration should be assigned. CCE-155%SystemRoot%\Registration CCE-1833-3aThe required permissions for the directory %SystemRoot%\Registration\CRMLog should be assigned. CCE-323 %SystemRoot%\Registration\CRMLog CCE-2805-0TThe required permissions for the directory %SystemRoot%\repair should be assigned. CCE-873%SystemRoot%\repair CCE-2739-1VThe required permissions for the directory %SystemRoot%\security should be assigned. < CCE-67%SystemRoot%\security CCE-2638-5RThe required permissions for the directory %SystemRoot%\Temp should be assigned. CCE-380%SystemRoot%\Temp CCE-2660-9VThe required permissions for the directory %SystemRoot%\System32 should be assigned. CCE-45%SystemRoot%\system32 CCE-2052-9^The required permissions for the directory %SystemRoot%\System32\arp.exe should be assigned. CCE-600arp.exe ACL (CID:2002)%SystemRoot%\system32\arp.exeQ%SystemRoot%\system32\arp.exe Table: 9.1 Value: Administrators: Full System: Fullarp.exePermissionsoval:gov.nist.1:def:128oval:gov.nist.fdcc.xp:def:128 CCE-2184-0XThe required permissions for the file %SystemRoot%\System32\at.exe should be assigned. CCE-393at.exe ACL (CID:2003)%SystemRoot%\system32\at.exe$4.4.1.2 %SystemRoot%\system32\at.exeP%SystemRoot%\system32\at.exe Table: 9.2 Value: Administrators: Full System: Fullat.exePermissionsoval:gov.nist.1:def:129oval:gov.nist.fdcc.xp:def:129 CCE-2312-7\The required permissions for the file %SystemRoot%\System32\attrib.exe should be assigned. CCE-166attrib.exe ACL (CID:2004)(4.4.1.3 %SystemRoot%\system32\attrib.exeT%SystemRoot%\system32\attrib.exe Table: 9.3 Value: Administrators: Full System: Fullattrib.exePermissionsoval:gov.nist.1:def:130oval:gov.nist.fdcc.xp:def:130 CCE-2726-8[The required permissions for the file %SystemRoot%\System32\cacls.exe should be assigned. CCE-977cacls.exe ACL (CID:2005)'4.4.1.4 %SystemRoot%\system32\cacls.exeS%SystemRoot%\System32\cacls.exe Table: 9.4 Value: Administrators: Full System: Fullcacls.exePermissionsoval:gov.nist.1:def:131oval:gov.nist.fdcc.xp:def:131 CCE-2250-9[The required permissions for the file %SystemRoot%\System32\ciadv.msc should be assigned. CCE-272%SystemRoot%\system32\ciadv.msc CCE-1924-0`The required permissions for the file %SystemRoot%\System32\Com\comexp.msc should be assigned. CCE-994$%SystemRoot%\system32\Com\comexp.msc CCE-2598-1^The required permissions for the file %SystemRoot%\System32\compmgmt.msc should be assigned. CCE-170"%SystemRoot%\system32\compmgmt.msc CCE-1842-4XThe required permissions for the file %SystemRoot%\System32\CONFIG should be assigned. CCE-197%SystemRoot%\system32\config CCE-1846-5eThe required permissions for the file %SystemRoot%\System32\CONFIG\AppEvent.evt should be assigned. CCE-765Eventlog ACL (CID:225) CCE-2800-1^The required permissions for the file %SystemRoot%\System32\CONFIG\*.evt should be assigned. CCE-334debug.exe ACL (CID:2006)'4.4.1.5 %SystemRoot%\system32\debug.exe CCE-2699-7[The required permissions for the file %SystemRoot%\System32\debug.exe should be assigned. CCE-201!%SystemRoot%\system32\devmgmt.mscS%SystemRoot%\System32\debug.exe Table: 9.5 Value: Administrators: Full System: Fulloval:gov.nist.1:def:132debug.exePermissionsoval:gov.nist.fdcc.xp:def:132 CCE-2844-9]The required permissions for the file %SystemRoot%\System32\devmgmt.msc should be assigned. CCE-386%SystemRoot%\system32\dfrg.msc CCE-2109-7ZThe required permissions for the file %SystemRoot%\System32\dfrg.msc should be assigned. CCE-941"%SystemRoot%\system32\diskmgmt.msc CCE-2514-8^The required permissions for the file %SystemRoot%\System32\diskmgmt.msc should be assigned. CCE-981%SystemRoot%\system32\dllcache CCE-1863-0_The required permissions for the directory %SystemRoot%\System32\dllcache should be assigned. CCE-350*4.4.1.6 %SystemRoot%\system32\drwatson.exe CCE-2760-7^The required permissions for the file %SystemRoot%\System32\drwatson.exe should be assigned. CCE-403*4.4.1.7 %SystemRoot%\system32\drwtsn32.exe CCE-2425-7^The required permissions for the file %SystemRoot%\System32\drwtsn32.exe should be assigned. CCE-972edlin.exe ACL (CID:2007)'4.4.1.8 %SystemRoot%\system32\edlin.exe CCE-1909-1[The required permissions for the file %SystemRoot%\System32\edlin.exe should be assigned. CCE-20eventcreate.exe ACL (CID:2008)-4.4.1.9 %SystemRoot%\system32\eventcreate.exeS%SystemRoot%\system32\edlin.exe Table: 9.6 Value: Administrators: Full System: Fulledlin.exePermissionsoval:gov.nist.1:def:133oval:gov.nist.fdcc.xp:def:133 CCE-2145-1aThe required permissions for the file %SystemRoot%\System32\eventcreate.exe should be assigned. CCE-489 eventtriggers.exe ACL (CID:2009)04.4.1.10 %SystemRoot%\system32\eventtriggers.exeY%SystemRoot%\system32\eventcreate.exe Table: 9.7 Value: Administrators: Full System: Fulleventcreate.exePermissionsoval:gov.nist.1:def:134oval:gov.nist.fdcc.xp:def:134 CCE-2436-4cThe required permissions for the file %SystemRoot%\System32\eventtriggers.exe should be assigned. CCE-917"%SystemRoot%\system32\eventvwr.msc=%SystemRoot%\System32\eventtriggers.exe Table: 9.8 Value: 9.8eventtriggers.exePermissionsoval:gov.nist.1:def:135oval:gov.nist.fdcc.xp:def:135 CCE-2704-5^The required permissions for the file %SystemRoot%\System32\eventvwr.msc should be assigned. CCE-846 %SystemRoot%\system32\fsmgmt.msc CCE-2334-1\The required permissions for the file %SystemRoot%\System32\fsmgmt.msc should be assigned. CCE-529ftp.exe ACL (CID:2010)&4.4.1.11 %SystemRoot%\system32\ftp.exe CCE-2229-3YThe required permissions for the file %SystemRoot%\System32\ftp.exe should be assigned. CCE-264 %SystemRoot%\system32\gpedit.mscR %SystemRoot%\system32\ftp.exe Table: 9.9 Value: Administrators: Full System: Fullftp.exePermissionsoval:gov.nist.1:def:136 CCE-2621-1\The required permissions for the file %SystemRoot%\System32\gpedit.msc should be assigned. CCE-819"%SystemRoot%\system32\Group Policy CCE-2876-1bThe required permissions for the directory %SystemRoot%\System32\GroupPolicy should be assigned. CCE-789%SystemRoot%\system32\ias CCE-2813-4ZThe required permissions for the directory %SystemRoot%\System32\ias should be assigned. CCE-894!%SystemRoot%\system32\lusrmgr.msg CCE-2597-3bThe required permissions for the directory %SystemRoot%\System32\lusrmgr.msg should be assigned. CCE-198%SystemRoot%\system32\MSDTC CCE-2747-4\The required permissions for the directory %SystemRoot%\System32\MSDTC should be assigned. CCE-634 %SystemRoot%\system32\nbstat.exe CCE-2139-4\The required permissions for the file %SystemRoot%\System32\nbstat.exe should be assigned. CCE-550nbtstat.exe ACL (CID:2011)W %SystemRoot%\system32\nbtstat.exe Table: 9.10 Value: Administrators: Full System: Fullnbtstat.exePermissionsoval:gov.nist.1:def:137 CCE-2178-2YThe required permissions for the file %SystemRoot%\System32\net.exe should be assigned. CCE-731net.exe ACL (CID:2012)&4.4.1.12 %SystemRoot%\system32\net.exeS %SystemRoot%\system32\net.exe Table: 9.11 Value: Administrators: Full System: Fullnet.exePermissionsoval:gov.nist.1:def:138oval:gov.nist.fdcc.xp:def:138 CCE-2672-4ZThe required permissions for the file %SystemRoot%\System32\net1.exe should be assigned. CCE-607net1.exe ACL (CID:2013)'4.4.1.13 %SystemRoot%\system32\net1.exeT %SystemRoot%\system32\net1.exe Table: 9.12 Value: Administrators: Full System: Fullnet1.exePermissionsoval:gov.nist.1:def:139oval:gov.nist.fdcc.xp:def:139 CCE-1916-6[The required permissions for the file %SystemRoot%\System32\netsh.exe should be assigned. CCE-158netsh.exe ACL (CID:2014)%SystemRoot%\system32\netsh.exe(4.4.1.14 %SystemRoot%\system32\netsh.exeU %SystemRoot%\system32\netsh.exe Table: 9.13 Value: Administrators: Full System: Fullnetsh.exePermissionsoval:gov.nist.1:def:140oval:gov.nist.fdcc.xp:def:140 CCE-2732-6]The required permissions for the file %SystemRoot%\System32\netstat.exe should be assigned. CCE-220netstat.exe ACL (CID:2015)!%SystemRoot%\system32\netstat.exeW %SystemRoot%\system32\netstat.exe Table: 9.14 Value: Administrators: Full System: Fullnetstat.exePermissionsoval:gov.nist.1:def:141 CCE-2613-8^The required permissions for the file %SystemRoot%\System32\nslookup.exe should be as< signed. CCE-242nslookup.exe ACL (CID:2016)"%SystemRoot%\system32\nslookup.exeX %SystemRoot%\system32\nslookup.exe Table: 9.15 Value: Administrators: Full System: Fullnslookup.exePermissionsoval:gov.nist.1:def:142 CCE-2903-3^The required permissions for the file %SystemRoot%\System32\Ntbackup.exe should be assigned. CCE-821ntbackup.exe ACL (CID:2017)"%SystemRoot%\system32\Ntbackup.exeX %SystemRoot%\system32\Ntbackup.exe Table: 9.16 Value: Administrators: Full System: Fullntbackup.exePermissionsoval:gov.nist.1:def:143 CCE-1925-7_The required permissions for the directory %SystemRoot%\System32\NTMSData should be assigned. CCE-486%SystemRoot%\system32\NTMSData CCE-2727-6^The required permissions for the file %SystemRoot%\System32\ntmsoprq.msc should be assigned. CCE-548"%SystemRoot%\system32\ntmsoprq.msc CCE-2749-0]The required permissions for the file %SystemRoot%\System32\ntmsmgr.msc should be assigned. CCE-715!%SystemRoot%\system32\ntmsmgr.msc CCE-2912-4]The required permissions for the file %SystemRoot%\System32\perfmon.msc should be assigned. CCE-151!%SystemRoot%\system32\perfmon.msc CCE-2784-7YThe required permissions for the file %SystemRoot%\System32\Rcp.exe should be assigned. CCE-997rcp.exe ACL (CID:2018)%SystemRoot%\system32\rcp.exe&4.4.1.15 %SystemRoot%\system32\rcp.exeS %SystemRoot%\system32\rcp.exe Table: 9.17 Value: Administrators: Full System: Fullrcp.exePermissionsoval:gov.nist.1:def:144oval:gov.nist.fdcc.xp:def:144 CCE-2220-2YThe required permissions for the file %SystemRoot%\System32\reg.exe should be assigned. CCE-547reg.exe ACL (CID:2019)%SystemRoot%\system32\reg.exe&4.4.1.16 %SystemRoot%\system32\reg.exeS %SystemRoot%\system32\reg.exe Table: 9.18 Value: Administrators: Full System: Fullreg.exePermissionsoval:gov.nist.1:def:145oval:gov.nist.fdcc.xp:def:145 CCE-2833-2^The required permissions for the file %SystemRoot%\System32\Regedt32.exe should be assigned. CCE-865regedt32.exe ACL (CID:2020)"%SystemRoot%\system32\regedt32.exe+4.4.1.18 %SystemRoot%\system32\regedt32.exeW%SystemRoot%\system32\Regedt32.exe Table: 9.20 Value: Administrators: Full System: Fullregedt32.exePermissionsoval:gov.nist.1:def:147oval:gov.nist.fdcc.xp:def:147 CCE-2855-5\The required permissions for the file %SystemRoot%\System32\regini.exe should be assigned. CCE-543regini.exe ACL (CID:2021) %SystemRoot%\system32\regini.exeU%SystemRoot%\system32\regini.exe Table: 9.21 Value: Administrators: Full System: Fullregini.exePermissionsoval:gov.nist.1:def:148oval:gov.nist.fdcc.xp:def:148 CCE-2894-4^The required permissions for the file %SystemRoot%\System32\regsvr32.exe should be assigned. CCE-657regsvr32.exe ACL (CID:2022)+4.4.1.19 %SystemRoot%\system32\regsvr32.exeW%SystemRoot%\system32\regsvr32.exe Table: 9.22 Value: Administrators: Full System: Fullregsvr32.exePermissionsoval:gov.nist.1:def:149oval:gov.nist.fdcc.xp:def:149 CCE-2899-3[The required permissions for the file %SystemRoot%\System32\Rexec.exe should be assigned. CCE-274rexec.exe ACL (CID:2023)%SystemRoot%\system32\rexec.exe(4.4.1.20 %SystemRoot%\system32\rexec.exeT%SystemRoot%\system32\rexec.exe Table: 9.23 Value: Administrators: Full System: Fullrexec.exePermissionsoval:gov.nist.1:def:150oval:gov.nist.fdcc.xp:def:150 CCE-2546-0[The required permissions for the file %SystemRoot%\System32\route.exe should be assigned. CCE-168route.exe ACL (CID:2024)%SystemRoot%\system32\route.exeT%SystemRoot%\system32\route.exe Table: 9.24 Value: Administrators: Full System: Fullroute.exePermissionsoval:gov.nist.1:def:151oval:gov.nist.fdcc.xp:def:151 CCE-2674-0YThe required permissions for the file %SystemRoot%\System32\Rsh.exe should be assigned. CCE-353rsh.exe ACL (CID:2025)%SystemRoot%\system32\rsh.exe&4.4.1.21 %SystemRoot%\system32\rsh.exeR%SystemRoot%\system32\rsh.exe Table: 9.25 Value: Administrators: Full System: Fullrsh.exePermissionsoval:gov.nist.1:def:152oval:gov.nist.fdcc.xp:def:152 CCE-2070-1ZThe required permissions for the file %SystemRoot%\System32\RSoP.msc should be assigned. CCE-27%SystemRoot%\system32\RSoP.msc CCE-2762-3[The required permissions for the file %SystemRoot%\System32\runas.exe should be assigned. CCE-340(4.4.1.22 %SystemRoot%\system32\runas.exe CCE-2176-6XThe required permissions for the file %SystemRoot%\System32\sc.exe should be assigned. CCE-516sc.exe ACL (CID:2026)%4.4.1.23 %SystemRoot%\system32\sc.exeQ%SystemRoot%\system32\sc.exe Table: 9.26 Value: Administrators: Full System: Fullsc.exePermissionsoval:gov.nist.1:def:153oval:gov.nist.fdcc.xp:def:153 CCE-2198-0]The required permissions for the file %SystemRoot%\System32\Secedit.exe should be assigned. CCE-922secedit.exe ACL (CID:2027)!%SystemRoot%\system32\secedit.exeV%SystemRoot%\system32\secedit.exe Table: 9.27 Value: Administrators: Full System: Fullsecedit.exePermissionsoval:gov.nist.1:def:154oval:gov.nist.fdcc.xp:def:154 CCE-2185-7\The required permissions for the file %SystemRoot%\System32\secpol.msc should be assigned. CCE-847 %SystemRoot%\system32\secpol.msc CCE-2458-8^The required permissions for the file %SystemRoot%\System32\services.msc should be assigned. CCE-904"%SystemRoot%\system32\services.msc CCE-2872-0\The required permissions for the directory %SystemRoot%\System32\Setup should be assigned. CCE-587%SystemRoot%\system32\Setup CCE-2753-2eThe required permissions for the directory %SystemRoot%\System32\spool\Printers should be assigned. CCE-692$%SystemRoot%\system32\spool\Printers CCE-2788-8[The required permissions for the file %SystemRoot%\System32\subst.exe should be assigned. CCE-921subst.exe ACL (CID:2028)(4.4.1.24 %SystemRoot%\system32\subst.exeT%SystemRoot%\system32\subst.exe Table: 9.28 Value: Administrators: Full System: Fullsubst.exePermissionsoval:gov.nist.1:def:155oval:gov.nist.fdcc.xp:def:155 CCE-2797-9`The required permissions for the file %SystemRoot%\System32\systeminfo.exe should be assigned. CCE-225systeminfo.exe ACL (CID:2029)$%SystemRoot%\system32\systeminfo.exeY%SystemRoot%\system32\systeminfo.exe Table: 9.29 Value: Administrators: Full System: Fullsysteminfo.exePermissionsoval:gov.nist.1:def:156oval:gov.nist.fdcc.xp:def:156 CCE-2691-4\The required permissions for the file %SystemRoot%\System32\telnet.exe should be assigned. CCE-159telnet.exe ACL (CID:2030))4.4.1.25 %SystemRoot%\system32\telnet.exeU%SystemRoot%\system32\telnet.exe Table: 9.30 Value: Administrators: Full System: Fulltelnet.exePermissionsoval:gov.nist.1:def:157 CCE-2731-8ZThe required permissions for the file %SystemRoot%\System32\tftp.exe should be assigned. CCE-348tftp.exe ACL (CID:2031)%SystemRoot%\system32\tftp.exe'4.4.1.26 %SystemRoot%\system32\tftp.exeS%SystemRoot%\system32\tftp.exe Table: 9.31 Value: Administrators: Full System: Fulltftp.exePermissionsoval:gov.nist.1:def:158oval:gov.nist.fdcc.xp:def:158 CCE-1937-2]The required permissions for the file %SystemRoot%\System32\tlntsvr.exe should be assigned. CCE-718tlntsvr.exe ACL (CID:2032)*4.4.1.27 %SystemRoot%\system32\tlntsvr.exeV%SystemRoot%\system32\tlntsvr.exe Table: 9.32 Value: Administrators: Full System: Fulltlntsvr.exePermissionsoval:gov.nist.1:def:159oval:gov.nist.fdcc.xp:def:159 CCE-2857-1]The required permissions for the file %SystemRoot%\System32\wmimgmt.msc should be assigned. CCE-154!%SystemRoot%\system32\wmimgmt.msc CCE-2738-3SThe required permissions for the directory %SystemRoot%\Tasks should be assigned. CCE-322%SystemRoot%\Tasks CCE-2619-5_The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be assigned. CCE-279HKEY_LOCAL_MACHINE\SOFTWARE4.4.2.1 HKLM\Software CCE-2284-8}The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography/Calais should be assigned. CCE-59< 9HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais CCE-2809-2oThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC should be assigned. CCE-90+HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC%4.4.2.9 HKLM\Software\Microsoft\MSDTC CCE-1943-0~The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\Security\XAKey should be assigned. CCE-477:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\Security\XAKey CCE-2612-0pThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE should be assigned. CCE-394,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE CCE-2758-1zThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host should be assigned. CCE-8266HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host CCE-2401-8The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands should be assigned. CCE-618LHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands CCE-2921-5The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib should be assigned. CCE-19GHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib CCE-2392-9The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit should be assigned. CCE-363GHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEditB4.4.2.11 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit CCE-2771-4The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy should be assigned. CCE-790IHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy CCE-2793-8The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer should be assigned. CCE-268FHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer@4.4.2.2 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer CCE-2207-9The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies should be assigned. CCE-321EHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies?4.4.2.3 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies CCE-2625-2The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings should be assigned. CCE-131MHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\RatingsG4.4.2.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings CCE-2736-7The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony should be assigned. CCE-34FHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony CCE-2630-2]The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be assigned. CCE-135HKEY_LOCAL_MACHINE\SYSTEM4.4.2.4 HKLM\System CCE-2775-5cThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\clone should be assigned. CCE-558HKEY_LOCAL_MACHINE\SYSTEM\clone CCE-2300-2}The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class should be assigned. CCE-8379HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class CCE-2172-5The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network should be assigned. CCE-9;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network CCE-1960-4The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg should be assigned. CCE-934Winreg ACL (CID:237)LHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg CCE-2859-7The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Wmi\Security should be assigned. CCE-53@HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Wmi\Security CCE-2938-9tThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum should be assigned. CCE-2690HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum*4.4.2.5 HKLM\System\CurrentControlSet\Enum CCE-2850-6The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles should be assigned. CCE-960=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles CCE-2590-8The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security should be assigned. CCE-613EHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security CCE-2484-4The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security should be assigned. CCE-930EHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security CCE-2524-7The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security should be assigned. CCE-163FHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security CCE-2907-4The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache should be assigned. CCE-978=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache CCE-2911-6The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ersvc\Security should be assigned. CCE-877CHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ersvc\Security CCE-2555-1The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security should be assigned. CCE-683FHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security CCE-2202-0The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM\Security should be assigned. CCE-238DHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM\Security CCE-2352-3~The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt should be assigned. CCE-101:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt CCE-2634-4The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netdd\Security should be assigned. CCE-788DHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netdde\Security CCE-1973-7The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netddedsdm\Security should be assigned. CCE-823HHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netddedsdm\Security CCE-2603-9The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess should be assigned. CCE-246AHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess CCE-2871-2The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rpcss\Security should be assigned. CCE-902CHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rpcss\Security CCE-2396-0The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security should be assigned. CCE-193CHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security CCE-1966-1The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scarddrv\Security should be assigned. CCE-110FHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scarddrv\Security CCE-2696-3The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scardsvr\Security should be assigned. CCE-661FHKEY_LOCAL_MACHINE\SYSTE< M\CurrentControlSet\Services\Scardsvr\Security CCE-2595-7The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers should be assigned. CCE-330$SNMP - Permitted Managers (CID:1033)VHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagersk4.4.2.6 HKLM\System\CurrentControlSet\Services\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers CCE-2238-4The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities should be assigned. CCE-594SNMP Communities (CID:4046)UHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunitiesj4.4.2.7 HKLM\System\CurrentControlSet\Services\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities CCE-2881-1The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Stisvc\Security should be assigned. CCE-35DHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Stisvc\Security CCE-2780-5The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries should be assigned. CCE-290JHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries CCE-2428-1The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tapisrv\Security should be assigned. CCE-202EHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tapisrv\Security CCE-2885-2~The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip should be assigned. CCE-603:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip CCE-2537-9The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32time\Security should be assigned. CCE-748EHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32time\Security CCE-2057-8The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi\Security should be assigned. CCE-907AHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi\Security CCE-2951-2XThe required permissions for the registry key HKEY_USERS\.DEFAULT should be assigned. CCE-127HKEY_USER\.DEFAULT CCE-2845-6qThe required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE should be assigned. CCE-483,HKEY_USER\.DEFAULT\Software\Microsoft\NetDDE CCE-2740-9The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots should be assigned. CCE-730LHKEY_USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRootsU4.4.2.10 HKEY_USER\.Default\Software\Microsoft\SystemCertificates\Root\ProtectedRoots CCE-1978-6jThe "deny access to this computer from the network" user right should be assigned to the correct accounts.(1) set of accountsM(1) defined by the SeDenyNetworkLogonRight setting in Local or Group Policy CCE-8983User Right Check deny access from network (CID:162):Deny access to this computer from the network: Not Defined44.2.13 Deny access to this computer from the networkPDeny access to this computer from the network Table: 4.15 Value: Guests, SUPPORTDenyAccessFromNetworkoval:gov.nist.1:def:175-DenyAccessFromNetwork-Guests-SUPPORT_388945a0oval:gov.nist.fdcc.xp:def:175 CCE-2379-6dThe "access this computer from the network" user right should be assigned to the correct accounts. I(1) defined by the SeNetworkLogonRight setting in Local or Group Policy CCE-532+User Right Check Logon on network (CID:152):Access this computer from a network: Administrators, Users+4.2.1 Access this computer from the networkSAccess this computer from the network Table: 4.1 Value: Administrators, not defined9AccessComputerFromNetwork, AccessComputerFromNetworkUsers0oval:gov.nist.1:def:161, oval:gov.nist.1:def:231(AccessComputerFromNetwork_Administratorsoval:gov.nist.fdcc.xp:def:161 CCE-2167-5bThe "act as part of the operating system" user right should be assigned to the correct accounts. D(1) defined the SeTcbPrivilege setting in by Local or Group Policy CCE-162$User Right Check act as OS (CID:153)#Act as part of the operating system)4.2.2 Act as part of the operating system:Act as part of the operating system Table: 4.2 Value: noneActAsPartOfOperatingSystemoval:gov.nist.1:def:162ActAsPartOfOperatingSystem_Noneoval:gov.nist.fdcc.xp:def:162 CCE-2299-6\The "back up files and directories" user right should be assigned to the correct accounts. G(1) defined the SeBackupPrivilege setting in by Local or Group Policy CCE-931!User Right Check Backup (CID:155)-Back up files and directories: Administrators#4.2.6 Back up files and directoriesKBack up files and directories Table: 4.7 Value: Administrators, not defined=BackUpFilesAndDirectories, BackUpFilesAndDirectoriesOperators0oval:gov.nist.1:def:167, oval:gov.nist.1:def:234(BackUpFilesAndDirectories_Administratorsoval:gov.nist.fdcc.xp:def:167 CCE-2806-8WThe "bypass traverse checking" user right should be assigned to the correct accounts. M(1) defined the SeChangeNotifyPrivilege setting in by Local or Group Policy CCE-3763User Right Check Bypass Traverse Checking (CID:156)Bypass traverse checking: Users4.2.7 Bypass traverse checkingMBypass traverse checking Table: 4.8 Value: Administrators, Users, not definedBypassTraverseCheckingoval:gov.nist.1:def:168+BypassTraverseChecking_Administrators_Usersoval:gov.nist.fdcc.xp:def:168 CCE-2846-4UThe "change the system time" user right should be assigned to the correct accounts. K(1) defined the SeSystemTimePrivilege setting in by Local or Group Policy CCE-799-User Right Check change system time (CID:157)&Change the system time: Administrators4.2.8 Change the system time7Change the system time Table: 4.9 Value: AdministratorsChangeSystemTimeoval:gov.nist.1:def:169ChangeSystemTime_Administratorsoval:gov.nist.fdcc.xp:def:169 CCE-2786-2PThe "create a pagefile" user right should be assigned to the correct accounts. O(1) defined the SeCreatePagefilePrivilege setting in by Local or Group Policy CCE-895*User Right Check create pagefile (CID:158)!Create a pagefile: Administrators4.2.9 Create a pagefile1Create pagefile Table: 4.10 Value: AdministratorsCreatePagefileoval:gov.nist.1:def:170CreatePagefile_Administratorsoval:gov.nist.fdcc.xp:def:170 CCE-2791-2TThe "Create a token object" user right should be assigned to the correct accounts. L(1) defined the SeCreateTokenPrivilege setting in by Local or Group Policy CCE-926.User Right Check create token object (CID:159)Create a token object: No One4.2.10 Create a token object:Create a token object Table: 4.11 Value: None, not definedCreateTokenObjectoval:gov.nist.1:def:171CreateTokenObject_Noneoval:gov.nist.fdcc.xp:def:171 CCE-1969-5^The "create permanent shared objects" user right should be assigned to the correct accounts. P(1) defined the SeCreatePermanentPrivilege setting in by Local or Group Policy CCE-335:User Right Check create permanent shared objects (CID:160)'Create permanent shared objects: No One&4.2.11 Create permanent shared objectsCCreate permanent share objects Table: 4.13 Value: None, not definedCreatePermanentSharedObjectsoval:gov.nist.1:def:172!CreatePermanentSharedObjects_Noneoval:gov.nist.fdcc.xp:def:172 CCE-2864-7MThe "debug programs" user right should be assigned to the correct accounts. F(1) defined the SeDebugPrivilege setting in by Local or Group Policy CCE-842)User Right Check debug programs (CID:161)Debug programs: No One4.2.12 Debug Programs7Debug programs Table: 4.14 value: None, Administrators DebugProgramsoval:gov.nist.1:def:173DebugPrograms_Administratorsoval:gov.nist.fdcc.xp:def:174 CCE-2886-0bThe "force shutdown from a remote system" user right should be assigned t< o the correct accounts. O(1) defined the SeRemoteShutdownPrivilege setting in by Local or Group Policy CCE-754*User Right Check remote shutdown (CID:165)3Force shutdown from a remote system: Administrators*4.2.19 Force shutdown from a remote systemEForce shutdown from a remote system Table: 4.21 Value: AdministratorsShutdownFromRemoteSystemoval:gov.nist.1:def:180'ShutdownFromRemoteSystem_Administratorsoval:gov.nist.fdcc.xp:def:180 CCE-2767-2WThe "generate security audits" user right should be assigned to the correct accounts. F(1) defined the SeAuditPrivilege setting in by Local or Group Policy CCE-9393User Right Check generate security audits (CID:173)8Generate security audits: LOCAL SERVICE, NETWORK SERVICE4.2.20 Generate security auditsJGenerate security audits Table: 4.22 Value: LOCAL SERVICE, NETWORK SERVICEGenerateSecurityAuditsoval:gov.nist.1:def:1814GenerateSecurityAudits-LOCAL_SERVICE-NETWORK_SERVICEoval:gov.nist.fdcc.xp:def:181 CCE-2547-8aThe "adjust memory quotas for a process" user right should be assigned to the correct accounts. N(1) defined the SeIncreaseQuotaPrivilege setting in by Local or Group Policy CCE-807*User Right Check increase quotas (CID:166)QAdjust memory quotas for a process: Administrators,NETWORK SERVICE, LOCAL SERVICE(4.2.4 Adjust memory quotas for a processcAdjust memory quotas for a process Table: 4.4 Value: Administrators, LOCAL SERVICE, NETWORK SERVICEAdjustMemoryQuotasoval:gov.nist.1:def:164?AdjustMemoryQuotas_Administrators-LOCAL_SERVICE-NETWORK_SERVICEoval:gov.nist.fdcc.xp:def:164 CCE-2944-7[The "increase scheduling priority" user right should be assigned to the correct accounts. U(1) defined the SeIncreaseBasePriorityPrivilege setting in by Local or Group Policy CCE-3497User Right Check increase scheduling priority (CID:167),Increase scheduling priority: Administrators#4.2.21 Increase scheduling priority>Increase scheduling priority Table: 4.24 Value: AdministratorsIncreaseSchedulingPriorityoval:gov.nist.1:def:182)IncreaseSchedulingPriority_Administratorsoval:gov.nist.fdcc.xp:def:182 CCE-2446-3]The "load and unload device drivers" user right should be assigned to the correct accounts. K(1) defined the SeLoadDriverPrivilege setting in by Local or Group Policy CCE-8609User Right Check load and unload device drivers (CID:168).Load and unload device drivers: Administrators%4.2.22 Load and unload device drivers@Load and unload device drivers Table: 4.25 Value: AdministratorsLoadAndUnloadDeviceDriversoval:gov.nist.1:def:183)LoadAndUnloadDeviceDrivers_Administratorsoval:gov.nist.fdcc.xp:def:183 CCE-2609-6SThe "lock pages in memory" user right should be assigned to the correct accounts. K(1) defined the SeLockMemoryPrivilege setting in by Local or Group Policy CCE-749/User Right Check lock pages in memory (CID:169)Lock pages in memory: No One4.2.23 Lock pages in memory,Lock pages in memory Table: 4.26 Value: noneLockPagesInMemoryoval:gov.nist.1:def:184LockPagesInMemory_Noneoval:gov.nist.fdcc.xp:def:184 CCE-2882-9TThe "log on as a batch job" user right should be assigned to the correct accounts. G(1) defined the SeBatchLogonRight setting in by Local or Group Policy CCE-1770User Right Check log on as a batch job (CID:170)Log on as a batch job: No One4.2.24 Log on as a batch job:Log on as a batch job Table: 4.27 Value: none, not definedLogOnAsBatchJoboval:gov.nist.1:def:185LogOnAsBatchJob_Noneoval:gov.nist.fdcc.xp:def:185 CCE-2948-8RThe "log on as a service" user right should be assigned to the correct accounts. I(1) defined the SeServiceLogonRight setting in by Local or Group Policy CCE-2162User Right Check log on as a service job (CID:171)$Log on as a service: Network Service4.2.25 Log on as a serviceELog on as a service Table: 4.28 Value: LOCAL SERVICE, NETWORK SERVICELogOnAsServiceoval:gov.nist.1:def:186,LogOnAsService-LOGON_SERVICE-NETWORK_SERVICEoval:gov.nist.fdcc.xp:def:186 CCE-2829-0MThe "log on locally" user right should be assigned to the correct accounts. M(1) defined the SeInteractiveLogonRight setting in by Local or Group Policy CCE-965)User Right Check log on locally (CID:172)%Log on locally: Administrators, Users4.2.26 Log on locally<Allow log on locally Table: 4.5 Value: Users, Administrators6AllowLogOnLocally, AllowLogOnLocallyAuthenticatedUsers0oval:gov.nist.1:def:165, oval:gov.nist.1:def:233!LogOnLocally_Administrators_Usersoval:gov.nist.fdcc.xp:def:165 CCE-2247-5_The "manage auditing and security log" user right should be assigned to the correct accounts. I(1) defined the SeSecurityPrivilege setting in by Local or Group Policy CCE-8500Manage auditing and security log: Administrators'4.2.27 Manage auditing and security logBManage auditing and security log Table: 4.29 Value: Administrators>ManageAuditingAndSecurityLog, ManageAuditingAndSecurityLogNone0oval:gov.nist.1:def:187, oval:gov.nist.1:def:235+ManageAuditingAndSecurityLog_Administratorsoval:gov.nist.fdcc.xp:def:187 CCE-2657-5aThe "modify firmware environment values" user right should be assigned to the correct accounts. R(1) defined the SeSystemEnvironmentPrivilege setting in by Local or Group Policy CCE-17*User Right Check modify firmware (CID:174)5Modify firmware environment variables: Administrators)4.2.28 Modify firmware environment valuesDModify firmware environment values Table: 4.30 Value: AdministratorsModifyFirmwareEnvironmentValuesoval:gov.nist.1:def:188.ModifyFirmwareEnvironmentValues_Administratorsoval:gov.nist.fdcc.xp:def:188 CCE-2807-6UThe "profile single process" user right should be assigned to the correct accounts. U(1) defined the SeProfileSingleProcessPrivilege setting in by Local or Group Policy CCE-2601User Right Check Profile single process (CID:175)&Profile single process: Administrators4.2.30 Profile single process8Profile single process Table: 4.32 Value: AdministratorsProfileSingleProcessoval:gov.nist.1:def:190#ProfileSingleProcess_Administratorsoval:gov.nist.fdcc.xp:def:190 CCE-2675-7YThe "profile system performance" user right should be assigned to the correct accounts. N(1) defined the SeSystemProfilePrivilege setting in by Local or Group Policy CCE-5995User Right Check Profile system performance (CID:176)*Profile system performance: Administrators!4.2.31 Profile system performance<Profile system performance Table: 4.33 Value: AdministratorsProfileSystemPerformanceoval:gov.nist.1:def:191'ProfileSystemPerformance_Administratorsoval:gov.nist.fdcc.xp:def:191 CCE-2335-8cThe "remove computer from docking station" user right should be assigned to the correct accounts. G(1) defined the SeUndockPrivilege setting in by Local or Group Policy CCE-656!User Right Check undock (CID:177);Remove computer from docking station: Administrators, Users+4.2.32 Remove computer from docking stationMRemove computer from docking station Table: 4.34 Value: Users, AdministratorsFRemoveComputerFromDockingStation, RemoveComputerFromDockingStationNone0oval:gov.nist.1:def:192, oval:gov.nist.1:def:2365RemoveComputerFromDockingStation_Administrators_Usersoval:gov.nist.fdcc.xp:def:192 CCE-2860-5\The "replace a process-level token" user right should be assigned to the correct accounts. S(1) defined the SeAssignPrimaryTokenPrivilege setting in by Local or Group Policy CCE-667*User Right replace process token (CID:178)=Replace a process level token: LOCAL SERVICE, NETWORK SERVICE$4.2.33 Replace a process level tokenOReplace a process-level token Table: 4.35 Value: LOCAL SERVICE, NETWORK SERVICEReplaceProcessLevelTokenoval:gov.nist.1:def:1936ReplaceProcessLevelToken-LOGON_SERVICE-NETWORK_SERVICEoval:gov.nist.fdcc.xp:def:193 CCE-2847-2\The "restore files and directories" user right should be assigned to the correct accounts. H(1) defined the SeRestorePrivilege setting in by Local or Group Policy CCE-553User Right restore (< CID:179)-Restore files and directories: Administrators$4.2.34 Restore files and directories?Restore files and directories Table: 4.36 Value: AdministratorsRestoreFilesAndDirectoriesoval:gov.nist.1:def:194)RestoreFilesAndDirectories_Administratorsoval:gov.nist.fdcc.xp:def:194 CCE-2366-3SThe "shut down the system" user right should be assigned to the correct accounts. I(1) defined the SeShutdownPrivilege setting in by Local or Group Policy CCE-839User Right shut down (CID:180)+Shut down the system: Administrators, Users4.2.35 Shut down the system=Shut down the system Table: 4.37 Value: Users, AdministratorsShutDownSystemoval:gov.nist.1:def:195#ShutDownSystem_Administrators_Usersoval:gov.nist.fdcc.xp:def:195 CCE-2021-4gThe "take ownership of files or other objects" user right should be assigned to the correct accounts. N(1) defined the SeTakeOwnershipPrivilege setting in by Local or Group Policy CCE-492#User Right take ownership (CID:182)8Take ownership of files or other objects: Administrators.4.2.37 Take ownership of file or other objectsKTake ownership of files and other objects Table: 4.39 Value: AdministratorsTakeOwnershipOfFilesoval:gov.nist.1:def:196#TakeOwnershipOfFiles_Administratorsoval:gov.nist.fdcc.xp:def:196 CCE-2810-0aThe "synchronize directory service data" user right should be assigned to the correct accounts. K(1) defined the SeSynchAgentPrivilege setting in by Local or Group Policy CCE-381$User Right synch directory (CID:181)*Synchronize directory service data: No One)4.2.36 Synchronize directory service data@Syncronize directory service data Table: 4.38 Value: not definedSynchronizeDirectoryServiceDataoval:gov.nist.1:def:238$SynchronizeDirectoryServiceData_Noneoval:gov.nist.fdcc.xp:def:238 CCE-2700-3QThe "deny logon locally" user right should be assigned to the correct accounts. Q(1) defined the SeDenyInteractiveLogonRight setting in by Local or Group Policy CCE-64-User Right Check deny logon locally (CID:163)Deny logon locally: Not Defined4.2.16 Deny logon locallyTDeny logon locally Table: 4.18 Value: Guests, SUPPORT_388945a0, any service accountsDenyLogonLocallyoval:gov.nist.1:def:177(DenyLogonLocally-Guests-SUPPORT_388945a0oval:gov.nist.fdcc.xp:def:177 CCE-2982-7}The "enable computer and user accounts to be trusted for delegation" user right should be assigned to the correct accounts. Q(1) defined the SeEnableDelegationPrivilege setting in by Local or Group Policy CCE-155User Right Check allow trust for delegation (CID:164)FEnable computer and user accounts to be trusted for delegation: No OneE4.2.18 Enable computer and user accounts to be trusted for delegationcEnable computer and user accounts to be trusted for delegation Table: 4.20 Value: none, not definedAccountsTrustedForDelegationoval:gov.nist.1:def:179 CCE-2374-7YThe "add workstations to domain" user right should be assigned to the correct accounts. O(1) defined the SeMachineAccountPrivilege setting in by Local or Group Policy CCE-183.User Right Check Add wkstn to domain (CID:154)Add workstations to domain 4.2.3 Add workstations to domain;Add workstations to domain Table: 4.3 Value: Administrators5AddWorkstationsToDomain, AddWorkstationsToDomainNone0oval:gov.nist.1:def:163, oval:gov.nist.1:def:232 CCE-3004-9dThe "allow logon through Terminal Services" user right should be assigned to the correct accounts. S(1) defined the SeRemoteInteractiveLogonRight setting in by Local or Group Policy CCE-8831User Right allow logon terminal service (CID:737)-Allow logon through Terminal Services: No One+4.2.5 Allow logon through terminal servicesIAllow logon through Terminal Services Table: 4.6 Value: none, not defined!AllowLogOnThroughTerminalServicesoval:gov.nist.1:def:166CAllowLogOnThroughTerminalServices_Administrators-RemoteDesktopUsersoval:gov.nist.fdcc.xp:def:1662 CCE-2898-5XThe "deny logon as a batch job" user right should be assigned to the correct accounts. K(1) defined the SeDenyBatchLogonRight setting in by Local or Group Policy CCE-165!Deny logon as a batch job: No One 4.2.14 Deny logon as a batch jobEDeny logon as a batch job Table: 4.16 Value: Guests, SUPPORT_388945a0DenyLogonAsBatchJoboval:gov.nist.1:def:176+DenyLogonAsBatchJob-Guests-SUPPORT_388945a0oval:gov.nist.fdcc.xp:def:176 CCE-2792-0VThe "deny logon as a service" user right should be assigned to the correct accounts. M(1) defined the SeDenyServiceLogonRight setting in by Local or Group Policy CCE-597Deny logon as a service: No One4.2.15 Deny logon as a service6Deny logon as a service Table: 4.17 Value: not defined***deny_logon_as_service_noneoval:gov.nist.fdcc.xp:def:677 CCE-2814-2cThe "deny logon through Terminal Services" user right should be assigned to the correct accounts. W(1) defined the SeDenyRemoteInteractiveLogonRight setting in by Local or Group Policy CCE-1080User Right deny logon terminal service (CID:738).Deny logon through Terminal Services: Everyone*4.2.17 Deny logon through Terminal ServiceMDeny logon through Terminal Services Table: 4.19 Value: Everyone, not defined DenyLogonThroughTerminalServicesoval:gov.nist.1:def:178'DenyLogonThroughTerminalServices-Guestsoval:gov.nist.fdcc.xp:def:1781 CCE-2960-3_The "perform volume maintenance tasks" user right should be assigned to the correct accounts. M(1) defined the SeManageVolumePrivilege setting in by Local or Group Policy CCE-314/User Right perform volume maintenance (CID:739)0Perform volume maintenance tasks: Administrators'4.2.29 Perform volume maintenance tasksBProfile volume maintenance tasks Table: 4.31 Value: AdministratorsPerformVolumeMaintenanceTasksoval:gov.nist.1:def:189,PerformVolumeMaintenanceTasks_Administratorsoval:gov.nist.fdcc.xp:def:189 CCE-2466-1TThe "reset account lockout counter after" policy should meet minimum requirements. (1) number of minutes&(1) defined by Local or Group Policy CCE-733Lockout Reset (CID:45)-Reset account lockout counter after (15 min.)#2.2.3.3 Reset Account Lockout After8Reset account lockout counter after Table: 2.3 value: 15AccountLockoutResetoval:gov.nist.1:def:26account_lockout_resetoval:gov.nist.fdcc.xp:def:26 CCE-2928-0IThe "account lockout duration" policy should meet minimum requirements. CCE-980Lockout Duration (CID:44)%Account lockout duration (15 minutes) 2.2.3.1 Account Lockout Duration-Account lockout duration Table: 2.1 Value: 15AccountLockoutDurationoval:gov.nist.1:def:23account_lockout_durationoval:gov.nist.fdcc.xp:def:23 CCE-2986-8JThe "account lockout threshold" policy should meet minimum requirements. (1) number of attemptsCCE-658Lockout Count (CID:43).Account lockout threshold (3 invalid attempts)!2.2.3.2 Account Lockout Threshold2Account lockout threshold Table: 2.2 Value: 10, 50AccountLockoutThresholdoval:gov.nist.1:def:24account_lockout_thresholdoval:gov.nist.fdcc.xp:def:24 CCE-2867-0\Auditing of "account logon" events on success should be enabled or disabled as appropriate..(1) enabled/disabledCCE-2628Account logon auditing (CID:49)-Audit account logon events (Success, Failure)"2.2.1.1 Audit Account Logon EventsJAudit account logon events Table: 3.1 Value: success, success and failure AuditAccountLoginoval:gov.nist.1:def:27AuditAccountLogonEventsoval:gov.nist.fdcc.xp:def:27 CCE-3008-0\Auditing of "account logon" events on failure should be enabled or disabled as appropriate..CCE-2543 CCE-2902-5aAuditing of "account management" events on success should be enabled or disabled as appropriate..CCE-2000$Account management auditing (CID:51)+Audit account management (Success, Failure) 2.2.1.2 Audit Account Management:Audit account management Table: 3.2 Value success, failureAuditAccountManagementoval:gov.nist.1:def:29oval:gov.nist.fdcc.xp:def:29 CCE-2906-6aAuditing of "account management" events on failure should be enable< d or disabled as appropriate..CCE-1646 CCE-2933-0gAuditing of "directory service access" events on success should be enabled or disabled as appropriate..CCE-2118,Audit directory service access (No auditing)&2.2.1.3 Audit Directory Service Access;Audit directory service acces Table: 3.3 Value: not definedNot applicableAuditDirectoryServiceAccessoval:gov.nist.fdcc.xp:def:30 CCE-2206-1gAuditing of "directory service access" events on failure should be enabled or disabled as appropriate..CCE-2390 CCE-2100-6TAuditing of "logon" events on success should be enabled or disabled as appropriate..%(1) defined by Local or Group Policy CCE-1686logon auditing (CID:53)%Audit logon events (Success, Failure)2.2.1.4 Audit Logon EventsAAudit logon events Table: 3.4 Value: success, success and failureAuditLogonEventsoval:gov.nist.1:def:32oval:gov.nist.fdcc.xp:def:32 CCE-2343-2TAuditing of "logon" events on failure should be enabled or disabled as appropriate..CCE-1744 CCE-2259-0\Auditing of "object access" events on success should be enabled or disabled as appropriate..CCE-2640object access auditing (CID:55)Audit object access (Failure)2.2.1.5 Audit Object Access:Audit object access Table: 3.5 Value: failure, no auditingAuditObjectAccessoval:gov.nist.1:def:34oval:gov.nist.fdcc.xp:def:34 CCE-2766-4\Auditing of "object access" events on failure should be enabled or disabled as appropriate..CCE-1991 CCE-2971-0\Auditing of "policy change" events on success should be enabled or disabled as appropriate..CCE-2412policy change auditing (CID:56)&Audit policy change (Success, Failure)2.2.1.6 Audit Policy Change-Audit policy change Table: 3.6 Value: successAuditPolicyChangesSuccessOnlyoval:gov.nist.1:def:35AuditPolicyChangeoval:gov.nist.fdcc.xp:def:35 CCE-2759-9\Auditing of "policy change" events on failure should be enabled or disabled as appropriate..CCE-2347 CCE-2913-2\Auditing of "privilege use" events on success should be enabled or disabled as appropriate..CCE-2431priv use auditing (CID:58)Audit privilege use (Failure)2.2.1.7 Audit Privilege Use:Audit privilege use Table: 3.7 Value: failure, no auditingAuditPrivilegeUseoval:gov.nist.1:def:36oval:gov.nist.fdcc.xp:def:36 CCE-2918-1\Auditing of "privilege use" events on failure should be enabled or disabled as appropriate..CCE-2584 CCE-2816-7_Auditing of "process tracking" events on success should be enabled or disabled as appropriate..CCE-2529$Audit process tracking (No Auditing)2.2.1.8 Audit Process Tracking4Audit process tracking Table: 3.8 Value: no auditingAuditProcessTrackingoval:gov.nist.1:def:40oval:gov.nist.fdcc.xp:def:40 CCE-2939-7_Auditing of "process tracking" events on failure should be enabled or disabled as appropriate..CCE-2617 CCE-2878-7UAuditing of "system" events on success should be enabled or disabled as appropriate..CCE-2420system event auditing (CID:59)&Audit system events (Success, Failure)2.2.1.9 Audit System Events-Audit system events Table: 3.9 Value: successAuditSystemEventsSuccessOnlyoval:gov.nist.1:def:37AuditSystemEventsoval:gov.nist.fdcc.xp:def:37 CCE-2843-1UAuditing of "system" events on failure should be enabled or disabled as appropriate..CCE-1680 CCE-2116-2PThe "restrict guest access to application log" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\RestrictGuestAccess (2) defined by Group Policy CCE-299:Anonymous Access to the Security Event Log value (CID:479)(Restrict guest access to application Log2.2.4.1.2 Restrict Guest AccessQPrevent local guestsgroup from accessingapplication log Table: 6.4 Value: enabled PreventGuestApplicationLogAccessoval:gov.nist.1:def:200$prevent_guest_application_log_accessoval:gov.nist.fdcc.xp:def:200 CCE-2904-1CThe application log maximum size should be configured correctly.. (1) size of file(1) defined by the Windows Event Log (2) defined by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MaxSize CCE-185Application log size (CID:82)Maximum application log size 2.2.4.1.1 Maximum Event Log Size>Maximum Application log size Table: 6.1 Value: 16384 kilobytesMaximumApplicationLogSizeoval:gov.nist.1:def:197maximum_application_log_sizeoval:gov.nist.fdcc.xp:def:197 CCE-3014-8bThe "when maximum log size is reached" property should be set correctly for the Application log. (1) type of retentionv(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Retention (2) defined by Group Policy CCE-285"Application log retention (CID:85)$Retention method for application Log2.2.4.1.3 Log Retention Method4Retain application log Table: 6.7 Value: not definedretention_application_logoval:gov.nist.fdcc.xp:def:203 CCE-3019-7If the Application log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.(1) number of daysCCE-951Retain application log2.2.4.1.4 Log RetentionARetention method for application log Table: 6.10 Value: as neededApplicationLogRetentionMethodoval:gov.nist.1:def:203 CCE-2794-6MThe "restrict guest access to security log" policy should be set correctly. }(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\RestrictGuestAccess (2) defined by Group Policy CCE-462:Anonymous Access to the Security Event Log value (CID:477)%Restrict guest access to security Log2.2.4.2.2 Restrict Guest AccessNPrevent local guestsgroup from accessingsecurity log Table: 6.5 Value: enabledPreventGuestSecurityLogAccessoval:gov.nist.1:def:201!prevent_guest_security_log_accessoval:gov.nist.fdcc.xp:def:201 CCE-2693-0@The security log maximum size should be configured correctly.. (1) defined by the Windows Event Log (2) defined by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\MaxSize CCE-757Security log size (CID:80)Maximum security log size 2.2.4.2.1 Maximum Event Log Size:Maxium security log size Table: 6.2 Value: 81920 kilobytesMaximumSecurityLogSizeoval:gov.nist.1:def:198maximum_security_log_sizeoval:gov.nist.fdcc.xp:def:198 CCE-2336-6_The "when maximum log size is reached" property should be set correctly for the Security log. CCE-523Security log retention (CID:83)!Retention method for security log2.2.4.2.3 Log Retention Method1Retain security log Table: 6.8 Value: not definedretention_security_logoval:gov.nist.fdcc.xp:def:204 CCE-2966-0If the Security log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.CCE-682Retain security log2.2.4.2.4 Log Retention;Retention method forsystem log Table: 6.11 Value: as neededSecurityLogRetentionMethodoval:gov.nist.1:def:204 CCE-2345-7KThe "restrict guest access to system log" policy should be set correctly. {(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\RestrictGuestAccess (2) defined by Group Policy CCE-726:Anonymous Access to the Security Event Log value (CID:482)#Restrict guest access to system Log2.2.4.3.2 Restrict Guest AccessLPrevent local guestsgroup from accessingsystem log Table: 6.6 Value: enabledPreventGuestSystemLogAccessoval:gov.nist.1:def:202prevent_guest_system_log_accessoval:gov.nist.fdcc.xp:def:202 CCE-3006-4>The system log maximum size should be configured correctly.. (1) defined by the Windows Event Log (2) defined by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\MaxSize CCE-735System log size (CID:81)Maximum system log size 2.2.4.3.1 Maximum Event Log Size9Maximum system log size Table: 6.3 Value: 16384 kilobytesMaximumSystemLogSizeoval:gov.nist.1:def:199maximum_system_log_sizeoval:gov.nist.fdcc.xp:def:199< CCE-2777-1]The "when maximum log size is reached" property should be set correctly for the System log. CCE-664System log retention (CID:84)Retention method for system log2.2.4.3.3 Log Retention Method/Retain system log Table: 6.9 Value: not definedretention_system_logoval:gov.nist.fdcc.xp:def:205 CCE-2050-3If the System log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.CCE-210Retain system log2.2.4.3.4 Log Retention>Retention method for system log Table: 6.12 Value: not definedSystemLogRetentionMethodoval:gov.nist.1:def:205 CCE-2920-7EThe "maximum password age" policy should meet minimum requirements. CCE-871Maximum Password Age (CID:40)Maximum Password Age (90)82.1.2 Maximum Password Age, 2.2.2.2 Maximum Password Age)Maximum password age Table: 1.2 Value: 90MaximumPasswordAgeoval:gov.nist.1:def:17maximum_password_ageoval:gov.nist.fdcc.xp:def:17 CCE-2439-8EThe "minimum password age" policy should meet minimum requirements. CCE-324Minimum Password Age (CID:41)Minimum Password Age (1)2.2.2.1 Minimum Password Age(Minimum password age Table: 1.3 Value: 1MinimumPasswordAgeoval:gov.nist.1:def:18minimum_password_ageoval:gov.nist.fdcc.xp:def:18 CCE-2981-9HThe "minimum password length" policy should meet minimum requirements. CCE-100Password Length (CID:39)Minimum Password Length (12)>2.1.1 Minimum Password Length, 2.2.2.3 Minimum Password Length/Minimum password length Table: 1.4 Value: 12, 8MinimumPasswordLengthoval:gov.nist.1:def:19minimum_password_lengthoval:gov.nist.fdcc.xp:def:19 CCE-2735-9QThe "password must meet complexity requirments" policy should be set correctly. CCE-6335Passwords must meet complexity requirements (Enabled)2.2.2.4 Password ComplexityDPassword must meet complexity requirements Table: 1.5 Value: enabledPasswordComplexityoval:gov.nist.1:def:21password_complexityoval:gov.nist.fdcc.xp:def:21 CCE-2994-2IThe "enforce password history" policy should meet minimum requirements. "(1) number of passwords rememberedCCE-60Password History (CID:42)'Enforce password history (24 passwords)2.2.2.5 Password History-Enforce password history Table: 1.1 Value: 24PasswordHistoryEnforcementoval:gov.nist.1:def:16password_history_enforcementoval:gov.nist.fdcc.xp:def:16 CCE-2889-4nThe "store password using reversible encryption for all users in the domain" policy should be set correctly. CCE-479#Reversible Pwd Encryption (CID:232)QStore password using reversible encryption for all users in the domain (Disabled)32.2.2.6 Store Passwords using Reversible Encryption_Store passwrd using reversible encryptin for all users in the domain Table: 1.6 Value: disabled#PasswordStorageReversibleEncryptionoval:gov.nist.1:def:22oval:gov.nist.fdcc.xp:def:22 CCE-3034-6<The startup type of the Alerter service should be correct. (1) disabled/manual/automatic(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-487 4.1.1 Alerter*Alerter Service Table: 8.1 Value: disabledAlerterServiceoval:gov.nist.1:def:209oval:gov.nist.fdcc.xp:def:209 CCE-2937-1EThe startup type of the Automatic Update service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv (2) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate (3) defined by the Services Administrative Tool (4) definied by Group Policy CCE-4964.1.2 Automatic Updates6Automatic update service Table: 8.4 Value: not defined CCE-2818-3cThe startup type of the Background Intelligent Transfer Service (BITS) service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-148-4.1.3 Background Intelligent Transfer ServiceEBackground Intelligent Transfer Service Table: 8.5 Value: not defined BITSServiceoval:gov.nist.fdcc.xp:def:6132 CCE-2713-6=The startup type of the ClipBook service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-9544.1.4 Clipbook+ClipBook service Table: 8.6 Value: disabledClipBookServiceoval:gov.nist.1:def:210oval:gov.nist.fdcc.xp:def:210 CCE-2880-3EThe startup type of the Computer Browser service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-294"Computer Browser Disabled (CID:22)4.1.5 Computer Browser4Computer Browswer Service Table: 8.9 Value: disabledBrowserServiceoval:gov.nist.1:def:211ComputerBrowserServiceoval:gov.nist.fdcc.xp:def:211 CCE-2950-4HThe startup type of the Fast User Switching service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-8004Fast User Swithcing Compatibility Disabled (CID:729)4.1.6 Fax Service?Fast User SwitchingCompatibility Table: 8.17 Value: not defined%FastUserSwitchingCompatibilityServiceoval:gov.nist.fdcc.xp:def:2121 CCE-2849-88The startup type of the Fax service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fax\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-78&Fax Servce Table: 8.18 Value: disabled FaxServiceoval:gov.nist.1:def:212oval:gov.nist.fdcc.xp:def:212 CCE-2888-6CThe startup type of the FTP Publishing service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-7124.1.7 FTP Publishing Service2FTP Publishing Service Table: 8.19 Value: disabledFTPPublishingServiceoval:gov.nist.1:def:213oval:gov.nist.fdcc.xp:def:213 CCE-3016-3>The startup type of the IIS Admin service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IISADMIN\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-311<Internet Information System Installed - IIS Admin (CIS:4066)4.1.8 IIS Admin Service-IIS Admin service Table: 8.22 Value: disabledIISAdminServiceoval:gov.nist.1:def:214 CCE-2910-8=The startup type of the Indexing service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-7384.1.9 Indexing Service,Indexing Service Table: 8.24 Value: disabledIndexingServiceoval:gov.nist.1:def:215oval:gov.nist.fdcc.xp:def:215 CCE-2915-7>The startup type of the Messenger service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-729,Windows Messenger Internet Access (CIS:4036)4.1.10 Messenger-Messenger service Table: 8.30 Value: disabledMessengerServiceoval:gov.nist.1:def:216(Do-not-allow-Windows-Messenger-to-be-runoval:gov.nist.fdcc.xp:def:6601 CCE-2053-7CThe startup type of the .NET Framework service should be correct. O(1) defined by the Services Administrative Tool (2) definied by Group Policy CCE-650!.NET Framework service (CIS:4035) CCE-2071-9>The startup type of the Net Logon service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-4084.1.11 Net Logon0Net Logon service Table: 8.32 Value: not defined CCE-2896-9VThe startup type of the NetMeeting Remote Desktop < Sharing service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-2324NetMeeting Romote Desktop Sharing Disabled (CIS:730)(4.1.12 NetMeeting Remote Desktop Sharing>Net meeting Remote Desktop Sharing Table: 8.33 Value: disabled%NetMeetingRemoteDesktopSharingServiceoval:gov.nist.1:def:217disable_remote_desktop_sharingoval:gov.nist.fdcc.xp:def:6595 CCE-2280-6LThe startup type of the Print Services for Unix service should be correct. CCE-857*Print Services for Unix Service (CIS:4031) CCE-2940-5ZThe startup type of the Remote Access Auto connection Manager service should be correct. CCE-2678Remote Access Auto Connection Manager Disabled (CIS:731)DRemote Access Auto Connection Manager Table: 8.45 Value: not defined CCE-2255-8XThe startup type of the Remote Desktop Help Session Manager service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-6636Remote Desktop Help Session Manager Disabled (CIS:732)*4.1.13 Remote Desktop Help Session Manager?Remote Desktop Help Session Manager Table: 8.47 Value: disabled&RemoteDesktopHelpSessionManagerServiceoval:gov.nist.1:def:218 CCE-3026-2PThe startup type of the Internet Connection Sharing service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-672`Internet ConnectionFirewall (ICF)/InternetConnection Sharing(ICS) Table: 8.26 Value: not defined$prohibit_internet_connection_sharing!oval:gov.nist.fdcc.xp:def:3366993 CCE-3030-4DThe startup type of the Remote Registry service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-734.1.14 Remote Registry Service7Remote Registery service Table: 8.50 Value: not defined CCE-3035-3NThe startup type of the Routing and Remote Access service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-223,Routing and Remote Access Disabled (CIS:733) 4.1.15 Routing and Remote Access=Routing and Remote Access service Table: 8.52 Value: disabledRoutingAndRemoteAccessServiceoval:gov.nist.1:def:219oval:gov.nist.fdcc.xp:def:219 CCE-2427-3AThe startup type of the Remote Shell service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RshSvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-522Remote Shell Service (CIS:24) CCE-2449-7BThe startup type of the Simple TCP/IP service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SIMPTCP\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-531Simple TCP/IP Service (CIS:25) CCE-2233-5ZThe startup type of the Simple Mail Transport Protocol (SMTP) service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-870+4.1.16 Simple Mail Transfer Protocol (SMTP)?Simple Mail TransferProtocol (SMTP) Table: 8.59 Value: disabled SMTPServiceoval:gov.nist.1:def:220 CCE-2779-7AThe startup type of the SNMP Service service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-975CManagement and Monitoring Tools Installed - SNMP Service (CIS:4071)84.1.17 Simple Network Management Protocol (SNMP) ServiceKSimple NetworkManagement Protocol(SNMP) Service Table: 8.60 Value: disabled SNMPServiceoval:gov.nist.1:def:221 CCE-2520-5FThe startup type of the SNMP Trap Service service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMPTRAP\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-892@Management and Monitoring Tools Installed - SNMP Trap (CIS:4072)54.1.18 Simple Network Management Protocol (SNMP) TrapHSimple NetworkManagement Protocol(SNMP) Trap Table: 8.61 Value: disabledSNMPTrapoval:gov.nist.1:def:222 CCE-2661-7CThe startup type of the SSDP Discovery service should be correct. CCE-940)SSDP Discovery Service Disabled (CIS:734)SSimple ServiceDiscovery Protocol(SSDP) DiscoveryService Table: 8.62 Value: disabled SSDPServiceoval:gov.nist.1:def:223oval:gov.nist.fdcc.xp:def:223 CCE-2934-8CThe startup type of the Task Scheduler service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-40Task Scheduler Check (CIS:28)4.1.19 Task Scheduler2Task Scheduler service Table: 8.65 Value: disabledTaskSchedulerServiceoval:gov.nist.1:def:224oval:gov.nist.fdcc.xp:def:224 CCE-2326-7;The startup type of the Telnet service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-7523 - Telnet Disabled (CIS:23) 4.1.20 Telnet*Telnet service Table: 8.68 Value: disabled TelnetServiceoval:gov.nist.1:def:225oval:gov.nist.fdcc.xp:def:225 CCE-3043-7FThe startup type of the Terminal Services service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-974$Terminal Services Disabled (CIS:735)4.1.21 Terminal Services5Terminal Services service Table: 8.69 Value: disabledTerminalServicesServiceoval:gov.nist.1:def:226oval:gov.nist.fdcc.xp:def:226 CCE-3048-6_The startup type of the Universal Plug and Play Device Host (UPnP) service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-608*4.1.22 Universal Plug and Play Device HostKUniversal Plug and Play Device Host Disabled Table: 8.73 Value: Not defined%UniversalPlugAndPlayDeviceHostServiceoval:gov.nist.1:def:227oval:gov.nist.fdcc.xp:def:227 CCE-2942-1NThe startup type of the World Wide Web Publishing service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-758KInternet Information Sytem Installed - World Wide Web Publishing (CIS:4067))4.1.23 World Wide Web Publishing Services? World Wide Web Publishing Services Table: 8.85 Value: DisabledWWWPublishingServicesServiceoval:gov.nist.1:def:228oval:gov.nist.fdcc.xp:def:228 CCE-2076-8MThe correct service permissions for the Alerter service should be assigned. -(1) set of accounts (2) list of permissions>(1) set via Security Templates (2) definied by Group Policy CCE-6694.1 Available Services (Permissions on services listed here: Administrators: Full Control; System: Read, Start, Stop, and Pause) CCE-2626-0WThe correct service permissions for the Automatic Updates service should be assigned. CCE-889 CCE-3022-1eThe correct service permissions for the Background Intelligent Transfer service should be assigned. CCE-61 CCE-2815-9NThe correct service permissions for the ClipBook service should be assigned. CCE-476 CCE-2568-4VThe correct service permissions for the Computer Browser service should be assigned. CCE-643 CCE-3071-8IThe correct service permissions for the Fax service should be assigned. CCE-87 CCE-2969-4QThe correct service permissions for the File Shares < service should be assigned. CCE-968File Shares (CIS:230) CCE-3057-7TThe correct service permissions for the FTP Publishing service should be assigned. CCE-4 CCE-2563-5OThe correct service permissions for the IIS Admin service should be assigned. CCE-792 CCE-2836-5NThe correct service permissions for the Indexing service should be assigned. CCE-444 CCE-2480-2OThe correct service permissions for the Messenger service should be assigned. CCE-79 CCE-2502-3OThe correct service permissions for the Net Logon service should be assigned. CCE-497 CCE-2119-6PThe correct service permissions for the NetMeeting service should be assigned. CCE-21 CCE-2976-9MThe correct service permissions for the Printer service should be assigned. CCE-109Printer ACL (CIS:229)4Print Spooler service Table: 8.42 Value: not defined CCE-2990-0iThe correct service permissions for the Remote Desktop Help Session Manager service should be assigned. CCE-915 CCE-3021-3UThe correct service permissions for the Remote Registry service should be assigned. CCE-219 CCE-2141-0_The correct service permissions for the Routing and Remote Access service should be assigned. CCE-779 CCE-2773-0JThe correct service permissions for the SMTP service should be assigned. CCE-426 CCE-2941-3JThe correct service permissions for the SNMP service should be assigned. CCE-56 CCE-2945-4OThe correct service permissions for the SNMP Trap service should be assigned. CCE-521 CCE-3077-5TThe correct service permissions for the Task Scheduler service should be assigned. CCE-407 CCE-3108-8LThe correct service permissions for the Telnet service should be assigned. CCE-944 CCE-3130-2WThe correct service permissions for the Terminal Services service should be assigned. CCE-605 CCE-3029-6]The correct service permissions for the Universal Plug and Play service should be assigned. CCE-8694Plug and Play service Table: 8.40 Value: not defined CCE-3051-0TThe correct service permissions for the WWW Publishing service should be assigned. CCE-143 CCE-2804-3sThe behavior surrounding Anonymous users' abiliity to display lists of SAM accounts and shares should be correct. (1) restricted/unrestrictedv(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous (2) defined by Local or Group Policy CCE-195!Restrict Anonymous value (CIS:97)VNetwork access: Do not allow anonymous enumeration of SAM accounts and shares: EnabledS3.1.3 Network Access: Do not allow Anonymous Enumeration of SAM Accounts and ShareseNetwork access: Do notallow anonymousenumeration of SAMaccounts and shares Table: 5.45 Value: enabled'AnonymousEnumerationOfAccountsAndSharesoval:gov.nist.1:def:88oval:gov.nist.fdcc.xp:def:88 CCE-2147-7fThe behavior surrounding Anonymous users' abiliity to display lists of SAM accounts should be correct.y(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM (2) defined by Local or Group Policy CCE-318KNetwork access: Do not allow anonymous enumeration of SAM accounts: EnabledH3.1.2 Network Access: Do not allow Anonymous Enumeration of SAM AccountsZNetwork access: Do notallow anonymousenumeration of SAMaccounts Table: 5.44 Value: enabledAnonymousEnumerationOfAccountsoval:gov.nist.1:def:87oval:gov.nist.fdcc.xp:def:87 CCE-2973-6LThe behavior surrounding Anonymous SID/Name translation should be correct. p(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AnonymousNameLookup (2) defined by Local or Group CCE-953>Network access: Allow anonymous SID/Name translation: Disabled:3.1.1 Network Access: Allow Anonymous SID/Name TranslationNNetwork access: Allowanonymous SID/Nametranslation Table: 5.43 Value: disabledanonymous_sid_name_translationoval:gov.nist.fdcc.xp:def:77 CCE-3119-5UThe "Anonymous access to the application event log" policy should be set correctly. +(1) exist/not exist (2) enabled/disabledO(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application CCE-983'Anon Access to Application log (CIS:78) CCE-2890-2PThe "Anonymous access to the system event log" policy should be set correctly. J(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System CCE-142$Anon Access to Security log (CIS:79) CCE-2643-5RThe "Anonymous access to the security event log" policy should be set correctly. L(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security CCE-653"Anon Access to System log (CIS:77) CCE-3040-3OUse of the built-in Guest account should be enabled or disabled as appropriate. (1) Local Users and Groups MMC CCE-332Guest Account Disabled (CIS:29)(Accounts: Guest account status: Disabled&3.2.1.2 Accounts: Guest Account Status8Accounts: Guestaccount status Table: 5.2 Value: disabledGuestAccountStatusoval:gov.nist.1:def:243oval:gov.nist.fdcc.xp:def:243 CCE-2943-9YUse of the built-in Administrator account should be enabled or disabled as appropriate. CCE-499/Accounts: Administrator account status: Enabled.3.2.1.1 Accounts: Administrator Account Status?Accounts: Administratoraccount status Table: 5.1 Value: enabledAdministratorAccountStatusoval:gov.nist.1:def:242 CCE-2573-4TThe "Message title for users attempting to log on" policy should be set correctly. (1) text caption(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption (2) defined by Local or Group Policy CCE-23?Interactive logon: Message title for users attempting to log onH3.2.1.27 Interactive Logon: Message Title for Users Attempting to Log On_Interactive logon: Messagetitle for users attempting tolog on Table: 5.30 Value: LogonMessageTitleoval:gov.nist.1:def:71oval:gov.nist.fdcc.xp:def:71 CCE-2472-9SThe "Message text for users attempting to log on" policy should be set correctly. (1) text statement(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText (2) defined by Local or Group Policy CCE-829SInteractive logon: Message test for users attempting to log on: G3.2.1.26 Interactive Logon: Message Text for Users Attempting to Log On^Interactive logon: Messagetext for users attempting tolog on Table: 5.29 Value: LogonMessageTextoval:gov.nist.1:def:70oval:gov.nist.fdcc.xp:def:70 CCE-3137-7EAdministrative Shares should be enabled or disabled as appropriate. (1) allowed/removed_(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareWks CCE-512B3.2.2.9 Remove administrative shares on workstation (Professional)MMSS: (AutoShareWks)Enable AdministrativeShares Table: 5.72 Value: not defined CCE-3031-2KAutomatic Execution of the System Debugger should be properly configured. R(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug\Auto CCE-243?CIS: Automatic Execution of the System Debugger value (CIS:749):3.2.2.2 Disable Automatic Execution of the System Debugger CCE-2776-30Automatic Logon should be properly configured. ](1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon CCE-283Admin Autologon password values not exist: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword; Admin Autologon Value: HKEY_LOCAL_MACHINE\*\AutoAdminLogon (CIS:188, 189)Interactive logon: Allow Automatic Administator Logon - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon = 03.2.2.6 Disable Automatic LogonGMSS: (AutoAdminLogon)Enable Automatic Logon Table: 5.70 Value: disabledAutomaticLogonDisabledoval:gov.nist.1:def:110oval:gov.nist.fdcc.xp:def:110 CCE-2419-0DAutomatic Reboot After System Crash should be properly configured. Q(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot CCE-137/CIS: Disable Reboot After Crash value (CID:755)>3.2.2.7 Disable aut< omatic reboots after a Blue Screen of DeathjMSS: (AutoReboot) AllowWindows to automaticallyrestart after a system crash Table: 5.71 Value: not defined CCE-2710-2<Autoplay on all Drive Types should be properly configured. g(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun CCE-44Autoplay value (CID:103)F3.2.2.3 Disable autoplay from any disk type, regardless of applicationLMSS:(NoDriveTypeAutoRun)Disable Autorun for alldrives Table: 5.80 Value: 255DisableAutorunForAllDrivesoval:gov.nist.fdcc.xp:def:117 CCE-2154-3:Autoplay for Current User should be properly configured. f(1) HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun CCE-36)3.2.2.4 Disable autoplay for current user CCE-2423-2:Autoplay for Default User should be properly configured. g(1) HKEY_USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun CCE-820@Disable Media Autoplay (HKEY_USER-.Default hive) Value (CID:752)03.2.2.5 Disable autoplay for the default profile CCE-2925-6/CD-ROM Autorun should be properly configured. H(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDrom\Autorun CCE-344\3.2.2.8 Disable CD Autorun: HKLM\System\CurrentControlSet\Services\Cdrom\Autorun (REG_DWORD) CCE-3070-0EComputer Browser ResetBrowser Frames should be properly configured. (1) enabled/ignoredX(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MrxSmb\Parameters\RefuseReset CCE-282:3.2.2.10 Protect against Computer Browser Spoofing Attacks CCE-2824-1/ICMP Redirects should be properly configured. ](1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesTcpip\Parameters\EnableICMPRedirect CCE-15043.2.2.13 Ensure ICMP Routing via shortest path firsthMSS:(EnableICMPRedirect)Allow ICMP redirects tooverride OSPF generatedroutes Table: 5.76 Value: disabledAllowICMPRedirectsDisabledoval:gov.nist.1:def:113oval:gov.nist.fdcc.xp:def:113 CCE-3132-82IP Source Routing should be properly configured. b(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting CCE-56403.2.2.11 Protect against source-routing spoofingMSS:(DisableIPSourceRouting)IP source routing protectionlevel Table: 5.73 Value: Highestprotection,source routingis completelydisabledIPSourceRoutingProtectionLeveloval:gov.nist.1:def:111oval:gov.nist.fdcc.xp:def:111 CCE-2652-6%IRDP should be properly configured. b(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery CCE-952,3.2.2.17 Ensure Router Discovery is DisabledpMSS:(PerformRouterDiscovery)Allow IRDP to detect andconfigure DefaultGatewayaddresses Table: 5.83 Value: enabledRouterDiscoveryoval:gov.nist.1:def:121oval:gov.nist.fdcc.xp:def:121 CCE-3044-5MKerberos and RSVP Traffic Protected by IPSec should be properly configured. P(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSEC\NoDefaultExempt CCE-501DCIS: Enable IPSec secuiryt for Kerberos RSVP Traffic value (CID:758)63.2.2.21 Enable IPSec to protect Kerberos RSVP Traffic~MSS: (NoDefaultExempt)Enable NoDefaultExemptfor IPSec Filtering Table: 5.79 Value: Multicast, broadcast, and ISAKMP are exempt NoDefaultExemptForIPSecFilteringoval:gov.nist.1:def:116oval:gov.nist.fdcc.xp:def:116 CCE-3066-87Dr. Watson Crash Dumps should be properly configured. D(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DrWatson\CreateCrashDump CCE-5361CIS: Allow Dr. Watson Crash Dumps value (CID:746)'3.2.2.1 Suppress Dr. Watson Crash Dumpsoval:gov.nist.1:def:117 CCE-2930-6GDisplay Last User Name in Logon Screen should be properly configured. f(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUserName CCE-659Interactive logon: Do no display last user name - Enabled93.2.1.24 Interactive Logon: Do Not Display Last User NameJInteractive logon: Do notdisplay last user name Table: 5.27 Value: enabled LastUserNameNotDisplayedForLogonoval:gov.nist.1:def:68oval:gov.nist.fdcc.xp:def:68 CCE-2952-0FSystem availability to Master Browser should be properly configured. (1) available/hiddenY(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters\Hidden CCE-139ECIS: Hide computer Name from other domain controllers value (CID:761)3.2.2.22 Hide workstation from Network Browser listing: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanserver\Parameters\HiddenIMSS: (Hidden) HideComputer From the BrowseList Table: 5.77 Value: enabledHideFromBrowseListoval:gov.nist.1:def:114oval:gov.nist.fdcc.xp:def:114 CCE-2718-5>TCP/IP Dead Gateway Detection should be properly configured. ^(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect CCE-8973.2.2.12 Protect the Default Gateway network setting: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetecteMSS:(EnableDeadGWDetect)Allow automatic detectionof dead network gateways Table: 5.75 Value: disabledAutomaticDetectionOfDeadGWsoval:gov.nist.1:def:112oval:gov.nist.fdcc.xp:def:112 CCE-2559-35The TCP/IP KeepAlive Time should be set correctly . (1) number of millisecondsY(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime CCE-188u3.2.2.15 Manage Keep-alive times: HKEY_LOCAL_MACHINE\System\CurrentControlSEt\Services\Tcpip\Parameters\KeepAliveTimepMSS: (KeepAliveTime)How often keep-alivepackets are sent inmilliseconds Table: 5.78 Value: 300,000ms (5 minutes) KeepAliveTimeoval:gov.nist.1:def:115oval:gov.nist.fdcc.xp:def:115 CCE-2453-9TThe permitted number of TCP/IP Maximum Half-open Sockets should be set correctly . (1) number of socketsZ(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpen CCE-3333.2.2.19 SYN Attack protection  Manage TCP Maximum half-open sockets: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpen CCE-3114-6\The permitted number of TCP/IP Maximum Retried Half-open Sockets should be set correctly . a(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpenRetried CCE-7513.2.2.20 SYN Attack protection  Manage TCP Maximum half-open retired sockets: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpenRetried CCE-3118-7QTCP/IP NetBIOS Name Release on Request Prevented should be properly configured. a(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand CCE-8173.2.2.16 Protect Against Malicious Name-Release Attacks: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemandMSS:(NoNameReleaseOnDemand) Allow the computer toignore NetBIOS namerelease requests exceptfrom WINS servers Table: 5.81 Value: enabledNameReleaseRequestsoval:gov.nist.1:def:118oval:gov.nist.fdcc.xp:def:118 CCE-3017-16TCP/IP PMTU Discovery should be properly configured. _(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscovery CCE-9983.2.2.14 Help protect against packet fragmentation: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscoveryEnablePMTUDiscoveryoval:gov.nist.fdcc.xp:def:407 CCE-2916-5CTCP/IP SYN Flood Attack Protection should be properly configured. \(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect CCE-2843.2.2.18 Protect against SYN Flood attacks: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect|MSS: (SynAttackProtect) Syn< attact protection level Table: 5.86 Value: Connections time out sooner if attack is detected (1)SynAttackProtectionLeveloval:gov.nist.1:def:124oval:gov.nist.fdcc.xp:def:124 CCE-3061-9ASecurity Audit log warning level should be properly configured. (1) warning levelY(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Security\WarningLevel CCE-125MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning Table: 5.89 Value: 90EventLogThresholdWarningoval:gov.nist.1:def:127oval:gov.nist.fdcc.xp:def:127 CCE-2444-8DDisable saving of dial-up passwords should be properly configured. `(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters\DisableSavePassword CCE-156,Disable saving of dial up password (CID:105)dMSS:(DisableSavePassword)Prevent the dial-uppassword from being saved Table: 5.74 Value: not defined CCE-2841-55Safe DLL Search Mode should be properly configured. S(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Session Manager\SafeDllSearchMode CCE-271$Safe DLL Search Mode value (CID:774)-System objects: Set safe search path for DLLs{3.2.2.23 Enable Safe DLL Search Mode: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SafeDllSearchModeMMSS: (SafeDllSearchMode)Enable Safe DLL searchmode Table: 5.84 value: enabledSafeDLLSearchModeoval:gov.nist.1:def:122oval:gov.nist.fdcc.xp:def:122 CCE-3092-4ZAlways Wait for the Network at Computer Startup and Logon should be properly configured. l(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon\SyncForegroundPolicy CCE-707CAlways Wait for the Network at Computer Startup and Logon (CID:927) CCE-3013-0NThe "Delete Cached Copies of Roaming Profiles" policy should be set correctly.I(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\DeleteRoamingCache CCE-213Cached Profiles value (CID:93) CCE-3100-52Use Classic Logon should be properly configured. (1) logon type\(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system\LogonType CCE-231"Always Use Classic Logon (CID:924)Always-Use-Classic-Logonoval:gov.nist.fdcc.xp:def:6686 CCE-2893-6CBackground Refresh of Group Policy should be properly configured. s(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Policies\system\DisableBkGndGroupPolicy CCE-505Turn Off Background Refresh of Group Policy (CID:930) CCE-2774-8JShow Shared Internet Connection Access UI should be properly configured. f(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_ShowSharedAccessUI CCE-81%Internet Connection Sharing (CID:942) CCE-2173-3kInstallation and Configuration of Network Bridge on the DNS Domain Network should be properly configured. f(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA CCE-896]Prohibit Installation and Configuration of Network Bridge on the DNS Domain Network (CID:945)$prohibit_installation_network_bridge!oval:gov.nist.fdcc.xp:def:3366991 CCE-3087-4\Disallow Installation of Printers Using Kernel-mode Drivers should be properly configured. ](1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\KMPrintersAreBlocked CCE-574EDisallow Installation of Printers Using Kernel-mode Drivers (CID:948) CCE-2968-6PThe "Allow Server Operators to Schedule Tasks" policy should be set correctly. CCE-257HDomain controller: Allow server operators to schedule tasks: Not DefinedD3.2.1.15 Domain Controller: Allow Server Operators to Schedule TasksZDomain controller: Allow server operators to schedule tasks Table: 5.17 Value: not defined#AllowServerOperatorsToScheduleTasks oval:gov.nist.fdcc.xp:def:608240 CCE-3135-1?The built-in Administrator account should be correctly named. (1) valid namesCCE-438&Administrator Account Renamed (CID:30)5Accounts: Rename administrator account: Administrator.3.2.1.4 Accounts: Rename Administrator AccountDAccounts: Rename administrator account Table: 5.4 Value: not definedRenameAdministratoroval:gov.nist.fdcc.xp:def:6022 CCE-3025-47The built-in Guest account should be correctly named. CCE-834Guest Account Renamed (CID:31)3Accounts: Rename guest account: &3.2.1.5 Accounts: Rename Guest Account<Accounts: Rename guest account Table: 5.5 Value: not defined RenameGuestoval:gov.nist.fdcc.xp:def:6023 CCE-3157-5ZThe amount of idle time required before disconnecting a session should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect (2) defined by Local or Group Policy CCE-2228Amount of idle time before disconnecting value (CID:213)PMicrosoft network server: Amount of idle time required before suspending session\3.2.1.35 Microsoft Network Server: Amount of Idle Time Required Before Disconnecting SessionkMicrosoft network server:Amount of idle timerequired before suspendingsession Table: 5.39 Value: 15 minutesSessionTimeoutoval:gov.nist.1:def:83session_timeoutoval:gov.nist.fdcc.xp:def:83 CCE-3162-5QThe "Audit the access of global system objects" policy should be set correctly. t(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects (2) defined by Local or Group Policy CCE-2=Audit: Audit the access of global system objects: Not Defined83.2.1.6 Audit: Audit the access of global system objectsKAudit: Audit the access of global system objects Table: 5.6 Value: disabledAuditAccessToGlobalObjectsoval:gov.nist.1:def:45oval:gov.nist.fdcc.xp:def:45 CCE-2955-3UThe "Audit the use of backup and restore privilege" policy should be set correctly. y(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing (2) defined by Local or Group Policy CCE-905AAudit: Audit the use of Backup and Restore privilege: Not Defined<3.2.1.7 Audit: Audit the use of backup and restore privilegeOAudit: Audit the use of backup and restore privilege Table: 5.7 Value: disabled&AuditBackupAndRestorePrivilegeDisabledoval:gov.nist.1:def:52AuditBackupAndRestorePrivilegeoval:gov.nist.fdcc.xp:def:52 CCE-2891-0UThe "Disable CTRL+ALT+Delete Requirement for Logon" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD (2) defined by Local or Group Policy CCE-1338Interactive logon: Do not require CTRL+ALT+DEL: Disabled73.2.1.25 Interactive Logon: Do not require CTRL+ALT+DELHInteractive logon: Do notrequire CTRL+ALT+DEL Table: 5.28 Value: diabledRequireCTRL_ALT_DELoval:gov.nist.1:def:69oval:gov.nist.fdcc.xp:def:69 CCE-2926-4HThe "LAN Manager Authentication Level" policy should be set correctly. (1) authentication levelx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LMCompatibilityLevel (2) defined by Local or Group Policy CCE-719LMCompatibility Value (CID:123)nNetwork security: LAN Manager authentication level: Send LM & NTLM - use NTLMv2 session security if negotiated;3.2.1.47 Network Security: LAN Manager Authentication LevelNetwork security: LANManager authenticationlevel Table: 5.55 Value: Send NTLMv2responseonly\refuse LM& NTLM or Send NTLMv2 response only\refuse LMGLANManagerAuthenticationRefuseLM, LANManagerAuthenticationRefuseLM_NTLM.oval:gov.nist.1:def:97, oval:gov.nist.1:def:96+LANManagerAuthenticationLevel-RefuseLM_NTLMoval:gov.nist.fdcc.xp:def:96 CCE-2789-6UThe "Prevent Users from Installing Printer Drivers" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers (2) defined by Local or Group Policy CCE-402(Print Driver Installation value (CID:99)?Devices: Prevent users from installing printer drivers: Enabled?3.2.1.11 Devices: Prevent users from installing printer drivers\Devices: Prevent users from installing priter drivers Table: 5.13 Valu< e: enabled or disabled(PreventUsersFromInstallingPrinterDriversoval:gov.nist.1:def:56oval:gov.nist.fdcc.xp:def:56 CCE-2935-5^The "Recovery Console: Allow Automatic Administrative Logon" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel (2) defined by Local or Group Policy CCE-410*Recovery Console Autologon value (CID:117)@Recovery console: Allow automatic administrative logon: Disabled?3.2.1.51 Recovery Console: Allow Automatic Administrative LogonPRecovery console: Allowautomatic administrativelogon Table: 5.59 Value: disabledRecoveryConsoleAutoLogonoval:gov.nist.1:def:101oval:gov.nist.fdcc.xp:def:101 CCE-2957-9tThe "Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand (2) defined by Local or Group Policy CCE-76,Recovery Console Full Access Value (CID:119)VRecovery console: Allow floppy copy and access to all drives and all folders: DisabledU3.2.1.52 Recovery Console: Allow Floppy Copy and Access to All Drives and All FoldersfRecovery console: Allowfloppy copy and access toall drives and all folders Table: 5.60 Value: disabledRecoveryConsoleFullSystemAccessoval:gov.nist.1:def:102oval:gov.nist.fdcc.xp:def:102 CCE-2974-4]The "Restrict CD-ROM Access to Locally Logged-On User Only" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms (2) defined by Local or Group Policy CCE-565GDevices: Restrict CD-ROM access to locally logged-on user only: EnabledG3.2.1.12 Devices: Restrict CD-ROM Access to Locally Logged-On User OnlyZDevices: Restrict CD-ROM access to locally logged-on user only Table: 5.14 Value: disabledRestrictCDROMAccessoval:gov.nist.fdcc.xp:def:58 CCE-2873-8]The "Restrict Floppy Access to Locally Logged-On User Only" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies (2) defined by Local or Group Policy CCE-463Floppy Allocation (CID:89)GDevices: Restrict floppy access to locally logged-on user only: EnabledG3.2.1.13 Devices: Restrict Floppy Access to Locally Logged-On User OnlyZDevices: Restrict floppy access to locally logged-on user only Table: 5.15 Value: disabledRestrictFloppyAccessDisabledoval:gov.nist.1:def:59RestrictFloppyAccessoval:gov.nist.fdcc.xp:def:59 CCE-3005-6_The "Strengthen Default Permissions of Global System Objects" policy should be set correctly. ~(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode (2) defined by Local or Group Policy CCE-508+Strength permissions on GSO value (CID:204)hSystem objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links): EnabledR3.2.1.58 System objects: Strengthen default permissions of internal system objectswSystem objects: Strengthendefault permissions ofinternal system objects(e.g. Symbolic Links) Table: 5.67 Value: enabled InternalSystemObjectsPermissionsoval:gov.nist.1:def:109oval:gov.nist.fdcc.xp:def:109 CCE-3151-8jThe "Secure Channel: Require Strong (Windows 2000 or later) Session Key" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey (2) defined by Local or Group Policy CCE-417QDomain member: Require strong (Windows 2000 or later) session key value (CID:770)JDomain member: Require strong (Windows 2000 or later) session key: EnabledJ3.2.1.23 Domain Member: Require Strong (Windows 2000 or later) Session KeyZDomain member: Requirestrong (Windows 2000 orlater) session key Table: 5.25 Value: enabledRequireStrongSessionKeyoval:gov.nist.1:def:66require_strong_session_keyoval:gov.nist.fdcc.xp:def:66 CCE-3049-4gThe "Send Unencrypted Password to Connect to Third-Party SMB Servers" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword (2) defined by Local or Group Policy CCE-228:Send unencrypted password to 3rd party SMB value (CID:207)NMicrosoft network client: Send unencrypted password to third-party SMB serversa3.2.1.34 Microsoft Network Client: Send Unencrypted Password to Connect to Third-Party SMB ServergMicrosoft network client:Send unencryptedpassword to third-partySMB servers Table: 5.38 Value: disabledUnencryptedSMBPasswordsoval:gov.nist.1:def:82unencrypted_smb_passwordsoval:gov.nist.fdcc.xp:def:82 CCE-3085-8MThe "Unsigned Driver Installation Behavior" policy should be set correctly. (1) behaviorg(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Driver Signing\Policy (2) defined by Local or Group Policy CCE-413(Unsigned Driver Behavior Value (CID:127)KDevices: Unsigned driver installation behavior: Warn but allow installation73.2.1.14 Devices: Unsigned Driver Installation Behavior]Devices: Unsigned driver installation behavior Table: 5.16 Value: warn but allow isntallation!UnsignedDriverInstallationWarningoval:gov.nist.1:def:60"UnsignedDriverInstallationBehavioroval:gov.nist.fdcc.xp:def:60 CCE-2701-1ZThe "Users Prompted to Change Password Before Expiration" policy should be set correctly. &(1) number of days prior to expiration(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning (2) defined by Local or Group Policy CCE-814#Password Expiration value (CID:199)LInteractive logon: Prompt user to change password before expiration: 14 daysL3.2.1.29 Interactive Logon: Prompt User to Change Password Before Expiration\Interactive logon: Promptuser to change passwordbefore expiration Table: 5.32 Value: 14 daysPasswordExpirationPromptoval:gov.nist.1:def:74password_expiration_promptoval:gov.nist.fdcc.xp:def:74 CCE-2851-4eThe "Shut Down system immediately if unable to log security audits" policy should be set correctly. t(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail (2) defined by Local or Group Policy CCE-92#Crash on audit fail Value (CID:121)NAudit: Shut down system immediately if unable to log security audits: DisabledL3.2.1.8 Audit: Shut Down system immediately if unable to log security alertsbAudit: Shut down system immediately if unable to log security audits Table: 5.8 Value: not defined#ShutDownIfUnableToLogSecurityAuditsoval:gov.nist.fdcc.xp:def:6027 CCE-2983-5]The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon (2) defined by Local or Group Policy CCE-224%Shutdown before logon Check (CID:217)HShutdown: Allow system to be shut down without having to log on: EnabledH3.2.1.53 Shutdown: Allow System to be Shut Down Without Having to Log OnYShutdown: Allow system tobe shut down withouthaving to log on Table: 5.61 Value: disabledShutdownWithoutLogonoval:gov.nist.1:def:103shutdown_without_logonoval:gov.nist.fdcc.xp:def:103 CCE-3128-6QThe "Clear Virtual Memory Pagefile at shutdown" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown (2) defined by Local or Group Policy CCE-422Clear Pagefile value (CID:101)1Shutdown: Clear virtual memory pagefile: Disabled03.2.1.54 Shutdown: Clear Virtual Memory PagefileAShutdown: Clear virtualmemory pagefile Table: 5.62 Value: enabledClearPagefileOnShutdownoval:gov.nist.1:def:104oval:gov.nist.fdcc.xp:def:104 CCE-3027-0TThe "Digitally Sign Client Communication (Always)" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature (2) defined by Local or Group Policy CCE-576@Microsoft network client: Digitally s< ign communications (always)I3.2.1.32 Microsoft Network Client: Digitally sign communications (always)YMicrosoft network client:Digitally signcommunications (always) Table: 5.36 Value: enabledClientAlwaysSignCommunicationsoval:gov.nist.1:def:79!client_always_sign_communicationsoval:gov.nist.fdcc.xp:def:79 CCE-2802-7[The "Digitally Sign Client Communication (When Possible)" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature (2) defined by Local or Group Policy CCE-519)Enable Security Signature Value (CID:113)JMicrosoft network client: Digitally sign communications (if server agrees)S3.2.1.33 Microsoft Network Client: Digitally sign communications (if server agrees)bMicrosoft network client:Digitally signcommunications (if serveragrees) Table: 5.37 Value: enabled SignCommunicationsIfServerAgreesoval:gov.nist.1:def:81oval:gov.nist.fdcc.xp:def:81 CCE-3053-6TThe "Digitally Sign Server Communication (Always)" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature (2) defined by Local or Group Policy CCE-171@Microsoft network server: Digitally sign communications (always)I3.2.1.36 Microsoft Network Server: Digitally sign communications (always)YMicrosoft network server:Digitally signcommunications (always) Table: 5.40 Value: enabledServerAlwaysSignCommunicationsoval:gov.nist.1:def:84!server_always_sign_communicationsoval:gov.nist.fdcc.xp:def:84 CCE-2688-0[The "Digitally Sign Server Communication (When Possible)" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature (2) defined by Local or Group Policy CCE-104SMicrosoft network server: Digitally sign communications (if client agrees): EnabledS3.2.1.37 Microsoft Network Server: Digitally sign communications (if client agrees)bMicrosoft network server:Digitally signcommunications (if clientagrees) Table: 5.41 Value: enabled SignCommunicationsIfClientAgreesoval:gov.nist.1:def:85oval:gov.nist.fdcc.xp:def:85 CCE-3106-2JThe "Number of Previous Logons to Cache" policy should be set correctly. (1) number of logons(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount (2) defined by Local or Group Policy CCE-773Logon Caching value (CID:91)lInteractive logon: Number of previous logons to cache (in case domain controller is not available): 0 logons>3.2.1.28 Interactive Logon: Number of Previous Logons to CacheInteractive logon: Numberof previous logons to cache(in case domain controlleris not available) Table: 5.31 Value: 0 logons or 2 logonsPreviousLogonsCachedoval:gov.nist.1:def:72previous_logons_cachedoval:gov.nist.fdcc.xp:def:72 CCE-3111-2XThe "Allowed to Format and Eject Removable NTFS Media" policy should be set correctly. (1) Group(s)(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD (2) defined by Local or Group Policy CCE-919$NTFS Media Ejection value (CID:2010)DDevices: Allowed to format and eject removable media: Administrators=3.2.1.10 Devices: Allowed to format and eject removable mediaDevices: Allowed to format and eject removeable media Table: 5.12 Value: Administrators or Administrators and interactive usersiRestrictAccessToFormatAndEjectRemovableMediaAdministrators, RestrictAccessToFormatAndEjectRemovableMedia/oval:gov.nist.1:def:43, oval:gov.nist.1:def:44 CCE-3097-3nThe "Secure Channel: Digitally Encrypt or Sign Secure Channel Data (Always)" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal (2) defined by Local or Group Policy CCE-549FDigitally encrypt or sign secure channel data (always) value (CID:743)RDomain member: Digitally encrypt or sign secure channel data (always): Not DefinedN3.2.1.18 Domain Member: Digitally Encrypt or Sign Secure Channel Data (Always)^Domain member: Digitallyencrypt or sign securechannel data (always) Table: 5.20 Value: enabled'AlwaysDigitallyEncryptSecureChannelDataoval:gov.nist.1:def:61,always_digitally_encrypt_secure_channel_dataoval:gov.nist.fdcc.xp:def:61 CCE-2996-7mThe "Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel (2) defined by Local or Group Policy CCE-161+Sign Secure Channel Traffic Value (CID:109)MDomain member: Digitally encrypt secure channel data (when possible): EnabledM3.2.1.19 Domain Member: Digitally Encrypt Secure Channel Data (When Possible)]Domain member: Digitallyencrypt secure channeldata (when possible) Table: 5.21 Value: enabled-WhenPossibleDigitallyEncryptSecureChannelDataoval:gov.nist.1:def:62oval:gov.nist.fdcc.xp:def:62 CCE-3000-7jThe "Secure Channel: Digitally Sign Secure Channel Data (When Possible)" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel (2) defined by Local or Group Policy CCE-918+Sign Secure Channel Traffic Value (CID:107)JDomain member: Digitally sign secure channel data (when possible): EnabledJ3.2.1.20 Domain Member: Digitally Sign Secure Channel Data (When Possible)ZDomain member: Digitallysign secure channel data(when possible) Table: 5.22 Value: enabled*WhenPossibleDigitallySignSecureChannelDataoval:gov.nist.1:def:63oval:gov.nist.fdcc.xp:def:63 CCE-3133-6CThe "Smart Card Removal Behavior" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption (2) defined by Local or Group Policy CCE-443+Smart Card Removal Behavior Value (CID:125)@Interactive logon: Smart card removal behavior: Lock Workstation73.2.1.31 Interactive Logon: Smart Card Removal BehaviorRInteractive logon: Smart card removal behavior Table: 5.35 Value: lock workstationSmartCardRemovaloval:gov.nist.1:def:78smart_card_removaloval:gov.nist.fdcc.xp:def:78 CCE-2313-5_The "Prevent System Maintenance of Computer Account Password" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange (2) defined by Local or Group Policy CCE-831'Disable password change Value (CID:111)@Domain member: Disable machine account password changes:Disabled@3.2.1.21 Domain Member: Disable Machine Account Password ChangesQDomain member: Disablemachine account passwordchanges Table: 5.23 Value: disabledMachineAccountPasswordChangesoval:gov.nist.1:def:64oval:gov.nist.fdcc.xp:def:64 CCE-3084-1jThe "Use FIPS compliant algorithms for encryption, hashing, and signing" policy should be set correctly. w(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy (2) defined by Local or Group Policy CCE-55LUse FIPS compliant algorithms for encryption, hashing, and signing (CID:804)`System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing: Enabled`3.2.1.55 System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signingnSystem cryptography: UseFIPS compliant algorithmsfor encryption, hashing,and signing Table: 5.64 Value enabledFIPSCompliantEncryptionoval:gov.nist.1:def:105oval:gov.nist.fdcc.xp:def:105 CCE-2842-3pThe "Default owner for objects created by members of the Administrators group" policy should be set correctly. w(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner (2) defined by Local or Group Policy CCE-575RDefault owner for objects created by members of the Administrators group (CID:807)hSystem objects: Default owner for objects created by members of the Administrators group: Object Creatora3.2.1.56 System objects: Default owner for objects created by members of the Administrators< groupwSystem objects: Defaultowner for objects createdby members of theAdministrators group Table: 5.65 Value: Object creator%AdministratorsGroupObjectCreatorOwneroval:gov.nist.1:def:106oval:gov.nist.fdcc.xp:def:106 CCE-2987-6]The "Require Case Insensitivity for Non-Windows Sybsystems" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive (2) defined by Local or Group Policy CCE-300NSystem Object: Require Case Insensitivity for Non-Windows Subsystems (CID:810)NSystem objects: Require case insensitivity for non-Windows subsystems: EnabledN3.2.1.57 System objects: Require case insensitivity for non-Windows subsystems_System objects: Requirecase insensitivity for non-Windows subsystems Table: 5.66 Value: enabledRequireCaseInsensitivityoval:gov.nist.1:def:107oval:gov.nist.fdcc.xp:def:107 CCE-2344-0iThe "Limit local account user of blank passwords to console logon only" policy should be set correctly. y(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse (2) defined by Local or Group Policy CCE-533%Limit Blank Passwords value (CID:764)TAccounts: Limit local account user of blank passwords to console logon only: EnabledR3.2.1.3 Accounts: Limit local account use of blank passwords to console logon onlydAccounts: Limit local account use of blank passwords to console logon only Table: 5.3 Value: enabledLimitBlankPasswordUseoval:gov.nist.1:def:42LimitBlankPasswordoval:gov.nist.fdcc.xp:def:42 CCE-3009-8LThe "Allow undock without having to logon" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon (2) defined by Local or Group Policy CCE-1868Devices: Allow undock without having to log on: Disabled63.2.1.9 Devices: Allow undock without having to log onIDevices: Allow undock without having to logon Table: 5.11 Value: disabledAllowUndockWithoutLoginDisabledoval:gov.nist.1:def:53AllowUndockWithoutLoginoval:gov.nist.fdcc.xp:def:53 CCE-2551-0HThe "LDAP server signing requirements" policy should be set correctly. '(1) defined by Local or Group Policy CCE-710@Domain controller: LDAP server signing requirements: Not Defined<3.2.1.16 Domain Controller: LDAP Server Signing RequirementsQDomain controller: LDAP server signin requirements Table: 5.18 Value: not definedLDAPServerSigningRequirements oval:gov.nist.fdcc.xp:def:608241 CCE-2991-8HThe "LDAP client signing requirements" policy should be set correctly. y(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity (2) defined by Local or Group Policy CCE-732*LDAP client signing requirements (CID:795)2Network security: LDAP client signing requirements;3.2.1.48 Network Security: LDAP client signing requirementsVNetwork security: LDAPclient signing requirements Table: 5.56 Value: Negotiate signingLDAPClientSigningRequirementsoval:gov.nist.1:def:98oval:gov.nist.fdcc.xp:def:98 CCE-3123-7NThe "Refuse machine account password change" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange (2) defined by Local or Group PolicyCCE-490GDomain controller: Refuse machine account password changes: Not Defined`3.2.1.19(note: different enumeration) Domain Controller: Refuse machine account password changesYDomain controller: Refuse machine account password changes Table: 5.19 Value: not defined#RefuseMachineAccountPasswordChanges oval:gov.nist.fdcc.xp:def:608242 CCE-3018-9LThe "Maximum machine account password age" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge (2) defined by Local or Group Policy CCE-194>Accounts: Maximum machine account password age value (CID:767);Domain member: Maximum machine account password age: 7 Days<3.2.1.22 Domain Member: Maximum Machine Account Password AgeKDomain member: Maximummachine account passwordage Table: 5.24 Value:30 days MaximumMachineAccountPasswordAgeoval:gov.nist.1:def:65$maximum_machine_account_password_ageoval:gov.nist.fdcc.xp:def:65 CCE-3172-4fThe "Require Domain Controller authentication to unlock workstation" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon (2) defined by Local or Group Policy CCE-374FDomain Controller Authentication to Unlock Workstation Value (CID:777)ZInteractive logon: Require Domain Controller authentication to unlock workstation: EnabledZ3.2.1.30 Interactive Logon: Require Domain Controller authentication to unlock workstationuInteractive logon: RequireDomain Controllerauthentication to unlockworkstation Table: 5.33 Value: enabled or disabled&DomainControllerAuthenticationRequiredoval:gov.nist.1:def:75)domain_controller_authentication_requiredoval:gov.nist.fdcc.xp:def:75 CCE-2692-2RThe "Disconnect clients when logon hours expire" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogoff (2) defined by Local or Group Policy CCE-278BAutomatically log off user when logon time expires value (CID:210)MMicrosoft network server: Disconnect clients when logon hours expire: EnabledM3.2.1.38 Microsoft Network Server: Disconnect clients when logon hours expire]Microsoft network server:Disconnect clients whenlogon hours expire Table: 5.42 Value: enabledLogonTimeExpirationoval:gov.nist.1:def:86oval:gov.nist.fdcc.xp:def:86 CCE-3088-2]The "Do not allow storage of credentials or .NET Passports" policy should be set correctly. v(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds (2) defined by Local or Group Policy CCE-542`Do not allow storage of credentials or .NET Passports for network authentication value (CID:780)NNetwork access: Do not allow storage of credentials or .NET Passports: Enabledi3.2.1.39 Network Access: Do not allow storage of credentials or .NET passports for network authenticationxNetwork access: Do notallow storage of credentialsor .NET Passports fornetwork authentication Table: 5.46 Value: enabledCredentialsStorageoval:gov.nist.1:def:89oval:gov.nist.fdcc.xp:def:89 CCE-3110-4YThe "Let Everyone permissions apply to anonymous users" policy should be set correctly. }(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous (2) defined by Local or Group Policy CCE-18ALet Everyone permissions apply to anonymous users Value (CID:783)KNetwork access: Let Everyone permissions apply to anonymous users: DisabledJ3.2.1.40 Network Access: Let Everyone permissions apply to anonymous users[Network access: LetEveryone permissionsapply to anonymous users Table: 5.47 Value: disabledAnonymousUsersPermissionsoval:gov.nist.1:def:90oval:gov.nist.fdcc.xp:def:90 CCE-3150-0TThe "Named Pipes that can be accessed anonymously" policy should be set correctly. (1) list of named pipes(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes (2) defined by Local or Group Policy CCE-136INetwork access: Named Pipes that can be accessed anonymously: Not DefinedE3.2.1.41 Network Access: Named pipes that can be accessed anonymouslyxNetwork access: NamedPipes that can be accessedanonymously Table: 5.48 Value: COMNAPCOMNODESQL\QUERYSPOOLSSLLSRPCbrowserAnonymouslyAccessedNamedPipesoval:gov.nist.1:def:91oval:gov.nist.fdcc.xp:def:91 CCE-3155-9JThe "Remotely accessible registry paths" policy should be set correctly. (1) set of paths(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPathsHKLM (2) defined by Local or Group Policy CCE-189dNetwork access: Remotely accessible registry paths: Classic - local users authenticate as themselves;3.2.1.42 Network Access: Remotely accessible registry paths9Network access: Remote< lyaccessible registry paths Table: 5.49 Value: System\CurrentControlSet\Control\ProductOptions, System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Control\Server Applications, System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server, Software\Microsoft\Windows NT\CurrentVersion,System\CurrentControlSet\Control\ContentIndex, System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig, System\CurrentControlSet\Control\TerminalServer\DefaultUserConfigurationRemotelyAccessibleRegistryPathsoval:gov.nist.1:def:92oval:gov.nist.fdcc.xp:def:92 CCE-3036-1OThe "Shares that can be accessed anonymously" policy should be set correctly. (1) set of shares(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares (2) defined by Local or Group Policy CCE-942DNetwork access: Shares that can be accessed anonymously: Not Defined@3.2.1.43 Network Access: Shares that can be accessed anonymouslySNetwork access: Sharesthat can be accessedanonymously Table: 5.51 Value: COMCFGDFS$AnonymouslyAccessedSharesoval:gov.nist.1:def:93oval:gov.nist.fdcc.xp:def:93 CCE-3058-5UThe "Sharing and security model for local accounts" policy should be set correctly. (1) Classic/Guest onlyn(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest (2) defined by Local or Group Policy CCE-343=Sharing and security model for local accounts Value (CID:786)oNetwork access: Sharing and security model for local accounts: Classic - local users authenticate as themselvesF3.2.1.44 Network Access: Sharing and security model for local accountsNetwork access: Sharingand security model for localaccounts Table: 5.52 Value: Classic - local users authenticate as themselvesLocalAccountsSecurityModeloval:gov.nist.1:def:94oval:gov.nist.fdcc.xp:def:94 CCE-2993-4cThe "Do not store LAN Manager hash value on next password change" policy should be set correctly. l(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash (2) defined by Local or Group Policy CCE-233EDo not store LAN Manager hash value on next password change (CID:789)VNetwork security: Do not store LAN Manager hash value on next password change: Enabled_3.2.1.45 Network Security: Do not store LAN Manager password hash value on next password changefNetwork security: Do notstore LAN Manager hashvalue on next passwordchange Table: 5.53 Value: enabled`LANManagerHashStorageoval:gov.nist.1:def:95oval:gov.nist.fdcc.xp:def:95 CCE-3139-3LThe "Force logoff when logon hours expire" policy should be set correctly. CCE-775Logon Time Enforcement (CID:46)?Network security: Force logoff when logon hours expire: Enabled?3.2.1.46 Network Security: Force logoff when logon hours expireONetwork security: Forcelogoff when logon hoursexpire Table: 5.54 Value: enabled ForceLogoffoval:gov.nist.1:def:244oval:gov.nist.fdcc.xp:def:244 CCE-3156-7[The "Minimum session security for NTLM SSP based clients" policy should be set correctly. {(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec (2) defined by Local or Group Policy CCE-674=Minimum session security for NTLM SSP based clients (CID:798)Network security: Minimum session security for NTLM SSP based (including secure RPC) clients: Require NTLMv2 session security, Require 128-bit encryptione3.2.1.49 Network Security: Minimum session security for NTLM SSP based (including secure RPC) clientsNetwork security: Minimumsession security for NTLMSSP based (includingsecure RPC) clients Table: 5.57 Value: Require message integrityRequire message confidentialityRequire NTLMv2 session securityRequire 128-bit encryption$NTLM_SSP_BasedClientsSessionSecurityoval:gov.nist.1:def:99&ntlm_ssp_based_client_session_securityoval:gov.nist.fdcc.xp:def:99 CCE-2799-5[The "Minimum session security for NTLM SSP based servers" policy should be set correctly. {(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec (2) defined by Local or Group Policy CCE-766=Minimum session security for NTLM SSP based servers (CID:801)Network security: Minimum session security for NTLM SSP based (including secure RPC) servers: Require NTLMv2 session security, Require 128-bit encryptione3.2.1.50 Network Security: Minimum session security for NTLM SSP based (including secure RPC) serversNetwork security: Minimumsession security for NTLMSSP based (includingsecure RPC) servers Table: 5.58 Value: Require message integrityRequire message confidentialityRequire NTLMv2 session securityRequire 128-bit encryption$NTLM_SSP_BasedServersSessionSecurityoval:gov.nist.1:def:100'ntlm_ssp_based_servers_session_securityoval:gov.nist.fdcc.xp:def:100 CCE-2795-3.Local volumes should be formatted correctly. (1) type of formatting(1) Disk Management MMC CCE-621Non-NTFS Partition (CID:10)KChapter 10: Modifying File System Security Settings with Security Templates34.3.1 Ensure volumes are using the NTFS file system CCE-2980-1WThe "Screen Saver Timeout" setting should be configured correctly for the current user.(1) time in seconds(1) User Configuration\Administrative Templates\Control Panel\Display\Screen Saver Timeout (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut (3) HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeOut CCE-830)Current user screensaver timeout (CID:74)oval:gov.nist.1:def:123Screen-Saver-timeoutoval:gov.nist.fdcc.xp:def:6708 CCE-3099-9_The "Screen Saver Executable Name" setting should be configured correctly for the default user.*(1) filename of the screensaver executable:(1) HKEY_USER\.DEFAULT\Control Panel\Desktop\SCRNSAVE.EXE CCE-623"Default user scrnsave.exe (CID:67) CCE-2764-9WThe "Screen Saver Timeout" setting should be configured correctly for the default user.@(1) HKEY_USER\.DEFAULT\Control Panel\Desktop\ScreenSaveTimeOut CCE-517-Default user screensaver timeout (CID:68, 71) CCE-3161-7dThe "Password protect the screen saver" setting should be configured correctly for the default user.B(1) HKEY_USER\.DEFAULT\Control Panel\Desktop\ScreenSaverIsSecure CCE-433(Default user screensaver secure (CID:69) CCE-2901-7UThe screen saver should be enabled or disabled as appropriate for the default user. ?(1) HKEY_USER\.DEFAULT\Control Panel\Desktop\ScreenSaveActive CCE-103(Default user screensaver active (CID:70) CCE-3170-8_The "Screen Saver Executable Name" setting should be configured correctly for the current user.(1) User Configuration\Administrative Templates\Control Panel\Display\Screen Saver Executable Name (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE (3) HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE CCE-54"Current user scrnsave.exe (CID:76) CCE-3064-3"DEPRECATED in favor of CCE-2980-1.CCE-221 CCE-2526-2"DEPRECATED in favor of CCE-4500-5.CCE-235 CCE-2174-1UThe screen saver should be enabled or disabled as appropriate for the current user. (1) User Configuration\Administrative Templates\Control Panel\Display\Screen Saver (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverActive (3) HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive CCE-287(Current user screensaver active (CID:73) CCE-2552-8OThe "Always Install with Elevated Privileges" policy should be set correctly. \(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated CCE-7361Always Install with Elevated Privileges (CID:888) CCE-2830-8>The "Set Safe for Scripting" policy should be set correctly. X(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\SafeForScripting\ CCE-261BDisable IE Security Prompt for Windows Installer Scripts (CID:891)4Disable-IE-security-prompt-Windows-Installer-scriptsoval:gov.nist.fdcc.xp:def:6120 CCE-3094-0IThe "Enable User Control Over Installs" policy should be set correctly. X(1) HKEY_< LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\EnableUserControl CCE-415+Enable User Control Over Installs (CID:894)!Enable-User-Control-over-installsoval:gov.nist.fdcc.xp:def:6121 CCE-3011-4VThe "Enable User to Use Media Source While Elevated" policy should be set correctly. Y(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AllowLockDownMedia CCE-1078Enable User to Use Media Source While Elevated (CID:900) CCE-3020-5eThe "Allow Administrator to Install from Terminal Services Session" policy should be set correctly. Z(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\EnableAdminTSRemote CCE-256?Allow Admin to Install from Terminal Services Session (CID:906) CCE-2293-9NThe "Enable User to Patch Elevated Products" policy should be set correctly. Y(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AllowLockDownPatch CCE-6620Enable User to Patch Elevated Products (CID:903) CCE-3068-4KThe "Cache Transforms in Secure Location" policy should be set correctly. V(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\TransformSecure CCE-424<Cache Transforms in Secure Location on Workstation (CID:908) CCE-2826-6RThe "Disable Media Player for automatic updates" policy should be set correctly. Y(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\DisableAutoupdate CCE-4557Disable Media Player for XP automatic Updates (CID:912)prevent_automatic_updates#oval:gov.nist.fdcc.xp:def:612261222 CCE-3117-9VThe "Prevent Codec Download" policy should be set correctly for Windows MediaPlayer. [(1) HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\PreventCodecDownload CCE-124951 - Prevent Codec Download CCE-2684-9PThe "Do Not Allow Windows Messenger to be Run" policy should be set correctly. P(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventRun CCE-8022Do Not Allow Windows Messenger to be Run (CID:915) CCE-2455-4TThe "Do Not Automatically Start Windows Messenger" policy should be set correctly. T(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventAutoRun CCE-309<918 - Do Not Automatically Start Windows Messenger Initially6do_not_automatically_start_windows_messenger_initially#oval:gov.nist.fdcc.xp:def:612261224 CCE-2711-0WThe "Prohibit New Task Creation" policy should be set correctly for the Task Scheduler.\(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Task Scheduler5.0\Task Creation CCE-578$Prohibit New Task Creation (CID:843) CCE-2354-9_The "Limit Users to One Remote Session" policy should be set correctly for Terminal Services. h(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fSingleSessionPerUser CCE-507+Limit Users to One Remote Session (CID:849)!Limit users to one remote session CCE-3129-4WThe "Limit Number of Connections" policy should be set correctly for Terminal Services.)(1) Maximum number of connections allowedc(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxInstanceCount CCE-80%Limit Number of Connections (CID:852)Limit number of connections CCE-3028-8_The "Do Not Allow New Client Connections" policy should be set correctly for Terminal Services.e(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections CCE-401-Do Not Allow New Client Connections (CID:855)#Do not allow new client connections CCE-2407-5vThe "Do Not Allow Local Administrators to Customize Permissions" policy should be set correctly for Terminal Services.g(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fWritableTSCCPermTab CCE-8248Do Not Allow Local Administrators to Customize (CID:858)9Do not allow local administrator to customize permissions CCE-2808-4SThe "Remote Control Settings" policy should be set correctly for Terminal Services.Y(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\Shadow CCE-190!Remote Control Settings (CID:861)Remote control settings CCE-2949-6mThe "Always Prompt Client for Password upon Connection" policy should be set correctly for Terminal Services.e(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword CCE-855;Always Prompt Client for Password upon Connection (CID:864)1Always prompt client for password upon connection CCE-3116-1bThe "Set Client connection Encryption Level" policy should be set correctly for Terminal Services.(1) encryption leveld(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel CCE-397*Set Client Connection Encryption (CID:867)&Set client connection encryption level&set-client-connection-encryption-leveloval:gov.nist.fdcc.xp:def:6600 CCE-2997-5_The "Do not Use Temp folders per Session" policy should be set correctly for Terminal Services.c(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\PerSessionTempDir CCE-670-Do Not Use Temp Folders per Session (CID:870)#Do not use temp folders per session CCE-2892-8]The "Do not Delete Temp folder on exit" policy should be set correctly for Terminal Services.f(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DeleteTempDirsOnExit CCE-961-Do Not Delete Temp Folder upon Exit (CID:873)#Do not delete temp folder upon exit CCE-2961-1dThe "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services.(1) Time Limit (minutes)f(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime CCE-9202Set Time Limit for Disconnected Sessions (CID:876)(Set time limit for disconnected sessions'set-timelimit-for-disconnected-sessionsoval:gov.nist.fdcc.xp:def:6726 CCE-3124-5\The "Set time limit for idle sessions" policy should be set correctly for Terminal Services.(1) Time limit (minutes)](1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime CCE-123*Set Time Limit for Idle Sessions (CID:879) Set time limit for idle sessions;set-timelimit-for-active-but-idle-TerminalServices-sessionsoval:gov.nist.fdcc.xp:def:6725 CCE-2210-3hThe "Allow Reconnection from Original Client Only" policy should be set correctly for Terminal Services.a(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fReconnectSame CCE-5246Allow Reconnection from Original Client Only (CID:882),Allow reconnection from original client only CCE-2959-5jThe "Terminate session when time limits are reached" policy should be set correctly for Terminal Services.^(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fResetBroken CCE-5688Terminate Session When Time Limits are Reached (CID:885).Terminate session when time limits are reached CCE-3109-6VThe "Enable Keep-Alive Messages" policy should be set correctly for Terminal Services.b(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\KeepAliveEnable CCE-705Keep-Alive Messages (CID:846) CCE-3007-2]The "Allow Solicited Remote Assistance" policy should be set correctly for Terminal Services.b(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp CCE-859%Solicited Remote Assistance (CID:933)solicited_remote_assistanceoval:gov.nist.fdcc.xp:def:6564 CCE-3012-2_The "Allow Unsolicited Remote Assistance" policy should be set correctly for Terminal Services.c(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited CCE-434'Unsolicited Remote Assistance (CID:936)offer_remote_assistanceoval:gov.nist.fdcc.xp:def:6563 CCE-3038-7>The "Enable Error Reporting" policy should be set correctly. V(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\ErrorReporting\DoReport CCE-592Report Errors < (CID:939) turn_off_windows_error_reportingoval:gov.nist.fdcc.xp:def:6683 CCE-3188-0GThe "Enforce user logon restrictions" policy should be set correctly. CCE-227)Enforce user logon restrictions (Enabled)(kerberos_enforce_user_logon_restrictions oval:gov.nist.fdcc.xp:def:987651 CCE-2708-6HThe "Maximum Service Ticket Litfetime" policy should be set correctly. CCE-61Maximum lifetime for service ticket (600 minutes)(kerberos_maximum_lifetime_service_ticket oval:gov.nist.fdcc.xp:def:987652 CCE-2803-5DThe "Maximum User Ticket Lifetime" policy should be set correctly. (1) number of hoursCCE-37+Maximum lifetime for user ticket (10 hours)%kerberos_maximum_lifetime_user_ticket oval:gov.nist.fdcc.xp:def:987653 CCE-3063-5EThe "Maximum User Renewal Lifetime" policy should be set correctly. CCE-331Maximum lifetime for user ticket renewal (7 days)-kerberos_maximum_lifetime_user_ticket_renewal oval:gov.nist.fdcc.xp:def:987654 CCE-3208-6\The "Maximum tolerance for computer clock synchronization" policy should be set correctly. CCE-588@Maximum tolerance for computer clock synchronization (5 minutes)9kerberos_maximum_tolerance_computer_clock_synchronization oval:gov.nist.fdcc.xp:def:987655 CCE-3107-0RThe "Create global objects" user right should be assigned to the correct accounts.CCE-3834Create global objects Table: 4.12 Value: not definedHCreate-Global-Objects_Administrators-SERVICE-LocalService-NetworkServiceoval:gov.nist.fdcc.xp:def:6626 CCE-2737-5gThe "Impersonate a client after authentication" user right should be assigned to the correct accounts.CCE-304HImpersonate a client after authentication Table: 4.23 Value: not defined;ImpersonateClientAfterAuthentication-SERVICE_Administratorsoval:gov.nist.fdcc.xp:def:6640 CCE-3010-6The "DCOM: Machine access Restrictions in Security Descriptor Definition Language (SDDL) syntax" setting should be configured correctly.CCE-458LDCOM: Machine access of the global system objects Table: 5.9 Value: disabledMachineAccessRestrictions oval:gov.nist.fdcc.xp:def:608243 CCE-2662-5The "DCOM: Machine Launch Restrictions in the Security Descriptor Definition Language (SDDL) syntax" security option should be set correctly.CCE-740}DCOM: Machine Launch Restrictions in the Security Descriptor Definition Language (SDDL) syntax Table: 5.10 Value: not definedMachineLaunchRestrictions oval:gov.nist.fdcc.xp:def:608244 CCE-2917-3aThe "Display user information when the session is locked" setting should be configured correctly.CCE-22eInteractive logon: Display user information when the session is locked Table: 5.26 Value: not defined CCE-3186-4RThe "Interactive logon: Requre smart card" setting should be configured correctly.P(1) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\SCForceOptionCCE-828CInteractive logon: Requre smart card Table: 5.34 Value: not definedRequireSmartCardoval:gov.nist.fdcc.xp:def:6082 CCE-2834-0qThe "Network access: Restrict anonymous access to named pipes and shares" setting should be configured correctly.CCE-638bNetwork access: Restrict anonymous access to named pipes and shares Table: 5.50 Value: not defined CCE-2992-6The "System cryptography: Force strong key protection for user keys stored on the computer" setting should be configured correctly.CCE-647tSystem cryptography: Force strong key protection for user keys stored on the computer Table: 5.63 Value: not defined CCE-2705-2.DEPRECATED in favor of CCE-5407-2, CCE-5441-1.CCE-48 CCE-2723-5the "System settings: Use Certificate Rules on Windows Executables for Software Restriction Polices" setting should be configured correctly.CCE-572}System settings: Use Certificate Rules on Windows Executables for Software Restriction Polices Table: 5.69 Value: not defined CCE-2213-7nMSS:(TCPMaxConnectResponseRetransmission) SYN-ACK retansmissions when a connection request is not acknowledged(1) number of secondsn(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissionsCCE-577MSS:(TCPMaxConnectResponseRetransmission) SYN-ACK retansmissions when a connection request is not acknowledged Table: 5.87 Value: 3 and 6 sec, half open connections dropped after 21 secTCPConnectionResponsesoval:gov.nist.1:def:125oval:gov.nist.fdcc.xp:def:125 CCE-2239-2SMSS:(TCPMaxDataRetransmissions) How many times unacknowledged data is retransmittedc(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissionsCCE-872hMSS:(TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted Table: 5.88 Value: 3TCPMaxDataRetransmissionsoval:gov.nist.1:def:126oval:gov.nist.fdcc.xp:def:126 CCE-2690-6XMembership in the Backup Operators group should be assigned to the appropriate accounts.(1) list of accountsCCE-506'Backup Operators Table: 7.1 Value: noneBackupOperatorsoval:gov.nist.1:def:206 CCE-2862-1SMembership in the Power Users group should be assigned to the appropriate accounts.CCE-990"Power Users Table: 7.2 Value: none PowerUsersoval:gov.nist.1:def:207 CCE-3136-9\Membership in the Remote Desktop Users group should be assigned to the appropriate accounts.CCE-250+Remote Desktop Users Table: 7.3 Value: noneRemoteDesktopUsersoval:gov.nist.1:def:208 CCE-3171-6SThe Application Layer Gateway Service should be enabled or disabled as appropriate.CCE-43?Application Layer Gateway Service Table: 8.2 Value: not defined CCE-3047-8PThe Application Management service should be enabled or disabled as appropriate.CCE-1674Application Management Table: 8.3 Value: not defined CCE-3113-8PThe Cryptographic Services service should be enabled or disabled as appropriate.CCE-5855Cryptographic Services Table: 8.10 Value: not defined CCE-2756-5EThe DHCP Client service should be enabled or disabled as appropriate.CCE-484*DHCP Client Table: 8.11 Value: not defined CCE-3153-4ZThe Distributed Link Tracking Client service should be enabled or disabled as appropriate.CCE-651?Distributed Link Tracking Client Table: 8.12 Value: not defined CCE-3184-9]The Distributed Transaction Coordinator service should be enabled or disabled as appropriate.CCE-303BDistributed Transaction Coordinator Table: 8.13 Value: not defined CCE-2985-0iThe startup type of the client-side Domain Name Service cache (aka DNS Client) service should be correct.CCE-436)DNS Client Table: 8.14 Value: not defined CCE-3236-7IThe Error Reporting Service should be enabled or disabled as appropriate.CCE-7746Error Reporting Service Table: 8.15 Value: not definedErrorReportingServiceoval:gov.nist.fdcc.xp:def:2111 CCE-3140-1CThe Event Log service should be enabled or disabled as appropriate.CCE-435(Event Log Table: 8.16 Value: not defined CCE-2301-0JThe Help and Support service should be enabled or disabled as appropriate.CCE-950/Help and Support Table: 8.20 Value: not defined CCE-3003-1WThe Human Interface Device Access service should be enabled or disabled as appropriate.CCE-118<Human Interface Device Access Table: 8.21 Value: not defined CCE-2716-9NThe IMAPI CD-Burning COM Service should be enabled or disabled as appropriate.CCE-624;IMAPI CD-Burning COM Service Table: 8.23 Value: not defined CCE-3223-5JThe Infrared Monitor service should be enabled or disabled as appropriate.CCE-453/Infrared Monitor Table: 8.25 Value: not defined CCE-3245-8HThe IPSEC Services service should be enabled or disabled as appropriate.CCE-72-IPSEC Services Table: 8.27 Value: not defined CCE-3294-6NThe Logical Disk Manager service should be enabled or disabled as appropriate.CCE-9883Logical Disk Manager Table: 8.28 Value: not defined CCE-3073-4]The Logical Disk Manager Administrative Service should be enabled or disabled as appropriate.CCE-891JLogical Disk Manager Administrative Service Table: 8.29 Value: not defined CCE-3065-0ZThe MS Software Shadow Copy Provider service shou< ld be enabled or disabled as appropriate.CCE-900?MS Software Shadow Copy Provider Table: 8.31 Value: not defined CCE-2840-7MThe Network Connections service should be enabled or disabled as appropriate.CCE-6712Network Connections Table: 8.34 Value: not defined CCE-3131-0]The Network Dynamic Data Exchange (DDE) service should be enabled or disabled as appropriate.CCE-217BNetwork Dynamic Data Exchange (DDE) Table: 8.35 Value: not defined DDEServiceoval:gov.nist.1:def:245NetworkDDEServiceoval:gov.nist.fdcc.xp:def:245 CCE-3122-9gThe Network DDE DDE Share Database Manager (DSDM) service should be enabled or disabled as appropriate.CCE-768LNetwork DDE DDE Share Database Manager (DSDM) Table: 8.36 Value: not definedDDEdsdmServiceoval:gov.nist.1:def:246NetworkDDEdsdmServiceoval:gov.nist.fdcc.xp:def:246 CCE-3267-2ZThe Network Location Awareness (NLA) service should be enabled or disabled as appropriate.CCE-825@Network Location Awareness (NLA) Table: 8.37 Value: not defined CCE-3056-9QThe startup type of the NTLM Security Support Provider service should be correct.(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtLmSsp\Start (2) defined by the Services Administrative Tool (3) definied by Group PolicyCCE-472>NT LM Security Support Provider Table: 8.38 Value: not defined CCE-3144-3UThe Performance Logs and Alerts service should be enabled or disabled as appropriate.CCE-265:Performance Logs and Alerts Table: 8.39 Value: not defined CCE-3289-6^The Portable Media Serial Number Service service should be enabled or disabled as appropriate.CCE-759CPortable Media Serial Number Service Table: 8.41 Value: not defined CCE-3205-2KThe Protected Storage service should be enabled or disabled as appropriate.CCE-6970Protected Storage Table: 8.43 Value: not defined CCE-3206-0BThe QoS RSVP service should be enabled or disabled as appropriate.CCE-706(QoS RSVP Table: 8.44 Value: not defined CCE-3104-7ZThe Remote Access Connection Manager service should be enabled or disabled as appropriate.CCE-750?Remote Access Connection Manager Table: 8.46 Value: not defined RasManServiceoval:gov.nist.1:def:247oval:gov.nist.fdcc.xp:def:247 CCE-3126-0UThe Remote Procedure Call (RPC) service should be enabled or disabled as appropriate.CCE-993:Remote Procedure Call (RPC) Table: 8.48 Value: not defined CCE-3148-4]The Remote Procedure Call (RPC) Locator service should be enabled or disabled as appropriate.CCE-164BRemote Procedure Call (RPC) Locator Table: 8.49 Value: not defined CCE-2567-6KThe Removable Storage service should be enabled or disabled as appropriate.CCE-7410Removable Storage Table: 8.51 Value: not defined CCE-2823-3IThe Secondary Logon service should be enabled or disabled as appropriate.CCE-172.Secondary Logon Table: 8.53 Value: not defined CCE-3074-2SThe Security Accounts Manager service should be enabled or disabled as appropriate.CCE-6798Security Accounts Manager Table: 8.54 Value: not defined CCE-3219-3@The Server service should be enabled or disabled as appropriate.CCE-102%Server Table: 8.55 Value: not defined CCE-3241-7DThe Smart Card service should be enabled or disabled as appropriate.CCE-98)Smart Card Table: 8.57 Value: not defined CCE-2831-6KThe Smart Card Helper service should be enabled or disabled as appropriate.CCE-10010Smart Card Helper Table: 8.58 Value: not defined CCE-2835-7SThe System Event Notification service should be enabled or disabled as appropriate.CCE-7728System Event Notification Table: 8.63 Value: not defined CCE-2321-8HThe System Restore Service should be enabled or disabled as appropriate.CCE-4505System Restore Service Table: 8.64 Value: not defined CCE-3274-8OThe TCP/IP NetBIOS Helper service should be enabled or disabled as appropriate.CCE-6654TCP/IP NetBIOS Helper Table: 8.66 Value: not defined CCE-2811-8CThe Telephony service should be enabled or disabled as appropriate.CCE-428(Telephony Table: 8.67 Value: not defined CCE-3195-5@The Themes service should be enabled or disabled as appropriate.CCE-956%Themes Table: 8.70 Value: not defined CCE-3221-9VThe Uninterruptable Power Supply service should be enabled or disabled as appropriate.CCE-366;Uninterruptable Power Supply Table: 8.71 Value: not defined CCE-2988-4HThe Upload Manager service should be enabled or disabled as appropriate.CCE-652-Upload Manager Table: 8.72 Value: not defined CCE-3146-8LThe Volume Shadow Copy service should be enabled or disabled as appropriate.CCE-5381Volume Shadow Copy Table: 8.74 Value: not defined CCE-3291-2CThe WebClient service should be enabled or disabled as appropriate.CCE-305(Webclient Table: 8.75 Value: not definedWebClientServiceoval:gov.nist.fdcc.xp:def:2271 CCE-3256-5GThe Windows Audio service should be enabled or disabled as appropriate.CCE-851,Windows Audio Table: 8.76 Value: not defined CCE-2639-3YThe Windows Image Acquisition (WIA) service should be enabled or disabled as appropriate.CCE-234>Windows Image Acquisition (WIA) Table: 8.77 Value: not defined CCE-3159-1KThe Windows Installer service should be enabled or disabled as appropriate.CCE-8900Windows Installer Table: 8.78 Value: not defined CCE-3163-3\The Windows Management Instrumentation service should be enabled or disabled as appropriate.CCE-912AWindows Management Instrumentation Table: 8.79 Value: not defined CCE-3203-7nThe Windows Management Instrumentation Driver Extensions service should be enabled or disabled as appropriate.CCE-815SWindows Management Instrumentation Driver Extensions Table: 8.80 Value: not defined CCE-2599-9FThe Windows Time service should be enabled or disabled as appropriate.CCE-560+Windows Time Table: 8.81 Value: not defined CCE-2494-3UThe Wireless Zero Configuration service should be enabled or disabled as appropriate.CCE-604:Wireless Zero Configuration Table: 8.82 Value: not definedWireless-Zero-Configurationoval:gov.nist.fdcc.xp:def:2881 CCE-3265-6QThe WMI Performance Adapter service should be enabled or disabled as appropriate.CCE-7456WMI Performance Adapter Table: 8.83 Value: not definedWMIPerformanceAdapteroval:gov.nist.fdcc.xp:def:6719 CCE-2397-8EThe Workstation service should be enabled or disabled as appropriate.CCE-296*Workstation Table: 8.84 Value: not defined CCE-2683-1aThe automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate._(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreationCCE-511zMSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames. Table: 5.82 Value: enabledDisable8Dot3NameCreationoval:gov.nist.1:def:119oval:gov.nist.fdcc.xp:def:119 CCE-2956-14RPC Endpiont Mapper Client Authentication (SP2 only)X(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC\EnableAuthEpResolutionCCE-145=5.1.1.1 RPC Endpiont Mapper Client Authentication (SP2 only))rpc_endpoint_mapper_client_authenticationoval:gov.nist.fdcc.xp:def:6566 CCE-3273-07Restrictions for Unauthenticated RPC clients (SP2 only)W(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC\RestrictRemoteClientsCCE-423?5.1.1.2 Restrictions for Unauthenticated RPC clients (SP2 only),Restrictions-for-Unauthenticated-RPC-clientsoval:gov.nist.fdcc.xp:def:6565 CCE-3154-2:Domain Profile: Protect all network connections (SP2 only)|(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewallCCE-80665.2.1.1.1.1 Protect all network connections (SP2 only).protect_all_network_connections_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5000 CCE-3194-82Domain Profile: Do not allow exceptions (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptionsCCE-969.5.2.1.1.1.2 Do not allow exceptions (SP2 onl< y) CCE-2828-2.Domain Profile: Allow local program exceptions(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\AllowUserPrefMergeCCE-502*5.2.1.1.1.3 Allow local program exceptions-allow_local_program_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5003 CCE-2476-0+Domain Profile: Allow remote administration<(1) enabled/disabled (2) subnets for internal support onlyu(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnabledCCE-771'5.2.1.1.1.4 Allow remote administration5allow_remote_administration_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5004 CCE-3247-4CDomain Profile: Allow file and printer sharing exception (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Services\FileAndPrint\EnabledCCE-555?5.2.1.1.1.5 Allow file and printer sharing exception (SP2 only)2allow_file_print_sharing_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5005 CCE-3141-90Domain Profile: Allow ICMP exceptions (SP2 only)CCE-277,5.2.1.1.1.6 Allow ICMP exceptions (SP2 only)#allow_icm_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5006 CCE-3304-39Domain Profile: Allow Remote Desktop exception (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Services\RemoteDesktop\EnabledCCE-83255.2.1.1.1.7 Allow Remote Desktop exception (SP2 only).allow_remote_desktop_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5007 CCE-3176-59Domain Profile: Allow UPnP framework exception (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Services\UPnPFramework\EnabledCCE-59055.2.1.1.1.8 Allow UPnP framework exception (SP2 only).allow_upnp_framework_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5008 CCE-3198-9mThe "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Domain Profile.(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotificationsCCE-762"5.2.1.1.1.9 Prohibit notifications%prohibit_notifications_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5009 CCE-2965-2pThe "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Domain Profile..(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogDroppedPackets (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Log Dropped PacketsCCE-251+5.2.1.1.1.10 Log dropped packets (SP2 only)0allow_logging_log_dropped_packets_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5014 CCE-2923-1jThe log file path and name for the Windows Firewall should be configured correctly for the Domain Profile. (1) File path(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogFilePath (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Log file path and name (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Logging\NameCCE-793.5.2.1.1.1.11 Log file path and name (SP2 only)%allow_logging_log_path_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5017 CCE-2958-7gThe log file size limit for the Windows Firewall should be configured correctly for the Domain Profile.(1) Size limit (KB)$(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogFileSize (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Size limit (KB)CCE-57,5.2.1.1.1.12 Log file size limit (SP2 only)%allow_logging_log_size_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5016 CCE-3090-8wThe "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Domain Profile.<(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogSuccessfulConnections (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Log successful connectionsCCE-61735.2.1.1.1.13 Log successful connections (SP2 only)7allow_logging_log_successful_connections_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5015 CCE-2972-8xUnicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Domain Profile.(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableUnicastResponsesToMulticastBroadcastCCE-696K5.2.1.1.1.14 Prohibit unicast response to multicast or broadcast (SP2 only)Kprohibit_unicast_response_to_multicast_or_broadcast_requests_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5011 CCE-2866-21Domain Profile: Define port exceptions (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPortsCCE-114.5.2.1.1.1.15 Define port exceptions (SP2 only)%define_port_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:6008 CCE-3258-16Domain Profile: Allow local port exceptions (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\AllowUserPrefMergeCCE-37015.2.1.1.16 Allow local port exceptions (SP2 only)*allow_local_port_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5013 CCE-3284-7<Standard Profile: Protect all network connections (SP2 only)~(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewallCCE-27365.2.1.1.2.1 Protect all network connections (SP2 only)+ProtectAllNetworkConnectionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5100 CCE-3179-94Standard Profile: Do not allow exceptions (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptionsCCE-440.5.2.1.1.2.2 Do not allow exceptions (SP2 only)#DoNotAllowExceptionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5101 CCE-3183-1;Standard Profile: Allow local program exceptions (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\AllowUserPrefMergeCCE-35255.2.1.1.2.3 Allow local program exceptions (SP2 only)*AllowLocalProgramExceptionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5103 CCE-2954-6BStandard Profile: Allow remote administration exception (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Services\RemoteDesktopCCE-467<5.2.1.1.2.4 Allow remote administration exception (SP2 only)2AllowRemoteAdministrationExceptionsStandardProfile'oval:gov.nist.fdcc.xpfirewall:def:51041 CCE-3262-3EStandard Profile: Allow file and printer sharing exception (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Services\RemoteDesktop\EnabledCCE-626?5.2.1.1.2.4 Allow file and printer sharing exception (SP2 only).AllowFilePrintSharingExceptionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5105 CCE-3081-72Standard Profile: Allow ICMP exceptions (SP2 only)c(1) enabled/ Allow outboud source quench, Allow inbound< echo request, Allow outbound packet too big~(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ICMPSettings\*CCE-797,5.2.1.1.2.6 Allow ICMP exceptions (SP2 only)"AllowICMPExceptionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5106 CCE-3213-6;Standard Profile: Allow Remote Desktop exception (SP2 only)CCE-35455.2.1.1.2.7 Allow Remote Desktop exception (SP2 only)+AllowRemoteDesktopExceptionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5107 CCE-3235-9;Standard Profile: Allow UPnP framework exception (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Services\UPnPFramework\EnabledCCE-26655.2.1.1.2.8 Allow UPnP framework exception (SP2 only)+AllowUPnPframeworkExceptionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5108 CCE-3134-4oThe "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Standard Profile.(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotificationsCCE-901-5.2.1.1.2.9 Prohibit notifications (SP2 only)$ProhibitNotificationsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5109 CCE-3280-5rThe "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Standard Profile.3(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\LogDroppedPackets (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile\Windows Firewall: Allow Logging - Log Dropped PacketsCCE-945+5.2.1.1.2.10 Log Dropped Packets (SP2 only) CCE-3174-0lThe log file path and name for the Windows Firewall should be configured correctly for the Standard Profile. (1) file path(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\LogFilePathCCE-609.5.2.1.1.2.11 Log file path and name (SP2 only) CCE-3055-1iThe log file size limit for the Windows Firewall should be configured correctly for the Standard Profile.(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\LogFileSizeCCE-160+5.2.1.1.2.12 Log file size limit (SP2 only) CCE-2707-8yThe "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Standard Profile.(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\LogSuccessfulConnectionsCCE-96225.2.1.1.2.13 Log Successful Connections (SP2 only)mm CCE-3103-9zUnicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Standard Profile.(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableUnicastResponsesToMulticastBroadcastCCE-632K5.2.1.1.2.14 Prohibit unicast response to multicast or broadcast (SP2 only)DProhibitUnicastResponseToMulticastOrBroadcastRequestsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5111 CCE-3231-83Standard Profile: Define port exceptions (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPortsCCE-196.5.2.1.1.2.15 Define port exceptions (SP2 only) CCE-2989-28Standard Profile: Allow local port exceptions (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\AllowUserPrefMergeCCE-7735.2.1.1.2.16 Allow local port exceptions (SP2 only)'AllowLocalPortExceptionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5113 CCE-3037-9QThe startup type of the Internet Connection Firewall service should be correct. _(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicyCCE-5305.2.1.1. Windows Firewall OVAL10088 CCE-2856-3-Restricted Groups have been set on the system(1) Group enumerationCCE-301 OVAL10219 CCE-4952-8[The required permissions for the file %SystemRoot%\System32\mshta.exe should be assigned. (1) defined by the object's DACLCCE-1225mshta.exe-permissionsoval:gov.nist.fdcc.xp:def:1351 CCE-5194-6^The startup type of Microsoft Peer-to-Peer Networking Services should be configured correctly.C(1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\DisabledCCE-863turn_off_microsoft_peer_to_peer_networking_servicesoval:gov.nist.fdcc.xp:def:6662 CCE-5022-9uThe "Prohibit use of Internet Connection Firewall on your DNS domain network" setting should be configured correctly.(1) GPO Setting: Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain networkCCE-241%prohibit_internet_connection_firewall!oval:gov.nist.fdcc.xp:def:3366992 CCE-5136-7HThe "Display Error Notification" setting should be configured correctly.(1) GPO Settings: Computer Configuration\Administrative Templates\System\Error Reporting\Display Error Notification (2) Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Display Error NotificationCCE-259display_error_notification!oval:gov.nist.fdcc.xp:def:3366994 CCE-4665-6The "Internet Explorer Maintenance Policy Processing - Allow processing across a slow network connection" setting should be configured correctly.(1) GPO Setting: Computer Configuration\Administrative Templates\System\Group Policy\Internet Explorer Maintenance Policy ProcessingCCE-3657internet_explorer_maintenance_policy_processing_enabledoval:gov.nist.fdcc.xp:def:6671 CCE-5053-4)Group Policy - Registry policy processingCCE-584registry_policy_processingoval:gov.nist.fdcc.xp:def:6672 CCE-5054-2YThe "Turn Off Automatic Root Certificates Update" setting should be configured correctly.d(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdateCCE-858+Turn-Off-Automatic-Root-Certificates-Updateoval:gov.nist.fdcc.xp:def:6674 CCE-5200-1/Turn off downloading of print drivers over HTTPCCE-887/Turn-off-downloading-of-print-drivers-over-HTTPoval:gov.nist.fdcc.xp:def:6572 CCE-4953-6UThe "Turn Off Event Views 'Events.asp' Links" setting should be configured correctly.\(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer\MicrosoftEventVwrDisableLinksCCE-263%Turn-Off-Event-Views-Events.asp-Linksoval:gov.nist.fdcc.xp:def:6675 CCE-4707-6The "Turn Off Internet Connection Wizard if URL Connection is Referring to Microsoft.com" setting should be configured correctly.a(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Internet Connection Wizard\ExitOnMSICWCCE-1055STurn-Off-Internet-Connection-Wizard-if-URL-Connection-is-Referring-to-Microsoft.comoval:gov.nist.fdcc.xp:def:6679 CCE-5099-7ITurn off Internet download for Web publishing and online ordering wizardsCCE-691ITurn-off-Internet-download-for-Web-publishing-and-online-ordering-wizardsoval:gov.nist.fdcc.xp:def:6568 CCE-5121-9XThe "Turn Off Internet File Association Service" setting should be configured correctly.e(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWithCCE-1064*Turn-Off-Internet-File-Association-Serviceoval:gov.nist.fdcc.xp:def:6680 CCE-4513-8Turn off printing over HTTPCCE-852Turn-off-printing-over-HTTPoval:gov.nist.fdcc.xp:def:6571 CCE-4641-7sThe "Turn Off Registration if URL Connection is Referring to Microsoft.com" setting should be configured correctly.e(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Registration Wizard Control\NoRegistrationCCE-88ETurn-Off-Registration-if-URL-Connection-is-Referring-to-Microsoft.comoval:gov.nist.fdcc.xp:def:6681 CCE-5055-9.Turn off Search Companion content file updates< CCE-818.Turn-off-Search-Companion-content-file-updatesoval:gov.nist.fdcc.xp:def:6570 CCE-5072-4VThe "Turn Off the 'Order Prints' Picture Task" setting should be configured correctly.g(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoOnlinePrintsWizardCCE-375&Turn-Off-the-Order-Prints-Picture-Taskoval:gov.nist.fdcc.xp:def:6682 CCE-4887-6fThe "Turn off the 'Publish to Web' task for files and folders" setting should be configured correctly.|(1) [HKEY_LOCAL_MACHINE | HKEY_CURRENT_USER] \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPublishingWizardCCE-10096Turn-off-the-Publish-to-Web-task-for-files-and-foldersoval:gov.nist.fdcc.xp:def:6567 CCE-4224-2FTurn off the Windows Messenger Customer Experience Improvement ProgramCCE-722FTurn-off-the-Windows-Messenger-Customer-Experience-Improvement-Programoval:gov.nist.fdcc.xp:def:6569 CCE-4242-4eThe "Turn Off Windows Movies Maker Automatic Codec Downloads" setting should be configured correctly.R(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\CodecDownloadCCE-10407Turn-Off-Windows-Movies-Maker-Automatic-Codec-Downloadsoval:gov.nist.fdcc.xp:def:6696 CCE-4732-4[The "Turn Off Windows Movie Maker Online Web Links" setting should be configured correctly.L(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\WebHelpCCE-1062-Turn-Off-Windows-Movie-Maker-Online-Web-Linksoval:gov.nist.fdcc.xp:def:6684 CCE-4997-3rThe "Turn Off Windows Movie Maker Saving to Online Video Hosting Provider" setting should be configured correctly.O(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\WebPublishCCE-93Dturn_off_windows_movie_maker_saving_to_online_video_hosting_provideroval:gov.nist.fdcc.xp:def:6697 CCE-5014-6/Turn off Windows Update device driver searchingCCE-927/Turn-off-Windows-Update-device-driver-searchingoval:gov.nist.fdcc.xp:def:6573 CCE-5032-8(Logon - Do not process the run once list(1) Computer Configuration\Administrative Templates\System\Logon (2) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisableLocalMachineRunOnceCCE-583Do-Not-Process-Run-Once-Listoval:gov.nist.fdcc.xp:def:6561 CCE-5160-7gThe "Don't Display the Getting Started Welcome Screen at Logon" setting should be configured correctly.b(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWelcomeScreenCCE-1020:Do-Not-Display-the-Getting-Started-Welcome-Screen-at-Logonoval:gov.nist.fdcc.xp:def:6687 CCE-4262-2FThe "Prevent IIS Installation" setting should be configured correctly.S(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\IIS\PreventIISInstallCCE-474Prevent-IIS-Installationoval:gov.nist.fdcc.xp:def:6107 CCE-4581-5PThe "Turn off downloading of enclosures" setting should be configured correctly.c(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownloadCCE-767Turn-off-downloading-enclosuresoval:gov.nist.fdcc.xp:def:6110 CCE-4849-6fThe "Do not allow passwords to be saved" setting should be configured correctly for Terminal Services.(1) Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Remote Desktop Connection (2) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DisablePasswordSavingCCE-976"do_not_allow_passwords_to_be_savedoval:gov.nist.fdcc.xp:def:6596 CCE-4270-5TThe "Turn off shell protocol protected mode" setting should be configured correctly.p(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehaviorCCE-480&turn_off_shell_protocol_protected_modeoval:gov.nist.fdcc.xp:def:6119 CCE-5025-2mThe "Prohibit non-administrators from applying vendor signed updates" setting should be configured correctly.W(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\DisableLUAPatchingCCE-6122prohibit_non_administrators_install_signed_updatesoval:gov.nist.fdcc.xp:def:6122 CCE-4791-0iThe "Do Not Show First Use Dialog Boxes" setting for Windows Media Player should be configured correctly.(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Do Not Show First Use Dialog BoxesCCE-1140"do_not_show_first_use_dialog_boxes#oval:gov.nist.fdcc.xp:def:612261221 CCE-4482-6hThe "Prevent Desktop Shortcut Creation" setting for Windows Media Player should be configured correctly.(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Desktop Shortcut CreationCCE-313!prevent_desktop_shortcut_creation#oval:gov.nist.fdcc.xp:def:612261223 CCE-4500-5dThe "Password protect the screen saver" setting should be configured correctly for the current user.(1) User Configuration\Administrative Templates\Control Panel\Display\Password protect the screen saver (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure (3) HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure CCE-949(Current user screensaver secure (CID:72)!password_protect_the_screen_saveroval:gov.nist.fdcc.xp:def:6707 CCE-4390-1MPrompt for password on resume from hibernate/suspend should be set correctly.(1) User Configuration\Administrative Templates\System\Power Mangement (2) HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Power\PromptPasswordOnResumeCCE-5094prompt_for_password_on_resume_from_hibernate_suspendoval:gov.nist.fdcc.xp:def:6714 CCE-4412-3LDo not preserve zone information in file attachments should be set correcly.(1) User Configuration\Administrative Templates\System\Attachment Manager (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformationCCE-124do_not_preserve_zone_information_in_file_attachmentsoval:gov.nist.fdcc.xp:def:6502 CCE-5042-7BHide mechanisms to remove zone information should be set correcly.(1) User Configuration\Administrative Templates\System\Attachment Manager (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\HideZoneInfoOnPropertiesCCE-58*hide_mechanisms_to_remove_zone_informationoval:gov.nist.fdcc.xp:def:6503 CCE-5059-1JNotify antivirus programs when opening attachments should be set correcly.(1) User Configuration\Administrative Templates\System\Attachment Manager (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirusCCE-3722notify_antivirus_programs_when_opening_attachmentsoval:gov.nist.fdcc.xp:def:6504 CCE-4838-9The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.c(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriodoMSS:(ScreenSaverGracePeriod)The time in seconds beforethe screen saver graceperiod expires Table: 5.85 Value: 0ScreenSaverGracePeriod CCE-5407-2(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\optional (2) Computer Configuration\Windows Settings\Local Policies\Security Options\System settings: Optional subsystemsCSystem settings: optional subsystems Table: 5.68 Value: not defined CCE-5441-1 CCE-7528-3IThe "Configure Automatic Updates" setting should be configured correctly.(1) 0 = Enabled | 1 = Disabled(1) HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\AUOptions (2) Computer Configuration\Administrative Templates\Windows Components\Windows Update\Configure Automatic UpdatesCCE-306 CCE-8574-6The "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" setting should be configured correctly.(1) HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAUAsDefaultShutdownOption (2) Computer Configuration\Administrative Templates\Windows Components\Windows Update\"Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dia< log boxCCE-989 CCE-8261-0bThe "Do not allow drive redirection" setting should be configured correctly for Terminal Services. (1)HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm (2) Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Device and Resource Redirection\Do not allow drive redirectionCCE-648 CCE-8400-4The "Do not display 'Install Updates and Shut Down' option in the Shut Down Windows dialog box" setting should be configured correctly.(1) HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAUShutdownOption (2) Computer Configuration\Administrative Templates\Windows Components\Windows Update\Do not display 'Install Updates and Shut Down' option in the Shut Down Windows dialog boxCCE-1 CCE-8364-2XProcessing of the legacy run list on logon should be enabled or disabled as appropriate.(1) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisableLocalMachineRun (2) Computer Configuration\Administrative Templates\System\Logon\Do not process the legacy run listCCE-503 CCE-7598-6(1) HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\sealsecurechannel (2) Computer Configuration\Windows Settings\Local Policies\Security Options\Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)CCE-601 CCE-8375-8cThe "No auto-restart for scheduled Automatic Updates installations" policy should be set correctly.(1) HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoRebootWithLoggedOnUsers (2) Computer Configuration\Administrative Templates\Windows Components\Windows Update\No auto-restart for scheduled Automatic Updates installationsCCE-641 CCE-8445-99Access to registry editing tools should be set correctly.(1) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (2) User Configuration\Administrative Templates\System\Prevent access to registry editing toolsCCE-405 CCE-8374-1UCD Burning features in Windows Explorer should be enabled or disabled as appropriate.(1) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoCDBurning (2) User Configuration\Administrative Templates\Windows Components\Windows Explorer\Remove CD Burning featuresCCE-113 CCE-8326-1AThe "Remove Security tab" setting should be configured correctly.t(2) GPO Setting: User Configuration\Administrative Templates\Windows Components\Windows Explorer\Remove Security tabCCE-1022 CCE-8406-1pThe "Reschedule Automatic Updates scheduled installations" setting should be enabled or disabled as appropriate.(1) HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\RescheduleWaitTimeEnabled (2) Computer Configuration\Administrative Templates\Windows Components\Windows Update\Reschedule Automatic Updates scheduled installationsCCE-804 CCE-8440-0pThe "Windows Firewall: Apply local firewall rules" policy should be configured correctly for the Domain profile.(1) HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalPolicyMerge (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Apply local firewall rulesCCE-400 CCE-8515-9oThe "Windows Firewall: Define program exceptions" policy should be configured correctly for the Domain Profile.(1) List of programs(1) HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\Enabled (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Define program exceptions CCE-8147-1jThe "Windows Firewall: Inbound connections" policy should be configured correctly for the Domain Profile.(1) HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundAction (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall \Domain Profile\Inbound connectionsCCE-249 CCE-7583-8jThe "Windows Firewall: Outbound connections" policy should be configured correctly for the Domain profile.(1) HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultOutboundAction (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall \Domain Profile\Outbound connectionsCCE-485 CCE-18167-7enabled/disabledq(1) Control Panel\Add or Remove Programs\Add/Remove Windows Components\Games (2) %Program Files%\Microsoft Gamesgames oval:gov.nist.usgcb.xp:def:20000 CCE-18870-6(1) Control Panel\Add or Remove Programs\Add/Remove Windows Components\Internet Information Services (2) HKLM\SYSTEM\CurrentControlSet\Services\W3Svc\DisplayNameInternet_Information_Services oval:gov.nist.usgcb.xp:def:20001 CCE-18307-9(1) Control Panel\Add or Remove Programs\Add/Remove Windows Components\SimpleTCP Services (2) HKLM\SYSTEM\CurrentControlSet\Services\simptcp\DisplayNameSimple_TCPIP_Services oval:gov.nist.usgcb.xp:def:20002 CCE-18959-7{(1) Control Panel\Add or Remove Programs\Add/Remove Windows Components\Windows Media Center (2) %windir%\ehome\ehshell.exeWindows_Media_Center oval:gov.nist.usgcb.xp:def:20006 CCE-18099-2 CCE-18173-5\The 'Configure Windows NTP Client\CrossSiteSyncFlags' option should be configured correctly. CCE-18559-5WThe 'Configure Windows NTP Client\EventLogFlags' option should be configured correctly. CCE-18149-5SThe 'Configure Windows NTP Client\NtpServer' option should be configured correctly.,DNS name or IP address of an NTP time source CCE-18962-1dThe 'Configure Windows NTP Client\ResolvePeerBackoffMaxTimes' option should be configured correctly. CCE-18306-1cThe 'Configure Windows NTP Client\ResolvePeerBackoffMinutes' option should be configured correctly. CCE-18692-4]The 'Configure Windows NTP Client\SpecialPollInterval' option should be configured correctly. CCE-18634-6NThe 'Configure Windows NTP Client\Type' option should be configured correctly.NoSync\NTP\NT5DS\AllSync CCE-18782-3eThe 'Allow users to connect remotely using Terminal Services' setting should be configured correctly.configure_windows_ntp_client!oval:gov.nist.usgcb.xp:def:100215=allow_users_to_connect_remotely_using_remote_desktop_services oval:gov.nist.usgcb.xp:def:20020UThe Windows XP 'Games' component should be installed or not installed as appropriate..(1) Computer Configuration\Administrative Templates\System\Group Policy (2) HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy (3) HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\SearchCompanion\DisableContentFileUpdates(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Messenger\Client\CEIP(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Windows\DriverSearching\DontSearchWindowsUpdate(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient\CrossSiteSyncFlags (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\CrossSiteSyncFlags(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient\EventLogFlags (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP C< lient\EventLogFlags(1) HKLM\Software\Policies\Microsoft\W32time\Parameters\NtpServer (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\NtpServer(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient\ResolvePeerBackoffMaxTimes (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\ResolvePeerBackoffMaxTimes(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient\ResolvePeerBackoffMinutes (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\ResolvePeerBackoffMinutes(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient\SpecialPollInterval (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\SpecialPollInterval(1) HKLM\Software\Policies\Microsoft\W32time\Parameters\Type (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\Type (1) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections (2) Computer Configuration\Administrative Templates\Windows Components\Terminal Services Services\Terminal Servicer\Connections\Allow users to connect remotely using Terminal ServicesKDEPRECATED. [Was: "The 'Configure Windows NTP Client' setting should be configured correctly." The enabled/disabled/not configured status of this GPO (see CCE Technical Mechanisms) does not itself affect the configuration of aspects of the Windows NTP Client; it only controls whether Group Policy is used to set those options.]  Not configured\Enabled \Disabled{(1) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client8None (0) / Primary Domain Controllers only (1) / All (2)wNo events (0) / Time jump events (1) / Time source change events (2) / Both time jump and time source change events (3)maximum number of DNS resolution attempts by W32time, with the delay period doubling between each attempt, before the resolution process is restarted (0 to 9999)&number of minutes (between 0 and 9999),number of seconds (between 0 and 4294967295)Last modified: 2012-03-13Version: 5.20120314DEPRECATED. [Was: The POSIX subsystem should be enabled or disabled as appropriate. Per Microsoft KB308259, the POSIX subsystem is not supported in Windows XP.] DEPRECATED. [Was: The OS/2 subsystem should be enabled or disabled as appropriate. Per Microsoft KB308259, the POSIX subsystem is not supported in Windows XP.] mThe Windows XP 'Internet Information Services' component should be installed or not installed as appropriate.bThe Windows XP 'SimpleTCP Services' component should be installed or not installed as appropriate.dThe Windows XP 'Windows Media Center' component should be installed or not installed as appropriate.installed/not installed ~ ]b T7~| SX l!%[*/4 9M>FCSHMZU [biqIxP }_f 9@ Gg&\P.@ B[T.4 '<}} 0< &=,D05 <A!hHpO~U [hbv kqw }}g4B,В<@ܮ~! V/hOaH_r Q*] 8!n_'@-R18 ?D,H5N#SX M];bgoJmscJ| _),M HRܫ}̷U 8A7c 6ccB f2ɀ \Z$8Od5wOM[gK;yw)!  dMbP?_*+%&?'?('}'}?)'}'}?M\\MBPS1\1S412-OC9284-5337-46DF  od XX0CourierArial 0X o   COPIES@PJL JOB NAME="!JOBNAME" @PJL SET GUISTARTJOB=1 @PJL EOJ  E222XXXXXXXXXXXXXXXC,EXXxxxxb 222XXXX,TOSHIBA eS282/283Series PSL3Mckinley1M24402XXXE0?ʡE??ʡE? 2222                                                   X1118050,E211111111111111111111111C,1003,E211,2124,E1,111302({111111C E222XXXXXXXXXXXXXXXXXXXXXC,D222,X,E2XXXXX2,D1,E011111111111121111111111C EXXX222222222222222222222C,E22X,X,EX2XXXXX,X0,SP:Drawer1Pap"d,, ` `? ` `?&`U} :} <} <} 2<} =}  >} ?} ?} ?} @} I@} m?} m?} m?} A} B} $ CZ ``J@@@@q@ @ @ @ Q Q@@@@@@@@@@@@@@@@@R ; ; D E E EF E G G G  G  G  G  G  G H H H H I I : < < <K LM N MMMMM : < < <K LM N OOMMM : < < <K L M N! OOMMM :" <# <$ <%K L& N' MMMMM o( a) a$ a%K p*M N+?MMMMMAAAAPP :, <- <$ <%K L.M ?/ MMMMM :0 <1 <$ <% K L2 M ?3 MMMMM :4 <5 <$ <% K L6 M ?7 MMMMM :8 <9 <$ <% K L: M ?; MMMMM :< <= <$ <% K L> M N? ?MMMMMAAAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq :@ <A <$ <% K LB M NC ?MMMMMAAAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq :D <E <F <%K LGM ?H MMMMM :I <J <$ <%K LKM ?L MMMMM :M <N <$ <%K LOM ?P MMMMM :Q <R <$ <%K LSM ?T MMMMM :U <V <$ <%K LWM ?X MMMMM :Y <Z <$ <%K L[ N\ ?] N^ MMMMM :_ <` <$ <%K LaM ?b MMMMM :c <d <$ <%K LeM ?f MMMMM :g <h <$ <%K LiM ?j MMMMM :k <l <$ <%K LmM ?n MMMMM :o <p <$ <%K LqM ?r MMMMM :s <t <$ <%K LuM ?v MMMMM :w <x <$ <%K LyM ?z MMMMM :{ <| <$ <%K L}M ?~ MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ??MMMMMAAAABBDl|||r||||rr|||||||||||||||| @!R"@#@$@%@&@'@(@)@*@+@,@-@.@/@0@1@2@3@4@5@6@7@8@9@:@;@<@=@>@?@ : < <$ <% K L N MMMMM !: !< !<$ !<%!K !L!M !?!?MMMMMAAAABB ": "< "<$ "<%"K "L"M "?" MMMMM #: #< #<$ #<%#K #L#M #?# MMMMM $: $< $<$ $<%$K $L$M $?$ MMMMM %: %< %<$ %<%%K %L%M %?% MMMMM &: &< &<$ &<%&K &L&M &?& MMMMM ': '< '<$ '<%'K 'L'M '?' MMMMM (: (< (<$ (<%(K (L(M (?( MMMMM ): )< )<$ )<%)K )L )N )? )N ) MM ) M ) M ) M )A )A *: *< *<$ *<%*K *L*M *?* MMMMM +: +< +<$ +<%+K +L+M +?+ MMMMM ,: ,< ,<$ ,<%,K ,L,M ,?, MMMMM -: -< -<$ -<%-K -L-M -?- MMMMM .: .< .<$ .<%.K .L.M .?. MMMMM /: /< /<$ /<%/K /L/M /?/ MMMMM 0: 0< 0<$ 0<%0K 0L 0N 0? 0 MM 0 M 0 M 0 M 0A 0A 1: 1< 1<$ 1<%1K 1L 1N 1? 1N 1 MM 1 M 1 M 1 M 1A 1A 2: 2< 2<$ 2<%2K 2L 2N 2N 2 MM 2 M 2 M 2 M 2A 2A 3: 3< 3<$ 3<%3K 3L 3N 3N 3 MM 3 M 3 M 3 M 3A 3A 4: 4< 4<$ 4<%4K 4L4M 4?4 MMMMM 5: 5< 5<$ 5<%5K 5L5M 5?5 MMMMM 6: 6< 6<$ 6<%6K 6L6M 6?6 MMMMM 7: 7< 7<$ 7<%7K 7L7M 7? 7 MMMMM 8:  8<  8<$ 8<%8K 8L  8N 8 MMMMM 9: 9< 9<$ 9<%9K 9L 9N 9N9 MMMMM :: :< :<$ :<%:K :L:M :? : MM : M : M : M :A :A ;: ;< ;<$ ;<%;K ;L;M ;?; MMMMM <: <<  <<$ <<%<K <L!<M <?"< MMMMM =:# =<$ =<$ =<%=K =L%=M =?&= MMMMM >:' ><( ><$ ><%>K >L)>M >N*> MMMMM ?:+ ?<, ?<$ ?<%?K ?L-?M ?N.? MMMMM Dlr|||||||||||||||||r||||@@A@B@C@D@E@FF@G@H@I@J@K@LF@MF@NF@OF@PF@QF@RF@S@T@U@V@WF@XF@Y@Z@[@\@]@^@_@ @:/ @<0 @<$ @<%@K @L1 @N2 @N3@ MMMMM A:4 A<5 A<$ A<%AK AL6 AN7 AN8 A MM A M9 A M: A M; AA: AA< B:= B<> B<$ B<%BK BL? BN@ BNA B MM B MB B MC B MD BAC BAE C:F C<G C<$ C<%CK CLHCM C?I C MM C MJ C MK C ML CAK CAM D:N D<O D<$ D<%DK DLPDM D?QD MMMMM E:R E<S E<$ E<%EK ELT ESU ENVE MMMMM F:W F<X F<$ F<%FK FLYFM F?Z F MM F T[ F U\ F M] G:^ G<_ G<$ G<%GK GL`GM G?aG MMMMM H:b H<c H<$ H<%HK HLdHM H?eH MMMMM I:f I<g I<$ I<%IK ILhIM I?iI MMMMM J:j J<k J<$ J<%JK JLlJM J?mJ MMMMM K:n K<o K<$ K<%KK KLpKM K?qK MMMMM L:r L<s L<$ L<%LK LLt LNu L MM L Tv L Mw L Mx M:y M<z M<$ M<%MK ML{ MN| MN} M MM M T~ M M M M MA MA N: N< N<$ N<%NK NL NN NN N MM N T N M N M NA NA O: O< O<$ O<%OK OL ON O? ON O MM O T O M O M OA OA P: P< P<$ P<%PK PL PN P? P MM P T P M P M Q: Q< Q<$ Q<%QK QL QN Q? Q MM Q T Q M Q M R: R< R<$ R<%RK RL RN R? R MM R T R M R M S: S< S<$ S<%SK SLSM S?S MMMMM T: T< T<$ T<%TK TLTM T?T MMMMM U: U< U<$ U<%UK ULUM U?U MMMMM V: V< V<$ V<%VK VLVM V?V MMMMM W: W< W<$ W<%WK WL WN W? WN W MM W T W M W M WA WA X: X< X<$ X<%XK XL XN X? XN X MM X T X M X M XA XA Y: Y< Y<$ Y<%YK YL YN Y? YN Y MM Y M Y M Y M YA YA Z: Z< Z<$ Z<%ZK ZL ZN Z? Z MM Z M Z M Z M ZA ZA [: [< [<$ [<%[K [L [N [N [ MM [ M [ M [ M [A [A \: \< \<$ \<%\K \L \N \? \N \ MM \ M \ M \ M \A \A ]: ]< ]<$ ]<%]K ]L ]N ]? ] MM ] M ] M ] M ]A ]A ^: ^< ^<$ ^<%^K ^L ^N ^? ^N ^ MM ^ M ^ M ^ M ^A ^A  _:  _<  _<$ _<%_K _L _M _? _ MMMMM Dl||||||||||`@a@b@c@d@e@f@g@h@i@j@k@l@m@n@o@p@q@r@s@t@u@v@w@x@y@z@{@|@}@~@@ `: `< `<$ `<%`K `L`M `N` MMMMM a: a< a<$ a<%aK aL aN aN a MM a M a M a M aA aA b: b< b<$ b<%bK bL bN b? b MM b M  b M! b M" bA! bA# c:$ c<% c<$ c<%cK cL&cM c?'c MMMMM d:( d<) d<$ d<%dK dL*dM d?+d MMMMM e:, e<- e<$ e<%eK eL.eM e?/e MMMMM f:0 f<1 f<$ f<%fK fL2fM f?3f MMMMM g:4 g<5 g<$ g<%gK gL6 gN7 gN8 g MM g M9 g M: g M; gA: gA< h:= h<> h<$ h<%hK hL? hN@ h?A h MM h MB h MC h MD hAC hAE i:F i<G i<$ i<%iK iLH iNI iNJ i MM i MK i ML i MM j:N j<O j<$ j<%jK jLP jNQ j?R jNS j MM j MT j MU j MV jAU jAW k:X k<Y k<$ k<%kK kLZ kN[ kN\ k MM k M] k M^ k M_ kA^ kA` l:a l<b l<$ l<%lK lLclM l?dl MMMMM m:e m<f m<$ m<%mK mLgmM m?hm MMMMM n:i n<j n<$ n<%nK nLknM n?l nNmn MMMMM o:n o<o o<$ o<%oK oLpoM o?qo MMMMM p:r p<s p<$ p<%pK pLtpM p?u pNvp MMMMM q:w q<x q<$ q<%qK qLyqM q?zq MMMMM r:{ r<| r<$ r<%rK rL}rM r?~r MMMMM s: s< s<$ s<%sK sLsM s?s MMMMM t: t< t<$ t<%tK tLtM t?t MMMMM u: u< u<$ u<%uK uLuM u?u MMMMM v: v< v<$ v<%vK vLvM v? vNv MMMMM w: w< w<$ w<%wK wLwM w?w MMMMM x: x< x<$ x<%xK xLxM x? xNx MMMMM y: y< y<$ y<%yK yLyM y? yNy MMMMM z: z< z<$ z<%zK zLzM z? zNz MMMMM {: {< {<$ {<%{K {L{M {?{ MMMMM |: |< |<$ |<%|K |L|M |? |N| MMMMM }: }< }<$ }<%}K }L}M }?} MMMMM ~: ~< ~<$ ~<%~K ~L~M ~?~ MMMMM : < <$ <%K LM ? MMMMM D0l|||||||||||||||||@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ : < <$ <%K L N ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? N MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K L N  ?  N  MMMMM :  <  <$ <%K L N ? N MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K LM ? MMMMM : < <$ <%K L M ?! MMMMM :" <# <$ <%K L$M ?% MMMMM :& <' <$ <%K L(M ?) MMMMM :* <+ <$ <%K L,M ?- MMMMM :. </ <$ <%K L0M ?1 MMMMM :2 <3 <$ <%K L4M ?5 N6 MMMMM :7 <8 <9 V:K L; N< ?= N> MM M? M@ MA AB AC :D <E <9 VFK LG NH ?I NJ MM MK ML MM AN AODl|||||||||||||||||||||||||@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@RR :P <Q <9 VRK LS NT ?U NV MM MW MX MY AZ A[ :\ <] <9 V^K L_ N` ?a Nb MM Mc Md Me Af Ag :h <i <9 VjK Lk Nl ?m Nn MM Mo Mp Mq Ar As :t <u <9 VvK Lw Nx ?y Nz MM M{ M| M} A~ A : < <9 VK L N ? N MM M M M A A : < <9 VK L N ? N MM M M M A A : < <9 VK L N ? N MM M M M A A : < <9 VK L N ? N MM M M M A A : < <9 VK L N ? N MM M M M A A : < <9 VK L N ? N MM M M M A A : < <9 VK L N ? N MM M M M A A : < <9 VK L N ? N MM M M M A A : < <9 VK L N ? N MM M M M A A : < <9 VK L N ? N MM M M M A A : < <9 VK L N ? N MM M M M A A : < <9 VK L N ?  N  MM M  M  M  A A : < <9 VK L N ? N MM M M M A A : < <9 VK LM ?  N! MM M" M# M$ A% A& :' <( <9 V)K L* N+ ?, N- MM M. M/ M0 A1 A2 :3 <4 <9 V5K L6 N7 ?8 N9 MM M: M; M< A= A> :? <@ <9 VAK LB NC ?D NE MM MF MG MH AI AJ :K <L <9 VMK LN NO ?P NQ MM MR MS MT AU AV :W <X <9 VYK LZ N[ M\ N] MM M^ M_ M` Aa Ab :c <d <9 VeK Lf Ng ?h Ni MM Mj Mk Ml Am An :o <p <9 VqK Lr Ns ?t Nu MM Mv Mw Mx Ay Az :{ <| <9 V}K L~ N ? ? MM M M M A A : < <9 VK L N ? N MM M M M A A : < <9 VK L N ? N MM M M M A A : < <9 VK L N ? N MM M M M : < <9 VK L N ? N MM M M M : < <9 VK L N ? N MM M M M A AAABB : < <9 VK LM ? N MM M M M A AAABBD$lRRR@@@@@@@@@@@@@XX@@@@@@@@QQ@@QQ : < <9 VK LM ? N MM M M M A AAABB : < <9 VK L N ? N MM M M M A AAABB : < <9 VK L N ? N MM M M M A AAABB : < < <K L N ? N MM M M M A A : < < <K L N ? N MM M M M A A : < < <K L N ?  N  MM M  M  M  A A : < < <K L N ? N MM M M M A A : < W <K L N ? N MM M M M A A : <  W <K L! N" ?# N$ MM M% M& M' A& A( :) <* W <K L+ N" ?# N$ MM M% M& M' A& A( :, <- W <K L.M ?/ N0 MM M1 M2 M2 A3 A4 :5 <6 W <K L7M ?/ N0 MM M1 M2 M2 A3 A4 :8 <9 W <:K L; N< ?= N> MM M? M@ MA A@ AB :C <D W <:K LE N< ?= N> MM M? M@ MA A@ AB :F <G W <K LH NI ?J NK MM ML MM MN AM AO :P <Q W <K LR NI ?J NK MM ML MM MN AM AO :S <T W WK LU NV NW NX MM MY MZ M[ A\ A]AAPP :^ <_ W WK L` NV NW NX MM MY MZ M[ A\ A]AAPP :a <b W <K Lc Nd ?e Nf MM Mg Mh Mi Ah Aj :k <l W <K Lm Nd ?e Nf MM Mg Mh Mi Ah Aj :n <o W <K LpM ?q Nr MM Ms Mt Mu At Av :w <x W <K LyM ?q Nr MM Ms Mt Mu At Av :z <{ W <K L| N} ?~ N MM M M M A A : < W <K L N} ?~ N MM M M M A A : < < VK L Y ? N MM M M M A A : < < VK L N ? N MM M M M A A : < < VK L N N N MM ? MM A AAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq : < < <K LN N N MM M M MAAAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq : < < VK L Y ? N MM M M M A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < VK L N ? N MM M M M A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < VK L N N N MM ? MM A AAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq : < < <K LN N N MM M M MAAAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqD!l@@QQ@@@@@@@` @@@@@@@@@@@@@@@@@@@@@ : < < VK L Y ? N MM M M M A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < VK L N ? N MM M M M A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < V= L N N N ?? ? ?? A AAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq : < < <= LN N N ?? ? ? ?AAAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq : < < <K L  N  N  N  MM M  M M A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < <K L N ? N MM M M M A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < <K L N  ?! N" MM M# M$ M% A& A'RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :( <) < <K L*M ?+ N, MM M- M. M/ A0 A1RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :2 <3 <4 <K L5 Z6 N7 N8 MM M9 M: M; A< A=RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :> <? < <K L@ NA ?B NC MM MD ME MF AE AGRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :H <I <J VKK LLM NM MM MN MO MP AO AQRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :R <S <J VTK LUM NV MM MW M MRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :X <Y <J VZK L[M N\ MM M] M M A^ A_RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :` <a <J VbK LcM Nd MM Me Mf Mg Af AhRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :i <j <J VkK Ll Nm Nn MM Mo Mp Mq Ar AsRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :t <u <J VvK Lw Nx Ny MM Mz MM A{ A|RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :} <~ <J VK LM MM M M M A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK LM N MM M M M A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK L N N MM M M MRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK LM N MM M M M A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK L N N MM M M M A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK L N MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK LM N MM M MM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK L N N MM M M M A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK L N MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK L N MM M MM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK L N N MM M M MRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK LN NMM M MM A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK LM N MM M MM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK L N N MM M M M A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK L N MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK L N MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRD5l\|\r|\@@@@@@@@@ @ @ @ @ @@@@@@@@@@@@@@@@@@@ : < <J VK LM N  MM  ?  M  MRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK L N N  MM  M  M  MRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK L N  N   MM  M   M   M RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK L N  MM  M  M  M A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J VK L N N  MM  M  M  M A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :  <! <J V"K L# N$ N%  MM  M&  M'  M( A' A)RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :* <+ <J V,K L- N. N/  MM  M0  M1  M2 A1 A3RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :4 <5 <J V6K L7M N8  MM  M9  M:  M; A: A<RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR := <> <J V?K L@ NA NB  MM  MC  MD  ME AD AFRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :G <H <I VJ K LK M NL  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :M <N <I VJ K LO M NL  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :P <Q <I VJ K LR M NL  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :S <T <I VJ K LU M NL  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :V <W <I VJ K LX M NL  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :Y <Z <I VJK L[M NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :\ <] <I VJK L^ N_ MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :` <a <I VJK LbM NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :c <d <I VJK LeM NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :f <g <I VJK LhM NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :i <j <I VJK LkM NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :l <m <I VJK LnM NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :o <p <I VJK LqM NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :r <s <I VJK Lt Nu  MM  Mv  MM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :w <x <I VJK LyM NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :z <{ <I VJK L|M NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :} <~ <I VJK LM NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <I VJK LM NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <I VJK LM NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <I VJK LM NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <I VJK LM NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <I VJK LM NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <I VJK LM NL MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRD<1lffffff\ffffffrffffffff @!@"R#R$@%@&@'@(@)@*@+@,@-@.@/@0@1@2@3@4@5@6@7@8@9@:@;@<@=@>@?@ : < <I VJ K L M NL  MM  M  MM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR !: !< !<I !VJ!K !L!M !NL! MMMMM !RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR ": "< "< "V"K "L "N "? "N " MM " M " M " M "A "A"AABB #: #< #< #V#K #L#M #? #N # MM # M # M # M #A #A#AABB $: $< $< $V$K $L$M $? $N $ MM $ M $ MM $A $A$RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR %: %< %< %V%K %L %N% MMMMM %RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR &: &< &< &V&K &L &N& MMMMM &RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR ': '< '< 'V'K 'L 'N' MMMMM 'RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR (: (< (< (<(K (L (N (? (N ( MM ( M ( M ( M (A (A(RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR ): )< )< )<)K )L)M )? )N ) MM ) M ) M ) M)RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR *: *< *< *V*K *L*M *? *N * MM * ? * M * M *A *A*RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR +: +< +< +V+K +L+M +? +N + MM + M + M + M +A +A+RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR ,: ,< ,< ,V,K ,L,M ,N , MM , M , MM ,RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR -: -< -< -V-K -L -N -N- MMMMM -RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR .: .< .< .V.K .L .N .? .N . MM . M . M . M .A .A.RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR /:  /<  /< /V /K /L  /N  /N / MM / M / MM /RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR 0: 0< 0< 0V0K 0L 0N 0N 0 MM 0 M 0 M0 M 0A 0A0RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR 1: 1< 1< 1V1K 1L1M 1N1 MMMMM 1RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR 2: 2< 2< 2V 2K 2L! 2N" 2N#2 MMMMM 2RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR 3:$ 3<% 3< 3V&3K 3L'3M 3?(3 MMMMM 3RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR 4:) 4<* 4<+ 4V,4K 4L-4M 4N.4 MMMMM 4RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR 5:/ 5<0 5<+ 5V15K 5L25M 5N3 5 MM 5 M4 5 M5 5 M6 5A5 5A75RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR 6:8 6<9 6< 6V:6K 6L;6M 6N< 6 MM 6 M= 6 M> 6 M? 6A> 6A@6RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR 7:A 7<B 7< 7VC7K 7LD7M 7NE 7 MM 7 MF 7 MG 7 MH 7AG 7AI7RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR 8:J 8<K 8< 8VL8K 8LM 8NN 8NO 8 MM 8 MP 8 MQ 8 MR 8AQ 8AS8RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR 9:T 9<U 9< 9VV9K 9LW 9NX 9NY 9 MM 9 MZ9RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR ::[ :<\ :< :V]:K :L^:M :?_ :N` : MM : Ma : Mb : Mc :Ab :Ad:RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR ;:e ;<f ;<g ;Vh;K ;Li ;Nj ;Nk ; MM ; Ml ; Mm ; Mn ;Am ;Ao;RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR <:p <<q << <Vr<K <Ls<M <Nt < MM < Mu < Mv < Mw <Av <Ax<RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR =:y =<z =<{ =V|=K =L}=M =N~ = MM = M = M = M =A =A=RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR >: >< >< >V>K >L>M >N> MMMMM >RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR ?: ?< ?< ?V?K ?L?M ?N? MMMMM ?RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRDt2l|f\\\|jfjffrf@@A@B@C@D@E@F@G@H@I@J@K@L@M@N@O@P@Q@R@S@T@U@V@W@X@Y@Z@[@\@]@^@_@ @: @< @< @V@K @L@M @N @ MM @ M @ M @ M @A @A@RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR A: A< A< AVAK ALAM ANA MMMMM AA AAARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR B: B< B< BVBK BLBM BN B MM B M B M B M BA BABRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR C: C< C< CVCK CLCM CNMM C M C M C M CA CACRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR D: D< D< DVDK DL DN DNMM D M D MM DRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR E: E< E< EVEK EL EN E? EN E MM E M E M E M EA EAERRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR F: F< F< FVFK FL FNF MMMMM FRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR G: G< G< GVGK GL GNG MMMMM GRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR H: H< HV HVHK HL HNH MMMMM HA HAHRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR I: I< I< IVIK IL INI MMMMM IRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR J: J< J< JVJK JL JNJ MMMMM JRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR K: K< K< KVKK KL KNK MMMMM KA KAKRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR L: L< L< LVLK LL LNL MMMMM LRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR M: M< M< M<MK MLMM M? MN M MM M M M MM MA MAMRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR N: N< N< N<NK NL NN N? NN N MM N M N MM NA NANRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR O: O< O< O<OK OL ON O? ON O MM O M O MM OA OA ORRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR P: P< P< PV PK PL PN P? PN P MM P M P M P M PA PA PRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Q: Q< Q< QV QK QL QM Q? QN Q MM Q M Q M Q M QA QA QRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR R: R< R< RV RK RL RM R? RN R MM R M R M! R M" RA# RA$ RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR S:% S<& S< SV' SK SL( SM S?) SN* S MM S M+ S M, S M- SA, SA. SRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR T:/ T<0 T<1 TV2 TK TL3 TN4 T?5 TN6 T MM T M7 T M8 T M9 TA: TA; TRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR U:< U<= U< UV> UK UL? UN@ U?A UNB U MM U MC U MD U ME UAD UAF URRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR V:G V<H V< VVI VK VLJ VNK V?L VNM V MM V MN V MO V MP VAO VAQ VRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR W:R W<S W< WVT WK WLU WNV W?W WNX W MM W MY W MZ W M[ WAZ WA\ WRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR X:] X<^ X< XV_ XK XL` XM X?a XNb X MM X Mc X MZ X M[ XAd XAe XRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Y:f Y<g Y< YVh YK YLi YNj Y?k YNl Y MM Y Mm Y Mn Y Mo YAp YAq YRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Z:r Z<s Z< ZVt ZK ZLu ZNv Z?w ZNx Z MM Z My Z Mz Z M{ ZAz ZA| ZRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR [:} [<~ [< [V [K [L [N [? [N [ MM [ M [ M [ M [A [A [RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \: \< \< \V \K \L \N \? \N \ MM \ M \ M \ M \A \A \RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR ]: ]< ]< ]< ]K ]L ]N ]? ]N ] MM ] M ] M ] M ]A ]A ]RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR ^: ^< ^< ^V ^K ^L ^N ^? ^N ^ MM ^ M ^ M ^ M ^A ^A ^RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR _: _< _< _V _K _L _N _? _N _ MM _ M _ MM _A _A _RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRD,6lt\\x\\x\`@a@b@c@d@e@f@g@h@i@j@k@l@m@n@o@p@q@r@s@t@u@v@w@x@y@z@{@|@}@~@@ `: `< `< `V `K `L `N `? `N ` MM ` M ` M ` M `A `A `RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR a: a< a< aV aK aL aN a? aN a MM a M a M a M aA aA aRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR b: b< b< bV bK bL bM b? bN b MM b M b M b M bA bA bRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR c: c< c< cV cK cL cN c? cN c MM c M c M c M cA cA cRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR d: d< d< dV dK dL dM d? dN d MM d M d M d M dA dA dRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR e: e< e< eV eK eL eM e? eN e MM e M e M e M eA eA eRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR f: f< fV fV fK fL fN f? fN f MM f M f M f M fA fA fRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR g: g< g< gV gK gL gN g? gN g MM g M g M g M gRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR h: h< h< hV hK hL hN h? hN h MM h M h M h M hA hA hRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR i: i< i< iV! iK iL" iN# i?$ iN% i MM i M& i M' i M( iA' iA) iRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR j:* j<+ j< jV, jK jL- jN. j?/ jN0 j MM j M1 j M2 j M3 jA2 jA4 jRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR k:5 k<6 k< kV7 kK kL8 kN9 k?: kN; k MM k M< k M= k M> kA? kA@ kRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR l:A l<B l< lVC lK lLD lNE l?F lNG l MM l MH l MI l MJ lAI lAK lRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR m:L m<M m< mVN mK mLO mNP m?Q mNR m MM m MS m MT m MU mAT mAV mRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR n:W n<X n< nVY nK nLZ nN[ n?\ nN] n MM n M^ n M_ n M` nA_ nAa nRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR o:b o<c o< oVd oK oLe oNf o?g oNh o MM o Mi o Mj o Mk oAj oAl oRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR p:m p<n p< pVo pK pLp pNq p?r pNs p MM p Mt p Mu p Mv pAw pAx pRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR q:y q<z q< qV{ qK qL| qM q?} qN~ q MM q M q M q M qA qA qRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR r: r< r< r< rK rL rM r? r? r MM r M r MM rA rA rRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR s: s< s< sV sK sL sN s? sN s MM s M s M s M sA sA sRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR t: t< t< t< tK tL tM t? t? t MM t M t MM tA tA tRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR u: u< u< uV uK uL uN u? uN u MM u M u M u M uA uA uRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR v: v< v< vV vK vL vN v? vN v MM v M v M v M vA vA vRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR w: w< w< wV wK wL wN w? w? w MM w M w M w M wA wA wRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR x: x< x< xV xK xL xN x? xN x MM x M x M x M xA xA xRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR y: y< y< yV yK yL yN y? yN y MM y M y M y M yA yA yRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR z: z< z< zV zK zL zM z? zN z MM z M z M z M zA zA zRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR {: {< {< {V {K {L {M {? {N { MM { M { M { M {A {A {RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR |: |< |< |V |K |L |M |? |? | MM | M | M | M |A |A |RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR }: }< }< }V }K }L }N }? }N } MM } M } M } M }A }A }RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR ~: ~< ~< ~V ~K ~L ~N ~? ~N ~ MM ~ M ~ M ~ M ~A ~A ~RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < <K L N ? N  MM  M  M  M A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRD$9ln @n @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ : < < V K L N ?! N"  MM  M#  M$  M% A& A' RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :( <) < V* K L+ N, ?- N.  MM  M/  M0  M1 A2 A3 RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :4 <5 <6 <7 K L8 Y9 N: N;  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :< R= <> <? L@ NA  ??  ?B AC AD RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :E RF <G <H K LI NJ  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :K RL <> VM K LN NO  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :P <Q < VR K LS NT  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :U <V < VW K LX NY  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :Z R[ <G <\ K L] N^  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :_ [` VK La N MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :b [c VK Ld N MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :e <f < <g K Lh Ni  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \j <k < Vl K Lm Nn NMMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \o <p < Vq K Lr Ns NMMMMM At Au RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \v <w < Vx K Ly Nz NMMMMM A{ A| RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \} <~ < V K L N NMMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N NMMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N NMMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N NMMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N  MMMMM A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < V K L N  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < V K L N  MMMMM A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < < L N  ?? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N ?  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N ?  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N ?  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N ?  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < < K L N ?  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N ?  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N ?  MMMMM A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N ?  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRD/lxv\\\\\@@\^zz^^^^x\\xLjjjjjj@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ \ < < V K L N ?  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N ?  MMMMM A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N ?  MMMMM A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N ?  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N ?  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N  MMMMM RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N  MMMMM A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR \ < < V K L N  MMMMM A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < V K L N  MMMMM A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : <! <K L" M ?#  MMMMM A$ A% RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :& <' <K L( M ?)  MMMMM A* A+ RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :, <- <. K L/ M ?0  MMMMM A1 A2 RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :3 <4 <K L5 M ?6  MMMMM A7 A8 RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :9 <: <K L; M ?<  MMMMM A= A> RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :? <@ ]9 LA  ??  ?B AC AD RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :E <F ]9 LG  ??  ?H AI AJ RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :K <L LM  ??  ?N AO AP RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :Q <R LS  ??  ?T AU AV RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :W <X LY  ??  ?Z RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :[ <\ < R] L^  ??  ?_ A` Aa RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :b <c Ld  ??  ?e RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :f <g Lh  ??  ?i RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :j [k Ll  ?? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :m <n Lo  ??  ?p RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :q <r <s <t Lu  ??  ?v  ?w  ?x Aw Ay RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :z <{ <s <| L}  ??  ?~  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < L  ??  ?  ?  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < L  ??  ?  ?  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < L  ??  ?  ?  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRDb.ljjj\xxxtttttZZLL0h00"0ZZZLL@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ?  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ?  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ?  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L  ??  ? RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < <J < L!  ??  ?" RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :# <$ <J < L%  ??  ?& RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :' <( <J < L)  ??  ?* RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :+ <, <J < L-  ??  ?. RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRD,lLLLLhLLLLLLLLLLLLLLLLLLLLLLL@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ :/ <0 <J < L1  ??  ?2 RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :3 <4 <J < L5  ??  ?6 RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :7 <8 <J < L9  ??  ?: RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :; << <J < L=  ??  ?> RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :? <@ <J < LA  ??  ?B RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :C <D <J < LE  ??  ?F RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :G <H <J < LI  ??  ?J RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :K <L <J < LM  ??  ?N RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :O <P <J < LQ  ??  ?R AS AT RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :U <V <J < LW  ??  ?X RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :Y <Z <J < L[  ??  ?\ RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :] <^ <J < L_  ??  ?` RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :a <b <J < Lc  ??  ?d RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :e <f <J < Lg  ??  ?h RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :i <j <J < Lk  ??  ?l RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :m <n <J < Lo  ??  ?p Aq Ar RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :s <t <J < Lu  ??  ?v Aw Ax RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :y <z <J L{  ??  ?| RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :} <~ < < L  ??  N  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ?RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRD-lLLLLLLLLhLLLLLLhh>dddHdddVdddd@@@@@@@@@ @ @ @ @ @@@@@@@@@@XXXXXXXXX : < < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ? ? A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ? ? A A RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :  <  < <  L   ? ? A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ? ? A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : < < < L  ?  ? A ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR : <  < <! L"  ?#  ? A$ A% RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :& <' <( <) L*  N+  N A, A- RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :. </ < <! L0  N1  N1 A2 A3 RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :4 <5 < <6 L7  N8  N A9 A: RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :; << < <= L>  N?  N A@ AA RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :B <C < <D LE  NF NRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :G <H <I <J LK  NL NRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :M <N < <O LP  NQ NRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :R <S < <T LU  NV N AWRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :X <Y < <Z L[  N\ N A] A^RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :_ <` < <a Lb  ?c NRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :d <e < <f Lg  Nh N Ai AjRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :k <l < <m Ln  No  NpRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :q <r <s Lt ?  ?uRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR :v Ww WF Wx^ XyNNNNNNNN Az A{AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq :| W} W <~^ XNNNNNNNN A AAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq : W W <^ XNNNNNNNN A AAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq : W W <^ XNNNNNNNN A AAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq : W W <^ XNNNNNNNN A AAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq : __ _^ XNNNNNNNN A AAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq : ` ` a^ XNNNNNNNN A AAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq : __ _^ XNNNNNNNN A AAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq : ` ` a^ XNNNNNNNN A AAAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqD.lddddddddhddhddHHHVdHdL:xxxxxtxt X!X"X#X$X%X&X'X(X)X*X+X,X-X.X/X0X1X2X3X4X5X6X7X8X9X:X;@< @= @>@?@ : ` ` a ^ X NNNNNNNN A A AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq !: !_!_ !_!^ !X!NNNNNNNN !A !A!AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq ": "` "` "a"^ "X"NNNNNNNN "A "A"AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq #: #_#_ #_#^ #X#NNNNNNNN #A #A#AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq $: $` $` $a$^ $X$NNNNNNNN $A $A$AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq %: %_%_ %_%^ %X%NNNNNNNN %A %A%AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq &: &` &` &a&^ &X&NNNNNNNN &A &A&AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq ': '` '` 'a'^ 'X'NNNNNNNN 'A 'A'AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq (: (_(_ (_(^ (X(NNNNNNNN (A (A(AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq ): )` )` )a)^ )X)NNNNNNNN )A )A)AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq *: *` *` *a*^ *X*NNNNNNNN *A *A*AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq +: +` +` +a+^ +X+NNNNNNNN +A +A+AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq ,: ,_,_ ,_,^ ,X,NNNNNNNN ,A ,A,AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq -: -_-_ -_-^ -X-NNNNNNNN -A -A-AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq .: .` .` .a.^ .X.NNNNNNNN .A .A.AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq /: /` /` /a/^ /X/NNNNNNNN /A /A/AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq 0: 0` 0` 0a0^ 0X0NNNNNNNN 0A  0A 0AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq 1:  1_ 1_ 1_ 1^ 1X1NNNNNNNN 1A 1A1AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq 2: 2` 2` 2a2^ 2X2NNNNNNNN 2A 2A2AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq 3: 3` 3` 3a3^ 3X3NNNNNNNN 3A 3A3AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq 4: 4W 4W 4<4^ 4X 4NNNNNNNN 4A! 4A"4AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq 5:# 5W$ 5W 5<%5^ 5X&5NNNNNNNN 5A' 5A(5AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq 6:) 6<* 6< 6W+6^ 6X, 6N-6NNNNNNN 6A. 6A/6AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq 7:0 7_17_ 7_27^ 7X37NNNNNNNN 7A4 7A57AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq 8:6 8_78_ 8_88^ 8X98NNNNNNNN 8A: 8A;8AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq 9:< 9_=9_ 9_>9^ 9X?9NNNNNNNN 9A@ 9AA9AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq ::B :_C:_ :_D:^ :XE:NNNNNNNN :AF :AG:AAPPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq ;:H ;bI ;<s ;_J;X ; ?? ; ?K ; ?L;RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR <:M << << <<N<L < ?? < ?O<RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR =:P =< =< =<N=L = ?? = ?O=RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR >:Q >_R >_S >_T >cU > ?? >RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR ?:V ?_W ?_S ?_X ?cY ? ?? ?RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRDj0lxtxtxtxxtxxxttxxxtxxxxttttVHH>@@A@B@C@D@E@F@G@H@I@J@K@L@MNOPQRSTU VWXY @:Z @_[ @_S @_\ @c] @ ?? @RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR A:^ A__ A_S A_` Aca A ?? ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR B:b B_c B_S B_d Bce B ?? BRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR C:f C_ C_S C_g Cch C ?? CRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR D:i D_j D_S D_k Dcl D ?? DRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR E:m E_n E_S E_o Ecp E ?? ERRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR F:q F_r F_S F_s Fct F ?? FRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR G:u G_v G_S G_w Gcx G ?? GRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR H:y H_z H_S H_{ Hc| H ?? HRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR I:} I_~ I_S I_ Ic I ?? IRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR J: J_ J_ J_Jc J ?? JRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR K: K_ K_S K_ Kc K ?? KRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR L: L_ L_S L_ Lc L ?? LRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Md Me Mf MfMX M ?? Mg MgMRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Nd Ne Nf NfNX N ?? Nh NhNRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Od Oe Of OfOX O ?? Og OgORRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Pd Pe Pf PfPX P ?? Ph PhPRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Qk Ql Ql Qm Qi QiQRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Rk Rl Rl Rm Rj RjRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Sk Sl Sl Sm Si SiSRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Tk Tl Tl Tm Tj TjTRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Uk Ul Ul Um Ui UiURRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Vk Vl Vl Vm Vj VjVRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Wk Wl Wl Wm Wi WiWRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Xk Xl Xl Xm Xj XjXRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR Yk Yn Yf Ym Yi YiYRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR8">>>>>>>>>>:>>VVVV>>>>>>>>>@dRRA FF yK yK Lftp://ftp.exepermissions/yX;H,]ą'cggD Oh+'0@H\x  Sain, JoeMatthew N. WojcikMicrosoft Excel@?v@1a՜.+,D՜.+, PXx  The MITRE Corporation winxp  Worksheets 8@ _PID_HLINKSAlSGftp://ftp.exepermissions/  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~     Root Entry FR'pWorkbookSummaryInformation(DocumentSummaryInformation8