????

Your IP : 18.216.93.197

Current Path : C:/Program Files/IIS/Microsoft Web Deploy V3/Scripts/
Upload File :
Current File : C:/Program Files/IIS/Microsoft Web Deploy V3/Scripts/AddDelegationRules.ps1

��# Web Deploy: Powershell script to set up delegated deployments with Web Deploy

# Copyright (C) Microsoft Corp. 2010

#

# Requirements: IIS 7, Windows Server 2008 (or higher)

#

# elevatedUsername/elevatedPassword: Credentials of a user that has write access to applicationHost.config. Used for createApp, appPoolNetFx, appPoolPipeline delegation rules.

# adminUsername/adminPassword: Credentials of a user that is in the Administrators security group on this server. Used for recycleApp delegation rule.







param(

    $elevatedUsername,



    $elevatedPassword,



    $adminUsername,



    $adminPassword,



    [switch]$ignorePasswordResetErrors

)



# ==================================



Import-LocalizedData -BindingVariable Resources -FileName Resources.psd1



 #constants

 $SCRIPTERROR = 0

 $logfile = ".\HostingLog-$(get-date -format MMddyyHHmmss).log"

 $WARNING = 1

 $INFO = 2



# ================ METHODS =======================



# this function does logging

function write-log([int]$type, [string]$info){



    $message = $info -f $args

    $logMessage = get-date -format HH:mm:ss



    Switch($type){

        $SCRIPTERROR{

            $logMessage = $logMessage + "`t" + $Resources.Error + "`t" +  $message

            write-host -foregroundcolor white -backgroundcolor red $logMessage

        }

        $WARNING{

            $logMessage = $logMessage + "`t" + $Resources.Warning + "`t" +  $message

            write-host -foregroundcolor black -backgroundcolor yellow $logMessage

        }

        default{

            $logMessage = $logMessage + "`t" + $Resources.Info + "`t" +  $message

            write-host -foregroundcolor black -backgroundcolor green  $logMessage

        }

    }



    $logMessage >> $logfile

}



# returns false if OS is not server SKU

 function NotServerOS

 {

    $sku = $((gwmi win32_operatingsystem).OperatingSystemSKU)



    # To account for future new SKUs, we instead keep a list of SKUs that we know are not Server SKUs

    # See https://msdn.microsoft.com/en-us/library/aa394239(v=vs.85).aspx for the list of Windows SKUs

    $non_server_skus = @(1, 2, 3, 4, 6, 11, 27, 28, 97, 101, 103, 104, 123)



    return ($non_server_skus -contains $sku)

 }



 function CheckHandlerInstalled

 {

    trap [Exception]

    {

        return $false

    }

    $serverManager = (New-Object Microsoft.Web.Administration.ServerManager)

    $serverManager.GetAdministrationConfiguration().GetSection("system.webServer/management/delegation").GetCollection()

    return $true

 }



 # gives a user permissions to a file on disk

 function GrantPermissionsOnDisk($username, $path, $type, $options)

 {

    trap [Exception]{

        write-log $SCRIPTERROR $Resources.NotGrantedPermissions $type $username $path

    }



    $acl = (Get-Item $path).GetAccessControl("Access")

    $accessrule = New-Object system.security.AccessControl.FileSystemAccessRule($username, $type, $options, "None", "Allow")

    $acl.AddAccessRule($accessrule)

    set-acl -aclobject $acl $path

    $message =

    write-log $INFO $Resources.GrantedPermissions $type $username $path

}



 function GetOrCreateUser($username)

 {

    if(-not (CheckLocalUserExists($username) -eq $true))

    {

        $comp = [adsi] "WinNT://$env:computername,computer"

        $user = $comp.Create("User", $username)

        write-log $INFO $Resources.CreatedUser $username

    }

    else

    {

        $user = [adsi] "WinNT://$env:computername/$username, user"

    }

    return $user

 }



 function GetAdminGroupName()

 {

    $securityIdentifier = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")

    $adminName = $securityIdentifier.Translate([System.Type]::GetType("System.Security.Principal.NTAccount")).ToString()

    $array = $adminName -split "\\"

    if($array.Count -eq 2)

    {

        return $array[1]

    }



    return "Administrators"

 }



 function CreateLocalUser($username, $password, $isAdmin)

 {

    $user = GetOrCreateUser($username)

    $user.SetPassword($password)

    $user.SetInfo()



    if($isAdmin)

    {

        $adminGroupName = GetAdminGroupName

        if(-not((CheckIfUserIsAdmin $adminGroupName $username) -eq $true))

        {

            $group = [ADSI]"WinNT://$env:computername/$adminGroupName,group"

            $group.add("WinNT://$env:computername/$username")

            write-log $INFO $Resources.AddedUserAsAdmin $username

        }

        else

        {

            write-log $INFO $Resources.IsAdmin $username

        }

    }



    return $true

 }



 function CheckLocalUserExists($username)

 {

    $objComputer = [ADSI]("WinNT://$env:computername")

    $colUsers = ($objComputer.psbase.children | Where-Object {$_.psBase.schemaClassName -eq "User"} | Select-Object -expand Name)



    $blnFound = $colUsers -contains $username



    if ($blnFound){

        return $true

    }

    else{

        return $false

    }

 }



 function CheckIfUserIsAdmin($adminGroupName, $username)

 {

    $computer = [ADSI]("WinNT://$env:computername,computer")

    $group = $computer.psbase.children.find($adminGroupName)



    $colMembers = $group.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name",'GetProperty',$null,$_,$null)}



    $bIsMember = $colMembers -contains $username

    if($bIsMember)

    {

        return $true

    }

    else

    {

        return $false

    }

 }



 function GenerateStrongPassword()

 {

    [System.Reflection.Assembly]::LoadWithPartialName("System.Web") > $null

    return [System.Web.Security.Membership]::GeneratePassword(16,6)

 }



 function Initialize

 {

    trap [Exception]

    {

        write-log $SCRIPTERROR $Resources.CheckIIS7Installed

        break

    }



    [System.Reflection.Assembly]::LoadFrom( ${env:windir} + "\system32\inetsrv\Microsoft.Web.Administration.dll" ) > $null

 }



 # gets path of applicationHost.config

 function GetApplicationHostConfigPath

 {

    return (${env:windir} + "\system32\inetsrv\config\applicationHost.config")

 }

 

function GetValidWebDeployInstallPath()

{

    foreach($number in 3..1)

    {

        $keyPath = "HKLM:\Software\Microsoft\IIS Extensions\MSDeploy\" + $number

        if(Test-Path($keypath))

        {

            return $keypath

        }

    }

    return $null

}



function IsWebDeployInstalled()

 {

    $webDeployKeyPath = GetValidWebDeployInstallpath



    if($webDeployKeyPath)

    {

        $value = (get-item($webDeployKeyPath)).GetValue("Install")

        if($value -eq 1)

        {

            return $true

        }

    }

    return $false

 }



 function CheckRuleExistsAndUpdateRunAs($serverManager, $path, $providers, $identityType, $userName, $password)

 {

    for($i=0;$i-lt $delegationRulesCollection.Count;$i++)

    {

        $providerValue = $delegationRulesCollection[$i].Attributes["providers"].Value

        $pathValue = $delegationRulesCollection[$i].Attributes["path"].Value

        $enabled = $delegationRulesCollection[$i].Attributes["enabled"].Value



        if( $providerValue -eq $providers -AND

            $pathValue -eq $path)

        {

            if($identityType -eq "SpecificUser")

            {

                $runAsElement = $delegationRulesCollection[$i].ChildElements["runAs"];

                $runAsElement.Attributes["userName"].Value = $userName

                $runAsElement.Attributes["password"].Value = $password

                $serverManager.CommitChanges()

                write-log $INFO $Resources.UpdatedRunAsForSpecificUser $providers $username

            }



            if($enabled -eq $false)

            {

                $delegationRulesCollection[$i].Attributes["enabled"].Value = $true

                $serverManager.CommitChanges()

            }

            return $true

        }

    }

    return $false

 }



function CheckSharedConfigNotInUse()

{

    $serverManager = (New-Object Microsoft.Web.Administration.ServerManager)

    $section = $serverManager.GetRedirectionConfiguration().GetSection("configurationRedirection")

    $enabled = [bool]$section["enabled"]

    if ($enabled -eq $true)

    {

        return $false

    }

    return $true

}



 function CreateDelegationRule($providers, $path, $pathType, $identityType, $userName, $password, $enabled)

 {

    $serverManager = (New-Object Microsoft.Web.Administration.ServerManager)

    $delegationRulesCollection = $serverManager.GetAdministrationConfiguration().GetSection("system.webServer/management/delegation").GetCollection()

    if(CheckRuleExistsAndUpdateRunAs $serverManager $path $providers $identityType $userName $password )

    {

        write-log $INFO $Resources.RuleNotCreated $providers

        return

    }



    $newRule = $delegationRulesCollection.CreateElement("rule")

    $newRule.Attributes["providers"].Value = $providers

    $newRule.Attributes["actions"].Value = "*"

    $newRule.Attributes["path"].Value = $path

    $newRule.Attributes["pathType"].Value = $pathType

    $newRule.Attributes["enabled"].Value = $enabled



    $runAs = $newRule.GetChildElement("runAs")



    if($identityType -eq "SpecificUser")

    {

        $runAs.Attributes["identityType"].Value = "SpecificUser"

        $runAs.Attributes["userName"].Value = $userName

        $runAs.Attributes["password"].Value = $password

    }

    else

    {

        $runAs.Attributes["identityType"].Value = "CurrentUser"

    }



    $permissions = $newRule.GetCollection("permissions")

    $user = $permissions.CreateElement("user")

    $user.Attributes["name"].Value = "*"

    $user.Attributes["accessType"].Value = "Allow"

    $user.Attributes["isRole"].Value = "False"

    $permissions.Add($user) | out-null



    $delegationRulesCollection.Add($newRule) | out-null

    $serverManager.CommitChanges()



    write-log $INFO $Resources.CreatedRule $providers

 }



 function CheckUserViaLogon($username, $password)

 {



 $signature = @'

    [DllImport("advapi32.dll")]

    public static extern int LogonUser(

        string lpszUserName,

        string lpszDomain,

        string lpszPassword,

        int dwLogonType,

        int dwLogonProvider,

        ref IntPtr phToken);

'@



    $type = Add-Type -MemberDefinition $signature  -Name Win32Utils -Namespace LogOnUser  -PassThru



    [IntPtr]$token = [IntPtr]::Zero



    $value = $type::LogOnUser($username, $env:computername, $password, 2, 0, [ref] $token)



    if($value -eq 0)

    {

        return $false

    }



    return $true

 }



 function CheckUsernamePasswordCombination($user, $password)

 {

    if($user -AND !$password)

    {

        if(CheckLocalUserExists($user) -eq $true)

        {

            if(!$ignorePasswordResetErrors)

            {

                write-log $SCRIPTERROR $Resources.NoPasswordForGivenUser $user

                return $false

            }

            else

            {

                write-Log $INFO $Resources.PasswordWillBeReset $user

                return $true

            }

        }

    }



    if(($user) -AND ($password))

    {

        if(CheckLocalUserExists($user) -eq $true)

        {

            if(CheckUserViaLogon $user $password)

            {

                return $true

            }

            else

            {

                write-Log $SCRIPTERROR $Resources.FailedToValidateUserWithSpecifiedPassword $user

                return $false

            }

        }

    }



    return $true

 }



#================= Main Script =================



 if(NotServerOS)

 {

    write-log $SCRIPTERROR $Resources.NotServerOS

    break

 }



 Initialize

 if(CheckSharedConfigNotInUse)

 {

     if(IsWebDeployInstalled)

     {

        if(CheckHandlerInstalled)

        {

            if((CheckUsernamePasswordCombination $elevatedUsername $elevatedPassword) -AND

                (CheckUsernamePasswordCombination $adminUsername $adminPassword))

            {



                if(!$elevatedUsername)

                {

                    $elevatedUsername = "WDeployConfigWriter"

                }



                if(!$adminUsername)

                {

                    $adminUsername = "WDeployAdmin"

                }



                if(!$elevatedPassword)

                {

                    $elevatedPassword = GenerateStrongPassword

                }



                if(!$adminPassword)

                {

                    $adminPassword = GenerateStrongPassword

                }



                # create local user which has write access to applicationHost.config and administration.config

                if(CreateLocalUser $elevatedUsername $elevatedPassword $false)

                {

                    # create local admin user which can recycle application pools

                    if(CreateLocalUser $adminUsername $adminPassword $true)

                    {

                        $applicationHostConfigPath = GetApplicationHostConfigPath

                        GrantPermissionsOnDisk $elevatedUsername $applicationHostConfigPath "ReadAndExecute,Write" "None"

                        

                        CreateDelegationRule "contentPath, iisApp" "{userScope}" "PathPrefix" "CurrentUser" "" "" "true"

                        CreateDelegationRule "dbFullSql" "Data Source=" "ConnectionString" "CurrentUser" "" "" "true"

                        CreateDelegationRule "dbDacFx" "Data Source=" "ConnectionString" "CurrentUser" "" "" "true"

                        CreateDelegationRule "dbMySql" "Server=" "ConnectionString" "CurrentUser" "" "" "true"

                        CreateDelegationRule "createApp" "{userScope}" "PathPrefix" "SpecificUser" $elevatedUsername $elevatedPassword "true"

                        CreateDelegationRule "setAcl" "{userScope}" "PathPrefix" "CurrentUser" "" "" "true"

                        CreateDelegationRule "recycleApp" "{userScope}" "PathPrefix" "SpecificUser" $adminUsername $adminPassword "true"

                        CreateDelegationRule "appPoolPipeline,appPoolNetFx" "{userScope}" "PathPrefix" "SpecificUser" $elevatedUsername $elevatedPassword "true"

                        CreateDelegationRule "backupSettings" "{userScope}" "PathPrefix" "SpecificUser" $elevatedUsername $elevatedPassword "true"

                        CreateDelegationRule "backupManager" "{userScope}" "PathPrefix" "CurrentUser" "" "" "true"

                    }

                    else

                    {

                        break

                    }

                }

                else

                {

                    break

                }

            }

            else

            {

                break

            }

        }

        else

        {

            write-log $SCRIPTERROR $Resources.HandlerNotInstalledQ

            break

        }

     }

     else

     {

        write-log $SCRIPTERROR $Resources.WDeployNotInstalled

     }

 }

 else

 {

    write-log $SCRIPTERROR $Resources.SharedConfigInUse

 }



# SIG # Begin signature block

# MIIoLQYJKoZIhvcNAQcCoIIoHjCCKBoCAQExDzANBglghkgBZQMEAgEFADB5Bgor

# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG

# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCC2BZMaEr2kY2bB

# xC1LjW/oWrN3Bn6TzKyFjkvf1s+x2qCCDXYwggX0MIID3KADAgECAhMzAAADrzBA

# DkyjTQVBAAAAAAOvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD

# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy

# b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p

# bmcgUENBIDIwMTEwHhcNMjMxMTE2MTkwOTAwWhcNMjQxMTE0MTkwOTAwWjB0MQsw

# CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u

# ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy

# b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB

# AQDOS8s1ra6f0YGtg0OhEaQa/t3Q+q1MEHhWJhqQVuO5amYXQpy8MDPNoJYk+FWA

# hePP5LxwcSge5aen+f5Q6WNPd6EDxGzotvVpNi5ve0H97S3F7C/axDfKxyNh21MG

# 0W8Sb0vxi/vorcLHOL9i+t2D6yvvDzLlEefUCbQV/zGCBjXGlYJcUj6RAzXyeNAN

# xSpKXAGd7Fh+ocGHPPphcD9LQTOJgG7Y7aYztHqBLJiQQ4eAgZNU4ac6+8LnEGAL

# go1ydC5BJEuJQjYKbNTy959HrKSu7LO3Ws0w8jw6pYdC1IMpdTkk2puTgY2PDNzB

# tLM4evG7FYer3WX+8t1UMYNTAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE

# AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQURxxxNPIEPGSO8kqz+bgCAQWGXsEw

# RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW

# MBQGA1UEBRMNMjMwMDEyKzUwMTgyNjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci

# tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j

# b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG

# CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu

# Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0

# MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAISxFt/zR2frTFPB45Yd

# mhZpB2nNJoOoi+qlgcTlnO4QwlYN1w/vYwbDy/oFJolD5r6FMJd0RGcgEM8q9TgQ

# 2OC7gQEmhweVJ7yuKJlQBH7P7Pg5RiqgV3cSonJ+OM4kFHbP3gPLiyzssSQdRuPY

# 1mIWoGg9i7Y4ZC8ST7WhpSyc0pns2XsUe1XsIjaUcGu7zd7gg97eCUiLRdVklPmp

# XobH9CEAWakRUGNICYN2AgjhRTC4j3KJfqMkU04R6Toyh4/Toswm1uoDcGr5laYn

# TfcX3u5WnJqJLhuPe8Uj9kGAOcyo0O1mNwDa+LhFEzB6CB32+wfJMumfr6degvLT

# e8x55urQLeTjimBQgS49BSUkhFN7ois3cZyNpnrMca5AZaC7pLI72vuqSsSlLalG

# OcZmPHZGYJqZ0BacN274OZ80Q8B11iNokns9Od348bMb5Z4fihxaBWebl8kWEi2O

# PvQImOAeq3nt7UWJBzJYLAGEpfasaA3ZQgIcEXdD+uwo6ymMzDY6UamFOfYqYWXk

# ntxDGu7ngD2ugKUuccYKJJRiiz+LAUcj90BVcSHRLQop9N8zoALr/1sJuwPrVAtx

# HNEgSW+AKBqIxYWM4Ev32l6agSUAezLMbq5f3d8x9qzT031jMDT+sUAoCw0M5wVt

# CUQcqINPuYjbS1WgJyZIiEkBMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq

# hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x

# EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv

# bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5

# IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG

# EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG

# A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg

# Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC

# CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03

# a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr

# rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg

# OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy

# 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9

# sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh

# dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k

# A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB

# w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn

# Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90

# lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w

# ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o

# ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD

# VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa

# BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny

# bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG

# AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t

# L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV

# HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3

# dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG

# AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl

# AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb

# C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l

# hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6

# I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0

# wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560

# STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam

# ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa

# J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah

# XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA

# 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt

# Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr

# /Xmfwb1tbWrJUnMTDXpQzTGCGg0wghoJAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw

# EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN

# aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp

# Z25pbmcgUENBIDIwMTECEzMAAAOvMEAOTKNNBUEAAAAAA68wDQYJYIZIAWUDBAIB

# BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO

# MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIE2jnS48lSR2QyC9drznMKas

# oiVn+4eNtic3562dbptGMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A

# cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB

# BQAEggEAdtDPHd4OFE+iJsXeVPjH9XdkR4WUeJmw1bMP40FAS7xr61PM0GM0RvPP

# 0A7VZaSd5qy1NcrROkVJ477wtPvgeOLBrIPscwOsBVLWug2c6lE/HRDUitykdnxb

# 3I1E73LNLslw+ulZGSscJshf6KITi8RSz1mcKuQBPS+zbJOsOg7vyPOhNBPnlOLa

# vEEhnSlF2N0P6X+/7DU/83m2FM6/ygftajtpb7oJF0TCHma+NzUy4sg74yIYnXzX

# BmLoVLWRqXBx1bAEwXFfG36p7UvkWm8iVSPRUoUbCIwzC3fVGoW2Wgf7D1p5X/NV

# Xl9aNN35Oxo4l44gisQX1Dpjb5d6G6GCF5cwgheTBgorBgEEAYI3AwMBMYIXgzCC

# F38GCSqGSIb3DQEHAqCCF3AwghdsAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFSBgsq

# hkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl

# AwQCAQUABCAMqguSAIIQ5X1G2EhEGsSVziro5bO2f4wl2rIgD+6B3AIGZc5Ci9En

# GBMyMDI0MDIyODIxMTAzOC44MjRaMASAAgH0oIHRpIHOMIHLMQswCQYDVQQGEwJV

# UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE

# ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l

# cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046RjAwMi0w

# NUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2Wg

# ghHtMIIHIDCCBQigAwIBAgITMwAAAfI+MtdkrHCRlAABAAAB8jANBgkqhkiG9w0B

# AQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE

# BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD

# VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAeFw0yMzEyMDYxODQ1

# NThaFw0yNTAzMDUxODQ1NThaMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz

# aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv

# cnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25z

# MScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046RjAwMi0wNUUwLUQ5NDcxJTAjBgNV

# BAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIiMA0GCSqGSIb3DQEB

# AQUAA4ICDwAwggIKAoICAQC85fPLFwppYgxwYxkSEeYvQBtnYJTtKKj2FKxzHx0f

# gV6XgIIrmCWmpKl9IOzvOfJ/k6iP0RnoRo5F89Ad29edzGdlWbCj1Qyx5HUHNY8y

# u9ElJOmdgeuNvTK4RW4wu9iB5/z2SeCuYqyX/v8z6Ppv29h1ttNWsSc/KPOeuhzS

# AXqkA265BSFT5kykxvzB0LxoxS6oWoXWK6wx172NRJRYcINfXDhURvUfD70jioE9

# 2rW/OgjcOKxZkfQxLlwaFSrSnGs7XhMrp9TsUgmwsycTEOBdGVmf1HCD7WOaz5EE

# cQyIS2BpRYYwsPMbB63uHiJ158qNh1SJXuoL5wGDu/bZUzN+BzcLj96ixC7wJGQM

# BixWH9d++V8bl10RYdXDZlljRAvS6iFwNzrahu4DrYb7b8M7vvwhEL0xCOvb7WFM

# sstscXfkdE5g+NSacphgFfcoftQ5qPD2PNVmrG38DmHDoYhgj9uqPLP7vnoXf7j6

# +LW8Von158D0Wrmk7CumucQTiHRyepEaVDnnA2GkiJoeh/r3fShL6CHgPoTB7oYU

# /d6JOncRioDYqqRfV2wlpKVO8b+VYHL8hn11JRFx6p69mL8BRtSZ6dG/GFEVE+fV

# mgxYfICUrpghyQlETJPITEBS15IsaUuW0GvXlLSofGf2t5DAoDkuKCbC+3VdPmlY

# VQIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFJVbhwAm6tAxBM5cH8Bg0+Y64oZ5MB8G

# A1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1UdHwRYMFYwVKBSoFCG

# Tmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUy

# MFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggrBgEFBQcBAQRgMF4w

# XAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2Vy

# dHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3J0MAwG

# A1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwDgYDVR0PAQH/BAQD

# AgeAMA0GCSqGSIb3DQEBCwUAA4ICAQA9S6eO4HsfB00XpOgPabcN3QZeyipgilcQ

# SDZ8g6VCv9FVHzdSq9XpAsljZSKNWSClhJEz5Oo3Um/taPnobF+8CkAdkcLQhLdk

# Shfr91kzy9vDPrOmlCA2FQ9jVhFaat2QM33z1p+GCP5tuvirFaUWzUWVDFOpo/O5

# zDpzoPYtTr0cFg3uXaRLT54UQ3Y4uPYXqn6wunZtUQRMiJMzxpUlvdfWGUtCvnW3

# eDBikDkix1XE98VcYIz2+5fdcvrHVeUarGXy4LRtwzmwpsCtUh7tR6whCrVYkb6F

# udBdWM7TVvji7pGgfjesgnASaD/ChLux66PGwaIaF+xLzk0bNxsAj0uhd6QdWr6T

# T39m/SNZ1/UXU7kzEod0vAY3mIn8X5A4I+9/e1nBNpURJ6YiDKQd5YVgxsuZCWv4

# Qwb0mXhHIe9CubfSqZjvDawf2I229N3LstDJUSr1vGFB8iQ5W8ZLM5PwT8vtsKEB

# wHEYmwsuWmsxkimIF5BQbSzg9wz1O6jdWTxGG0OUt1cXWOMJUJzyEH4WSKZHOx53

# qcAvD9h0U6jEF2fuBjtJ/QDrWbb4urvAfrvqNn9lH7gVPplqNPDIvQ8DkZ3lvbQs

# Yqlz617e76ga7SY0w71+QP165CPdzUY36et2Sm4pvspEK8hllq3IYcyX0v897+X9

# YeecM1Pb1jCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkAAAAAABUwDQYJKoZI

# hvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw

# DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x

# MjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAy

# MDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVowfDELMAkGA1UEBhMC

# VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV

# BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp

# bWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC

# AQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX9gF/bErg4r25Phdg

# M/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1qUoNEt6aORmsHFPPF

# dvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTamDu6

# GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byNpOORj7I5LFGc6XBp

# Dco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2krnopN6zL64NF50Zu

# yjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4dPf0gz3N9QZpGdc3E

# XzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgSUei/BQOj0XOmTTd0

# lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi0b1q

# GFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU2LlQ

# +QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzFER1y7435UsSFF5PA

# PBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQIDAQABo4IB3TCCAdkw

# EgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6CkTxG

# NSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMFwGA1UdIARV

# MFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWlj

# cm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUEDDAK

# BggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC

# AYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvX

# zpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20v

# cGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYI

# KwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5j

# b20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG

# 9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaTlz0x

# M7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN3Zi6th542DYunKmC

# VgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f8449

# xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVCs/wM

# nosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzskYDS

# PeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB62FD+CljdQDzHVG2d

# Y3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+kKNxn

# GSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+Crvs

# QWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAoGokL

# jzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRbatGePu1+oDEzfbzL

# 6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQdVTNYs6FwZvKhggNQ

# MIICOAIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp

# bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw

# b3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEn

# MCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOkYwMDItMDVFMC1EOTQ3MSUwIwYDVQQD

# ExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEwBwYFKw4DAhoDFQBr

# i943cFLH2TfQEfB05SLICg74CKCBgzCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYD

# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy

# b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w

# IFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA6YnjxjAiGA8yMDI0MDIyODE2NTQz

# MFoYDzIwMjQwMjI5MTY1NDMwWjB3MD0GCisGAQQBhFkKBAExLzAtMAoCBQDpiePG

# AgEAMAoCAQACAiexAgH/MAcCAQACAhOBMAoCBQDpizVGAgEAMDYGCisGAQQBhFkK

# BAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEAAgMBhqAwDQYJ

# KoZIhvcNAQELBQADggEBAOjY8/tDno1+5cHpFkRHmdmxMnMnPcRxr9+6pCSbMZpk

# X44Rk2pmSanpWSa+4rUTSfDRBCE6BA0RVmBMbtfAbWgZuWZmMGX01y+CjYZsaBkX

# WO7UCfJjJnyBZLYzLUgjVrfvFuiHQL9/PEsMI0jgD3gTx2A7eriRXzoS6HL2tz7i

# k9AZzoYk+eGXLxtjW7CBLpYQmtVCLUmVsiI8y76Eq/41DCJEq5xdAAP/QOpBxQUc

# HUdN67ML3m4YqypIBWxjm6Xs6pttqBIO9IDASEyw5JdvwcS6FkJ1XKW9cLMyFvD2

# P/+qTonhrdIuKKoGXxuP5U6L4UGVYLtTRJegiPB7HfQxggQNMIIECQIBATCBkzB8

# MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk

# bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1N

# aWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAfI+MtdkrHCRlAABAAAB

# 8jANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE

# MC8GCSqGSIb3DQEJBDEiBCBhDog9U6MBYUz6Y+uaqyu/RFzpeRzXpZiHf5Xt3HKm

# MTCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EIPjaPh0uMVJc04+Y4Ru5BUUb

# HE4suZ6nRHSUu0XXSkNEMIGYMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgT

# Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m

# dCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENB

# IDIwMTACEzMAAAHyPjLXZKxwkZQAAQAAAfIwIgQglLvTudQkfCg6HJBkU+n9iIn4

# FC7GBY8+x0ZG4Dv31vMwDQYJKoZIhvcNAQELBQAEggIAKUJ7L5Xbi/N4QuclzO2Z

# XJoL7Nw2FGmm9caq0LYXZjASjm7qcqvqrHlBkoAQc6EAqwW8ZcGZM+PqWzUllJR9

# kwzZ1lGEFpMzgUWXPXkf6EWQ1FlF9syG9cSlBHLaME1JaNt4UMFEugtx++CN09LA

# mRQKeAlSgeRAXlcuLOZtFxoBYODSzs1PZbYJ6PegjsPfV63z5490xzIxVBiuc2Kl

# VGoQa5zYCTI3J3apbnxbkSiV3J6ibDVJ94NAH8QDqRmspvDCYryWUpTwbVks/byK

# HRp2FVcvSAO2G5CZp+kuqqD6IPlf1G8QqjOx6ohB6R1hPl+zGS7Nh4t4qeazRNiK

# XtuME90hMsC8paSyBTKy6rOblKK0BbEjsjfIbRzAwiHgOqBAMyFnitcCIE9kK0x+

# X0CE+Oc9y6QFB3grbscDL9qyoM5bcdg7mkuGMTrlZ2RBm0Svb0cq4vjiuZ6hnROc

# hqYd4f8xD/9hXgy9Wiu97Y1ExPwOPGgTI2k8oyvj2ERAS/c6Vqlj3oR2tKe97oHu

# XneRJPKKsUT+ITcWrRySfeRkFp3qdfyJOIpzUSS0C5nyUxYjvrlNh3lriRHnZQz5

# KNJUvGQld/HIs+NHc7o5UTJTzX5+7tDQ+gdfFVdqNqPfKf29eQYy07vq4gNDgJja

# MBmtjHVjJ4KCfIBoxO79tM8=

# SIG # End signature block