public/Set-DbsAcl.ps1
|
function Set-DbsAcl { <# .SYNOPSIS Sets the permissions required by DISA for SQL Server directories .DESCRIPTION Sets the required permissions for SQL Server directories By default, it will detect and secure the default Data, Log and Backup directories .PARAMETER SqlInstance The target SQL Server instance or instances This is required to get specific information about the paths to modify The base computer name is also used to perform the actual modifications .PARAMETER SqlCredential Login to the target _SQL Server_ instance using alternative credentials .PARAMETER Credential Login to the target _Windows_ instance using alternative credentials .PARAMETER Owner The account that will be set as the folder owner .PARAMETER Account The account name or names that are to be granted permissions along with the service accounts .PARAMETER Path By default, the ACLs on the paths to the data, log and backup files will be modified If you want to set permissions on a specific path, use this option Note that if your Backup directory is a UNC share, it will be skipped .PARAMETER WhatIf If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run .PARAMETER Confirm If this switch is enabled, you will be prompted for confirmation before executing any operations that change state .PARAMETER EnableException By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message. This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting. Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch. .NOTES Tags: V-79215, V-79151, V-79153, V-79155, V-79163 Author: Chrissy LeMaire (@cl), netnerds.net Copyright: (c) 2020 by Chrissy LeMaire, licensed under MIT License: MIT https://opensource.org/licenses/MIT .EXAMPLE PS C:\> Set-DbsAcl -SqlInstance sql2017, sql2016, sql2012 -Account "AD\SQL Admins" -Owner "AD\SQL Service" Sets permissions for the default data, log and backups on sql2017, sql2016, sql2012 Adds appropriate permissions for the "AD\SQL Admins" group as well as the SQL Server service accountsas Full Access Also sets the owner of the folder to "AD\SQL Service" .EXAMPLE PS C:\> Get-DbaRegServer -SqlInstance sqlcentral | Set-DbsAcl -Account "AD\SQL Admins" -Owner "AD\SQL Service" Sets the appropriate permissions for all SQL Servers stored in the sqlcentral registered server #> [CmdletBinding(SupportsShouldProcess, ConfirmImpact = "Medium")] param ( [parameter(Mandatory, ValueFromPipeline)] [DbaInstanceParameter[]]$SqlInstance, [PsCredential]$SqlCredential, [PsCredential]$Credential, [parameter(Mandatory)] [string]$Owner, [parameter(Mandatory)] [string[]]$Account, [string[]]$Path, [switch]$EnableException ) begin { . "$script:ModuleRoot\private\Set-Defaults.ps1" } process { foreach ($instance in $SqlInstance) { try { $server = Connect-DbaInstance -SqlInstance $instance } catch { Stop-PSFFunction -Message "Error occurred while establishing connection to $instance" -Category ConnectionError -ErrorRecord $_ -Target $instance -Continue } if (-not $PSBoundParameters.Path) { $defaults = Get-DbaDefaultPath -SqlInstance $server $Path = $defaults.Data, $defaults.Log, $defaults.Backup | Where-Object { $_ -notmatch '\\\\' } | Select-Object -Unique } try { $computername = $instance.ComputerName $instancename = $instance.InstanceName $services = Get-DbaService -ComputerName $instance 3>$null $dbengine = $services | Where-Object DisplayName -match "SQL Server \($instancename\)" $dbaccount = $dbengine.StartName $agentengine = $services | Where-Object DisplayName -match "SQL Server Agent \($instancename\)" $agentaccount = $agentengine.StartName if ($dbaccount.length -lt 2) { Stop-PSFFunction -Message "Couldn't get service information for $instance, moving on" -Continue } foreach ($folder in $Path) { Write-PSFMessage -Level Verbose -Message "Modifying $folder on $computername" if ($PSCmdlet.ShouldProcess($computername, "Removing permission protections for $folder")) { try { Invoke-PSFCommand -ComputerName $computername -ScriptBlock { param ($folder) # set it as a script variable to ensure it persists in the session, may be excessive $script:acl = Get-Acl -Path $folder -ErrorAction Stop $script:acl.SetAccessRuleProtection($true, $true) $null = Set-Acl -Path $folder -AclObject $script:acl -ErrorAction Stop } -ArgumentList $folder -ErrorAction Stop } catch { Stop-PSFFunction -Message "Issue setting file permissions on $folder" -ErrorRecord $_ -Continue } } if ($PSCmdlet.ShouldProcess($computername, "Collecting all access rules for $folder")) { try { $access = Invoke-PSFCommand -ComputerName $computername -ScriptBlock { param ($folder) (Get-Acl -Path $folder -ErrorAction Stop).Access } -ArgumentList $folder -ErrorAction Stop } catch { Stop-PSFFunction -Message "Issue collecting file permissions on $folder" -ErrorRecord $_ -Continue } } if ($PSCmdlet.ShouldProcess($computername, "Removing all access rules for $folder")) { try { Invoke-PSFCommand -ComputerName $computername -ScriptBlock { param ($folder, $VerbosePreference) $script:acl = Get-Acl -Path $folder $access = $script:acl.Access foreach ($a in $access) { $accessrule = "$($a.IdentityReference) - $($a.AccessControlType) - $($a.FileSystemRights)" Write-Verbose -Message "Removing access rule $accessrule from $folder on $env:COMPUTERNAME" $null = $script:acl.RemoveAccessRule($a) } } -ArgumentList $folder, $VerbosePreference -ErrorAction Stop } catch { Stop-PSFFunction -Message "Issue setting file permissions on $folder" -ErrorRecord $_ -Continue } } # Add local admin $accountdisplay = @() foreach ($username in $Account) { $accountdisplay += $username if ($PSCmdlet.ShouldProcess($computername, "Adding full control for $username on $folder")) { try { Invoke-PSFCommand -ComputerName $computername -ScriptBlock { param ($username, $VerbosePreference) $permission = $username, "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow" $rule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission $script:acl.SetAccessRule($rule) } -ArgumentList $username, $VerbosePreference -ErrorAction Stop } catch { Stop-PSFFunction -Message "Issue setting file permissions for $username on $folder" -ErrorRecord $_ -Continue } } } if ($PSCmdlet.ShouldProcess($computername, "Setting the full control permissions for $dbaccount on $folder")) { $accountdisplay += $dbaccount if ($dbaccount -ne $agentaccount) { $accountdisplay += $agentaccount } try { $null = Invoke-PSFCommand -ComputerName $computername -ScriptBlock { param ($dbaccount, $agentaccount, $VerbosePreference) $permission = "$dbaccount", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow" $rule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission $script:acl.SetAccessRule($rule) if ($dbaccount -ne $agentaccount) { $accountdisplay += $agentaccount $permission = "$agentaccount", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow" $rule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission $script:acl.SetAccessRule($rule) } } -ArgumentList $dbaccount, $agentaccount, $VerbosePreference -ErrorAction Stop } catch { Stop-PSFFunction -Message "Issue setting file permissions on $folder for $dbaacount or $agentaccount" -ErrorRecord $_ -Continue } } if ($PSCmdlet.ShouldProcess($computername, "Changing the owner for $folder")) { try { $null = Invoke-PSFCommand -ComputerName $computername -ScriptBlock { param ($Owner) $script:acl.SetOwner([System.Security.Principal.NTAccount]$Owner) } -ArgumentList $Owner -ErrorAction Stop } catch { Stop-PSFFunction -Message "Changing owner on $folder on $computername" -ErrorRecord $_ -Continue } } if ($PSCmdlet.ShouldProcess($computername, "Performing the actual set")) { try { $null = Invoke-PSFCommand -ComputerName $computername -ScriptBlock { param ($folder) $null = Set-Acl -Path $folder -AclObject $script:acl } -ArgumentList $folder -ErrorAction Stop } catch { Stop-PSFFunction -Message "Changing owner on $folder on $computername" -ErrorRecord $_ -Continue } [PSCustomObject]@{ ComputerName = $server.ComputerName InstanceName = $server.ServiceName SqlInstance = $server.DomainInstanceName Path = $folder Owner = $Owner Account = $accountdisplay -join ", " PreviousPermissions = $access Status = "Success" } } } } catch { Stop-PSFFunction -Message "Failed to set permissions on $instance" -ErrorRecord $_ -Continue -Target $instance } } } } # SIG # Begin signature block # MIIcYgYJKoZIhvcNAQcCoIIcUzCCHE8CAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUc1rUq6dovE9+MpZICc5bL8qM # OxeggheRMIIFGjCCBAKgAwIBAgIQAwW7hiGwoWNfv96uEgTnbTANBgkqhkiG9w0B # AQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD # VQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFz # c3VyZWQgSUQgQ29kZSBTaWduaW5nIENBMB4XDTIwMDUxMjAwMDAwMFoXDTIzMDYw # ODEyMDAwMFowVzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMQ8wDQYD # VQQHEwZWaWVubmExETAPBgNVBAoTCGRiYXRvb2xzMREwDwYDVQQDEwhkYmF0b29s # czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALy/Y3ur47++CAG2mOa1 # 6h8WjXjSTvcldDmw4PpAvOOCKNr6xyhg/FOYVIiaeq2N9kVaa5wBawOIxVWuj/rI # aOxeYklQDugPkGUx0Ap+6KrjnnxgE6ONzQGnc1tjlka6N0KazD2WodEBWKXo/Vmk # C/cP9PJVWroCMOwlj7GtEv2IxzxikPm2ICP5KxFK5PmrA+5bzcHJEeqRonlgMn9H # zZkqHr0AU1egnfEIlH4/v6lry1t1KBF/bnDhl9g/L0icS+ychFVkx4OOO4a+qvT8 # xqvvdQjv3PQ1hbzTI3/tXOWu9XxGeeIdZjaJv16FmWKCnloSp1Xb9cVU9XhIpomz # xH0CAwEAAaOCAcUwggHBMB8GA1UdIwQYMBaAFFrEuXsqCqOl6nEDwGD5LfZldQ5Y # MB0GA1UdDgQWBBTwwKD7tgOAQ077Cdfd33qxy+OeIjAOBgNVHQ8BAf8EBAMCB4Aw # EwYDVR0lBAwwCgYIKwYBBQUHAwMwdwYDVR0fBHAwbjA1oDOgMYYvaHR0cDovL2Ny # bDMuZGlnaWNlcnQuY29tL3NoYTItYXNzdXJlZC1jcy1nMS5jcmwwNaAzoDGGL2h0 # dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtY3MtZzEuY3JsMEwG # A1UdIARFMEMwNwYJYIZIAYb9bAMBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3 # LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQQBMIGEBggrBgEFBQcBAQR4MHYwJAYI # KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBOBggrBgEFBQcwAoZC # aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJ # RENvZGVTaWduaW5nQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQAD # ggEBAI/N+XCVDB/WNqQSrKY85zScHGJjsXgXByYvsitMuG5vo+ODhlh+ILv0CTPl # o2Wo75MnSSqCWR+c6xyN8pDPMPBxm2EtVmXzeKDMIudYyjxmT8PZ3hktj16wXCo8 # 2+65UOse+CHsfoMn/M9WbkQ4rSyWNPRRDodATC2i4flLyeuoIZnyMoz/4N4mWb6s # IAYZ/tNXzm6qwCfkmoMSf9tcTUCXIbVDliJcUZLlJ/SpLg2KzDu9GtnpBzg3AG3L # hwBiPMM8OLGitYjz4VU5RYox0vu1XyLf3f9fKTCxxwKy0EKntWdJk37i+DOMQlCq # Xm5B/KyNxb2utv+qLGlyw9MphEcwggUwMIIEGKADAgECAhAECRgbX9W7ZnVTQ7Vv # lVAIMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdp # Q2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0Rp # Z2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0xMzEwMjIxMjAwMDBaFw0yODEw # MjIxMjAwMDBaMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMx # GTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0IFNI # QTIgQXNzdXJlZCBJRCBDb2RlIFNpZ25pbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUA # A4IBDwAwggEKAoIBAQD407Mcfw4Rr2d3B9MLMUkZz9D7RZmxOttE9X/lqJ3bMtdx # 6nadBS63j/qSQ8Cl+YnUNxnXtqrwnIal2CWsDnkoOn7p0WfTxvspJ8fTeyOU5JEj # lpB3gvmhhCNmElQzUHSxKCa7JGnCwlLyFGeKiUXULaGj6YgsIJWuHEqHCN8M9eJN # YBi+qsSyrnAxZjNxPqxwoqvOf+l8y5Kh5TsxHM/q8grkV7tKtel05iv+bMt+dDk2 # DZDv5LVOpKnqagqrhPOsZ061xPeM0SAlI+sIZD5SlsHyDxL0xY4PwaLoLFH3c7y9 # hbFig3NBggfkOItqcyDQD2RzPJ6fpjOp/RnfJZPRAgMBAAGjggHNMIIByTASBgNV # HRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEF # BQcDAzB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp # Z2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu # Y29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHoweDA6oDig # NoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9v # dENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0 # QXNzdXJlZElEUm9vdENBLmNybDBPBgNVHSAESDBGMDgGCmCGSAGG/WwAAgQwKjAo # BggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAKBghghkgB # hv1sAzAdBgNVHQ4EFgQUWsS5eyoKo6XqcQPAYPkt9mV1DlgwHwYDVR0jBBgwFoAU # Reuir/SSy4IxLVGLp6chnfNtyA8wDQYJKoZIhvcNAQELBQADggEBAD7sDVoks/Mi # 0RXILHwlKXaoHV0cLToaxO8wYdd+C2D9wz0PxK+L/e8q3yBVN7Dh9tGSdQ9RtG6l # jlriXiSBThCk7j9xjmMOE0ut119EefM2FAaK95xGTlz/kLEbBw6RFfu6r7VRwo0k # riTGxycqoSkoGjpxKAI8LpGjwCUR4pwUR6F6aGivm6dcIFzZcbEMj7uo+MUSaJ/P # QMtARKUT8OZkDCUIQjKyNookAv4vcn4c10lFluhZHen6dGRrsutmQ9qzsIzV6Q3d # 9gEgzpkxYz0IGhizgZtPxpMQBvwHgfqL2vmCSfdibqFT+hKUGIUukpHqaGxEMrJm # oecYpJpkUe8wggZqMIIFUqADAgECAhADAZoCOv9YsWvW1ermF/BmMA0GCSqGSIb3 # DQEBBQUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAX # BgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IEFzc3Vy # ZWQgSUQgQ0EtMTAeFw0xNDEwMjIwMDAwMDBaFw0yNDEwMjIwMDAwMDBaMEcxCzAJ # BgNVBAYTAlVTMREwDwYDVQQKEwhEaWdpQ2VydDElMCMGA1UEAxMcRGlnaUNlcnQg # VGltZXN0YW1wIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC # ggEBAKNkXfx8s+CCNeDg9sYq5kl1O8xu4FOpnx9kWeZ8a39rjJ1V+JLjntVaY1sC # SVDZg85vZu7dy4XpX6X51Id0iEQ7Gcnl9ZGfxhQ5rCTqqEsskYnMXij0ZLZQt/US # s3OWCmejvmGfrvP9Enh1DqZbFP1FI46GRFV9GIYFjFWHeUhG98oOjafeTl/iqLYt # WQJhiGFyGGi5uHzu5uc0LzF3gTAfuzYBje8n4/ea8EwxZI3j6/oZh6h+z+yMDDZb # esF6uHjHyQYuRhDIjegEYNu8c3T6Ttj+qkDxss5wRoPp2kChWTrZFQlXmVYwk/PJ # YczQCMxr7GJCkawCwO+k8IkRj3cCAwEAAaOCAzUwggMxMA4GA1UdDwEB/wQEAwIH # gDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMIIBvwYDVR0g # BIIBtjCCAbIwggGhBglghkgBhv1sBwEwggGSMCgGCCsGAQUFBwIBFhxodHRwczov # L3d3dy5kaWdpY2VydC5jb20vQ1BTMIIBZAYIKwYBBQUHAgIwggFWHoIBUgBBAG4A # eQAgAHUAcwBlACAAbwBmACAAdABoAGkAcwAgAEMAZQByAHQAaQBmAGkAYwBhAHQA # ZQAgAGMAbwBuAHMAdABpAHQAdQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEAbgBjAGUA # IABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMAUABTACAA # YQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkAIABBAGcA # cgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBtAGkAdAAgAGwAaQBhAGIA # aQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQA # ZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMAsG # CWCGSAGG/WwDFTAfBgNVHSMEGDAWgBQVABIrE5iymQftHt+ivlcNK2cCzTAdBgNV # HQ4EFgQUYVpNJLZJMp1KKnkag0v0HonByn0wfQYDVR0fBHYwdDA4oDagNIYyaHR0 # cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEQ0EtMS5jcmww # OKA2oDSGMmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJ # RENBLTEuY3JsMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYYaHR0cDovL29j # c3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2FjZXJ0cy5kaWdp # Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURDQS0xLmNydDANBgkqhkiG9w0BAQUF # AAOCAQEAnSV+GzNNsiaBXJuGziMgD4CH5Yj//7HUaiwx7ToXGXEXzakbvFoWOQCd # 42yE5FpA+94GAYw3+puxnSR+/iCkV61bt5qwYCbqaVchXTQvH3Gwg5QZBWs1kBCg # e5fH9j/n4hFBpr1i2fAnPTgdKG86Ugnw7HBi02JLsOBzppLA044x2C/jbRcTBu7k # A7YUq/OPQ6dxnSHdFMoVXZJB2vkPgdGZdA0mxA5/G7X1oPHGdwYoFenYk+VVFvC7 # Cqsc21xIJ2bIo4sKHOWV2q7ELlmgYd3a822iYemKC23sEhi991VUQAOSK2vCUcIK # SK+w1G7g9BQKOhvjjz3Kr2qNe9zYRDCCBs0wggW1oAMCAQICEAb9+QOWA63qAArr # Pye7uhswDQYJKoZIhvcNAQEFBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERp # Z2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMb # RGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTIx # MTExMDAwMDAwMFowYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IElu # YzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQg # QXNzdXJlZCBJRCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA # 6IItmfnKwkKVpYBzQHDSnlZUXKnE0kEGj8kz/E1FkVyBn+0snPgWWd+etSQVwpi5 # tHdJ3InECtqvy15r7a2wcTHrzzpADEZNk+yLejYIA6sMNP4YSYL+x8cxSIB8HqIP # kg5QycaH6zY/2DDD/6b3+6LNb3Mj/qxWBZDwMiEWicZwiPkFl32jx0PdAug7Pe2x # QaPtP77blUjE7h6z8rwMK5nQxl0SQoHhg26Ccz8mSxSQrllmCsSNvtLOBq6thG9I # hJtPQLnxTPKvmPv2zkBdXPao8S+v7Iki8msYZbHBc63X8djPHgp0XEK4aH631XcK # J1Z8D2KkPzIUYJX9BwSiCQIDAQABo4IDejCCA3YwDgYDVR0PAQH/BAQDAgGGMDsG # A1UdJQQ0MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwME # BggrBgEFBQcDCDCCAdIGA1UdIASCAckwggHFMIIBtAYKYIZIAYb9bAABBDCCAaQw # OgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMtcmVw # b3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUA # IABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAYwBvAG4A # cwB0AGkAdAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAgAHQA # aABlACAARABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAgAHQA # aABlACAAUgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUA # bgB0ACAAdwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0AHkA # IABhAG4AZAAgAGEAcgBlACAAaQBuAGMAbwByAHAAbwByAGEAdABlAGQAIABoAGUA # cgBlAGkAbgAgAGIAeQAgAHIAZQBmAGUAcgBlAG4AYwBlAC4wCwYJYIZIAYb9bAMV # MBIGA1UdEwEB/wQIMAYBAf8CAQAweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzAB # hhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9j # YWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQw # gYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdp # Q2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2lj # ZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwHQYDVR0OBBYEFBUA # EisTmLKZB+0e36K+Vw0rZwLNMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3z # bcgPMA0GCSqGSIb3DQEBBQUAA4IBAQBGUD7Jtygkpzgdtlspr1LPUukxR6tWXHvV # DQtBs+/sdR90OPKyXGGinJXDUOSCuSPRujqGcq04eKx1XRcXNHJHhZRW0eu7NoR3 # zCSl8wQZVann4+erYs37iy2QwsDStZS9Xk+xBdIOPRqpFFumhjFiqKgz5Js5p8T1 # zh14dpQlc+Qqq8+cdkvtX8JLFuRLcEwAiR78xXm8TBJX/l/hHrwCXaj++wc4Tw3G # XZG5D2dFzdaD7eeSDY2xaYxP+1ngIw/Sqq4AfO6cQg7PkdcntxbuD8O9fAqg7iwI # VYUiuOsYGk38KiGtSTGDR5V3cdyxG0tLHBCcdxTBnU8vWpUIKRAmMYIEOzCCBDcC # AQEwgYYwcjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcG # A1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBB # c3N1cmVkIElEIENvZGUgU2lnbmluZyBDQQIQAwW7hiGwoWNfv96uEgTnbTAJBgUr # DgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAigAoAAoQKAADAZBgkqhkiG9w0BCQMx # DAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAjBgkq # hkiG9w0BCQQxFgQUegR3onsAaySrxQjywd0NjG5pUtYwDQYJKoZIhvcNAQEBBQAE # ggEApiksCGkG2MN+AQYaRJuNicxAw0dza3OYCxgD/43nX4Rz+mRPNJYwBOC+lLTP # kLbzpKKC/m4DsC+VdphkBDOLSNQeNeA9OkwQDXVS9LQHlR6st4gcMLfWcuigeIpH # q8zKmOgCC8WBI1tAaQODpklBHrjIFqUBql0WqeB/4PbfPV0h1xPg9B8zoujuakvY # jZiyAyFbMoBA59M4oIwdFD+bAxDRHzMgJLi5GeG1B7IZXfku1BJEY00DKzBU1FI7 # Feuc/PQqFcIMIesoKtGb2aIK9IO1DTgAdjGXaMDgbVAMd21tpG3HSi11qllb2Mnz # PmUCrIc7SPK6nQSpd8ikjtoghqGCAg8wggILBgkqhkiG9w0BCQYxggH8MIIB+AIB # ATB2MGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNV # BAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IEFzc3VyZWQg # SUQgQ0EtMQIQAwGaAjr/WLFr1tXq5hfwZjAJBgUrDgMCGgUAoF0wGAYJKoZIhvcN # AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAwNjEwMTQxNTI0WjAj # BgkqhkiG9w0BCQQxFgQU5dkNFbJzzQu5XZl1N4MWZFsz1XMwDQYJKoZIhvcNAQEB # BQAEggEAjeqoZoNNl1MAztcWJD6dBaJ3m8Xmdo8JoR7GTVJ4G+mbJX+Ukz+FUgiR # kuLb5KcBNen6tio7+TxLN3wBJSiLS8x8KeV53IQDtW3MUxL8b/COITRpZsqIg6YE # X9eYKrld/vDLO0jviI/rRh5wfocfT49dNFHAF7ug/u6TLRq3e0hJ8kQNw/HXtnB3 # jKEGALHlJvYqvUu8f8rts895+TAvxElHmDoRUPbaGD+aLkOc0tGbksvf+qk9O8s8 # IJf8DXaZJiWIPkRQrEgKoEjAO0juF+/C7nU2PqSNqeryGM5Bmsf2OIk7rI7yrniu # JDUMHV6DehkzJRAGFybspnzJunuzOA== # SIG # End signature block |