From 81dc4790a863c39dd3efb2ac5209e13d45de93b0 Mon Sep 17 00:00:00 2001
From: Christian Zunker <christian@mondoo.com>
Date: Wed, 29 May 2024 10:27:29 +0200
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Add=20windows.optionalfeatures=20re?=
 =?UTF-8?q?source?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Related-to #3705

Signed-off-by: Christian Zunker <christian@mondoo.com>
---
 .github/actions/spelling/expect.txt           |   1 +
 providers/os/resources/os.lr                  |  18 +
 providers/os/resources/os.lr.go               | 136 +++
 providers/os/resources/os.lr.manifest.yaml    |  10 +
 providers/os/resources/windows.go             |  77 ++
 .../os/resources/windows/optionalfeatures.go  |  45 +
 .../windows/optionalfeatures_test.go          |  26 +
 .../windows/testdata/optionalfeatures.json    | 806 ++++++++++++++++++
 .../windows/testdata/optionalfeatures2.json   | Bin 0 -> 127513 bytes
 9 files changed, 1119 insertions(+)
 create mode 100644 providers/os/resources/windows/optionalfeatures.go
 create mode 100644 providers/os/resources/windows/optionalfeatures_test.go
 create mode 100644 providers/os/resources/windows/testdata/optionalfeatures.json
 create mode 100644 providers/os/resources/windows/testdata/optionalfeatures2.json

diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
index b9377c89f0..0d1ae43ecf 100644
--- a/.github/actions/spelling/expect.txt
+++ b/.github/actions/spelling/expect.txt
@@ -91,3 +91,4 @@ vulnerabilityassessmentsettings
 vulnmgmt
 wil
 xssmatchstatement
+optionalfeature
diff --git a/providers/os/resources/os.lr b/providers/os/resources/os.lr
index 62b366f6c0..9edaaf175e 100644
--- a/providers/os/resources/os.lr
+++ b/providers/os/resources/os.lr
@@ -1389,6 +1389,9 @@ windows {
 
   // Information about Windows Server roles, role services, and features that are available for installation and installed on a specified server.
   features() []windows.feature
+
+  // Information about optional features in a Windows image.
+  optionalfeatures() []windows.optionalfeature
 }
 
 // Windows hotfix resource
@@ -1423,6 +1426,21 @@ windows.feature {
   installState int
 }
 
+// Windows optional feature resource
+windows.optionalfeature @defaults("name enabled") {
+  init(name string)
+  // Command ID of optional feature
+  name string
+  // Feature name
+  displayName string
+  // Feature description
+  description string
+  // Whether the feature is enabled
+  enabled bool
+  // Feature installation state
+  state int
+}
+
 // Windows Firewall resource
 windows.firewall {
   // Global firewall settings
diff --git a/providers/os/resources/os.lr.go b/providers/os/resources/os.lr.go
index 4f3e4ed38e..a8f8050be8 100644
--- a/providers/os/resources/os.lr.go
+++ b/providers/os/resources/os.lr.go
@@ -434,6 +434,10 @@ func init() {
 			Init: initWindowsFeature,
 			Create: createWindowsFeature,
 		},
+		"windows.optionalfeature": {
+			// to override args, implement: initWindowsOptionalfeature(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error)
+			Create: createWindowsOptionalfeature,
+		},
 		"windows.firewall": {
 			// to override args, implement: initWindowsFirewall(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error)
 			Create: createWindowsFirewall,
@@ -1974,6 +1978,9 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{
 	"windows.features": func(r plugin.Resource) *plugin.DataRes {
 		return (r.(*mqlWindows).GetFeatures()).ToDataRes(types.Array(types.Resource("windows.feature")))
 	},
+	"windows.optionalfeatures": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlWindows).GetOptionalfeatures()).ToDataRes(types.Array(types.Resource("windows.optionalfeature")))
+	},
 	"windows.hotfix.hotfixId": func(r plugin.Resource) *plugin.DataRes {
 		return (r.(*mqlWindowsHotfix).GetHotfixId()).ToDataRes(types.String)
 	},
@@ -2007,6 +2014,21 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{
 	"windows.feature.installState": func(r plugin.Resource) *plugin.DataRes {
 		return (r.(*mqlWindowsFeature).GetInstallState()).ToDataRes(types.Int)
 	},
+	"windows.optionalfeature.name": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlWindowsOptionalfeature).GetName()).ToDataRes(types.String)
+	},
+	"windows.optionalfeature.displayName": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlWindowsOptionalfeature).GetDisplayName()).ToDataRes(types.String)
+	},
+	"windows.optionalfeature.description": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlWindowsOptionalfeature).GetDescription()).ToDataRes(types.String)
+	},
+	"windows.optionalfeature.enabled": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlWindowsOptionalfeature).GetEnabled()).ToDataRes(types.Bool)
+	},
+	"windows.optionalfeature.state": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlWindowsOptionalfeature).GetState()).ToDataRes(types.Int)
+	},
 	"windows.firewall.settings": func(r plugin.Resource) *plugin.DataRes {
 		return (r.(*mqlWindowsFirewall).GetSettings()).ToDataRes(types.Dict)
 	},
@@ -4530,6 +4552,10 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool {
 		r.(*mqlWindows).Features, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error)
 		return
 	},
+	"windows.optionalfeatures": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlWindows).Optionalfeatures, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error)
+		return
+	},
 	"windows.hotfix.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) {
 			r.(*mqlWindowsHotfix).__id, ok = v.Value.(string)
 			return
@@ -4582,6 +4608,30 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool {
 		r.(*mqlWindowsFeature).InstallState, ok = plugin.RawToTValue[int64](v.Value, v.Error)
 		return
 	},
+	"windows.optionalfeature.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+			r.(*mqlWindowsOptionalfeature).__id, ok = v.Value.(string)
+			return
+		},
+	"windows.optionalfeature.name": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlWindowsOptionalfeature).Name, ok = plugin.RawToTValue[string](v.Value, v.Error)
+		return
+	},
+	"windows.optionalfeature.displayName": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlWindowsOptionalfeature).DisplayName, ok = plugin.RawToTValue[string](v.Value, v.Error)
+		return
+	},
+	"windows.optionalfeature.description": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlWindowsOptionalfeature).Description, ok = plugin.RawToTValue[string](v.Value, v.Error)
+		return
+	},
+	"windows.optionalfeature.enabled": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlWindowsOptionalfeature).Enabled, ok = plugin.RawToTValue[bool](v.Value, v.Error)
+		return
+	},
+	"windows.optionalfeature.state": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlWindowsOptionalfeature).State, ok = plugin.RawToTValue[int64](v.Value, v.Error)
+		return
+	},
 	"windows.firewall.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) {
 			r.(*mqlWindowsFirewall).__id, ok = v.Value.(string)
 			return
@@ -12982,6 +13032,7 @@ type mqlWindows struct {
 	ComputerInfo plugin.TValue[interface{}]
 	Hotfixes plugin.TValue[[]interface{}]
 	Features plugin.TValue[[]interface{}]
+	Optionalfeatures plugin.TValue[[]interface{}]
 }
 
 // createWindows creates a new instance of this resource
@@ -13054,6 +13105,22 @@ func (c *mqlWindows) GetFeatures() *plugin.TValue[[]interface{}] {
 	})
 }
 
+func (c *mqlWindows) GetOptionalfeatures() *plugin.TValue[[]interface{}] {
+	return plugin.GetOrCompute[[]interface{}](&c.Optionalfeatures, func() ([]interface{}, error) {
+		if c.MqlRuntime.HasRecording {
+			d, err := c.MqlRuntime.FieldResourceFromRecording("windows", c.__id, "optionalfeatures")
+			if err != nil {
+				return nil, err
+			}
+			if d != nil {
+				return d.Value.([]interface{}), nil
+			}
+		}
+
+		return c.optionalfeatures()
+	})
+}
+
 // mqlWindowsHotfix for the windows.hotfix resource
 type mqlWindowsHotfix struct {
 	MqlRuntime *plugin.Runtime
@@ -13197,6 +13264,75 @@ func (c *mqlWindowsFeature) GetInstallState() *plugin.TValue[int64] {
 	return &c.InstallState
 }
 
+// mqlWindowsOptionalfeature for the windows.optionalfeature resource
+type mqlWindowsOptionalfeature struct {
+	MqlRuntime *plugin.Runtime
+	__id string
+	// optional: if you define mqlWindowsOptionalfeatureInternal it will be used here
+	Name plugin.TValue[string]
+	DisplayName plugin.TValue[string]
+	Description plugin.TValue[string]
+	Enabled plugin.TValue[bool]
+	State plugin.TValue[int64]
+}
+
+// createWindowsOptionalfeature creates a new instance of this resource
+func createWindowsOptionalfeature(runtime *plugin.Runtime, args map[string]*llx.RawData) (plugin.Resource, error) {
+	res := &mqlWindowsOptionalfeature{
+		MqlRuntime: runtime,
+	}
+
+	err := SetAllData(res, args)
+	if err != nil {
+		return res, err
+	}
+
+	if res.__id == "" {
+	res.__id, err = res.id()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if runtime.HasRecording {
+		args, err = runtime.ResourceFromRecording("windows.optionalfeature", res.__id)
+		if err != nil || args == nil {
+			return res, err
+		}
+		return res, SetAllData(res, args)
+	}
+
+	return res, nil
+}
+
+func (c *mqlWindowsOptionalfeature) MqlName() string {
+	return "windows.optionalfeature"
+}
+
+func (c *mqlWindowsOptionalfeature) MqlID() string {
+	return c.__id
+}
+
+func (c *mqlWindowsOptionalfeature) GetName() *plugin.TValue[string] {
+	return &c.Name
+}
+
+func (c *mqlWindowsOptionalfeature) GetDisplayName() *plugin.TValue[string] {
+	return &c.DisplayName
+}
+
+func (c *mqlWindowsOptionalfeature) GetDescription() *plugin.TValue[string] {
+	return &c.Description
+}
+
+func (c *mqlWindowsOptionalfeature) GetEnabled() *plugin.TValue[bool] {
+	return &c.Enabled
+}
+
+func (c *mqlWindowsOptionalfeature) GetState() *plugin.TValue[int64] {
+	return &c.State
+}
+
 // mqlWindowsFirewall for the windows.firewall resource
 type mqlWindowsFirewall struct {
 	MqlRuntime *plugin.Runtime
diff --git a/providers/os/resources/os.lr.manifest.yaml b/providers/os/resources/os.lr.manifest.yaml
index 668235fe6a..b6da8d52fd 100644
--- a/providers/os/resources/os.lr.manifest.yaml
+++ b/providers/os/resources/os.lr.manifest.yaml
@@ -1065,6 +1065,8 @@ resources:
       computerInfo: {}
       features: {}
       hotfixes: {}
+      optionalfeatures:
+        min_mondoo_version: latest
     min_mondoo_version: 5.15.0
     snippets:
     - query: windows.computerInfo['WindowsInstallationType'] == 'Server Core'
@@ -1158,6 +1160,14 @@ resources:
       installedBy: {}
       installedOn: {}
     min_mondoo_version: 5.15.0
+  windows.optionalfeature:
+    fields:
+      description: {}
+      displayName: {}
+      enabled: {}
+      name: {}
+      state: {}
+    min_mondoo_version: latest
   windows.security:
     fields:
       products: {}
diff --git a/providers/os/resources/windows.go b/providers/os/resources/windows.go
index c8f63da14a..4af87c4833 100644
--- a/providers/os/resources/windows.go
+++ b/providers/os/resources/windows.go
@@ -182,3 +182,80 @@ func (w *mqlWindows) features() ([]interface{}, error) {
 
 	return mqlFeatures, nil
 }
+
+func (wh *mqlWindowsOptionalfeature) id() (string, error) {
+	return wh.Name.Data, nil
+}
+
+func initmqlWindowsOptionalfeature(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) {
+	if len(args) > 1 {
+		return args, nil, nil
+	}
+
+	nameRaw := args["name"]
+	if nameRaw == nil {
+		return args, nil, nil
+	}
+
+	name, ok := nameRaw.Value.(string)
+	if !ok {
+		return args, nil, nil
+	}
+
+	obj, err := NewResource(runtime, "windows", nil)
+	if err != nil {
+		return nil, nil, err
+	}
+	winResource := obj.(*mqlWindows)
+
+	features := winResource.GetOptionalfeatures()
+	if features.Error != nil {
+		return nil, nil, features.Error
+	}
+
+	for i := range features.Data {
+		hf := features.Data[i].(*mqlWindowsOptionalfeature)
+		if hf.Name.Data == name {
+			return nil, hf, nil
+		}
+	}
+
+	// if the feature cannot be found we return an error
+	return nil, nil, errors.New("could not find feature " + name)
+}
+
+func (w *mqlWindows) optionalfeatures() ([]interface{}, error) {
+	conn := w.MqlRuntime.Connection.(shared.Connection)
+
+	// query features
+	encodedCmd := powershell.Encode(windows.QUERY_OPTIONAL_FEATURES)
+	executedCmd, err := conn.RunCommand(encodedCmd)
+	if err != nil {
+		return nil, err
+	}
+
+	features, err := windows.ParseWindowsOptionalFeatures(executedCmd.Stdout)
+	if err != nil {
+		return nil, err
+	}
+
+	// convert features to MQL resource
+	mqlFeatures := make([]interface{}, len(features))
+	for i, feature := range features {
+
+		mqlFeature, err := CreateResource(w.MqlRuntime, "windows.optionalfeature", map[string]*llx.RawData{
+			"name":        llx.StringData(feature.Name),
+			"displayName": llx.StringData(feature.DisplayName),
+			"description": llx.StringData(feature.Description),
+			"enabled":     llx.BoolData(feature.Enabled),
+			"state":       llx.IntData(feature.State),
+		})
+		if err != nil {
+			return nil, err
+		}
+
+		mqlFeatures[i] = mqlFeature
+	}
+
+	return mqlFeatures, nil
+}
diff --git a/providers/os/resources/windows/optionalfeatures.go b/providers/os/resources/windows/optionalfeatures.go
new file mode 100644
index 0000000000..580cb41cfa
--- /dev/null
+++ b/providers/os/resources/windows/optionalfeatures.go
@@ -0,0 +1,45 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package windows
+
+import (
+	"encoding/json"
+	"io"
+)
+
+const QUERY_OPTIONAL_FEATURES = "Get-WindowsOptionalFeature -Online -FeatureName * | Select-Object -Property FeatureName,DisplayName,Description,State | ConvertTo-Json"
+
+type WindowsOptionalFeature struct {
+	Name        string `json:"FeatureName"`
+	DisplayName string `json:"DisplayName"`
+	Description string `json:"Description"`
+	Enabled     bool   `json:"Enabled"`
+	State       int64  `json:"State"`
+}
+
+func ParseWindowsOptionalFeatures(input io.Reader) ([]WindowsOptionalFeature, error) {
+	data, err := io.ReadAll(input)
+	if err != nil {
+		return nil, err
+	}
+
+	// for empty result set do not get the '{}', therefore lets abort here
+	if len(data) == 0 {
+		return []WindowsOptionalFeature{}, nil
+	}
+
+	var winFeatures []WindowsOptionalFeature
+	err = json.Unmarshal(data, &winFeatures)
+	if err != nil {
+		return nil, err
+	}
+
+	for i := range winFeatures {
+		if winFeatures[i].State == 2 {
+			winFeatures[i].Enabled = true
+		}
+	}
+
+	return winFeatures, nil
+}
diff --git a/providers/os/resources/windows/optionalfeatures_test.go b/providers/os/resources/windows/optionalfeatures_test.go
new file mode 100644
index 0000000000..ac0e95842d
--- /dev/null
+++ b/providers/os/resources/windows/optionalfeatures_test.go
@@ -0,0 +1,26 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package windows
+
+import (
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestWindowsOptionalFeatures(t *testing.T) {
+	r, err := os.Open("./testdata/optionalfeatures.json")
+	require.NoError(t, err)
+
+	items, err := ParseWindowsOptionalFeatures(r)
+	assert.Nil(t, err)
+	assert.Equal(t, 134, len(items))
+	assert.Equal(t, "MicrosoftWindowsPowerShellV2", items[9].Name)
+	assert.Equal(t, "Windows PowerShell 2.0 Engine", items[9].DisplayName)
+	assert.True(t, items[9].Enabled)
+	assert.Equal(t, int64(2), items[9].State)
+	assert.Equal(t, "Adds or Removes Windows PowerShell 2.0 Engine", items[9].Description)
+}
diff --git a/providers/os/resources/windows/testdata/optionalfeatures.json b/providers/os/resources/windows/testdata/optionalfeatures.json
new file mode 100644
index 0000000000..3f440ed181
--- /dev/null
+++ b/providers/os/resources/windows/testdata/optionalfeatures.json
@@ -0,0 +1,806 @@
+[
+    {
+        "FeatureName":  "Windows-Defender-Default-Definitions",
+        "DisplayName":  "",
+        "Description":  "",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Printing-PrintToPDFServices-Features",
+        "DisplayName":  "Microsoft Print to PDF",
+        "Description":  "Provides binaries on the system for creating the Microsoft Print to PDF Print Queue",
+        "State":  2
+    },
+    {
+        "FeatureName":  "Printing-XPSServices-Features",
+        "DisplayName":  "Microsoft XPS Document Writer",
+        "Description":  "Provides binaries on the system for creating the XPS Document Writer Print Queue",
+        "State":  0
+    },
+    {
+        "FeatureName":  "TelnetClient",
+        "DisplayName":  "Telnet Client",
+        "Description":  "Allows you to connect to other computers remotely.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "LegacyComponents",
+        "DisplayName":  "Legacy Components",
+        "Description":  "Controls legacy components in Windows.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "DirectPlay",
+        "DisplayName":  "DirectPlay",
+        "Description":  "Enables the installation of DirectPlay component.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "MSRDC-Infrastructure",
+        "DisplayName":  "Remote Differential Compression API Support",
+        "Description":  "Installs Remote Differential Compression (RDC) support for use in third-party applications.",
+        "State":  2
+    },
+    {
+        "FeatureName":  "Windows-Identity-Foundation",
+        "DisplayName":  "Windows Identity Foundation 3.5",
+        "Description":  "Windows Identity Foundation (WIF) 3.5 is a set of .NET Framework classes that can be used for implementing claims-based identity in your .NET 3.5 and 4.0 applications. WIF 3.5 has been superseded by WIF classes that are provided as part of .NET 4.5. It is recommended that you use .NET 4.5 for supporting claims-based identity in your applications.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "MicrosoftWindowsPowerShellV2Root",
+        "DisplayName":  "Windows PowerShell 2.0",
+        "Description":  "Adds or Removes Windows PowerShell 2.0",
+        "State":  2
+    },
+    {
+        "FeatureName":  "MicrosoftWindowsPowerShellV2",
+        "DisplayName":  "Windows PowerShell 2.0 Engine",
+        "Description":  "Adds or Removes Windows PowerShell 2.0 Engine",
+        "State":  2
+    },
+    {
+        "FeatureName":  "SimpleTCP",
+        "DisplayName":  "Simple TCPIP services (i.e. echo, daytime etc)",
+        "Description":  "Install Simple TCPIP services",
+        "State":  0
+    },
+    {
+        "FeatureName":  "SMB1Protocol-Deprecation",
+        "DisplayName":  "SMB 1.0/CIFS Automatic Removal",
+        "Description":  "Automatically removes support for the legacy SMB 1.0/CIFS protocol when such support isn\u0027t actively needed during normal system usage.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "WCF-HTTP-Activation",
+        "DisplayName":  "Windows Communication Foundation HTTP Activation",
+        "Description":  "Windows Communication Foundation HTTP Activation",
+        "State":  0
+    },
+    {
+        "FeatureName":  "WCF-NonHTTP-Activation",
+        "DisplayName":  "Windows Communication Foundation Non-HTTP Activation",
+        "Description":  "Windows Communication Foundation Non-HTTP Activation",
+        "State":  0
+    },
+    {
+        "FeatureName":  "WCF-Services45",
+        "DisplayName":  "WCF Services",
+        "Description":  "WCF Services",
+        "State":  2
+    },
+    {
+        "FeatureName":  "WCF-HTTP-Activation45",
+        "DisplayName":  "HTTP Activation",
+        "Description":  "HTTP Activation",
+        "State":  0
+    },
+    {
+        "FeatureName":  "WCF-TCP-Activation45",
+        "DisplayName":  "TCP Activation",
+        "Description":  "TCP Activation",
+        "State":  0
+    },
+    {
+        "FeatureName":  "WCF-Pipe-Activation45",
+        "DisplayName":  "Named Pipe Activation",
+        "Description":  "Named Pipe Activation",
+        "State":  0
+    },
+    {
+        "FeatureName":  "WCF-MSMQ-Activation45",
+        "DisplayName":  "Message Queuing (MSMQ) Activation",
+        "Description":  "Message Queuing (MSMQ) Activation",
+        "State":  0
+    },
+    {
+        "FeatureName":  "WCF-TCP-PortSharing45",
+        "DisplayName":  "TCP Port Sharing",
+        "Description":  "TCP Port Sharing",
+        "State":  2
+    },
+    {
+        "FeatureName":  "MediaPlayback",
+        "DisplayName":  "Media Features",
+        "Description":  "Controls media features such as Windows Media Player.",
+        "State":  2
+    },
+    {
+        "FeatureName":  "WindowsMediaPlayer",
+        "DisplayName":  "Windows Media Player Legacy (App)",
+        "Description":  "Windows Media Player Legacy (App)",
+        "State":  2
+    },
+    {
+        "FeatureName":  "HostGuardian",
+        "DisplayName":  "Guarded Host",
+        "Description":  "Enables the device to create and run Shielded Virtual Machine using remote attestation.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "ServicesForNFS-ClientOnly",
+        "DisplayName":  "Services for NFS",
+        "Description":  "Allows you to access files using the Network File System (NFS) protocol.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "ClientForNFS-Infrastructure",
+        "DisplayName":  "Client for NFS",
+        "Description":  "Enables this computer to gain access to files on UNIX-based computers",
+        "State":  0
+    },
+    {
+        "FeatureName":  "NFS-Administration",
+        "DisplayName":  "Administrative Tools",
+        "Description":  "Tools for managing Services for NFS on local and remote computers",
+        "State":  0
+    },
+    {
+        "FeatureName":  "SmbDirect",
+        "DisplayName":  "SMB Direct",
+        "Description":  "Remote Direct Memory Access (RDMA) support for the SMB 3.x file sharing protocol",
+        "State":  2
+    },
+    {
+        "FeatureName":  "MultiPoint-Connector",
+        "DisplayName":  "MultiPoint Connector",
+        "Description":  "Allows your computer to be monitored and managed by the MultiPoint Manager and MultiPoint Dashboard apps.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "MultiPoint-Connector-Services",
+        "DisplayName":  "MultiPoint Connector Services",
+        "Description":  "Allows your computer to be monitored and managed by the MultiPoint Manager and MultiPoint Dashboard apps.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "MultiPoint-Tools",
+        "DisplayName":  "MultiPoint Manager and MultiPoint Dashboard",
+        "Description":  "GUI tools for managing MultiPoint.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "TFTP",
+        "DisplayName":  "TFTP Client",
+        "Description":  "Transfer files using the Trivial File Transfer Protocol",
+        "State":  0
+    },
+    {
+        "FeatureName":  "NetFx3",
+        "DisplayName":  ".NET Framework 3.5 (includes .NET 2.0 and 3.0)",
+        "Description":  ".NET Framework 3.5 (includes .NET 2.0 and 3.0)",
+        "State":  6
+    },
+    {
+        "FeatureName":  "IIS-WebServerRole",
+        "DisplayName":  "Internet Information Services",
+        "Description":  "Internet Information Services provides support for Web and FTP servers, along with support for ASP.NET web sites, dynamic content such as Classic ASP and CGI, and local and remote management.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-WebServer",
+        "DisplayName":  "World Wide Web Services",
+        "Description":  "Installs the IIS 10.0 World Wide Web Services. Provides support for HTML web sites and optional support for ASP.NET, Classic ASP, and web server extensions.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-CommonHttpFeatures",
+        "DisplayName":  "Common HTTP Features",
+        "Description":  "Installs support for Web server content such as HTML and image files.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-HttpErrors",
+        "DisplayName":  "HTTP Errors",
+        "Description":  "Allows you to customize the error messages returned to clients",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-HttpRedirect",
+        "DisplayName":  "HTTP Redirection",
+        "Description":  "Redirect client requests to a specific destination",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-ApplicationDevelopment",
+        "DisplayName":  "Application Development Features",
+        "Description":  "Install Web server application development features",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-Security",
+        "DisplayName":  "Security",
+        "Description":  "Enable additional security features to secure servers, sites, applications, vdirs, and files",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-RequestFiltering",
+        "DisplayName":  "Request Filtering",
+        "Description":  "Configure rules to block selected client requests.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-NetFxExtensibility",
+        "DisplayName":  ".NET Extensibility 3.5",
+        "Description":  "Enable your Web server to host .NET Framework 3.5 applications",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-NetFxExtensibility45",
+        "DisplayName":  ".NET Extensibility 4.8",
+        "Description":  "Enable your Web server to host .NET Framework v4.8 applications",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-HealthAndDiagnostics",
+        "DisplayName":  "Health and Diagnostics",
+        "Description":  "Enables you to monitor and manage server, site, and application health",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-HttpLogging",
+        "DisplayName":  "HTTP Logging",
+        "Description":  "Enables logging of Web site activity for this server",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-LoggingLibraries",
+        "DisplayName":  "Logging Tools",
+        "Description":  "Install IIS 10.0 logging tools and scripts",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-RequestMonitor",
+        "DisplayName":  "Request Monitor",
+        "Description":  "Monitor server, site, and application health",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-HttpTracing",
+        "DisplayName":  "Tracing",
+        "Description":  "Enable tracing for ASP.NET applications and failed requests",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-URLAuthorization",
+        "DisplayName":  "URL Authorization",
+        "Description":  "Authorize client access to the URLs that comprise a Web application.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-IPSecurity",
+        "DisplayName":  "IP Security",
+        "Description":  "Allow or deny content access based on IP address or domain name.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-Performance",
+        "DisplayName":  "Performance Features",
+        "Description":  "Install performance features",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-HttpCompressionDynamic",
+        "DisplayName":  "Dynamic Content Compression",
+        "Description":  "Compress dynamic content before returning it to client",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-WebServerManagementTools",
+        "DisplayName":  "Web Management Tools",
+        "Description":  "Install Web management console and tools",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-ManagementScriptingTools",
+        "DisplayName":  "IIS Management Scripts and Tools",
+        "Description":  "Manage a local Web server with IIS configuration scripts",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-IIS6ManagementCompatibility",
+        "DisplayName":  "IIS 6 Management Compatibility",
+        "Description":  "Allows you to use existing IIS 6.0 APIs and scripts to manage this IIS 10.0 web server",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-Metabase",
+        "DisplayName":  "IIS Metabase and IIS 6 configuration compatibility",
+        "Description":  "Install IIS metabase and compatibility layer to allow metabase calls to interact with new IIS 10.0 configuration store",
+        "State":  0
+    },
+    {
+        "FeatureName":  "WAS-WindowsActivationService",
+        "DisplayName":  "Windows Process Activation Service",
+        "Description":  "Install Windows Process Activation Service",
+        "State":  0
+    },
+    {
+        "FeatureName":  "WAS-ProcessModel",
+        "DisplayName":  "Process Model",
+        "Description":  "Install Process Model for the Windows Process Activation Service",
+        "State":  0
+    },
+    {
+        "FeatureName":  "WAS-NetFxEnvironment",
+        "DisplayName":  ".NET Environment",
+        "Description":  "Install the .NET Environment for supporting managed code activation",
+        "State":  0
+    },
+    {
+        "FeatureName":  "WAS-ConfigurationAPI",
+        "DisplayName":  "Configuration APIs",
+        "Description":  "Install managed code configuration APIs",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-HostableWebCore",
+        "DisplayName":  "Internet Information Services Hostable Web Core",
+        "Description":  "Program your application to serve HTTP requests by using core IIS functionality.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-StaticContent",
+        "DisplayName":  "Static Content",
+        "Description":  "Serve .htm, .html, and image files from a Web site",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-DefaultDocument",
+        "DisplayName":  "Default Document",
+        "Description":  "Allows you to specify a default file to be loaded when users do not specify a file in a request URL",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-DirectoryBrowsing",
+        "DisplayName":  "Directory Browsing",
+        "Description":  "Allow clients to see the contents of a directory on your Web server",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-WebDAV",
+        "DisplayName":  "WebDAV Publishing",
+        "Description":  "Publish and manage files on a Web server by using the HTTP protocol.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-WebSockets",
+        "DisplayName":  "WebSocket Protocol",
+        "Description":  "IIS 10.0 and ASP.NET 4.8 support writing server applications that communicate over the WebSocket Protocol.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-ApplicationInit",
+        "DisplayName":  "Application Initialization",
+        "Description":  "Application Initialization perform expensive web application initialization tasks before serving web pages.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-ISAPIFilter",
+        "DisplayName":  "ISAPI Filters",
+        "Description":  "Allow ISAPI filters to modify Web server behavior",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-ISAPIExtensions",
+        "DisplayName":  "ISAPI Extensions",
+        "Description":  "Allow ISAPI extensions to handle client requests",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-ASPNET",
+        "DisplayName":  "ASP.NET 3.5",
+        "Description":  "Enable your Web server to host ASP.NET 3.5 applications",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-ASPNET45",
+        "DisplayName":  "ASP.NET 4.8",
+        "Description":  "Enable your Web server to host ASP.NET v4.8 applications",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-ASP",
+        "DisplayName":  "ASP",
+        "Description":  "Enable your Web server to host Classic ASP applications",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-CGI",
+        "DisplayName":  "CGI",
+        "Description":  "Enable support for CGI executables",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-ServerSideIncludes",
+        "DisplayName":  "Server-Side Includes",
+        "Description":  "Serve .stm, .shtm, and .shtml files from a Web site",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-CustomLogging",
+        "DisplayName":  "Custom Logging",
+        "Description":  "Enable support for custom logging for Web servers, sites, and applications",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-BasicAuthentication",
+        "DisplayName":  "Basic Authentication",
+        "Description":  "Require a valid Windows user name and password for connection.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-HttpCompressionStatic",
+        "DisplayName":  "Static Content Compression",
+        "Description":  "Compress static content before returning it to a client",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-ManagementConsole",
+        "DisplayName":  "IIS Management Console",
+        "Description":  "Install Web server Management Console which supports management of local and remote Web servers.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-ManagementService",
+        "DisplayName":  "IIS Management Service",
+        "Description":  "Allow the web server to be managed remotely from another computer via the Web server Management Console",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-WMICompatibility",
+        "DisplayName":  "IIS 6 WMI Compatibility",
+        "Description":  "Install IIS 6.0 WMI scripting interfaces",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-LegacyScripts",
+        "DisplayName":  "IIS 6 Scripting Tools",
+        "Description":  "Install IIS 6.0 configuration scripts",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-LegacySnapIn",
+        "DisplayName":  "IIS 6 Management Console",
+        "Description":  "Install the IIS 6.0 Management Console. Provides support for administration of remote IIS 6.0 servers from this computer.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-FTPServer",
+        "DisplayName":  "FTP Server",
+        "Description":  "Enable your server to transfer files by using the FTP protocol.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-FTPSvc",
+        "DisplayName":  "FTP Service",
+        "Description":  "Enable FTP publishing on a Web server.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-FTPExtensibility",
+        "DisplayName":  "FTP Extensibility",
+        "Description":  "Customize FTP publishing by writing your own software extensions.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "MSMQ-Container",
+        "DisplayName":  "Microsoft Message Queue (MSMQ) Server",
+        "Description":  "Microsoft Message Queue (MSMQ) Server.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "MSMQ-DCOMProxy",
+        "DisplayName":  "MSMQ DCOM Proxy",
+        "Description":  "The DCOM proxy feature enables MSMQ applications to use MSMQ DCOM API to connect to a remote MSMQ Server.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "MSMQ-Server",
+        "DisplayName":  "Microsoft Message Queue (MSMQ) Server Core",
+        "Description":  "This feature installs the core components of MSMQ which enables you to perform basic Message queuing functions. This feature is a minimum requirement.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "MSMQ-ADIntegration",
+        "DisplayName":  "MSMQ Active Directory Domain Services Integration",
+        "Description":  "Active Directory Domain Services Integration feature enables publishing of queue properties to Active Directory Domain Services, out-of-the-box authentication and encryption of messages using certificates registered in Active Directory Domain Services, and routing of messages across Windows sites. This feature becomes operational only when the computer joins a domain.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "MSMQ-HTTP",
+        "DisplayName":  "MSMQ HTTP Support",
+        "Description":  "The HTTP Support feature allows you to expose a queue to the internet such that applications can send messages to the queue using HTTP protocol. This feature requires Internet Information Server.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "MSMQ-Multicast",
+        "DisplayName":  "Multicasting Support",
+        "Description":  "The Multicast support feature enables you to send messages to a Multicast IPAddress. Queues can be associated with a Multicast IPAddress. Messages sent to a Multicast IPAddress will be delivered to the queues that are associated with that IPAddress.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "MSMQ-Triggers",
+        "DisplayName":  "MSMQ Triggers",
+        "Description":  "Message Queue Triggers enables the invocation of a COM component or an executable depending on the filters that you define for the incoming messages in a given queue.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-CertProvider",
+        "DisplayName":  "Centralized SSL Certificate Support",
+        "Description":  "Centralized SSL Certificate Support enables you to manage SSL server certificates centrally using a file share. Maintaining SSL server certificates on a file share simplifies management since there is one place to manage them.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-WindowsAuthentication",
+        "DisplayName":  "Windows Authentication",
+        "Description":  "Authenticate clients by using NTLM or Kerberos.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-DigestAuthentication",
+        "DisplayName":  "Digest Authentication",
+        "Description":  "Authenticate clients by sending a password hash to a Windows domain controller.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-ClientCertificateMappingAuthentication",
+        "DisplayName":  "Client Certificate Mapping Authentication",
+        "Description":  "Authenticate client certificates with Active Directory accounts.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-IISCertificateMappingAuthentication",
+        "DisplayName":  "IIS Client Certificate Mapping Authentication",
+        "Description":  "Map client certificates 1-to-1 or many-to-1 to a Windows security identity.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "IIS-ODBCLogging",
+        "DisplayName":  "ODBC Logging",
+        "Description":  "Enable support for logging to an ODBC-compliant database.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "NetFx4-AdvSrvs",
+        "DisplayName":  ".NET Framework 4.8 Advanced Services",
+        "Description":  ".NET Framework 4.8 Advanced Services",
+        "State":  2
+    },
+    {
+        "FeatureName":  "NetFx4Extended-ASPNET45",
+        "DisplayName":  "ASP.NET 4.8",
+        "Description":  "ASP.NET 4.8",
+        "State":  0
+    },
+    {
+        "FeatureName":  "SearchEngine-Client-Package",
+        "DisplayName":  "Windows Search",
+        "Description":  "Provides content indexing, property caching, and search results for files, e-mail, and other content.",
+        "State":  2
+    },
+    {
+        "FeatureName":  "Microsoft-RemoteDesktopConnection",
+        "DisplayName":  "Remote Desktop Connection",
+        "Description":  "The Remote Desktop Connection application.",
+        "State":  2
+    },
+    {
+        "FeatureName":  "TIFFIFilter",
+        "DisplayName":  "Windows TIFF IFilter",
+        "Description":  "Enables the indexing and searching of Tagged Image File Format (TIFF) files using Optical Character Recognition (OCR).",
+        "State":  0
+    },
+    {
+        "FeatureName":  "WorkFolders-Client",
+        "DisplayName":  "Work Folders Client",
+        "Description":  "Allows file synchronization with a configured file server.",
+        "State":  2
+    },
+    {
+        "FeatureName":  "Printing-Foundation-Features",
+        "DisplayName":  "Print and Document Services",
+        "Description":  "Enable print, fax, and scan tasks on this computer",
+        "State":  2
+    },
+    {
+        "FeatureName":  "Printing-Foundation-InternetPrinting-Client",
+        "DisplayName":  "Internet Printing Client",
+        "Description":  "Enables clients to use HTTP to connect to printers on Web print servers",
+        "State":  2
+    },
+    {
+        "FeatureName":  "Printing-Foundation-LPDPrintService",
+        "DisplayName":  "LPD Print Service",
+        "Description":  "Makes your Windows computer work as a Line Printer Daemon (LPD) and Remote Line Printer client",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Printing-Foundation-LPRPortMonitor",
+        "DisplayName":  "LPR Port Monitor",
+        "Description":  "Enables clients to print to TCP/IP printers connected to a Unix (or VAX) server",
+        "State":  0
+    },
+    {
+        "FeatureName":  "HypervisorPlatform",
+        "DisplayName":  "Windows Hypervisor Platform",
+        "Description":  "Enables virtualization software to run on the Windows hypervisor",
+        "State":  0
+    },
+    {
+        "FeatureName":  "VirtualMachinePlatform",
+        "DisplayName":  "Virtual Machine Platform",
+        "Description":  "Enables platform support for virtual machines",
+        "State":  2
+    },
+    {
+        "FeatureName":  "Microsoft-Windows-Subsystem-Linux",
+        "DisplayName":  "Windows Subsystem for Linux",
+        "Description":  "Provides services and environments for running native user-mode Linux shells and tools on Windows.",
+        "State":  2
+    },
+    {
+        "FeatureName":  "Client-ProjFS",
+        "DisplayName":  "Windows Projected File System",
+        "Description":  "Enables Windows Projected File System",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Containers-DisposableClientVM",
+        "DisplayName":  "Windows Sandbox",
+        "Description":  "Enables the dependencies required to run Windows Sandbox scenarios.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Microsoft-Hyper-V-All",
+        "DisplayName":  "Hyper-V",
+        "Description":  "Provides services and management tools for creating and running virtual machines and their resources.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Microsoft-Hyper-V",
+        "DisplayName":  "Hyper-V Platform",
+        "Description":  "Provides the services that you can use to create and manage virtual machines and their resources.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Microsoft-Hyper-V-Tools-All",
+        "DisplayName":  "Hyper-V Management Tools",
+        "Description":  "Includes GUI and command-line tools for managing Hyper-V.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Microsoft-Hyper-V-Management-PowerShell",
+        "DisplayName":  "Hyper-V Module for Windows PowerShell",
+        "Description":  "Includes Windows PowerShell cmdlets for managing Hyper-V.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Microsoft-Hyper-V-Hypervisor",
+        "DisplayName":  "Hyper-V Hypervisor",
+        "Description":  "Provides the Hyper-V Hypervisor.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Microsoft-Hyper-V-Services",
+        "DisplayName":  "Hyper-V Services",
+        "Description":  "Provides the services that you can use to create and manage virtual machines and their resources.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Microsoft-Hyper-V-Management-Clients",
+        "DisplayName":  "Hyper-V GUI Management Tools",
+        "Description":  "Includes the Hyper-V Manager snap-in and Virtual Machine Connection tool.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Client-DeviceLockdown",
+        "DisplayName":  "Device Lockdown",
+        "Description":  "Services and tools to provide a controlled and specialized experience for the end user of a device",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Client-EmbeddedShellLauncher",
+        "DisplayName":  "Shell Launcher",
+        "Description":  "Launches an alternate shell instead of the default Windows shell",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Client-EmbeddedBootExp",
+        "DisplayName":  "Unbranded Boot",
+        "Description":  "Suppresses Windows elements that appear when Windows starts, resumes or encounters unrecovered errors",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Client-EmbeddedLogon",
+        "DisplayName":  "Custom Logon",
+        "Description":  "Enables customized logon experiences",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Client-KeyboardFilter",
+        "DisplayName":  "Keyboard Filter",
+        "Description":  "Enables controls to suppress undesirable key presses or key combinations",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Client-UnifiedWriteFilter",
+        "DisplayName":  "Unified Write Filter",
+        "Description":  "Installs services and tools to protect physical media from write operations",
+        "State":  0
+    },
+    {
+        "FeatureName":  "DataCenterBridging",
+        "DisplayName":  "Data Center Bridging",
+        "Description":  "IEEE Data Center Bridging",
+        "State":  0
+    },
+    {
+        "FeatureName":  "DirectoryServices-ADAM-Client",
+        "DisplayName":  "Active Directory Lightweight Directory Services",
+        "Description":  "This installs Active Directory Lightweight Directory Services (AD LDS).",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Windows-Defender-ApplicationGuard",
+        "DisplayName":  "Microsoft Defender Application Guard",
+        "Description":  "Offers a secure container for internet browsing",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Containers",
+        "DisplayName":  "Containers",
+        "Description":  "Provides services and tools to create and manage Windows Server Containers and their resources.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Containers-HNS",
+        "DisplayName":  "",
+        "Description":  "",
+        "State":  0
+    },
+    {
+        "FeatureName":  "Containers-SDN",
+        "DisplayName":  "",
+        "Description":  "",
+        "State":  0
+    },
+    {
+        "FeatureName":  "SMB1Protocol",
+        "DisplayName":  "SMB 1.0/CIFS File Sharing Support",
+        "Description":  "Support for the SMB 1.0/CIFS file sharing protocol, and the Computer Browser protocol.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "SMB1Protocol-Client",
+        "DisplayName":  "SMB 1.0/CIFS Client",
+        "Description":  "Support for the SMB 1.0/CIFS client for accessing legacy servers.",
+        "State":  0
+    },
+    {
+        "FeatureName":  "SMB1Protocol-Server",
+        "DisplayName":  "SMB 1.0/CIFS Server",
+        "Description":  "Support for the SMB 1.0/CIFS file server for sharing data with legacy clients and browsing the network neighborhood.",
+        "State":  0
+    }
+]
diff --git a/providers/os/resources/windows/testdata/optionalfeatures2.json b/providers/os/resources/windows/testdata/optionalfeatures2.json
new file mode 100644
index 0000000000000000000000000000000000000000..fe1f983ef2543a94a493cd2923c792f9961093a7
GIT binary patch
literal 127513
zcmeI5ZEqaMk;mt?fqaLBUpauO*iPaL@{Xn?n>bOHMaBwncP}VXk`+-TkCa5qLB9Is
z>Nmwwch5|B&*SdQN)SkKcW0}g>R(S?UH$L>`>*16#b^K4|BBV^zkl*(<dr@1d2zpZ
zRvZ^^inqm;{Pj@&el7ohUi`KE=I6ze;$?AOoE8_wO>tf96nEv*=kmjQ&*VGy&aqH9
z6FT;qZ@rY)FXfx(^3BhSFN6NfsRwtZm)FIm^#8bc-!KR9z7P54GimcgX7Hu7Z1d#i
zJ=JF4ZyriJthHO;uOe%bd-7kE)vUfAhxZ<pvvXd~&Ux`dc+0(WBz*Nqxbc2*Sn}aJ
zna30P3my%5dI;~i_Tc9!dXVFwgK}I~GTLkTc`kFY@@8QruP@4Xn28k6q&a-7R??iw
zY+e+s6td%5`u$Y?J{O(@1^N!sf>He<uUGQSd-;K5U(2iK^6e}6AJnMS(p7QKcNs@G
zk3Wh0dRG3VW^ud6S4aIft>r`bWK|wiUr!|;{w~-!T(d+N-ew;epslV%0$vCn-j-S$
zNx2e@4Vu8r)yNWIc$=HXPrDH;Q8G+5vbs!|x6N=Qe19f7<e4B~PyRx$fQz_P53Pl|
z1>But4$nTtRm)yZLo<!XU75c#kuO;OE78OkB4^CvIFVQ9<vgF1Qb+BO3;7$(ty=m*
zq|&8)M`aN-(A%%&o4j)-6z?R~1y3VoA#b*KOT)zjnavksX`RTd@5u_VGOVDYV~CC1
zpK^|;eahgZORuM;o#sq>ip;^<Ju9(u=FL9#YkefE(h^2{W7C?yJp>=?>BZ7;0AC=5
zkXnyqb@2H6>xORBay+?NYH6OnCtP_f{u-Q&BsUKYZoQUQ$MOlYX_1VT@c46iu4zn7
z2pGcYo9x@t`2Rq>qsOu;dlDzvm$iE?XgDrc@Jci_sL)7Ye@qN-A%~O4!h>c-D2F|l
zabR_*HhWoeqth6?e=Yws7P%^R1^N5Jn};&i%Tf<s$++Vqo?m~`SY=%uCPC}a8T;av
zXMQiVu7g=~QJJ^$2{9Wag31RZ?WyqDrK|@t{9fKaE@vFO{6zjXX>mQs65O`&)@4c<
zU2(DV+>_O~OZD|QahT9%L9P(r)3`0GPDB>p0lUVnc^q#!k8JGra`+D0Th+$5Y8>CH
z_@i+3p9jd5>Do=pkG}1GA=c}@%mq?H$Br~W{v68>(t-Gt+68xHpXFY0B(Lw68i-w|
z8~N<2cqQ+hl(qyi+gTfM4xb#C^5v;~vJ#%+iBtK@V#6;>&ju?6ipqmT?u{m&vq$h$
z=-78P9_{$mWSDxq__D6IHZFQWyML0;zLNjrat)iFS#fjnOW8Kj?`LHnO{Sv3v`;#w
zr=`TSZ^!2Z>B?+e%Kt9DPVX2a@2mW+&po~Wv;4r*%&x8$)YM1OIRwp6!{*afuvmb}
zd^bNz(XB_QEzk`^*CIaCafy<PC4Ay|)!Lspep@)cZW+uwZd>2E3o-dfB-@S1p)0Z4
zi7?`A{#<+`cIk!uOIhzZYht>VyV?~^V_eA?(J(35mfqV9=aIdQ`b@TIC2ce8iiS8X
zwT<r4n#b`@)(Rc8O}(gNYu@&GUk;D++*Fu~w>T!2R$_T#hoJMwg^6V*ZKloj;jH~U
z%&$*N!{DKC8+$HzCPxx|dz9e29J;#D%JHyIYjxYRed(S0Ygc8qj^<UZiZ5ggcclOL
z3wQ{>h$i_`{>H0+FFKeJ;)meporo9MA6c8~RhrMkI1}+hx2Ea2OU=ak+pJ?}-nQXk
zaZr3$d@Wpwf6GoY-szcm@%VLky>R0gk)`ok%HxhPtz=YKcYhFxK#br}-r1F?24j4E
zJE9YL&skIKv!u8wZ42u7#&0#v!}SsAZV~Zd){a=d*@<Diz{L@4zbV{FjgLoTA&ys8
z;yvIu5SykAq?g5A*a;^-t?`fZ;=kqdujJo1#ebCVvTKfXqmN`QtV+9qn25$jPUU%W
zt~9oBUQ%QA&dL`23`XK5$6|RPLsP5xX+FoC&!x$`Cn62*i*)-z^zo5My&aJW#(`r<
zxuNuPvaRatk%{nH{;>lP?)$_d=QeVrVV9B5xo2riZ*tD&+OwtN_M!0m`Q+#w*2?rq
z(f&CpHa{#6@8Q(Q+5R3b72}6u!};FvpOQPhIgj2nayP1Z3}Z*&r-pq^S)OVCLHpT_
zVh$tS`#3hmIuFh}o@?A<R#LNlI1Wb+X(Pv<Mtf|{(4TIav*t#(&bRZ9;~3v+{BugK
z?cYL<XO;5U9NU*_nqTKcb*a4iNIcd{(VtUt>yS2b{A%Z!$ltMc#^&B}+DP;AQrcK5
zpOdwHQ2aD0pATsx$L9xvQSt>fy1J5)=y`67%6=iE(-D%LIBryF+P2fU*w(g}iX*c;
z$g*KifovtMZ@})rI5zo^HgY&Jo5A{zujh}TzwbDNavB43q+I9UdHa;ekyEjCj>SsQ
zQ*mTSpGY=#e8qE7jXpGU{OM@2ci`79N}XYyifWoK>nAW@f0$)<HpAZg`;wZsUELG#
z$8M`cWM{};;vD+8G^~W{;#S39lm4g~Mm@*rA@!A5MTUF)14TYOwJILSCw5|-+@D?X
zgDwYU^-SA#8jIW7_R_HPgV;saVi$cc_BnQu>YVcdTBbY297bH<G{3`Ih+}#RifMi(
zgSF{AHaRI)3(eK)Aj^i#0kZS#<Pzt7$%etcqe{xzhkTZw<u$e|D?|><f&5RtjONSg
zsVnoVEPuynzbRW`g<Yn?5dE|*<E-O!-m%*1o)ITFujI@gIchtSpW-U({3u*RR#Y4v
zp`B)t99Qdb%(ik!thVJc%yew=QA|lWjrCob-&h?Ukg55(oU(W>7$rlFzsWT-lv?)O
zL;38Dch2(u?ej<hKTqw8+m$9(Qq80rg68FnWNCQy5gB52U+_78m4~t0%c09}Z#>NQ
zrJBZTlg`qUwd5`PHL*-XV`qa^w6l+At*Ygtn#`hA@i)Qee(`sa#Qr(vD)qESy!<gN
z4Wp(#IV<<NTyMC7I#JG6itC@879B=Chrd{#$%*Fd1E(;lbrtXbI$B8cwCkmlAmnLd
zN$Y7a&Zg%q1WwU|K{PU_4zQ4&P3>2v8556l?)%bkcqr(58dRo=b8QZFU1;SHV5b>)
z4!?@b=XlS?rk2LeW9d&=bIE$BF(f{_D$hpj1{zE&2OUWCC{;Vi>{FWos%-o!xH8R0
zY}DU{s9U9}dD_;I)p0lXJqEoa;H5+wFG~H#eE}MQ<|Hos4j0AOGKa<k@p`z0pnnTF
zR5i7rmBw5()btqE(L$Qzo4l~5imhgyYONg*u6H^xK8=i--g8=1-`C1DhU(@yBdVmD
zSL4k_tNH1>@-#Bwsq{kQhG<<P($|CbKR%|psLP9a$Do=xp-Eos)NHotB}kVx$3lGF
zHjR&SGi`p7J6fCX^YUbJ*Xq^VDucH}?l=!Dj=FyKNgK-j@H|w<#z#88{-kBk_YyPP
z7mor9)2eb?%|K_pSiHPR^9+f5Puu#^@O31+NSteqb5{;Wc?voHGz#P0zo27kPcO}{
zM`B}R5nq>iLTCo_g=2d=e1jSVR{hxR?bK;iD`~`6B3C)FPJ1)`Tp9*+C+@yPIsP~R
z2kofju;8k9Hq~Oail<cnITs)OOnhvz4B$ieO|4SrBB6Zit3la9j`n(cmB!_#UZtu}
zf7|-Lu<*%hUFz!Vaq3j>iv>XT!V}@%ryqPqq7PJ&WZyh42Xh)}2<;p`*}>I2bcm8s
zr-pabdck(FD(YkUhtsr~##a9}EgtOOEf}jLq^s{FmFewknOjbD^ZUB2YsTIVF)wz7
zZbbSK&#Ko9GAnXdIO>rn5vf-Cw0vG~V^f-^5+f(-#s1%ke99h?t}egpIl$~t6Zs;S
zgXgss*ZV!mq}#vktyZMY?@Kv**Hy_LV%>gPw|TDH(rlu*44pzQ$7$x|@e{%9mEe*y
zmE;v;4e^)ay}Exqhj#LE_gbV6@=ouovdF!z2=(H=D(yK&*=6i^WM0(QXd{_9Uw<HZ
z=SbVC>~s?ELSp`=@#t||iTtHJ*(^=@#C9KC%T60m(ehVmlj?EEVI=mjT?ZuQrx{m$
zHO`DLRo1clNo_QE>IdPmH^SYat(nTH37@QI)|x~e)=Ewu`qWn+>Ryd`K5L8?y2`+u
z{pj0^c{|R@Hj^~ej<wUuE@m>+4hyBq{Kl|UoEkRoiRPyYEj~hAv$w@%H>x=ty81Nj
zdO1G5G{&0t+AYU`JFMYdq~XirH_^3xqPM`KiFM9b@+ocDIe%hM<Ra*;b$G{mPtAqA
zPo&Cj|4pq`F2Xs_UN0R-<ddDs`dAj(cvxyrxjp|^X{rqv@AH(D(-^DvG{k|T<$nch
zP<bOihCjWbi%K^qvMT5!q7547#o8ujVODo)+;i^TQZb_^Z>x7EBDb_6H69UikqA<J
zZQAOjaazkEpt%)p^K2T`n6~7UEvLCZ^!i-HAhaZpWi>BL-R0M`S1i`on|;BsjzF9P
za++?_{aY$NiTGf@u>Z<^m+=*7i^293b2!@!r8Exw^HD@zxH*cMQ>|(-op4U;d~TWx
z^yutkGx92o;uEnUc4IO9CUog%?`|y;ds5>Q&Nqv%YYti4H{zvY75m89Klg<<$QOra
zuyJ0DfZhHr<ggr4MkluK{j{{xcqe+pe&tJ<U%g!%JCsa)zGpb*Zh1~rasMkQ=2K1t
zs88p6b9F0rNYrGry;~}dT;|EWAU6KA<jJx0;ILM5JnwQj;$yH|dsDJMT{C;ER?-*?
zHH^E*)pn(Py=aKz{;q35n4ia!%C%{>Oozl)=Gp6Q#^kUHgtnj12AAoU#=$1HP5&jK
zv)9$i=CJv$yn*~Lg5hPMb4b6Jiq9X!mchFruDvT3(P?=GnLVKMTS-jREhSIe`j5j~
z$|1*Z!R?;&tuEtPS1axDi9Kq!+p`<Njsw;!77e>TZmfP5Rp@t;PheiBpIgw3&{et1
zVSJIYGqzzA%f+tl%|8$>cp?AB@)m6eur1v@V)V{9>NmFQ=@b;ZaVmbFn^Wp*JQoBx
z%T?nyAkXfCQ~!dPkYW;vsugy8J9j)Rt-ps$#YxC@4`fxIiqzB!*l<OBP1@?V{w?G<
zJ)}HNRhxb^)A*^z>FZf~XB9;Gr`|08#6O*yT9;gGbG^M;DlWp<-GQu+vnhsSq964f
z9zv?rd1=?{>FB0$5%zBmHre`nv{ZbU9i-<8$w3$=8sC*}j(6MkZ#+6_o)05vZ%SQj
zv*+xi>e-ZLPXyn`w8L}xOKXXeQFSGrtJ^ghqAlju-=*T^Z*pesfkY9wE1ozm`&Ylo
zn%OSuaGlb>g&glIWzI5n@BOs2(^#wam;L5&U#h8kr)4qfsCB=KT4u!EPh{n&2g>T<
zxqv_C`81<+$X?g{N3c{p?#nrsLs`Lb^FX>$&0zy-dPcNeFUO~s!<W^$CI&#P?Nny;
zysRn+Qv7q0A=3ORxID)RS;nflC1@{lh8<N<XBBt#H0CqeNr=nLoDbx3gk2l+==oCd
z^hnn1>NdWkkyfgl$5*Ir^q?!<90r={jhU}FMhj`&RXzC2#<{O&V8vG>hnMkNTq>WN
ze?k_DS^_GoG#Bn}a9TV*-)*^noYr!f2zzbSG4=c;R!{R-<D*-DduhB>`;VSVpX#TA
zrpBtV@z6(hVnzMjmDqpGjP5x3Hf3s7me9+k;!<}Xu;?tC^gt{IY=sx{o@Lt~32Jk7
z&)Z^iycTnKv7MEs5see|9;1accULutwWzj2xJv40apGF5ytpWbi;MTi+4_32R4g^|
z*`at!c)fa-pIG0RSQ@Xz9F}bFrKv@HEjLO(y4Gf_n`}9aJ%6kkv0%T+?m{pm`a7|H
z{T!Py_2^tyu!~(0x%cO-KQ`yn)1_ipSL@sI4!ElJGdoCEZrse@vD<Bnrf<ax^SQ<}
zy|Y@ojCND4rt#~d709G8+lf=y*r-%I(c5XvLN(leds_)+S0XI?WmLuX3_{eJHT&AL
zn|RMMHH@CCEpsESK9#n8$<ZJC+cC<e%8dhAODYOkWG=prZSCXs6x*V%O3~Sc#+yik
zl%C=<y!I(%!lrtcmK{}V*JkQ<Wxd^8#^;DTl#WII;A5GzAP*92;zr)7(^MP7YE+S(
ziFDHQTbdo_TN>1ZfR6RiNt)D}UYA}tK6;#IyT-Sy2lWw|?A*p#TAJ*7B0G{=9~7=S
zExGVo-m|PjXQ5hLfPC!~pX6lQ_$}sSU-cert<L6d5N#T5wXSFi7uXD(UI*6?<u@Gf
zZhD=%^=`83W9rRPu^93v`Bdx)o+V^+Tg-K*oWoW~QS;?;y`6?;Hyp(K?J|fgi(y`v
znNQD`iZA~p-+6g^0F}1RKSa3Wvc4_O`nQn7hJUiQTi>Uo+zoq%tK3)|62qE)=AHXq
zHW_=^lgJ+I@VfmHU)8Rb?cDmmR2=S=sB4ObYMdp$Vr_BQzl9uH;*`np(<o8A|5H=%
zhQ~OLK$Ks_!g&MjMmdjuEDay(IqyhSS*=w-M2X5Ey2}9Pr9Jf=I)>8EaWC-_jZYAb
zV2_`7+T7hhCEak$E;BSg?)mmBjRUplUdXEAJ6d#F&)qgvZnC(Miy8YBh~W)CZ+#`)
z^IoVD<u=U;u6fSIiJr^n+;n5P)WoFp#Nm(}!R3x@sWQX*O_T=2xct$$Hfk#``q0i{
z(x+L?nu_;$DynImS_BN-+>t$<H-c8qy4&Ap!JQ<{wXU&g@ixG@pZ9KO=Tl>zbMI^&
zUF2)t_w1Su#P;XhkKUnuS5}5RaUysiC%zhOG1HfRj>AK`)DUgk^C>B(IW)C9Nd%RX
z1k~Y0TY-(!U~NE-p3XA;r+0L-b3)F$)=aw*T(Wkm@7QHwzn8f7O5VLFt&yg-9Bp)@
zwjXNJmE5Mu`J*^buqOU~uvJX{tI%7?_qKif%asAHCO3A``{KJ&M&Ep}nBr^RUJmqc
zBahfB?Nx^nOijHlCWzno)$0xASh;9ii@IRDI;%!cxKKMoB}RQFc-ptAn{u_{>)RgF
z^X&gpF{!I`S7heT35nYleeI~_kl<6{j;FV!U(W6y`90~g+tbocV=U|`NYN_4e%!}t
zS4EWRz$Uabd6b4ucOS=PDMQIN2C-*@&YI1C1k1+RVYy1LM9y+QLR=bl!&_Ub?Xclf
zvm4eNcg6cWHT5+1EDOfv;TZa=^$E1DBbk72#TLGl6}c*{)f@SrNQ}j9T+}BXAp*l7
zl6bA|i*Vl-5gy_Kyo*M?xV`z)=~hL1dZvfOgFdd=SgK6eE%~o{_r`w7J!AO9ed*_r
z+)P)a&x#<8YPPExvF_H=a-`4LxFOg-QLGuxyr*|Ma<hiJck;M#)iv8NHhV}8Zt8s{
zKUf9+i9eH5Cbw?n)2H$jnWLO18+M!I$2K2Jl_lIhuKS_)Mfcdf195HL*23sYH-~0N
zFT7(QWerV3GbaaJuCU){jbG`mn`(cn<9aIdt}(TkE&r^v6u7Mxn<Kt9U3}qn_ig$3
z2<!0^wMg+^cbs&i--Wm5L%APzIQIi`R4eMtquD?ZHZ<Nc`|n|dXUqy=E;5X@ViL3Y
z4(4%twp84x_w=y1CueBm600pr+EL44qUzE8QDPo{PV{bkdTIW@C!B1#B)N#F<1)K1
zqj_{hlbUiAQnD+jN9NMcZNNtQMv6Z8NK@>}(?f5wsB&eV-a0Wd<i>~fqGU)<myMIL
zv`3syJ4{UZ{V92VPi!M%0A#S7h>fI(oS$A8ub)fh_r2nKu`c6$)>a$j=;Zi)`tNt)
z_iDV|?pM%Wstv9+F7<4;-ryIX#cpzY?ADjcn=ZHRO8lRfWj+rPXL17GmakG4Wn0c2
z)=G}Aed;?OMxpWNcH>w_3u$b)F_71IEncwYII_!auWS#CC-mJjk^GiJMf_<!S&r-P
z-%|0lCn#dJ$UJ=@zunz4aY@z|RefmZINhf?-n~A3sirX#`l~UCe&VeFRUrH|058N|
z-D!twi8omlKE0dSGK9mMny2=@=RTUH;_<uEX2xQ+`sBnP+2z;$dCMLBviM!`neavU
z?{m2anS1rLqUN)PssonaJhYu0P91$$+rHaK*3m*5zmH`uIWeQTgPKYBPG*-KaL$!h
z&wp#ZD9}ngja+e;Q^oEkzR*pHXTEL7*1SbdM7dKoLvktR+3Tg^F<m9tMg=;D>&r3P
z%Av;ZarIn{tLsLFyL#^Idc;Sz?$*+H<y@0rH=3L&d^44vn(yQ?gsXW8j5$?_m^@;v
z^_TKo`V2_U)0;~_jTe@7Hs?Urw5k3g`*d2>HqNna_2ZB>a;UIux284>llhUXtCck7
z@WmBn<R3KKsi`WGZq3LzB47GMepj;{@f`iEWIKmNt|B@9Sj|>*)qGI!{94}EoW`ac
zhhdpU+dJ}Yk_#5MfUkyBCo{Xb3A1h67>3xnwUU+#e&&Lm0kBLz--osRWIeOzW8Cgq
zGYp@V=l}fpk)GS*Tpu<!b~M_bd$jZ&GMCWW)_#)=XeXQE`Xs08KbCn|s?2yI6^{2m
z+`^%@;<(kD`?t_mUQn4;TX7bAmyxWmowUrTYE-k6tje;DF+5Al`6|EmDW|rzhGT!!
zuCFIc#mxheu`kM*elI&3?JCr_wY~e$?!v=<e_x9I3jZ95_Q>5{vYs}EVML=z?6|xT
zO-SV!tK5Q3-EN(7IxUBeG5W9_xWG%jEUO&FWl=v=w4vOEUz_aO@qN+sjRMXWjL%kA
z-Za~<s!Q68_m0Q~tyF|1c`6bQKQy-UL9L0`@*HRBt_5`=_S8=eebQ>5e7iW@D`gZ=
zty{T6BE?l4f6Q~WRC#k>G?(7CYP*7Q?6j3MU1;WHjM8#dv+>O0Jsg`_T9=0VvwHUj
zo}`aM^G_AeNT}zx-ld<_P_LwBShDetdFp+x{a!kT-idt_=gqF@NmJ{}>ACpT`1HD9
z$8mYR_60H8RMm(f8Z1P@RJ~X>Ux%l##*J<0jQ44wEx*o>b{ZFcCeh2{H_;WG8%0NR
z!np|@synLH9Go`d{ul7Wj?i<lD{sW7z>aJ_1vUgtbME`nFnAzQk%Qu=V&_A(O}%41
zZU5wSOh2kQtR0ANL1cgvUCLub#o_a7;Wf_WuVf@|<$r!w#TW9aj_&vJ%JwDFBb!Gb
z(%2nu9)_TBJ-t{ip6&{weiRN=&-_=}73y!Z86WRRoy_)B^SrF+p!%j#wKzh$x6{#0
z^Zk)T7r?dat$Hi;mOM2-qY$k_>`5z+6OphvjGyc=AIk1ibl-3-YApzRQX`0#6KC(T
zmlsA*93@{04ME?>G#AU20sd-_f&O;%^7tG}k80!<UXPD%ZoSFN7>!_7<p~kfYq4v|
ztF_w<RURP))Y9cI_V)24kv~+Uv)msi1N{7<s+0<EcCFSw(wjM1y}IS2HS@^=)}5ki
zMSQY|*gvueZGC+771?FcVJfas=bN#){9?;#8Y;a$&9cVe`_J-n<>IdBaH9HT!05dZ
zw)+>CBkg^TKGgG4%4{Wf+oIYc^@_dJGABcb^>u!SM#jKc*OAY=Z)tft)okVMz2+!}
z?r)i_WChiRR7ndLG9I(!hW4J@6)r@Iz7hYLmUrYYbjFU@r594Q2YJh<yayWK5q~G#
zazyzQ&-cCb){tU)1$pc|VEP{3l!Cv@ci0E8+L=6sRDU7wq0@Lq>(49CjxlcQJN`Oj
zgfbZnx&rlHAD1J<x2Jd2Gb`@&SXzsbpQl<_*YQGTjM2GSMSs(abNL^?!ByPXb*S%M
zu8M!i^Yovdp&_ZqZwMcv2ZzpcOqP5?N1V?-p#$EX13H##zgU&<F|3t5t@irgXkm5u
zRhZ-boR&6R=5o30OsL%_f-iywj`g}O#nks=rvXVE`bt#6!}Gc>X(FY4Ew9z^Ou{3}
zRqNReZ)D5pi4LAYTcqMd=uzG4Kr@p8Ue{+~i+*2x3FO9J-+51YYoSlZZ0y&@#5<{5
z>(GlswAZKg^LclE>$hC_dLU?|)~;HtSg3Ic*4{7dLNzZJt35=fVBd}>d55>qPX5;C
zr73$b9bFG)F)}zU7m?3R?e5Ed$*xG$)6yfs7r@^CN%%o`^^kNXef2Dko>%8w9j9oJ
z>d508d4(ibd%b;22lD;Uo6@nM4^*PJ@45Cu&l_rA$<5?sE|ts8<BI7CM(XP#o@X@l
zE<RfKji#B5qbQfJYO=m*ChM7|pLk`Pd1bkJ<w#J+i34&4xLGfbhxS^fJ<YsMu^8i~
zX{Pl?C?kF8jKvzxaD5*Z356s>U%o3PnTySs*N%*}9qIa>3Qv*$sx~-wf3?1y-o2<d
zMVyu`Y2*o;-P+f@SoH!zS!=osY0Xpk2>2q}s(qjLwQr{R>plRVs0Jd^hScY^^96=j
z-=9{&xM<2%SemS}^WS^IYs7sY$#3pS(sLoHoc5f=>rXi+_vkDBI8j=xBeD^(;SS~B
z1Nq;^62`E{v$UsgKP^wkX}>OMO^&H8LcH3lk+`|Vy0sG-Sk}rl;Y_Q|?XQtW&iyzB
z65CE1;5`sS!D7XF=L{2)kiB#MH+gC6+qMrbKf9?VTIJ5_%aVt9f?1E%<KS83H!?&e
zy4u&eE3NzY><v*H*q+iGN&H#VZ@wNBMftS)?Kp6mtG`tJ5$?ZDTjOtxwsJZqY-6fg
ze`B?h))&pIfh6<mej)qn=e-_^h5kS!vf0r8SxS7O6Pi~&#3J2Pzm|$Icvf$cdoytr
z&EYNO@a4BK6}rZ0V_a-mq|<B~?4WuLO{^hoB0q*$l@)$Yf#x8nO-!{1YPJvCtLci(
zxr}S6*xoCxP_>z{@aj1@SjF5tq@2^dKDJ{zw2JO}dXtk8elOx)T{tgO$&&T<Wek~<
z^3HCAi||F5Ev?S0ccZc*_%*yo^oo2Z{23x9+@?%^^7I;i6Fpz5+|Ve?<|W3|{m97*
zZ67J&D%oyYW^ATUY1yIDGPL|tc>B7{LA{XQUyCfzi1urd3Fjgk$WFCS-2PS7PQfzZ
zE&#pN9f_i`MWhK*==~sxvb6CmRnGh<8Tj7`y2idsqbuE<958z0-J#KkVj6?@1U+`r
zuqkswQC7V%!w|-fko9S&)XWyc1eN3+oC<Zly9qCXm}-3AGPjREr@k%?I}c^<-$<2&
zUyDD9tRze2o$OE$Js+}@+>dGwH+SSt4epkusssBf>`m&O4zJ`ry=4+>kukt$#JF|O
zMWeBHS|!D4#L6{7{=VS`k9G7QjmwXr2Xzd66S;9E_vF8d(95j8{%1fpd}X)0<nMLy
zx!u)FVW<7H#MGheSSshH?`h5LR*uz94rkr(Z%w17JH0dpHchY2bzcR1<TxkyWR)MQ
zuS1RuU%6Itd~+zA$j&9X;OI*7HqPZe>Z3SMWJkCZKl+vYCW0H6lIw0S$FEgu-XCv#
z6jM=6^KO{Cpu5oQ0+O?%mJw@%?D(}@r57T>s^|IePskT#JvGwCGiW@t9oCesww{P1
zmyyh4TC<EF+iljH%isk(rkC=ZPm3EI$ZWD2@2;Oi?6r?!4(iCCw+^dUzS$`r%gWmg
z0BVE35`N(H;hy|Hmwy_C8yeA_vh5to{V`I71@zh|iOqBw=X%>p%bBARx2s?c+l>!N
zLJS|xpl54!eTN`^y}el)_KxJ7(|!5JZzQnhZ^kuOPXBhLm*d;2el_}>&uZ7>b+nMi
zgC8S652{|%j9p*bHtSK<vX;qvBnZ)bYxM1YsX4V$o6ZJV3-?8GT$P^??f62xR$XJN
zwmID!o@@V6P-o|Z&g8j0!7!Q}O|LwmcxI>Lg-Bl_lZs7R_)(sJT>O5tNXo}MOLh4%
zZ~Oj9$!o7lo;xdTN6rC+)_s3zGK_j2`QU{34Ty2Q4|hr8y`P?bTCVI$pNWF%>0LuM
zR``2CC>A<7NMQ9h!Lh@u+ubC)0z`AJ)ozZ^xRp;$BUt<%qKD_z+d9tXZ6o8ipb1z-
zyy%^hXW4VsXtv5?-u2Il4T+<U-(n6gu0^K_sr|$581Yv1QSq>e5f6{3j^ADyuf83i
zezmSBUN5&7{Tlecob<=9#$I5b;+6bh1?W3gbqw_Sx1Xh?)tq~`t$5roxfYJaW7YE`
zA&&hxSbX(DTt5_!01=-TR{O#6a#}u&)t?-etL<ndRDa}SY1uJbYL5`Gcp}=@ZUt70
zl@kq|;=l@bl_+#)QuVCGEi7~K@`GH5M;yZK&O-OOM%V0YNlLP7Bq3fW#Fs;J9>=!I
zga;DszFVFoQ#^zkZF(8dxBVREm9CF;&PDm!IzF~(X{T{bj?63RCs@!kUc{WMk%y|L
zr5b_x59nuX7P2Z>Q}FL3GBZH@>sa0=riljsLY{;R@X0ND9>xRXlzh39n$eGO)ODFL
zZ~xhG349Z`>*1Ei@&m`ck@F_%*P&U4oI#zo^){G(Tp~qB#mUBY<C>Ck8a3^7r?0hD
z`yWY!>{0OtiNxuRAm+`P)(@=%^}+R<NR__{Z@d)$0J*_jt%{!|*W~Y|^uXFMtDwI$
zSn9ZzhW8&t!)OIfJXk8vTnR^TD)!Co{^;ugyWhj8=TKGEh)u1b_u7tT{q1$bHY<d*
zeJiVjr5{Go?9LQ-FOTB&N}fl<J5L>JpgMQIH1NTA=$%i`mxj-ugEhx8v`mL*9XLDZ
zt&h`64nJWlS~tLrW=y1x*-|%*YQChCo$-9(cfrbP9RoKTWBSwU=u;h6^NwFP<ynL>
zaYuYb?nz_!;##CGzS7REKlN5@pSX0)p>4{xa~KTAs5Mr?F}l1c_4v|bU4MINJmNvP
zdN_E&W{+BY-ubuBL@z1|(Tx_-=R1}ern=KrG~pZoJ05!aP9tkqWxm)&xz}j^HgiVH
z<cryDBIZ@2mGy>q)5+nQ4B6A#?$Iwz#`uwRGD_jhf5?v5;Q-muhh|rdT2D2jO?|)n
z!u6a|M`Ad67?**YX)`Swsy=0iJB^UBLc_+r`99QfGVhqvp5TJLRIMJR5eRO=(@c6Q
ze%t9QpZkB7=uDjdayod5Hm%3_n@uNXs{D2+&#_;wcZI~qG9BG+ylQ!3<cL}AMRX{Y
zd7)IjNs5fH&<9P=02-5XN@!W)QLOwBZCJ(o-1@&XoHp65F6Oc$F+fhuVeiCwIfu(J
z+Q{K0>~p-Y<Izdutc%sg$pr90j-^?wiZZh)&30wKRda7NlJD%^s#TlwMBO(PK}4bK
zGzE1gI8DO{hhX(%n1k)ZdmKB%aUQ4L4VPoal|sqUjdE8RVA`tgzw!xwsO=8x2`FN`
zmg}Kf*GT~EcJn`d39`ENe=Vk5k3zZctrPp(GxqJn{Ep=BTLfc0`o2qhU1b9i^}0TF
zEsiIJhP0HH9s8vXekSP0GRF@8UUq2rJ<Myah$5eJ*z6u@RtS=!YB@LwVU|NE_lD^C
zIrViLvDw6B#Gc5?$Fn~C5R;5^_Hf<3BffbZS6%zj9m_;vIp2%EGdsBIb9S4HdGw(x
z{@aWhtKqfG7qb<fhh8uKH`mu~#J`i&cy*f3F)h-&wb&I;^P--{Vcmx{JJyYYC<(dP
z^{ksAT6MaXw-F;@4sdFxeGE<5zO}B{m<Q#)nE2$^BB3>MMg(tJKK(Yzg=U-8-*cK;
zRt)PwSNUOHVpFT!^ktr5+<w?Zi)ndN_b+2Q*dI0V?CUZPa4Fs~UayOL{VcCt)@40w
zO?MLQ9F^4|Fu!_;R$tOsmL?B;RI}Io?86CODyCBTi+cSx!U=Ki&shg!w2?!Y-*c^@
z+OF@@(M{vCYO^?;8DfZE@wZj_LQ4|Y;z_Fxz+GZQt?*shWwzKh^(x8U;HFs3kk-%j
z?r`ECdOi}Z>mmduA=r6_n&ov_jT73X2d1y%9KmX&ZbaYi(JxyD+>>Ys_vCOlF~41;
z?169-IrL=b!b9=(?<Nt(XfcOlHwvUf+i^@qHI0t2f5-uF&2Os%rTLd&*X34f-J)xe
z8SHk0-wTQTsYT6`tR~eAwC-R1<b$IWU)LP2=iBq`!sK_dw$x#yvh3w#IBeTW4ketD
zdn)omwUcThqn+ZlbOqVIRMXhATkXji;RbSk*Reu2v&%bCO>KUwR?5?Qo18^PR)XGY
zd>5pW-$l%sN+a5$R#btao+sqH>{=mrwcZz>@rvj9#J^)5sf<OCzVkVU;*Vhtwo4x9
z?FM9z#_=>vC%0)KCkOU~Z{d0><EV}PLjF$mc?ybY{8w`&sc~d|b~pA?-Ant<ZM4YX
z(56nsM{?+!z6Z<ZeQt7mU*-xUJx}Ev!5H;1Lm#zY8#!*RQl-9Ko4!v+w<{JjKV5xJ
z)q41+)RLw;tm#bEPuQE>K8)UfTI$PHS<Qn=)$Uo<ud3^)^`UjFkq}SiyK3iZENNU!
z&2=Qp#wIqI-l>h1_e9p7dZf=<@_9E6HLR^1rb6miZ#I^(P&-BoY5Wp5MR(yhp2=Sz
z6+LC~8{V;qQ7r1j>QQMH%>E+i1ku#LqZTcB*QfHDxX^Q<t9t#$n<?so)1s?#IRwQ^
z8_&|POeG|^Wlz@3yp8Y5)jSnz2Wk9bfPFcPdJeBfo$7V2_ba*k3*5Hp|2kU8;q{()
z^!Ef!V~l2fZ7q+_u}V~~VR^il7-uLK$>+T*KL@f4=39pSy(_qD>^5^8yIV?bJEdLk
zfu7QSA#(jqnH5Q;Vg82ys=cjNj7!V$bmV4p{YqovNJdZ3T_n|M&T0Eh{U|t&6}c<i
zIILp(QpT|~xe-S2bhq?*scrCesDH34_6}7>)JC$(-rtLVq`qo@`7veNIXO~4i>SAT
z_+#gey{55~gP$M$9D0zJ4L^#7%XqaGEEX@ewB8TP?h29E@a(qRSH*JD*e%%+$XBA_
zS|2`VRpp{Zo9frnu&dcA;o18BXzWHU$K9Kymgf6<Mr{`#vdzi6P_j8Y1FT`qS8)}3
zt?aH~tJwa@CeGp3edqa(dmC`OBYEQw#Y!3%zj>-T9LM`J<eO=HrrPZL&F$ckL$RbE
zj?N=FszX*f?KMrY(mCrQ-saMH<WPM1?~1Q)t4|@ZPvmDvg^unNbG)GxSJKNn#aB|3
zc(1%4>`-)@Uv*0F|5CeA>(*g+6UTUy;P%b7ot8wFZ=hpvcC+Op#^>d^=zcxrNcNIe
z%OOf>Ig@Uk$*^#-Zmb5iE&MxLG+L;3xmq9WQ;}z5+;S&5!ym&aw*~iO#r0xRpe_CW
zxNH}foSyzvTz^u=Q8bqCWCC@6^{fy(QHpgWzzae5Nx6G${)zhPn?daKecv7&TI`+m
zirX8xz2P_x+tKfjley5J3WvUqWsNl7&>^y_c~1q2#97FFWcU9U`71=Ij}G6PuSUgO
z?y|<s+`TTm*4+wf23|=U<inm0s=PIh6|&?R8dIkHuJ}yWUH|>7;MM<lzdtMfAE98M
A8UO$Q

literal 0
HcmV?d00001