Flag |
Name |
Description |
0x00000001 |
Negotiate Unicode |
Indicates that Unicode strings are supported for use in security buffer data. |
0x00000002 |
Negotiate OEM |
Indicates that OEM strings are supported for use in security buffer data. |
0x00000004 |
Request Target |
Requests that the server's authentication realm be included in the Type 2 message. |
0x00000008 |
unknown |
This flag's usage has not been identified. |
0x00000010 |
Negotiate Sign |
Specifies that authenticated communication between the client and server should carry a digital signature (message integrity). |
0x00000020 |
Negotiate Seal |
Specifies that authenticated communication between the client and server should be encrypted (message confidentiality). |
0x00000040 |
Negotiate Datagram Style |
Indicates that datagram authentication is being used. |
0x00000080 |
Negotiate Lan Manager Key |
Indicates that the LAN Manager session key should be used for signing and sealing authenticated communications. |
0x00000100 |
Negotiate Netware |
This flag's usage has not been identified. |
0x00000200 |
Negotiate NTLM |
Indicates that NTLM authentication is being used. |
0x00000400 |
unknown |
This flag's usage has not been identified. |
0x00000800 |
unknown |
This flag's usage has not been identified. |
0x00001000 |
Negotiate Domain Supplied |
Sent by the client in the Type 1 message to indicate that the name of the domain in which the client workstation has membership is included in the message. This is used by the server to determine whether the client is eligible for local authentication. |
0x00002000 |
Negotiate Workstation Supplied |
Sent by the client in the Type 1 message to indicate that the client workstation's name is included in the message. This is used by the server to determine whether the client is eligible for local authentication. |
0x00004000 |
Negotiate Local Call |
Sent by the server to indicate that the server and client are on the same machine. Implies that the client may use the established local credentials for authentication instead of calculating a response to the challenge. |
0x00008000 |
Negotiate Always Sign |
Indicates that authenticated communication between the client and server should be signed with a "dummy" signature. |
0x00010000 |
Target Type Domain |
Sent by the server in the Type 2 message to indicate that the target authentication realm is a domain. |
0x00020000 |
Target Type Server |
Sent by the server in the Type 2 message to indicate that the target authentication realm is a server. |
0x00040000 |
Target Type Share |
Sent by the server in the Type 2 message to indicate that the target authentication realm is a share. Presumably, this is for share-level authentication. Usage is unclear. |
0x00080000 |
Negotiate NTLM2 Key |
Indicates that the NTLM2 signing and sealing scheme should be used for protecting authenticated communications. Note that this refers to a particular session security scheme, and is not related to the use of NTLMv2 authentication. This flag can, however, have an effect on the response calculations (as detailed in the "NTLM2 Session Response" section). |
0x00100000 |
Request Init Response |
This flag's usage has not been identified. |
0x00200000 |
Request Accept Response |
This flag's usage has not been identified. |
0x00400000 |
Request Non-NT Session Key |
This flag's usage has not been identified. |
0x00800000 |
Negotiate Target Info |
Sent by the server in the Type 2 message to indicate that it is including a Target Information block in the message. The Target Information block is used in the calculation of the NTLMv2 response. |
0x01000000 |
unknown |
This flag's usage has not been identified. |
0x02000000 |
unknown |
This flag's usage has not been identified. |
0x04000000 |
unknown |
This flag's usage has not been identified. |
0x08000000 |
unknown |
This flag's usage has not been identified. |
0x10000000 |
unknown |
This flag's usage has not been identified. |
0x20000000 |
Negotiate 128 |
Indicates that 128-bit encryption is supported. |
0x40000000 |
Negotiate Key Exchange |
Indicates that the client will provide an encrypted master session key in the "Session Key" field of the Type 3 message. This is used in signing and sealing, and is RC4-encrypted using the previous session key as the encryption key. |
0x80000000 |
Negotiate 56 |
Indicates that 56-bit encryption is supported. |