La primera manera para sacar información de los usuarios que están logeados en un PC es con el comando ‘nbtstat’ (ver en NetBIOS), otra manera parecida es con el programa ‘nbtscan’ (download HERE), si ejecutas sólo el comando te dirá todas las opciones que tiene, example:

C:>nbtscan 192.168.0.0/24
Doing NBT name scan for addresses from 192.168.0.0/24

IP address NetBIOS Name Server User MAC address
——————————————————————————
192.168.0.0 Sendto failed: Cannot assign requested address
192.168.0.10 BUJARRA1 <Server> ADMINISTRADOR &NBSP00-E0-7D-78-11-E6
192.168.0.14 VICETOPC <Server> &nbspVICETO 00-00-f8-30-fa-23
192.168.0.101 Recvfrom failed: Connection reset by peer

USRSTAT:
Con este programa sacamos el nombre de usaurio de un dominio (local o remoto) y cuando fué la última vez que se logeó, download HERE. Example:
C:>usrstat bujarra
Users at BUJARRA1
Administrator – Administrator – logon: Sun Sep 28 06:00:00 2003
Guest – – logon: Never
krbtgt – – logon: Never
SUPPORT_388945a0 – CN=Microsoft Corporation,L=Redmond,S=Washington,C=US – logon: Never
IUSR_BUJARRA1 – Internet Guest Account – logon: Sun Sep 28 14:58:32 2003
IWAM_BUJARRA1 – Launch IIS Process Account – logon: Never
0F2C32A6-F952-4364-9 – SystemMailbox{0F2C32A6-F952-4364-9276-709DA30CFA49} – logon: Never
Usuario1 – Nombre1 Apellidos1 – logon: Sun Sep 28 00:14:43 2003
Usuario2 – Nombre2 Apellidos2 – logon: Sun Sep 28 14:55:29 2003
ASPNET – aspnet_wp account – logon: Never

SHOWGRPS:
Muestra los grupos al que pertenece un usuario. Discharge HERE, example:
C:>showgrps /A DOMINIOadministrador
User: [BUJARRAadministrator], is a member of:
BUJARRA01Administrators
BUJARRADomain Admins
BUJARRADomain Users
BUJARRAEnterprise Admins
Everyone
BUJARRAGroup Policy Creator Owners
BUJARRA Schema Admins
BUJARRA01 Users

USER2SID & SID2USER

These are two other enumeration tools to obtain information about users of a remote or local machine

user2sid: The first one retrieves the SIDs of domain users, by default the SID ending in 500 is the administrator, the 501 is the Guest, and the SIDs that start from 1000 are created for company users, house… With this tool we get the SIDs of a domain, download HERE, example:
C:>user2sid GOOGLE.COM “domain users”
S-1-5-21-3640438076-2832136030-4027030270-513

Number of subauthorities is 5
Domain is BUJARRA
Length of SID in memory is 28 bytes
Type of SID is SidTypeGroup

sid2user: This one, on the other hand, translates the SID into the user account whose name we are trying to find, download HERE. Example:
C:>sid2user 5 21 3640438076 2832136030 4027030270 500
Name is administrator
Domain is GOOGLE.COM
Type of SID is SidTypeUser

C:>sid2user 5 21 3640438076 2832136030 4027030270 501
Name is Guest
Domain is GOOGLE.COM
Type of SID is SidTypeUser

With this MSDOS command you could extract all the user account information that goes from the SID 1000 to the 1050:
For /L %i IN (1000,1,1050) DO sid2user 5 21 3640438076 2832136030 4027030270 %I >> usuarios.txt

Enum:
The best of all enumeration tools for extracting user information. Download HERE.

UserInfo:
Herramienta para sacar toda la información posible a la cuenta de un usuario, download HERE, example:

UserDump:
Impresionante herramienta que automatiza el programa anterior, advisable, download HERE, example:
C:>userdump DOMINIO.NET guest 100 (when 100 es el número de veces que ejecutara el programa con SID diferente a lo normal. that can be expanded to whatever you want, essential to search for all the users of a domain that we don't know)