The administrator account has a RID of 500 by default, the guest 501, and the first user account has a RID of 1000.
Windows stores user information and passwords in the Security Accounts Manager (SAM) database.
The net use command is one powerful tool for enumerating Windows. With a net use \targetipc$ "" /u:"" command, you can perform many enumeration activities.
Simple Network Management Protocol (SNMP) is a popular TCP/IP standard for remote monitoring and management of hosts, routers, and other nodes and devices on a network. Version 1 is a clear text protocol and provides only limited security through the use of community strings. The default community strings are public and private and are transmitted in clear text. If the community strings have not been changed or if someone can sniff the community strings, they have more than enough to launch an attack.