Cain's SID Scanner allows the enumeration of users, by NULL Sessions,  on systems the has the "RestrictAnonymous" parameter set to 1.

This parameter that resides under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA restricts the information available to anonymous logon users as described at the following link: http://support.microsoft.com/default.aspx?scid=KB;en-us;143474.

Evgenii B. Rudnyi  with his well known tool sid2user, demonstrated the possibility for an anonymous login user to list the account names even if this kind of protection is activated. The SID Scanner uses the same methodology of this tool to extract this kind of information.

 

Usage

To activate the SID Scanner you have to right click on the "Users" item in the left tree and choose the relative function from the pop up menu.