...
Discover a DC subnet w/o credentials, see what you get with out of the box settings.
Result: Nothing, as it turns out.
...
Discover a linux server with a non-privileged shell (i.e. adduser testuser, no sudo rights), see what you get.
Result: You get quite a bit, although it also gets a lot wrong or misses stuff entirely.
Gets:
...
Discover a linux server with a privileged shell (i.e. prescribed sudo rights), see what you get.
Result: Not at all different from the non-privileged version. Don't know if this is because RHEL6 is different or what, but I don't see any additional benefit from allowing lsof or dmidecode. Maybe because nothing of interest is exposed by those commands on this particular machine.
Platforms
Proof of Concept
...