The NT Admin section of Code Catacombs has a bunch of scripts (mainly contributed by idnopheq ) which not only grab the logged in users, but shows login times etc. as well. Not being an NT person, I couldn't tell you exactly how useful this could be, but it seems to me that system accounts would be likely to show a login time of "last reboot" (or soon after), whilst 'real' users would log in at some time after this.
in reply to Extracting the name of a logged in user on a remote w2k workstation
In addition, there's lastlogin for NT/2K, which shows "the last logon date for each user in the local host's user database." Some combination of these would appear to allow you to deduce the currently logged-in user.
May it not also be possible to simply enumerate system accounts and remove them from your list?