For the first command, I'm not sure if cme uses the IPC$ names pipe for user enum or the SAM-R protocol, but if it's SAM-R then this should trigger an alert.
Did you deploy the sensor recently? There's a learning period of 30 days which does not trigger an alert using the SAM-R protocol. There's an option to disable the learning period but it might come with false positives in the beginning.
The second command does not trigger an alert I think since you're getting the password policy with an authenticated user.
The last command should uses SAM-R I think, but be sure you didn't deploy the sensor recently or disable the learning period.