The aim of honeypots in this scenario isn't to bait out people but software. The first thing that a targeted piece of malware is likely to do is find other systems to infect and map out the internal network. If a computer in the accounts department is suddenly firing off CIFS requests at your honeypot it is an anomaly that should be investigated. It's much easier to find dodgy traffic if there isn't supposed to be any rather than looking for it in the corporate network as a whole.
If it turns out it was a bored intern browsing the local network then the situation can be explained. If it was an opened dodgy e-mail or other attack vector then the machine can be wiped and connection logs gathered so that a clean-up operation can be attempted.