"It is fairly easy to enable the remote management of NT client machines by
administrative users in the NT domain. I don't know about Windows 95
machines, but it may be possible. Anyone know? This is just one reason I
BLOCK the NetBIOS (ie. SMB protocols) ports from outside our network."
Yes, Windows '95 can be remotely administered.
As for the SMB protocols, remote administration actually is done over RPC,
so you really need to block TCP 135 (RPC Locator Service) more than the