Re: Server 2003
If I understand it correctly (and posting here is the easiest way to find out), your internet cafe customer would have to be connecting to an SMB share that had been made available on the public internet (not via VPN). Furthermore, to let the attacker use fake group policy to take over your machine, you'd have to be logging into a domain via the public internet. If you are doing either, then I don't think you give a monkeys about security and you are probably already running a rootkit both on the client and the DC.
It's an interesting case, but I think there's a reason why the design flaw went unnoticed for 25 years.