Wasn't "But we had to have SMB for our internal shares on the network" the NHS problem?
So why is it enabled on internet facing PC's as well?
Is that an actual method of working for any organization?
Don't feel too bad. Port scanning to find a port that shouldn't be open (but was) is exactly how Gary McKinon got into the Pentagon.
I think sysadmins don't like to do port scans from outside their network as the can't see the point looking for something they know isn't there.
Except of course when they are wrong and someone has left ports open.