We're out on a mission to find and eradicate XP boxes on our intranet.
Now we're wondering what the fastest (scan) method might be --XP boxes connected to our active directory have already been identified, but now we need to find the remaining, isolated machines.
Some article seem to indicate that scanning for port 445 is the thing to do, some recommend 137-139 and maybe 3389.