How to turn off RPC management of DNS on a large scale

In an advisory issued earlier today, Microsoft issued several workarounds/mitigations for the Windows DNS server service zero-day attacks, including a recommendation that network admins completely disable remote management of RPC capability for DNS Servers.

The recommendation included instructions on registry key edits but if you're in charge of a large-scale Windows shop with numerous domain controllers, Microsoft only gave you the switch but no way to automate the registry changes.

To the rescue comes Jesper Johansson, a former Microsoft security strategist who maintains a must-read blog on Windows security issues.  If you run a Windows server shop, this is a blog entry you want to read before taking off for the weekend. 

Johansson provides a script with step-by-step instructions on turning off RPC management on a large number of domain controllers. "Hopefully this will help people mitigate this problem a bit faster than having to do manual registry changes everywhere," he explained.

It makes me wonder why Microsoft doesn't include these instructions in its own advisories.