Back to blog
PowerShell

PowerShell for DHCP, DNS, and Print Server Security

February 15, 2026

Introduction

PowerShell can be used to set up and secure core network services like DHCP, DNS, and print servers. These services are critical, and misconfigurations can create serious security risks.

This post focuses on the most important and practical PowerShell uses from this setup.

Installing and Securing DHCP

PowerShell can install server roles quickly: 

Install-WindowsFeature DHCP -IncludeManagementTools

After installation, the DHCP server must be authorized so only trusted servers can assign IP addresses: 

Add-DhcpServerInDC -DnsName "<ServerName>" -IpAddress <ServerIP>
Get-DhcpServerInDC

This is important because unauthorized DHCP servers can redirect traffic or cause network attacks.

Creating and Verifying a Scope

A DHCP scope defines the IP range given to devices: 

Add-DhcpServerv4Scope -Name "Scope1" -StartRange <StartIP> -EndRange <EndIP> -SubnetMask 255.255.255.0 -State Active

Then set key options like the gateway and DNS server: 

Set-DhcpServerv4OptionValue -DnsServer <ServerIP> -Router <GatewayIP>
Get-DhcpServerv4Scope

These settings control how devices connect to the network, so they must be correct.

Enabling DHCP Logging

Logging is important for monitoring activity: 

Set-DhcpServerAuditLog -Enable $true
Get-DhcpServerAuditLog

This allows tracking of IP assignments and can help detect suspicious behavior.

Managing DNS with PowerShell

DNS is critical for name resolution and security. Start by checking existing zones: 

Get-DnsServerZone

Then create the necessary records: 

Add-DnsServerResourceRecordA -Name "web" -ZoneName "<Domain>" -IPv4Address <ServerIP>
Add-DnsServerResourceRecordCName -Name "intranet" -ZoneName "<Domain>" -HostNameAlias "web.<Domain>"

Reverse lookup (PTR) records help map IPs back to names: 

Add-DnsServerResourceRecordPtr -Name "<LastOctet>" -ZoneName "<ReverseZone>" -PtrDomainName "web.<Domain>"

Verify that resolution is working in both directions: 

Resolve-DnsName web.<Domain>
Resolve-DnsName <ServerIP>

This ensures DNS is working and not misconfigured, which is important for both functionality and security.

Deploying a Print Server Securely

Install the print server role: 

Install-WindowsFeature Print-Server -IncludeManagementTools

Create a printer port, then add and share the printer: 

Add-PrinterPort -Name "TCPPort_<IP>" -PrinterHostAddress "<PrinterIP>"

Add-Printer -Name "OfficePrinter" -DriverName "<DriverName>" -PortName "TCPPort_<IP>" -Shared $true
Get-Printer | Select Name, DriverName, PortName, Shared

Hardening the Print Spooler

The print spooler can be a security risk if not configured properly. These registry settings prevent normal users from installing printer drivers, which reduces the attack surface: 

Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint" `
    -Name "NoWarningNoElevationOnInstall" -Value 0

Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint" `
    -Name "RestrictDriverInstallationToAdministrators" -Value 1

Why This Matters

These commands control key infrastructure: DHCP handles IP assignment, DNS handles name resolution, and print services are often targeted in attacks. Using PowerShell ensures these systems are configured correctly, verifiable, and easier to secure.

Conclusion

PowerShell makes it possible to set up and secure core services quickly and consistently. For cybersecurity, this is important because it reduces misconfiguration and gives better control over critical systems.