A. After you install DHCP on a DC, for security purposes you might want to configure the DHCP service to run under a specific set of credentials other than the DC's computer account. When running on the DC account, the DHCP service could overwrite dynamic records that shouldn't be modified (e.g., the DC's service records), thereby posing a potential security risk.
You can reduce this risk by running the DHCP service under alternate credentials, which you configure by running this command:
netsh dhcp server set dnscredentials <username> <domain> <password>
You can use any account with this command; just make sure to set its password to not expire.
1 comment
Hide comments