So forefront has policies available to tweak the configuration of the endpoint client depending on the system it's installed on some of these are AD DS, DNS, DHCP each of those is a seperate policy but what if you are running all those roles on a server?

Ben