You could also create two different Compliance Templates; one for DCs and one for Member Servers. This is common with different security guidelines since DCs are handled differently than all other servers from a security perspective.
Bill I have already created two different rules as mentioned above. As a remediation also I need to have two remediation package if I create blpackage by live browse server objects. This is very much straight forward.
another way is to execute add external command to the package
but how can we use parameterized logic if we use external command ?
I really do not understand the other way you have suggested(in specific to this rule becoz as my knowledge we can have only above two approach external comamnd and live browse blpackage)
That would be a way to do. We have very few rules(max 4-5 rules) where we need to check if the server belongs to a Domain otherwise for most of rules it is a member server.
So just checking if we can do something instead of creating a separate component template here. I think its not a bad idea to go with two different rules. But this will be my last option.
did you read through the article ?
you would need to create different instances of the component - one for a DC, one for the member server. you would setup the discovery condition to determine if it was a DC or member server.
then you'd add local properties for the settings you want to change and you'd use those in your blpackage.