Local Security Solution Primary User Technical Workflow

The Computer Primary User Resource Association is populated by the Local Security - Local User Inventory policy. It reports on the registry key SOFTWARE\Altiris\Altiris Agent\Inventory\PrimaryUser populated by the NS Agent. If a User resource does not exist containing the specified Domain/Username a new User resource will be created with just those details (Domain/Username)

The Server Resource Discoverer - 'User Server Resource Discoverer' attempts to discover the User resources who do not have the Inv_Global_Account_Details populated:
- It attempts to resolve the specified DOMAIN/USER to a SID
- Resolves the Domain Resource specified by the Domain portion of the User SID (Creating a Domain Resource as necessary)
- Populates the User Inv_Global_Account_Details Dataclass with the Domain Resource Guid, User RID (Relative ID) and User SID.

The Primary User policy:
- Obtains the Primary User for a machine via the Computer Primary User Resource Association
- Embeds the SID specified in the Inv_Global_Account_Details Dataclass into the policy.
- Warnings will be produced if no Primary User is available or the Primary User does not have the Inv_Global_Account_Details DC populated

The Primary User Policy will only change if:
- Local User Inventory policy reports a new primary user.
- The Inv_Global_Account_Details for the specified Primary User has changed.