Anyone have any idea any idea why we have Workstation\local_users in the system console user?

VIKASH JOSHI 0 Reputation points
2024-05-28T14:32:38.2166667+00:00

checked for Primary Users/Resource Explorer for machines from SCCM Console and out of 20K machines, almost 16K machine having one of the primary user as 'MachineName\Local_Users'. Is this expected? Where is it coming from? is it because of the system account sccm uses for installation purpose?

image.png

Microsoft Security | Intune | Configuration Manager | Other
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sherry Kissinger 5,526 Reputation points
    2024-05-28T15:00:45.4633333+00:00

    No, it's not because of the system account uses for installation purposes.

    A couple of guesses:

    If you are totally on-prem, not Hybrid Intune, then it is exactly what it says on the tin: there are local users for that machine which login, and therefore "some local user" is the primary user of that machine, not a domain user.

    If you are Hybrid Intune, then possibly 'who logs in' is an Azure ID, like ******@YourAzure.edu

    Since that is also 'not a domain (at least, not a traditional onprem domain)', CM also sees that as a 'local user'

    My top guess because you have 16k like this... most likely you are intune hybrid, and 'who logs in, and therefore becomes the primary user' is an AzureID. one way to check this...

    Select count(distinct resourceid)
    from v_gs_system_console_user scu
    where scu.SystemConsoleUser0 like '%@%'

    and if the count is suspiciously close to 16k... then my guess is at least 51% plausible.

    The REAL question is... "why do you care". Is there a business process around which you wanted to center Primary User ? What's the end goal? Maybe there is a different way to achieve your end goal, instead of using 'primary user' (which was designed 'back in the day', before Azure IDs were invented, so it's not really meant for that)


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.