Just an interpretation here, but…
I think the
not exists 1 whose ()
Should be functionally equivalent to
not exists true whose()
In the sense that
exists (something) whose () is there to trap relevance evaluation errors inside the whose() block by basically converting an error into a ‘false’ result.
In Compliance checks, a True indicates ‘not compliant’, except for the Applicability fixlet in each site.
I think what this particular check is doing, is ensuring that the number of mounted user registry hives with the ScreenSaverIsSecure value of “1” matches the total number of mounted user registry hives (hence, none are missing this value). The regex used there matches the format of a user SID, as it woukd appear in the key name beneath HKEY_USERS.