Windows Live OneCare as its name implies, can help keep home computers safer, running optimally and easier to use and manage.
Many families now have more than one computer and Windows Live OneCare is Microsoft's solution for home users. OneCare was the first product to add computer tuning and routine maintenance features to a security product - including disk defragmentation, disk cleanup, Windows Updates and backup utilities. Clearly, Microsoft's goal for OneCare was larger and designed to help users maintain their computers, which meant more than helping protect them from undesired software. OneCare had to help users manage the basic tasks necessary to keep a Windows computer running well - and it does. OneCare allows users to easily set up a maintenance and tuning schedule that helps keep their computers running well and free of undesired bits. OneCare set a useful trend and soon after security companies like Symantec fielded competing products like Norton 360.
Last year Microsoft added management support for more than one computer from one "HUB PC" within what it calls a OneCare Circle. It's a great idea - extend the easy to use OneCare maintenance and tuning wizard to more than one computer and run and monitor it all from one PC. Just as business and enterprise administrators manage security, computer maintenance and backup from centralized systems, Windows Live OneCare seeks to do the same for small home networks. OneCare features an easy way to add and manage up to three computers within a OneCare Circle. Member computers have a simple and clear status icon next to their computer name and text describing their status and what actions to take where they may be required. I like the idea and welcomed the ease of use, affordable cost, and efficiency driving the design.
Just as with many business and enterprise security and maintenance applications suites, the Windows Live OneCare Circle has had some teething pains and its share of problems. We've seen our share of such problems and recently I noted that the status of computers within our OneCare Circle were incorrectly reporting that action was required. Randomly, two connected member computers within the circle would reflect that they needed action. When the connected computer was inspected it was discovered that the local OneCare client program was running normally and each reflected a green status icon. All three computers could see one another on the network and all ran normally; all three systems were up to date and connected to the Internet.
A quick reboot of the HUB-PC did not solve the problem. Removing a member PC from the circle and adding it back again solved the problem temporarily, but the same issue appeared a day later. Removing and adding back a second member computer produced the same behavior and the OneCare Circle status, while clean and green at each member PC, continued to report that action was required at the HUB-PC's OneCare management console. With all three member computers individually reporting a green status, the problem had to be related to how the HUB-PC receives information and status updates from the service... but which one?
Since each member computer individually communicates its status (this applies to licensing, subscription status and state) over the Internet, and in each case, all reported a green status, it was more likely that the HUB-PC was either not receiving reported status updates, or it was not able to pass the information from the system to the OneCare Circle. Microsoft's documentation recommended restarting the service, which was done, but had no affect. Then it struck me... there is a relationship between OneCare and any security suite's processes and the Windows Security Center and its service. The Security Center service is a Windows Local System Service that is set to delayed start. A delayed start provides monitored processes enough time to start normally before they begin to report their status - in this case, to the security center. OneCare, like most security suites, uses this service - though in OneCare's case, monitoring actions and settings are executed from within the application, instead of at the security center itself.
Given how OneCare works with the Security Center, it seemed possible that it had not reported member computers' status either in time, or accurately. One would think that a system restart would have solved this, but then another thought occurred to me... the host, or HUB-PC used to manage our OneCare Circle is a Windows Vista Ultimate computer and Ultimate uses secure startup, or CornerStone technologies. Secure Startup isolates a computer during start up and shut down and prevents access to the system as security software covering network interfaces comes on-line. While not confirmed, its seemed possible that secure startup was preventing OneCare from receiving information from the security center... one way to find out... bump the security center service and observe for results.
By going to the Windows Vista Start button and typing services into the Instant Search window, it was easy enough to find the services management console snap-in and save a trip to the control panel's administrative tools section. Clicking on the services snap-in and opening it requires approving one UAC escalation prompt, or entering administrative user credentials. Scrolling down the list of services to the security center service is easy enough to find - for those interested, (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted is the path to the service, properly named: WSCSVC). To manage the service, highlight and Right-Click it and select properties. To restart it, stop it, or manually start it, or any service, right-click it and select the desired action. See figure below:
When I bumped the security center service, Windows Live OneCare's status immediately turned green on the HUB-PC used to manage our OneCare Circle and my hunt was over... I had found out what was wrong and what to do about it - it sure beats un-joining and joining member systems, or hunting for another applications suite to help me manage this small sub-circle of computers on our home network! [we have a couple of home networks and this one, MCEWG houses the media centric computers and two laptops used by some of our younger children]. While not a complete, or permanent solution, bumping the security center service on a Windows Live OneCare HUB-PC is a quick way to resolve the error in status reporting and offers home network managers a way to address the behavior without having to remove and re-add members. I'll wrap all this up and fire off an email to both the Windows and OneCare teams and perhaps they can provide a permanent solution. In the meantime, I can quit sweating system status and get back to work. It's unfortunate that the very software and features intended to make multi-PC family network managers' lives easier, sometimes makes them more difficult instead. I'm still very much in favor of the idea and OneCare and I am sure that the OneCare team will continue to improve the product. I hope this post helps other OneCare users keep their home networks and systems Clean and Green.
Windows Live OneCare awards and certifications
Windows Live OneCare Team Blog