Arctic Wolf Agent Installation on Windows - Multiple Endpoints

Updated Feb 12, 2024

Install Arctic Wolf Agent using Group Policy Management

You can install Arctic Wolf® Agent on multiple Windows endpoints using the Group Policy Management Console (GPMC).

Note: Group Policy installation does not currently support VPN-connected endpoints.

Requirements

Before you begin

Steps

  1. (Optional) Download the Agent installer
  2. Create a distribution point on the publishing server.
  3. Create an Arctic Wolf Agent Group Policy Object.
  4. Create and assign the Agent package.
  5. Verify Agent package assignment.

Step 1: Download the Agent installer

This step is optional.

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click > Downloads.

  3. In the Arctic Wolf Agent section, in the Operating System list, select the required operating system.

  4. Click Download Agent.

  5. Copy the UUID value, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

  6. Extract the contents of the Agent zip file.

    The MSI file and customer.json file are extracted.

  7. Make sure that the MSI file and customer.json file are extracted into the same folder.

    Caution:

    • Do not edit the customer.json file. Editing this file causes installation errors.
    • Do not save the Agent installer or customer.json to a location with public access. Keep the customer.json file confidential.

Step 2: Create a distribution point on the publishing server

For each user or machine, complete these steps:

  1. Sign in to the server with administrator permissions.

  2. Create a shared network folder for the installation files.

  3. In the new window, right-click the Agent object, and then click Properties.

  4. Click the Security tab.

  5. Select a group or user.

  6. In the Apply Group Policy section, select the Allow checkbox.

    The policy is applied to the specified groups.

  7. Click OK.

Step 3: Create an Arctic Wolf Agent Group Policy Object

  1. Click Start, and then open the GPMC.

  2. In the navigation menu, click Forest: <DomainName>, where <DomainName> is the name of your domain, and then click the Domains folder.

  3. Right-click the domain name. If you:

    • Already have an Agent GPO — Select Link an Existing GPO, and then click Edit.
    • Do not have an existing Agent GPO — Create a new GPO:
      1. Select Create a GPO in this domain, and Link it here.

      2. In the New GPO dialog box, enter a name for the new GPO.

      3. Verify that the Source Starter GPO menu says (none).

      4. Click OK.

        Tip: To assign a security group and make sure that Agent is deployed to the correct group of computers, see Assign Security Group Filters to the GPO.

      5. Right-click the new GPO, and then click Enforced to enable it.

        The GPO is enabled. A lock appears on the GPO icon in the navigation menu.

      6. Right-click the new GPO, and then select Edit.

  4. In the new window, right-click the Agent object, and then click Properties.

  5. Click the Security tab.

  6. Select a group or user.

  7. In the Apply Group Policy section, select the Allow checkbox.

    The policy is applied to the specified groups.

  8. Click OK.

Step 4: Create and assign the Agent package

  1. Open the GPMC.

  2. Right-click the Agent object that you created, and then click Edit.

  3. In the navigation menu, click Computer Configuration > Policies > Software Settings.

  4. Right-click Software Installation, and then click New > Package.

  5. In the Open dialog, enter the full Universal Naming Convention (UNC) path of the distribution point containing the MSI file.

  6. Select the MSI file to create the Agent package.

  7. Click Open.

  8. Click Assigned, and then click OK.

    The package is added to the Group Policy window.

  9. Close the Group Policy snap-in, and then click OK to exit.

Step 5: Verify Agent package assignment

Note: If the Agent object or policy applies to a client device and is assigned to that device, and the distribution point is accessible, Agent automatically installs silently when that device restarts.

  1. In a terminal, run this command:

    gpupdate /force

    Example of expected output:

    Computer Policy update has completed successfully.
    .
    .
    .
    Certain Computer policies are enabled that can only run during startup.
  2. When prompted, enter Y to restart your device and install Agent.

  3. After your device restarts, sign in to the MDR Dashboard.

  4. In the Endpoints table, verify that the Agent installed on your device appears.

    Note: If the Agent installed on your device does not appear in the Endpoints table within 1-2 minutes of device restart, contact your CST at security@arcticwolf.com.

Next steps