Restart Arctic Wolf Agent Manager

You can restart Arctic Wolf® Agent Manager across a single endpoint or all endpoints.

The following Windows services for Agent have a manual startup:

• Arctic Wolf Base Agent
• Arctic Wolf Agent These services are controlled by the Arctic Wolf Agent Manager service and no additional action is required to start or stop the services.

Restart Arctic Wolf Agent Manager on a single endpoint

1. Open the Services panel on the Windows endpoint.
2. Right click Arctic Wolf Agent Manager and select Restart.
3. Right click Arctic Wolf Base Agent and select Restart.

Restart Arctic Wolf Agent Manager on all endpoints

You can restart Arctic Wolf Agent Manager across all endpoints using one of the following methods:

• Restart Agent Manager with a PowerShell script.
• Restart Agent Manager with a Command Prompt script.
• Restart Agent Manager using Group Policy Management.

Restart Agent Manager with a PowerShell script

1. Save the following script as a .ps1 file:

   $serviceStatus = Get-Service -Name ArcticWolfAgentMgr
   
   if ($serviceStatus.Status -eq "Running") {
       Restart-Service ArcticWolfAgentMgr -Force
       Start-Sleep -Seconds 30
       Restart-Service ArcticWolfBaseAgent -Force
   }

2. Run the script using a deployment or remote monitoring and management (RMM) tool.

   Note: You may have to run the script as an Administrator and modify the execution policy if running the script locally. See PowerShell execution setting is overridden by a policy for more information.

Restart Agent Manager with a Command Prompt script

If PowerShell is not available, you can restart Agent Manager with a Command Prompt script. If PowerShell is available, see Restart Agent Manager with a PowerShell script.

1. Save the following as a .bat file:

   @echo off
   for /f "tokens=3 delims=: " %%H in ('sc query ArcticWolfAgentMgr ^| findstr "        STATE"') do (
       if /I "%%H" NEQ "RUNNING" (
           break
       ) else (
           net stop ArcticWolfAgentMgr /y
           net start ArcticWolfAgentMgr
           timeout /t 30 /nobreak >nul
           net stop ArcticWolfBaseAgent /y
           net start ArcticWolfBaseAgent
       )
   )

2. Run the script using a deployment or remote monitoring and management (RMM) tool.

   If you are running the script locally, you may have to run it as an administrator.

Restart Agent Manager using Group Policy Management

If you don’t have a deployment or RMM tool to push the restart command, you can use Group Policy Management.

1. Open Server Manager.
2. Click Manage > Group Policy Management.
3. Expand the domain forest to the domain level.
4. Right click the domain, and click Create a GPO in this domain, and link it here….
5. In the Name field, enter Restart Arctic Wolf Agent service.
6. Leave Source Starter GPO with the default value (none).
7. Click OK.
8. Right click the Restart Arctic Wolf Agent service Group Policy Object that you created and click Edit….
9. Navigate to Computer Configuration > Preferences > Control Panel Settings > Scheduled Tasks.
10. Right click the blank space below “There are no items to show in the view.” and select New > Immediate Task (At least Windows 7).
11. In the General tab:
    1. In the Name field, enter Restart Arctic Wolf Agent Manager service.
    2. Click Change User or Group….
    3. In the User field, enter SYSTEM.
    4. In the Matching names field, ensure SYSTEM is selected.
    5. Click OK.
    6. Select the Run with highest privileges checkbox.
12. In the Actions tab:
    1. Click New….
    2. Click Start a program.
    3. In Program/script, enter one of the following:
       • If you are using PowerShell — pwsh.exe
       • If you are using Command Prompt — cmd.exe
    4. In Add Arguments (optional), enter one of the following:
       • If you are using PowerShell — -Command "Restart-Service ArcticWolfAgentMgr -Force ; Start-Sleep -Seconds 3 ; Restart-Service ArcticWolfBaseAgent -Force"
       • If you are using Command Prompt — /C "net stop ArcticWolfAgentMgr /y & net start ArcticWolfAgentMgr & net stop ArcticWolfBaseAgent /y & net start ArcticWolfBaseAgent"
13. Leave the default settings in the Conditions tab and Settings tab.
14. In the Common tab:
    1. Select the Apply once and do not reapply checkbox.
    2. Click Apply.
    3. Click OK.
    4. Close the Group Policy Management Edit or Scheduled Tasks window.
15. Right click Restart Arctic Wolf Agent Management Service and click Enforced.
16. Run the following command to update the group policy:

    gpupdate /force

17. (Optional) Verify that the Arctic Wolf Agent service has restarted:

    1. Navigate to C:\Program Files (x86)\Arctic Wolf Networks\Agent.

    2. Open scout-client-manager.log and review the last few lines for evidence of Agent restarting. For example:

       connection.go:79: successfully restarted agent client

       Or:

       service_windows.go:77: arcticwolfagent service stopped
       service_windows.go:64: starting arcticwolfagent service, debug mode false

    3. Open base-agent-manager.log and review the last few lines for evidence of Agent restarting.

       For example:

       baseagent/main_windows.go:88    arcticwolfbaseagent service stopped
       baseagent/main_windows.go:75    starting arcticwolfbaseagent service, debug mode false