Arctic Wolf Agent Manager Restart - Multiple Endpoints

Updated Feb 12, 2024

Restart the Arctic Wolf Agent Manager service on multiple endpoints

You can restart the Arctic Wolf® Agent Manager service on multiple endpoints using one of these methods:

You do not need to reboot the endpoint after you restart the Agent Manager service.

Restart the Arctic Wolf Agent Manager service using a PowerShell script

  1. Copy this script, and then save it as a .ps1 file:

    $serviceStatus = Get-Service -Name ArcticWolfAgentMgr
    
    if ($serviceStatus.Status -eq "Running") {
        Restart-Service ArcticWolfAgentMgr -Force
    }
  2. Run the script using a deployment or remote monitoring and management (RMM) tool.

    Note: If you are running the script locally, run it as an administrator if needed to modify the execution policy. See PowerShell execution setting is overridden by a policy for more information.

Restart the Arctic Wolf Agent Manager service using a Command Prompt script

Note: Arctic Wolf recommends using a PowerShell script. If PowerShell is not available, use the command prompt script method.

  1. Copy this script, and then save it as a .bat file:

    @echo off
    for /f "tokens=3 delims=: " %%H in ('sc query ArcticWolfAgentMgr ^| findstr "        STATE"') do (
        if /I "%%H" NEQ "RUNNING" (
            break
        ) else (
            net stop ArcticWolfAgentMgr /y
            net start ArcticWolfAgentMgr
        )
    )
  2. Run the script using a deployment or remote monitoring and management (RMM) tool.

    Note: If you are running the script locally, run it as an administrator if needed.

Restart the Arctic Wolf Agent Manager service using Group Policy Management

If a deployment or RMM tool is not available, you can use Group Policy Management to restart Agent Manager.

  1. Open Server Manager.

  2. Click Manage > Group Policy Management.

  3. Expand the domain forest to the domain level.

  4. Right-click the domain, and then click Create a GPO in this domain, and link it here.

  5. In the Name field, enter Restart Arctic Wolf Agent service.

  6. In the Source Starter GPO field, keep the default value (none).

  7. Click OK.

  8. Right-click the Restart Arctic Wolf Agent service GPO that you created, and then click Edit.

  9. Click Computer Configuration > Preferences > Control Panel Settings > Scheduled Tasks.

  10. Right-click the blank space below There are no items to show in the view, and then select New > Immediate Task (At least Windows 7).

  11. On the General tab, complete these steps:

    1. In the Name field, enter Restart Arctic Wolf Agent Manager service.
    2. Click Change User or Group.
    3. In the User field, enter SYSTEM.
    4. In the Matching names field, make sure SYSTEM is selected.
    5. Click OK.
    6. Select the Run with highest privileges checkbox.
  12. On the Actions tab, complete these steps:

    1. Click New.
    2. Click Start a program.
    3. In Program/script, do one of these actions:
      • If you are using PowerShell — Enter pwsh.exe.
      • If you are using Command Prompt — Enter cmd.exe.
    4. In Add Arguments (optional), do one of these actions:
      • If you are using PowerShell — Enter -Command "Restart-Service ArcticWolfAgentMgr -Force".
      • If you are using Command Prompt — Enter /C "net stop ArcticWolfAgentMgr /y & net start ArcticWolfAgentMgr".
  13. On the Conditions and Settings tabs, keep the default values.

  14. On the Common tab, complete these steps:

    1. Select the Apply once and do not reapply checkbox.
    2. Click Apply.
    3. Click OK.
    4. Close the Group Policy Management Edit or Scheduled Tasks window.
  15. Right-click Restart Arctic Wolf Agent Management Service, and then click Enforced.

  16. Run this command to update the group policy:

    gpupdate /force
  17. (Optional) Verify that the Agent service has restarted:

    1. Navigate to C:\Program Files (x86)\Arctic Wolf Networks\Agent.

    2. Open scout-client-manager.log, and then review the last log lines for evidence of the Agent restarting.

      For example:

      connection.go:79: successfully restarted agent client
      service_windows.go:77: arcticwolfagent service stopped
      service_windows.go:64: starting arcticwolfagent service, debug mode false

See also