Windows - Maintenance Tasks - Restart Automox Agent

What the scheduled agent restart Worklet does

This Automox Worklet™ enforces a Windows scheduled task named Restart AMAGENT on every endpoint in scope. The task restarts the Automox Agent service (amagent) at a daily time you specify in 24-hour format, such as 03:00 for 3 am or 14:30 for 2:30 pm. The Worklet builds the task through Register-ScheduledTask, using New-ScheduledTaskAction, New-ScheduledTaskTrigger, New-ScheduledTaskPrincipal, and New-ScheduledTaskSettingsSet so the underlying task XML is generated natively rather than imported from a template.

The task action is a short PowerShell command that checks whether the amagent service is running and tests for the presence of the execDir working directory under the Automox install path. If the directory exists, the agent is actively executing a job, so the task skips the restart. If the agent is mid-execution on another Worklet from the console, the task exits without touching the service. This guard prevents the daily restart from killing a remediation in flight or marking a console run as failed.

The principal is SYSTEM with highest privileges, battery-power execution is enabled so laptops still restart on schedule, and the task settings carry a one-hour ExecutionTimeLimit through New-TimeSpan -Hours 1. The remediation script removes any prior copy of the task before registering the new one, so re-running the Worklet after a parameter change replaces the schedule cleanly instead of leaving stale daily triggers behind.

Why enforce a daily Automox Agent restart

The Automox Agent (amagent) is a long-running Windows service that holds network sessions to the Automox console, caches policy state, and orchestrates Worklet execution on the endpoint. Over a week of continuous uptime, a small subset of endpoints accumulate handle leaks, hung child processes, or stuck HTTPS sessions that quietly stop reporting compliance data to the console. The endpoint still appears online to the local user, yet the console shows it as stale, missing scheduled Worklet windows, or stuck at an old patch posture. The fix in every case is identical: restart the amagent service. The cost is the manual hunt for which endpoints need it.

Scheduled tasks drift quietly. An installer wipes the task during an in-place upgrade, an admin deletes it during a one-off cleanup, or a Windows feature update resets the task scheduler database. This Worklet enforces a daily Restart AMAGENT baseline on every Windows endpoint in scope, so the next evaluation catches a missing or modified task before it becomes a stale-agent ticket or a missed patch window. A workstation that lost the task during last quarter's image refresh, a server that has not been logged into in a month, and a laptop that just returned from a long off-network stretch all converge on the same agent-restart schedule in the same policy run.

How the scheduled restart enforcement works

1. Evaluation phase: The evaluation script calls Get-ScheduledTask and pipes the result through Where-Object to match on TaskName equal to "Restart AMAGENT". If the task is present, evaluation exits 0 and the endpoint is reported compliant. If the task is missing (removed by a tenant cleanup script, a Windows feature update, or an admin who reset Task Scheduler), Write-Output emits a non-compliant message and Automox schedules remediation. The check is idempotent and adds no measurable runtime on a healthy endpoint.

2. Remediation phase: The remediation script reads the restartTime parameter (24-hour HH:MM), removes any pre-existing Restart AMAGENT task with Unregister-ScheduledTask, and then builds a fresh task. The action is New-ScheduledTaskAction -Execute PowerShell.exe with an -Argument string that checks whether the amagent service is running and whether the execDir working directory is absent before calling Restart-Service amagent -Force. The trigger is New-ScheduledTaskTrigger -Daily -At <restartTime>. The principal is New-ScheduledTaskPrincipal -UserId SYSTEM -RunLevel Highest. The settings are New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit (New-TimeSpan -Hours 1). Register-ScheduledTask writes the task XML to %WINDIR%\System32\Tasks\Restart AMAGENT and the script exits 0 on success.

Scheduled agent restart requirements

• Windows 10, Windows 11, or Windows Server 2016 / 2019 / 2022 with PowerShell 5.1 or later

• Automox Agent installed and the amagent service registered (Get-Service amagent returns a result)

• Task Scheduler service running; the Automox Agent's SYSTEM context satisfies the privileges required by Register-ScheduledTask and Unregister-ScheduledTask

• restartTime variable set in remediation.ps1 to a 24-hour HH:MM value (for example, 03:00 for 3 am, 14:30 for 2:30 pm, 23:59 for 11:59 pm)

• Pick a restart window outside the tenant's busiest patch and scan times so the daily restart does not collide with a console-initiated Worklet that the in-task guard would defer

• No third-party endpoint protection or EDR rule that blocks creation of scheduled tasks under the SYSTEM principal in the root task folder

Expected state after the agent restart task is registered

After the remediation completes, Task Scheduler contains a single task named Restart AMAGENT in the root folder, with the trigger set to the daily time you configured and the principal set to NT AUTHORITY\SYSTEM. The task XML lives at %WINDIR%\System32\Tasks\Restart AMAGENT and can be inspected directly with notepad or schtasks /query /tn "Restart AMAGENT" /xml. Subsequent Automox evaluations report the endpoint compliant without applying remediation again, because the evaluation phase finds the task already present and returns silently.

Validate by opening taskschd.msc and confirming the next-run time matches the restartTime parameter, then right-clicking the task and choosing Run to fire it manually. On a healthy endpoint, the amagent service stops and starts within a few seconds and the agent reconnects to the console without a logged-in user noticing. Use Get-EventLog -LogName Application -Source Service Control Manager -Newest 20 to confirm the stop and start events for amagent, or Get-WinEvent -LogName "Microsoft-Windows-TaskScheduler/Operational" filtered on TaskName=Restart AMAGENT to capture the task-run history with exit code 0. For audit evidence, capture the contents of the task XML alongside the Automox policy run identifier; the task remains in place across reboots, agent upgrades, and Windows feature updates, and the next evaluation re-registers it if a cleanup script removes it.