diff --git a/atomics/T1069.002/T1069.002.yaml b/atomics/T1069.002/T1069.002.yaml
index 8ab7a449..e3805470 100644
--- a/atomics/T1069.002/T1069.002.yaml
+++ b/atomics/T1069.002/T1069.002.yaml
@@ -12,8 +12,8 @@ atomic_tests:
     command: |
       net localgroup
       net group /domain
-      net group "domain admins" /domain
       net group "enterprise admins" /domain
+      net group "domain admins" /domain
     name: command_prompt
 - name: Permission Groups Discovery PowerShell (Domain)
   auto_generated_guid: 6d5d8c96-3d2a-4da9-9d6d-9a9d341899a7
@@ -26,7 +26,7 @@ atomic_tests:
     user:
       description: User to identify what groups a user is a member of
       type: string
-      default: administrator
+      default: $env:USERNAME
   executor:
     command: |
       get-ADPrincipalGroupMembership #{user} | select name
@@ -40,10 +40,10 @@ atomic_tests:
   - windows
   executor:
     command: |
-      net group /domai "Domain Admins"
       net groups "Account Operators" /doma
       net groups "Exchange Organization Management" /doma
       net group "BUILTIN\Backup Operators" /doma
+      net group /domai "Domain Admins"
     name: command_prompt
 - name: Find machines where user has local admin access (PowerView)
   auto_generated_guid: a2d71eee-a353-4232-9f86-54f4288dd8c1