diff --git a/atomics/T1087/T1087.yaml b/atomics/T1087/T1087.yaml
index 95b599c3..c21459f2 100644
--- a/atomics/T1087/T1087.yaml
+++ b/atomics/T1087/T1087.yaml
@@ -95,3 +95,58 @@ atomic_tests:
       dscl . list /Users | grep -v '_'
       dscacheutil -q group
       dscacheutil -q user
+
+- name: Enumerate all user accounts
+  description: |
+    List all accounts
+  supported_platforms:
+    - windows
+  executor:
+    name: command_prompt
+    command: |
+      net user
+      net user /domain
+      dir c:\Users\
+      cmdkey.exe /list
+      net localgroup "Users"
+      net localgroup
+
+- name: Enumerate all user accounts - PowerShell
+  description: |
+    List all accounts with PowerShell
+  supported_platforms:
+    - windows
+  executor:
+    name: powershell
+    command: |
+      net user
+      net user /domain
+      get-localuser
+      get-localgroupmembers -group Users
+      cmdkey.exe /list
+      ls C:/Users
+      get-childitem C:\Users\
+      dir C:\Users\
+      get-aduser -filter *
+      get-localgroup
+      net localgroup
+
+- name: Get logged on Users
+  description: |
+    List logged on users
+  supported_platforms:
+    - windows
+  executor:
+    name: command_prompt
+  command: |
+    query user
+
+- name: Get logged on users PowerShell
+  description: |
+    List logged on users powershell
+  supported_platforms:
+    - windows
+  executor:
+    name: powershell
+  command: |
+    query user