diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 40d75055..ed7590c8 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -33228,11 +33228,12 @@ defense-evasion:
           reg  add HKCU\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging /v EnableScriptBlockLogging /t REG_DWORD /d 0 /f
           reg  add HKCU\Software\Policies\Microsoft\Windows\PowerShell\Transcription /v EnableTranscripting /t REG_DWORD /d 0 /f
           reg  add HKCU\Software\Policies\Microsoft\Windows\PowerShell /v EnableScripts /t REG_DWORD /d 0 /f
+          REM do a little cleanup immediately to avoid execution issues with later tests
+          reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell /v EnableScripts /f >nul 2>&1
         cleanup_command: |
           reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging /v EnableModuleLogging /f >nul 2>&1
           reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging /v EnableScriptBlockLogging /f >nul 2>&1
           reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell\Transcription /v EnableTranscripting /f >nul 2>&1
-          reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell /v EnableScripts /f >nul 2>&1
         name: command_prompt
         elevation_required: true
     - name: Windows Add Registry Value to Load Service in Safe Mode without Network
diff --git a/atomics/T1112/T1112.md b/atomics/T1112/T1112.md
index f3871d2f..09a13c4f 100644
--- a/atomics/T1112/T1112.md
+++ b/atomics/T1112/T1112.md
@@ -1190,6 +1190,8 @@ reg  add HKCU\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging /v En
 reg  add HKCU\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging /v EnableScriptBlockLogging /t REG_DWORD /d 0 /f
 reg  add HKCU\Software\Policies\Microsoft\Windows\PowerShell\Transcription /v EnableTranscripting /t REG_DWORD /d 0 /f
 reg  add HKCU\Software\Policies\Microsoft\Windows\PowerShell /v EnableScripts /t REG_DWORD /d 0 /f
+REM do a little cleanup immediately to avoid execution issues with later tests
+reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell /v EnableScripts /f >nul 2>&1
 ```
 
 #### Cleanup Commands:
@@ -1197,7 +1199,6 @@ reg  add HKCU\Software\Policies\Microsoft\Windows\PowerShell /v EnableScripts /t
 reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging /v EnableModuleLogging /f >nul 2>&1
 reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging /v EnableScriptBlockLogging /f >nul 2>&1
 reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell\Transcription /v EnableTranscripting /f >nul 2>&1
-reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell /v EnableScripts /f >nul 2>&1
 ```