This is probably related to a known bug in Windows XP, Windows 7, and several others. (Based on available documentation, it either does not affect or has not been seen in Windows 8 or later.)
The bug is documented in Microsoft KB Article #329308 (Environment variable may not expand %APPDATA% to the Application folder). It is also documented as a Medium vulnerability in the NIST National Vulnerability Database, as CVE-2007-6753. One of the cited references in the CVE entry, an article on the ACROS Security Blog, claims the issue may be as old as, or even older than, 2003.
Though the referenced KB article specifically mentions %APPDATA%
, the bug affects all "variables-within-variables", and particularly becomes a security concern when it shows up in the %PATH%
variable.
I don't know why elevated privileges would make a difference in how this bug is expressed. In my experience, reproduction of the issue is typically pretty flaky anyway. But the general case of variables-within-variables not being properly expanded is a known bug, so I would not spend much time trying to actually troubleshoot it.
The only workaround I'm aware of is to edit the affected variables so that paths are explicitly defined, instead of reliant upon other variables. Anywhere you see "%SystemRoot%" in %PATH%
, replace it with the exact value of %SystemRoot%
. Do the same for any other nested variables in your environment where possible - especially where those variables define file/folder paths.
Best Answer
Default formatting truncates, specify -Wrap and see full output.
Result
or if you prefer the output to exactly simulate cmd.exe, try
Result