WMIC ignores %SystemRoot% during selective process termination

Question

WMIC seems to have its own variable for the Windows folder and is completely ignoring the ones listed by my system (using set). The command I'm running is wmic process where "not executablepath like '%%systemroot%%'" delete to kill all processes running from anywhere but the Windows folder. If I use %%systemroot%% or the identical %%windir%%, the program runs ahead and kills every running process within its permissions regardless of location. For some reason though, as I've read online, WMIC handles the variable %%windows%% and will execute properly with it, but %%windows%% is not even a variable listed under my system.

Answer 1

From a windows batch-file you need to double the % wildcard characters, but not those which enclose your variable name, so you want %SystemRoot% but you also want the wildcard, %%. As the value of %SystemRoot% is always a fully qualified path, you only need to add the wildcard after it. Additionally wmic requires that paths use double back slashes, so you'll need to perform a substring replacement, %SystemRoot:\=\\%. It is also important to note that there are many processes which tend not to carry an ExecutablePath value, so it is wise to filter those out first. Finally, the command you need is Terminate, not Delete.

Putting it all together, I would therefore suggest that you use:

@"%__AppDir__%wbem\WMIC.exe" Process Where "ExecutablePath Is Not Null And Not ExecutablePath Like '%SystemRoot:\=\\%\\%%'" Call Terminate