diff --git a/client/ssh/server/server_test.go b/client/ssh/server/server_test.go
index 461fb758f..191ffa537 100644
--- a/client/ssh/server/server_test.go
+++ b/client/ssh/server/server_test.go
@@ -463,7 +463,7 @@ func TestSSHServer_WindowsShellHandling(t *testing.T) {
 		// Test Windows cmd.exe shell behavior
 		args := server.getShellCommandArgs("cmd.exe", "echo test")
 		assert.Equal(t, "cmd.exe", args[0])
-		assert.Equal(t, "/c", args[1])
+		assert.Equal(t, "-Command", args[1])
 		assert.Equal(t, "echo test", args[2])
 
 		// Test PowerShell behavior
diff --git a/client/ssh/server/user_utils_test.go b/client/ssh/server/user_utils_test.go
index d0369379c..77f0f714b 100644
--- a/client/ssh/server/user_utils_test.go
+++ b/client/ssh/server/user_utils_test.go
@@ -378,6 +378,10 @@ func TestCheckPrivileges_ComprehensiveMatrix(t *testing.T) {
 }
 
 func TestUsedFallback_MeansNoPrivilegeDropping(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("Fallback mechanism is Unix-specific")
+	}
+
 	// Create test scenario where fallback should occur
 	server := &Server{allowRootLogin: true}
 
diff --git a/client/ssh/server/winpty/conpty.go b/client/ssh/server/winpty/conpty.go
index 995e0a358..2c03a8650 100644
--- a/client/ssh/server/winpty/conpty.go
+++ b/client/ssh/server/winpty/conpty.go
@@ -282,7 +282,8 @@ func createConPtyProcess(commandLine string, userToken windows.Handle, userEnv [
 // convertEnvironmentToUTF16 converts environment variables to Windows UTF16 format.
 func convertEnvironmentToUTF16(userEnv []string) (*uint16, error) {
 	if len(userEnv) == 0 {
-		return nil, ErrEmptyEnvironment
+		// Return nil pointer for empty environment - Windows API will inherit parent environment
+		return nil, nil //nolint:nilnil // Intentional nil,nil for empty environment
 	}
 
 	var envUTF16 []uint16
@@ -302,7 +303,8 @@ func convertEnvironmentToUTF16(userEnv []string) (*uint16, error) {
 	if len(envUTF16) > 0 {
 		return &envUTF16[0], nil
 	}
-	return nil, ErrEmptyEnvironment
+	// Return nil pointer when no valid environment variables found
+	return nil, nil //nolint:nilnil // Intentional nil,nil for empty environment
 }
 
 // duplicateToPrimaryToken converts an impersonation token to a primary token.