'Privilege not held' Error; Shutdown vs RemoteShutdown

[Phylum]

In Short: Why doesn't RemoteShutdown work for a local user on a local workstation? Why must one use Shutdown instead?

While testing a reboot function within a script as a user with local admin rights on the machine in question, I kept getting '-2147217310/80041062 Privilege not held' errors when issuing Win32Shutdown(6), Win32Shutdown(2+4) and variants. Again, since this user has full local admin rights, by way of GPO which I've verified has been applied successfully, I wasn't sure what I was doing wrong.

I tried a variety of ways all of which resulted in the same error.

Set f_oWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, (RemoteShutdown)}!\\.\root\cimv2")
Set f_oWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set f_oWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(RemoteShutdown)}//.")

I even ran a command prompt as a user with domain admin rights and that failed also. Mind officially boggled!

I swapped out 'RemoteShutdown' with just 'Shutdown' and it worked:

'Set f_oWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, (RemoteShutdown)}!\\.\root\cimv2")
Set f_oWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, (Shutdown)}!\\.\root\cimv2")

I don't quite understand why it has to be that way. If anyone has an answer for that, beyond 'that's just the way it is', awesome I'd like to hear it.
Regardless of the answer though, I would like some help locating documentation on the winmgmts prefix & object paths, and the appropriate syntax:
[ul]
[li]how/when is it appropriate or required to use 'impersonationLevel'[/li]
[li]the different impersonationlevel options available[/li]
[li]more detailed explanation on 'RemoteShutdown' vs. 'Shutdown'[/li]
[li]etc.[/li]
[/ul]
Because this documentation isn't sufficient.


In case anyone wanted to review the code I was using:

' this results in a failure
Set f_oWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, (RemoteShutdown)}!\\.\root\cimv2")

' this results in success
Set f_oWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, (Shutdown)}!\\.\root\cimv2")

Set f_colOperatingSystem = f_oWMIService.ExecQuery("Select * from Win32_OperatingSystem")

For Each f_oOperatingSystem in f_colOperatingSystem
	'Value	Meaning
	'0 (0x0)	Log Off
	'4 (0x4)	Forced Log Off (0 + 4)
	'1 (0x1)	Shutdown
	'5 (0x5)	Forced Shutdown (1 + 4)
	'2 (0x2)	Reboot
	'6 (0x6)	Forced Reboot (2 + 4)
	'8 (0x8)	Power Off
	'12 (0xC)	Forced Power Off (8 + 4)

	On Error Resume next
	f_oOperatingSystem.Win32Shutdown(6)
	If Err.Number <> 0 Then
		wscript.echo "Error " & Err.Number & " issuing 'f_oOperatingSystem.Win32Shutdown(6)': " & Err.Description
		Err.Clear
	Else
		wscript.echo "shutdown(6) Success"
	End If

	f_oOperatingSystem.Win32Shutdown 6,0
	If Err.Number <> 0 Then
		wscript.echo "Error " & Err.Number & " issuing 'f_oOperatingSystem.Win32Shutdown 6,0': " & Err.Description
		Err.Clear
	Else
		wscript.echo "shutdown 6,0 Success"
	End If

	f_oOperatingSystem.Win32Shutdown(2+4)
	If Err.Number <> 0 Then
		wscript.echo "Error " & Err.Number & " issuing 'f_oOperatingSystem.Win32Shutdown(2+4)': " & Err.Description
		Err.Clear
	Else
		wscript.echo "shutdown(2+4) Success"
	End If

	f_oOperatingSystem.Win32Shutdown 2+4,0
	If Err.Number <> 0 Then
		wscript.echo "Error " & Err.Number & " issuing 'f_oOperatingSystem.Win32Shutdown 2+4,0': " & Err.Description
		Err.Clear
	Else
		wscript.echo "shutdown 2+4,0 Success"
	End If

	f_oOperatingSystem.Reboot()
	If Err.Number <> 0 Then
		wscript.echo "Error " & Err.Number & " issuing 'f_oOperatingSystem.Reboot()': " & Err.Description
		Err.Clear
	Else
		wscript.echo "reboot success"
	End If
	On Error GoTo 0

Next