The simplest solution would be to configure said scheduled task to run under an Administrator account. You do not need to use the same account as the usually-logged-on user – simply provide different credentials when creating the task.
If you do not want "Administrator" to have a password, you could just create a dedicated account just for the scheduled task. (A limited User account will work as well, if you apply the fix below.)
The shutdown.exe program needs SeRemoteShutdownPrivilege to run, instead of the usual SeShutdownPrivilege– my guess is that it uses the same RPC for shutting down both local and remote machines. (This would explain the need for a password, too – by default, only console logins are exempt, which obviously does not include RPC.)
You can grant SeRemoteShutdownPrivilege through secpol.msc→Local Policies→User Rights Assignment, by editing the "Force shutdown from remote system" entry.
- You can create a dedicated account for the task and add it here (best choice).
- For interactive command-line usage by any user, you can add
INTERACTIVE. - For scheduled tasks by any user, add
BATCH.