This program consists of two parts: INITLO, a program which runs with SYSTEM privilege and initiates the logoff proces, and LOGOFF, which runs under the user's security context and does the actual logoff, because only the user himself can call the ExitWindowsEx() API with the EWX_LOGOFF parameter (at least I have not found any other way).
Copy INITLO.EXE and LOGOFF.EXE somewhere to the machine where you want to log off the user (you can do this over the network with NET USE \\machine\c$ as Administrator). The designated method to start INITLO is with the AT command (or more comfortably with the SOON command from the NT Resource Kit, because you do not have to specify an absolute time). You can use AT to start processes on other machines on your network. The Schedule service must run on the target machine. If it does not, you can start it remotely with NETSVC from the NT Resource Kit. Therefore you should always be able to use INITLO/LOGOFF even on unprepared workstations completely over the network.

INITLO must run under an account which has SE_DEBUG_NAME, SE_ASSIGNPRIMARYTOKEN_NAME, SE_CREATE_TOKEN_NAME and SE_SECURITY_NAME privileges. By default, only the SYSTEM account (not even the Administrator) has theses privilege. Take this into account if you have configured the Schedule service to run under a different user.

----------------------------------end------------
(The afore- and belowmentioned logoff.exe is not the one in the reskit but written by Alexander Frink see http://wwwthep.physik.uni-mainz.de/~frink/logoff/readme.html)

As i read it, the logoff .exe uses the ExitWindowsEx() API with the EWX_LOGOFF parameter and this can only be called by the logged on user. Initlo can be run from localsystem account and thus by using initlo to call logoff.exe ,logoff.exe is run under user privs.

the strange thing is that when i use AT to schedule it works fine. (he also mentions that scheduler service must run under system account which in my situation it does)

the strange thing is that RCMD service also runs under localsystem account but when i issue the command from an rcmd session it won't work.

Here comes the good (but a bit sad) part. i cannot use the scheduler service because this would create too much delays. Our environment spans ALL timezones and the experience we have is that scheduling in our environment is useless unless you schedule from the local machine... (imho it has to do with shortcomings in the scheduler service from NT)

This is the final solution ...???!!!

i use rcmd (whic is a pity because i have to first make sure in the script that it is installed otherwise install it (meaning a copy of rcmdsvc.exe and a xnet install and a xnet start then another check to see if it runs))
the rcmd command i issue is a soon (have to copy also... hmmpf)
I have to give soon a delay of 60 secs because otherwise it assumes it is the same minute and therefore schedules it the next day (thanx for the 2 sec local delay.. mr m$)
and with that soon i schedule initlo to run the logoff.exe and then it works... syntax:

rcmd \\ipaddress "soon 60 "initlo -g 2""

which works !!!

the problem (or in oter words... a bit strange) is that in this worst case i need to copy rcmdsvc.exe, soon.exe, initlo.exe and logoff.exe to the ws, check/start/check schedule service and install/check rcmd

JUST TO LOG OFF while i can just issue shutdown with a ready made tool.

It's a crazy world in my opinion

Thanx NTDOC for this website, but if there is ever going to be a tool like shutdown (which simply works) i'd much rather use that instead.