3.2.5.18 NetWkstaUserLogoff Command
The Remote Administration Protocol server MUST process NetWkstaUserLogoffRequest as follows:
The server MUST validate that the incoming ParamDesc field of the Remote Administration Protocol request contains the ASCII string "zzWb38WrLh"; if it does not, the server SHOULD format a Remote Administration Protocol response with the Win32ErrorCode set to ERROR_INVALID_PARAMETER (0x0057), and then return the response to the client.<91>
If the information level is any value other than 1, the server implementing NetWkstaUserLogoff MUST set the Win32ErrorCode value in the Remote Administration Protocol response message to ERROR_INVALID_LEVEL (0x007C).
If the workstation name in the logoff request does not match the name of the workstation from which the request came, the server MUST fail the request by creating a Remote Administration Protocol response message with the Win32ErrorCode set to ERROR_ACCESS_DENIED. If it does match, the server MUST remove the username and workstation name from the LogonList by using the workstation and username fields in NetWkstaUserLogoffRequest and the log off.
The Remote Administration Protocol server MUST create a Remote Administration Protocol response message with the RAPOutParams set to the contents of a NetWkstaUserLogoffResponse message. The Remote Administration Protocol server MUST return logoff information about the user, including the duration and number of logons (as specified in section 2.5.10.4.5).
If any other errors occur during the response processing, the Remote Administration Protocol server MUST fill the Win32ErrorCode value in the Remote Administration Protocol response message with the Win32ErrorCode corresponding to the error, as specified in [MS-ERREF]. Otherwise, the Remote Administration Protocol server MUST set Win32ErrorCode to ERROR_SUCCESS (0X0000).