Don't get me wrong or take this as flame, but ...
Your work-around kind of defeats the purpose of an admin policy.

That is not strange at all and does not take any thought. The whole idea of an admin account is to permit or denie access to vital system functions and tasks be it a single PC with multiple users (including guests) and networked PCs (work stations).

You have to ask yourself, "Why would you allow any type of user to execute a remote shutdown?" The reasons are obvious. Now if you have more than one admin and your admin policy allows for more than one admin to execute a remote shutdown (wise) then all you do is share the same password. This is handy if you are in a remote location and want to shutdown your system in the event of planned power outtages (California) or hear of an outside exploit attempt occuring on your network.

I would be more concerned about creating an Admin Policy if you are in a professional environment. If you are digging and exploring in your spare time ... Have Fun Cuz I Can Dig It