That's so obvious that I just asked myself why I didn't think of it.
So, thanks a lot!
I could either call plink.exe (from Putty) or even easier, use libssh2 and the pascal bindings from @pyscripter.
In fact I just got the sources, downloaded the libssh2 and openssl dlls from the PHP project page and changed the SshExec demo to bypass the password prompt and call a test script as root. Worked fine. And as a plus I don't even have to install anything on the server, just use the existing ssh server, create some scripts and allow the appropriate users to call them as root without password in the sudoers configuration.