I am having an issue with a service account that has been granted Log on as a service access. I'd like to remove the sp_admin account seen in the attached screenshot from the Log on as a service. However, the option to remove the account is greyed out.
With Server 2003 you could revoke Log on as a service access utilizing NTRights.exe, but I haven't been able to locate the PowerShell equivalent.
BACKGROUND: The account in question is the SharePoint installation service account for my SharePoint 2013 farm. I'm guessing at some point in my SharePoint installation it was added to Log on as a service. I did not add it myself. I did create "Service Rights" group for my SharePoint farm, search, and crawl accounts as per best practice.
PROBLEM: This service account keeps registering itself as the logon account for the AppFabricCaching Service, regardless of how many times I set the service to use the farm account instead.
EXAMPLE: I set the AppFabricCachingService RunAs account following Microsoft guidelines (source), I've tried both my Farm account and NT AUTHORITY\NETWORK SERVICE to no avail.
sc.exe config AppFabricCachingService obj= "NT AUTHORITY\NETWORK SERVICE"
TROUBLESHOOTING: I've verified running a gpresult and rsop that this isn't being set by a group policy. I've also insured that I was logged in a local administrator and even a domain administrator and run policy editor as an administrator - yet I still don't have the option to remove this account.
I have found several PowerShell scripts online that allow you to set an account to Log on as a service, but I haven't found anything that lets you remove an account.