Add domain user to local administrator group on non domain system running Windows 7

Question

I would like to know how to add a domain user to local administrator group of my system. My system is a non-domain system running Windows 7.

I want to add this user to the administrator group, so that when I use this user to app pool it should work and Windows authentication to SQL server should work.

I can not add my system to the domain, but I do have a domain user with access to SQL server (Windows authentication only).

I can connect to SQL server with Windows authentication by using following command:

C:\Windows\System32\runas.exe /netonly /user:user@domain "C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe"

But when I add user@domain to the app pool in IIS, the site does not work, as the app pool is not getting permissions to local resources or something like that.

Thanks,

Answer 1

It's not possible to add a domain user to the local groups of a machine that is not domain-joined.

What you can do, that may or may not work, is create a local user with the same username and password of the domain user and make it a local administrator.

Answer 2

Your PC must be a member of the domain in order to add domain members to any local group. If you make a VPN connection, you can then add your pc to the domain and set the rights. Note that you'll need to have the domain's administrator username and password to accomplish this.

Once your pc is a member of a domain, you should be able to add any user to the any local group as long as you are connected through VPN. (It needs to query the members from the domain, so a connection is required).

I'm puzzled by your "My system is non-domain system" statement, because that would suggest you login with a local username and password, so you already should have administrator rights locally, and whatever you want to do has no effect otherwise.