Adam Singer

Veni, vidi, expertus sum- I came, I saw, I tested

Master of No Domain

I’ve seen several folks asking about Team Foundation Server in a non-domain (i.e. workgroup) environment. Note that the TFS Workgroup Edition is not required for this setup– that edition is just a limited user edition that only allows five users to have permission to access the system at any given time. You can install any of TFS Workgroup, Trial, or Full Editions on a computer that is in a workgroup. To do so, you must create local accounts for the service and reporting accounts.

When you have the server installed, you might be worried about how users will then access the system. After all, the service account can’t go to Active Directory to find out who a user is and hence what resources they should be allow to access. Luckily, Windows Workgroup Authentication has a neat feature which will allow you to grant remote users (even domain users) permission to use TFS. What you have to do is to create a local user on the TFS application-tier (AT) or application-tier/data-tier (ATDT) for single server deployment with the same name and password as a remote user. Then, add that user to your TFS groups (or to a local group that’s been added to TFS). When the remote user connects, the system will be able to correlate the two user accounts and thus give the remote user access. A bit more information can be found on the UE team blog.

I’ve had this come in handy several times when I wanted to test things like changing a user name since I’m not an administrator of our corporate domains.