In order for this to be effective, though, you already need to have administrative rights on the local box (by either a domain user or other local user).

You will not be able to do this with restricted access to the target system.

If you have physical access to the machine, you pretty much own it already.

Additionally, how does this fall under the category of "ethical hacking"? It seems like you are just trying to gain elevated rights on a system you should not be accessing in this way.

And it really isn't "hacking", it is simply using a different (and supported) method to manage user accounts and groups on the system.

Just my 2 cents...