Why can't I add WORKGROUP\.. as a user in SQL Server?

Backstory:

I've spent over 20 hours trying to connection to my Sql Server database through my Windows Service and every time I fix exception I find another.

As a test I have

    protected override void OnStart(string[] args)
    {
        EventLog.WriteEntry(ServiceName + " started");
        PageLoadTimer.Enabled = true;

        using(var conn = new SqlConnection("Data Source=DESKTOP-300NQR3\\SQLEXPRESS;Initial Catalog=MyDb;Integrated Security=True"))
        {
           string q = "INSERT INTO [dbo].[PageDocument] (Html, PageType, DateAdded, DateProcessed) VALUES ('<p>Hi!</p>', 0, GETDATE(), NULL)";
           using(var comm = new SqlCommand(q, conn))
           {
               conn.Open();
               comm.ExecuteNonQuery();
               conn.Close();
           }
        }
    }

and yet when I try start the service I see in EventViewer

Service cannot be started. System.Data.SqlClient.SqlException (0x80131904): Cannot open database "LrcPageTask" requested by the login. The login failed. Login failed for user 'WORKGROUP\DESKTOP-300NQR3$'. at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, DbConnectionPool pool, String accessToken, Boolean applyTransientFaultHandling) at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey pool...

By the way, I got that connection string from Server Explorer -> Connection String in VS and my Windows Service is running under LocalSystem.

I tried adding the user WORKGROUP\DESKTOP-300NQR3$ in SQL server by doing Security -> Logins -> New Login but then got the error

Create failed for login 'WORKGROUP\DESKTOP-300NQR3$'

I'm getting so sick of trying to fix this problem that I'm going to just post a link to my entire source code https://github.com/jamkin/lrcvault/tree/master/BoardScanner

For integrated windows security to work between computers you'll need a Domain Controller and an account on the domain (known to all the computers) for authentication. If you're going to use integrated security between machines you should:-

1. Create a domain service account. On your domain controller, open Active Directory Users and Computers, select Users, right click new User, uncheck change password at next login, check password never expires, enter a password. It's up to you what groups the account is a member of in the domain, but it doesn't need to be a member of any group.
2. Change the log on for the windows service to use the domain service account created in step 1. On the machine hosting the windows service, go to Control Panel -> Administrative Tools -> Services -> Your Service -> Properties -> Log On.
3. Ensure the service account on the machine hosting the Windows Service has permission to login in as a service.
4. Add a security login for the service account to SQL Server (server -> Security -> Logins)
5. Add a user to the database for the sql user added in step 3 (server -> LrcPageTask -> Security -> Users) and that the user has the appropriate role membership

If you do not have a Domain Controller, you would need to run the windows service and SQL Server on the same machine and use a local user account instead of a domain account, following the above steps, with a local user account instead of a domain account.

Alternatively don't use integrated security, use a SQL Login and password.