Here is your scenario:
User: "I need local admin rights to install...uh..some business critical application on my laptop"
(incompetent)IT: "Sure, <gives admin rights> Just log off and on again and you'll have permissions. Let us know when you're done so we can remove it"
User: "Uh, my laptop is really slow and keeps crashing..."
IT: "Oh yes... you had admin rights, I take it you're finished now you've installed itunes, kazaa, emule++, confickr, zeus, Super fantastic mega anti spyware removal 2015, bonzi buddy, ask toolbar, and every other form of crapware in existance?"
One thing I've learned in my years of IT Support, NEVER EVER give a user admin rights (unless being supervised by a competent IT analyst)
Generally, all software should be managed by IT. It's controlled and secure. otherwise, it WILL bite you in the ass. And if you're the one who gave a user admin rights, you'll be held accountable for damages.
But if you really must give a user admin rights, use GPO to add a domain security group to the local administrators group and manage access to that security group from AD and review it DAILY.
If they're off the network, tough.