This question can be boiled down to this:
Is it costing you enough man-hours in support (because such and such user doesn’t have the right to so and so) to justify giving the users higher rights?
For me, this almost always seems to be the case. Unless the user is only supposed to be accessing 3 applications and a text file on the machine, assigning local admin rights (be it on a desktop or a laptop) almost always seems to solve more problems than it creates.
Realistically, you shouldn’t be giving them a user account with admin rights, but they should have access to an administrative account on that system should the need arise.
As a rule, I don’t trust laptops on my network when they’re locally connected anyway (because you never know what they might have brought in with them), and any connecting from the world are treated like any other machine connecting from the world (because you have no way of telling if it’s really that machine or not). The users of these systems should be taught the bare basics anyway: Never connect to the internet (or any other network) without a firewall, virus and spyware scan your system at least once a day if you’re in the world (usually set up as a scheduled task anyway), and don’t use the administrative account unless you have a good reson to do so.