Local Admin rights.

My company is in the process of rolling out new PC’s and laptop’s. These computers will be running Windows 2000 Pro. I would like to put all users in the power users group but I am getting some push back from the users/managers. They want to be in the local admins group. So I am trying to findout what damage could a user do as a local admin. Not just to their local computer but also to the domain. ie Will they be able to add users or change users rights or passwords. Permissions on files and foilders. Setup some remote access. Just looking for answers on how to keep my domain/network safe.

Thx Rick