Local Administrator vs Group Policy Lockdown Practices

I am wondering what common practice is as far rights on client pcs, not necessarily servers.  In the past we were allowing our users to be a local administrator on their own pc since some of their software would not run with lesser priveleges.  It seems now that most of their software will run as a power user, so we have switched everyone over to a power user to tighten security and prevent them from making changes.  Now what I am wondering is why not leave the user as a local administrator on their own computer and use group policy to lockdown it down.

It would seem like I would have more flexibility of what I want the user to do and what I don't want them to do.  But, there may also be things a local admin can do that a group policy could not prevent.  Like software installations.

One thing I noticed as a power user is the user cannot download windows updates.  So if the user is only a power user and gp is set to automatically download updates, will it work because of the user rights?

I suppose I am just trying to find out the best practices or what everyone else does regarding permission level on their client pc's.