In my experience I would say that limiting users in this way, unless they have a very standardized workflow and will never be expected to deviate from it, is a terrible idea. Most of the risks you're actually afraid of don't need local admin to do significant damage. Locking people out of their local OS just protects the local OS (which is trivially reimaged), not their documents, and not the resources they have access to on the network; you know, the stuff you actually care about. Sure, there are a (very) small number of new attack vectors opened into your network by programs which can get local admin, most of which you should be mitigating against anyway, but compared to the added friction you cause the users by taking it away those are just not worth it. And that's before you consider privilege escalation attacks that make it irrelevant if the user even has local admin.
This is also why I always complained that no-root-by-default is not particularly advantageous for Linux way-back-when: basically, stuff I care about is in my $HOME.
Main driver to want a Free Software system for public institutions is that it's a Free Software system, allowing for local companies to participate in development and fairly compete to only add on to the software, avoiding the entire provider lock-in.
The risk for us is more one of uncertified tools. People using stuff like Dropbox which we don't have a data processing agreement with. Or stuff like TeamViewer.
Locking down admin rights is not just to lock down the OS but to ensure security restrictions aren't easily circumvented.
For the files we use AIP which protects against copying. You can't open those in a personal machine for example.
