to be admin user or not to be, that is a question.

I'm new to enterprise Mac administration and I'm trying to figure out the best way to handle admin rights on our client Macs. I’ve looked around already and I know a lot of these questions have been answered elsewhere but I’m still having a hard time understanding the topic. If you have references to those other answers I’d love to see them. I still have some questions that I was looking for your input on and would love to hear your experiences. We'd like to create the best user experience possible and we don't think our users will be happy if every time they want to install/update software or use the Mac AppStore they have to wait for a Sysadmin's interaction. Currently in our setup, our users login to their Macs as "standard" users using their AD credentials. We have our AD schema extended to allow MCX management through Workgroup Manager. Our Sysadmins administer the client computers because of the "Allow administration by…" option of the AD plugin. We have a growing number of Macs in our business and my questions are: 1. How do you guys handle admin accounts for client computers? 2. Do you allow all users to be admins on the computer so they can install/update software? 3. If they're "standard" users, do you just push the software/updates to them individually through Apple Remote Desktop (or something similar) when requested? 4. Do you physically go to their computer and type in your Sysadmin credentials to install/update software when requested? 5. Do you allow admin access and use some sort of application whitelisting/blacklisting system allow/disallow certain apps? 6. Do you use the ~/Applications folder? 7. Should each client computer have a local admin account in which we give each user the credentials to so they can install/update software? If so, can we disable login for this admin account? 8. Is there a way to have a limited admin user that can only administer certain features? (i.e. install/update software only) 9. Does Munki help with this dilemma and if so, how? (I'm not totally sure how Munki works or what it's for) 10. Do you know if any of this will change when Lion comes along? If so, in what way are things changing? I think those are all the questions I can come up with. I hope all this makes sense, I know the questions are a little repetitive. Thanks in advance for all your help, I couldn't do any of this without you guys!