First, I was actually referring to a Computer Configuration GPO, not User Configuration. This way, as long as the computer is a member of the domain, whoever logs on has Local Admin rights. Though I agree that users shouldn't have local admin rights, unfortunately we use a third party application (one that cannot be run as a service) that requires admin rights to run.
Second, our domain consists of location based OU's. Because of this, adding Domain Users to the local admin group means that the new intern in shipping would be able to connect to the computer of the president of HR and browse files that may potentially contain salaries or other confidential information. By applying this theoretical GPO, it would instead drop that users account name into local admin, meaning they would have full rights but ONLY to that machine, and ONLY while they are logged onto it.