If you think about it, letting the users run as admins shouldn't be a problem. Not if you have designed your network with zero trust in mind - assume every computer sits directly on the internet, assume everything is compromised.
So the only thing they should be able to screw up is their own computer - in which case you should be able to bring it back quickly with automation.
That said, I think developers need their own server(s). A test environment where they can create and destroy VMs and run containers and whatever else they need. Do development and run performance tests. Let them run wild in there. It could be cloud or on-prem or whetever it is they are developing.