You open local users, there you add a domain account to local admins.
Everything.
You can google "add domain user to local admins" and find something with pictures and arrows.

In local security policies, a more flexible setting of user rights is possible. There are also security patterns.
The question is how high are the security requirements in the organization.
That is, to give admin rights on the local machine, this basically means that the machine is susceptible to virus infection under this user.

Distribute software through install/remove software. I don’t remember exactly, but you can add software for installation there, checked by you. The user will simply go there and bet. The network has a free course from Sergey Shein on administration.
About thoughts:
When the user is Admin on the local machine, he can do whatever he wants. Mimic dump your password if you connected to it. As a user, enable logging of keystrokes in PuntoSwitcher and ask a person with higher rights to do something on their PC. If available, it counts all users of the domain via PowerShell, and slowly starts to brute them.

Make the programmer the administrator of your computer. At the same time, warn him about what it brings with him. If the office is sufficiently bureaucratic, get a service with signatures from the management. If not - still warn that if he destroys his computer, then he will be restored last.

To do the required without getting up, you can use the GPO Management Console on the DC. Go to config. Computer-Settings-Local Users and Groups. Add a new group, select Administrators in the list, and select the members of this group from the directory (the desired programmer) in the window below. Then set the account in the Security Filter. writing the desired PC to read this group policy object so that it does not scatter all at once. All. After the reboot, the programmer has all the rights to his PC, but you were warned about security, he can steal and kill on his PC.