Tony,
Our team manages a very large collection of enterprise servers and hundreds of client machines for access control, video security and other systems. We work through these type of access issues almost on a daily basis.
Several years ago, we approached the IT group and requested two local machine administrative groups. These are not my actual groups but as an example:
Your_Domain/Access Control Admins
Your_Domain/Video Management Admins
Your_Domain/Central Station Admins
Those groups could include any direct employees and contracted integrator technicians that service your systems that have network credentials.
Of course the business justification is to allow administrators and technicians to install, service, maintain and upgrade security related applications and select hardware. In addition, explain that it also allows you to service your internal customers (security officers, security managers, etc).
Also, let them know that you may need service accounts and application accounts in some cases.
I would also emphasize that your group is only responsible for your security applications and that you acknowledge that they are in full control of their servers, network permissions, patching, etc. (at least that's how we are set up).
In every project involving servers & client machines OR whenever server and client workstations are replaced, we request that these groups be added to each server or workstation. With this practice, we can continue to take care of our applications and hardware without delay.
We always have spare client workstations ready to go and it works very well for us. For example, we might have an officer who monitors video and access control at their post. If their workstations fails it may get repaired or replaced. I can set up a spare within the hour to get them back up and running. In the mean time, the original workstations is repaired or re-cored and it comes back to me with my local admin groups on it. someone from our team will install Lenel, Milestone, etc. and put it back in reserve as a spare. This would not work without the local admin groups and the partnership with our IT department.
Joshua is right, the best practice is to follow the "principle of least privilege". Make sure they know you understand this.
If you can go to IT and "talk the talk" using the advice in this thread you will get what you need!
Contact me if you would like to compare notes.