For those apps that don't actually check for Admin rights, normally all that is required is to open up the relevant parts of the registry (usually HKLM\Software and below, and possibly HKCR and below) and the directory structure (C:\, C:\Program Files, %systemroot%). I'm not sure I like the idea of this though ;-)

All of this can be done via GPOs, but if you are using GPOs and want to give the users flexibility you should consider publishing the applications as either MSIs or ZAPs. At least you then have an idea what they can install as you published it.