I am trying to setup an AD domain and I have certain users that need some "power" privileges for installing software on their own machine (and on their own machine only).
I am thinking about creating a users group called Power Users, add the users I want to be eligible, but I am missing how to apply this only on their own computers.
I don't want that they are local Administrators, when they are loggin on other users computers.
For this scenario I would recommend you implement the free Microsoft Local Administrator Password Solution (LAPS).
The key benefit would be having the password of your SID-500 local administrator account (or another local account of your choosing) managed and synched with Active Directory. Some recommend you deploy policy to disable the SID-500 account and use a GPO preference to create a new local admin user and let LAPS manage that password.
You can then decide how you want to allow users to access this password. They can call up a helpdesk to receive it when needed or you can give their user account read access to the LAPS password attribute on their assigned AD computer object. With the latter you could even write a small script that retrieves the password and elevates a shell for the user.
You would want to implement a user rights assignment policy to deny local administrator accounts access over the network to ensure this cannot be abused over the network. It ensures local admin accounts can only be used at the console. You should be doing all remote administration using a privileged domain account. There's a whole other discussion on auditing and change control for LAPS account usage, but LAPS seems to be the most secure way to give out local admin access and have the password updated automatically and securely.
I have found the easiest alternative way to achieve this configuration on a domain network.