The user account used for SQL Services has to have local admin privileges
Not true - the user account used for SQL Services does not (and should not, in any high security installation) have local admin rights, much less domain admin rights.
The user account does need permissions to a variety of directories for SQL Server files (sometimes it's easier to use
icacls * /reset /t
to reset security on entire subdirectory trees).
There are some Group Policy permissions that are required or recommended; the set I use includes some for proxy users:
User Rights Assignments
Act as part of the operating system
Adjust memory quotas for a process
Bypass traverse checking -- proxy user use, I think
Lock pages in memory -- a subject of some debate
Log on as a service
Perform volume maintenance tasks -- required for instant file initialization
Replace a process level token -- proxy user use, I think