Renaming and disabling AD administrator account is good secure practice, because this account very good target for hackers. Also I would recommend to disable and rename local admins accounts on users workstations and domain servers.
Below you can find my solution for this task. Of course I didn't invent it, just used the best practices.
1. I created new security group in AD, for example "Computer Admins".
2. I added to this group all help desk administrators accounts.
3. I created group policy which added this group to local administrators group on all workstations which have to be managed by help desk administrators.
4. I created group policy for disabling and renaming local administrator account on all workstations which have to be managed by help desk administrators.
And what do I have in summary?
Help desk administrators manage workstations by their domain accounts. All local administrator accounts are disabled. If workstation doesn't have access do DC, help desk can simple restarts it in Safe Mode and log on as local administrator (this account automatically unlocks when you start windows in safe mode).
Be careful with "Restricted Groups", group policy, which used for adding "Computer Admins" accounts to Local Admins group. All members of local group will be replaced by accounts which you defined in group policy.
Microsoft Tech Net Article: http://technet.microsoft.com/en-us/library/cc747353%28WS.10%29.aspx