A. The best way to give granular management to specific users for machines at specific locations is to create collections that contain the machines at that location and use SCCM Security Rights to grant local administrators management rights over specific collection instances. This will give them full control over the machines in the collection without rights over any other machines.

You can create the collections using direct membership rules, where you just place the computers into the collection. You can also use a dynamic collection based on rules, such as IP subnet or Active Directory sites, to automatically place machines into the right collection.