You can enable pinging on an individual basis
ie
access-list (interface_name) permit icmp (clientaddress) host any
If it's just ping you can nail it down with
access-list (interface_name) permit icmp (clientaddress) host any eq echo-reply
access-list (interface_name) permit icmp (clientaddress) host any eq time-exceeded
access-list (interface_name) permit icmp (clientaddress) host any unreachable.
It would be to easy to copy ping back onto their PC's. Doing it with the firewall will save a lot of time and hassle.