1 - With sudo passwd -n <MIN> <username>
you can lock the <username> password for <MIN> days (<username> is the login-name of the user). To be sure users cannot change password you can use sudo passwd -n 10 -x 1 <username>
since if tha minimum (-n) is greater than the maximum (-x) the user cannot change the password.
2 - you can do it with sudo passwd <username>
(<username> is the login-name of the user)
3 - adding that line you allws User
to use duso and run all commands.
4 - visiblepw is set OFF by default. Read this about visiblepw