Re: default systems accounts
I suppose you could do that, though it might be less instrusive if you simply locked the non-user accounts, rather than changing their configuration. If you look at the /etc/shadow file you will see each account has a password field with a * or a ! or a long hashed password. Accounts with a * or a ! can't be logged into in the normal sense. This means even though they do not have a password, a person can't try to guess a password and login. Making sure your system accounts are locked in this fashion is probably less work than changing all the shell entries. In fact, I believe Ubuntu locks these system accounts by default.
Check /etc/shadow and look at the man page for shadow "man shadow" for more information.
Re: default systems accounts
Thank you. You are indeed correct, I completely forgot about the shadow file.