you could use your own customizations, where you simply remove the button for all users:
Just have a look at the webportalTemplate.default folder. This one contains the default WebPortal design. Rename it to webportalTemplate and open knime_template_header.html and remove the line
<li class="icon" location="knime-settings-button"</li>
This should hide the settings button for everyone. So now only the admin should be able to change the passwords of users.
Make sure to create a backup of the whole directory so that you can restore any unwanted changes.