Multisite Role Management

I’m trying to find a way to manage user roles and capabilities from the network admin dashboard and have it affect all users network wide. I’d also like to remove a few of the default capabilities from the existing administrator role.

Any plugins you would recommend?

Or, here’s another question, can I change the default role of new users on their own site? So when someone registers and gets a site, they will by default not be the admin, but a custom role? Is that possible somehow?

Thanks!