Zia,
The scoping on the role would allow you to restrict what accounts a user is able to see. A common action i've used on implementations is pre-populating the Custom Fields on the account. Example Custom1 we populate with the OS information. This is helpful not only for scoping rules but also for reporting and reconciliation. From there establish the scoping on your role to the user group that say should only have access to accounts that contain Windows within Custom1.
Yes there is a multi-step approval available within the Task. I believe OOTB its set to single Step Approval. Would recommend making a copy of that task and changing to multistep to establish. then creating a custom role and associating that task with it.