From the sounds of it, I’m thinking you plan to install Duplicati on users workstations to backup the users local data to an S3 account that you don’t want users to see? So long as you define the jobs and users don’t need to modify them you should be good with the following.
-First off, no tray icon. Out of sight, out of mind. With that also remove all the Start/Desktop menu entries.
-Second, you’re already running as a service which is great but be sure to move the config files from the default location, otherwise your config can get wiped out following certain Windows updates. See this thread for further details.
-Thirdly, remove any user permissions from the Duplicati folders. The service should still be able to access anything it needs and when logged in as an admin everything should be normal. User should get an Access Denied or a click continue to get permission followed by an elevation prompt when trying to access anything within those folders.
Once removed users won’t be able to access C:\Program Files\Duplicati 2. This prevents them from seeing or copying anything directly out of that folder but (and it’s a big but), they can still get to everything via the webGUI (because it’s running as a service). The only thing you can then do then is enable the --webservice-password or find another way to prevent users from accessing localhost:8200, maybe a firewall.
If suppose you could just use defined CLI jobs (stored in a folder users can’t access), scheduled by something else like Task Scheduler maybe.
If this is a file server vs local workstation then user access to the local Duplicati files shouldn’t be an issue (i.e. no need to change file permissions), just specify the --webservice-interface=loopback on the service to keep webGUI access to those who can login locally, presumably only the admins.
With all that said, Duplicati is still in Beta and far from hardened for these sorts of usages so test, test and test some more.
Hope this helps a bit.