Small Business NAS Setup Guide

By the Need to Know IT Team · Last updated 25 March 2026

How to set up a NAS for a small business. Configuring Windows SMB shares, user accounts, group permissions, backup, and remote access for a 5-20 person workgroup environment.

NASsmall businessSMBSynologyQNAP

A NAS is the most cost-effective centralised storage solution for a small business. It provides shared file storage, workstation backup, remote access, and data redundancy for 5-50 users at a fraction of the cost of a Windows Server deployment. This guide covers setting up a NAS for business use from scratch: network configuration, shared folder structure, user accounts and group permissions, Windows SMB drive mapping for workstations, Time Machine backup for Macs, and remote access for staff working from home. Both Synology DSM and QNAP QTS are covered where configuration differs.

ⓘ

In short: Assign the NAS a static IP → create shared folders for each department or project → create user groups and individual user accounts → assign groups to folders with appropriate permissions → map drives on Windows workstations via Group Policy or login script → configure Hyper Backup or Hybrid Backup Sync for daily offsite backup. A basic SMB setup for 10 users takes 2-3 hours to configure correctly.

Step 1: Network Configuration

Before configuring the NAS, establish stable network addressing:

Assign a static IP to the NAS. On your router/DHCP server, create a DHCP reservation for the NAS MAC address so it always receives the same IP. Alternatively, set a static IP in the NAS network settings (e.g. 192.168.1.10). A static IP ensures mapped drives and backup jobs always reach the NAS
Set a hostname. Give the NAS a meaningful name (e.g. FILESERVER). This hostname is used in UNC paths: \\FILESERVER\Finance. On Synology: Control Panel → Info Center → Server Name. On QNAP: Control Panel → System → General Settings
Create a DNS entry if your network has a DNS server (router-based or Windows Server DNS). Map the chosen hostname to the NAS IP so clients can reach it by name
Configure network bonding if you have a 2.5GbE or 10GbE switch and the NAS supports it. For most SMB environments with 1GbE networking, bonding two 1GbE ports provides failover without adding throughput for individual connections

Step 2: Storage Pool and Shared Folder Structure

Design your shared folder structure before creating folders. It is harder to reorganise later.

Recommended structure for a small business:

Company. Read access for all staff, read/write for management. General company documents, templates, policies
Finance. Read/write for Finance team only, read for management
Projects. Subfolder per project, permissions managed per project team
HR. Restricted to HR and management only
IT. IT admin only
Staff. Personal folder per user, accessible only by that user and IT admin
Backups. Where workstation backups are stored. Restricted to IT admin (users should not modify their own backups)

Create each shared folder in the NAS control panel. On Synology: Control Panel → Shared Folder. On QNAP: File Station → Create New Shared Folder. Enable the recycle bin on each shared folder. This catches accidental deletions and is the most common immediate-recovery scenario in small business environments.

Step 3: User Accounts and Groups

Create user groups for each permission category, then assign users to groups. Do not assign permissions directly to individual users. This makes future permission management far simpler.

Example groups: staff (all employees), finance (finance team), management (managers and directors), it-admin (IT administrators).

On Synology: Control Panel → Group → Create. On QNAP: Users → Groups → Create.

Create user accounts for each employee. Assign each user to the appropriate group(s). A finance employee might be in both staff and finance.

Then assign group permissions to each shared folder:

Company → staff: Read, management: Read/Write
Finance → finance: Read/Write, management: Read/Write, staff: No Access
HR → hr: Read/Write, management: Read/Write (no access for other groups)

For environments with an existing Active Directory domain, join the NAS to the domain and use AD groups instead of local NAS groups. See the Windows file server migration guide for domain join steps.

Step 4: Map Drives on Windows Workstations

Windows workstations access NAS shares via mapped network drives. Options for deploying drive mappings:

Group Policy (domain environments): Computer/User Configuration → Preferences → Windows Settings → Drive Maps. Create a mapped drive per share, targeting the UNC path. Apply to the appropriate AD group (e.g. Finance drive map applies only to the Finance security group). Users receive drive mappings automatically at logon.

Login script (workgroup environments): Create a logon.bat or PowerShell script run at user login:

net use F: \\FILESERVER\Finance /persistent:yes
net use G: \\FILESERVER\Company /persistent:yes

Manual setup: For small teams, configure drive mappings manually on each PC: File Explorer → This PC → Map Network Drive. Enter the UNC path, check Reconnect at sign-in, use credentials if prompted. Takes 2-3 minutes per PC.

Step 5: Configure Workstation Backup

Back up workstations to the NAS to protect against PC hardware failure and accidental deletion:

Synology Active Backup for Business (recommended for Synology NAS): Agentless backup of Windows PCs. Discovers and backs up machines on the network without installing software on each PC. Set up under Active Backup for Business in the Package Center. Backs up to the Backups shared folder.

QNAP NetBak Replicator: Requires installing a client on each Windows PC. Creates scheduled backup to a QNAP share.

Windows Backup / File History: Configure Windows File History on each PC to back up to a network share on the NAS. Less centralised than Active Backup for Business but works without additional software.

Mac Time Machine: Create a shared folder on the NAS with Time Machine support enabled (both Synology and QNAP support this). Macs discover the NAS as a Time Machine destination automatically.

Step 6: Remote Access for Staff

Staff working from home need secure access to NAS files. Options from most to least recommended:

VPN to office network: Most secure. Staff VPN to the office network (pfSense, OpenVPN, WireGuard on a router), then access the NAS at its internal IP as if in the office. No NAS ports need to be internet-exposed. Requires a VPN-capable router or firewall at the office. This is the recommended approach for business environments
Synology QuickConnect / QNAP myQNAPcloud: Relay-based remote access. Works with no port forwarding. Lower performance than direct VPN. Suitable for occasional access to small files
SMB over HTTPS (WebDAV): Both platforms support WebDAV. A file access protocol that works over HTTPS port 443. Less intuitive than mapped drives but works through most firewalls and corporate proxy configurations

🇦🇺 Australian Buyers: NAS Recommendations for Small Business

Recommended NAS for 5-20 user small business (March 2026 AU pricing):

Synology DS423+ (~$980): The most common SMB NAS deployment in Australia. Active Backup for Business, DSM's mature AD integration, and Hyper Backup for offsite. Intel Celeron J4125 handles 10-20 simultaneous users comfortably. 3-year warranty, local Synology AU support
Synology DS923+ (~$980): AMD Ryzen R1600. Better multi-core performance for larger user counts (20-30 simultaneous) or file-intensive workflows (design, engineering files)
QNAP TS-464 (~$989): Good for environments wanting hardware expansion options (PCIe 10GbE). QTS AD integration is mature. Hybrid Backup Sync covers cloud backup needs

Budget for NAS drives separately: 2 × 4TB NAS drives (WD Red Plus or Seagate IronWolf) add approximately $240-320 AUD. Factor in UPS protection. A power event during a write can corrupt NAS data. A basic UPS ($150-250 AUD) is worth including in the total cost.

See the best NAS Australia guide and the UPS Sizing Calculator for hardware planning.

Related reading: our NAS explainer.

How many users can a small business NAS support simultaneously?

An Intel Celeron-based NAS (Synology DS423+, QNAP TS-464) comfortably handles 15-25 simultaneous SMB users for typical office workloads (reading and writing documents, small to medium files). For 30+ simultaneous users or workflows with very large files (video editing, CAD), a more powerful CPU (AMD Ryzen-based models like DS923+) and 10GbE networking become relevant. For most 5-20 person offices, the ~$980 Intel Celeron models are more than sufficient.

Do I need a Windows Server if I have a NAS?

For file sharing, backup, and basic remote access: no. A NAS replaces Windows Server's file server role at much lower cost and complexity. What still requires a Windows Server (or equivalent): Active Directory domain services (though NAS can join an existing AD, it cannot host AD), DNS and DHCP servers (router can handle these for small sites), application servers (SQL Server, IIS, line-of-business apps). For a small business that currently uses Windows Server only as a file server, replacing it with a NAS is a well-established approach that reduces licence costs, power consumption, and management overhead.

What RAID level should a small business NAS use?

RAID 5 for 4-bay configurations (1 drive of parity, survives 1 failure), RAID 6 for 5+ bays where double fault tolerance is required. For a 2-bay NAS, RAID 1 is the only redundant option. RAID 5 is the standard recommendation for most 4-bay SMB deployments: you retain 75% of raw capacity (3 drives of 4 usable) with single-drive failure protection. Combine RAID with regular offsite backup. RAID does not replace backup.

How do I restrict staff from seeing folders they shouldn't access?

Using the Windows Access Based Enumeration (ABE) feature on NAS SMB shares. With ABE enabled, users only see folders they have permission to access. HR folders don't appear in File Explorer for non-HR staff. Enable ABE on individual shared folders (Synology: Shared Folder properties → Advanced → Enable Windows ACL; QNAP: similar option in share settings). Additionally, configure the NAS group permissions so non-permitted groups have No Access (not Read). No Access hides the folder entirely from the user's view.

Methodology (Real-World, AU-Verified)

Need to Know IT is an independent resource focused on storage and infrastructure decisions. Recommendations are based on official specifications, vendor documentation, and real-world deployment considerations, including availability, warranty, connectivity, and running costs.

Where relevant, guidance is grounded in Australian conditions and pricing, while remaining applicable to global audiences. Our tools and calculators are designed to reflect real-world usage scenarios, not theoretical maximums.

Updates & corrections: Content is reviewed and updated as products change. If you spot an error, contact the editorial team and we'll investigate and correct it.

Is a NAS secure enough for business data?

Yes, with correct configuration. Key security practices: (1) Do not expose the NAS admin interface directly to the internet. Access via VPN only. (2) Keep DSM/QTS updated. Both vendors issue security patches regularly. (3) Disable unused services (SFTP, FTP, Telnet). (4) Enable two-factor authentication on admin accounts. (5) Use a dedicated NAS admin account separate from your daily-use account. (6) Enable login failure lockout. A correctly configured NAS is more secure than many Windows Server deployments and appropriate for SMB data storage including financially sensitive documents.

Calculating how much NAS storage your business needs based on user count, file types, and growth rate? The NAS Sizing Wizard provides a tailored storage estimate.

NAS Sizing Wizard →