Depending on your organization’s security policy, you may have the need to make a partition read-only. I have been working on a solution for the last 4 weeks to implement Windows RE into the build process with MDT 2010. Because of security requirements, this drives needs to be marked as read-only.
In MDT 2010 Task Sequence, you can do this by configuring two command lines during State Restore.
Task Sequence steps were created to run CACLS command line to make R: drive Read-Only for “Authenticated Users”.
ECHO Y| CACLS R:\ /S:O:BAG:SYD:PAI(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)
cacls R: /E /R “Authenticated Users”