Add everyone read-only ACE to target path.

ro.ps1

# Add everyone read-only ACE to target path.
# Doc: https://technet.microsoft.com/en-us/library/ff730951.aspx

function Add-ReadOnlyACE([string]$path)
{
    if (-not (Test-Path $path)) { return }
    # Create additionnal ACE.
    $colRights = [System.Security.AccessControl.FileSystemRights]"AppendData, ChangePermissions, CreateDirectories, CreateFiles, Delete, DeleteSubdirectoriesAndFiles, Write"
    $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
    $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
    $objType =[System.Security.AccessControl.AccessControlType]::Deny
    $objUser = New-Object System.Security.Principal.NTAccount("Everyone")
    
    $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
        ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType) 
    
    # Get then add ACE.
    $objACL = Get-Acl $path
    $objACL.AddAccessRule($objACE) 
    Set-Acl $path -AclObject $objACL
}

Add-ReadOnlyACE "C:\test"