Setting Inheritance and Propagation flags with set-acl and powershell
Here's a table to help find the required flags for different permission combinations.
╔═════════════╦═════════════╦═══════════════════════════════╦════════════════════════╦══════════════════╦═══════════════════════╦═════════════╦═════════════╗ ║ ║ folder only ║ folder, sub-folders and files ║ folder and sub-folders ║ folder and files ║ sub-folders and files ║ sub-folders ║ files ║ ╠═════════════╬═════════════╬═══════════════════════════════╬════════════════════════╬══════════════════╬═══════════════════════╬═════════════╬═════════════╣ ║ Propagation ║ none ║ none ║ none ║ none ║ InheritOnly ║ InheritOnly ║ InheritOnly ║ ║ Inheritance ║ none ║ Container|Object ║ Container ║ Object ║ Container|Object ║ Container ║ Object ║ ╚═════════════╩═════════════╩═══════════════════════════════╩════════════════════════╩══════════════════╩═══════════════════════╩═════════════╩═════════════╝
So, as David said, you'll want
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInheritPropagationFlags.None
I think your answer can be found on this page. From the page:
This Folder, Subfolders and Files:
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit PropagationFlags.None
Just because you're in PowerShell don't forgot about good ol' exes. Sometimes they can provide the easiest solution e.g.:
icacls.exe $folder /grant 'domain\user:(OI)(CI)(M)'