The subject says it all. I am specifically interested in the read-only attribute. As far as I'm aware, security descriptors get propagated by default, but there seems to be no option to propagate the attributes.
Obviously it is possible to write a script to watch a folder and perform this task, but maybe there's a more elegant built-in solution, like a registry setting?