We have a requirement that includes a group with list-only security permisions to data folders. As far as I remember, this was a requirement for auditing purpose. Anyhow, I could never find out how to do this using xcacls.exe, but with powershell you can.
$acl = Get-Acl c:\temp\test
$arguments = “domain\groupname”,”ReadAndExecute”, “ContainerInherit”, “None”, “Allow”
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $arguments
$acl | Set-Acl c:\temp\test