经过几天的调试找到了解决方案

$hostname = "Host"

#extreact domain information
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()            
$root = $dom.GetDirectoryEntry()            
          
#search through ldap the indomain as set before   
$search = [System.DirectoryServices.DirectorySearcher]$root            
$search.Filter = "(Name=$hostname)"            
$search.SizeLimit = 3000            
$result = $search.FindOne()            
 
#set security object 
$object = $result.GetDirectoryEntry()                      
$sec = $object.ObjectSecurity            
            
## set the rights and control type to a generic write            
$act = [System.Security.AccessControl.AccessControlType]::Allow        
$adrights = [System.DirectoryServices.ActiveDirectoryRights]::GenericWrite            
            
# set the sid of the 'Everyone' security group                       
$everyone = New-Object Security.Principal.SecurityIdentifier ([Security.Principal.WellKnownSidType]::WorldSid, $null)
$sec.SetGroup($everyone)
$sid = $everyone      

# apply rule            
$newrule = New-Object -TypeName System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList ($sid), $adrights, $act          
$sec.AddAccessRule($newrule)            
$object.CommitChanges()