Add AD group to all PWA project sites with Read Only permission using PowerShell

My customer wanted to be able to provide his Portfolio Managers with read only access to all project sites in PWA.  Because an AD group for Portfolio Managers already exists, we can use that AD group in the script and add it to all project sites under PWA with Read Only permission.  Credit to Gerald Parish for helping me with the code.

As always, test this code in your test environment.

Review the disclaimer above.  Remove or comment out the "Exit" in order to be able to run the script.
Go to the last line of this PowerShell script file. 
In that line, change the -site value to the PWA URL. 
Also, change the -newuser value to be the AD username or group that you want to provide Read Only permissions for.

For example,...
 AddReadOnlyUsers -site -newuser "contoso\Financial Applications Group"
 AddReadOnlyUsers -site -newuser "yourdomain\Financial Applications Group"

Run this entire script from the SharePoint 2010 Management Shell. 
The log file will be created in the same directory you run the .ps1 from.

Function Local:AddReadOnlyUsers


$global:Logfile = ".\" +[Datetime]::Now.ToString("MMddyyyy_hhmmss_tt") + "_User_log.txt"
try {Start-Transcript -Path $Logfile -ErrorAction Stop } Catch { $Error[0] }

$permLevel = "Read"
$SiteCollection = get-spsite $Site
$AllWebs = $SiteCollection.AllWebs
foreach ($webSite in $AllWebs) {
   Write-Host -NoNewline "($webSite.url) Adding $($NewUser)..."
   $oNewuser = $webSite.EnsureUser($NewUser)  
   if ($oNewuser -ne $null) {
      Write-Host -ForegroundColor Green "Complete"
      Write-Host -NoNewline "Granting $($permLevel) to $($NewUser)... "
      $roleDef = $webSite.RoleDefinitions[$permLevel]
      $RoleAss = New-Object Microsoft.SharePoint.SPRoleAssignment($oNewuser)
      Write-Host "Complete"
   else { Write-Host -ForegroundColor red "Error"; exit}


