A while back I created the SCHANNEL.ADM administrative template to allow SCHANNEL ciphers and protocols to be configured in a GPO and pushed out to all servers in a domain. Basically, in any Windows Server version before 2008, the SSL 2.0 protocol was enabled, and so were a bunch of weak ciphers, like 40-bit RC2 or 56-bit DES.
Well, recently one of the sites I manage began failing a HackerSafe test for ciphers and it seems I missed a few ciphers in my template. Why HackerSafe only discovered this now instead of years ago is anybody's guess. It is run by McAfee now, so I wouldn't bet the farm on their audits… But I digress.
I updated the template on my website for download. In addition to having a few more ciphers, I also put in the description "(Recommend Disabled)" next to all the weak ciphers.
Remember that these values are not fully managed policy entries and if you delete your GPO, the affected server will not automatically revert to default values – you will be left to clean up the registry.
More information on enabling/disabling protocols and cipher in Windows can be found here: http://support.microsoft.com/kb/245030
Download SCHANNEL.ADM here.