Best practice for systems running IIS, part of Hardening IIS:

Manual verification

Ensure the following key does not exist:

REG QUERY "HKLM\ System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0"

Or the following key is set to 0

REG QUERY "HKLM\ System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" /v "Enabled

Implement Recommended Configuration

Set registry key

REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" /f /v "Enabled"  /t REG_DWORD /d 0x0

Use IIS Crypto

IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012 and 2016. It also lets you reorder SSL/TLS cipher suites offered by IIS, implement best practices with a single click, create custom templates and test your website.

Nessus audit file check

<custom_item>
 type : REGISTRY_SETTING
 description: "IIS800025:Use Only Strong Encryption Protocols, Disable SSL 2.0 - 'HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server\Enabled set to 0"
 value_type : POLICY_DWORD
 reg_key : "HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server"
 reg_item : "Enabled"
 value_data : 0
 reg_option : CAN_BE_NULL
</custom_item>

References:

• Supported Cipher Suites and Protocols in the Schannel SSP
• Differences in the Schannel SSP by Operating System Version
• Cipher Suites in TLS/SSL (Schannel SSP)
• Transport Layer Protection Cheat Sheet