To disable SSL v2 and SSL v3 its best to create a Computer based Group Policy settings that applies at the top level of your domain. In GPMC navigate to Computers Configuration > Policies > Administrative Templates > Windows Components > Internet Explore > Internet Control Panel > Advanced Page and then open the policy setting called “Turn off encryption support”.

Once you have the policy open you will notice there is a drop down option that will give you 32 different permutation of having enabled or disabling SSL and TLS.

Generally most sites on the Internet with encryption support TLS 1.0 or later. So the best bet would be to select the option “Use TLS 1.0, TLS 1.1, and TLS 1.2”.

In case you were wondering, yes, this will break any site for your users that only uses SSL v3 or earlier. But its probably best that you don’t use those site as they either don’t care or don’t understand about security.