Identify and disable weak cipher suites

Figuring out which cipher suites to remove can be very difficult. For Windows, I've used the free IIS Crypto tool in the past:

IIS Crypto is a free tool that gives administrators the ability to enable or disable
protocols, ciphers, hashes and key exchange algorithms on Windows Server 2003, 2008
and 2012. It also lets you reorder SSL/TLS cipher suites offered by IIS, implement
best practices with a single click and test your website.

This not only leverages someone's expert knowledge as far as which algorithms are more or less secure, but also takes the pain of figuring out how to actually implement the change in Windows away (hint: it's a bunch of registry entries).