The first tweak I wanted to carry out was to set up a redirect from the root of the default website, the best way of doing this (for a number of reasons) was covered quite nicely by ExchangeGeek, so I wont go into details aside from to say I modified the script to redirect to /exchange rather than /owa, as the linked article covers exchange 2007 and 2010 rather than 2003.
Next, as SSL 2.0 should no longer be considered secure, I wanted to disable it. This can be done manually on a per server basis by modifying the registry settings at HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols, as described in KB187498, but a much better idea is to use Group Policy to ensure all IIS sites comply with the setting automatically. SChannel settings aren't something that show up by default in group policy management, however, someone has created a custom adm file that can be imported and the settings managed from there.
So after loading the group policy management console, on one of the Domain Controllers, I created a new Group Policy named SChannel GPO.
After clicking on edit, you can then right-click the Administrative Templates node and choose Add/Remove templates.
SSL tester at ssllabs.com. There are quite a few sites out there that will perform SSL tests, but this seems to be one of the more comprehensive.
The first run (at least the part I was interested in) came back as follows;