Unless you have a specific reason for not doing so (i.e. you need to support legacy clients), it may be best to enable the highest possible version of TLS (i.e. TLSv1.2), and disable everything else (and certainly make sure you disable both SSLv2 and SSLv3).
You probably also want to tune (if you can) the specific ciphers you use. I couldn't find anything specific for Windows, but Mozilla's Server Side TLS might be of some use.
They notably recommend using the following ciphers:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
They also recommend using TLSv1.2, and ensuring you use RSA keys that are at least 2048 bits.