2016-07-14 11:52 AEST by Arthur Barrett - By using dwFlags&=SCH_USE_STRONG_CRYPTO we can avoid the use of weak encryption in 
SSPI/Schannel in the call to AcquireCredentialsHandle().

We have typically avoided specifying the cipher algorithms etc. because the GPO (Group Policy) 
should govern any 'default'/NULL settings.

However there is probably no harm in instructing Schannel to disable known weak cryptographic 
algorithms, cipher suites, and SSL/TLS protocol versions that would only be otherwise enabled for 
better interoperability.

Particularly on the client - doing this on the server could make it much more difficult for old clients to 
connect.