Ken,
Something to note about automated security scans (Retina, Nessus etc) is that they can give false-positives. The results of such scans still need to be interpreted by someone who understands the system's configuration, the impact of potential vulnerabilities and what compensating controls might be in place that mitigate the threat.
In terms of disabling weak ciphers and otherwise bolstering the security of the various services on the Solaris box, we need to know what it's actually running. Is your Solaris machine actually a Samba server which presents file shares to the XP systems, or acting as a client to a fileshare on an XP machine? Perhaps your Solaris machine is also a Web server? If you don't know what is running on your Solaris systems or how to find this out, I strongly recommend reading the Oracle Solaris 10 System Administrator Collection manuals which are part of the
Solaris 10 Documentation.
Regarding Putty, I'll make an assumption here that you're connecting to the Solaris box via SSH, rather than Telnet or serial console. To better secure SSH, require public-key authentication and disallow remote logins from root. You *can* specify the ciphers in Protocol v2 sshd configs, but I would leave it well enough alone. Moving the SSH service from 22/tcp to something else (e.g. 3344/tcp) won't make you more secure, but should keep your auth logs quieter from attempted logins/automated scans if this box has its interface on a public network.
Nick