What command-line steps are needed to enable remote desktop on a Windows system from a penetration testing perspective?

First, check the current state with `REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections`. If disabled (value 1), enable it via `REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f`. Also add a firewall rule: `netsh advfirewall firewall add rule name="Remote Desktop" protocol=TCP dir=in localport=3389 action=allow`. For multi-user support on non-server systems, additional techniques like mimikatz or tscon may be needed.