Bootpicker on Leopard seems to be more of a command-line app than GUI. The GUI allows you to make changes, but they are frequently ignored. All functions seem to be exposed for CLI use, though. Until it is totally Leopard compatible, here's the included documentation (only available from within the application).
With the advent of Boot Camp comes the possibility of deploying dual-boot Macs and permitting your end users to choose whichever platform will work best for whatever they'd like to do at the moment. But how do you manage the presentation of this choice? There are a couple concerns to keep in mind:
1) Setting the boot device is an activity restricted to administrative users.
2) Allowing non-administrative users access to this functionality potentially allows them to set the boot device to some external media that they provide (then they can really rape the system).
3) Leaving the machine at the EFI boot picker (hold down the option key at startup), while possible, leaves the previous options open and also leaves the machine in a state in which it cannot be managed or accessed via the network. rEFIt (http://refit.sourceforge.net) allows you to lock down the boot options at startup, however you're still unable to actually manage the machine in this state.
Before developing BootPicker, I came up with a list of requirements that I would insist upon were I to manage a lab of dual-boot Macs:
1) Must work when a firmware password is applied to the machine
2) The boot picker can not interfere with remote administration (e.g. via ARD)
3) The boot picker must allow the administrator to specify explicitly what drives are permitted as boot devices
4) The administrator can disable (remotely) the boot picker at any time
5) When the machine is rebooted, it will always boot to Mac OS X by default and present the boot picker
6) Optionally, the boot picker preferences can be managed via directory services (permits management at scale)
7) Optionally, the boot picker should allow the administrator to provide some guidance to the end user about why they should choose one OS over another
BootPicker satisfies all of these requirements. BootPicker runs on startup immediately prior to LoginWindow. Based upon your configuration, it presents an option to the end user to choose an operating system. Upon choosing that OS, the machine either continues to Mac OS X or reboots to the specified OS. The next time the computer is rebooted, it automatically returns to Mac OS X and the boot picker. Finally, for environments that require management at a large scale, or management while the machines are turned off or booted to a different OS, BootPicker can be managed via a Mac OS X Server Open Directory Master. Got AD? That's OK, you can leverage that as well (see http://www.bombich.com/mactips/activedir.html).
Graphical User Interface Configuration
BootPicker can be configured using the BootPicker preference Pane. At minimum, you must indicate the partition containing your Windows or Linux installation.
BootPicker can be configured locally at each client via a plist preference file or from Workgroup Manager on your Mac OS X Server Directory Service (see http://www.bombich.com/mactips/activedir.html for information on Leveraging Mac OS X Server in an Active Directory environment). Because BootPicker runs before any user is allowed to log in, you must apply BootPicker preferences to a machine group.
Configure BootPicker settings on a particular machine:
At a small scale, BootPicker settings can be applied using the defaults command. At minimum, you must provide the name or device ID of your Windows or Linux partition as well as the "userChoosesBootOS" setting. If a Windows or Linux partition is not specified, BootPicker will exit immediately to the Mac OS X loginwindow.
sudo defaults write /Library/Preferences/com.apple.education.bootpicker windowsPartition "Windows XP"
sudo defaults write /Library/Preferences/com.apple.education.bootpicker windowsPartition "/dev/disk0s3"
To specify the device node of a Linux partition:
sudo defaults write /Library/Preferences/com.apple.education.bootpicker linuxPartition "/dev/disk0s5"
Note that the Windows volume can be specified by name or device node. The Linux volume can only be indicated by device node because it does not generally mount under Mac OS X.
Other preference keys:
To indicate that the user is NOT permitted to choose the boot OS (suppose you want to force booting to Windows or temporarily remove the choice):
sudo defaults write /Library/Preferences/com.apple.education.bootpicker userChoosesBootOS -bool FALSE
sudo defaults write /Library/Preferences/com.apple.education.bootpicker defaultBootOS "Windows"
[Note: To get back to Mac OS X after running the second command, you will need to boot into Single-User mode to delete the /Library/Preferences/com.apple.education.bootpicker.plist file. For a more scalable approach, refer to the "Configure BootPicker settings in Workgroup Manager" section below.]
By default, the additional text below each operating system choice ("justification text") is not present. To make text appear, run the following defaults commands:
sudo defaults write /Library/Preferences/com.apple.education.bootpicker mosxJustification "Mac rules"
sudo defaults write /Library/Preferences/com.apple.education.bootpicker winJustification "PC drools"
sudo defaults write /Library/Preferences/com.apple.education.bootpicker linJustification "Um, Linux"
The OS choice buttons and justification text will be spaced proportionately within the window.
To specify the title of the BootPicker window:
sudo defaults write /Library/Preferences/com.apple.education.bootpicker title "Welcome to Macintosh"
To specify the background picture:
sudo defaults write /Library/Preferences/com.apple.education.bootpicker bgPath "/path/to/image.jpg"
Any image file type supported by the Preview application should work as a background image.
Each command listed above can also be applied using Apple Remote Desktop's Send Unix command. Alternatively, you can make the changes to your local copy of the preference file, then push the file out to your client machines.
Configure BootPicker settings in Workgroup Manager
For centralized management of BootPicker's settings, as well as management control while machines are not booted into Mac OS X, leveraging Apple's Open Directory infrastructure is the way to go. To avoid conflicts with local preference files, be sure to delete the BootPicker preferences stored at /Library/Preferences/com.apple.education.bootpicker.plist on your client machine(s).
1. Launch the Workgroup Manager application in /Applications/Server and log in to your server. You may perform this step at your server or at a remote administration machine.
2. Click on the Machine tab and select a machine group (you may need to create a group first).
3. Click on the “Preferences” button in the toolbar, then click on the "Details" tab.
4. Click on the “Add...” button. Navigate to /Applications/Utilities and choose BootPicker (you may want to copy this to your server rather than installing BootPicker on your server). Click the Add button.
5. Click on the BootPicker item identified by “com.apple.education.bootpicker” and click on the Edit button.
6. Click on the “Always” item and click its disclosure triangle to enable the “New Key” button. Add a new Key.
7. Next to the “New Item” entry is a pop-up button. Click on the arrows to reveal all the preference attributes available within the manifest
8. Choose “Windows Partition Name”. Change the value to the name of your Windows partition.
9. Repeat for each preference key that you wish to set.
Configuring Windows to reboot on logout
Fundamental to the utility of BootPicker is getting a machine to always return to the BootPicker screen when a user is finished using Mac OS X or Windows. Many labs maintain a policy that users must log off of the computer before leaving to protect their data and identity. By enforcing this type of policy, lab managers can leverage this opportunity to reboot Windows to Mac OS X.
To reboot Windows at log off time, do the following:
1. Create a plain text file named "logoff-restart.cmd" with the contents "shutdown -r -f -t 0". Save it to the Desktop (for now).
2. Choose "Run" from the Start menu, type "gpedit.msc" and hit return.
3. Navigate to User Configuration > Windows Settings > Scripts
4. Double-click on the "Logoff" item in the pane on the right.
5. Click the "Add..." button, then click the "Browse" button.
6. Drag the logoff-restart.cmd file into the Browse window. That should copy the file to C:\WINDOWS\system32\Group Policy\User\Scripts\Logoff.
7. Select the logoff-restart file in the browse window and click "Open". Click "OK" to dismiss the "Add a script" window.
8. Click "Apply", then click "OK". Log off to test that the script applied.
Configuring a Macintosh to "Triple Boot" -- Mac OS X, Windows, and Linux
See http://www.twocanoes.com for more information.
To uninstall BootPicker, simply click the "Uninstall BootPicker" button in the BootPicker Preference Pane's Uninstall tab.
How BootPicker "works"
BootPicker is actually an incredibly simple application. By running immediately before the loginwindow process loads, and after the rest of Mac OS X has loaded, BootPicker has the ability to set the boot disk prior to any user is allowed to log in to the machine. To boot into Mac OS X, BootPicker simply exits and allows loginwindow to load. To boot into Windows or Linux, it simply runs the "bless" command with syntax along these lines:
/usr/sbin/bless --device /dev/<devNode> --setBoot --legacy --nextonly
It is important to understand the implication of this simplicity. BootPicker does not participate in the setup required to actually make a Macintosh boot to any particular operating system. In fact, BootPicker doesn't concern itself with the contents of your volumes at all. Consequently, you are responsible for setting up your Mac in such a way that it can boot to your additional partitions given BootPicker's usage of the bless command.
Setting the boot volume of a Mac is an operation that requires administrator privileges. Rather than opening an environment for non-admin users to execute whatever administrative functions they'd like, BootPicker provides a very limited amount of functionality -- it will set the boot disk to one of a set of volumes that you as the system administrator permit. To provide this level of functionality to non-administrative users in a controlled manner, BootPicker runs before loginwindow runs -- before a user is permitted to log in to the machine at all. As such, BootPicker must run as the System Administrator (root) -- only the root user is allowed to connect to the WindowServer prior to login. In general, it is a bad idea to run GUI applications as the root user.