PSADT used to be a great option until script signatures became a requirement. Now .bats are easier. Any tips to make this tool useful again?
While PSADT Exes and DLLs and some PowerShell scripts are signed, you do not need to sign your Invoke-AppDeployToolkit.ps1
If you do, it's a problem on your end.
I guess that is why I came here searching for answers. I can get the PSADT system to function as intended but any change made to invoke-adt.ps1 during testing requires a new signature. The testing is ran through vscode elevated to psexec -s -i and the .ps1 file is executed in the psv7 terminal with an /install switch. It was even tested as a package built using the MP program, non licensed version, and both the invoke.ps1 and the extension .psm1 file required a signature for the invoke.ps1 to complete successfully. Feel free to argue differently but I can only imagine that is why MP puts that function behind a "pay wall." If that is true then understandably so, maybe it is not the easiest thing to code.
I am unsure why you need to make modifications to invoke-adt.ps1 ?
It sounds like you need to thoroughy review the guidance on creating a new PSADT 4.x deployment:
I'd specifically recommend reviewing the Template Structure section of the page
I agree. Thanks for the link i will review it and return here with further questions if needed.
@Adrian_Scott I appreciate this link but it only seemed to lay out the folder structure and I understand how all that all works. My environment has a Machine policy for "all signed" I still need to sign any .ps1 files unless the scripts are run in an interactive PS session. Please share your experiences and why you would think the .ps1 files would not need to be signed?
This means you will need to get a public and a private certificate (aka "cert").
With an "All Signed" Machine policy for PowerShell scripts, all your Invoke-AppDeployToolkit.ps1 script will need to be signed with a Private cert that is able to sign scripts.
And all your machines will need to have public certificate installed so that your Invoke-AppDeployToolkit.ps1 script can be verified it was signed by its Private cert. How the Public cert gets to all your machines might involve getting it from a Certificate Authority server (aka "CA").
You will have to contact your security people, who have made script signing a requirement, as to how to proceed and to obtain your private script signing certificate.
As for PSADT's signed code and scripts, I'm not sure if you need to import that PSAppDeployToolkit.cer file in the \PSAppDeployToolkit\ folder or not.
Ok thank you for answering my question. There is no way around it , naturally since it is security related, and Patch my PC hasn't put in any options to address it. We are familiar with how to sign all scripts, like I said we can get the PSADT to function as needed after all the needed .ps1 files are signed. The reason we would need to make changes to the invoke.ps1 script would include adding install parameters, new post install task and so on and so forth each time requiring a new signature. I am trying to come up with a system that just calls to plain text file and .xml config for all the changes that would typically be added manually to the invoke.ps1 and would prevent the need of new script signatures everytime.
At one place I worked at, I created a right-click with a reg file and cert to sign our PowerShell files.
We had to right-click on all our files manually. 
If you use VsCode as your PowerShell editor, you might be able to sign them on the fly via different methods: vscode script signing at DuckDuckGo
I'll check it out thanks. Has to be a way to automate the script signing then if Master Packager figured out how to script it into their packaging program. Till then .bats are just easier
I think the problem is that you've started this thread insinuating that we at PSAppDeployToolkit require all code be signed and it was only in the middle of the thread that you mentioned that it's because your environment is an AllSigned environment.
Doing stuff via batch files might work today, until your security team disables cmd.exe once they've cottoned onto what you're doing. It's not a solution, its merely a workaround for the time being.
There's definitely things like VSCode extensions to assist in signing, but you should be developing on a VM that you control, getting the script and process correct, then signing it once at the end when it's complete. It sounds like you're developing in a prod environment and that's not the right approach.
I appreciate the info.
We know PSADT is not responsible for signature requirement. I started this post because i wanted to see if any developments in recent releases addressed the growing security need for code signing in Enterprises and the impact it would make on this tool. We use .bat files based on recommendation. No circumventing
All test are being developed in a sandbox and tested with "prod-like" machine.