Code Signing Certificate for all admins - Best Practices?

Hi all

I'm sorry if this is posted in the wrong section. I had my doubts about which section to use.

We've decided that we want to change our script execution policy to AllSigned. With this in mind, I followed these guides:

http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/16/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-1-of-2.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/17/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-2-of-2.aspx

However I'm unsure how this works for all our admins. Will this mean that every admin will have to request his own personal certificate and we will have to distribute all the personal certificates to all servers through GPOs?

Do people normally use a service account to avoid multiple certificates? Can you somehow issue 1 certificate to the entire admin group for Code Signing? Or can you just distribute the Code Signing template to all servers in "Trusted Publishers" and get all issued certificates validated this way?

Thanks for any help you can provide :-)