BitLocker GPOs in Windows 7

Although there is a GPO "Store BitLocker Recovery information in Active Directory Domain Services", this will not work for Windows 7.
For Windows 7, the policy should be configured under the Operating System Drive, Fixed Data Drive, and Removable Data Drive nodes.

Also, some of the options to specify a PIN+TPM policy are not so easy to understand, so I will post what I have learned from my own experiences.

For a TPM+PIN policy, the following options should be selected:

Configure TPM Startup: *Do Not Allow TPM
*Configure TPM startup PIN: *Require startup PIN with TPM
*Configure TPM startup key: *Do not Allow
*Configure TPM startup key and PIN: Do not Allow

*Addition:
To store the BitLocker recovery information in the computer account in the ADS you need to delegate the necessary right to the OU the computers are in.
Please refer to this article:
http://blogs.technet.com/b/askcore/archive/2010/03/30/access-denied-error-0x80070005-message-when-initializing-tpm-for-bitlocker.aspx
*

You can use Microsoft BitLocker Administration and Monitoring (MBAM) to generate reports and manage the encryption keys of your clients: https://technet.microsoft.com/en-us/windows/hh826072.aspx