Although there is a GPO "Store BitLocker Recovery information in Active Directory Domain Services", this will not work for Windows 7. For Windows 7, the policy should be configured under the Operating System Drive, Fixed Data Drive, and Removable Data Drive nodes.
Also, some of the options to specify a PIN+TPM policy are not so easy to understand, so I will post what I have learned from my own experiences.
For a TPM+PIN policy, the following options should be selected:
Configure TPM Startup: Do Not Allow TPM Configure TPM startup PIN: Require startup PIN with TPM Configure TPM startup key: Do not Allow Configure TPM startup key and PIN: Do not Allow
Addition: To store the BitLocker recovery information in the computer account in the ADS you need to delegate the necessary right to the OU the computers are in. Please refer to this article: http://blogs.technet.com/b/askcore/archive/2010/03/30/access-denied-error-0x80070005-message-when-initializing-tpm-for-bitlocker.aspx
Carsten Siemens edited Revision 7. Comment: Fixed typo and added tag: has comments
Jiří Janata edited Original. Comment: mistyped character
useful, thanks