The recommended store for BitLocker recovery keys is ActiveDirectory since it holds other sensitive information as well. Plus, you get the advantages of AD as well (for example, that the recovery key is replicated across the domain controllers so it is viewable as long as at least one DC is alive).

General information how to enable can be found on TechNet.

Are you using Microsoft Deployment Toolkit (MDT) to deploy Windows 7? If so, you can easily set BitLocker encryption using the GUI – see this blog post for details.

Sometimes it can happen that your AD has not the correct permissions for the computer to update the recovery key, which means the automatic rollout fails. A step by step guide to resolve this can be found here. Note: If this happens, you only need to set it once and then never bother with it again.