I don't know specifically what standard Windows uses but access mechanisms that rely on a password generally use a one-way hash.
A simplified explanation without the maths and other security features:
When you create/change a password the system takes the clear text and uses an algorithm to generate the hash. The algorithm is designed so that it is easy to generate a hash but mathematically and computationally impractical to take the hash and reverse the process. The hash is then stored as your password.
When you subsequently login, the system takes what text you've entered as your password, hashes it again using the same mechanism and compares it to what it stored.
If you forget the password you can either:
a) Read the hash from storage and spend a few years of compute time hoping to reverse the hash.
b) Replace the stored hash with a newly generated one and tell the user what text you used to generate the new hash.