I've solved this issue with two possible methods for my Plesk installation using PHP 5.2.x... maybe more workarounds than real solutions..
Maybe a little foreword first:
the first solution is from my point of view not a really good one because it gives modify permissions into a folder within the system directories. To be honestly, to use C:\Windows\Temp folder to save temporary (upload) files from any web connections is a bad idea, even if everything is hardened.. One should strictly isolate all the web directories from the system directories. I always use three different partitions on physically separated drives on my web server. The first, the system partition (and hdd's) is strictly for the Windows installation and any other Windows related data.
The second partition (and hdd's) is strictly for program files (like the Plesk installation), and the third partition (and hdd's) is strictly for the domains web-contents...
I'm not a specialist in security hardening, i can just give you a hint from my experiences and from what was working for my installation.
1.)
I've created a new local security group (let's call it "web_anon_auth_php" and added all the "IUSR_<client_account>" (which are used in my case for web anonymous authentications) for all the web-domains which should have the possibility to upload files via PHP. Then I've changed the NTFS permissions on my C:\Windows\Temp folder and added the new created local security group. (one could also use the already existing security group "psacln" which already contains all the anonymous authentication users plus the client-accounts. However i gave the new created group change permissions to the whole Windows\Temp folder.
As the next step I've changed the "upload_tmp_dir" and "session.save_path" = "C:\Windows\Temp" in my php.ini.
As the last step i went into every domain's "Website Scripting and Security" section within the Plesk CP and there in the section "PHP Settings" I've entered the custom value for "open_basedir" by adding the C:\Windows\Temp folder. So at the end this line looks like this: {DOCROOT}\;C:\Windows\Temp
And of course the safe_mode was set to Off.
I've done this for every domain needed and it worked perfect and my PHP sites/scripts could successfully upload again...
2.) in my eyes the better method.
In every domain's root directory (httpdocs) I've created a new folder "tmp". I've changed the NTFS permissions for this folder and added for each domain the "IUSR_<client_account>" from the same domain and gave him modify rights.
Then i went into each domain's Website Scripting and Security" section within the Plesk CP and there in the section "PHP Settings" I've entered the custom value for "session.save_path" and added the relative path from the tmp directory (in my case "E:\Web\vhosts\mydomain.com\httpdocs\tmp" (maybe it also works or would be even better to only use "/tmp").
Next I've entered under "Addiotional configuration directives" the value: "upload_tmp_dir= "E:\Web\vhosts\mydomain.com\httpdocs\tmp" and again safe_mode = Off.
I had to restart my Plesk and IIS Services but then it also worked fine for me.
Maybe it helps for you, too...
Regards