COM ShDocVw.ShellWindows security problem

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

I've got a PHP server side script (PHP 5.1 / Apache 2.0.53 / Win XP
Pro, SP 2 / administrator and sole user of machine) which I'd like to
have do either one of the following two things:

$ie=new COM("InternetExplorer.Application");
// next line should show a new copy of IE, but in
$ie->visible = true;          // server side code has no effect

OR (preferred)

$ws=new COM("WScript.Shell");
$sh=new COM("Shell.Application");
$ws->Popup ("About to test", 4, "Server side popup", 131120);
$shW=$sh->Windows;                // dies
$ws->Popup ("I'm still alive - not", 4, "Server side popup", 131120);

CLI php.exe / php-win.exe have no problem with the code.  It seems
pretty clear that it's a security or permissions thing, but it's not
clear to me whether it's PHP or Apache or something else.  My setup is
pretty vanilla - just took PHP out of the box and started using it, no
ini changes needed.  Apache configuration has mostly been just to have
a few virtual hosts.  Any ideas where to start on this, like what
settings need to be changed where?

Csaba Gabor from Vienna

PS.  The title of the post is because ShDocVw.ShellWindows is the same
as $sh->Windows (only the former doesn't have a progId, just a GUID).

Site Timeline